« back to all changes in this revision
Viewing changes to serverguide/po/oc.po
- browse files at revision 261
- compare with another revision
- download diff
- download tarball
- view history from revision 261
- Committer: Doug Smythies
- Date: 2016-01-05 22:55:10 UTC
- Revision ID: dsmythies@telus.net-20160105225510-2eg49ayn1hh6rk19
Updated the po files
- files modified:
- serverguide/po/ace.po
added
removed
serverguide/po/oc.po
7
7
msgstr ""
8
8
"Project-Id-Version: serverguide\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2015-02-26 16:01-0800\n"
10
"POT-Creation-Date: 2015-12-01 09:44-0800\n"
11
11
"PO-Revision-Date: 2014-11-09 18:10+0000\n"
12
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
13
"Language-Team: Occitan (post 1500) <oc@li.org>\n"
14
14
"MIME-Version: 1.0\n"
15
15
"Content-Type: text/plain; charset=UTF-8\n"
16
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2015-03-22 21:34+0000\n"
18
"X-Generator: Launchpad (build 17405)\n"
17
"X-Launchpad-Export-Date: 2016-01-05 22:23+0000\n"
18
"X-Generator: Launchpad (build 17876)\n"
19
19
20
20
#: serverguide/C/web-servers.xml:11(title)
21
21
msgid "Web Servers"
86
86
"for the development and deployment of Web-based applications."
87
87
msgstr ""
88
88
89
#: serverguide/C/windows-networking.xml:81(title) serverguide/C/windows-networking.xml:292(title) serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:690(title) serverguide/C/web-servers.xml:833(title) serverguide/C/web-servers.xml:957(title) serverguide/C/virtualization.xml:61(title) serverguide/C/virtualization.xml:2623(title) serverguide/C/vcs.xml:26(title) serverguide/C/vcs.xml:84(title) serverguide/C/vcs.xml:403(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:234(title) serverguide/C/remote-administration.xml:425(title) serverguide/C/network-config.xml:975(title) serverguide/C/network-config.xml:1089(title) serverguide/C/network-auth.xml:140(title) serverguide/C/network-auth.xml:2800(title) serverguide/C/network-auth.xml:3272(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:490(title) serverguide/C/mail.xml:679(title) serverguide/C/mail.xml:828(title) serverguide/C/mail.xml:1318(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:272(title) serverguide/C/lamp-applications.xml:408(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:933(title) serverguide/C/installation.xml:1214(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:646(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:307(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:596(title)
89
#: serverguide/C/web-servers.xml:51(title) serverguide/C/web-servers.xml:710(title) serverguide/C/web-servers.xml:853(title) serverguide/C/web-servers.xml:976(title) serverguide/C/virtualization.xml:70(title) serverguide/C/virtualization.xml:805(title) serverguide/C/vcs.xml:33(title) serverguide/C/vcs.xml:94(title) serverguide/C/vcs.xml:226(title) serverguide/C/samba.xml:81(title) serverguide/C/samba.xml:292(title) serverguide/C/remote-administration.xml:46(title) serverguide/C/remote-administration.xml:269(title) serverguide/C/remote-administration.xml:465(title) serverguide/C/network-config.xml:973(title) serverguide/C/network-config.xml:1087(title) serverguide/C/network-auth.xml:142(title) serverguide/C/network-auth.xml:2799(title) serverguide/C/network-auth.xml:3271(title) serverguide/C/monitoring.xml:40(title) serverguide/C/monitoring.xml:429(title) serverguide/C/mail.xml:38(title) serverguide/C/mail.xml:548(title) serverguide/C/mail.xml:737(title) serverguide/C/mail.xml:887(title) serverguide/C/mail.xml:1377(title) serverguide/C/lamp-applications.xml:110(title) serverguide/C/lamp-applications.xml:288(title) serverguide/C/lamp-applications.xml:435(title) serverguide/C/lamp-applications.xml:549(title) serverguide/C/installation.xml:11(title) serverguide/C/installation.xml:940(title) serverguide/C/installation.xml:1287(title) serverguide/C/file-server.xml:357(title) serverguide/C/file-server.xml:645(title) serverguide/C/dns.xml:21(title) serverguide/C/databases.xml:37(title) serverguide/C/databases.xml:300(title) serverguide/C/chat.xml:35(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:602(title)
90
90
msgid "Installation"
91
91
msgstr "Installacion"
92
92
104
104
msgid "sudo apt-get install apache2"
105
105
msgstr "sudo apt-get install apache2"
106
106
107
#: serverguide/C/windows-networking.xml:97(title) serverguide/C/windows-networking.xml:309(title) serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:743(title) serverguide/C/web-servers.xml:844(title) serverguide/C/web-servers.xml:984(title) serverguide/C/web-servers.xml:1084(title) serverguide/C/vcs.xml:37(title) serverguide/C/vcs.xml:421(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:254(title) serverguide/C/package-management.xml:400(title) serverguide/C/network-config.xml:997(title) serverguide/C/network-config.xml:1100(title) serverguide/C/network-auth.xml:2887(title) serverguide/C/network-auth.xml:3293(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:499(title) serverguide/C/mail.xml:689(title) serverguide/C/mail.xml:911(title) serverguide/C/mail.xml:1347(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:299(title) serverguide/C/lamp-applications.xml:438(title) serverguide/C/installation.xml:1226(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:672(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:80(title) serverguide/C/databases.xml:323(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:625(title)
107
#: serverguide/C/web-servers.xml:71(title) serverguide/C/web-servers.xml:763(title) serverguide/C/web-servers.xml:864(title) serverguide/C/web-servers.xml:1003(title) serverguide/C/web-servers.xml:1106(title) serverguide/C/vcs.xml:44(title) serverguide/C/vcs.xml:103(title) serverguide/C/samba.xml:97(title) serverguide/C/samba.xml:309(title) serverguide/C/remote-administration.xml:68(title) serverguide/C/remote-administration.xml:289(title) serverguide/C/package-management.xml:417(title) serverguide/C/network-config.xml:995(title) serverguide/C/network-config.xml:1098(title) serverguide/C/network-auth.xml:2886(title) serverguide/C/network-auth.xml:3292(title) serverguide/C/monitoring.xml:185(title) serverguide/C/monitoring.xml:455(title) serverguide/C/mail.xml:557(title) serverguide/C/mail.xml:747(title) serverguide/C/mail.xml:970(title) serverguide/C/mail.xml:1406(title) serverguide/C/lamp-applications.xml:130(title) serverguide/C/lamp-applications.xml:315(title) serverguide/C/lamp-applications.xml:465(title) serverguide/C/lamp-applications.xml:570(title) serverguide/C/installation.xml:1299(title) serverguide/C/file-server.xml:370(title) serverguide/C/file-server.xml:671(title) serverguide/C/dns.xml:37(title) serverguide/C/databases.xml:73(title) serverguide/C/databases.xml:316(title) serverguide/C/clustering.xml:45(title) serverguide/C/chat.xml:55(title) serverguide/C/chat.xml:146(title) serverguide/C/backups.xml:631(title)
108
108
msgid "Configuration"
109
109
msgstr "Configuracion"
110
110
146
146
"<application>apache2</application> is restarted."
147
147
msgstr ""
148
148
149
#: serverguide/C/web-servers.xml:93(para)
149
#: serverguide/C/web-servers.xml:108(para)
150
150
msgid ""
151
151
"<emphasis>envvars:</emphasis> file where Apache2 "
152
152
"<emphasis>environment</emphasis> variables are set."
153
153
msgstr ""
154
154
155
#: serverguide/C/web-servers.xml:106(para)
155
#: serverguide/C/web-servers.xml:113(para)
156
156
msgid ""
157
157
"<emphasis>mods-available:</emphasis> this directory contains configuration "
158
158
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
159
159
"modules will have specific configuration files, however."
160
160
msgstr ""
161
161
162
#: serverguide/C/web-servers.xml:112(para)
162
#: serverguide/C/web-servers.xml:119(para)
163
163
msgid ""
164
164
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
165
165
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
167
167
"<application>apache2</application> is restarted."
168
168
msgstr ""
169
169
170
#: serverguide/C/web-servers.xml:119(para)
170
#: serverguide/C/web-servers.xml:126(para)
171
171
msgid ""
172
172
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
173
173
"TCP ports Apache2 is listening on."
174
174
msgstr ""
175
175
176
#: serverguide/C/web-servers.xml:124(para)
176
#: serverguide/C/web-servers.xml:131(para)
177
177
msgid ""
178
178
"<emphasis>sites-available:</emphasis> this directory has configuration files "
179
179
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
180
180
"to be configured for multiple sites that have separate configurations."
181
181
msgstr ""
182
182
183
#: serverguide/C/web-servers.xml:130(para)
183
#: serverguide/C/web-servers.xml:138(para)
184
184
msgid ""
185
185
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
186
186
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
195
195
"the first few bytes of a file."
196
196
msgstr ""
197
197
198
#: serverguide/C/web-servers.xml:138(para)
198
#: serverguide/C/web-servers.xml:151(para)
199
199
msgid ""
200
200
"In addition, other configuration files may be added using the "
201
201
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
204
204
"recognized by Apache2 when it is started or restarted."
205
205
msgstr ""
206
206
207
#: serverguide/C/web-servers.xml:147(para)
207
#: serverguide/C/web-servers.xml:160(para)
208
208
msgid ""
209
209
"The server also reads a file containing mime document types; the filename is "
210
210
"set by the <emphasis>TypesConfig</emphasis> directive, typically via "
213
213
"by default."
214
214
msgstr ""
215
215
216
#: serverguide/C/web-servers.xml:155(title)
216
#: serverguide/C/web-servers.xml:168(title)
217
217
msgid "Basic Settings"
218
218
msgstr "Reglatges de basa"
219
219
237
237
"<filename>/etc/apache2/sites-available/000-default.conf</filename>."
238
238
msgstr ""
239
239
240
#: serverguide/C/web-servers.xml:177(para)
240
#: serverguide/C/web-servers.xml:190(para)
241
241
msgid ""
242
242
"The directives set for a virtual host only apply to that particular virtual "
243
243
"host. If a directive is set server-wide and not defined within the virtual "
246
246
"virtual host."
247
247
msgstr ""
248
248
249
#: serverguide/C/web-servers.xml:185(para)
249
#: serverguide/C/web-servers.xml:198(para)
250
250
msgid ""
251
251
"If you wish to configure a new virtual host or site, copy that file into the "
252
252
"same directory with a name you choose. For example:"
258
258
"available/mynewsite.conf"
259
259
msgstr ""
260
260
261
#: serverguide/C/web-servers.xml:194(para)
261
#: serverguide/C/web-servers.xml:207(para)
262
262
msgid ""
263
263
"Edit the new file to configure the new site using some of the directives "
264
264
"described below."
265
265
msgstr ""
266
266
267
#: serverguide/C/web-servers.xml:201(para)
267
#: serverguide/C/web-servers.xml:214(para)
268
268
msgid ""
269
269
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
270
270
"to be advertised for the server's administrator. The default value is "
275
275
"configuration file in /etc/apache2/sites-available."
276
276
msgstr ""
277
277
278
#: serverguide/C/web-servers.xml:212(para)
278
#: serverguide/C/web-servers.xml:225(para)
279
279
msgid ""
280
280
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
281
281
"the IP address, Apache2 should listen on. If the IP address is not "
301
301
"available/mynewsite.conf</filename>)."
302
302
msgstr ""
303
303
304
#: serverguide/C/web-servers.xml:237(para)
304
#: serverguide/C/web-servers.xml:250(para)
305
305
msgid ""
306
306
"You may also want your site to respond to www.ubunturocks.com, since many "
307
307
"users will assume the www prefix is appropriate. Use the "
309
309
"wildcards in the ServerAlias directive."
310
310
msgstr ""
311
311
312
#: serverguide/C/web-servers.xml:244(para)
312
#: serverguide/C/web-servers.xml:257(para)
313
313
msgid ""
314
314
"For example, the following configuration will cause your site to respond to "
315
315
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
316
316
msgstr ""
317
317
318
#: serverguide/C/web-servers.xml:250(programlisting)
318
#: serverguide/C/web-servers.xml:263(programlisting)
319
319
#, no-wrap
320
320
msgid ""
321
321
"\n"
333
333
"virtual host file, and remember to create that directory if necessary!"
334
334
msgstr ""
335
335
336
#: serverguide/C/web-servers.xml:265(para)
336
#: serverguide/C/web-servers.xml:278(para)
337
337
msgid ""
338
338
"Enable the new <emphasis>VirtualHost</emphasis> using the "
339
339
"<application>a2ensite</application> utility and restart Apache2:"
340
340
msgstr ""
341
341
342
#: serverguide/C/web-servers.xml:271(command)
342
#: serverguide/C/web-servers.xml:284(command)
343
343
msgid "sudo a2ensite mynewsite"
344
344
msgstr "sudo a2ensite mynewsite"
345
345
346
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
346
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
347
347
msgid "sudo service apache2 restart"
348
348
msgstr ""
349
349
350
#: serverguide/C/web-servers.xml:276(para)
350
#: serverguide/C/web-servers.xml:289(para)
351
351
msgid ""
352
352
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
353
353
"name for the VirtualHost. One method is to name the file after the "
354
354
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
355
355
msgstr ""
356
356
357
#: serverguide/C/web-servers.xml:283(para)
357
#: serverguide/C/web-servers.xml:296(para)
358
358
msgid ""
359
359
"Similarly, use the <application>a2dissite</application> utility to disable "
360
360
"sites. This is can be useful when troubleshooting configuration problems "
361
361
"with multiple VirtualHosts:"
362
362
msgstr ""
363
363
364
#: serverguide/C/web-servers.xml:289(command)
364
#: serverguide/C/web-servers.xml:302(command)
365
365
msgid "sudo a2dissite mynewsite"
366
366
msgstr "sudo a2dissite mon_site_novèl"
367
367
368
#: serverguide/C/web-servers.xml:295(title)
368
#: serverguide/C/web-servers.xml:308(title)
369
369
msgid "Default Settings"
370
370
msgstr "Paramètres per defaut"
371
371
372
#: serverguide/C/web-servers.xml:297(para)
372
#: serverguide/C/web-servers.xml:310(para)
373
373
msgid ""
374
374
"This section explains configuration of the Apache2 server default settings. "
375
375
"For example, if you add a virtual host, the settings you configure for the "
377
377
"defined within the virtual host settings, the default value is used."
378
378
msgstr ""
379
379
380
#: serverguide/C/web-servers.xml:309(para)
380
#: serverguide/C/web-servers.xml:322(para)
381
381
msgid ""
382
382
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
383
383
"server when a user requests an index of a directory by specifying a forward "
384
384
"slash (/) at the end of the directory name."
385
385
msgstr ""
386
386
387
#: serverguide/C/web-servers.xml:316(para)
387
#: serverguide/C/web-servers.xml:329(para)
388
388
msgid ""
389
389
"For example, when a user requests the page "
390
390
"http://www.example.com/this_directory/, he or she will get either the "
412
412
"example files."
413
413
msgstr ""
414
414
415
#: serverguide/C/web-servers.xml:347(para)
415
#: serverguide/C/web-servers.xml:360(para)
416
416
msgid ""
417
417
"By default, the server writes the transfer log to the file "
418
418
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
419
419
"per-site basis in your virtual host configuration files with the "
420
420
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
421
"specified in <filename> /etc/apache2/conf.d/other-vhosts-access-"
422
"log</filename>. You may also specify the file to which errors are logged, "
423
"via the <emphasis>ErrorLog</emphasis> directive, whose default is "
421
"specified in <filename> /etc/apache2/conf-available/other-vhosts-access-"
422
"log.conf</filename>. You may also specify the file to which errors are "
423
"logged, via the <emphasis>ErrorLog</emphasis> directive, whose default is "
424
424
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
425
425
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
426
426
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
428
428
"/etc/apache2/apache2.conf</filename> for the default value)."
429
429
msgstr ""
430
430
431
#: serverguide/C/web-servers.xml:362(para)
431
#: serverguide/C/web-servers.xml:375(para)
432
432
msgid ""
433
433
"Some options are specified on a per-directory basis rather than per-server. "
434
434
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
444
444
"</Directory>\n"
445
445
msgstr ""
446
446
447
#: serverguide/C/web-servers.xml:374(para)
447
#: serverguide/C/web-servers.xml:387(para)
448
448
msgid ""
449
449
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
450
450
"one or more of the following values (among others), separated by spaces:"
451
451
msgstr ""
452
452
453
#: serverguide/C/web-servers.xml:386(para)
453
#: serverguide/C/web-servers.xml:399(para)
454
454
msgid ""
455
455
"Most files should not be executed as CGI scripts. This would be very "
456
456
"dangerous. CGI scripts should kept in a directory separate from and outside "
459
459
"<filename>/usr/lib/cgi-bin</filename>."
460
460
msgstr ""
461
461
462
#: serverguide/C/web-servers.xml:381(para)
462
#: serverguide/C/web-servers.xml:394(para)
463
463
msgid ""
464
464
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
465
465
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
466
466
msgstr ""
467
467
468
#: serverguide/C/web-servers.xml:397(para)
468
#: serverguide/C/web-servers.xml:410(para)
469
469
msgid ""
470
470
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
471
471
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
474
474
"documentation (Ubuntu community)</ulink> for more information."
475
475
msgstr ""
476
476
477
#: serverguide/C/web-servers.xml:406(para)
477
#: serverguide/C/web-servers.xml:419(para)
478
478
msgid ""
479
479
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
480
480
"includes, but disable the <emphasis>#exec</emphasis> and "
481
481
"<emphasis>#include</emphasis> commands in CGI scripts."
482
482
msgstr ""
483
483
484
#: serverguide/C/web-servers.xml:418(para)
484
#: serverguide/C/web-servers.xml:431(para)
485
485
msgid ""
486
486
"For security reasons, this should usually not be set, and certainly should "
487
487
"not be set on your DocumentRoot directory. Enable this option carefully on a "
489
489
"contents of the directory."
490
490
msgstr ""
491
491
492
#: serverguide/C/web-servers.xml:413(para)
492
#: serverguide/C/web-servers.xml:426(para)
493
493
msgid ""
494
494
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
495
495
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
505
505
"Apache2 documentation on this option</ulink>."
506
506
msgstr ""
507
507
508
#: serverguide/C/web-servers.xml:436(para)
508
#: serverguide/C/web-servers.xml:449(para)
509
509
msgid ""
510
510
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
511
511
"symbolic links if the target file or directory has the same owner as the "
512
512
"link."
513
513
msgstr ""
514
514
515
#: serverguide/C/web-servers.xml:448(title)
515
#: serverguide/C/web-servers.xml:461(title)
516
516
msgid "httpd Settings"
517
517
msgstr "Paramètres httpd"
518
518
519
#: serverguide/C/web-servers.xml:450(para)
519
#: serverguide/C/web-servers.xml:463(para)
520
520
msgid ""
521
521
"This section explains some basic <application>httpd</application> daemon "
522
522
"configuration settings."
523
523
msgstr ""
524
524
525
#: serverguide/C/web-servers.xml:454(para)
525
#: serverguide/C/web-servers.xml:467(para)
526
526
msgid ""
527
527
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
528
528
"the path to the lockfile used when the server is compiled with either "
533
533
"that is readable only by root."
534
534
msgstr ""
535
535
536
#: serverguide/C/web-servers.xml:463(para)
536
#: serverguide/C/web-servers.xml:476(para)
537
537
msgid ""
538
538
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
539
539
"file in which the server records its process ID (pid). This file should only "
540
540
"be readable by root. In most cases, it should be left to the default value."
541
541
msgstr ""
542
542
543
#: serverguide/C/web-servers.xml:469(para)
543
#: serverguide/C/web-servers.xml:482(para)
544
544
msgid ""
545
545
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
546
546
"used by the server to answer requests. This setting determines the server's "
548
548
"your website's visitors. The default value for User is \"www-data\"."
549
549
msgstr ""
550
550
551
#: serverguide/C/web-servers.xml:476(para)
551
#: serverguide/C/web-servers.xml:489(para)
552
552
msgid ""
553
553
"Unless you know exactly what you are doing, do not set the User directive to "
554
554
"root. Using root as the User will create large security holes for your Web "
555
555
"server."
556
556
msgstr ""
557
557
558
#: serverguide/C/web-servers.xml:482(para)
558
#: serverguide/C/web-servers.xml:495(para)
559
559
msgid ""
560
560
"<emphasis role=\"bold\">Group</emphasis> - The Group directive is similar to "
561
561
"the User directive. Group sets the group under which the server will answer "
562
562
"requests. The default group is also \"www-data\"."
563
563
msgstr ""
564
564
565
#: serverguide/C/web-servers.xml:489(title)
565
#: serverguide/C/web-servers.xml:502(title)
566
566
msgid "Apache2 Modules"
567
567
msgstr ""
568
568
569
#: serverguide/C/web-servers.xml:491(para)
569
#: serverguide/C/web-servers.xml:504(para)
570
570
msgid ""
571
571
"Apache2 is a modular server. This implies that only the most basic "
572
572
"functionality is included in the core server. Extended features are "
577
577
"Apache2 must be recompiled to add or remove modules."
578
578
msgstr ""
579
579
580
#: serverguide/C/web-servers.xml:503(para)
580
#: serverguide/C/web-servers.xml:516(para)
581
581
msgid ""
582
582
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
583
583
"Configuration directives may be conditionally included on the presence of a "
585
585
"<emphasis><IfModule></emphasis> block."
586
586
msgstr ""
587
587
588
#: serverguide/C/web-servers.xml:510(para)
588
#: serverguide/C/web-servers.xml:523(para)
589
589
msgid ""
590
590
"You can install additional Apache2 modules and use them with your Web "
591
591
"server. For example, run the following command from a terminal prompt to "
592
592
"install the <emphasis>MySQL Authentication</emphasis> module:"
593
593
msgstr ""
594
594
595
#: serverguide/C/web-servers.xml:517(command)
595
#: serverguide/C/web-servers.xml:530(command)
596
596
msgid "sudo apt-get install libapache2-mod-auth-mysql"
597
597
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
598
598
599
#: serverguide/C/web-servers.xml:520(para)
599
#: serverguide/C/web-servers.xml:533(para)
600
600
msgid ""
601
601
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
602
602
"additional modules."
603
603
msgstr ""
604
604
605
#: serverguide/C/web-servers.xml:524(para)
605
#: serverguide/C/web-servers.xml:537(para)
606
606
msgid ""
607
607
"Use the <application>a2enmod</application> utility to enable a module:"
608
608
msgstr ""
609
609
610
#: serverguide/C/web-servers.xml:530(command)
610
#: serverguide/C/web-servers.xml:543(command)
611
611
msgid "sudo a2enmod auth_mysql"
612
612
msgstr "sudo a2enmod auth_mysql"
613
613
614
#: serverguide/C/web-servers.xml:534(para)
614
#: serverguide/C/web-servers.xml:547(para)
615
615
msgid "Similarly, <application>a2dismod</application> will disable a module:"
616
616
msgstr ""
617
617
618
#: serverguide/C/web-servers.xml:539(command)
618
#: serverguide/C/web-servers.xml:552(command)
619
619
msgid "sudo a2dismod auth_mysql"
620
620
msgstr "sudo a2dismod auth_mysql"
621
621
622
#: serverguide/C/web-servers.xml:546(title)
622
#: serverguide/C/web-servers.xml:559(title)
623
623
msgid "HTTPS Configuration"
624
624
msgstr "Configuracion HTTPS"
625
625
626
#: serverguide/C/web-servers.xml:548(para)
626
#: serverguide/C/web-servers.xml:561(para)
627
627
msgid ""
628
628
"The <application>mod_ssl</application> module adds an important feature to "
629
629
"the Apache2 server - the ability to encrypt communications. Thus, when your "
632
632
"bar."
633
633
msgstr ""
634
634
635
#: serverguide/C/web-servers.xml:557(para)
635
#: serverguide/C/web-servers.xml:570(para)
636
636
msgid ""
637
637
"The <application>mod_ssl</application> module is available in "
638
638
"<application>apache2-common</application> package. Execute the following "
640
640
"<application>mod_ssl</application> module:"
641
641
msgstr ""
642
642
643
#: serverguide/C/web-servers.xml:564(command)
643
#: serverguide/C/web-servers.xml:577(command)
644
644
msgid "sudo a2enmod ssl"
645
645
msgstr "sudo a2enmod ssl"
646
646
658
658
"linkend=\"certificates-and-security\"/>"
659
659
msgstr ""
660
660
661
#: serverguide/C/web-servers.xml:577(para)
661
#: serverguide/C/web-servers.xml:590(para)
662
662
msgid ""
663
663
"To configure <application>Apache2</application> for HTTPS, enter the "
664
664
"following:"
665
665
msgstr ""
666
666
667
#: serverguide/C/web-servers.xml:582(command)
667
#: serverguide/C/web-servers.xml:595(command)
668
668
msgid "sudo a2ensite default-ssl"
669
669
msgstr "sudo a2ensite default-ssl"
670
670
671
#: serverguide/C/web-servers.xml:586(para)
671
#: serverguide/C/web-servers.xml:599(para)
672
672
msgid ""
673
673
"The directories <filename>/etc/ssl/certs</filename> and "
674
674
"<filename>/etc/ssl/private</filename> are the default locations. If you "
677
677
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
678
678
msgstr ""
679
679
680
#: serverguide/C/web-servers.xml:593(para)
680
#: serverguide/C/web-servers.xml:606(para)
681
681
msgid ""
682
682
"With Apache2 now configured for HTTPS, restart the service to enable the new "
683
683
"settings:"
684
684
msgstr ""
685
685
686
#: serverguide/C/web-servers.xml:604(para)
686
#: serverguide/C/web-servers.xml:617(para)
687
687
msgid ""
688
688
"Depending on how you obtained your certificate you may need to enter a "
689
689
"passphrase when <application>Apache2</application> starts."
690
690
msgstr ""
691
691
692
#: serverguide/C/web-servers.xml:610(para)
692
#: serverguide/C/web-servers.xml:623(para)
693
693
msgid ""
694
694
"You can access the secure server pages by typing https://your_hostname/url/ "
695
695
"in your browser address bar."
696
696
msgstr ""
697
697
698
#: serverguide/C/web-servers.xml:617(title)
698
#: serverguide/C/web-servers.xml:630(title)
699
699
msgid "Sharing Write Permission"
700
700
msgstr ""
701
701
716
716
msgstr ""
717
717
718
718
#: serverguide/C/web-servers.xml:641(command)
719
msgid "sudo find /var/www/html -type f -exec chmod g=rws \"{}\" \\;"
720
msgstr ""
721
722
#: serverguide/C/web-servers.xml:632(para)
719
msgid "sudo find /var/www/html -type f -exec chmod g=rw \"{}\" \\;"
720
msgstr ""
721
722
#: serverguide/C/web-servers.xml:643(para)
723
msgid ""
724
"These commands recursively set the group permission on all files and "
725
"directories in /var/www/html to read write and set user id. This has the "
726
"effect of having the files and directories inherit their group and "
727
"permission from their parrent. Many admins find this useful for allowing "
728
"multiple users to edit files in a directory tree."
729
msgstr ""
730
731
#: serverguide/C/web-servers.xml:652(para)
723
732
msgid ""
724
733
"If access must be granted to more than one group per directory, enable "
725
734
"Access Control Lists (ACLs)."
726
735
msgstr ""
727
736
728
#: serverguide/C/web-servers.xml:639(title) serverguide/C/web-servers.xml:789(title) serverguide/C/web-servers.xml:939(title) serverguide/C/web-servers.xml:1034(title) serverguide/C/web-servers.xml:1256(title) serverguide/C/vpn.xml:800(title) serverguide/C/virtualization.xml:2081(title) serverguide/C/vcs.xml:538(title) serverguide/C/security.xml:863(title) serverguide/C/security.xml:1197(title) serverguide/C/security.xml:1611(title) serverguide/C/security.xml:1797(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:762(title) serverguide/C/package-management.xml:466(title) serverguide/C/other-apps.xml:328(title) serverguide/C/network-config.xml:1035(title) serverguide/C/network-config.xml:1143(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:453(title) serverguide/C/mail.xml:648(title) serverguide/C/mail.xml:800(title) serverguide/C/mail.xml:1220(title) serverguide/C/mail.xml:1688(title) serverguide/C/lamp-applications.xml:244(title) serverguide/C/lamp-applications.xml:373(title) serverguide/C/lamp-applications.xml:481(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:446(title) serverguide/C/file-server.xml:616(title) serverguide/C/file-server.xml:803(title) serverguide/C/dns.xml:605(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:295(title)
737
#: serverguide/C/web-servers.xml:659(title) serverguide/C/web-servers.xml:809(title) serverguide/C/web-servers.xml:958(title) serverguide/C/web-servers.xml:1053(title) serverguide/C/web-servers.xml:1278(title) serverguide/C/vpn.xml:843(title) serverguide/C/vcs.xml:546(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1217(title) serverguide/C/security.xml:1631(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:196(title) serverguide/C/remote-administration.xml:802(title) serverguide/C/package-management.xml:479(title) serverguide/C/network-config.xml:1033(title) serverguide/C/network-config.xml:1141(title) serverguide/C/monitoring.xml:392(title) serverguide/C/monitoring.xml:528(title) serverguide/C/mail.xml:511(title) serverguide/C/mail.xml:706(title) serverguide/C/mail.xml:859(title) serverguide/C/mail.xml:1279(title) serverguide/C/mail.xml:1746(title) serverguide/C/lamp-applications.xml:260(title) serverguide/C/lamp-applications.xml:400(title) serverguide/C/lamp-applications.xml:518(title) serverguide/C/lamp-applications.xml:673(title) serverguide/C/file-server.xml:305(title) serverguide/C/file-server.xml:445(title) serverguide/C/file-server.xml:615(title) serverguide/C/file-server.xml:802(title) serverguide/C/dns.xml:614(title) serverguide/C/clustering.xml:232(title) serverguide/C/chat.xml:105(title) serverguide/C/chat.xml:214(title) serverguide/C/backups.xml:301(title)
729
738
msgid "References"
730
739
msgstr "Referéncias"
731
740
732
#: serverguide/C/web-servers.xml:656(para)
741
#: serverguide/C/web-servers.xml:663(para)
733
742
msgid ""
734
743
"<ulink url=\"http://httpd.apache.org/docs/2.4/\">Apache2 "
735
744
"Documentation</ulink> contains in depth information on Apache2 configuration "
737
746
"the official Apache2 docs."
738
747
msgstr ""
739
748
740
#: serverguide/C/web-servers.xml:650(para)
749
#: serverguide/C/web-servers.xml:670(para)
741
750
msgid ""
742
751
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
743
752
"Documentation</ulink> site for more SSL related information."
744
753
msgstr ""
745
754
746
#: serverguide/C/web-servers.xml:656(para)
755
#: serverguide/C/web-servers.xml:676(para)
747
756
msgid ""
748
757
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
749
758
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
750
759
"configurations."
751
760
msgstr ""
752
761
753
#: serverguide/C/web-servers.xml:662(para)
762
#: serverguide/C/web-servers.xml:682(para)
754
763
msgid ""
755
764
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
756
765
"server</emphasis> IRC channel on <ulink "
757
766
"url=\"http://freenode.net/\">freenode.net</ulink>."
758
767
msgstr ""
759
768
760
#: serverguide/C/web-servers.xml:668(para)
769
#: serverguide/C/web-servers.xml:688(para)
761
770
msgid ""
762
771
"Usually integrated with PHP and MySQL the <ulink "
763
772
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
764
773
"Ubuntu Wiki </ulink> page is a good resource."
765
774
msgstr ""
766
775
767
#: serverguide/C/web-servers.xml:679(title)
776
#: serverguide/C/web-servers.xml:699(title)
768
777
msgid "PHP5 - Scripting Language"
769
778
msgstr "PHP5 - Lengatge d'escript"
770
779
771
#: serverguide/C/web-servers.xml:680(para)
780
#: serverguide/C/web-servers.xml:700(para)
772
781
msgid ""
773
782
"PHP is a general-purpose scripting language suited for Web development. The "
774
783
"PHP script can be embedded into HTML. This section explains how to install "
775
784
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
776
785
msgstr ""
777
786
778
#: serverguide/C/web-servers.xml:684(para)
787
#: serverguide/C/web-servers.xml:704(para)
779
788
msgid ""
780
789
"This section assumes you have installed and configured Apache2 Web Server "
781
790
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
783
792
"respectively."
784
793
msgstr ""
785
794
786
#: serverguide/C/web-servers.xml:691(para)
795
#: serverguide/C/web-servers.xml:711(para)
787
796
msgid ""
788
797
"The PHP5 is available in Ubuntu Linux. Unlike python and perl, which are "
789
798
"installed in the base system, PHP must be added."
790
799
msgstr ""
791
800
792
#: serverguide/C/web-servers.xml:695(para)
801
#: serverguide/C/web-servers.xml:715(para)
793
802
msgid ""
794
803
"To install PHP5 you can enter the following command in the terminal prompt: "
795
804
"<screen>\n"
797
806
"</screen>"
798
807
msgstr ""
799
808
800
#: serverguide/C/web-servers.xml:704(para)
809
#: serverguide/C/web-servers.xml:724(para)
801
810
msgid ""
802
811
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
803
812
"line you should install <application>php5-cli</application> package. To "
807
816
"</screen>"
808
817
msgstr ""
809
818
810
#: serverguide/C/web-servers.xml:713(para)
819
#: serverguide/C/web-servers.xml:733(para)
811
820
msgid ""
812
821
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
813
822
"accomplish this, you should install <application>php5-cgi</application> "
817
826
"</screen>"
818
827
msgstr ""
819
828
820
#: serverguide/C/web-servers.xml:723(para)
829
#: serverguide/C/web-servers.xml:743(para)
821
830
msgid ""
822
831
"To use <application>MySQL</application> with PHP5 you should install "
823
832
"<application>php5-mysql</application> package. To install <application>php5-"
827
836
"</screen>"
828
837
msgstr ""
829
838
830
#: serverguide/C/web-servers.xml:731(para)
839
#: serverguide/C/web-servers.xml:751(para)
831
840
msgid ""
832
841
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
833
842
"install <application>php5-pgsql</application> package. To install "
837
846
"</screen>"
838
847
msgstr ""
839
848
840
#: serverguide/C/web-servers.xml:744(para)
849
#: serverguide/C/web-servers.xml:764(para)
841
850
msgid ""
842
851
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
843
852
"you have installed <application>php5-cli</application> package, you can run "
844
853
"PHP5 scripts from your command prompt."
845
854
msgstr ""
846
855
847
#: serverguide/C/web-servers.xml:751(para)
856
#: serverguide/C/web-servers.xml:771(para)
848
857
msgid ""
849
858
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
850
859
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
855
864
"command."
856
865
msgstr ""
857
866
858
#: serverguide/C/web-servers.xml:762(para)
867
#: serverguide/C/web-servers.xml:782(para)
859
868
msgid ""
860
869
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
861
870
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
863
872
"<screen><command>sudo service apache2 restart</command> </screen>"
864
873
msgstr ""
865
874
866
#: serverguide/C/web-servers.xml:770(title) serverguide/C/network-auth.xml:1069(title) serverguide/C/mail.xml:314(title) serverguide/C/mail.xml:1611(title) serverguide/C/dns.xml:376(title) serverguide/C/clustering.xml:182(title)
875
#: serverguide/C/web-servers.xml:790(title) serverguide/C/network-auth.xml:1076(title) serverguide/C/mail.xml:359(title) serverguide/C/mail.xml:1669(title) serverguide/C/dns.xml:380(title) serverguide/C/clustering.xml:182(title)
867
876
msgid "Testing"
868
877
msgstr "Tèsts"
869
878
870
#: serverguide/C/web-servers.xml:771(para)
879
#: serverguide/C/web-servers.xml:791(para)
871
880
msgid ""
872
881
"To verify your installation, you can run following PHP5 phpinfo script:"
873
882
msgstr ""
874
883
875
#: serverguide/C/web-servers.xml:774(programlisting)
884
#: serverguide/C/web-servers.xml:794(programlisting)
876
885
#, no-wrap
877
886
msgid ""
878
887
"\n"
881
890
"?>\n"
882
891
msgstr ""
883
892
884
#: serverguide/C/web-servers.xml:779(para)
893
#: serverguide/C/web-servers.xml:799(para)
885
894
msgid ""
886
895
"You can save the content in a file <filename>phpinfo.php</filename> and "
887
896
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
890
899
"various PHP5 configuration parameters."
891
900
msgstr ""
892
901
893
#: serverguide/C/web-servers.xml:793(para)
902
#: serverguide/C/web-servers.xml:813(para)
894
903
msgid ""
895
904
"For more in depth information see <ulink "
896
905
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
897
906
msgstr ""
898
907
899
#: serverguide/C/web-servers.xml:798(para)
908
#: serverguide/C/web-servers.xml:818(para)
900
909
msgid ""
901
910
"There are a plethora of books on PHP. Two good books from O'Reilly are "
902
911
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
904
913
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
905
914
msgstr ""
906
915
907
#: serverguide/C/web-servers.xml:805(para)
916
#: serverguide/C/web-servers.xml:825(para)
908
917
msgid ""
909
918
"Also, see the <ulink "
910
919
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
911
920
"Ubuntu Wiki</ulink> page for more information."
912
921
msgstr ""
913
922
914
#: serverguide/C/web-servers.xml:816(title)
923
#: serverguide/C/web-servers.xml:836(title)
915
924
msgid "Squid - Proxy Server"
916
925
msgstr "Squid - Servidor mandatari (proxy)"
917
926
918
#: serverguide/C/web-servers.xml:830(para)
927
#: serverguide/C/web-servers.xml:837(para)
919
928
msgid ""
920
929
"Squid is a full-featured web proxy cache server application which provides "
921
930
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
928
937
"(WCCP)."
929
938
msgstr ""
930
939
931
#: serverguide/C/web-servers.xml:838(para)
940
#: serverguide/C/web-servers.xml:845(para)
932
941
msgid ""
933
942
"The Squid proxy cache server is an excellent solution to a variety of proxy "
934
943
"and caching server needs, and scales from the branch office to enterprise "
940
949
"for increased performance."
941
950
msgstr ""
942
951
943
#: serverguide/C/web-servers.xml:834(para)
952
#: serverguide/C/web-servers.xml:854(para)
944
953
msgid ""
945
954
"At a terminal prompt, enter the following command to install the Squid "
946
955
"server:"
947
956
msgstr ""
948
957
949
#: serverguide/C/web-servers.xml:852(command)
958
#: serverguide/C/web-servers.xml:859(command)
950
959
msgid "sudo apt-get install squid3"
951
960
msgstr ""
952
961
953
#: serverguide/C/web-servers.xml:858(para)
962
#: serverguide/C/web-servers.xml:865(para)
954
963
msgid ""
955
964
"Squid is configured by editing the directives contained within the "
956
965
"<filename>/etc/squid3/squid.conf</filename> configuration file. The "
959
968
"of Squid, see the References section."
960
969
msgstr ""
961
970
962
#: serverguide/C/web-servers.xml:864(para)
971
#: serverguide/C/web-servers.xml:871(para)
963
972
msgid ""
964
973
"Prior to editing the configuration file, you should make a copy of the "
965
974
"original file and protect it from writing so you will have the original "
967
976
"protect it from writing using the following commands:"
968
977
msgstr ""
969
978
970
#: serverguide/C/web-servers.xml:870(command)
979
#: serverguide/C/web-servers.xml:877(command)
971
980
msgid "sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original"
972
981
msgstr ""
973
982
974
#: serverguide/C/web-servers.xml:871(command)
983
#: serverguide/C/web-servers.xml:878(command)
975
984
msgid "sudo chmod a-w /etc/squid3/squid.conf.original"
976
985
msgstr ""
977
986
978
#: serverguide/C/web-servers.xml:866(para)
987
#: serverguide/C/web-servers.xml:885(para)
979
988
msgid ""
980
989
"To set your Squid server to listen on TCP port 8888 instead of the default "
981
990
"TCP port 3128, change the http_port directive as such:"
982
991
msgstr ""
983
992
984
#: serverguide/C/web-servers.xml:870(programlisting)
993
#: serverguide/C/web-servers.xml:889(programlisting)
985
994
#, no-wrap
986
995
msgid ""
987
996
"\n"
990
999
"\n"
991
1000
"http_port 8888\n"
992
1001
993
#: serverguide/C/web-servers.xml:875(para)
1002
#: serverguide/C/web-servers.xml:894(para)
994
1003
msgid ""
995
1004
"Change the visible_hostname directive in order to give the Squid server a "
996
1005
"specific hostname. This hostname does not necessarily need to be the "
997
1006
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
998
1007
msgstr ""
999
1008
1000
#: serverguide/C/web-servers.xml:879(programlisting)
1009
#: serverguide/C/web-servers.xml:898(programlisting)
1001
1010
#, no-wrap
1002
1011
msgid ""
1003
1012
"\n"
1006
1015
"\n"
1007
1016
"visible_hostname weezie\n"
1008
1017
1009
#: serverguide/C/web-servers.xml:884(para)
1018
#: serverguide/C/web-servers.xml:903(para)
1010
1019
msgid ""
1011
1020
"Using Squid's access control, you may configure use of Internet services "
1012
1021
"proxied by Squid to be available only users with certain Internet Protocol "
1014
1023
"192.168.42.0/24 subnetwork only:"
1015
1024
msgstr ""
1016
1025
1017
#: serverguide/C/web-servers.xml:901(para) serverguide/C/web-servers.xml:921(para)
1026
#: serverguide/C/web-servers.xml:908(para) serverguide/C/web-servers.xml:928(para)
1018
1027
msgid ""
1019
1028
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
1020
1029
"ACL section of your <filename>/etc/squid3/squid.conf</filename> file:"
1021
1030
msgstr ""
1022
1031
1023
#: serverguide/C/web-servers.xml:892(programlisting)
1032
#: serverguide/C/web-servers.xml:911(programlisting)
1024
1033
#, no-wrap
1025
1034
msgid ""
1026
1035
"\n"
1029
1038
"\n"
1030
1039
"acl fortytwo_network src 192.168.42.0/24\n"
1031
1040
1032
#: serverguide/C/web-servers.xml:907(para) serverguide/C/web-servers.xml:928(para)
1041
#: serverguide/C/web-servers.xml:914(para) serverguide/C/web-servers.xml:935(para)
1033
1042
msgid ""
1034
1043
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
1035
1044
"http_access section of your <filename>/etc/squid3/squid.conf</filename> file:"
1036
1045
msgstr ""
1037
1046
1038
#: serverguide/C/web-servers.xml:899(programlisting)
1047
#: serverguide/C/web-servers.xml:918(programlisting)
1039
1048
#, no-wrap
1040
1049
msgid ""
1041
1050
"\n"
1044
1053
"\n"
1045
1054
"http_access allow fortytwo_network\n"
1046
1055
1047
#: serverguide/C/web-servers.xml:916(para)
1056
#: serverguide/C/web-servers.xml:923(para)
1048
1057
msgid ""
1049
1058
"Using the excellent access control features of Squid, you may configure use "
1050
1059
"of Internet services proxied by Squid to be available only during normal "
1053
1062
"Friday, and which uses the 10.1.42.0/24 subnetwork:"
1054
1063
msgstr ""
1055
1064
1056
#: serverguide/C/web-servers.xml:912(programlisting)
1057
#, no-wrap
1058
msgid ""
1059
"\n"
1060
"acl biz_network src 10.1.42.0/24\n"
1061
"acl biz_hours time M T W T F 9:00-17:00\n"
1062
msgstr ""
1063
"\n"
1064
"acl biz_network src 10.1.42.0/24\n"
1065
"acl biz_hours time M T W T F 9:00-17:00\n"
1066
1067
#: serverguide/C/web-servers.xml:920(programlisting)
1068
#, no-wrap
1069
msgid ""
1070
"\n"
1071
"http_access allow biz_network biz_hours\n"
1072
msgstr ""
1073
"\n"
1074
"http_access allow biz_network biz_hours\n"
1075
1076
#: serverguide/C/web-servers.xml:939(para)
1065
#: serverguide/C/web-servers.xml:931(programlisting)
1066
#, no-wrap
1067
msgid ""
1068
"\n"
1069
"acl biz_network src 10.1.42.0/24\n"
1070
"acl biz_hours time M T W T F 9:00-17:00\n"
1071
msgstr ""
1072
"\n"
1073
"acl biz_network src 10.1.42.0/24\n"
1074
"acl biz_hours time M T W T F 9:00-17:00\n"
1075
1076
#: serverguide/C/web-servers.xml:939(programlisting)
1077
#, no-wrap
1078
msgid ""
1079
"\n"
1080
"http_access allow biz_network biz_hours\n"
1081
msgstr ""
1082
"\n"
1083
"http_access allow biz_network biz_hours\n"
1084
1085
#: serverguide/C/web-servers.xml:946(para)
1077
1086
msgid ""
1078
1087
"After making changes to the <filename>/etc/squid3/squid.conf</filename> "
1079
1088
"file, save the file and restart the <application>squid</application> server "
1081
1090
"terminal prompt:"
1082
1091
msgstr ""
1083
1092
1084
#: serverguide/C/web-servers.xml:945(command)
1093
#: serverguide/C/web-servers.xml:952(command)
1085
1094
msgid "sudo service squid3 restart"
1086
1095
msgstr ""
1087
1096
1088
#: serverguide/C/web-servers.xml:941(ulink)
1097
#: serverguide/C/web-servers.xml:960(ulink)
1089
1098
msgid "Squid Website"
1090
1099
msgstr "Site internet de Squid"
1091
1100
1092
#: serverguide/C/web-servers.xml:943(para)
1101
#: serverguide/C/web-servers.xml:962(para)
1093
1102
msgid ""
1094
1103
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
1095
1104
"Squid</ulink> page."
1096
1105
msgstr ""
1097
1106
1098
#: serverguide/C/web-servers.xml:950(title)
1107
#: serverguide/C/web-servers.xml:969(title)
1099
1108
msgid "Ruby on Rails"
1100
1109
msgstr "Ruby on Rails"
1101
1110
1102
#: serverguide/C/web-servers.xml:951(para)
1111
#: serverguide/C/web-servers.xml:970(para)
1103
1112
msgid ""
1104
1113
"Ruby on Rails is an open source web framework for developing database backed "
1105
1114
"web applications. It is optimized for sustainable productivity of the "
1107
1116
"convention over configuration."
1108
1117
msgstr ""
1109
1118
1110
#: serverguide/C/web-servers.xml:958(para)
1119
#: serverguide/C/web-servers.xml:977(para)
1111
1120
msgid ""
1112
1121
"Before installing <application>Rails</application> you should install "
1113
1122
"<application>Apache</application> and <application>MySQL</application>. To "
1116
1125
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1117
1126
msgstr ""
1118
1127
1119
#: serverguide/C/web-servers.xml:966(para)
1128
#: serverguide/C/web-servers.xml:985(para)
1120
1129
msgid ""
1121
1130
"Once you have <application>Apache</application> and "
1122
1131
"<application>MySQL</application> packages installed, you are ready to "
1123
1132
"install <application>Ruby on Rails</application> package."
1124
1133
msgstr ""
1125
1134
1126
#: serverguide/C/web-servers.xml:973(para)
1135
#: serverguide/C/web-servers.xml:992(para)
1127
1136
msgid ""
1128
1137
"To install the <application>Ruby</application> base packages and "
1129
1138
"<application>Ruby on Rails</application>, you can enter the following "
1130
1139
"command in the terminal prompt:"
1131
1140
msgstr ""
1132
1141
1133
#: serverguide/C/web-servers.xml:979(command)
1142
#: serverguide/C/web-servers.xml:998(command)
1134
1143
msgid "sudo apt-get install rails"
1135
1144
msgstr "sudo apt-get install rails"
1136
1145
1137
#: serverguide/C/web-servers.xml:997(para)
1146
#: serverguide/C/web-servers.xml:1004(para)
1138
1147
msgid ""
1139
1148
"Modify the <filename>/etc/apache2/sites-available/000-"
1140
1149
"default.conf</filename> configuration file to setup your domains."
1141
1150
msgstr ""
1142
1151
1143
#: serverguide/C/web-servers.xml:989(para)
1152
#: serverguide/C/web-servers.xml:1008(para)
1144
1153
msgid ""
1145
1154
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1146
1155
msgstr ""
1147
1156
1148
#: serverguide/C/web-servers.xml:993(programlisting)
1157
#: serverguide/C/web-servers.xml:1012(programlisting)
1149
1158
#, no-wrap
1150
1159
msgid ""
1151
1160
"\n"
1154
1163
"\n"
1155
1164
"DocumentRoot /path/to/rails/application/public\n"
1156
1165
1157
#: serverguide/C/web-servers.xml:996(para)
1166
#: serverguide/C/web-servers.xml:1015(para)
1158
1167
msgid ""
1159
1168
"Next, change the <Directory \"/path/to/rails/application/public\"> "
1160
1169
"directive:"
1161
1170
msgstr ""
1162
1171
1163
#: serverguide/C/web-servers.xml:1000(programlisting)
1172
#: serverguide/C/web-servers.xml:1019(programlisting)
1164
1173
#, no-wrap
1165
1174
msgid ""
1166
1175
"\n"
1181
1190
"AddHandler cgi-script .cgi\n"
1182
1191
"</Directory>\n"
1183
1192
1184
#: serverguide/C/web-servers.xml:1010(para)
1193
#: serverguide/C/web-servers.xml:1029(para)
1185
1194
msgid ""
1186
1195
"You should also enable the <application>mod_rewrite</application> module for "
1187
1196
"Apache. To enable <application>mod_rewrite</application> module, please "
1188
1197
"enter the following command in a terminal prompt:"
1189
1198
msgstr ""
1190
1199
1191
#: serverguide/C/web-servers.xml:1016(command)
1200
#: serverguide/C/web-servers.xml:1035(command)
1192
1201
msgid "sudo a2enmod rewrite"
1193
1202
msgstr "sudo a2enmod rewrite"
1194
1203
1195
#: serverguide/C/web-servers.xml:1019(para)
1204
#: serverguide/C/web-servers.xml:1038(para)
1196
1205
msgid ""
1197
1206
"Finally you will need to change the ownership of the "
1198
1207
"<filename>/path/to/rails/application/public</filename> and "
1200
1209
"used to run the <application>Apache</application> process:"
1201
1210
msgstr ""
1202
1211
1203
#: serverguide/C/web-servers.xml:1025(command)
1212
#: serverguide/C/web-servers.xml:1044(command)
1204
1213
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
1205
1214
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/public"
1206
1215
1207
#: serverguide/C/web-servers.xml:1026(command)
1216
#: serverguide/C/web-servers.xml:1045(command)
1208
1217
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1209
1218
msgstr "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
1210
1219
1211
#: serverguide/C/web-servers.xml:1029(para)
1220
#: serverguide/C/web-servers.xml:1048(para)
1212
1221
msgid ""
1213
1222
"That's it! Now you have your Server ready for your <application>Ruby on "
1214
1223
"Rails</application> applications."
1215
1224
msgstr ""
1216
1225
1217
#: serverguide/C/web-servers.xml:1038(para)
1226
#: serverguide/C/web-servers.xml:1057(para)
1218
1227
msgid ""
1219
1228
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
1220
1229
"for more information."
1221
1230
msgstr ""
1222
1231
1223
#: serverguide/C/web-servers.xml:1043(para)
1232
#: serverguide/C/web-servers.xml:1062(para)
1224
1233
msgid ""
1225
1234
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
1226
1235
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
1227
1236
"resource."
1228
1237
msgstr ""
1229
1238
1230
#: serverguide/C/web-servers.xml:1049(para)
1239
#: serverguide/C/web-servers.xml:1068(para)
1231
1240
msgid ""
1232
1241
"Another place for more information is the <ulink "
1233
1242
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
1234
1243
"Wiki</ulink> page."
1235
1244
msgstr ""
1236
1245
1237
#: serverguide/C/web-servers.xml:1060(title)
1246
#: serverguide/C/web-servers.xml:1079(title)
1238
1247
msgid "Apache Tomcat"
1239
1248
msgstr "Apache Tomcat"
1240
1249
1241
#: serverguide/C/web-servers.xml:1061(para)
1250
#: serverguide/C/web-servers.xml:1080(para)
1242
1251
msgid ""
1243
1252
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
1244
1253
"JSP (Java Server Pages) web applications."
1245
1254
msgstr ""
1246
1255
1247
#: serverguide/C/web-servers.xml:1075(para)
1256
#: serverguide/C/web-servers.xml:1082(para)
1248
1257
msgid ""
1249
1258
"Ubuntu has supported packages for both Tomcat 6 and 7. Tomcat 6 is the "
1250
1259
"legacy version, and Tomcat 7 is the current version where new features are "
1252
1261
"but most configuration details are valid for both versions."
1253
1262
msgstr ""
1254
1263
1255
#: serverguide/C/web-servers.xml:1078(para)
1264
#: serverguide/C/web-servers.xml:1085(para)
1256
1265
msgid ""
1257
1266
"The Tomcat packages in Ubuntu support two different ways of running Tomcat. "
1258
1267
"You can install them as a classic unique system-wide instance, that will be "
1263
1272
"need to test on their own private Tomcat instances."
1264
1273
msgstr ""
1265
1274
1266
#: serverguide/C/web-servers.xml:1073(title)
1275
#: serverguide/C/web-servers.xml:1095(title)
1267
1276
msgid "System-wide installation"
1268
1277
msgstr "Installacion per tot lo sistèma"
1269
1278
1270
#: serverguide/C/web-servers.xml:1074(para)
1279
#: serverguide/C/web-servers.xml:1096(para)
1271
1280
msgid ""
1272
1281
"To install the Tomcat server, you can enter the following command in the "
1273
1282
"terminal prompt:"
1274
1283
msgstr ""
1275
1284
1276
#: serverguide/C/web-servers.xml:1092(command)
1285
#: serverguide/C/web-servers.xml:1099(command)
1277
1286
msgid "sudo apt-get install tomcat7"
1278
1287
msgstr ""
1279
1288
1280
#: serverguide/C/web-servers.xml:1079(para)
1289
#: serverguide/C/web-servers.xml:1101(para)
1281
1290
msgid ""
1282
1291
"This will install a Tomcat server with just a default ROOT webapp that "
1283
1292
"displays a minimal \"It works\" page by default."
1284
1293
msgstr ""
1285
1294
1286
#: serverguide/C/web-servers.xml:1100(para)
1295
#: serverguide/C/web-servers.xml:1107(para)
1287
1296
msgid ""
1288
1297
"Tomcat configuration files can be found in "
1289
1298
"<filename>/etc/tomcat7</filename>. Only a few common configuration tweaks "
1292
1301
"documentation</ulink> for more."
1293
1302
msgstr ""
1294
1303
1295
#: serverguide/C/web-servers.xml:1091(title)
1304
#: serverguide/C/web-servers.xml:1113(title)
1296
1305
msgid "Changing default ports"
1297
1306
msgstr "Modificacion dels pòrts per defaut"
1298
1307
1299
#: serverguide/C/web-servers.xml:1107(para)
1308
#: serverguide/C/web-servers.xml:1114(para)
1300
1309
msgid ""
1301
1310
"By default Tomcat runs a HTTP connector on port 8080 and an AJP connector on "
1302
1311
"port 8009. You might want to change those default ports to avoid conflict "
1304
1313
"following lines in <filename>/etc/tomcat7/server.xml</filename>:"
1305
1314
msgstr ""
1306
1315
1307
#: serverguide/C/web-servers.xml:1097(programlisting)
1316
#: serverguide/C/web-servers.xml:1119(programlisting)
1308
1317
#, no-wrap
1309
1318
msgid ""
1310
1319
"\n"
1323
1332
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
1324
1333
"/>\n"
1325
1334
1326
#: serverguide/C/web-servers.xml:1106(title)
1335
#: serverguide/C/web-servers.xml:1128(title)
1327
1336
msgid "Changing JVM used"
1328
1337
msgstr "Modificacion de la maquina virtuala Java utilizada"
1329
1338
1330
#: serverguide/C/web-servers.xml:1122(para)
1339
#: serverguide/C/web-servers.xml:1129(para)
1331
1340
msgid ""
1332
1341
"By default Tomcat will run preferably with OpenJDK JVMs, then try the Sun "
1333
1342
"JVMs, then try some other JVMs. You can force Tomcat to use a specific JVM "
1334
1343
"by setting JAVA_HOME in <filename>/etc/default/tomcat7</filename>:"
1335
1344
msgstr ""
1336
1345
1337
#: serverguide/C/web-servers.xml:1111(programlisting)
1346
#: serverguide/C/web-servers.xml:1133(programlisting)
1338
1347
#, no-wrap
1339
1348
msgid ""
1340
1349
"\n"
1343
1352
"\n"
1344
1353
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1345
1354
1346
#: serverguide/C/web-servers.xml:1116(title)
1355
#: serverguide/C/web-servers.xml:1138(title)
1347
1356
msgid "Declaring users and roles"
1348
1357
msgstr "Declaracion dels utilizaires e dels ròtles"
1349
1358
1350
#: serverguide/C/web-servers.xml:1132(para)
1359
#: serverguide/C/web-servers.xml:1139(para)
1351
1360
msgid ""
1352
1361
"Usernames, passwords and roles (groups) can be defined centrally in a "
1353
1362
"Servlet container. This is done in the <filename>/etc/tomcat7/tomcat-"
1354
1363
"users.xml</filename> file:"
1355
1364
msgstr ""
1356
1365
1357
#: serverguide/C/web-servers.xml:1120(programlisting)
1366
#: serverguide/C/web-servers.xml:1142(programlisting)
1358
1367
#, no-wrap
1359
1368
msgid ""
1360
1369
"\n"
1365
1374
"<role rolename=\"admin\"/>\n"
1366
1375
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1367
1376
1368
#: serverguide/C/web-servers.xml:1128(title)
1377
#: serverguide/C/web-servers.xml:1150(title)
1369
1378
msgid "Using Tomcat standard webapps"
1370
1379
msgstr "Utilizacions de las aplicacions Web estandardas de Tomcat"
1371
1380
1372
#: serverguide/C/web-servers.xml:1129(para)
1381
#: serverguide/C/web-servers.xml:1151(para)
1373
1382
msgid ""
1374
1383
"Tomcat is shipped with webapps that you can install for documentation, "
1375
1384
"administration or demo purposes."
1376
1385
msgstr ""
1377
1386
1378
#: serverguide/C/web-servers.xml:1132(title)
1387
#: serverguide/C/web-servers.xml:1154(title)
1379
1388
msgid "Tomcat documentation"
1380
1389
msgstr "Documentacion Tomcat"
1381
1390
1382
#: serverguide/C/web-servers.xml:1148(para)
1391
#: serverguide/C/web-servers.xml:1155(para)
1383
1392
msgid ""
1384
1393
"The <application>tomcat7-docs</application> package contains Tomcat "
1385
1394
"documentation, packaged as a webapp that you can access by default at "
1387
1396
"command in the terminal prompt:"
1388
1397
msgstr ""
1389
1398
1390
#: serverguide/C/web-servers.xml:1153(command)
1399
#: serverguide/C/web-servers.xml:1160(command)
1391
1400
msgid "sudo apt-get install tomcat7-docs"
1392
1401
msgstr ""
1393
1402
1394
#: serverguide/C/web-servers.xml:1142(title)
1403
#: serverguide/C/web-servers.xml:1164(title)
1395
1404
msgid "Tomcat administration webapps"
1396
1405
msgstr "Las aplicacions Web d'administracion per Tomcat"
1397
1406
1398
#: serverguide/C/web-servers.xml:1158(para)
1407
#: serverguide/C/web-servers.xml:1165(para)
1399
1408
msgid ""
1400
1409
"The <application>tomcat7-admin</application> package contains two webapps "
1401
1410
"that can be used to administer the Tomcat server using a web interface. You "
1402
1411
"can install them by entering the following command in the terminal prompt:"
1403
1412
msgstr ""
1404
1413
1405
#: serverguide/C/web-servers.xml:1163(command)
1414
#: serverguide/C/web-servers.xml:1170(command)
1406
1415
msgid "sudo apt-get install tomcat7-admin"
1407
1416
msgstr ""
1408
1417
1409
#: serverguide/C/web-servers.xml:1150(para)
1418
#: serverguide/C/web-servers.xml:1172(para)
1410
1419
msgid ""
1411
1420
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1412
1421
"access by default at http://yourserver:8080/manager/html. It is primarily "
1413
1422
"used to get server status and restart webapps."
1414
1423
msgstr ""
1415
1424
1416
#: serverguide/C/web-servers.xml:1168(para)
1425
#: serverguide/C/web-servers.xml:1175(para)
1417
1426
msgid ""
1418
1427
"Access to the <emphasis>manager</emphasis> application is protected by "
1419
1428
"default: you need to define a user with the role \"manager-gui\" in "
1420
1429
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1421
1430
msgstr ""
1422
1431
1423
#: serverguide/C/web-servers.xml:1157(para)
1432
#: serverguide/C/web-servers.xml:1179(para)
1424
1433
msgid ""
1425
1434
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1426
1435
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1427
1436
"used to create virtual hosts dynamically."
1428
1437
msgstr ""
1429
1438
1430
#: serverguide/C/web-servers.xml:1176(para)
1439
#: serverguide/C/web-servers.xml:1183(para)
1431
1440
msgid ""
1432
1441
"Access to the <emphasis>host-manager</emphasis> application is also "
1433
1442
"protected by default: you need to define a user with the role \"admin-gui\" "
1435
1444
"it."
1436
1445
msgstr ""
1437
1446
1438
#: serverguide/C/web-servers.xml:1181(para)
1447
#: serverguide/C/web-servers.xml:1188(para)
1439
1448
msgid ""
1440
1449
"For security reasons, the tomcat7 user cannot write to the "
1441
1450
"<filename>/etc/tomcat7</filename> directory by default. Some features in "
1444
1453
"the following, to give users in the tomcat7 group the necessary rights:"
1445
1454
msgstr ""
1446
1455
1447
#: serverguide/C/web-servers.xml:1188(command)
1456
#: serverguide/C/web-servers.xml:1195(command)
1448
1457
msgid "sudo chgrp -R tomcat7 /etc/tomcat7"
1449
1458
msgstr ""
1450
1459
1451
#: serverguide/C/web-servers.xml:1189(command)
1460
#: serverguide/C/web-servers.xml:1196(command)
1452
1461
msgid "sudo chmod -R g+w /etc/tomcat7"
1453
1462
msgstr ""
1454
1463
1455
#: serverguide/C/web-servers.xml:1179(title)
1464
#: serverguide/C/web-servers.xml:1201(title)
1456
1465
msgid "Tomcat examples webapps"
1457
1466
msgstr "Exemples d'aplicacions Web Tomcat"
1458
1467
1459
#: serverguide/C/web-servers.xml:1195(para)
1468
#: serverguide/C/web-servers.xml:1202(para)
1460
1469
msgid ""
1461
1470
"The <application>tomcat7-examples</application> package contains two webapps "
1462
1471
"that can be used to test or demonstrate Servlets and JSP features, which you "
1464
1473
"install them by entering the following command in the terminal prompt:"
1465
1474
msgstr ""
1466
1475
1467
#: serverguide/C/web-servers.xml:1201(command)
1476
#: serverguide/C/web-servers.xml:1208(command)
1468
1477
msgid "sudo apt-get install tomcat7-examples"
1469
1478
msgstr ""
1470
1479
1471
#: serverguide/C/web-servers.xml:1192(title)
1480
#: serverguide/C/web-servers.xml:1214(title)
1472
1481
msgid "Using private instances"
1473
1482
msgstr "Utilizacion de las instàncias privadas"
1474
1483
1475
#: serverguide/C/web-servers.xml:1208(para)
1484
#: serverguide/C/web-servers.xml:1215(para)
1476
1485
msgid ""
1477
1486
"Tomcat is heavily used in development and testing scenarios where using a "
1478
1487
"single system-wide instance doesn't meet the requirements of multiple users "
1482
1491
"system-installed libraries."
1483
1492
msgstr ""
1484
1493
1485
#: serverguide/C/web-servers.xml:1200(para)
1494
#: serverguide/C/web-servers.xml:1222(para)
1486
1495
msgid ""
1487
1496
"It is possible to run the system-wide instance and the private instances in "
1488
1497
"parallel, as long as they do not use the same TCP ports."
1489
1498
msgstr ""
1490
1499
1491
#: serverguide/C/web-servers.xml:1204(title)
1500
#: serverguide/C/web-servers.xml:1226(title)
1492
1501
msgid "Installing private instance support"
1493
1502
msgstr "Installacion de la gestion de las instaàncias privadas"
1494
1503
1495
#: serverguide/C/web-servers.xml:1205(para)
1504
#: serverguide/C/web-servers.xml:1227(para)
1496
1505
msgid ""
1497
1506
"You can install everything necessary to run private instances by entering "
1498
1507
"the following command in the terminal prompt:"
1499
1508
msgstr ""
1500
1509
1501
#: serverguide/C/web-servers.xml:1223(command)
1510
#: serverguide/C/web-servers.xml:1230(command)
1502
1511
msgid "sudo apt-get install tomcat7-user"
1503
1512
msgstr ""
1504
1513
1505
#: serverguide/C/web-servers.xml:1212(title)
1514
#: serverguide/C/web-servers.xml:1234(title)
1506
1515
msgid "Creating a private instance"
1507
1516
msgstr "Creacion d'una instància privada"
1508
1517
1509
#: serverguide/C/web-servers.xml:1213(para)
1518
#: serverguide/C/web-servers.xml:1235(para)
1510
1519
msgid ""
1511
1520
"You can create a private instance directory by entering the following "
1512
1521
"command in the terminal prompt:"
1513
1522
msgstr ""
1514
1523
1515
#: serverguide/C/web-servers.xml:1231(command)
1524
#: serverguide/C/web-servers.xml:1238(command)
1516
1525
msgid "tomcat7-instance-create my-instance"
1517
1526
msgstr ""
1518
1527
1519
#: serverguide/C/web-servers.xml:1218(para)
1528
#: serverguide/C/web-servers.xml:1240(para)
1520
1529
msgid ""
1521
1530
"This will create a new <filename>my-instance</filename> directory with all "
1522
1531
"the necessary subdirectories and scripts. You can for example install your "
1525
1534
"are deployed by default."
1526
1535
msgstr ""
1527
1536
1528
#: serverguide/C/web-servers.xml:1226(title)
1537
#: serverguide/C/web-servers.xml:1248(title)
1529
1538
msgid "Configuring your private instance"
1530
1539
msgstr "Configuracion de vòstra instància privada"
1531
1540
1532
#: serverguide/C/web-servers.xml:1227(para)
1541
#: serverguide/C/web-servers.xml:1249(para)
1533
1542
msgid ""
1534
1543
"You will find the classic Tomcat configuration files for your private "
1535
1544
"instance in the <filename>conf/</filename> subdirectory. You should for "
1538
1547
"conflict with other instances that might be running."
1539
1548
msgstr ""
1540
1549
1541
#: serverguide/C/web-servers.xml:1235(title)
1550
#: serverguide/C/web-servers.xml:1257(title)
1542
1551
msgid "Starting/stopping your private instance"
1543
1552
msgstr ""
1544
1553
1545
#: serverguide/C/web-servers.xml:1236(para)
1554
#: serverguide/C/web-servers.xml:1258(para)
1546
1555
msgid ""
1547
1556
"You can start your private instance by entering the following command in the "
1548
1557
"terminal prompt (supposing your instance is located in the <filename>my-"
1549
1558
"instance</filename> directory):"
1550
1559
msgstr ""
1551
1560
1552
#: serverguide/C/web-servers.xml:1240(command)
1561
#: serverguide/C/web-servers.xml:1262(command)
1553
1562
msgid "my-instance/bin/startup.sh"
1554
1563
msgstr "my-instance/bin/startup.sh"
1555
1564
1556
#: serverguide/C/web-servers.xml:1242(para)
1565
#: serverguide/C/web-servers.xml:1264(para)
1557
1566
msgid ""
1558
1567
"You should check the <filename>logs/</filename> subdirectory for any error. "
1559
1568
"If you have a <emphasis>java.net.BindException: Address already in "
1561
1570
"is already taken and that you should change it."
1562
1571
msgstr ""
1563
1572
1564
#: serverguide/C/web-servers.xml:1247(para)
1573
#: serverguide/C/web-servers.xml:1269(para)
1565
1574
msgid ""
1566
1575
"You can stop your instance by entering the following command in the terminal "
1567
1576
"prompt (supposing your instance is located in the <filename>my-"
1568
1577
"instance</filename> directory):"
1569
1578
msgstr ""
1570
1579
1571
#: serverguide/C/web-servers.xml:1251(command)
1580
#: serverguide/C/web-servers.xml:1273(command)
1572
1581
msgid "my-instance/bin/shutdown.sh"
1573
1582
msgstr "my-instance/bin/shutdown.sh"
1574
1583
1575
#: serverguide/C/web-servers.xml:1260(para)
1584
#: serverguide/C/web-servers.xml:1282(para)
1576
1585
msgid ""
1577
1586
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
1578
1587
"website for more information."
1579
1588
msgstr ""
1580
1589
1581
#: serverguide/C/web-servers.xml:1280(para)
1590
#: serverguide/C/web-servers.xml:1287(para)
1582
1591
msgid ""
1583
1592
"<ulink url=\"http://shop.oreilly.com/product/9780596003180.do\">Tomcat: The "
1584
1593
"Definitive Guide</ulink> is a good resource for building web applications "
1585
1594
"with Tomcat."
1586
1595
msgstr ""
1587
1596
1588
#: serverguide/C/web-servers.xml:1271(para)
1597
#: serverguide/C/web-servers.xml:1293(para)
1589
1598
msgid ""
1590
1599
"For additional books see the <ulink "
1591
1600
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
1716
1725
"\n"
1717
1726
msgstr ""
1718
1727
1719
#: serverguide/C/vpn.xml:90(para)
1728
#: serverguide/C/vpn.xml:94(para)
1720
1729
msgid ""
1721
1730
"Enter the following to generate the master Certificate Authority (CA) "
1722
1731
"certificate and key:"
1723
1732
msgstr ""
1724
1733
1725
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1734
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1726
1735
msgid "cd /etc/openvpn/easy-rsa/"
1727
1736
msgstr ""
1728
1737
1729
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1738
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1730
1739
msgid "source vars"
1731
1740
msgstr ""
1732
1741
1733
#: serverguide/C/vpn.xml:97(command)
1742
#: serverguide/C/vpn.xml:101(command)
1734
1743
msgid "./clean-all"
1735
1744
msgstr ""
1736
1745
1737
#: serverguide/C/vpn.xml:98(command)
1746
#: serverguide/C/vpn.xml:102(command)
1738
1747
msgid "./build-ca"
1739
1748
msgstr ""
1740
1749
1741
#: serverguide/C/vpn.xml:103(title)
1750
#: serverguide/C/vpn.xml:107(title)
1742
1751
msgid "Server Certificates"
1743
1752
msgstr ""
1744
1753
1745
#: serverguide/C/vpn.xml:105(para)
1754
#: serverguide/C/vpn.xml:109(para)
1746
1755
msgid "Next, we will generate a certificate and private key for the server:"
1747
1756
msgstr ""
1748
1757
1749
#: serverguide/C/vpn.xml:110(command)
1758
#: serverguide/C/vpn.xml:114(command)
1750
1759
msgid "./build-key-server myservername"
1751
1760
msgstr ""
1752
1761
1753
#: serverguide/C/vpn.xml:113(para)
1762
#: serverguide/C/vpn.xml:117(para)
1754
1763
msgid ""
1755
1764
"As in the previous step, most parameters can be defaulted. Two other queries "
1756
1765
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1757
1766
"certificate requests certified, commit? [y/n]\"."
1758
1767
msgstr ""
1759
1768
1760
#: serverguide/C/vpn.xml:117(para)
1769
#: serverguide/C/vpn.xml:121(para)
1761
1770
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1762
1771
msgstr ""
1763
1772
1764
#: serverguide/C/vpn.xml:122(command)
1773
#: serverguide/C/vpn.xml:126(command)
1765
1774
msgid "./build-dh"
1766
1775
msgstr ""
1767
1776
1768
#: serverguide/C/vpn.xml:125(para)
1777
#: serverguide/C/vpn.xml:129(para)
1769
1778
msgid ""
1770
1779
"All certificates and keys have been generated in the subdirectory keys/. "
1771
1780
"Common practice is to copy them to /etc/openvpn/:"
1772
1781
msgstr ""
1773
1782
1774
#: serverguide/C/vpn.xml:129(command)
1783
#: serverguide/C/vpn.xml:133(command)
1775
1784
msgid "cd keys/"
1776
1785
msgstr ""
1777
1786
1779
1788
msgid "cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/"
1780
1789
msgstr ""
1781
1790
1782
#: serverguide/C/vpn.xml:135(title)
1791
#: serverguide/C/vpn.xml:139(title)
1783
1792
msgid "Client Certificates"
1784
1793
msgstr ""
1785
1794
1786
#: serverguide/C/vpn.xml:137(para)
1795
#: serverguide/C/vpn.xml:141(para)
1787
1796
msgid ""
1788
1797
"The VPN client will also need a certificate to authenticate itself to the "
1789
1798
"server. Usually you create a different certificate for each client. To "
1791
1800
"root:"
1792
1801
msgstr ""
1793
1802
1794
#: serverguide/C/vpn.xml:145(command)
1803
#: serverguide/C/vpn.xml:149(command)
1795
1804
msgid "./build-key client1"
1796
1805
msgstr ""
1797
1806
1798
#: serverguide/C/vpn.xml:148(para)
1807
#: serverguide/C/vpn.xml:152(para)
1799
1808
msgid "Copy the following files to the client using a secure method:"
1800
1809
msgstr ""
1801
1810
1802
#: serverguide/C/vpn.xml:153(para)
1811
#: serverguide/C/vpn.xml:157(para)
1803
1812
msgid "/etc/openvpn/ca.crt"
1804
1813
msgstr ""
1805
1814
1806
#: serverguide/C/vpn.xml:154(para)
1815
#: serverguide/C/vpn.xml:158(para)
1807
1816
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1808
1817
msgstr ""
1809
1818
1810
#: serverguide/C/vpn.xml:155(para)
1819
#: serverguide/C/vpn.xml:159(para)
1811
1820
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1812
1821
msgstr ""
1813
1822
1814
#: serverguide/C/vpn.xml:158(para)
1823
#: serverguide/C/vpn.xml:162(para)
1815
1824
msgid ""
1816
1825
"As the client certificates and keys are only required on the client machine, "
1817
1826
"you should remove them from the server."
1818
1827
msgstr ""
1819
1828
1820
#: serverguide/C/vpn.xml:166(title)
1829
#: serverguide/C/vpn.xml:170(title)
1821
1830
msgid "Simple Server Configuration"
1822
1831
msgstr ""
1823
1832
1824
#: serverguide/C/vpn.xml:168(para)
1833
#: serverguide/C/vpn.xml:172(para)
1825
1834
msgid ""
1826
1835
"Along with your <application>OpenVPN</application> installation you got "
1827
1836
"these sample config files (and many more if if you check):"
1828
1837
msgstr ""
1829
1838
1830
#: serverguide/C/vpn.xml:172(programlisting)
1839
#: serverguide/C/vpn.xml:176(programlisting)
1831
1840
#, no-wrap
1832
1841
msgid ""
1833
1842
"\n"
1837
1846
"-rw-r--r-- 1 root root 4141 2011-07-04 15:09 server.conf.gz\n"
1838
1847
msgstr ""
1839
1848
1840
#: serverguide/C/vpn.xml:179(para)
1849
#: serverguide/C/vpn.xml:183(para)
1841
1850
msgid ""
1842
1851
"Start with copying and unpacking server.conf.gz to /etc/openvpn/server.conf."
1843
1852
msgstr ""
1844
1853
1845
#: serverguide/C/vpn.xml:183(command)
1854
#: serverguide/C/vpn.xml:187(command)
1846
1855
msgid ""
1847
1856
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
1848
1857
"/etc/openvpn/"
1849
1858
msgstr ""
1850
1859
1851
#: serverguide/C/vpn.xml:184(command)
1860
#: serverguide/C/vpn.xml:188(command)
1852
1861
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
1853
1862
msgstr ""
1854
1863
1855
#: serverguide/C/vpn.xml:187(para)
1864
#: serverguide/C/vpn.xml:191(para)
1856
1865
msgid ""
1857
1866
"Edit <filename>/etc/openvpn/server.conf</filename> to make sure the "
1858
1867
"following lines are pointing to the certificates and keys you created in the "
1890
1899
msgid "sudo sysctl -p /etc/sysctl.conf"
1891
1900
msgstr ""
1892
1901
1893
#: serverguide/C/vpn.xml:197(para)
1902
#: serverguide/C/vpn.xml:214(para)
1894
1903
msgid ""
1895
1904
"That is the minimum you have to configure to get a working OpenVPN server. "
1896
1905
"You can use all the default settings in the sample server.conf file. Now "
1906
1915
" * Autostarting VPN 'server' [ OK ]\n"
1907
1916
msgstr ""
1908
1917
1909
#: serverguide/C/vpn.xml:208(para)
1918
#: serverguide/C/vpn.xml:225(para)
1910
1919
msgid "Now check if OpenVPN created a tun0 interface:"
1911
1920
msgstr ""
1912
1921
1913
#: serverguide/C/vpn.xml:212(programlisting)
1922
#: serverguide/C/vpn.xml:229(programlisting)
1914
1923
#, no-wrap
1915
1924
msgid ""
1916
1925
"\n"
1922
1931
"[...]\n"
1923
1932
msgstr ""
1924
1933
1925
#: serverguide/C/vpn.xml:222(title)
1934
#: serverguide/C/vpn.xml:239(title)
1926
1935
msgid "Simple Client Configuration"
1927
1936
msgstr ""
1928
1937
1929
#: serverguide/C/vpn.xml:224(para)
1938
#: serverguide/C/vpn.xml:241(para)
1930
1939
msgid ""
1931
1940
"There are various different <application>OpenVPN</application> client "
1932
1941
"implementations with and without GUIs. You can read more about clients in a "
1935
1944
"install the openvpn package again on the client machine:"
1936
1945
msgstr ""
1937
1946
1938
#: serverguide/C/vpn.xml:35(command) serverguide/C/vpn.xml:231(command) serverguide/C/vpn.xml:589(command)
1947
#: serverguide/C/vpn.xml:248(command) serverguide/C/vpn.xml:616(command)
1939
1948
msgid "sudo apt-get install openvpn"
1940
1949
msgstr ""
1941
1950
1942
#: serverguide/C/vpn.xml:234(para)
1951
#: serverguide/C/vpn.xml:251(para)
1943
1952
msgid "This time copy the client.conf sample config file to /etc/openvpn/."
1944
1953
msgstr ""
1945
1954
1946
#: serverguide/C/vpn.xml:238(command)
1955
#: serverguide/C/vpn.xml:255(command)
1947
1956
msgid ""
1948
1957
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
1949
1958
"/etc/openvpn/"
1950
1959
msgstr ""
1951
1960
1952
#: serverguide/C/vpn.xml:241(para)
1961
#: serverguide/C/vpn.xml:258(para)
1953
1962
msgid ""
1954
1963
"Copy the client keys and the certificate of the CA you created in the "
1955
1964
"section above to e.g. /etc/openvpn/ and edit "
1958
1967
"you can omit the path."
1959
1968
msgstr ""
1960
1969
1961
#: serverguide/C/vpn.xml:244(programlisting)
1970
#: serverguide/C/vpn.xml:261(programlisting) serverguide/C/vpn.xml:281(programlisting)
1962
1971
#, no-wrap
1963
1972
msgid ""
1964
1973
"\n"
1967
1976
"key client1.key\n"
1968
1977
msgstr ""
1969
1978
1970
#: serverguide/C/vpn.xml:250(para)
1979
#: serverguide/C/vpn.xml:267(para)
1971
1980
msgid ""
1972
1981
"And you have to at least specify the OpenVPN server name or address. Make "
1973
1982
"sure the keyword client is in the config. That's what enables client mode."
1974
1983
msgstr ""
1975
1984
1976
#: serverguide/C/vpn.xml:256(programlisting)
1985
#: serverguide/C/vpn.xml:273(programlisting)
1977
1986
#, no-wrap
1978
1987
msgid ""
1979
1988
"\n"
1986
1995
"Also, make sure you specify the keyfile names you copied from the server"
1987
1996
msgstr ""
1988
1997
1989
#: serverguide/C/vpn.xml:261(para)
1998
#: serverguide/C/vpn.xml:286(para)
1990
1999
msgid "Now start the OpenVPN client:"
1991
2000
msgstr ""
1992
2001
1999
2008
" * Autostarting VPN 'client' [ OK ] \n"
2000
2009
msgstr ""
2001
2010
2002
#: serverguide/C/vpn.xml:271(para)
2011
#: serverguide/C/vpn.xml:296(para)
2003
2012
msgid "Check if it created a tun0 interface:"
2004
2013
msgstr ""
2005
2014
2006
#: serverguide/C/vpn.xml:275(programlisting)
2015
#: serverguide/C/vpn.xml:300(programlisting)
2007
2016
#, no-wrap
2008
2017
msgid ""
2009
2018
"\n"
2014
2023
" UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1\n"
2015
2024
msgstr ""
2016
2025
2017
#: serverguide/C/vpn.xml:282(para)
2026
#: serverguide/C/vpn.xml:307(para)
2018
2027
msgid "Check if you can ping the OpenVPN server:"
2019
2028
msgstr ""
2020
2029
2021
#: serverguide/C/vpn.xml:285(programlisting)
2030
#: serverguide/C/vpn.xml:310(programlisting)
2022
2031
#, no-wrap
2023
2032
msgid ""
2024
2033
"\n"
2027
2036
"64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.920 ms\n"
2028
2037
msgstr ""
2029
2038
2030
#: serverguide/C/vpn.xml:292(para)
2039
#: serverguide/C/vpn.xml:317(para)
2031
2040
msgid ""
2032
2041
"The OpenVPN server always uses the first usable IP address in the client "
2033
2042
"network and only that IP is pingable. E.g. if you configured a /24 for the "
2035
2044
"in the ifconfig output above is usually not answering ping requests."
2036
2045
msgstr ""
2037
2046
2038
#: serverguide/C/vpn.xml:297(para)
2047
#: serverguide/C/vpn.xml:322(para)
2039
2048
msgid "Check out your routes:"
2040
2049
msgstr ""
2041
2050
2042
#: serverguide/C/vpn.xml:300(programlisting)
2051
#: serverguide/C/vpn.xml:325(programlisting)
2043
2052
#, no-wrap
2044
2053
msgid ""
2045
2054
"\n"
2057
2066
"eth0\n"
2058
2067
msgstr ""
2059
2068
2060
#: serverguide/C/vpn.xml:312(title)
2069
#: serverguide/C/vpn.xml:337(title)
2061
2070
msgid "First trouble shooting"
2062
2071
msgstr ""
2063
2072
2064
#: serverguide/C/vpn.xml:314(para)
2073
#: serverguide/C/vpn.xml:339(para)
2065
2074
msgid "If the above didn't work for you, check this:"
2066
2075
msgstr ""
2067
2076
2068
#: serverguide/C/vpn.xml:319(para)
2077
#: serverguide/C/vpn.xml:344(para)
2069
2078
msgid "Check your syslog, e.g. grep -i vpn /var/log/syslog"
2070
2079
msgstr ""
2071
2080
2075
2084
"server.conf."
2076
2085
msgstr ""
2077
2086
2078
#: serverguide/C/vpn.xml:322(para)
2087
#: serverguide/C/vpn.xml:350(para)
2079
2088
msgid ""
2080
2089
"Can the client connect to the server machine? Maybe a firewall is blocking "
2081
2090
"access? Check syslog on server."
2082
2091
msgstr ""
2083
2092
2084
#: serverguide/C/vpn.xml:325(para)
2093
#: serverguide/C/vpn.xml:353(para)
2085
2094
msgid ""
2086
2095
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2087
2096
"port and proto config option"
2088
2097
msgstr ""
2089
2098
2090
#: serverguide/C/vpn.xml:328(para)
2099
#: serverguide/C/vpn.xml:356(para)
2091
2100
msgid ""
2092
2101
"Client and server must use same config regarding compression, see comp-lzo "
2093
2102
"config option"
2094
2103
msgstr ""
2095
2104
2096
#: serverguide/C/vpn.xml:331(para)
2105
#: serverguide/C/vpn.xml:359(para)
2097
2106
msgid ""
2098
2107
"Client and server must use same config regarding bridged vs routed mode, see "
2099
2108
"server vs server-bridge config option"
2100
2109
msgstr ""
2101
2110
2102
#: serverguide/C/databases.xml:168(title)
2111
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2103
2112
msgid "Advanced configuration"
2104
2113
msgstr ""
2105
2114
2106
#: serverguide/C/vpn.xml:342(title)
2115
#: serverguide/C/vpn.xml:369(title)
2107
2116
msgid "Advanced routed VPN configuration on server"
2108
2117
msgstr ""
2109
2118
2110
#: serverguide/C/vpn.xml:344(para)
2119
#: serverguide/C/vpn.xml:371(para)
2111
2120
msgid ""
2112
2121
"The above is a very simple working VPN. The client can access services on "
2113
2122
"the VPN server machine through an encrypted tunnel. If you want to reach "
2118
2127
"route to the VPN client-network."
2119
2128
msgstr ""
2120
2129
2121
#: serverguide/C/vpn.xml:348(para)
2130
#: serverguide/C/vpn.xml:375(para)
2122
2131
msgid ""
2123
2132
"Or you might push a default gateway to all the clients to send all their "
2124
2133
"internet traffic to the VPN gateway first and from there via the company "
2125
2134
"firewall into the internet. This section shows you some possible options."
2126
2135
msgstr ""
2127
2136
2128
#: serverguide/C/vpn.xml:352(para)
2137
#: serverguide/C/vpn.xml:379(para)
2129
2138
msgid ""
2130
2139
"Push routes to the client to allow it to reach other private subnets behind "
2131
2140
"the server. Remember that these private subnets will also need to know to "
2133
2142
"server."
2134
2143
msgstr ""
2135
2144
2136
#: serverguide/C/vpn.xml:361(programlisting)
2145
#: serverguide/C/vpn.xml:388(programlisting)
2137
2146
#, no-wrap
2138
2147
msgid ""
2139
2148
"\n"
2149
2158
"internet in order for this to work properly)."
2150
2159
msgstr ""
2151
2160
2152
#: serverguide/C/vpn.xml:374(programlisting)
2161
#: serverguide/C/vpn.xml:401(programlisting)
2153
2162
#, no-wrap
2154
2163
msgid ""
2155
2164
"\n"
2156
2165
"push \"redirect-gateway def1 bypass-dhcp\"\n"
2157
2166
msgstr ""
2158
2167
2159
#: serverguide/C/vpn.xml:378(para)
2168
#: serverguide/C/vpn.xml:405(para)
2160
2169
msgid ""
2161
2170
"Configure server mode and supply a VPN subnet for OpenVPN to draw client "
2162
2171
"addresses from. The server will take 10.8.0.1 for itself, the rest will be "
2164
2173
"10.8.0.1. Comment this line out if you are ethernet bridging."
2165
2174
msgstr ""
2166
2175
2167
#: serverguide/C/vpn.xml:387(programlisting)
2176
#: serverguide/C/vpn.xml:414(programlisting)
2168
2177
#, no-wrap
2169
2178
msgid ""
2170
2179
"\n"
2171
2180
"server 10.8.0.0 255.255.255.0\n"
2172
2181
msgstr ""
2173
2182
2174
#: serverguide/C/vpn.xml:391(para)
2183
#: serverguide/C/vpn.xml:418(para)
2175
2184
msgid ""
2176
2185
"Maintain a record of client to virtual IP address associations in this file. "
2177
2186
"If OpenVPN goes down or is restarted, reconnecting clients can be assigned "
2178
2187
"the same virtual IP address from the pool that was previously assigned."
2179
2188
msgstr ""
2180
2189
2181
#: serverguide/C/vpn.xml:398(programlisting)
2190
#: serverguide/C/vpn.xml:425(programlisting)
2182
2191
#, no-wrap
2183
2192
msgid ""
2184
2193
"\n"
2185
2194
"ifconfig-pool-persist ipp.txt\n"
2186
2195
msgstr ""
2187
2196
2188
#: serverguide/C/vpn.xml:402(para)
2197
#: serverguide/C/vpn.xml:429(para)
2189
2198
msgid "Push DNS servers to the client."
2190
2199
msgstr ""
2191
2200
2192
#: serverguide/C/vpn.xml:405(programlisting)
2201
#: serverguide/C/vpn.xml:432(programlisting)
2193
2202
#, no-wrap
2194
2203
msgid ""
2195
2204
"\n"
2197
2206
"push \"dhcp-option DNS 10.1.0.2\"\n"
2198
2207
msgstr ""
2199
2208
2200
#: serverguide/C/vpn.xml:410(para)
2209
#: serverguide/C/vpn.xml:437(para)
2201
2210
msgid "Allow client to client communication."
2202
2211
msgstr ""
2203
2212
2204
#: serverguide/C/vpn.xml:413(programlisting)
2213
#: serverguide/C/vpn.xml:440(programlisting)
2205
2214
#, no-wrap
2206
2215
msgid ""
2207
2216
"\n"
2208
2217
"client-to-client\n"
2209
2218
msgstr ""
2210
2219
2211
#: serverguide/C/vpn.xml:417(para)
2220
#: serverguide/C/vpn.xml:444(para)
2212
2221
msgid "Enable compression on the VPN link."
2213
2222
msgstr ""
2214
2223
2215
#: serverguide/C/vpn.xml:420(programlisting)
2224
#: serverguide/C/vpn.xml:447(programlisting)
2216
2225
#, no-wrap
2217
2226
msgid ""
2218
2227
"\n"
2219
2228
"comp-lzo\n"
2220
2229
msgstr ""
2221
2230
2222
#: serverguide/C/vpn.xml:424(para)
2231
#: serverguide/C/vpn.xml:451(para)
2223
2232
msgid ""
2224
"The keepalive directive causes ping-like messages to be sent back and forth "
2225
"over the link so that each side knows when the other side has gone down. "
2226
"Ping every 1 second, assume that remote peer is down if no ping received "
2227
"during a 3 second time period."
2233
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2234
"sent back and forth over the link so that each side knows when the other "
2235
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2236
"no ping received during a 3 second time period."
2228
2237
msgstr ""
2229
2238
2230
#: serverguide/C/vpn.xml:433(programlisting)
2239
#: serverguide/C/vpn.xml:460(programlisting)
2231
2240
#, no-wrap
2232
2241
msgid ""
2233
2242
"\n"
2234
2243
"keepalive 1 3\n"
2235
2244
msgstr ""
2236
2245
2237
#: serverguide/C/vpn.xml:437(para)
2246
#: serverguide/C/vpn.xml:464(para)
2238
2247
msgid ""
2239
2248
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2240
2249
"initialization."
2241
2250
msgstr ""
2242
2251
2243
#: serverguide/C/vpn.xml:440(programlisting)
2252
#: serverguide/C/vpn.xml:467(programlisting)
2244
2253
#, no-wrap
2245
2254
msgid ""
2246
2255
"\n"
2248
2257
"group nogroup\n"
2249
2258
msgstr ""
2250
2259
2251
#: serverguide/C/vpn.xml:445(para)
2260
#: serverguide/C/vpn.xml:472(para)
2252
2261
msgid ""
2253
2262
"OpenVPN 2.0 includes a feature that allows the OpenVPN server to securely "
2254
2263
"obtain a username and password from a connecting client, and to use that "
2258
2267
"username/password, passing it on to the server over the secure TLS channel."
2259
2268
msgstr ""
2260
2269
2261
#: serverguide/C/vpn.xml:449(programlisting)
2270
#: serverguide/C/vpn.xml:476(programlisting)
2262
2271
#, no-wrap
2263
2272
msgid ""
2264
2273
"\n"
2266
2275
"auth-user-pass\n"
2267
2276
msgstr ""
2268
2277
2269
#: serverguide/C/vpn.xml:454(para)
2278
#: serverguide/C/vpn.xml:481(para)
2270
2279
msgid ""
2271
2280
"This will tell the OpenVPN server to validate the username/password entered "
2272
2281
"by clients using the login PAM module. Useful if you have centralized "
2280
2289
"plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login\n"
2281
2290
msgstr ""
2282
2291
2283
#: serverguide/C/vpn.xml:463(para)
2292
#: serverguide/C/vpn.xml:490(para)
2284
2293
msgid ""
2285
2294
"Please read the OpenVPN <ulink url=\"http://openvpn.net/index.php/open-"
2286
2295
"source/documentation/howto.html#security\">hardening security guide</ulink> "
2287
2296
"for further security advice."
2288
2297
msgstr ""
2289
2298
2290
#: serverguide/C/vpn.xml:469(title)
2299
#: serverguide/C/vpn.xml:496(title)
2291
2300
msgid "Advanced bridged VPN configuration on server"
2292
2301
msgstr ""
2293
2302
2294
#: serverguide/C/vpn.xml:471(para)
2303
#: serverguide/C/vpn.xml:498(para)
2295
2304
msgid ""
2296
2305
"<application>OpenVPN</application> can be setup for either a routed or a "
2297
2306
"bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus "
2303
2312
"be filtered."
2304
2313
msgstr ""
2305
2314
2306
#: serverguide/C/vpn.xml:477(title)
2315
#: serverguide/C/vpn.xml:504(title)
2307
2316
msgid "Prepare interface config for bridging on server"
2308
2317
msgstr ""
2309
2318
2310
#: serverguide/C/vpn.xml:479(para)
2319
#: serverguide/C/vpn.xml:506(para)
2311
2320
msgid "Make sure you have the bridge-utils package installed:"
2312
2321
msgstr ""
2313
2322
2314
#: serverguide/C/vpn.xml:483(command) serverguide/C/virtualization.xml:2188(command) serverguide/C/network-config.xml:538(command)
2323
#: serverguide/C/vpn.xml:510(command) serverguide/C/network-config.xml:542(command)
2315
2324
msgid "sudo apt-get install bridge-utils"
2316
2325
msgstr ""
2317
2326
2318
#: serverguide/C/vpn.xml:486(para)
2327
#: serverguide/C/vpn.xml:513(para)
2319
2328
msgid ""
2320
2329
"Before you setup OpenVPN in bridged mode you need to change your interface "
2321
2330
"configuration. Let's assume your server has an interface eth0 connected to "
2323
2332
"Your /etc/network/interfaces would like this:"
2324
2333
msgstr ""
2325
2334
2326
#: serverguide/C/vpn.xml:490(programlisting)
2335
#: serverguide/C/vpn.xml:517(programlisting)
2327
2336
#, no-wrap
2328
2337
msgid ""
2329
2338
"\n"
2339
2348
" netmask 255.255.255.0\n"
2340
2349
msgstr ""
2341
2350
2342
#: serverguide/C/vpn.xml:503(para)
2351
#: serverguide/C/vpn.xml:530(para)
2343
2352
msgid ""
2344
2353
"This straight forward interface config needs to be changed into a bridged "
2345
2354
"mode like where the config of interface eth1 moves to the new br0 interface. "
2348
2357
"interface to forward all ethernet frames to the IP stack."
2349
2358
msgstr ""
2350
2359
2351
#: serverguide/C/vpn.xml:507(programlisting)
2360
#: serverguide/C/vpn.xml:534(programlisting)
2352
2361
#, no-wrap
2353
2362
msgid ""
2354
2363
"\n"
2380
2389
msgid "sudo ifdown eth1 && sudo ifup -a"
2381
2390
msgstr ""
2382
2391
2383
#: serverguide/C/vpn.xml:534(title)
2392
#: serverguide/C/vpn.xml:561(title)
2384
2393
msgid "Prepare server config for bridging"
2385
2394
msgstr ""
2386
2395
2387
#: serverguide/C/vpn.xml:536(para)
2396
#: serverguide/C/vpn.xml:563(para)
2388
2397
msgid ""
2389
2398
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
2390
2399
"options to:"
2391
2400
msgstr ""
2392
2401
2393
#: serverguide/C/vpn.xml:540(programlisting)
2402
#: serverguide/C/vpn.xml:567(programlisting)
2394
2403
#, no-wrap
2395
2404
msgid ""
2396
2405
"\n"
2401
2410
"server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254\n"
2402
2411
msgstr ""
2403
2412
2404
#: serverguide/C/vpn.xml:548(para)
2413
#: serverguide/C/vpn.xml:575(para)
2405
2414
msgid ""
2406
2415
"Next, create a helper script to add the <emphasis>tap</emphasis> interface "
2407
2416
"to the bridge and to ensure that eth1 is promiscuous mode. Create "
2408
2417
"<filename>/etc/openvpn/up.sh</filename>:"
2409
2418
msgstr ""
2410
2419
2411
#: serverguide/C/vpn.xml:552(programlisting)
2420
#: serverguide/C/vpn.xml:579(programlisting)
2412
2421
#, no-wrap
2413
2422
msgid ""
2414
2423
"\n"
2423
2432
"/sbin/brctl addif $BR $TAPDEV\n"
2424
2433
msgstr ""
2425
2434
2426
#: serverguide/C/vpn.xml:564(para)
2435
#: serverguide/C/vpn.xml:591(para)
2427
2436
msgid "Then make it executable:"
2428
2437
msgstr ""
2429
2438
2430
#: serverguide/C/vpn.xml:569(command)
2439
#: serverguide/C/vpn.xml:596(command)
2431
2440
msgid "sudo chmod 755 /etc/openvpn/up.sh"
2432
2441
msgstr ""
2433
2442
2434
#: serverguide/C/vpn.xml:572(para)
2443
#: serverguide/C/vpn.xml:599(para)
2435
2444
msgid ""
2436
2445
"After configuring the server, restart <application>openvpn</application> by "
2437
2446
"entering:"
2441
2450
msgid "sudo service openvpn restart"
2442
2451
msgstr ""
2443
2452
2444
#: serverguide/C/vpn.xml:582(title)
2453
#: serverguide/C/vpn.xml:609(title)
2445
2454
msgid "Client Configuration"
2446
2455
msgstr ""
2447
2456
2448
#: serverguide/C/vpn.xml:584(para)
2457
#: serverguide/C/vpn.xml:611(para)
2449
2458
msgid "First, install <application>openvpn</application> on the client:"
2450
2459
msgstr ""
2451
2460
2452
#: serverguide/C/vpn.xml:592(para)
2461
#: serverguide/C/vpn.xml:619(para)
2453
2462
msgid ""
2454
2463
"Then with the server configured and the client certificates copied to the "
2455
2464
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
2456
2465
"file by copying the example. In a terminal on the client machine enter:"
2457
2466
msgstr ""
2458
2467
2459
#: serverguide/C/vpn.xml:598(command)
2468
#: serverguide/C/vpn.xml:625(command)
2460
2469
msgid ""
2461
2470
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
2462
2471
"/etc/openvpn"
2463
2472
msgstr ""
2464
2473
2465
#: serverguide/C/vpn.xml:601(para)
2474
#: serverguide/C/vpn.xml:628(para)
2466
2475
msgid ""
2467
2476
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
2468
2477
"following options:"
2479
2488
"key client1.key\n"
2480
2489
msgstr ""
2481
2490
2482
#: serverguide/C/vpn.xml:610(para)
2491
#: serverguide/C/vpn.xml:640(para)
2483
2492
msgid "Finally, restart <application>openvpn</application>:"
2484
2493
msgstr ""
2485
2494
2486
#: serverguide/C/vpn.xml:618(para)
2495
#: serverguide/C/vpn.xml:648(para)
2487
2496
msgid "You should now be able to connect to the remote LAN through the VPN."
2488
2497
msgstr ""
2489
2498
2490
#: serverguide/C/vpn.xml:627(title)
2499
#: serverguide/C/vpn.xml:657(title)
2491
2500
msgid "Client software implementations"
2492
2501
msgstr ""
2493
2502
2494
#: serverguide/C/vpn.xml:630(title)
2503
#: serverguide/C/vpn.xml:660(title)
2495
2504
msgid "Linux Network-Manager GUI for OpenVPN"
2496
2505
msgstr ""
2497
2506
2498
#: serverguide/C/vpn.xml:632(para)
2507
#: serverguide/C/vpn.xml:662(para)
2499
2508
msgid ""
2500
2509
"Many Linux distributions including Ubuntu desktop variants come with Network "
2501
2510
"Manager, a nice GUI to configure your network settings. It also can manage "
2504
2513
"packages as well:"
2505
2514
msgstr ""
2506
2515
2507
#: serverguide/C/vpn.xml:637(programlisting)
2516
#: serverguide/C/vpn.xml:667(programlisting)
2508
2517
#, no-wrap
2509
2518
msgid ""
2510
2519
"\n"
2525
2534
"Do you want to continue [Y/n]? \n"
2526
2535
msgstr ""
2527
2536
2528
#: serverguide/C/vpn.xml:655(para)
2537
#: serverguide/C/vpn.xml:685(para)
2529
2538
msgid ""
2530
2539
"To inform network-manager about the new installed packages you will have to "
2531
2540
"restart it:"
2532
2541
msgstr ""
2533
2542
2534
#: serverguide/C/vpn.xml:659(programlisting)
2543
#: serverguide/C/vpn.xml:689(programlisting)
2535
2544
#, no-wrap
2536
2545
msgid ""
2537
2546
"\n"
2551
2560
"to establish your VPN."
2552
2561
msgstr ""
2553
2562
2554
#: serverguide/C/vpn.xml:676(title)
2563
#: serverguide/C/vpn.xml:706(title)
2555
2564
msgid "OpenVPN with GUI for Mac OS X: Tunnelblick"
2556
2565
msgstr ""
2557
2566
2558
#: serverguide/C/vpn.xml:678(para)
2567
#: serverguide/C/vpn.xml:708(para)
2559
2568
msgid ""
2560
2569
"Tunnelblick is an excellent free, open source implementation of a GUI for "
2561
2570
"OpenVPN for OS X. The project's homepage is at <ulink "
2567
2576
"Application folder."
2568
2577
msgstr ""
2569
2578
2570
#: serverguide/C/vpn.xml:684(programlisting)
2579
#: serverguide/C/vpn.xml:714(programlisting)
2571
2580
#, no-wrap
2572
2581
msgid ""
2573
2582
"\n"
2590
2599
"key client.key\n"
2591
2600
msgstr ""
2592
2601
2593
#: serverguide/C/vpn.xml:706(title)
2602
#: serverguide/C/vpn.xml:736(title)
2594
2603
msgid "OpenVPN with GUI for Win 7"
2595
2604
msgstr ""
2596
2605
2603
2612
"binary installer."
2604
2613
msgstr ""
2605
2614
2606
#: serverguide/C/vpn.xml:714(para)
2615
#: serverguide/C/vpn.xml:743(para)
2607
2616
msgid ""
2608
2617
"You need to start the OpenVPN service. Goto Start > Computer > Manage "
2609
2618
"> Services and Applications > Services. Find the OpenVPN service and "
2612
2621
"click on it and you will see that option."
2613
2622
msgstr ""
2614
2623
2615
#: serverguide/C/vpn.xml:718(para)
2624
#: serverguide/C/vpn.xml:747(para)
2616
2625
msgid ""
2617
2626
"You will have to write your OpenVPN config in a textfile and place it in C:\\"
2618
2627
"Program Files\\OpenVPN\\config\\client.ovpn along with the CA certificate. "
2670
2679
msgid "You may want to set the Windows service to \"automatic\"."
2671
2680
msgstr ""
2672
2681
2673
#: serverguide/C/vpn.xml:747(title)
2682
#: serverguide/C/vpn.xml:790(title)
2674
2683
msgid "OpenVPN for OpenWRT"
2675
2684
msgstr ""
2676
2685
2677
#: serverguide/C/vpn.xml:749(para)
2686
#: serverguide/C/vpn.xml:792(para)
2678
2687
msgid ""
2679
2688
"OpenWRT is described as a Linux distribution for embedded devices like WLAN "
2680
2689
"router. There are certain types of WLAN routers who can be flashed to run "
2687
2696
"url=\"http://openwrt.org\">http://openwrt.org</ulink>"
2688
2697
msgstr ""
2689
2698
2690
#: serverguide/C/vpn.xml:758(para)
2699
#: serverguide/C/vpn.xml:801(para)
2691
2700
msgid "Log into your OpenWRT router and install OpenVPN:"
2692
2701
msgstr ""
2693
2702
2694
#: serverguide/C/vpn.xml:763(command)
2703
#: serverguide/C/vpn.xml:806(command)
2695
2704
msgid "opkg update"
2696
2705
msgstr ""
2697
2706
2698
#: serverguide/C/vpn.xml:764(command)
2707
#: serverguide/C/vpn.xml:807(command)
2699
2708
msgid "opkg install openvpn"
2700
2709
msgstr ""
2701
2710
2705
2714
"certificates and keys to /etc/openvpn/"
2706
2715
msgstr ""
2707
2716
2708
#: serverguide/C/vpn.xml:772(programlisting)
2717
#: serverguide/C/vpn.xml:815(programlisting)
2709
2718
#, no-wrap
2710
2719
msgid ""
2711
2720
"\n"
2721
2730
" option comp_lzo 1 \n"
2722
2731
msgstr ""
2723
2732
2724
#: serverguide/C/vpn.xml:785(para)
2733
#: serverguide/C/vpn.xml:828(para)
2725
2734
msgid "Restart OpenVPN:"
2726
2735
msgstr ""
2727
2736
2729
2738
msgid "service openvpn restart"
2730
2739
msgstr ""
2731
2740
2732
#: serverguide/C/vpn.xml:793(para)
2741
#: serverguide/C/vpn.xml:836(para)
2733
2742
msgid ""
2734
2743
"You will have to see if you need to adjust your router's routing and "
2735
2744
"firewall rules."
2736
2745
msgstr ""
2737
2746
2738
#: serverguide/C/vpn.xml:803(para)
2747
#: serverguide/C/vpn.xml:846(para)
2739
2748
msgid ""
2740
2749
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
2741
2750
"additional information."
2742
2751
msgstr ""
2743
2752
2744
#: serverguide/C/vpn.xml:809(ulink)
2753
#: serverguide/C/vpn.xml:852(ulink)
2745
2754
msgid "OpenVPN hardening security guide"
2746
2755
msgstr ""
2747
2756
2748
#: serverguide/C/vpn.xml:813(para)
2757
#: serverguide/C/vpn.xml:856(para)
2749
2758
msgid ""
2750
2759
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
2751
2760
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2755
2764
msgid "Virtualization"
2756
2765
msgstr "Virtualizacion"
2757
2766
2758
#: serverguide/C/virtualization.xml:12(para)
2767
#: serverguide/C/virtualization.xml:13(para)
2759
2768
msgid ""
2760
2769
"Virtualization is being adopted in many different environments and "
2761
2770
"situations. If you are a developer, virtualization can provide you with a "
2765
2774
"services and move them around based on demand."
2766
2775
msgstr ""
2767
2776
2768
#: serverguide/C/virtualization.xml:18(para)
2777
#: serverguide/C/virtualization.xml:20(para)
2769
2778
msgid ""
2770
2779
"The default virtualization technology supported in Ubuntu is "
2771
2780
"<application>KVM</application>. KVM requires virtualization extensions built "
2776
2785
"hardware without virtualization extensions."
2777
2786
msgstr ""
2778
2787
2779
#: serverguide/C/virtualization.xml:26(title)
2788
#: serverguide/C/virtualization.xml:29(title)
2780
2789
msgid "libvirt"
2781
2790
msgstr "libvirt"
2782
2791
2783
#: serverguide/C/virtualization.xml:27(para)
2792
#: serverguide/C/virtualization.xml:31(para)
2784
2793
msgid ""
2785
2794
"The <application>libvirt</application> library is used to interface with "
2786
2795
"different virtualization technologies. Before getting started with "
2789
2798
"<application>KVM</application>. Enter the following from a terminal prompt:"
2790
2799
msgstr ""
2791
2800
2792
#: serverguide/C/virtualization.xml:34(command)
2801
#: serverguide/C/virtualization.xml:39(command)
2793
2802
msgid "kvm-ok"
2794
2803
msgstr ""
2795
2804
2796
#: serverguide/C/virtualization.xml:36(para)
2805
#: serverguide/C/virtualization.xml:42(para)
2797
2806
msgid ""
2798
2807
"A message will be printed informing you if your CPU "
2799
2808
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
2807
2816
"it."
2808
2817
msgstr ""
2809
2818
2810
#: serverguide/C/virtualization.xml:46(title)
2819
#: serverguide/C/virtualization.xml:53(title)
2811
2820
msgid "Virtual Networking"
2812
2821
msgstr "Virtualizacion de la ret"
2813
2822
2829
2838
"to the rest of the network."
2830
2839
msgstr ""
2831
2840
2832
#: serverguide/C/virtualization.xml:62(para)
2841
#: serverguide/C/virtualization.xml:72(para)
2833
2842
msgid "To install the necessary packages, from a terminal prompt enter:"
2834
2843
msgstr "Per installar los paquets necessaris, picatz dins un terminal :"
2835
2844
2837
2846
msgid "sudo apt-get install qemu-kvm libvirt-bin"
2838
2847
msgstr ""
2839
2848
2840
#: serverguide/C/virtualization.xml:68(para)
2849
#: serverguide/C/virtualization.xml:79(para)
2841
2850
msgid ""
2842
2851
"After installing <application>libvirt-bin</application>, the user used to "
2843
2852
"manage virtual machines will need to be added to the "
2845
2854
"the advanced networking options."
2846
2855
msgstr ""
2847
2856
2848
#: serverguide/C/virtualization.xml:72(para)
2857
#: serverguide/C/virtualization.xml:84(para)
2849
2858
msgid "In a terminal enter:"
2850
2859
msgstr "Dins un terminal picatz :"
2851
2860
2852
#: serverguide/C/virtualization.xml:76(command)
2861
#: serverguide/C/virtualization.xml:87(command)
2853
2862
msgid "sudo adduser $USER libvirtd"
2854
2863
msgstr "sudo adduser $USER libvirtd"
2855
2864
2856
#: serverguide/C/virtualization.xml:79(para)
2865
#: serverguide/C/virtualization.xml:91(para)
2857
2866
msgid ""
2858
2867
"If the user chosen is the current user, you will need to log out and back in "
2859
2868
"for the new group membership to take effect."
2860
2869
msgstr ""
2861
2870
2862
#: serverguide/C/virtualization.xml:83(para)
2871
#: serverguide/C/virtualization.xml:95(para)
2863
2872
msgid ""
2864
2873
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
2865
2874
"Installing a virtual machine follows the same process as installing the "
2868
2877
"physical machine."
2869
2878
msgstr ""
2870
2879
2871
#: serverguide/C/virtualization.xml:88(para)
2880
#: serverguide/C/virtualization.xml:101(para)
2872
2881
msgid ""
2873
2882
"In the case of virtual machines a Graphical User Interface (GUI) is "
2874
2883
"analogous to using a physical keyboard and mouse. Instead of installing a "
2888
2897
#: serverguide/C/virtualization.xml:113(para)
2889
2898
msgid ""
2890
2899
"Yet another way to install an Ubuntu virtual machine is to use "
2891
"<application>uvtool</application>. This application, available as of 14.04 "
2900
"<application>uvtool</application>. This application, available as of 14.04, "
2892
2901
"allows you to set up specific VM options, execute custom post-install "
2893
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2902
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2894
2903
msgstr ""
2895
2904
2896
#: serverguide/C/virtualization.xml:101(para)
2905
#: serverguide/C/virtualization.xml:119(para)
2897
2906
msgid ""
2898
2907
"Libvirt can also be configured work with <application>Xen</application>. For "
2899
2908
"details, see the Xen Ubuntu community page referenced below."
2900
2909
msgstr ""
2901
2910
2902
#: serverguide/C/virtualization.xml:106(title)
2911
#: serverguide/C/virtualization.xml:125(title)
2903
2912
msgid "virt-install"
2904
2913
msgstr "virt-install"
2905
2914
2906
#: serverguide/C/virtualization.xml:107(para)
2915
#: serverguide/C/virtualization.xml:127(para)
2907
2916
msgid ""
2908
2917
"<application>virt-install</application> is part of the "
2909
2918
"<application>virtinst</application> package. To install it, from a terminal "
2910
2919
"prompt enter:"
2911
2920
msgstr ""
2912
2921
2913
#: serverguide/C/virtualization.xml:111(command)
2922
#: serverguide/C/virtualization.xml:132(command)
2914
2923
msgid "sudo apt-get install virtinst"
2915
2924
msgstr ""
2916
2925
2917
#: serverguide/C/virtualization.xml:113(para)
2926
#: serverguide/C/virtualization.xml:135(para)
2918
2927
msgid ""
2919
2928
"There are several options available when using <application>virt-"
2920
2929
"install</application>. For example:"
2928
2937
"vnc,listen=0.0.0.0 --noautoconsole -v"
2929
2938
msgstr ""
2930
2939
2931
#: serverguide/C/virtualization.xml:124(para)
2940
#: serverguide/C/virtualization.xml:147(para)
2932
2941
msgid ""
2933
2942
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
2934
2943
"be <emphasis>web_devel</emphasis> in this example."
2935
2944
msgstr ""
2936
2945
2937
#: serverguide/C/virtualization.xml:129(para)
2946
#: serverguide/C/virtualization.xml:153(para)
2938
2947
msgid ""
2939
2948
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
2940
2949
"machine will use in megabytes."
2941
2950
msgstr ""
2942
2951
2943
#: serverguide/C/virtualization.xml:134(para)
2952
#: serverguide/C/virtualization.xml:158(para)
2944
2953
msgid ""
2945
2954
"<emphasis>--disk "
2946
2955
"path=/var/lib/libvirt/images/web_devel.img,size=4:</emphasis> indicates the "
2957
2966
"CDROM device."
2958
2967
msgstr ""
2959
2968
2960
#: serverguide/C/virtualization.xml:152(para)
2969
#: serverguide/C/virtualization.xml:174(para)
2961
2970
msgid ""
2962
2971
"<emphasis>--network</emphasis> provides details related to the VM's network "
2963
2972
"interface. Here the <emphasis>default</emphasis> network is used, and the "
2972
2981
"connect via VNC to complete the installation."
2973
2982
msgstr ""
2974
2983
2975
#: serverguide/C/virtualization.xml:163(para)
2984
#: serverguide/C/virtualization.xml:189(para)
2976
2985
msgid ""
2977
2986
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
2978
2987
"virtual machine's console."
2979
2988
msgstr ""
2980
2989
2981
#: serverguide/C/virtualization.xml:168(para)
2990
#: serverguide/C/virtualization.xml:194(para)
2982
2991
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
2983
2992
msgstr ""
2984
2993
2986
2995
msgid ""
2987
2996
"After launching <application>virt-install</application> you can connect to "
2988
2997
"the virtual machine's console either locally using a GUI (if your server has "
2989
"a GUI), or via a remote VNC client from a GUI based computer."
2998
"a GUI), or via a remote VNC client from a GUI-based computer."
2990
2999
msgstr ""
2991
3000
2992
#: serverguide/C/virtualization.xml:179(title)
3001
#: serverguide/C/virtualization.xml:206(title)
2993
3002
msgid "virt-clone"
2994
3003
msgstr "virt-clone"
2995
3004
2996
#: serverguide/C/virtualization.xml:180(para)
3005
#: serverguide/C/virtualization.xml:208(para)
2997
3006
msgid ""
2998
3007
"The <application>virt-clone</application> application can be used to copy "
2999
3008
"one virtual machine to another. For example:"
3000
3009
msgstr ""
3001
3010
3002
#: serverguide/C/virtualization.xml:184(command)
3011
#: serverguide/C/virtualization.xml:212(command)
3003
3012
msgid ""
3004
3013
"sudo virt-clone -o web_devel -n database_devel -f "
3005
3014
"/path/to/database_devel.img \\ --connect=qemu:///system"
3006
3015
msgstr ""
3007
3016
3008
#: serverguide/C/virtualization.xml:189(para)
3017
#: serverguide/C/virtualization.xml:218(para)
3009
3018
msgid "<emphasis>-o:</emphasis> original virtual machine."
3010
3019
msgstr ""
3011
3020
3012
#: serverguide/C/virtualization.xml:194(para)
3021
#: serverguide/C/virtualization.xml:222(para)
3013
3022
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3014
3023
msgstr ""
3015
3024
3016
#: serverguide/C/virtualization.xml:199(para)
3025
#: serverguide/C/virtualization.xml:227(para)
3017
3026
msgid ""
3018
3027
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3019
3028
"be used by the new virtual machine."
3020
3029
msgstr ""
3021
3030
3022
#: serverguide/C/virtualization.xml:204(para)
3031
#: serverguide/C/virtualization.xml:232(para)
3023
3032
msgid ""
3024
3033
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3025
3034
msgstr ""
3026
3035
3027
#: serverguide/C/virtualization.xml:209(para)
3036
#: serverguide/C/virtualization.xml:237(para)
3028
3037
msgid ""
3029
3038
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3030
3039
"help troubleshoot problems with <application>virt-clone</application>."
3031
3040
msgstr ""
3032
3041
3033
#: serverguide/C/virtualization.xml:214(para)
3042
#: serverguide/C/virtualization.xml:242(para)
3034
3043
msgid ""
3035
3044
"Replace <emphasis>web_devel</emphasis> and "
3036
3045
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3037
3046
msgstr ""
3038
3047
3039
#: serverguide/C/virtualization.xml:220(title)
3048
#: serverguide/C/virtualization.xml:249(title)
3040
3049
msgid "Virtual Machine Management"
3041
3050
msgstr ""
3042
3051
3043
#: serverguide/C/virtualization.xml:222(title)
3052
#: serverguide/C/virtualization.xml:252(title)
3044
3053
msgid "virsh"
3045
3054
msgstr "virsh"
3046
3055
3047
#: serverguide/C/virtualization.xml:223(para)
3056
#: serverguide/C/virtualization.xml:254(para)
3048
3057
msgid ""
3049
3058
"There are several utilities available to manage virtual machines and "
3050
3059
"<application>libvirt</application>. The <application>virsh</application> "
3051
3060
"utility can be used from the command line. Some examples:"
3052
3061
msgstr ""
3053
3062
3054
#: serverguide/C/virtualization.xml:229(para)
3063
#: serverguide/C/virtualization.xml:261(para)
3055
3064
msgid "To list running virtual machines:"
3056
3065
msgstr ""
3057
3066
3058
#: serverguide/C/virtualization.xml:233(command)
3067
#: serverguide/C/virtualization.xml:264(command)
3059
3068
msgid "virsh -c qemu:///system list"
3060
3069
msgstr "virsh -c qemu:///system list"
3061
3070
3062
#: serverguide/C/virtualization.xml:237(para)
3071
#: serverguide/C/virtualization.xml:269(para)
3063
3072
msgid "To start a virtual machine:"
3064
3073
msgstr "Per amodar una maquina virtuala :"
3065
3074
3066
#: serverguide/C/virtualization.xml:241(command)
3075
#: serverguide/C/virtualization.xml:272(command)
3067
3076
msgid "virsh -c qemu:///system start web_devel"
3068
3077
msgstr "virsh -c qemu:///system start web_devel"
3069
3078
3070
#: serverguide/C/virtualization.xml:245(para)
3079
#: serverguide/C/virtualization.xml:277(para)
3071
3080
msgid "Similarly, to start a virtual machine at boot:"
3072
3081
msgstr ""
3073
3082
3074
#: serverguide/C/virtualization.xml:249(command)
3083
#: serverguide/C/virtualization.xml:280(command)
3075
3084
msgid "virsh -c qemu:///system autostart web_devel"
3076
3085
msgstr "virsh -c qemu:///system autostart web_devel"
3077
3086
3078
#: serverguide/C/virtualization.xml:253(para)
3087
#: serverguide/C/virtualization.xml:285(para)
3079
3088
msgid "Reboot a virtual machine with:"
3080
3089
msgstr ""
3081
3090
3082
#: serverguide/C/virtualization.xml:257(command)
3091
#: serverguide/C/virtualization.xml:288(command)
3083
3092
msgid "virsh -c qemu:///system reboot web_devel"
3084
3093
msgstr "virsh -c qemu:///system reboot web_devel"
3085
3094
3086
#: serverguide/C/virtualization.xml:261(para)
3095
#: serverguide/C/virtualization.xml:293(para)
3087
3096
msgid ""
3088
3097
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3089
3098
"order to be restored later. The following will save the virtual machine "
3090
3099
"state into a file named according to the date:"
3091
3100
msgstr ""
3092
3101
3093
#: serverguide/C/virtualization.xml:266(command)
3102
#: serverguide/C/virtualization.xml:299(command)
3094
3103
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3095
3104
msgstr "virsh -c qemu:///system save web_devel web_devel-022708.state"
3096
3105
3097
#: serverguide/C/virtualization.xml:268(para)
3106
#: serverguide/C/virtualization.xml:302(para)
3098
3107
msgid "Once saved the virtual machine will no longer be running."
3099
3108
msgstr ""
3100
3109
3101
#: serverguide/C/virtualization.xml:273(para)
3110
#: serverguide/C/virtualization.xml:307(para)
3102
3111
msgid "A saved virtual machine can be restored using:"
3103
3112
msgstr ""
3104
3113
3105
#: serverguide/C/virtualization.xml:277(command)
3114
#: serverguide/C/virtualization.xml:310(command)
3106
3115
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3107
3116
msgstr ""
3108
3117
3109
#: serverguide/C/virtualization.xml:281(para)
3118
#: serverguide/C/virtualization.xml:315(para)
3110
3119
msgid "To shutdown a virtual machine do:"
3111
3120
msgstr "Per arrestar una maquina virtuala :"
3112
3121
3113
#: serverguide/C/virtualization.xml:285(command)
3122
#: serverguide/C/virtualization.xml:318(command)
3114
3123
msgid "virsh -c qemu:///system shutdown web_devel"
3115
3124
msgstr "virsh -c qemu:///system shutdown web_devel"
3116
3125
3117
#: serverguide/C/virtualization.xml:289(para)
3126
#: serverguide/C/virtualization.xml:323(para)
3118
3127
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3119
3128
msgstr ""
3120
3129
3121
#: serverguide/C/virtualization.xml:293(command)
3130
#: serverguide/C/virtualization.xml:327(command)
3122
3131
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3123
3132
msgstr ""
3124
3133
"virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3125
3134
3126
#: serverguide/C/virtualization.xml:298(para)
3135
#: serverguide/C/virtualization.xml:333(para)
3127
3136
msgid ""
3128
3137
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3129
3138
"appropriate virtual machine name, and <filename>web_devel-"
3130
3139
"022708.state</filename> with a descriptive file name."
3131
3140
msgstr ""
3132
3141
3133
#: serverguide/C/virtualization.xml:305(title)
3142
#: serverguide/C/virtualization.xml:341(title)
3134
3143
msgid "Virtual Machine Manager"
3135
3144
msgstr "Gestionari de maquina virtuala"
3136
3145
3137
#: serverguide/C/virtualization.xml:306(para)
3146
#: serverguide/C/virtualization.xml:343(para)
3138
3147
msgid ""
3139
3148
"The <application>virt-manager</application> package contains a graphical "
3140
3149
"utility to manage local and remote virtual machines. To install virt-manager "
3141
3150
"enter:"
3142
3151
msgstr ""
3143
3152
3144
#: serverguide/C/virtualization.xml:311(command)
3153
#: serverguide/C/virtualization.xml:348(command)
3145
3154
msgid "sudo apt-get install virt-manager"
3146
3155
msgstr "sudo apt-get install virt-manager"
3147
3156
3148
#: serverguide/C/virtualization.xml:313(para)
3157
#: serverguide/C/virtualization.xml:351(para)
3149
3158
msgid ""
3150
3159
"Since <application>virt-manager</application> requires a Graphical User "
3151
3160
"Interface (GUI) environment it is recommended to be installed on a "
3153
3162
"the local <application>libvirt</application> service enter:"
3154
3163
msgstr ""
3155
3164
3156
#: serverguide/C/virtualization.xml:319(command)
3165
#: serverguide/C/virtualization.xml:358(command)
3157
3166
msgid "virt-manager -c qemu:///system"
3158
3167
msgstr "virt-manager -c qemu:///system"
3159
3168
3160
#: serverguide/C/virtualization.xml:321(para)
3169
#: serverguide/C/virtualization.xml:361(para)
3161
3170
msgid ""
3162
3171
"You can connect to the <application>libvirt</application> service running on "
3163
3172
"another host by entering the following in a terminal prompt:"
3164
3173
msgstr ""
3165
3174
3166
#: serverguide/C/virtualization.xml:325(command)
3175
#: serverguide/C/virtualization.xml:366(command)
3167
3176
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3168
3177
msgstr "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3169
3178
3170
#: serverguide/C/virtualization.xml:328(para)
3179
#: serverguide/C/virtualization.xml:370(para)
3171
3180
msgid ""
3172
3181
"The above example assumes that <application>SSH</application> connectivity "
3173
3182
"between the management system and virtnode1.mydomain.com has already been "
3178
3187
"linkend=\"openssh-server\"/>"
3179
3188
msgstr ""
3180
3189
3181
#: serverguide/C/virtualization.xml:338(title)
3190
#: serverguide/C/virtualization.xml:383(title)
3182
3191
msgid "Virtual Machine Viewer"
3183
3192
msgstr "Afichador de maquina virtuala"
3184
3193
3185
#: serverguide/C/virtualization.xml:339(para)
3194
#: serverguide/C/virtualization.xml:385(para)
3186
3195
msgid ""
3187
3196
"The <application>virt-viewer</application> application allows you to connect "
3188
3197
"to a virtual machine's console. <application>virt-viewer</application> does "
3190
3199
"machine."
3191
3200
msgstr ""
3192
3201
3193
#: serverguide/C/virtualization.xml:343(para)
3202
#: serverguide/C/virtualization.xml:390(para)
3194
3203
msgid ""
3195
3204
"To install <application>virt-viewer</application> from a terminal enter:"
3196
3205
msgstr ""
3197
3206
3198
#: serverguide/C/virtualization.xml:347(command)
3207
#: serverguide/C/virtualization.xml:394(command)
3199
3208
msgid "sudo apt-get install virt-viewer"
3200
3209
msgstr "sudo apt-get install virt-viewer"
3201
3210
3202
#: serverguide/C/virtualization.xml:349(para)
3211
#: serverguide/C/virtualization.xml:397(para)
3203
3212
msgid ""
3204
3213
"Once a virtual machine is installed and running you can connect to the "
3205
3214
"virtual machine's console by using:"
3206
3215
msgstr ""
3207
3216
3208
#: serverguide/C/virtualization.xml:353(command)
3217
#: serverguide/C/virtualization.xml:401(command)
3209
3218
msgid "virt-viewer -c qemu:///system web_devel"
3210
3219
msgstr "virt-viewer -c qemu:///system web_devel"
3211
3220
3212
#: serverguide/C/virtualization.xml:355(para)
3221
#: serverguide/C/virtualization.xml:404(para)
3213
3222
msgid ""
3214
3223
"Similar to <application>virt-manager</application>, <application>virt-"
3215
3224
"viewer</application> can connect to a remote host using "
3216
3225
"<emphasis>SSH</emphasis> with key authentication, as well:"
3217
3226
msgstr ""
3218
3227
3219
#: serverguide/C/virtualization.xml:360(command)
3228
#: serverguide/C/virtualization.xml:409(command)
3220
3229
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3221
3230
msgstr "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3222
3231
3223
#: serverguide/C/virtualization.xml:362(para)
3232
#: serverguide/C/virtualization.xml:412(para)
3224
3233
msgid ""
3225
3234
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3226
3235
"appropriate virtual machine name."
3232
3241
"can also setup <application>SSH</application> access to the virtual machine."
3233
3242
msgstr ""
3234
3243
3235
#: serverguide/C/windows-networking.xml:248(title) serverguide/C/windows-networking.xml:347(title) serverguide/C/windows-networking.xml:704(title) serverguide/C/windows-networking.xml:1100(title) serverguide/C/windows-networking.xml:1299(title) serverguide/C/virtualization.xml:371(title) serverguide/C/virtualization.xml:1072(title) serverguide/C/virtualization.xml:2482(title) serverguide/C/virtualization.xml:4388(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:374(title) serverguide/C/network-config.xml:584(title) serverguide/C/network-config.xml:847(title) serverguide/C/network-auth.xml:2133(title) serverguide/C/network-auth.xml:2675(title) serverguide/C/network-auth.xml:3391(title) serverguide/C/network-auth.xml:3944(title) serverguide/C/installation.xml:867(title) serverguide/C/installation.xml:1153(title) serverguide/C/installation.xml:1361(title) serverguide/C/databases.xml:271(title) serverguide/C/databases.xml:409(title) serverguide/C/backups.xml:864(title)
3244
#: serverguide/C/virtualization.xml:421(title) serverguide/C/virtualization.xml:659(title) serverguide/C/virtualization.xml:730(title) serverguide/C/virtualization.xml:1784(title) serverguide/C/samba.xml:248(title) serverguide/C/samba.xml:347(title) serverguide/C/samba.xml:704(title) serverguide/C/samba.xml:1100(title) serverguide/C/samba.xml:1299(title) serverguide/C/reporting-bugs.xml:252(title) serverguide/C/remote-administration.xml:414(title) serverguide/C/other-apps.xml:151(title) serverguide/C/other-apps.xml:305(title) serverguide/C/other-apps.xml:399(title) serverguide/C/network-config.xml:588(title) serverguide/C/network-config.xml:843(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/network-auth.xml:2674(title) serverguide/C/network-auth.xml:3390(title) serverguide/C/network-auth.xml:3943(title) serverguide/C/network-auth.xml:4179(title) serverguide/C/installation.xml:874(title) serverguide/C/installation.xml:1149(title) serverguide/C/installation.xml:1434(title) serverguide/C/databases.xml:264(title) serverguide/C/databases.xml:419(title) serverguide/C/cgroups.xml:198(title) serverguide/C/backups.xml:870(title)
3236
3245
msgid "Resources"
3237
3246
msgstr "Ressorsas"
3238
3247
3242
3251
"more details."
3243
3252
msgstr ""
3244
3253
3245
#: serverguide/C/virtualization.xml:379(para)
3254
#: serverguide/C/virtualization.xml:430(para)
3246
3255
msgid ""
3247
3256
"For more information on <application>libvirt</application> see the <ulink "
3248
3257
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3249
3258
msgstr ""
3250
3259
3251
#: serverguide/C/virtualization.xml:384(para)
3260
#: serverguide/C/virtualization.xml:436(para)
3252
3261
msgid ""
3253
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3254
"Manager</ulink> site has more information on <application>virt-"
3255
"manager</application> development."
3262
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3263
"site has more information on <application>virt-manager</application> "
3264
"development."
3256
3265
msgstr ""
3257
3266
3258
#: serverguide/C/virtualization.xml:390(para)
3267
#: serverguide/C/virtualization.xml:442(para)
3259
3268
msgid ""
3260
3269
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3261
3270
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3262
3271
"technology in Ubuntu."
3263
3272
msgstr ""
3264
3273
3265
#: serverguide/C/virtualization.xml:396(para)
3274
#: serverguide/C/virtualization.xml:448(para)
3266
3275
msgid ""
3267
3276
"Another good resource is the <ulink "
3268
3277
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3269
3278
msgstr ""
3270
3279
3271
#: serverguide/C/virtualization.xml:401(para)
3280
#: serverguide/C/virtualization.xml:454(para)
3272
3281
msgid ""
3273
3282
"For information on Xen, including using Xen with libvirt, please see the "
3274
3283
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3279
3288
msgid "Cloud images and uvtool"
3280
3289
msgstr ""
3281
3290
3282
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3291
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3283
3292
msgid "Introduction"
3284
3293
msgstr "Introduccion"
3285
3294
3286
3295
#: serverguide/C/virtualization.xml:469(para)
3287
3296
msgid ""
3288
"With Ubuntu being one of the most used operating systems on most of the "
3289
"cloud platforms, the availability of stable and secure cloud images has "
3290
"become very important. As of 12.04 the utilization of cloud images outside "
3291
"of a cloud infrastructure has been improved. It is now possible to use those "
3297
"With Ubuntu being one of the most used operating systems on many cloud "
3298
"platforms, the availability of stable and secure cloud images has become "
3299
"very important. As of 12.04 the utilization of cloud images outside of a "
3300
"cloud infrastructure has been improved. It is now possible to use those "
3292
3301
"images to create a virtual machine without the need of a complete "
3293
3302
"installation."
3294
3303
msgstr ""
3295
3304
3296
#: serverguide/C/virtualization.xml:478(title)
3305
#: serverguide/C/virtualization.xml:477(title)
3297
3306
msgid "Creating virtual machines using uvtool"
3298
3307
msgstr ""
3299
3308
3300
#: serverguide/C/virtualization.xml:480(para)
3309
#: serverguide/C/virtualization.xml:479(para)
3301
3310
msgid ""
3302
3311
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3303
3312
"of generating virtual machines (VM) using the cloud images. "
3305
3314
"synchronize cloud-images locally and use them to create new VMs in minutes."
3306
3315
msgstr ""
3307
3316
3308
#: serverguide/C/virtualization.xml:487(title)
3317
#: serverguide/C/virtualization.xml:486(title)
3309
3318
msgid "Uvtool packages"
3310
3319
msgstr ""
3311
3320
3312
#: serverguide/C/virtualization.xml:489(para)
3321
#: serverguide/C/virtualization.xml:488(para)
3313
3322
msgid ""
3314
"The following packages and their dependancies will be required in order to "
3323
"The following packages and their dependencies will be required in order to "
3315
3324
"use uvtool:"
3316
3325
msgstr ""
3317
3326
3318
#: serverguide/C/virtualization.xml:496(para)
3327
#: serverguide/C/virtualization.xml:495(para)
3319
3328
msgid "uvtool"
3320
3329
msgstr ""
3321
3330
3322
#: serverguide/C/virtualization.xml:500(para)
3331
#: serverguide/C/virtualization.xml:499(para)
3323
3332
msgid "uvtool-libvirt"
3324
3333
msgstr ""
3325
3334
3326
#: serverguide/C/virtualization.xml:505(para)
3327
msgid ""
3328
"Installation of <application>uvtool</application> is done the same as for "
3329
"any other application by using apt-get:"
3335
#: serverguide/C/virtualization.xml:504(para)
3336
msgid "To install <application>uvtool</application>, run:"
3330
3337
msgstr ""
3331
3338
3332
#: serverguide/C/virtualization.xml:507(programlisting)
3339
#: serverguide/C/virtualization.xml:505(programlisting)
3333
3340
#, no-wrap
3334
3341
msgid "$ apt-get -y install uvtool"
3335
3342
msgstr ""
3336
3343
3337
#: serverguide/C/virtualization.xml:509(para)
3344
#: serverguide/C/virtualization.xml:507(para)
3338
3345
msgid "This will install uvtool's main commands:"
3339
3346
msgstr ""
3340
3347
3341
#: serverguide/C/virtualization.xml:511(application)
3348
#: serverguide/C/virtualization.xml:509(application)
3342
3349
msgid "uvt-simplestreams-libvirt"
3343
3350
msgstr ""
3344
3351
3345
#: serverguide/C/virtualization.xml:512(application)
3352
#: serverguide/C/virtualization.xml:510(application)
3346
3353
msgid "uvt-kvm"
3347
3354
msgstr ""
3348
3355
3349
#: serverguide/C/virtualization.xml:517(title)
3356
#: serverguide/C/virtualization.xml:515(title)
3350
3357
msgid ""
3351
3358
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3352
3359
"libvirt</application>"
3353
3360
msgstr ""
3354
3361
3355
#: serverguide/C/virtualization.xml:519(para)
3362
#: serverguide/C/virtualization.xml:517(para)
3356
3363
msgid ""
3357
3364
"This is one of the major simplifications that "
3358
3365
"<application>uvtool</application> brings. It is aware of where to find the "
3361
3368
"architecture, the uvtool command would be:"
3362
3369
msgstr ""
3363
3370
3364
#: serverguide/C/virtualization.xml:524(programlisting)
3371
#: serverguide/C/virtualization.xml:522(programlisting)
3365
3372
#, no-wrap
3366
3373
msgid "$ uvt-simplestreams-libvirt sync arch=amd64"
3367
3374
msgstr ""
3368
3375
3369
#: serverguide/C/virtualization.xml:526(para)
3376
#: serverguide/C/virtualization.xml:524(para)
3370
3377
msgid ""
3371
3378
"After an amount of time required to download all the images from the "
3372
"internet, you will have a complete set of cloud images stored locally. To "
3379
"Internet, you will have a complete set of cloud images stored locally. To "
3373
3380
"see what has been downloaded use the following command:"
3374
3381
msgstr ""
3375
3382
3376
#: serverguide/C/virtualization.xml:530(programlisting)
3383
#: serverguide/C/virtualization.xml:528(programlisting)
3377
3384
#, no-wrap
3378
3385
msgid ""
3379
3386
"$ uvt-simplestreams-libvirt query\n"
3384
3391
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3385
3392
msgstr ""
3386
3393
3387
#: serverguide/C/virtualization.xml:538(para)
3394
#: serverguide/C/virtualization.xml:536(para)
3388
3395
msgid ""
3389
3396
"In the case where you want to synchronize only one specific cloud-image, you "
3390
3397
"need to use the release= and arch= filters to identify which image needs to "
3391
3398
"be synchronized."
3392
3399
msgstr ""
3393
3400
3394
#: serverguide/C/virtualization.xml:541(programlisting)
3401
#: serverguide/C/virtualization.xml:539(programlisting)
3395
3402
#, no-wrap
3396
3403
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3397
3404
msgstr ""
3398
3405
3399
#: serverguide/C/virtualization.xml:546(title)
3406
#: serverguide/C/virtualization.xml:544(title)
3400
3407
msgid "Create the VM using uvt-kvm"
3401
3408
msgstr ""
3402
3409
3403
#: serverguide/C/virtualization.xml:548(para)
3410
#: serverguide/C/virtualization.xml:546(para)
3404
3411
msgid ""
3405
"In order to be able to connect to the virtual machine once it has been "
3406
"created, it is necessary to have a valid SSH key available for the ubuntu "
3407
"user. If your environment does not have a ssh key, you can easily create one "
3408
"using the following command:"
3412
"In order to connect to the virtual machine once it has been created, you "
3413
"must have a valid SSH key available for the Ubuntu user. If your environment "
3414
"does not have an SSH key, you can easily create one using the following "
3415
"command:"
3409
3416
msgstr ""
3410
3417
3411
#: serverguide/C/virtualization.xml:552(programlisting)
3418
#: serverguide/C/virtualization.xml:548(programlisting)
3412
3419
#, no-wrap
3413
3420
msgid ""
3414
3421
"\n"
3435
3442
"+-----------------+\n"
3436
3443
msgstr ""
3437
3444
3445
#: serverguide/C/virtualization.xml:571(para)
3446
msgid ""
3447
"To create of a new virtual machine using uvtool, run the following in a "
3448
"terminal:"
3449
msgstr ""
3450
3451
#: serverguide/C/virtualization.xml:573(programlisting)
3452
#, no-wrap
3453
msgid "$ uvt-kvm create firsttest"
3454
msgstr ""
3455
3438
3456
#: serverguide/C/virtualization.xml:575(para)
3439
3457
msgid ""
3440
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3441
"form, you only need to do:"
3442
msgstr ""
3443
3444
#: serverguide/C/virtualization.xml:578(programlisting)
3445
#, no-wrap
3446
msgid "$ uvt-kvm create firsttest"
3447
msgstr ""
3448
3449
#: serverguide/C/virtualization.xml:580(para)
3450
msgid ""
3451
3458
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3452
3459
"using the current LTS cloud image available locally. If you want to specify "
3453
3460
"a release to be used to create the VM, you need to use the <emphasis "
3454
"role=\"bold\">release=</emphasis> filter"
3461
"role=\"bold\">release=</emphasis> filter:"
3462
msgstr ""
3463
3464
#: serverguide/C/virtualization.xml:578(programlisting)
3465
#, no-wrap
3466
msgid "$ uvt-kvm create secondtest release=trusty"
3467
msgstr ""
3468
3469
#: serverguide/C/virtualization.xml:580(para)
3470
msgid ""
3471
"<application>uvt-kvm wait</application> can be used to wait until the "
3472
"creation of the VM has completed:"
3455
3473
msgstr ""
3456
3474
3457
3475
#: serverguide/C/virtualization.xml:583(programlisting)
3458
3476
#, no-wrap
3459
msgid "$ uvt-kvm create secondtest release=trusty"
3460
msgstr ""
3461
3462
#: serverguide/C/virtualization.xml:585(para)
3463
msgid ""
3464
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3465
"the creation of the VM has completed"
3466
msgstr ""
3467
3468
#: serverguide/C/virtualization.xml:588(programlisting)
3469
#, no-wrap
3470
3477
msgid ""
3471
3478
"$ uvt-kvm wait secondttest --insecure\n"
3472
3479
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3473
3480
msgstr ""
3474
3481
3475
#: serverguide/C/virtualization.xml:593(title)
3482
#: serverguide/C/virtualization.xml:588(title)
3476
3483
msgid "Connect to the running VM"
3477
3484
msgstr ""
3478
3485
3479
#: serverguide/C/virtualization.xml:594(para)
3486
#: serverguide/C/virtualization.xml:589(para)
3480
3487
msgid ""
3481
3488
"Once the virtual machine creation is completed, you can connect to it using "
3482
"ssh:"
3489
"SSH:"
3483
3490
msgstr ""
3484
3491
3485
#: serverguide/C/virtualization.xml:597(programlisting)
3492
#: serverguide/C/virtualization.xml:592(programlisting)
3486
3493
#, no-wrap
3487
3494
msgid "$ uvt-kvm ssh secondtest --insecure"
3488
3495
msgstr ""
3489
3496
3490
#: serverguide/C/virtualization.xml:599(para)
3497
#: serverguide/C/virtualization.xml:594(para)
3491
3498
msgid ""
3492
3499
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3493
"required so you should be using this mechanism to connect to your VM only if "
3494
"you completely trust your network infrastructure"
3500
"required, so use this mechanism to connect to your VM only if you completely "
3501
"trust your network infrastructure."
3495
3502
msgstr ""
3496
3503
3497
#: serverguide/C/virtualization.xml:602(para)
3504
#: serverguide/C/virtualization.xml:596(para)
3498
3505
msgid ""
3499
"You can also connect to your VM using a regular ssh session using the IP "
3506
"You can also connect to your VM using a regular SSH session using the IP "
3500
3507
"address of the VM. The address can be queried using the following command:"
3501
3508
msgstr ""
3502
3509
3503
#: serverguide/C/virtualization.xml:605(programlisting)
3510
#: serverguide/C/virtualization.xml:598(programlisting)
3504
3511
#, no-wrap
3505
3512
msgid ""
3506
3513
"\n"
3531
3538
"\n"
3532
3539
msgstr ""
3533
3540
3534
#: serverguide/C/virtualization.xml:631(title)
3541
#: serverguide/C/virtualization.xml:624(title)
3535
3542
msgid "Get the list of running VMs"
3536
3543
msgstr ""
3537
3544
3538
#: serverguide/C/virtualization.xml:632(para)
3539
msgid "You can get the list of VM running on your system with this command:"
3545
#: serverguide/C/virtualization.xml:625(para)
3546
msgid "You can get the list of VMs running on your system with this command:"
3540
3547
msgstr ""
3541
3548
3542
#: serverguide/C/virtualization.xml:634(programlisting)
3549
#: serverguide/C/virtualization.xml:627(programlisting)
3543
3550
#, no-wrap
3544
3551
msgid ""
3545
3552
"$ uvt-kvm list\n"
3546
3553
"secondtest\n"
3547
3554
msgstr ""
3548
3555
3549
#: serverguide/C/virtualization.xml:639(title)
3556
#: serverguide/C/virtualization.xml:632(title)
3550
3557
msgid "Destroy your VM"
3551
3558
msgstr ""
3552
3559
3553
#: serverguide/C/virtualization.xml:640(para)
3554
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3560
#: serverguide/C/virtualization.xml:633(para)
3561
msgid "Once you are done with your VM, you can destroy it with:"
3555
3562
msgstr ""
3556
3563
3557
#: serverguide/C/virtualization.xml:642(programlisting)
3564
#: serverguide/C/virtualization.xml:635(programlisting)
3558
3565
#, no-wrap
3559
3566
msgid "$ uvt-kvm destroy secondtest"
3560
3567
msgstr ""
3561
3568
3562
#: serverguide/C/virtualization.xml:644(title)
3569
#: serverguide/C/virtualization.xml:637(title)
3563
3570
msgid "More uvt-kvm options"
3564
3571
msgstr ""
3565
3572
3566
#: serverguide/C/virtualization.xml:646(para)
3573
#: serverguide/C/virtualization.xml:639(para)
3567
3574
msgid ""
3568
3575
"The following options can be used to change some of the characteristics of "
3569
"the virtual memory that you are creating"
3576
"the VM that you are creating:"
3577
msgstr ""
3578
3579
#: serverguide/C/virtualization.xml:642(para)
3580
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3581
msgstr ""
3582
3583
#: serverguide/C/virtualization.xml:643(para)
3584
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3585
msgstr ""
3586
3587
#: serverguide/C/virtualization.xml:644(para)
3588
msgid "--cpu : Number of CPU cores. Default: 1."
3589
msgstr ""
3590
3591
#: serverguide/C/virtualization.xml:647(para)
3592
msgid ""
3593
"Some other parameters will have an impact on the cloud-init configuration:"
3594
msgstr ""
3595
3596
#: serverguide/C/virtualization.xml:649(para)
3597
msgid ""
3598
"--password password : Allow login to the VM using the Ubuntu account and "
3599
"this provided password."
3570
3600
msgstr ""
3571
3601
3572
3602
#: serverguide/C/virtualization.xml:650(para)
3573
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3574
msgstr ""
3575
3576
#: serverguide/C/virtualization.xml:651(para)
3577
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3578
msgstr ""
3579
3580
#: serverguide/C/virtualization.xml:652(para)
3581
msgid "--cpu : Number of CPU cores. Default: 1"
3582
msgstr ""
3583
3584
#: serverguide/C/virtualization.xml:655(para)
3585
msgid ""
3586
"Some other parameters will have an impact on the cloud-init configuration"
3587
msgstr ""
3588
3589
#: serverguide/C/virtualization.xml:657(para)
3590
msgid ""
3591
"--password password : Allow login to the VM using the ubuntu account and "
3592
"this provided password"
3593
msgstr ""
3594
3595
#: serverguide/C/virtualization.xml:658(para)
3596
3603
msgid ""
3597
3604
"--run-script-once script_file : Run script_file as root on the VM the first "
3598
3605
"time it is booted, but never again."
3599
3606
msgstr ""
3600
3607
3601
#: serverguide/C/virtualization.xml:659(para)
3608
#: serverguide/C/virtualization.xml:651(para)
3602
3609
msgid ""
3603
3610
"--packages package_list : Install the comma-separated packages specified in "
3604
3611
"package_list on first boot."
3605
3612
msgstr ""
3606
3613
3607
#: serverguide/C/virtualization.xml:662(para)
3614
#: serverguide/C/virtualization.xml:654(para)
3608
3615
msgid ""
3609
3616
"A complete description of all available modifiers is available in the "
3610
"manpage of uvt-kvm"
3617
"manpage of uvt-kvm."
3611
3618
msgstr ""
3612
3619
3613
#: serverguide/C/virtualization.xml:1073(para)
3620
#: serverguide/C/virtualization.xml:661(para)
3614
3621
msgid ""
3615
3622
"If you are interested in learning more, have questions or suggestions, "
3616
3623
"please contact the Ubuntu Server Team at:"
3617
3624
msgstr ""
3618
3625
3619
#: serverguide/C/virtualization.xml:1078(para)
3626
#: serverguide/C/virtualization.xml:666(para)
3620
3627
msgid "IRC: #ubuntu-server on freenode"
3621
3628
msgstr ""
3622
3629
3623
#: serverguide/C/virtualization.xml:1083(para)
3630
#: serverguide/C/virtualization.xml:670(para)
3624
3631
msgid ""
3625
3632
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3626
3633
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3627
3634
msgstr ""
3628
3635
3629
#: serverguide/C/virtualization.xml:2121(title)
3636
#: serverguide/C/virtualization.xml:679(title)
3630
3637
msgid "Ubuntu Cloud"
3631
3638
msgstr ""
3632
3639
3633
#: serverguide/C/virtualization.xml:2122(para)
3640
#: serverguide/C/virtualization.xml:681(para)
3634
3641
msgid ""
3635
3642
"<application>Cloud computing</application> is a computing model that allows "
3636
3643
"vast pools of resources to be allocated on-demand. These resources such as "
3642
3649
"build highly scalable, cloud computing for both public and private clouds."
3643
3650
msgstr ""
3644
3651
3645
#: serverguide/C/virtualization.xml:700(title)
3652
#: serverguide/C/virtualization.xml:692(title)
3646
3653
msgid "Installation and Configuration"
3647
3654
msgstr ""
3648
3655
3649
#: serverguide/C/virtualization.xml:702(para)
3656
#: serverguide/C/virtualization.xml:694(para)
3650
3657
msgid ""
3651
3658
"Due to the current high rate of development of this complex technology we "
3652
3659
"refer the reader to <ulink url=\"http://docs.openstack.org/havana/install-"
3654
3661
"concerning installation and configuration."
3655
3662
msgstr ""
3656
3663
3657
#: serverguide/C/virtualization.xml:2452(title)
3664
#: serverguide/C/virtualization.xml:703(title)
3658
3665
msgid "Support and Troubleshooting"
3659
3666
msgstr ""
3660
3667
3661
#: serverguide/C/virtualization.xml:2453(para)
3668
#: serverguide/C/virtualization.xml:705(para)
3662
3669
msgid "Community Support"
3663
3670
msgstr ""
3664
3671
3665
#: serverguide/C/virtualization.xml:2457(ulink)
3672
#: serverguide/C/virtualization.xml:709(ulink)
3666
3673
msgid "OpenStack Mailing list"
3667
3674
msgstr ""
3668
3675
3669
#: serverguide/C/virtualization.xml:2462(ulink)
3676
#: serverguide/C/virtualization.xml:714(ulink)
3670
3677
msgid "The OpenStack Wiki search"
3671
3678
msgstr ""
3672
3679
3673
#: serverguide/C/virtualization.xml:2468(ulink)
3680
#: serverguide/C/virtualization.xml:719(ulink)
3674
3681
msgid "Launchpad bugs area"
3675
3682
msgstr ""
3676
3683
3677
#: serverguide/C/virtualization.xml:2472(para)
3684
#: serverguide/C/virtualization.xml:724(para)
3678
3685
msgid "Join the IRC channel #openstack on freenode."
3679
3686
msgstr ""
3680
3687
3681
#: serverguide/C/virtualization.xml:2486(ulink)
3688
#: serverguide/C/virtualization.xml:735(ulink)
3682
3689
msgid "Cloud Computing - Service models"
3683
3690
msgstr ""
3684
3691
3685
#: serverguide/C/virtualization.xml:2491(ulink)
3692
#: serverguide/C/virtualization.xml:741(ulink)
3686
3693
msgid "OpenStack Compute"
3687
3694
msgstr ""
3688
3695
3689
#: serverguide/C/virtualization.xml:2496(ulink)
3696
#: serverguide/C/virtualization.xml:747(ulink)
3690
3697
msgid "OpenStack Image Service"
3691
3698
msgstr ""
3692
3699
3693
#: serverguide/C/virtualization.xml:2501(ulink)
3700
#: serverguide/C/virtualization.xml:753(ulink)
3694
3701
msgid "OpenStack Object Storage Administration Guide"
3695
3702
msgstr ""
3696
3703
3697
#: serverguide/C/virtualization.xml:2506(ulink)
3704
#: serverguide/C/virtualization.xml:759(ulink)
3698
3705
msgid "Installing OpenStack Object Storage on Ubuntu"
3699
3706
msgstr ""
3700
3707
3701
#: serverguide/C/virtualization.xml:2511(ulink)
3708
#: serverguide/C/virtualization.xml:765(ulink)
3702
3709
msgid "http://cloudglossary.com/"
3703
3710
msgstr ""
3704
3711
3705
#: serverguide/C/virtualization.xml:2586(title)
3712
#: serverguide/C/virtualization.xml:775(title)
3706
3713
msgid "LXC"
3707
3714
msgstr ""
3708
3715
3709
#: serverguide/C/virtualization.xml:785(para)
3716
#: serverguide/C/virtualization.xml:777(para)
3710
3717
msgid ""
3711
3718
"Containers are a lightweight virtualization technology. They are more akin "
3712
3719
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
3718
3725
"and OpenVZ functionality."
3719
3726
msgstr ""
3720
3727
3721
#: serverguide/C/virtualization.xml:2602(para)
3728
#: serverguide/C/virtualization.xml:787(para)
3722
3729
msgid ""
3723
3730
"There are two user-space implementations of containers, each exploiting the "
3724
3731
"same kernel features. Libvirt allows the use of containers through the LXC "
3729
3736
"there are peculiarities which can cause confusion."
3730
3737
msgstr ""
3731
3738
3732
#: serverguide/C/virtualization.xml:804(para)
3739
#: serverguide/C/virtualization.xml:796(para)
3733
3740
msgid ""
3734
3741
"In this document we will mainly describe the <application>lxc</application> "
3735
3742
"package. Use of libvirt-lxc is not generally recommended due to a lack of "
3736
3743
"Apparmor protection for libvirt-lxc containers."
3737
3744
msgstr ""
3738
3745
3739
#: serverguide/C/virtualization.xml:2618(para)
3746
#: serverguide/C/virtualization.xml:801(para)
3740
3747
msgid "In this document, a container name will be shown as CN, C1, or C2."
3741
3748
msgstr ""
3742
3749
3743
#: serverguide/C/virtualization.xml:2624(para)
3750
#: serverguide/C/virtualization.xml:807(para)
3744
3751
msgid "The <application>lxc</application> package can be installed using"
3745
3752
msgstr ""
3746
3753
3747
#: serverguide/C/virtualization.xml:2629(command)
3754
#: serverguide/C/virtualization.xml:811(command)
3748
3755
msgid "sudo apt-get install lxc"
3749
3756
msgstr ""
3750
3757
3751
#: serverguide/C/virtualization.xml:824(para)
3758
#: serverguide/C/virtualization.xml:816(para)
3752
3759
msgid ""
3753
3760
"This will pull in the required and recommended dependencies, as well as set "
3754
3761
"up a network bridge for containers to use. If you wish to use unprivileged "
3757
3764
"containers to a bridge (see <xref linkend=\"lxc-unpriv\"/>)."
3758
3765
msgstr ""
3759
3766
3760
#: serverguide/C/virtualization.xml:834(title) serverguide/C/vcs.xml:104(title)
3767
#: serverguide/C/virtualization.xml:826(title) serverguide/C/vcs.xml:111(title)
3761
3768
msgid "Basic usage"
3762
3769
msgstr ""
3763
3770
3764
#: serverguide/C/virtualization.xml:835(para)
3771
#: serverguide/C/virtualization.xml:827(para)
3765
3772
msgid ""
3766
3773
"LXC can be used in two distinct ways - privileged, by running the lxc "
3767
3774
"commands as the root user; or unprivileged, by running the lxc commands as a "
3772
3779
"in the container is mapped to a non-root userid on the host."
3773
3780
msgstr ""
3774
3781
3775
#: serverguide/C/virtualization.xml:847(title)
3782
#: serverguide/C/virtualization.xml:839(title)
3776
3783
msgid "Basic privileged usage"
3777
3784
msgstr ""
3778
3785
3779
#: serverguide/C/virtualization.xml:848(para)
3780
msgid "To create a privileged container, you can simply to"
3786
#: serverguide/C/virtualization.xml:840(para)
3787
msgid "To create a privileged container, you can simply do:"
3781
3788
msgstr ""
3782
3789
3783
#: serverguide/C/virtualization.xml:852(command)
3790
#: serverguide/C/virtualization.xml:844(command)
3784
3791
msgid "sudo lxc-create --template download --name u1"
3785
3792
msgstr ""
3786
3793
3787
#: serverguide/C/virtualization.xml:856(command)
3794
#: serverguide/C/virtualization.xml:848(command)
3788
3795
msgid "sudo lxc-create -t download -n u1"
3789
3796
msgstr ""
3790
3797
3791
#: serverguide/C/virtualization.xml:851(screen)
3798
#: serverguide/C/virtualization.xml:843(screen)
3792
3799
#, no-wrap
3793
3800
msgid ""
3794
3801
"\n"
3797
3804
"<placeholder-2/>\n"
3798
3805
msgstr ""
3799
3806
3800
#: serverguide/C/virtualization.xml:860(para)
3807
#: serverguide/C/virtualization.xml:852(para)
3801
3808
msgid ""
3802
3809
"This will interactively ask for a container root filesystem type to download "
3803
3810
"- in particular the distribution, release, and architecture. To create the "
3805
3812
"line:"
3806
3813
msgstr ""
3807
3814
3808
#: serverguide/C/virtualization.xml:867(command)
3815
#: serverguide/C/virtualization.xml:859(command)
3809
3816
msgid ""
3810
3817
"sudo lxc-create -t download -n u1 -- --dist ubuntu --release trusty --arch "
3811
3818
"amd64"
3812
3819
msgstr ""
3813
3820
3814
#: serverguide/C/virtualization.xml:871(command)
3821
#: serverguide/C/virtualization.xml:863(command)
3815
3822
msgid "sudo lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64"
3816
3823
msgstr ""
3817
3824
3818
#: serverguide/C/virtualization.xml:866(screen)
3825
#: serverguide/C/virtualization.xml:858(screen)
3819
3826
#, no-wrap
3820
3827
msgid ""
3821
3828
"\n"
3824
3831
"<placeholder-2/>\n"
3825
3832
msgstr ""
3826
3833
3827
#: serverguide/C/virtualization.xml:876(para)
3834
#: serverguide/C/virtualization.xml:868(para)
3828
3835
msgid ""
3829
3836
"You can now use <command>lxc-ls</command> to list containers, <command>lxc-"
3830
3837
"info</command> to obtain detailed container information, <command>lxc-"
3836
3843
"look like:"
3837
3844
msgstr ""
3838
3845
3839
#: serverguide/C/virtualization.xml:887(command)
3846
#: serverguide/C/virtualization.xml:879(command)
3840
3847
msgid ""
3841
3848
"sudo lxc-ls --fancy sudo lxc-start --name u1 --daemon sudo lxc-info --name "
3842
3849
"u1 sudo lxc-stop --name u1 sudo lxc-destroy --name u1"
3843
3850
msgstr ""
3844
3851
3845
#: serverguide/C/virtualization.xml:899(title)
3852
#: serverguide/C/virtualization.xml:891(title)
3846
3853
msgid "User namespaces"
3847
3854
msgstr ""
3848
3855
3849
#: serverguide/C/virtualization.xml:900(para)
3856
#: serverguide/C/virtualization.xml:892(para)
3850
3857
msgid ""
3851
3858
"Unprivileged containers allow users to create and administer containers "
3852
3859
"without having any root privilege. The feature underpinning this is called "
3863
3870
"convention started at id 100000 to avoid conflicting with system users."
3864
3871
msgstr ""
3865
3872
3866
#: serverguide/C/virtualization.xml:918(para)
3873
#: serverguide/C/virtualization.xml:910(para)
3867
3874
msgid ""
3868
3875
"If a user was created on an earlier release, it can be granted a range of "
3869
3876
"ids using <command>usermod</command>, as follows:"
3870
3877
msgstr ""
3871
3878
3872
#: serverguide/C/virtualization.xml:923(command)
3879
#: serverguide/C/virtualization.xml:915(command)
3873
3880
msgid "sudo usermod -v 100000-200000 -w 100000-200000 user1"
3874
3881
msgstr ""
3875
3882
3876
#: serverguide/C/virtualization.xml:928(para)
3883
#: serverguide/C/virtualization.xml:920(para)
3877
3884
msgid ""
3878
3885
"The programs <command>newuidmap</command> and <command> newgidmap</command> "
3879
3886
"are setuid-root programs in the <filename>uidmap</filename> package, which "
3882
3889
"authorized by the host configuration."
3883
3890
msgstr ""
3884
3891
3885
#: serverguide/C/virtualization.xml:939(title)
3892
#: serverguide/C/virtualization.xml:931(title)
3886
3893
msgid "Basic unprivileged usage"
3887
3894
msgstr ""
3888
3895
3889
#: serverguide/C/virtualization.xml:943(para)
3896
#: serverguide/C/virtualization.xml:935(para)
3890
3897
msgid ""
3891
3898
"To create unprivileged containers, a few first steps are needed. You will "
3892
3899
"need to create a default container configuration file, specifying your "
3895
3902
"assumes that your mapped user and group id ranges are 100000-165536."
3896
3903
msgstr ""
3897
3904
3898
#: serverguide/C/virtualization.xml:952(command)
3905
#: serverguide/C/virtualization.xml:944(command)
3899
3906
msgid ""
3900
3907
"mkdir -p ~/.config/lxc echo \"lxc.id_map = u 0 100000 65536\" > "
3901
3908
"~/.config/lxc/default.conf echo \"lxc.id_map = g 0 100000 65536\" >> "
3905
3912
"/etc/lxc/lxc-usernet"
3906
3913
msgstr ""
3907
3914
3908
#: serverguide/C/virtualization.xml:962(para)
3915
#: serverguide/C/virtualization.xml:954(para)
3909
3916
msgid ""
3910
3917
"After this, you can create unprivileged containers the same way as "
3911
3918
"privileged ones, simply without using sudo."
3912
3919
msgstr ""
3913
3920
3914
#: serverguide/C/virtualization.xml:967(command)
3921
#: serverguide/C/virtualization.xml:959(command)
3915
3922
msgid ""
3916
3923
"lxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64 lxc-start -n u1 "
3917
3924
"-d lxc-attach -n u1 lxc-stop -n u1 lxc-destroy -n u1"
3918
3925
msgstr ""
3919
3926
3920
#: serverguide/C/virtualization.xml:978(title)
3927
#: serverguide/C/virtualization.xml:970(title)
3921
3928
msgid "Nesting"
3922
3929
msgstr ""
3923
3930
3924
#: serverguide/C/virtualization.xml:979(para)
3931
#: serverguide/C/virtualization.xml:971(para)
3925
3932
msgid ""
3926
3933
"In order to run containers inside containers - referred to as nested "
3927
3934
"containers - two lines must be present in the parent container configuration "
3938
3945
"information."
3939
3946
msgstr ""
3940
3947
3941
#: serverguide/C/virtualization.xml:1001(title)
3948
#: serverguide/C/virtualization.xml:993(title)
3942
3949
msgid "Global configuration"
3943
3950
msgstr ""
3944
3951
3945
#: serverguide/C/virtualization.xml:1008(para)
3952
#: serverguide/C/virtualization.xml:1000(para)
3946
3953
msgid ""
3947
3954
"<filename>lxc.conf</filename> may optionally specify alternate values for "
3948
3955
"several lxc settings, including the lxcpath, the default configuration, "
3950
3957
"lvm and zfs."
3951
3958
msgstr ""
3952
3959
3953
#: serverguide/C/virtualization.xml:1015(para)
3960
#: serverguide/C/virtualization.xml:1007(para)
3954
3961
msgid ""
3955
3962
"<filename>default.conf</filename> specifies configuration which every newly "
3956
3963
"created container should contain. This usually contains at least a network "
3957
3964
"section, and, for unprivileged users, an id mapping section"
3958
3965
msgstr ""
3959
3966
3960
#: serverguide/C/virtualization.xml:1022(para)
3967
#: serverguide/C/virtualization.xml:1014(para)
3961
3968
msgid ""
3962
3969
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
3963
3970
"connect their containers to the host-owned network."
3964
3971
msgstr ""
3965
3972
3966
#: serverguide/C/virtualization.xml:1002(para)
3973
#: serverguide/C/virtualization.xml:994(para)
3967
3974
msgid ""
3968
3975
"The following configuration files are consulted by LXC. For privileged use, "
3969
3976
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
3970
3977
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
3971
3978
msgstr ""
3972
3979
3973
#: serverguide/C/virtualization.xml:1028(para)
3980
#: serverguide/C/virtualization.xml:1020(para)
3974
3981
msgid ""
3975
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
3976
"exist both under <filename>/etc/lxc</filename> and "
3982
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
3983
"under <filename>/etc/lxc</filename> and "
3977
3984
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
3978
3985
"usernet.conf</filename> is only host-wide."
3979
3986
msgstr ""
3980
3987
3981
#: serverguide/C/virtualization.xml:1033(para)
3988
#: serverguide/C/virtualization.xml:1025(para)
3982
3989
msgid ""
3983
3990
"By default, containers are located under /var/lib/lxc for the root user, and "
3984
3991
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
3985
3992
"commands using the \"-P|--lxcpath\" argument."
3986
3993
msgstr ""
3987
3994
3988
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
3995
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
3989
3996
msgid "Networking"
3990
3997
msgstr "Ret"
3991
3998
3992
#: serverguide/C/virtualization.xml:1043(para)
3999
#: serverguide/C/virtualization.xml:1035(para)
3993
4000
msgid ""
3994
4001
"By default LXC creates a private network namespace for each container, which "
3995
4002
"includes a layer 2 networking stack. Containers usually connect to the "
4001
4008
"container is not usable on the host."
4002
4009
msgstr ""
4003
4010
4004
#: serverguide/C/virtualization.xml:1051(para)
4011
#: serverguide/C/virtualization.xml:1043(para)
4005
4012
msgid ""
4006
4013
"It is possible to create a container without a private network namespace. In "
4007
4014
"this case, the container will have access to the host networking like any "
4011
4018
"Unix domain socket to the host's upstart, and shut down the host."
4012
4019
msgstr ""
4013
4020
4014
#: serverguide/C/virtualization.xml:1057(para)
4021
#: serverguide/C/virtualization.xml:1049(para)
4015
4022
msgid ""
4016
4023
"To give containers on lxcbr0 a persistent ip address based on domain name, "
4017
4024
"you can write entries to <filename>/etc/lxc/dnsmasq.conf</filename> like: "
4021
4028
"</screen>"
4022
4029
msgstr ""
4023
4030
4024
#: serverguide/C/virtualization.xml:1065(para)
4031
#: serverguide/C/virtualization.xml:1057(para)
4025
4032
msgid ""
4026
4033
"If it is desirable for the container to be publicly accessible, there are a "
4027
4034
"few ways to go about it. One is to use <command>iptables</command> to "
4040
4047
"are preferred and more commonly used."
4041
4048
msgstr ""
4042
4049
4043
#: serverguide/C/virtualization.xml:1086(para)
4050
#: serverguide/C/virtualization.xml:1078(para)
4044
4051
msgid ""
4045
4052
"There are several ways to determine the ip address for a container. First, "
4046
4053
"you can use <command>lxc-ls --fancy</command> which will print the ip "
4056
4063
"</screen>"
4057
4064
msgstr ""
4058
4065
4059
#: serverguide/C/virtualization.xml:1101(para)
4066
#: serverguide/C/virtualization.xml:1093(para)
4060
4067
msgid ""
4061
4068
"For more information, see the lxc.conf manpage as well as the example "
4062
4069
"network configurations under "
4063
4070
"<filename>/usr/share/doc/lxc/examples/</filename>."
4064
4071
msgstr ""
4065
4072
4066
#: serverguide/C/virtualization.xml:1107(title)
4073
#: serverguide/C/virtualization.xml:1099(title)
4067
4074
msgid "LXC startup"
4068
4075
msgstr ""
4069
4076
4070
#: serverguide/C/virtualization.xml:1109(para)
4077
#: serverguide/C/virtualization.xml:1101(para)
4071
4078
msgid ""
4072
4079
"LXC does not have a long-running daemon. However it does have three upstart "
4073
4080
"jobs."
4074
4081
msgstr ""
4075
4082
4076
#: serverguide/C/virtualization.xml:1115(para)
4083
#: serverguide/C/virtualization.xml:1107(para)
4077
4084
msgid ""
4078
4085
"<filename>/etc/init/lxc-net.conf:</filename> is an optional job which only "
4079
4086
"runs if <filename> /etc/default/lxc-net</filename> specifies USE_LXC_BRIDGE "
4080
4087
"(true by default). It sets up a NATed bridge for containers to use."
4081
4088
msgstr ""
4082
4089
4083
#: serverguide/C/virtualization.xml:1123(para)
4090
#: serverguide/C/virtualization.xml:1115(para)
4084
4091
msgid ""
4085
4092
"<filename>/etc/init/lxc.conf</filename> loads the lxc apparmor profiles and "
4086
4093
"optionally starts any autostart containers. The autostart containers will be "
4089
4096
"more information on autostarted containers."
4090
4097
msgstr ""
4091
4098
4092
#: serverguide/C/virtualization.xml:1133(para)
4099
#: serverguide/C/virtualization.xml:1125(para)
4093
4100
msgid ""
4094
"<filename>/etc/init/lxc-instance.conf:</filename> is used by "
4101
"<filename>/etc/init/lxc-instance.conf</filename> is used by "
4095
4102
"<filename>/etc/init/lxc.conf</filename> to autostart a container."
4096
4103
msgstr ""
4097
4104
4098
#: serverguide/C/virtualization.xml:3232(title)
4105
#: serverguide/C/virtualization.xml:1134(title)
4099
4106
msgid "Backing Stores"
4100
4107
msgstr ""
4101
4108
4102
#: serverguide/C/virtualization.xml:1143(para)
4109
#: serverguide/C/virtualization.xml:1135(para)
4103
4110
msgid ""
4104
4111
"LXC supports several backing stores for container root filesystems. The "
4105
4112
"default is a simple directory backing store, because it requires no prior "
4114
4121
"<filename>$lxcpath/C1/rootfs</filename>."
4115
4122
msgstr ""
4116
4123
4117
#: serverguide/C/virtualization.xml:1157(para)
4124
#: serverguide/C/virtualization.xml:1149(para)
4118
4125
msgid ""
4119
4126
"A snapshot clone C2 of a directory backed container C1 becomes an overlayfs "
4120
4127
"backed container, with a rootfs called "
4122
4129
" Other backing store types include loop, btrfs, LVM and zfs."
4123
4130
msgstr ""
4124
4131
4125
#: serverguide/C/virtualization.xml:1165(para)
4132
#: serverguide/C/virtualization.xml:1157(para)
4126
4133
msgid ""
4127
4134
"A btrfs backed container mostly looks like a directory backed container, "
4128
4135
"with its root filesystem in the same location. However, the root filesystem "
4130
4137
"snapshot."
4131
4138
msgstr ""
4132
4139
4133
#: serverguide/C/virtualization.xml:1172(para)
4140
#: serverguide/C/virtualization.xml:1164(para)
4134
4141
msgid ""
4135
4142
"The root filesystem for an LVM backed container can be any separate LV. The "
4136
4143
"default VG name can be specified in lxc.conf. The filesystem type and size "
4137
4144
"are configurable per-container using lxc-create."
4138
4145
msgstr ""
4139
4146
4140
#: serverguide/C/virtualization.xml:1178(para)
4147
#: serverguide/C/virtualization.xml:1170(para)
4141
4148
msgid ""
4142
4149
"The rootfs for a zfs backed container is a separate zfs filesystem, mounted "
4143
4150
"under the traditional <filename>/var/lib/lxc/C1/rootfs</filename> location. "
4145
4152
"in lxc.system.conf."
4146
4153
msgstr ""
4147
4154
4148
#: serverguide/C/virtualization.xml:1185(para)
4155
#: serverguide/C/virtualization.xml:1177(para)
4149
4156
msgid ""
4150
4157
"More information on creating containers with the various backing stores can "
4151
4158
"be found in the lxc-create manual page."
4152
4159
msgstr ""
4153
4160
4154
#: serverguide/C/virtualization.xml:1192(title)
4161
#: serverguide/C/virtualization.xml:1184(title)
4155
4162
msgid "Templates"
4156
4163
msgstr ""
4157
4164
4158
#: serverguide/C/virtualization.xml:1193(para)
4165
#: serverguide/C/virtualization.xml:1185(para)
4159
4166
msgid ""
4160
4167
"Creating a container generally involves creating a root filesystem for the "
4161
4168
"container. <command>lxc-create</command> delegates this work to "
4166
4173
"others."
4167
4174
msgstr ""
4168
4175
4169
#: serverguide/C/virtualization.xml:1202(para)
4176
#: serverguide/C/virtualization.xml:1194(para)
4170
4177
msgid ""
4171
4178
"Creating distribution images in most cases requires the ability to create "
4172
4179
"device nodes, often requires tools which are not available in other "
4177
4184
"could not for instance easily run the <command>debootstrap</command> command."
4178
4185
msgstr ""
4179
4186
4180
#: serverguide/C/virtualization.xml:1212(para)
4187
#: serverguide/C/virtualization.xml:1204(para)
4181
4188
msgid ""
4182
4189
"When running <command>lxc-create</command>, all options which come after "
4183
4190
"<emphasis>--</emphasis> are passed to the template. In the following "
4190
4197
"</screen>"
4191
4198
msgstr ""
4192
4199
4193
#: serverguide/C/virtualization.xml:1224(para)
4200
#: serverguide/C/virtualization.xml:1216(para)
4194
4201
msgid ""
4195
4202
"You can obtain help for the options supported by any particular container by "
4196
4203
"passing <emphasis>--help</emphasis> and the template name to <command>lxc-"
4197
4204
"create</command>. For instance, for help with the download template,"
4198
4205
msgstr ""
4199
4206
4200
#: serverguide/C/virtualization.xml:1231(command)
4207
#: serverguide/C/virtualization.xml:1223(command)
4201
4208
msgid "lxc-create --template download --help"
4202
4209
msgstr ""
4203
4210
4204
#: serverguide/C/virtualization.xml:1237(title)
4211
#: serverguide/C/virtualization.xml:1229(title)
4205
4212
msgid "Autostart"
4206
4213
msgstr ""
4207
4214
4208
#: serverguide/C/virtualization.xml:1238(para)
4215
#: serverguide/C/virtualization.xml:1230(para)
4209
4216
msgid ""
4210
4217
"LXC supports marking containers to be started at system boot. Prior to "
4211
4218
"Ubuntu 14.04, this was done using symbolic links under the directory "
4222
4229
"lxc.container.conf for more information."
4223
4230
msgstr ""
4224
4231
4225
#: serverguide/C/virtualization.xml:2859(title)
4232
#: serverguide/C/virtualization.xml:1248(title)
4226
4233
msgid "Apparmor"
4227
4234
msgstr ""
4228
4235
4229
#: serverguide/C/virtualization.xml:1258(para)
4236
#: serverguide/C/virtualization.xml:1250(para)
4230
4237
msgid ""
4231
4238
"LXC ships with a default Apparmor profile intended to protect the host from "
4232
4239
"accidental misuses of privilege inside the container. For instance, the "
4234
4241
"trigger</filename> or to most <filename>/sys</filename> files."
4235
4242
msgstr ""
4236
4243
4237
#: serverguide/C/virtualization.xml:2867(para)
4244
#: serverguide/C/virtualization.xml:1256(para)
4238
4245
msgid ""
4239
4246
"The <filename>usr.bin.lxc-start</filename> profile is entered by running "
4240
4247
"<command>lxc-start</command>. This profile mainly prevents <command>lxc-"
4247
4254
"dangerous paths, and from mounting most filesystems."
4248
4255
msgstr ""
4249
4256
4250
#: serverguide/C/virtualization.xml:1275(para)
4257
#: serverguide/C/virtualization.xml:1267(para)
4251
4258
msgid ""
4252
4259
"Programs in a container cannot be further confined - for instance, MySQL "
4253
4260
"runs under the container profile (protecting the host) but will not be able "
4254
4261
"to enter the MySQL profile (to protect the container)."
4255
4262
msgstr ""
4256
4263
4257
#: serverguide/C/virtualization.xml:2926(para)
4264
#: serverguide/C/virtualization.xml:1272(para)
4258
4265
msgid ""
4259
4266
"<command>lxc-execute</command> does not enter an Apparmor profile, but the "
4260
4267
"container it spawns will be confined."
4261
4268
msgstr ""
4262
4269
4263
#: serverguide/C/virtualization.xml:1283(title)
4270
#: serverguide/C/virtualization.xml:1275(title)
4264
4271
msgid "Customizing container policies"
4265
4272
msgstr ""
4266
4273
4267
#: serverguide/C/virtualization.xml:2879(para)
4274
#: serverguide/C/virtualization.xml:1276(para)
4268
4275
msgid ""
4269
4276
"If you find that <command>lxc-start</command> is failing due to a legitimate "
4270
4277
"access which is being denied by its Apparmor policy, you can disable the lxc-"
4271
4278
"start profile by doing:"
4272
4279
msgstr ""
4273
4280
4274
#: serverguide/C/virtualization.xml:2885(screen)
4281
#: serverguide/C/virtualization.xml:1280(screen)
4275
4282
#, no-wrap
4276
4283
msgid ""
4277
4284
"\n"
4279
4286
"sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disabled/\n"
4280
4287
msgstr ""
4281
4288
4282
#: serverguide/C/virtualization.xml:2890(para)
4289
#: serverguide/C/virtualization.xml:1285(para)
4283
4290
msgid ""
4284
4291
"This will make <command>lxc-start</command> run unconfined, but continue to "
4285
4292
"confine the container itself. If you also wish to disable confinement of the "
4287
4294
"start</filename> profile, you must add:"
4288
4295
msgstr ""
4289
4296
4290
#: serverguide/C/virtualization.xml:2897(screen)
4297
#: serverguide/C/virtualization.xml:1290(screen)
4291
4298
#, no-wrap
4292
4299
msgid ""
4293
4300
"\n"
4294
4301
"lxc.aa_profile = unconfined\n"
4295
4302
msgstr ""
4296
4303
4297
#: serverguide/C/virtualization.xml:1302(para)
4304
#: serverguide/C/virtualization.xml:1294(para)
4298
4305
msgid "to the container's configuration file."
4299
4306
msgstr ""
4300
4307
4301
#: serverguide/C/virtualization.xml:1304(para)
4308
#: serverguide/C/virtualization.xml:1296(para)
4302
4309
msgid ""
4303
4310
"LXC ships with a few alternate policies for containers. If you wish to run "
4304
4311
"containers inside containers (nesting), then you can use the lxc-container-"
4307
4314
"lxc.aa_profile = lxc-container-default-with-nesting\n"
4308
4315
"\t</screen> If you wish to use libvirt inside containers, then you will need "
4309
4316
"to edit that policy (which is defined in <filename>/etc/apparmor.d/lxc/lxc-"
4310
"default-with-nesting</filename>) to uncomment the following line <screen>\n"
4317
"default-with-nesting</filename>) by uncommenting the following line: "
4318
"<screen>\n"
4311
4319
"mount fstype=cgroup -> /sys/fs/cgroup/**,\n"
4312
4320
"\t</screen> and re-load the policy."
4313
4321
msgstr ""
4314
4322
4315
#: serverguide/C/virtualization.xml:1321(para)
4323
#: serverguide/C/virtualization.xml:1313(para)
4316
4324
msgid ""
4317
4325
"Note that the nesting policy with privileged containers is far less safe "
4318
4326
"than the default policy, as it allows containers to re-mount "
4322
4330
"<filename>proc</filename> and <filename>sys</filename> files."
4323
4331
msgstr ""
4324
4332
4325
#: serverguide/C/virtualization.xml:1329(para)
4333
#: serverguide/C/virtualization.xml:1321(para)
4326
4334
msgid ""
4327
4335
"Another profile shipped with lxc allows containers to mount block filesystem "
4328
4336
"types like ext4. This can be useful in some cases like maas provisioning, "
4330
4338
"have not been audited for safe handling of untrusted input."
4331
4339
msgstr ""
4332
4340
4333
#: serverguide/C/virtualization.xml:1335(para)
4341
#: serverguide/C/virtualization.xml:1327(para)
4334
4342
msgid ""
4335
4343
"If you need to run a container in a custom profile, you can create a new "
4336
4344
"profile under <filename>/etc/apparmor.d/lxc/</filename>. Its name must start "
4342
4350
"permissions at the bottom of your policy."
4343
4351
msgstr ""
4344
4352
4345
#: serverguide/C/virtualization.xml:1346(para)
4353
#: serverguide/C/virtualization.xml:1338(para)
4346
4354
msgid "After creating the policy, load it using:"
4347
4355
msgstr ""
4348
4356
4349
#: serverguide/C/virtualization.xml:2910(screen)
4357
#: serverguide/C/virtualization.xml:1340(screen)
4350
4358
#, no-wrap
4351
4359
msgid ""
4352
4360
"\n"
4353
4361
"sudo apparmor_parser -r /etc/apparmor.d/lxc-containers\n"
4354
4362
msgstr ""
4355
4363
4356
#: serverguide/C/virtualization.xml:2914(para)
4364
#: serverguide/C/virtualization.xml:1344(para)
4357
4365
msgid ""
4358
4366
"The profile will automatically be loaded after a reboot, because it is "
4359
4367
"sourced by the file <filename>/etc/apparmor.d/lxc-containers</filename>. "
4362
4370
"configuration file:"
4363
4371
msgstr ""
4364
4372
4365
#: serverguide/C/virtualization.xml:2922(screen)
4373
#: serverguide/C/virtualization.xml:1351(screen)
4366
4374
#, no-wrap
4367
4375
msgid ""
4368
4376
"\n"
4369
4377
"lxc.aa_profile = lxc-CN-profile\n"
4370
4378
msgstr ""
4371
4379
4372
#: serverguide/C/virtualization.xml:2934(title)
4380
#: serverguide/C/virtualization.xml:1359(title) serverguide/C/cgroups.xml:11(title)
4373
4381
msgid "Control Groups"
4374
4382
msgstr ""
4375
4383
4376
#: serverguide/C/virtualization.xml:1369(para)
4384
#: serverguide/C/virtualization.xml:1361(para)
4377
4385
msgid ""
4378
4386
"Control groups (cgroups) are a kernel feature providing hierarchical task "
4379
4387
"grouping and per-cgroup resource accounting and limits. They are used in "
4382
4390
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4383
4391
msgstr ""
4384
4392
4385
#: serverguide/C/virtualization.xml:1377(para)
4393
#: serverguide/C/virtualization.xml:1369(para)
4386
4394
msgid ""
4387
"By default, a privileged container CN will be assigned a cgroup called "
4395
"By default, a privileged container CN will be assigned to a cgroup called "
4388
4396
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4389
4397
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4390
4398
"at 0, will be appended to the cgroup name."
4391
4399
msgstr ""
4392
4400
4393
#: serverguide/C/virtualization.xml:1383(para)
4401
#: serverguide/C/virtualization.xml:1375(para)
4394
4402
msgid ""
4395
"By default, a privileged container CN will be assigned a cgroup called "
4403
"By default, a privileged container CN will be assigned to a cgroup called "
4396
4404
"<filename>CN</filename> under the cgroup of the task which started the "
4397
4405
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4398
4406
"The container root will be given group ownership of the directory (but not "
4399
4407
"all files) so that it is allowed to create new child cgroups."
4400
4408
msgstr ""
4401
4409
4402
#: serverguide/C/virtualization.xml:1390(para)
4410
#: serverguide/C/virtualization.xml:1382(para)
4403
4411
msgid ""
4404
4412
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4405
4413
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4406
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4414
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4407
4415
"nested containers, the line <screen>\n"
4408
4416
"<command>\n"
4409
4417
"lxc.mount.auto = cgroup\n"
4420
4428
"requests for which they are not authorized."
4421
4429
msgstr ""
4422
4430
4423
#: serverguide/C/virtualization.xml:3262(title)
4431
#: serverguide/C/virtualization.xml:1406(title)
4424
4432
msgid "Cloning"
4425
4433
msgstr ""
4426
4434
4427
#: serverguide/C/virtualization.xml:1416(para)
4435
#: serverguide/C/virtualization.xml:1408(para)
4428
4436
msgid ""
4429
4437
"For rapid provisioning, you may wish to customize a canonical container "
4430
4438
"according to your needs and then make multiple copies of it. This can be "
4431
4439
"done with the <command>lxc-clone</command> program."
4432
4440
msgstr ""
4433
4441
4434
#: serverguide/C/virtualization.xml:1420(para)
4442
#: serverguide/C/virtualization.xml:1412(para)
4435
4443
msgid ""
4436
4444
"Clones are either snapshots or copies of another container. A copy is a new "
4437
4445
"container copied from the original, and takes as much space on the host as "
4447
4455
"and apt-get to be slower."
4448
4456
msgstr ""
4449
4457
4450
#: serverguide/C/virtualization.xml:1434(para)
4458
#: serverguide/C/virtualization.xml:1426(para)
4451
4459
msgid ""
4452
4460
"Snapshots of directory-packed containers are created using the overlay "
4453
4461
"filesystem. For instance, a privileged directory-backed container C1 will "
4459
4467
"container, and to only use its snapshots."
4460
4468
msgstr ""
4461
4469
4462
#: serverguide/C/virtualization.xml:1446(para)
4470
#: serverguide/C/virtualization.xml:1438(para)
4463
4471
msgid "Given an existing container called C1, a copy can be created using:"
4464
4472
msgstr ""
4465
4473
4466
#: serverguide/C/virtualization.xml:3274(command)
4474
#: serverguide/C/virtualization.xml:1442(command)
4467
4475
msgid "sudo lxc-clone -o C1 -n C2"
4468
4476
msgstr ""
4469
4477
4470
#: serverguide/C/virtualization.xml:1455(para)
4471
msgid "A snapshot can be created using"
4478
#: serverguide/C/virtualization.xml:1447(para)
4479
msgid "A snapshot can be created using:"
4472
4480
msgstr ""
4473
4481
4474
#: serverguide/C/virtualization.xml:3288(command)
4482
#: serverguide/C/virtualization.xml:1449(command)
4475
4483
msgid "sudo lxc-clone -s -o C1 -n C2"
4476
4484
msgstr ""
4477
4485
4478
#: serverguide/C/virtualization.xml:1461(para)
4486
#: serverguide/C/virtualization.xml:1453(para)
4479
4487
msgid "See the lxc-clone manpage for more information."
4480
4488
msgstr ""
4481
4489
4482
#: serverguide/C/virtualization.xml:1464(title)
4490
#: serverguide/C/virtualization.xml:1456(title)
4483
4491
msgid "Snapshots"
4484
4492
msgstr ""
4485
4493
4486
#: serverguide/C/virtualization.xml:1465(para)
4494
#: serverguide/C/virtualization.xml:1457(para)
4487
4495
msgid ""
4488
4496
"To more easily support the use of snapshot clones for iterative container "
4489
4497
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4501
4509
"is erased and replaced with the snap1 snapshot."
4502
4510
msgstr ""
4503
4511
4504
#: serverguide/C/virtualization.xml:1484(para)
4512
#: serverguide/C/virtualization.xml:1476(para)
4505
4513
msgid ""
4506
4514
"Snapshots are supported for btrfs, lvm, zfs, and overlayfs containers. If "
4507
4515
"lxc-snapshot is called on a directory-backed container, an error will be "
4522
4530
"</screen>"
4523
4531
msgstr ""
4524
4532
4525
#: serverguide/C/virtualization.xml:1508(title)
4533
#: serverguide/C/virtualization.xml:1500(title)
4526
4534
msgid "Ephemeral Containers"
4527
4535
msgstr ""
4528
4536
4529
#: serverguide/C/virtualization.xml:1509(para)
4537
#: serverguide/C/virtualization.xml:1501(para)
4530
4538
msgid ""
4531
4539
"While snapshots are useful for longer-term incremental development of "
4532
4540
"images, ephemeral containers utilize snapshots for quick, single-use "
4541
4549
"page for more options."
4542
4550
msgstr ""
4543
4551
4544
#: serverguide/C/virtualization.xml:1527(title)
4552
#: serverguide/C/virtualization.xml:1519(title)
4545
4553
msgid "Lifecycle management hooks"
4546
4554
msgstr ""
4547
4555
4548
#: serverguide/C/virtualization.xml:1529(para)
4556
#: serverguide/C/virtualization.xml:1521(para)
4549
4557
msgid ""
4550
4558
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4551
4559
"at specific points in a container's lifetime:"
4552
4560
msgstr ""
4553
4561
4554
#: serverguide/C/virtualization.xml:1534(para)
4562
#: serverguide/C/virtualization.xml:1526(para)
4555
4563
msgid ""
4556
4564
"Pre-start hooks are run in the host's namespace before the container ttys, "
4557
4565
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4558
4566
"be cleaned up in the post-stop hook."
4559
4567
msgstr ""
4560
4568
4561
#: serverguide/C/virtualization.xml:1541(para)
4569
#: serverguide/C/virtualization.xml:1533(para)
4562
4570
msgid ""
4563
4571
"Pre-mount hooks are run in the container's namespaces, but before the root "
4564
4572
"filesystem has been mounted. Mounts done in this hook will be automatically "
4565
4573
"cleaned up when the container shuts down."
4566
4574
msgstr ""
4567
4575
4568
#: serverguide/C/virtualization.xml:1548(para)
4576
#: serverguide/C/virtualization.xml:1540(para)
4569
4577
msgid ""
4570
4578
"Mount hooks are run after the container filesystems have been mounted, but "
4571
4579
"before the container has called <command>pivot_root</command> to change its "
4572
4580
"root filesystem."
4573
4581
msgstr ""
4574
4582
4575
#: serverguide/C/virtualization.xml:1555(para)
4583
#: serverguide/C/virtualization.xml:1547(para)
4576
4584
msgid ""
4577
4585
"Start hooks are run immediately before executing the container's init. Since "
4578
4586
"these are executed after pivoting into the container's filesystem, the "
4579
4587
"command to be executed must be copied into the container's filesystem."
4580
4588
msgstr ""
4581
4589
4582
#: serverguide/C/virtualization.xml:1562(para)
4590
#: serverguide/C/virtualization.xml:1554(para)
4583
4591
msgid "Post-stop hooks are executed after the container has been shut down."
4584
4592
msgstr ""
4585
4593
4586
#: serverguide/C/virtualization.xml:1567(para)
4594
#: serverguide/C/virtualization.xml:1559(para)
4587
4595
msgid ""
4588
4596
"If any hook returns an error, the container's run will be aborted. Any "
4589
4597
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4590
4598
"generated by the script will be logged at the debug priority."
4591
4599
msgstr ""
4592
4600
4593
#: serverguide/C/virtualization.xml:1572(para)
4601
#: serverguide/C/virtualization.xml:1564(para)
4594
4602
msgid ""
4595
4603
"Please see the lxc.container.conf manual page for the configuration file "
4596
4604
"format with which to specify hooks. Some sample hooks are shipped with the "
4597
4605
"lxc package to serve as an example of how to write and use such hooks."
4598
4606
msgstr ""
4599
4607
4600
#: serverguide/C/virtualization.xml:3452(title)
4608
#: serverguide/C/virtualization.xml:1571(title)
4601
4609
msgid "Consoles"
4602
4610
msgstr ""
4603
4611
4604
#: serverguide/C/virtualization.xml:1581(para)
4612
#: serverguide/C/virtualization.xml:1573(para)
4605
4613
msgid ""
4606
4614
"Containers have a configurable number of consoles. One always exists on the "
4607
4615
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4612
4620
"The number of extra consoles is specified by the <command>lxc.tty</command> "
4613
4621
"variable, and is usually set to 4. Those consoles are shown on "
4614
4622
"<filename>/dev/ttyN</filename> (for 1 <= N <= 4). To log into console "
4615
"3 from the host, use"
4623
"3 from the host, use:"
4616
4624
msgstr ""
4617
4625
4618
#: serverguide/C/virtualization.xml:3467(command)
4626
#: serverguide/C/virtualization.xml:1586(command)
4619
4627
msgid "sudo lxc-console -n container -t 3"
4620
4628
msgstr ""
4621
4629
4622
#: serverguide/C/virtualization.xml:3472(para)
4630
#: serverguide/C/virtualization.xml:1591(para)
4623
4631
msgid ""
4624
4632
"or if the <emphasis>-t N</emphasis> option is not specified, an unused "
4625
4633
"console will be automatically chosen. To exit the console, use the escape "
4628
4636
"d</emphasis> option."
4629
4637
msgstr ""
4630
4638
4631
#: serverguide/C/virtualization.xml:3480(para)
4639
#: serverguide/C/virtualization.xml:1597(para)
4632
4640
msgid ""
4633
4641
"Each container console is actually a Unix98 pty in the host's (not the "
4634
4642
"guest's) pty mount, bind-mounted over the guest's "
4641
4649
"<filename>/dev</filename>."
4642
4650
msgstr ""
4643
4651
4644
#: serverguide/C/mail.xml:345(title) serverguide/C/mail.xml:1640(title) serverguide/C/dns.xml:371(title)
4652
#: serverguide/C/virtualization.xml:1609(title) serverguide/C/mail.xml:390(title) serverguide/C/mail.xml:1698(title) serverguide/C/dns.xml:375(title)
4645
4653
msgid "Troubleshooting"
4646
4654
msgstr "Depanatge"
4647
4655
4648
#: serverguide/C/network-auth.xml:787(title) serverguide/C/dns.xml:508(title)
4656
#: serverguide/C/virtualization.xml:1611(title) serverguide/C/network-auth.xml:794(title) serverguide/C/dns.xml:517(title)
4649
4657
msgid "Logging"
4650
4658
msgstr ""
4651
4659
4652
#: serverguide/C/virtualization.xml:1620(para)
4660
#: serverguide/C/virtualization.xml:1612(para)
4653
4661
msgid ""
4654
4662
"If something goes wrong when starting a container, the first step should be "
4655
4663
"to get full logging from LXC: <screen>\n"
4662
4670
"new log information will be appended."
4663
4671
msgstr ""
4664
4672
4665
#: serverguide/C/virtualization.xml:3414(title)
4673
#: serverguide/C/virtualization.xml:1627(title)
4666
4674
msgid "Monitoring container status"
4667
4675
msgstr ""
4668
4676
4669
#: serverguide/C/virtualization.xml:3416(para)
4677
#: serverguide/C/virtualization.xml:1629(para)
4670
4678
msgid ""
4671
4679
"Two commands are available to monitor container state changes. <command>lxc-"
4672
4680
"monitor</command> monitors one or more containers for any state changes. It "
4678
4686
"instance,"
4679
4687
msgstr ""
4680
4688
4681
#: serverguide/C/virtualization.xml:3429(command)
4689
#: serverguide/C/virtualization.xml:1639(command)
4682
4690
msgid "sudo lxc-monitor -n cont[0-5]*"
4683
4691
msgstr ""
4684
4692
4685
#: serverguide/C/virtualization.xml:3434(para)
4693
#: serverguide/C/virtualization.xml:1644(para)
4686
4694
msgid ""
4687
4695
"would print all state changes to any containers matching the listed regular "
4688
4696
"expression, whereas"
4689
4697
msgstr ""
4690
4698
4691
#: serverguide/C/virtualization.xml:3440(command)
4699
#: serverguide/C/virtualization.xml:1648(command)
4692
4700
msgid "sudo lxc-wait -n cont1 -s 'STOPPED|FROZEN'"
4693
4701
msgstr ""
4694
4702
4695
#: serverguide/C/virtualization.xml:3445(para)
4703
#: serverguide/C/virtualization.xml:1653(para)
4696
4704
msgid ""
4697
4705
"will wait until container cont1 enters state STOPPED or state FROZEN and "
4698
4706
"then exit."
4699
4707
msgstr ""
4700
4708
4701
#: serverguide/C/virtualization.xml:1666(title)
4709
#: serverguide/C/virtualization.xml:1658(title)
4702
4710
msgid "Attach"
4703
4711
msgstr ""
4704
4712
4705
#: serverguide/C/virtualization.xml:1667(para)
4713
#: serverguide/C/virtualization.xml:1659(para)
4706
4714
msgid ""
4707
4715
"As of Ubuntu 14.04, it is possible to attach to a container's namespaces. "
4708
4716
"The simplest case is to simply do <screen>\n"
4715
4723
"context. See the manual page for more information."
4716
4724
msgstr ""
4717
4725
4718
#: serverguide/C/virtualization.xml:1683(title)
4726
#: serverguide/C/virtualization.xml:1675(title)
4719
4727
msgid "Container init verbosity"
4720
4728
msgstr ""
4721
4729
4722
#: serverguide/C/virtualization.xml:1684(para)
4730
#: serverguide/C/virtualization.xml:1676(para)
4723
4731
msgid ""
4724
4732
"If LXC completes the container startup, but the container init fails to "
4725
4733
"complete (for instance, no login prompt is shown), it can be useful to "
4738
4746
"</screen>"
4739
4747
msgstr ""
4740
4748
4741
#: serverguide/C/virtualization.xml:1708(title)
4749
#: serverguide/C/virtualization.xml:1700(title)
4742
4750
msgid "LXC API"
4743
4751
msgstr ""
4744
4752
4745
#: serverguide/C/virtualization.xml:1710(para)
4753
#: serverguide/C/virtualization.xml:1702(para)
4746
4754
msgid ""
4747
4755
"Most of the LXC functionality can now be accessed through an API exported by "
4748
4756
"<filename>liblxc</filename> for which bindings are available in several "
4749
4757
"languages, including Python, lua, ruby, and go."
4750
4758
msgstr ""
4751
4759
4752
#: serverguide/C/virtualization.xml:1714(para)
4760
#: serverguide/C/virtualization.xml:1706(para)
4753
4761
msgid ""
4754
4762
"Below is an example using the python bindings (which are available in the "
4755
4763
"<application>python3-lxc</application> package) which creates and starts a "
4756
4764
"container, then waits until it has been shut down:"
4757
4765
msgstr ""
4758
4766
4759
#: serverguide/C/virtualization.xml:1720(programlisting)
4767
#: serverguide/C/virtualization.xml:1712(programlisting)
4760
4768
#, no-wrap
4761
4769
msgid ""
4762
4770
"\n"
4778
4786
"True\n"
4779
4787
msgstr ""
4780
4788
4781
#: serverguide/C/virtualization.xml:4349(title) serverguide/C/security.xml:11(title)
4789
#: serverguide/C/virtualization.xml:1732(title) serverguide/C/security.xml:11(title)
4782
4790
msgid "Security"
4783
4791
msgstr ""
4784
4792
4785
#: serverguide/C/virtualization.xml:4351(para)
4793
#: serverguide/C/virtualization.xml:1734(para)
4786
4794
msgid ""
4787
4795
"A namespace maps ids to resources. By not providing a container any id with "
4788
4796
"which to reference a resource, the resource can be protected. This is the "
4793
4801
"host."
4794
4802
msgstr ""
4795
4803
4796
#: serverguide/C/virtualization.xml:1751(para)
4804
#: serverguide/C/virtualization.xml:1743(para)
4797
4805
msgid ""
4798
4806
"By default, LXC containers are started under a Apparmor policy to restrict "
4799
4807
"some actions. The details of AppArmor integration with lxc are in section "
4804
4812
"host."
4805
4813
msgstr ""
4806
4814
4807
#: serverguide/C/virtualization.xml:4375(title)
4815
#: serverguide/C/virtualization.xml:1754(title)
4808
4816
msgid "Exploitable system calls"
4809
4817
msgstr ""
4810
4818
4811
#: serverguide/C/virtualization.xml:1764(para)
4819
#: serverguide/C/virtualization.xml:1756(para)
4812
4820
msgid ""
4813
4821
"It is a core container feature that containers share a kernel with the host. "
4814
4822
"Therefore if the kernel contains any exploitable system calls the container "
4816
4824
"fully control any resource known to the host."
4817
4825
msgstr ""
4818
4826
4819
#: serverguide/C/virtualization.xml:1770(para)
4827
#: serverguide/C/virtualization.xml:1762(para)
4820
4828
msgid ""
4821
4829
"Since Ubuntu 12.10 (Quantal) a container can also be constrained by a "
4822
4830
"seccomp filter. Seccomp is a new kernel feature which filters the system "
4828
4836
"by a list of numbers, one per line."
4829
4837
msgstr ""
4830
4838
4831
#: serverguide/C/virtualization.xml:1780(para)
4839
#: serverguide/C/virtualization.xml:1772(para)
4832
4840
msgid ""
4833
4841
"In general to run a full distribution container a large number of system "
4834
4842
"calls will be needed. However for application containers it may be possible "
4840
4848
"loaded."
4841
4849
msgstr ""
4842
4850
4843
#: serverguide/C/virtualization.xml:4392(para)
4851
#: serverguide/C/virtualization.xml:1788(para)
4844
4852
msgid ""
4845
4853
"The DeveloperWorks article <ulink "
4846
4854
"url=\"https://www.ibm.com/developerworks/linux/library/l-lxc-"
4848
4856
"to the use of containers."
4849
4857
msgstr ""
4850
4858
4851
#: serverguide/C/virtualization.xml:4398(para)
4859
#: serverguide/C/virtualization.xml:1795(para)
4852
4860
msgid ""
4853
4861
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4854
4862
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4855
4863
"use of security modules to make containers more secure."
4856
4864
msgstr ""
4857
4865
4858
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4866
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4859
4867
msgid "Manual pages referenced above can be found at:"
4860
4868
msgstr ""
4861
4869
4862
#: serverguide/C/virtualization.xml:4407(ulink)
4870
#: serverguide/C/virtualization.xml:1804(ulink)
4863
4871
msgid "capabilities"
4864
4872
msgstr ""
4865
4873
4866
#: serverguide/C/virtualization.xml:4408(ulink)
4874
#: serverguide/C/virtualization.xml:1805(ulink)
4867
4875
msgid "lxc.conf"
4868
4876
msgstr ""
4869
4877
4870
#: serverguide/C/virtualization.xml:1818(para)
4878
#: serverguide/C/virtualization.xml:1810(para)
4871
4879
msgid ""
4872
4880
"The upstream LXC project is hosted at <ulink "
4873
4881
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4874
4882
msgstr ""
4875
4883
4876
#: serverguide/C/virtualization.xml:4420(para)
4884
#: serverguide/C/virtualization.xml:1815(para)
4877
4885
msgid ""
4878
4886
"LXC security issues are listed and discussed at <ulink "
4879
4887
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4880
4888
msgstr ""
4881
4889
4882
#: serverguide/C/virtualization.xml:1829(para)
4890
#: serverguide/C/virtualization.xml:1821(para)
4883
4891
msgid ""
4884
4892
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4885
4893
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
4900
4908
"to manage information that changes often, there is room for version control."
4901
4909
msgstr ""
4902
4910
4903
#: serverguide/C/vcs.xml:15(title)
4911
#: serverguide/C/vcs.xml:22(title)
4904
4912
msgid "Bazaar"
4905
4913
msgstr ""
4906
4914
4907
#: serverguide/C/vcs.xml:16(para)
4915
#: serverguide/C/vcs.xml:23(para)
4908
4916
msgid ""
4909
4917
"Bazaar is a new version control system sponsored by Canonical, the "
4910
4918
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
4914
4922
"maximize the level of community participation in open source projects."
4915
4923
msgstr ""
4916
4924
4917
#: serverguide/C/vcs.xml:27(para)
4925
#: serverguide/C/vcs.xml:34(para)
4918
4926
msgid ""
4919
4927
"At a terminal prompt, enter the following command to install "
4920
4928
"<application>bzr</application>: <screen>\n"
4922
4930
"</screen>"
4923
4931
msgstr ""
4924
4932
4925
#: serverguide/C/vcs.xml:38(para)
4933
#: serverguide/C/vcs.xml:45(para)
4926
4934
msgid ""
4927
4935
"To introduce yourself to <application>bzr</application>, use the "
4928
4936
"<emphasis>whoami</emphasis> command like this: <screen>\n"
4930
4938
"</screen>"
4931
4939
msgstr ""
4932
4940
4933
#: serverguide/C/vcs.xml:47(title)
4941
#: serverguide/C/vcs.xml:54(title)
4934
4942
msgid "Learning Bazaar"
4935
4943
msgstr ""
4936
4944
4937
#: serverguide/C/vcs.xml:48(para)
4945
#: serverguide/C/vcs.xml:55(para)
4938
4946
msgid ""
4939
4947
"Bazaar comes with bundled documentation installed into "
4940
4948
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
4944
4952
"</screen>"
4945
4953
msgstr ""
4946
4954
4947
#: serverguide/C/vcs.xml:58(para)
4955
#: serverguide/C/vcs.xml:65(para)
4948
4956
msgid ""
4949
4957
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
4950
4958
"<command>$ bzr help foo</command>\n"
4951
4959
"</screen>"
4952
4960
msgstr ""
4953
4961
4954
#: serverguide/C/vcs.xml:66(title)
4962
#: serverguide/C/vcs.xml:73(title)
4955
4963
msgid "Launchpad Integration"
4956
4964
msgstr ""
4957
4965
4958
#: serverguide/C/vcs.xml:67(para)
4966
#: serverguide/C/vcs.xml:74(para)
4959
4967
msgid ""
4960
4968
"While highly useful as a stand-alone system, Bazaar has good, optional "
4961
4969
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
4966
4974
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
4967
4975
msgstr ""
4968
4976
4969
#: serverguide/C/vcs.xml:80(title)
4977
#: serverguide/C/vcs.xml:87(title)
4970
4978
msgid "Git"
4971
4979
msgstr ""
4972
4980
4973
#: serverguide/C/vcs.xml:82(para)
4981
#: serverguide/C/vcs.xml:89(para)
4974
4982
msgid ""
4975
4983
"Git is an open source distributed version control system originally "
4976
4984
"developped by Linus Torvalds to support the development of the linux kernel. "
4979
4987
"access or a central server."
4980
4988
msgstr ""
4981
4989
4982
#: serverguide/C/vcs.xml:88(para)
4990
#: serverguide/C/vcs.xml:95(para)
4983
4991
msgid ""
4984
4992
"The <application>git</application> version control system is installed with "
4985
4993
"the following command"
4986
4994
msgstr ""
4987
4995
4988
#: serverguide/C/vcs.xml:92(command)
4996
#: serverguide/C/vcs.xml:99(command)
4989
4997
msgid "sudo apt-get install git"
4990
4998
msgstr ""
4991
4999
4992
#: serverguide/C/vcs.xml:97(para)
5000
#: serverguide/C/vcs.xml:104(para)
4993
5001
msgid ""
4994
5002
"Every git user should first introduce himself to git, by running these two "
4995
5003
"commands:"
4996
5004
msgstr ""
4997
5005
4998
#: serverguide/C/vcs.xml:99(command)
5006
#: serverguide/C/vcs.xml:106(command)
4999
5007
msgid "git config --global user.email \"you@example.com\""
5000
5008
msgstr ""
5001
5009
5002
#: serverguide/C/vcs.xml:100(command)
5010
#: serverguide/C/vcs.xml:107(command)
5003
5011
msgid "git config --global user.name \"Your Name\""
5004
5012
msgstr ""
5005
5013
5006
#: serverguide/C/vcs.xml:105(para)
5014
#: serverguide/C/vcs.xml:112(para)
5007
5015
msgid ""
5008
5016
"The above is already sufficient to use git in a distributed and secure way, "
5009
5017
"provided users have access to the machine assuming the server role via SSH. "
5010
"On the server machine, creating a new repository can be done with"
5018
"On the server machine, creating a new repository can be done with:"
5011
5019
msgstr ""
5012
5020
5013
#: serverguide/C/vcs.xml:108(command)
5021
#: serverguide/C/vcs.xml:119(command)
5014
5022
msgid "git init --bare /path/to/repository"
5015
5023
msgstr ""
5016
5024
5017
#: serverguide/C/vcs.xml:110(para)
5025
#: serverguide/C/vcs.xml:121(para)
5018
5026
msgid ""
5019
5027
"This creates a bare repository, that cannot be used to edit files directly. "
5020
5028
"If you would rather have a working copy of the contents of the repository on "
5021
5029
"the server, ommit the <emphasis>--bare</emphasis> option."
5022
5030
msgstr ""
5023
5031
5024
#: serverguide/C/vcs.xml:111(para)
5032
#: serverguide/C/vcs.xml:122(para)
5025
5033
msgid ""
5026
"Any client with ssh access to the machine can from then on clone the "
5027
"repository with"
5034
"Any client with SSH access to the machine can then clone the repository with:"
5028
5035
msgstr ""
5029
5036
5030
#: serverguide/C/vcs.xml:113(command)
5037
#: serverguide/C/vcs.xml:127(command)
5031
5038
msgid "git clone username@hostname:/path/to/repository"
5032
5039
msgstr ""
5033
5040
5034
#: serverguide/C/vcs.xml:115(para)
5041
#: serverguide/C/vcs.xml:129(para)
5035
5042
msgid ""
5036
5043
"Once cloned to the client's machine, the client can edit files, then commit "
5037
5044
"and share them with:"
5038
5045
msgstr ""
5039
5046
5040
#: serverguide/C/vcs.xml:119(command)
5047
#: serverguide/C/vcs.xml:133(command)
5041
5048
msgid "cd /path/to/repository"
5042
5049
msgstr ""
5043
5050
5044
#: serverguide/C/vcs.xml:120(command)
5051
#: serverguide/C/vcs.xml:134(command)
5045
5052
msgid "#(edit some files"
5046
5053
msgstr ""
5047
5054
5048
#: serverguide/C/vcs.xml:121(command)
5055
#: serverguide/C/vcs.xml:135(command)
5049
5056
msgid ""
5050
5057
"git commit -a # Commit all changes to the local version of the repository"
5051
5058
msgstr ""
5052
5059
5053
#: serverguide/C/vcs.xml:122(command)
5060
#: serverguide/C/vcs.xml:136(command)
5054
5061
msgid ""
5055
5062
"git push origin master # Push changes to the server's version of the "
5056
5063
"repository"
5057
5064
msgstr ""
5058
5065
5059
#: serverguide/C/vcs.xml:127(title)
5066
#: serverguide/C/vcs.xml:141(title)
5060
5067
msgid "Installing a gitolite server"
5061
5068
msgstr ""
5062
5069
5063
#: serverguide/C/vcs.xml:128(para)
5070
#: serverguide/C/vcs.xml:142(para)
5064
5071
msgid ""
5065
5072
"While the above is sufficient to create, clone and edit repositories, users "
5066
5073
"wanting to install git on a server will most likely want to have git work "
5069
5076
"<application>gitolite</application> with the following command:"
5070
5077
msgstr ""
5071
5078
5072
#: serverguide/C/vcs.xml:134(command)
5079
#: serverguide/C/vcs.xml:148(command)
5073
5080
msgid "sudo apt-get install gitolite"
5074
5081
msgstr ""
5075
5082
5076
#: serverguide/C/vcs.xml:139(title)
5083
#: serverguide/C/vcs.xml:153(title)
5077
5084
msgid "Gitolite configuration"
5078
5085
msgstr ""
5079
5086
5080
#: serverguide/C/vcs.xml:140(para)
5087
#: serverguide/C/vcs.xml:154(para)
5081
5088
msgid ""
5082
5089
"Configuration of the <application>gitolite</application> server is a little "
5083
5090
"different that most other servers on Unix-like systems. Instead of the "
5086
5093
"therefore to allow access to the configuration repository."
5087
5094
msgstr ""
5088
5095
5089
#: serverguide/C/vcs.xml:145(para)
5096
#: serverguide/C/vcs.xml:159(para)
5090
5097
msgid "First of all, let's create a user for gitolite to be accessed as."
5091
5098
msgstr ""
5092
5099
5093
#: serverguide/C/vcs.xml:149(command)
5100
#: serverguide/C/vcs.xml:163(command)
5094
5101
msgid ""
5095
5102
"sudo adduser --system --shell /bin/bash --group --disabled-password --home "
5096
5103
"/home/git git"
5097
5104
msgstr ""
5098
5105
5099
#: serverguide/C/vcs.xml:151(para)
5106
#: serverguide/C/vcs.xml:165(para)
5100
5107
msgid ""
5101
5108
"Now we want to let gitolite know about the repository administrator's public "
5102
5109
"SSH key. This assumes that the current user is the repository administrator. "
5104
5111
"keys\"/>"
5105
5112
msgstr ""
5106
5113
5107
#: serverguide/C/vcs.xml:156(command)
5114
#: serverguide/C/vcs.xml:170(command)
5108
5115
msgid "cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub"
5109
5116
msgstr ""
5110
5117
5111
#: serverguide/C/vcs.xml:158(para)
5118
#: serverguide/C/vcs.xml:172(para)
5112
5119
msgid ""
5113
5120
"Let's switch to the git user and import the administrator's key into "
5114
5121
"gitolite."
5115
5122
msgstr ""
5116
5123
5117
#: serverguide/C/vcs.xml:162(command)
5124
#: serverguide/C/vcs.xml:176(command)
5118
5125
msgid "sudo su - git"
5119
5126
msgstr ""
5120
5127
5121
#: serverguide/C/vcs.xml:163(command)
5128
#: serverguide/C/vcs.xml:177(command)
5122
5129
msgid "gl-setup /tmp/*.pub"
5123
5130
msgstr ""
5124
5131
5125
#: serverguide/C/vcs.xml:165(para)
5132
#: serverguide/C/vcs.xml:179(para)
5126
5133
msgid ""
5127
5134
"Gitolite will allow you to make initial changes to its configuration file "
5128
5135
"during the setup process. You can now clone and modify the gitolite "
5131
5138
"configuration repository:"
5132
5139
msgstr ""
5133
5140
5134
#: serverguide/C/vcs.xml:169(command)
5141
#: serverguide/C/vcs.xml:183(command)
5135
5142
msgid "exit"
5136
5143
msgstr ""
5137
5144
5138
#: serverguide/C/vcs.xml:170(command)
5145
#: serverguide/C/vcs.xml:184(command)
5139
5146
msgid "git clone git@$IP_ADDRESS:gitolite-admin.git"
5140
5147
msgstr ""
5141
5148
5142
#: serverguide/C/vcs.xml:171(command)
5149
#: serverguide/C/vcs.xml:185(command)
5143
5150
msgid "cd gitolite-admin"
5144
5151
msgstr ""
5145
5152
5146
#: serverguide/C/vcs.xml:173(para)
5153
#: serverguide/C/vcs.xml:187(para)
5147
5154
msgid ""
5148
5155
"The gitolite-admin contains two subdirectories, \"conf\" and \"keydir\". The "
5149
5156
"configuration files are in the conf dir, and the keydir directory contains "
5150
5157
"the list of user's public SSH keys."
5151
5158
msgstr ""
5152
5159
5153
#: serverguide/C/vcs.xml:176(title)
5160
#: serverguide/C/vcs.xml:190(title)
5154
5161
msgid "Managing gitolite users and repositories"
5155
5162
msgstr ""
5156
5163
5157
#: serverguide/C/vcs.xml:177(para)
5164
#: serverguide/C/vcs.xml:191(para)
5158
5165
msgid ""
5159
5166
"Adding new users to gitolite is simple: just obtain their public SSH key and "
5160
5167
"add it to the keydir directory as $DESIRED_USER_NAME.pub. Note that the "
5165
5172
"server with"
5166
5173
msgstr ""
5167
5174
5168
#: serverguide/C/vcs.xml:179(command)
5175
#: serverguide/C/vcs.xml:193(command)
5169
5176
msgid "git commit -a"
5170
5177
msgstr ""
5171
5178
5172
#: serverguide/C/vcs.xml:180(command)
5179
#: serverguide/C/vcs.xml:194(command)
5173
5180
msgid "git push origin master"
5174
5181
msgstr ""
5175
5182
5176
#: serverguide/C/vcs.xml:182(para)
5183
#: serverguide/C/vcs.xml:196(para)
5177
5184
msgid ""
5178
5185
"Repositories are managed by editing the conf/gitolite.conf file. The syntax "
5179
5186
"is space separated, and simply specifies the list of repositories followed "
5180
5187
"by some access rules. The following is a default example"
5181
5188
msgstr ""
5182
5189
5183
#: serverguide/C/vcs.xml:183(programlisting)
5190
#: serverguide/C/vcs.xml:197(programlisting)
5184
5191
#, no-wrap
5185
5192
msgid ""
5186
5193
"\n"
5194
5201
" R = denise\n"
5195
5202
msgstr ""
5196
5203
5197
#: serverguide/C/vcs.xml:195(title)
5204
#: serverguide/C/vcs.xml:209(title)
5198
5205
msgid "Using your server"
5199
5206
msgstr ""
5200
5207
5201
#: serverguide/C/vcs.xml:196(para)
5208
#: serverguide/C/vcs.xml:210(para)
5202
5209
msgid ""
5203
5210
"To use the newly created server, users have to have the gitolite admin "
5204
5211
"import their public key into the gitolite configuration repository, they can "
5205
5212
"then access any project they have access to with the following command:"
5206
5213
msgstr ""
5207
5214
5208
#: serverguide/C/vcs.xml:198(command)
5215
#: serverguide/C/vcs.xml:212(command)
5209
5216
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5210
5217
msgstr ""
5211
5218
5212
#: serverguide/C/vcs.xml:200(para)
5219
#: serverguide/C/vcs.xml:214(para)
5213
5220
msgid ""
5214
5221
"Or add the server's project as a remote for an existing git repository:"
5215
5222
msgstr ""
5216
5223
5217
#: serverguide/C/vcs.xml:202(command)
5224
#: serverguide/C/vcs.xml:216(command)
5218
5225
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5219
5226
msgstr ""
5220
5227
5221
#: serverguide/C/vcs.xml:79(title)
5228
#: serverguide/C/vcs.xml:221(title)
5222
5229
msgid "Subversion"
5223
5230
msgstr ""
5224
5231
5225
#: serverguide/C/vcs.xml:80(para)
5232
#: serverguide/C/vcs.xml:222(para)
5226
5233
msgid ""
5227
5234
"Subversion is an open source version control system. Using Subversion, you "
5228
5235
"can record the history of source files and documents. It manages files and "
5231
5238
"remembers every change ever made to files and directories."
5232
5239
msgstr ""
5233
5240
5234
#: serverguide/C/vcs.xml:85(para)
5241
#: serverguide/C/vcs.xml:227(para)
5235
5242
msgid ""
5236
5243
"To access Subversion repository using the HTTP protocol, you must install "
5237
5244
"and configure a web server. Apache2 is proven to work with Subversion. "
5242
5249
"section to install and configure the digital certificate."
5243
5250
msgstr ""
5244
5251
5245
#: serverguide/C/vcs.xml:94(para)
5252
#: serverguide/C/vcs.xml:236(para)
5246
5253
msgid ""
5247
5254
"To install Subversion, run the following command from a terminal prompt:"
5248
5255
msgstr ""
5249
5256
5250
#: serverguide/C/vcs.xml:227(command)
5257
#: serverguide/C/vcs.xml:241(command)
5251
5258
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5252
5259
msgstr ""
5253
5260
5254
#: serverguide/C/vcs.xml:105(title)
5261
#: serverguide/C/vcs.xml:247(title)
5255
5262
msgid "Server Configuration"
5256
5263
msgstr ""
5257
5264
5258
#: serverguide/C/vcs.xml:106(para)
5265
#: serverguide/C/vcs.xml:248(para)
5259
5266
msgid ""
5260
5267
"This step assumes you have installed above mentioned packages on your "
5261
5268
"system. This section explains how to create a Subversion repository and "
5262
5269
"access the project."
5263
5270
msgstr ""
5264
5271
5265
#: serverguide/C/vcs.xml:109(title)
5272
#: serverguide/C/vcs.xml:251(title)
5266
5273
msgid "Create Subversion Repository"
5267
5274
msgstr ""
5268
5275
5269
#: serverguide/C/vcs.xml:110(para)
5276
#: serverguide/C/vcs.xml:252(para)
5270
5277
msgid ""
5271
5278
"The Subversion repository can be created using the following command from a "
5272
5279
"terminal prompt:"
5273
5280
msgstr ""
5274
5281
5275
#: serverguide/C/vcs.xml:114(command)
5282
#: serverguide/C/vcs.xml:256(command)
5276
5283
msgid "svnadmin create /path/to/repos/project"
5277
5284
msgstr ""
5278
5285
5279
#: serverguide/C/vcs.xml:119(title)
5286
#: serverguide/C/vcs.xml:261(title)
5280
5287
msgid "Importing Files"
5281
5288
msgstr ""
5282
5289
5283
#: serverguide/C/vcs.xml:120(para)
5290
#: serverguide/C/vcs.xml:262(para)
5284
5291
msgid ""
5285
5292
"Once you create the repository you can <emphasis>import</emphasis> files "
5286
5293
"into the repository. To import a directory, enter the following from a "
5290
5297
"</screen>"
5291
5298
msgstr ""
5292
5299
5293
#: serverguide/C/vcs.xml:132(title) serverguide/C/vcs.xml:137(title)
5300
#: serverguide/C/vcs.xml:274(title) serverguide/C/vcs.xml:279(title)
5294
5301
msgid "Access Methods"
5295
5302
msgstr ""
5296
5303
5297
#: serverguide/C/vcs.xml:133(para)
5304
#: serverguide/C/vcs.xml:275(para)
5298
5305
msgid ""
5299
5306
"Subversion repositories can be accessed (checked out) through many different "
5300
5307
"methods --on local disk, or through various network protocols. A repository "
5302
5309
"schemes map to the available access methods."
5303
5310
msgstr ""
5304
5311
5305
#: serverguide/C/vcs.xml:144(para)
5312
#: serverguide/C/vcs.xml:286(para)
5306
5313
msgid "Schema"
5307
5314
msgstr ""
5308
5315
5309
#: serverguide/C/vcs.xml:145(para)
5316
#: serverguide/C/vcs.xml:287(para)
5310
5317
msgid "Access Method"
5311
5318
msgstr ""
5312
5319
5313
#: serverguide/C/vcs.xml:150(para)
5320
#: serverguide/C/vcs.xml:292(para)
5314
5321
msgid "file://"
5315
5322
msgstr ""
5316
5323
5317
#: serverguide/C/vcs.xml:151(para)
5324
#: serverguide/C/vcs.xml:293(para)
5318
5325
msgid "direct repository access (on local disk)"
5319
5326
msgstr ""
5320
5327
5321
#: serverguide/C/vcs.xml:154(para)
5328
#: serverguide/C/vcs.xml:296(para)
5322
5329
msgid "http://"
5323
5330
msgstr ""
5324
5331
5325
#: serverguide/C/vcs.xml:155(para)
5332
#: serverguide/C/vcs.xml:297(para)
5326
5333
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5327
5334
msgstr ""
5328
5335
5329
#: serverguide/C/vcs.xml:158(para)
5336
#: serverguide/C/vcs.xml:300(para)
5330
5337
msgid "https://"
5331
5338
msgstr ""
5332
5339
5333
#: serverguide/C/vcs.xml:159(para)
5340
#: serverguide/C/vcs.xml:301(para)
5334
5341
msgid "Same as http://, but with SSL encryption"
5335
5342
msgstr ""
5336
5343
5337
#: serverguide/C/vcs.xml:162(para)
5344
#: serverguide/C/vcs.xml:304(para)
5338
5345
msgid "svn://"
5339
5346
msgstr ""
5340
5347
5341
#: serverguide/C/vcs.xml:163(para)
5348
#: serverguide/C/vcs.xml:305(para)
5342
5349
msgid "Access via custom protocol to an svnserve server"
5343
5350
msgstr ""
5344
5351
5345
#: serverguide/C/vcs.xml:166(para)
5352
#: serverguide/C/vcs.xml:308(para)
5346
5353
msgid "svn+ssh://"
5347
5354
msgstr ""
5348
5355
5349
#: serverguide/C/vcs.xml:167(para)
5356
#: serverguide/C/vcs.xml:309(para)
5350
5357
msgid "Same as svn://, but through an SSH tunnel"
5351
5358
msgstr ""
5352
5359
5353
#: serverguide/C/vcs.xml:173(para)
5360
#: serverguide/C/vcs.xml:315(para)
5354
5361
msgid ""
5355
5362
"In this section, we will see how to configure Subversion for all these "
5356
5363
"access methods. Here, we cover the basics. For more advanced usage details, "
5357
5364
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5358
5365
msgstr ""
5359
5366
5360
#: serverguide/C/vcs.xml:180(title)
5367
#: serverguide/C/vcs.xml:322(title)
5361
5368
msgid "Direct repository access (file://)"
5362
5369
msgstr ""
5363
5370
5364
#: serverguide/C/vcs.xml:181(para)
5371
#: serverguide/C/vcs.xml:323(para)
5365
5372
msgid ""
5366
5373
"This is the simplest of all access methods. It does not require any "
5367
5374
"Subversion server process to be running. This access method is used to "
5369
5376
"at a terminal prompt, is as follows:"
5370
5377
msgstr ""
5371
5378
5372
#: serverguide/C/vcs.xml:188(command)
5379
#: serverguide/C/vcs.xml:330(command)
5373
5380
msgid "svn co file:///path/to/repos/project"
5374
5381
msgstr ""
5375
5382
5376
#: serverguide/C/vcs.xml:191(para)
5383
#: serverguide/C/vcs.xml:333(para)
5377
5384
msgid "or"
5378
5385
msgstr "o"
5379
5386
5380
#: serverguide/C/vcs.xml:194(command)
5387
#: serverguide/C/vcs.xml:336(command)
5381
5388
msgid "svn co file://localhost/path/to/repos/project"
5382
5389
msgstr ""
5383
5390
5384
#: serverguide/C/vcs.xml:198(para)
5391
#: serverguide/C/vcs.xml:340(para)
5385
5392
msgid ""
5386
5393
"If you do not specify the hostname, there are three forward slashes (///) -- "
5387
5394
"two for the protocol (file, in this case) plus the leading slash in the "
5388
5395
"path. If you specify the hostname, you must use two forward slashes (//)."
5389
5396
msgstr ""
5390
5397
5391
#: serverguide/C/vcs.xml:200(para)
5398
#: serverguide/C/vcs.xml:342(para)
5392
5399
msgid ""
5393
5400
"The repository permissions depend on filesystem permissions. If the user has "
5394
5401
"read/write permission, he can checkout from and commit to the repository."
5395
5402
msgstr ""
5396
5403
5397
#: serverguide/C/vcs.xml:203(title)
5404
#: serverguide/C/vcs.xml:345(title)
5398
5405
msgid "Access via WebDAV protocol (http://)"
5399
5406
msgstr ""
5400
5407
5401
#: serverguide/C/vcs.xml:332(para)
5408
#: serverguide/C/vcs.xml:346(para)
5402
5409
msgid ""
5403
5410
"To access the Subversion repository via WebDAV protocol, you must configure "
5404
5411
"your Apache 2 web server. Add the following snippet between the "
5408
5415
"another VirtualHost file:"
5409
5416
msgstr ""
5410
5417
5411
#: serverguide/C/vcs.xml:338(programlisting)
5418
#: serverguide/C/vcs.xml:352(programlisting)
5412
5419
#, no-wrap
5413
5420
msgid ""
5414
5421
"\n"
5422
5429
" </Location> \n"
5423
5430
msgstr ""
5424
5431
5425
#: serverguide/C/vcs.xml:349(para)
5432
#: serverguide/C/vcs.xml:363(para)
5426
5433
msgid ""
5427
5434
"The above configuration snippet assumes that Subversion repositories are "
5428
5435
"created under <filename>/path/to/repos</filename> directory using "
5431
5438
"<command>http://hostname/svn/repos_name</command> url."
5432
5439
msgstr ""
5433
5440
5434
#: serverguide/C/vcs.xml:355(para)
5441
#: serverguide/C/vcs.xml:369(para)
5435
5442
msgid ""
5436
5443
"Changing the apache configuration like the above requires to reload the "
5437
5444
"service with the following command"
5438
5445
msgstr ""
5439
5446
5440
#: serverguide/C/vcs.xml:360(command)
5447
#: serverguide/C/vcs.xml:374(command) serverguide/C/lamp-applications.xml:508(command)
5441
5448
msgid "sudo service apache2 reload"
5442
5449
msgstr ""
5443
5450
5444
#: serverguide/C/vcs.xml:362(para)
5451
#: serverguide/C/vcs.xml:376(para)
5445
5452
msgid ""
5446
5453
"To import or commit files to your Subversion repository over HTTP, the "
5447
5454
"repository should be owned by the HTTP user. In Ubuntu systems, the HTTP "
5449
5456
"repository files enter the following command from terminal prompt:"
5450
5457
msgstr ""
5451
5458
5452
#: serverguide/C/vcs.xml:236(command)
5459
#: serverguide/C/vcs.xml:385(command)
5453
5460
msgid "sudo chown -R www-data:www-data /path/to/repos"
5454
5461
msgstr ""
5455
5462
5456
#: serverguide/C/vcs.xml:239(para)
5463
#: serverguide/C/vcs.xml:388(para)
5457
5464
msgid ""
5458
5465
"By changing the ownership of repository as <command>www-data</command> you "
5459
5466
"will not be able to import or commit files into the repository by running "
5461
5468
"<command>www-data</command>."
5462
5469
msgstr ""
5463
5470
5464
#: serverguide/C/vcs.xml:248(para)
5471
#: serverguide/C/vcs.xml:397(para)
5465
5472
msgid ""
5466
5473
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5467
5474
"that will contain user authentication details. To create a file issue the "
5469
5476
"the first user):"
5470
5477
msgstr ""
5471
5478
5472
#: serverguide/C/vcs.xml:254(command)
5479
#: serverguide/C/vcs.xml:403(command)
5473
5480
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5474
5481
msgstr ""
5475
5482
5476
#: serverguide/C/vcs.xml:257(para)
5483
#: serverguide/C/vcs.xml:406(para)
5477
5484
msgid ""
5478
5485
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5479
5486
"option replaces the old file. Instead use this form:"
5480
5487
msgstr ""
5481
5488
5482
#: serverguide/C/vcs.xml:262(command)
5489
#: serverguide/C/vcs.xml:411(command)
5483
5490
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5484
5491
msgstr ""
5485
5492
5486
#: serverguide/C/vcs.xml:266(para)
5493
#: serverguide/C/vcs.xml:415(para)
5487
5494
msgid ""
5488
5495
"This command will prompt you to enter the password. Once you enter the "
5489
5496
"password, the user is added. Now, to access the repository you can run the "
5490
5497
"following command:"
5491
5498
msgstr ""
5492
5499
5493
#: serverguide/C/vcs.xml:267(command)
5500
#: serverguide/C/vcs.xml:416(command)
5494
5501
msgid "svn co http://servername/svn"
5495
5502
msgstr ""
5496
5503
5497
#: serverguide/C/vcs.xml:269(para)
5504
#: serverguide/C/vcs.xml:418(para)
5498
5505
msgid ""
5499
5506
"The password is transmitted as plain text. If you are worried about password "
5500
5507
"snooping, you are advised to use SSL encryption. For details, please refer "
5501
5508
"next section."
5502
5509
msgstr ""
5503
5510
5504
#: serverguide/C/vcs.xml:275(title)
5511
#: serverguide/C/vcs.xml:424(title)
5505
5512
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5506
5513
msgstr ""
5507
5514
5508
#: serverguide/C/vcs.xml:411(para)
5515
#: serverguide/C/vcs.xml:425(para)
5509
5516
msgid ""
5510
5517
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5511
5518
"(https://) is similar to http:// except that you must install and configure "
5516
5523
"configuration\"/>."
5517
5524
msgstr ""
5518
5525
5519
#: serverguide/C/vcs.xml:285(para)
5526
#: serverguide/C/vcs.xml:434(para)
5520
5527
msgid ""
5521
5528
"You can install a digital certificate issued by a signing authority. "
5522
5529
"Alternatively, you can install your own self-signed certificate."
5523
5530
msgstr ""
5524
5531
5525
#: serverguide/C/vcs.xml:290(para)
5532
#: serverguide/C/vcs.xml:439(para)
5526
5533
msgid ""
5527
5534
"This step assumes you have installed and configured a digital certificate in "
5528
5535
"your Apache 2 web server. Now, to access the Subversion repository, please "
5530
5537
"the protocol. You must use https:// to access the Subversion repository."
5531
5538
msgstr ""
5532
5539
5533
#: serverguide/C/vcs.xml:300(title)
5540
#: serverguide/C/vcs.xml:449(title)
5534
5541
msgid "Access via custom protocol (svn://)"
5535
5542
msgstr ""
5536
5543
5537
#: serverguide/C/vcs.xml:301(para)
5544
#: serverguide/C/vcs.xml:450(para)
5538
5545
msgid ""
5539
5546
"Once the Subversion repository is created, you can configure the access "
5540
5547
"control. You can edit the <filename> "
5543
5550
"following lines in the configuration file:"
5544
5551
msgstr ""
5545
5552
5546
#: serverguide/C/vcs.xml:308(programlisting)
5553
#: serverguide/C/vcs.xml:457(programlisting)
5547
5554
#, no-wrap
5548
5555
msgid ""
5549
5556
"# [general]\n"
5550
5557
"# password-db = passwd"
5551
5558
msgstr ""
5552
5559
5553
#: serverguide/C/vcs.xml:311(para)
5560
#: serverguide/C/vcs.xml:460(para)
5554
5561
msgid ""
5555
5562
"After uncommenting the above lines, you can maintain the user list in the "
5556
5563
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5557
5564
"directory and add the new user. The syntax is as follows:"
5558
5565
msgstr ""
5559
5566
5560
#: serverguide/C/vcs.xml:317(programlisting)
5567
#: serverguide/C/vcs.xml:466(programlisting)
5561
5568
#, no-wrap
5562
5569
msgid "username = password"
5563
5570
msgstr ""
5564
5571
5565
#: serverguide/C/vcs.xml:318(para)
5572
#: serverguide/C/vcs.xml:467(para)
5566
5573
msgid "For more details, please refer to the file."
5567
5574
msgstr ""
5568
5575
5569
#: serverguide/C/vcs.xml:322(para)
5576
#: serverguide/C/vcs.xml:471(para)
5570
5577
msgid ""
5571
5578
"Now, to access Subversion via the svn:// custom protocol, either from the "
5572
5579
"same machine or a different machine, you can run svnserver using svnserve "
5573
5580
"command. The syntax is as follows:"
5574
5581
msgstr ""
5575
5582
5576
#: serverguide/C/vcs.xml:327(programlisting)
5583
#: serverguide/C/vcs.xml:476(programlisting)
5577
5584
#, no-wrap
5578
5585
msgid ""
5579
5586
"$ svnserve -d --foreground -r /path/to/repos\n"
5585
5592
"$ svnserve --help"
5586
5593
msgstr ""
5587
5594
5588
#: serverguide/C/vcs.xml:335(para)
5595
#: serverguide/C/vcs.xml:484(para)
5589
5596
msgid ""
5590
5597
"Once you run this command, Subversion starts listening on default port "
5591
5598
"(3690). To access the project repository, you must run the following command "
5592
5599
"from a terminal prompt:"
5593
5600
msgstr ""
5594
5601
5595
#: serverguide/C/vcs.xml:338(command)
5602
#: serverguide/C/vcs.xml:487(command)
5596
5603
msgid "svn co svn://hostname/project project --username user_name"
5597
5604
msgstr ""
5598
5605
5599
#: serverguide/C/vcs.xml:341(para)
5606
#: serverguide/C/vcs.xml:490(para)
5600
5607
msgid ""
5601
5608
"Based on server configuration, it prompts for password. Once you are "
5602
5609
"authenticated, it checks out the code from Subversion repository. To "
5605
5612
"a terminal prompt, is as follows:"
5606
5613
msgstr ""
5607
5614
5608
#: serverguide/C/vcs.xml:349(command)
5615
#: serverguide/C/vcs.xml:498(command)
5609
5616
msgid "cd project_dir ; svn update"
5610
5617
msgstr ""
5611
5618
5612
#: serverguide/C/vcs.xml:352(para)
5619
#: serverguide/C/vcs.xml:501(para)
5613
5620
msgid ""
5614
5621
"For more details about using each Subversion sub-command, you can refer to "
5615
5622
"the manual. For example, to learn more about the co (checkout) command, "
5616
5623
"please run the following command from a terminal prompt:"
5617
5624
msgstr ""
5618
5625
5619
#: serverguide/C/vcs.xml:356(command)
5626
#: serverguide/C/vcs.xml:505(command)
5620
5627
msgid "svn co help"
5621
5628
msgstr ""
5622
5629
5623
#: serverguide/C/vcs.xml:495(title)
5630
#: serverguide/C/vcs.xml:509(title)
5624
5631
msgid "Access via custom protocol with SSH encryption (svn+ssh://)"
5625
5632
msgstr ""
5626
5633
5627
#: serverguide/C/vcs.xml:361(para)
5634
#: serverguide/C/vcs.xml:510(para)
5628
5635
msgid ""
5629
5636
"The configuration and server process is same as in the svn:// method. For "
5630
5637
"details, please refer to the above section. This step assumes you have "
5632
5639
"<application>svnserve</application> command."
5633
5640
msgstr ""
5634
5641
5635
#: serverguide/C/vcs.xml:367(para)
5642
#: serverguide/C/vcs.xml:516(para)
5636
5643
msgid ""
5637
5644
"It is also assumed that the ssh server is running on that machine and that "
5638
5645
"it is allowing incoming connections. To confirm, please try to login to that "
5640
5647
"login, please address it before continuing further."
5641
5648
msgstr ""
5642
5649
5643
#: serverguide/C/vcs.xml:373(para)
5650
#: serverguide/C/vcs.xml:522(para)
5644
5651
msgid ""
5645
5652
"The svn+ssh:// protocol is used to access the Subversion repository using "
5646
5653
"SSL encryption. The data transfer is encrypted using this method. To access "
5648
5655
"following command syntax:"
5649
5656
msgstr ""
5650
5657
5651
#: serverguide/C/vcs.xml:515(command)
5658
#: serverguide/C/vcs.xml:529(command)
5652
5659
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5653
5660
msgstr ""
5654
5661
5655
#: serverguide/C/vcs.xml:384(para)
5662
#: serverguide/C/vcs.xml:533(para)
5656
5663
msgid ""
5657
5664
"You must use the full path (/path/to/repos/project) to access the Subversion "
5658
5665
"repository using this access method."
5659
5666
msgstr ""
5660
5667
5661
#: serverguide/C/vcs.xml:387(para)
5668
#: serverguide/C/vcs.xml:536(para)
5662
5669
msgid ""
5663
5670
"Based on server configuration, it prompts for password. You must enter the "
5664
5671
"password you use to login via ssh. Once you are authenticated, it checks out "
5665
5672
"the code from the Subversion repository."
5666
5673
msgstr ""
5667
5674
5668
#: serverguide/C/vcs.xml:539(ulink)
5675
#: serverguide/C/vcs.xml:551(ulink)
5669
5676
msgid "Bazaar Home Page"
5670
5677
msgstr ""
5671
5678
5672
#: serverguide/C/vcs.xml:540(ulink)
5679
#: serverguide/C/vcs.xml:556(ulink)
5673
5680
msgid "Launchpad"
5674
5681
msgstr ""
5675
5682
5676
#: serverguide/C/vcs.xml:547(ulink)
5683
#: serverguide/C/vcs.xml:561(ulink)
5677
5684
msgid "Git homepage"
5678
5685
msgstr ""
5679
5686
5680
#: serverguide/C/vcs.xml:552(ulink)
5687
#: serverguide/C/vcs.xml:566(ulink)
5681
5688
msgid "Gitolite"
5682
5689
msgstr ""
5683
5690
5684
#: serverguide/C/vcs.xml:541(ulink)
5691
#: serverguide/C/vcs.xml:571(ulink)
5685
5692
msgid "Subversion Home Page"
5686
5693
msgstr ""
5687
5694
5688
#: serverguide/C/vcs.xml:542(ulink)
5695
#: serverguide/C/vcs.xml:576(ulink)
5689
5696
msgid "Subversion Book"
5690
5697
msgstr ""
5691
5698
5692
#: serverguide/C/vcs.xml:545(ulink)
5699
#: serverguide/C/vcs.xml:581(ulink)
5693
5700
msgid "Easy Bazaar Ubuntu Wiki page"
5694
5701
msgstr ""
5695
5702
5696
#: serverguide/C/vcs.xml:546(ulink)
5703
#: serverguide/C/vcs.xml:586(ulink)
5697
5704
msgid "Ubuntu Wiki Subversion page"
5698
5705
msgstr ""
5699
5706
5794
5801
"Security should always be considered when installing, deploying, and using "
5795
5802
"any type of computer system. Although a fresh installation of Ubuntu is "
5796
5803
"relatively safe for immediate use on the Internet, it is important to have a "
5797
"balanced understanding of your systems security posture based on how it will "
5798
"be used after deployment."
5804
"balanced understanding of your system's security posture based on how it "
5805
"will be used after deployment."
5799
5806
msgstr ""
5800
5807
5801
5808
#: serverguide/C/security.xml:15(para)
5802
5809
msgid ""
5803
"This chapter provides an overview of security related topics as they pertain "
5810
"This chapter provides an overview of security-related topics as they pertain "
5804
5811
"to Ubuntu 14.04 LTS Server Edition, and outlines simple measures you may use "
5805
5812
"to protect your server and network from any number of potential security "
5806
5813
"threats."
5854
5861
msgid "Configurations with root passwords are not supported."
5855
5862
msgstr ""
5856
5863
5857
#: serverguide/C/security.xml:37(command)
5864
#: serverguide/C/security.xml:42(command)
5858
5865
msgid "sudo passwd"
5859
5866
msgstr ""
5860
5867
5861
#: serverguide/C/security.xml:39(para)
5868
#: serverguide/C/security.xml:44(para)
5862
5869
msgid ""
5863
5870
"Sudo will prompt you for your password, and then ask you to supply a new "
5864
5871
"password for root as shown below:"
5865
5872
msgstr ""
5866
5873
5867
#: serverguide/C/security.xml:42(computeroutput)
5874
#: serverguide/C/security.xml:47(computeroutput)
5868
5875
#, no-wrap
5869
5876
msgid "[sudo] password for username:"
5870
5877
msgstr ""
5871
5878
5872
#: serverguide/C/security.xml:42(userinput)
5879
#: serverguide/C/security.xml:47(userinput)
5873
5880
#, no-wrap
5874
5881
msgid "(enter your own password)"
5875
5882
msgstr ""
5876
5883
5877
#: serverguide/C/security.xml:43(computeroutput)
5884
#: serverguide/C/security.xml:48(computeroutput)
5878
5885
#, no-wrap
5879
5886
msgid "Enter new UNIX password:"
5880
5887
msgstr ""
5881
5888
5882
#: serverguide/C/security.xml:43(userinput)
5889
#: serverguide/C/security.xml:48(userinput)
5883
5890
#, no-wrap
5884
5891
msgid "(enter a new password for root)"
5885
5892
msgstr ""
5886
5893
5887
#: serverguide/C/security.xml:44(computeroutput)
5894
#: serverguide/C/security.xml:49(computeroutput)
5888
5895
#, no-wrap
5889
5896
msgid "Retype new UNIX password:"
5890
5897
msgstr ""
5891
5898
5892
#: serverguide/C/security.xml:44(userinput)
5899
#: serverguide/C/security.xml:49(userinput)
5893
5900
#, no-wrap
5894
5901
msgid "(repeat new password for root)"
5895
5902
msgstr ""
5896
5903
5897
#: serverguide/C/security.xml:45(computeroutput)
5904
#: serverguide/C/security.xml:50(computeroutput)
5898
5905
#, no-wrap
5899
5906
msgid "passwd: password updated successfully"
5900
5907
msgstr ""
5904
5911
"To disable the root account password, use the following passwd syntax:"
5905
5912
msgstr ""
5906
5913
5907
#: serverguide/C/security.xml:53(command)
5914
#: serverguide/C/security.xml:58(command)
5908
5915
msgid "sudo passwd -l root"
5909
5916
msgstr ""
5910
5917
5917
5924
msgid "usermod --expiredate 1"
5918
5925
msgstr ""
5919
5926
5920
#: serverguide/C/security.xml:57(para)
5927
#: serverguide/C/security.xml:68(para)
5921
5928
msgid ""
5922
"You should read more on <application>Sudo</application> by checking out it's "
5923
"man page:"
5929
"You should read more on <application>Sudo</application> by reading the man "
5930
"page:"
5924
5931
msgstr ""
5925
5932
5926
#: serverguide/C/security.xml:61(command)
5933
#: serverguide/C/security.xml:72(command)
5927
5934
msgid "man sudo"
5928
5935
msgstr ""
5929
5936
5937
5944
"<emphasis>sudo</emphasis> group."
5938
5945
msgstr ""
5939
5946
5940
#: serverguide/C/security.xml:71(title)
5947
#: serverguide/C/security.xml:82(title)
5941
5948
msgid "Adding and Deleting Users"
5942
5949
msgstr ""
5943
5950
5944
#: serverguide/C/security.xml:72(para)
5951
#: serverguide/C/security.xml:83(para)
5945
5952
msgid ""
5946
"The process for managing local users and groups is straight forward and "
5953
"The process for managing local users and groups is straightforward and "
5947
5954
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5948
"other Debian based distributions, encourage the use of the \"adduser\" "
5955
"other Debian based distributions encourage the use of the \"adduser\" "
5949
5956
"package for account management."
5950
5957
msgstr ""
5951
5958
5952
#: serverguide/C/security.xml:77(para)
5959
#: serverguide/C/security.xml:88(para)
5953
5960
msgid ""
5954
5961
"To add a user account, use the following syntax, and follow the prompts to "
5955
"give the account a password and identifiable characteristics such as a full "
5962
"give the account a password and identifiable characteristics, such as a full "
5956
5963
"name, phone number, etc."
5957
5964
msgstr ""
5958
5965
5959
#: serverguide/C/security.xml:81(command)
5966
#: serverguide/C/security.xml:92(command)
5960
5967
msgid "sudo adduser username"
5961
5968
msgstr ""
5962
5969
5963
#: serverguide/C/security.xml:85(para)
5970
#: serverguide/C/security.xml:96(para)
5964
5971
msgid ""
5965
5972
"To delete a user account and its primary group, use the following syntax:"
5966
5973
msgstr ""
5967
5974
5968
#: serverguide/C/security.xml:89(command)
5975
#: serverguide/C/security.xml:100(command)
5969
5976
msgid "sudo deluser username"
5970
5977
msgstr ""
5971
5978
5972
#: serverguide/C/security.xml:91(para)
5979
#: serverguide/C/security.xml:102(para)
5973
5980
msgid ""
5974
5981
"Deleting an account does not remove their respective home folder. It is up "
5975
5982
"to you whether or not you wish to delete the folder manually or keep it "
5976
5983
"according to your desired retention policies."
5977
5984
msgstr ""
5978
5985
5979
#: serverguide/C/security.xml:94(para)
5986
#: serverguide/C/security.xml:105(para)
5980
5987
msgid ""
5981
5988
"Remember, any user added later on with the same UID/GID as the previous "
5982
5989
"owner will now have access to this folder if you have not taken the "
5983
5990
"necessary precautions."
5984
5991
msgstr ""
5985
5992
5986
#: serverguide/C/security.xml:97(para)
5993
#: serverguide/C/security.xml:108(para)
5987
5994
msgid ""
5988
5995
"You may want to change these UID/GID values to something more appropriate, "
5989
5996
"such as the root account, and perhaps even relocate the folder to avoid "
5990
5997
"future conflicts:"
5991
5998
msgstr ""
5992
5999
5993
#: serverguide/C/security.xml:101(command)
6000
#: serverguide/C/security.xml:112(command)
5994
6001
msgid "sudo chown -R root:root /home/username/"
5995
6002
msgstr ""
5996
6003
5997
#: serverguide/C/security.xml:102(command)
6004
#: serverguide/C/security.xml:113(command)
5998
6005
msgid "sudo mkdir /home/archived_users/"
5999
6006
msgstr ""
6000
6007
6001
#: serverguide/C/security.xml:103(command)
6008
#: serverguide/C/security.xml:114(command)
6002
6009
msgid "sudo mv /home/username /home/archived_users/"
6003
6010
msgstr ""
6004
6011
6005
#: serverguide/C/security.xml:107(para)
6012
#: serverguide/C/security.xml:118(para)
6006
6013
msgid ""
6007
6014
"To temporarily lock or unlock a user account, use the following syntax, "
6008
6015
"respectively:"
6009
6016
msgstr ""
6010
6017
6011
#: serverguide/C/security.xml:111(command)
6018
#: serverguide/C/security.xml:122(command)
6012
6019
msgid "sudo passwd -l username"
6013
6020
msgstr ""
6014
6021
6015
#: serverguide/C/security.xml:112(command)
6022
#: serverguide/C/security.xml:123(command)
6016
6023
msgid "sudo passwd -u username"
6017
6024
msgstr ""
6018
6025
6019
#: serverguide/C/security.xml:116(para)
6026
#: serverguide/C/security.xml:127(para)
6020
6027
msgid ""
6021
6028
"To add or delete a personalized group, use the following syntax, "
6022
6029
"respectively:"
6023
6030
msgstr ""
6024
6031
6025
#: serverguide/C/security.xml:120(command)
6032
#: serverguide/C/security.xml:131(command)
6026
6033
msgid "sudo addgroup groupname"
6027
6034
msgstr ""
6028
6035
6029
#: serverguide/C/security.xml:121(command)
6036
#: serverguide/C/security.xml:132(command)
6030
6037
msgid "sudo delgroup groupname"
6031
6038
msgstr ""
6032
6039
6033
#: serverguide/C/security.xml:125(para)
6040
#: serverguide/C/security.xml:136(para)
6034
6041
msgid "To add a user to a group, use the following syntax:"
6035
6042
msgstr ""
6036
6043
6037
#: serverguide/C/security.xml:129(command)
6044
#: serverguide/C/security.xml:140(command)
6038
6045
msgid "sudo adduser username groupname"
6039
6046
msgstr ""
6040
6047
6041
#: serverguide/C/security.xml:136(title)
6048
#: serverguide/C/security.xml:147(title)
6042
6049
msgid "User Profile Security"
6043
6050
msgstr ""
6044
6051
6045
#: serverguide/C/security.xml:137(para)
6052
#: serverguide/C/security.xml:148(para)
6046
6053
msgid ""
6047
6054
"When a new user is created, the adduser utility creates a brand new home "
6048
"directory named <filename class=\"directory\">/home/username</filename>, "
6049
"respectively. The default profile is modeled after the contents found in the "
6050
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6051
"includes all profile basics."
6055
"directory named <filename class=\"directory\">/home/username</filename>. The "
6056
"default profile is modeled after the contents found in the directory of "
6057
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6058
"profile basics."
6052
6059
msgstr ""
6053
6060
6054
#: serverguide/C/security.xml:140(para)
6061
#: serverguide/C/security.xml:151(para)
6055
6062
msgid ""
6056
6063
"If your server will be home to multiple users, you should pay close "
6057
6064
"attention to the user home directory permissions to ensure confidentiality. "
6061
6068
"your environment."
6062
6069
msgstr ""
6063
6070
6064
#: serverguide/C/security.xml:145(para)
6071
#: serverguide/C/security.xml:156(para)
6065
6072
msgid ""
6066
"To verify your current users home directory permissions, use the following "
6073
"To verify your current user home directory permissions, use the following "
6067
6074
"syntax:"
6068
6075
msgstr ""
6069
6076
6070
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6077
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6071
6078
msgid "ls -ld /home/username"
6072
6079
msgstr ""
6073
6080
6074
#: serverguide/C/security.xml:151(para)
6081
#: serverguide/C/security.xml:162(para)
6075
6082
msgid ""
6076
6083
"The following output shows that the directory <filename "
6077
"class=\"directory\">/home/username</filename> has world readable permissions:"
6084
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6078
6085
msgstr ""
6079
6086
6080
#: serverguide/C/security.xml:154(computeroutput)
6087
#: serverguide/C/security.xml:165(computeroutput)
6081
6088
#, no-wrap
6082
6089
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6083
6090
msgstr ""
6084
6091
6085
#: serverguide/C/security.xml:158(para)
6092
#: serverguide/C/security.xml:169(para)
6086
6093
msgid ""
6087
"You can remove the world readable permissions using the following syntax:"
6094
"You can remove the world readable-permissions using the following syntax:"
6088
6095
msgstr ""
6089
6096
6090
#: serverguide/C/security.xml:162(command)
6097
#: serverguide/C/security.xml:173(command)
6091
6098
msgid "sudo chmod 0750 /home/username"
6092
6099
msgstr ""
6093
6100
6094
#: serverguide/C/security.xml:165(para)
6101
#: serverguide/C/security.xml:176(para)
6095
6102
msgid ""
6096
6103
"Some people tend to use the recursive option (-R) indiscriminately which "
6097
6104
"modifies all child folders and files, but this is not necessary, and may "
6099
6106
"for preventing unauthorized access to anything below the parent."
6100
6107
msgstr ""
6101
6108
6102
#: serverguide/C/security.xml:169(para)
6109
#: serverguide/C/security.xml:180(para)
6103
6110
msgid ""
6104
6111
"A much more efficient approach to the matter would be to modify the "
6105
6112
"<application>adduser</application> global default permissions when creating "
6109
6116
"new home directories will receive the correct permissions."
6110
6117
msgstr ""
6111
6118
6112
#: serverguide/C/security.xml:172(programlisting)
6119
#: serverguide/C/security.xml:183(programlisting)
6113
6120
#, no-wrap
6114
6121
msgid ""
6115
6122
"\n"
6116
6123
"DIR_MODE=0750\n"
6117
6124
msgstr ""
6118
6125
6119
#: serverguide/C/security.xml:177(para)
6126
#: serverguide/C/security.xml:188(para)
6120
6127
msgid ""
6121
6128
"After correcting the directory permissions using any of the previously "
6122
6129
"mentioned techniques, verify the results using the following syntax:"
6123
6130
msgstr ""
6124
6131
6125
#: serverguide/C/security.xml:183(para)
6132
#: serverguide/C/security.xml:194(para)
6126
6133
msgid ""
6127
"The results below show that world readable permissions have been removed:"
6134
"The results below show that world-readable permissions have been removed:"
6128
6135
msgstr ""
6129
6136
6130
#: serverguide/C/security.xml:186(computeroutput)
6137
#: serverguide/C/security.xml:197(computeroutput)
6131
6138
#, no-wrap
6132
6139
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6133
6140
msgstr ""
6134
6141
6135
#: serverguide/C/security.xml:193(title)
6142
#: serverguide/C/security.xml:204(title)
6136
6143
msgid "Password Policy"
6137
6144
msgstr ""
6138
6145
6139
#: serverguide/C/security.xml:194(para)
6146
#: serverguide/C/security.xml:205(para)
6140
6147
msgid ""
6141
6148
"A strong password policy is one of the most important aspects of your "
6142
6149
"security posture. Many successful security breaches involve simple brute "
6146
6153
"password lifetimes, and frequent audits of your authentication systems."
6147
6154
msgstr ""
6148
6155
6149
#: serverguide/C/security.xml:198(title)
6156
#: serverguide/C/security.xml:209(title)
6150
6157
msgid "Minimum Password Length"
6151
6158
msgstr ""
6152
6159
6153
#: serverguide/C/security.xml:199(para)
6160
#: serverguide/C/security.xml:210(para)
6154
6161
msgid ""
6155
6162
"By default, Ubuntu requires a minimum password length of 6 characters, as "
6156
6163
"well as some basic entropy checks. These values are controlled in the file "
6164
6171
"password [success=1 default=ignore] pam_unix.so obscure sha512\n"
6165
6172
msgstr ""
6166
6173
6167
#: serverguide/C/security.xml:205(para)
6174
#: serverguide/C/security.xml:216(para)
6168
6175
msgid ""
6169
6176
"If you would like to adjust the minimum length to 8 characters, change the "
6170
6177
"appropriate variable to min=8. The modification is outlined below."
6178
6185
"minlen=8\n"
6179
6186
msgstr ""
6180
6187
6181
#: serverguide/C/security.xml:212(para)
6188
#: serverguide/C/security.xml:223(para)
6182
6189
msgid ""
6183
6190
"Basic password entropy checks and minimum length rules do not apply to the "
6184
6191
"administrator using sudo level commands to setup a new user."
6185
6192
msgstr ""
6186
6193
6187
#: serverguide/C/security.xml:218(title)
6194
#: serverguide/C/security.xml:229(title)
6188
6195
msgid "Password Expiration"
6189
6196
msgstr ""
6190
6197
6191
#: serverguide/C/security.xml:219(para)
6198
#: serverguide/C/security.xml:230(para)
6192
6199
msgid ""
6193
6200
"When creating user accounts, you should make it a policy to have a minimum "
6194
6201
"and maximum password age forcing users to change their passwords when they "
6195
6202
"expire."
6196
6203
msgstr ""
6197
6204
6198
#: serverguide/C/security.xml:224(para)
6205
#: serverguide/C/security.xml:235(para)
6199
6206
msgid ""
6200
6207
"To easily view the current status of a user account, use the following "
6201
6208
"syntax:"
6202
6209
msgstr ""
6203
6210
6204
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6211
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6205
6212
msgid "sudo chage -l username"
6206
6213
msgstr ""
6207
6214
6208
#: serverguide/C/security.xml:230(para)
6215
#: serverguide/C/security.xml:241(para)
6209
6216
msgid ""
6210
6217
"The output below shows interesting facts about the user account, namely that "
6211
6218
"there are no policies applied:"
6212
6219
msgstr ""
6213
6220
6214
#: serverguide/C/security.xml:233(computeroutput)
6221
#: serverguide/C/security.xml:244(computeroutput)
6215
6222
#, no-wrap
6216
6223
msgid ""
6217
"Last password change : Jan 20, 2008\n"
6224
"Last password change : Jan 20, 2015\n"
6218
6225
"Password expires : never\n"
6219
6226
"Password inactive : never\n"
6220
6227
"Account expires : never\n"
6223
6230
"Number of days of warning before password expires : 7"
6224
6231
msgstr ""
6225
6232
6226
#: serverguide/C/security.xml:243(para)
6233
#: serverguide/C/security.xml:254(para)
6227
6234
msgid ""
6228
6235
"To set any of these values, simply use the following syntax, and follow the "
6229
6236
"interactive prompts:"
6230
6237
msgstr ""
6231
6238
6232
#: serverguide/C/security.xml:247(command)
6239
#: serverguide/C/security.xml:258(command)
6233
6240
msgid "sudo chage username"
6234
6241
msgstr ""
6235
6242
6236
#: serverguide/C/security.xml:249(para)
6243
#: serverguide/C/security.xml:260(para)
6237
6244
msgid ""
6238
6245
"The following is also an example of how you can manually change the explicit "
6239
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6246
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6240
6247
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6241
6248
"password expiration, and a warning time period (-W) of 14 days before "
6242
"password expiration."
6243
msgstr ""
6244
6245
#: serverguide/C/security.xml:253(command)
6246
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6247
msgstr ""
6248
6249
#: serverguide/C/security.xml:257(para)
6249
"password expiration:"
6250
msgstr ""
6251
6252
#: serverguide/C/security.xml:264(command)
6253
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6254
msgstr ""
6255
6256
#: serverguide/C/security.xml:268(para)
6250
6257
msgid "To verify changes, use the same syntax as mentioned previously:"
6251
6258
msgstr ""
6252
6259
6253
#: serverguide/C/security.xml:263(para)
6260
#: serverguide/C/security.xml:274(para)
6254
6261
msgid ""
6255
6262
"The output below shows the new policies that have been established for the "
6256
6263
"account:"
6257
6264
msgstr ""
6258
6265
6259
#: serverguide/C/security.xml:266(computeroutput)
6266
#: serverguide/C/security.xml:277(computeroutput)
6260
6267
#, no-wrap
6261
6268
msgid ""
6262
"Last password change : Jan 20, 2008\n"
6263
"Password expires : Apr 19, 2008\n"
6264
"Password inactive : May 19, 2008\n"
6265
"Account expires : Jan 31, 2008\n"
6269
"Last password change : Jan 20, 2015\n"
6270
"Password expires : Apr 19, 2015\n"
6271
"Password inactive : May 19, 2015\n"
6272
"Account expires : Jan 31, 2015\n"
6266
6273
"Minimum number of days between password change : 5\n"
6267
6274
"Maximum number of days between password change : 90\n"
6268
6275
"Number of days of warning before password expires : 14"
6269
6276
msgstr ""
6270
6277
6271
#: serverguide/C/security.xml:282(title)
6278
#: serverguide/C/security.xml:293(title)
6272
6279
msgid "Other Security Considerations"
6273
6280
msgstr ""
6274
6281
6275
#: serverguide/C/security.xml:283(para)
6282
#: serverguide/C/security.xml:294(para)
6276
6283
msgid ""
6277
6284
"Many applications use alternate authentication mechanisms that can be easily "
6278
6285
"overlooked by even experienced system administrators. Therefore, it is "
6280
6287
"to services and applications on your server."
6281
6288
msgstr ""
6282
6289
6283
#: serverguide/C/security.xml:288(title)
6290
#: serverguide/C/security.xml:299(title)
6284
6291
msgid "SSH Access by Disabled Users"
6285
6292
msgstr ""
6286
6293
6287
#: serverguide/C/security.xml:289(para)
6294
#: serverguide/C/security.xml:300(para)
6288
6295
msgid ""
6289
6296
"Simply disabling/locking a user account will not prevent a user from logging "
6290
6297
"into your server remotely if they have previously set up RSA public key "
6291
6298
"authentication. They will still be able to gain shell access to the server, "
6292
6299
"without the need for any password. Remember to check the users home "
6293
6300
"directory for files that will allow for this type of authenticated SSH "
6294
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6301
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6295
6302
msgstr ""
6296
6303
6297
#: serverguide/C/security.xml:292(para)
6304
#: serverguide/C/security.xml:303(para)
6298
6305
msgid ""
6299
6306
"Remove or rename the directory <filename "
6300
6307
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6301
6308
"further SSH authentication capabilities."
6302
6309
msgstr ""
6303
6310
6304
#: serverguide/C/security.xml:295(para)
6311
#: serverguide/C/security.xml:306(para)
6305
6312
msgid ""
6306
6313
"Be sure to check for any established SSH connections by the disabled user, "
6307
6314
"as it is possible they may have existing inbound or outbound connections. "
6309
6316
msgstr ""
6310
6317
6311
6318
#: serverguide/C/security.xml:310(command)
6312
msgid "who |grep username"
6319
msgid "who | grep username"
6313
6320
msgstr ""
6314
6321
6315
6322
#: serverguide/C/security.xml:311(command)
6324
6331
"<placeholder-2/>\n"
6325
6332
msgstr ""
6326
6333
6327
#: serverguide/C/security.xml:298(para)
6334
#: serverguide/C/security.xml:313(para)
6328
6335
msgid ""
6329
6336
"Restrict SSH access to only user accounts that should have it. For example, "
6330
6337
"you may create a group called \"sshlogin\" and add the group name as the "
6332
6339
"the file <filename>/etc/ssh/sshd_config</filename>."
6333
6340
msgstr ""
6334
6341
6335
#: serverguide/C/security.xml:301(programlisting)
6342
#: serverguide/C/security.xml:316(programlisting)
6336
6343
#, no-wrap
6337
6344
msgid ""
6338
6345
"\n"
6339
6346
"AllowGroups sshlogin\n"
6340
6347
msgstr ""
6341
6348
6342
#: serverguide/C/security.xml:304(para)
6349
#: serverguide/C/security.xml:319(para)
6343
6350
msgid ""
6344
6351
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6345
6352
"SSH service."
6346
6353
msgstr ""
6347
6354
6348
#: serverguide/C/security.xml:308(command)
6355
#: serverguide/C/security.xml:323(command)
6349
6356
msgid "sudo adduser username sshlogin"
6350
6357
msgstr ""
6351
6358
6352
#: serverguide/C/security.xml:309(command)
6359
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6353
6360
msgid "sudo service ssh restart"
6354
6361
msgstr ""
6355
6362
6356
#: serverguide/C/security.xml:313(title)
6363
#: serverguide/C/security.xml:328(title)
6357
6364
msgid "External User Database Authentication"
6358
6365
msgstr ""
6359
6366
6360
#: serverguide/C/security.xml:314(para)
6367
#: serverguide/C/security.xml:329(para)
6361
6368
msgid ""
6362
6369
"Most enterprise networks require centralized authentication and access "
6363
6370
"controls for all system resources. If you have configured your server to "
6364
6371
"authenticate users against external databases, be sure to disable the user "
6365
"accounts both externally and locally, this way you ensure that local "
6372
"accounts both externally and locally. This way you ensure that local "
6366
6373
"fallback authentication is not possible."
6367
6374
msgstr ""
6368
6375
6369
#: serverguide/C/security.xml:323(title)
6376
#: serverguide/C/security.xml:338(title)
6370
6377
msgid "Console Security"
6371
6378
msgstr ""
6372
6379
6373
#: serverguide/C/security.xml:324(para)
6380
#: serverguide/C/security.xml:339(para)
6374
6381
msgid ""
6375
6382
"As with any other security barrier you put in place to protect your server, "
6376
6383
"it is pretty tough to defend against untold damage caused by someone with "
6382
6389
"basic precautions with regard to console security."
6383
6390
msgstr ""
6384
6391
6385
#: serverguide/C/security.xml:327(para)
6392
#: serverguide/C/security.xml:342(para)
6386
6393
msgid ""
6387
6394
"The following instructions will help defend your server against issues that "
6388
6395
"could otherwise yield very serious consequences."
6389
6396
msgstr ""
6390
6397
6391
#: serverguide/C/security.xml:332(title)
6398
#: serverguide/C/security.xml:347(title)
6392
6399
msgid "Disable Ctrl+Alt+Delete"
6393
6400
msgstr ""
6394
6401
6395
#: serverguide/C/security.xml:333(para)
6402
#: serverguide/C/security.xml:348(para)
6396
6403
msgid ""
6397
"First and foremost, anyone that has physical access to the keyboard can "
6398
"simply use the "
6404
"Anyone that has physical access to the keyboard can simply use the "
6399
6405
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6400
6406
"eycombo> key combination to reboot the server without having to log on. "
6401
"Sure, someone could simply unplug the power source, but you should still "
6402
"prevent the use of this key combination on a production server. This forces "
6403
"an attacker to take more drastic measures to reboot the server, and will "
6407
"While someone could simply unplug the power source, you should still prevent "
6408
"the use of this key combination on a production server. This forces an "
6409
"attacker to take more drastic measures to reboot the server, and will "
6404
6410
"prevent accidental reboots at the same time."
6405
6411
msgstr ""
6406
6412
6407
#: serverguide/C/security.xml:338(para)
6413
#: serverguide/C/security.xml:353(para)
6408
6414
msgid ""
6409
6415
"To disable the reboot action taken by pressing the "
6410
6416
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6411
6417
"eycombo> key combination, comment out the following line in the file "
6412
"<filename>/etc/init/control-alt-delete.conf</filename>."
6418
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6413
6419
msgstr ""
6414
6420
6415
#: serverguide/C/security.xml:341(programlisting)
6421
#: serverguide/C/security.xml:356(programlisting)
6416
6422
#, no-wrap
6417
6423
msgid ""
6418
6424
"\n"
6419
6425
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6420
6426
msgstr ""
6421
6427
6422
#: serverguide/C/security.xml:350(title)
6428
#: serverguide/C/security.xml:365(title)
6423
6429
msgid "Firewall"
6424
6430
msgstr ""
6425
6431
6426
#: serverguide/C/security.xml:353(para)
6432
#: serverguide/C/security.xml:368(para)
6427
6433
msgid ""
6428
6434
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6429
6435
"which is used to manipulate or decide the fate of network traffic headed "
6431
6437
"system for packet filtering."
6432
6438
msgstr ""
6433
6439
6434
#: serverguide/C/security.xml:358(para)
6440
#: serverguide/C/security.xml:373(para)
6435
6441
msgid ""
6436
6442
"The kernel's packet filtering system would be of little use to "
6437
6443
"administrators without a userspace interface to manage it. This is the "
6438
"purpose of iptables. When a packet reaches your server, it will be handed "
6444
"purpose of iptables: When a packet reaches your server, it will be handed "
6439
6445
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6440
6446
"based on the rules supplied to it from userspace via iptables. Thus, "
6441
"iptables is all you need to manage your firewall if you're familiar with it, "
6442
"but many frontends are available to simplify the task."
6447
"iptables is all you need to manage your firewall, if you're familiar with "
6448
"it, but many frontends are available to simplify the task."
6443
6449
msgstr ""
6444
6450
6445
#: serverguide/C/security.xml:368(title)
6451
#: serverguide/C/security.xml:383(title)
6446
6452
msgid "ufw - Uncomplicated Firewall"
6447
6453
msgstr ""
6448
6454
6449
#: serverguide/C/security.xml:369(para)
6455
#: serverguide/C/security.xml:384(para)
6450
6456
msgid ""
6451
6457
"The default firewall configuration tool for Ubuntu is "
6452
6458
"<application>ufw</application>. Developed to ease iptables firewall "
6453
"configuration, <application>ufw</application> provides a user friendly way "
6459
"configuration, <application>ufw</application> provides a user-friendly way "
6454
6460
"to create an IPv4 or IPv6 host-based firewall."
6455
6461
msgstr ""
6456
6462
6457
#: serverguide/C/security.xml:373(para)
6463
#: serverguide/C/security.xml:388(para)
6458
6464
msgid ""
6459
6465
"<application>ufw</application> by default is initially disabled. From the "
6460
6466
"<application>ufw</application> man page:"
6461
6467
msgstr ""
6462
6468
6463
#: serverguide/C/security.xml:377(quote)
6469
#: serverguide/C/security.xml:392(quote)
6464
6470
msgid ""
6465
6471
"ufw is not intended to provide complete firewall functionality via its "
6466
6472
"command interface, but instead provides an easy way to add or remove simple "
6467
6473
"rules. It is currently mainly used for host-based firewalls."
6468
6474
msgstr ""
6469
6475
6470
#: serverguide/C/security.xml:381(para)
6476
#: serverguide/C/security.xml:396(para)
6471
6477
msgid ""
6472
6478
"The following are some examples of how to use <application>ufw</application>:"
6473
6479
msgstr ""
6474
6480
6475
#: serverguide/C/security.xml:386(para)
6481
#: serverguide/C/security.xml:401(para)
6476
6482
msgid ""
6477
6483
"First, <application>ufw</application> needs to be enabled. From a terminal "
6478
6484
"prompt enter:"
6479
6485
msgstr ""
6480
6486
6481
#: serverguide/C/security.xml:390(command)
6487
#: serverguide/C/security.xml:405(command)
6482
6488
msgid "sudo ufw enable"
6483
6489
msgstr ""
6484
6490
6485
#: serverguide/C/security.xml:394(para)
6486
msgid "To open a port (ssh in this example):"
6491
#: serverguide/C/security.xml:409(para)
6492
msgid "To open a port (SSH in this example):"
6487
6493
msgstr ""
6488
6494
6489
#: serverguide/C/security.xml:398(command)
6495
#: serverguide/C/security.xml:413(command)
6490
6496
msgid "sudo ufw allow 22"
6491
6497
msgstr ""
6492
6498
6493
#: serverguide/C/security.xml:402(para)
6499
#: serverguide/C/security.xml:417(para)
6494
6500
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6495
6501
msgstr ""
6496
6502
6497
#: serverguide/C/security.xml:406(command)
6503
#: serverguide/C/security.xml:421(command)
6498
6504
msgid "sudo ufw insert 1 allow 80"
6499
6505
msgstr ""
6500
6506
6501
#: serverguide/C/security.xml:410(para)
6507
#: serverguide/C/security.xml:425(para)
6502
6508
msgid "Similarly, to close an opened port:"
6503
6509
msgstr ""
6504
6510
6505
#: serverguide/C/security.xml:414(command)
6511
#: serverguide/C/security.xml:429(command)
6506
6512
msgid "sudo ufw deny 22"
6507
6513
msgstr ""
6508
6514
6509
#: serverguide/C/security.xml:418(para)
6515
#: serverguide/C/security.xml:433(para)
6510
6516
msgid "To remove a rule, use delete followed by the rule:"
6511
6517
msgstr ""
6512
6518
6513
#: serverguide/C/security.xml:422(command)
6519
#: serverguide/C/security.xml:437(command)
6514
6520
msgid "sudo ufw delete deny 22"
6515
6521
msgstr ""
6516
6522
6517
#: serverguide/C/security.xml:426(para)
6523
#: serverguide/C/security.xml:441(para)
6518
6524
msgid ""
6519
6525
"It is also possible to allow access from specific hosts or networks to a "
6520
"port. The following example allows ssh access from host 192.168.0.2 to any "
6521
"ip address on this host:"
6526
"port. The following example allows SSH access from host 192.168.0.2 to any "
6527
"IP address on this host:"
6522
6528
msgstr ""
6523
6529
6524
#: serverguide/C/security.xml:431(command)
6530
#: serverguide/C/security.xml:446(command)
6525
6531
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6526
6532
msgstr ""
6527
6533
6528
#: serverguide/C/security.xml:433(para)
6534
#: serverguide/C/security.xml:448(para)
6529
6535
msgid ""
6530
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6536
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6531
6537
"subnet."
6532
6538
msgstr ""
6533
6539
6534
#: serverguide/C/security.xml:439(para)
6540
#: serverguide/C/security.xml:454(para)
6535
6541
msgid ""
6536
6542
"Adding the <emphasis>--dry-run</emphasis> option to a "
6537
6543
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6539
6545
"the HTTP port:"
6540
6546
msgstr ""
6541
6547
6542
#: serverguide/C/security.xml:445(command)
6548
#: serverguide/C/security.xml:460(command)
6543
6549
msgid "sudo ufw --dry-run allow http"
6544
6550
msgstr ""
6545
6551
6546
#: serverguide/C/security.xml:449(computeroutput)
6552
#: serverguide/C/security.xml:464(computeroutput)
6547
6553
#, no-wrap
6548
6554
msgid ""
6549
6555
"*filter\n"
6569
6575
"Rules updated"
6570
6576
msgstr ""
6571
6577
6572
#: serverguide/C/security.xml:473(para)
6578
#: serverguide/C/security.xml:488(para)
6573
6579
msgid "<application>ufw</application> can be disabled by:"
6574
6580
msgstr ""
6575
6581
6576
#: serverguide/C/security.xml:477(command)
6582
#: serverguide/C/security.xml:492(command)
6577
6583
msgid "sudo ufw disable"
6578
6584
msgstr ""
6579
6585
6580
#: serverguide/C/security.xml:481(para)
6586
#: serverguide/C/security.xml:496(para)
6581
6587
msgid "To see the firewall status, enter:"
6582
6588
msgstr ""
6583
6589
6584
#: serverguide/C/security.xml:485(command)
6590
#: serverguide/C/security.xml:500(command)
6585
6591
msgid "sudo ufw status"
6586
6592
msgstr ""
6587
6593
6588
#: serverguide/C/security.xml:489(para)
6594
#: serverguide/C/security.xml:504(para)
6589
6595
msgid "And for more verbose status information use:"
6590
6596
msgstr ""
6591
6597
6592
#: serverguide/C/security.xml:493(command)
6598
#: serverguide/C/security.xml:508(command)
6593
6599
msgid "sudo ufw status verbose"
6594
6600
msgstr ""
6595
6601
6596
#: serverguide/C/security.xml:497(para)
6602
#: serverguide/C/security.xml:512(para)
6597
6603
msgid "To view the <emphasis>numbered</emphasis> format:"
6598
6604
msgstr ""
6599
6605
6600
#: serverguide/C/security.xml:501(command)
6606
#: serverguide/C/security.xml:516(command)
6601
6607
msgid "sudo ufw status numbered"
6602
6608
msgstr ""
6603
6609
6604
#: serverguide/C/security.xml:506(para)
6610
#: serverguide/C/security.xml:521(para)
6605
6611
msgid ""
6606
6612
"If the port you want to open or close is defined in "
6607
6613
"<filename>/etc/services</filename>, you can use the port name instead of the "
6609
6615
"<emphasis>ssh</emphasis>."
6610
6616
msgstr ""
6611
6617
6612
#: serverguide/C/security.xml:512(para)
6618
#: serverguide/C/security.xml:527(para)
6613
6619
msgid ""
6614
6620
"This is a quick introduction to using <application>ufw</application>. Please "
6615
6621
"refer to the <application>ufw</application> man page for more information."
6616
6622
msgstr ""
6617
6623
6618
#: serverguide/C/security.xml:518(title)
6624
#: serverguide/C/security.xml:533(title)
6619
6625
msgid "ufw Application Integration"
6620
6626
msgstr ""
6621
6627
6622
#: serverguide/C/security.xml:520(para)
6628
#: serverguide/C/security.xml:535(para)
6623
6629
msgid ""
6624
6630
"Applications that open ports can include an <application>ufw</application> "
6625
6631
"profile, which details the ports needed for the application to function "
6628
6634
"the default ports have been changed."
6629
6635
msgstr ""
6630
6636
6631
#: serverguide/C/security.xml:529(para)
6637
#: serverguide/C/security.xml:544(para)
6632
6638
msgid ""
6633
6639
"To view which applications have installed a profile, enter the following in "
6634
6640
"a terminal:"
6635
6641
msgstr ""
6636
6642
6637
#: serverguide/C/security.xml:534(command)
6643
#: serverguide/C/security.xml:549(command)
6638
6644
msgid "sudo ufw app list"
6639
6645
msgstr ""
6640
6646
6641
#: serverguide/C/security.xml:540(para)
6647
#: serverguide/C/security.xml:555(para)
6642
6648
msgid ""
6643
6649
"Similar to allowing traffic to a port, using an application profile is "
6644
6650
"accomplished by entering:"
6645
6651
msgstr ""
6646
6652
6647
#: serverguide/C/security.xml:545(command)
6653
#: serverguide/C/security.xml:560(command)
6648
6654
msgid "sudo ufw allow Samba"
6649
6655
msgstr ""
6650
6656
6651
#: serverguide/C/security.xml:551(para)
6657
#: serverguide/C/security.xml:566(para)
6652
6658
msgid "An extended syntax is available as well:"
6653
6659
msgstr ""
6654
6660
6655
#: serverguide/C/security.xml:556(command)
6661
#: serverguide/C/security.xml:571(command)
6656
6662
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6657
6663
msgstr ""
6658
6664
6659
#: serverguide/C/security.xml:559(para)
6665
#: serverguide/C/security.xml:574(para)
6660
6666
msgid ""
6661
6667
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6662
6668
"with the application profile you are using and the IP range for your network."
6663
6669
msgstr ""
6664
6670
6665
#: serverguide/C/security.xml:565(para)
6671
#: serverguide/C/security.xml:580(para)
6666
6672
msgid ""
6667
6673
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6668
6674
"application, because that information is detailed in the profile. Also, note "
6670
6676
"<emphasis>port</emphasis> number."
6671
6677
msgstr ""
6672
6678
6673
#: serverguide/C/security.xml:574(para)
6679
#: serverguide/C/security.xml:589(para)
6674
6680
msgid ""
6675
"To view details about which ports, protocols, etc are defined for an "
6681
"To view details about which ports, protocols, etc., are defined for an "
6676
6682
"application, enter:"
6677
6683
msgstr ""
6678
6684
6679
#: serverguide/C/security.xml:579(command)
6685
#: serverguide/C/security.xml:594(command)
6680
6686
msgid "sudo ufw app info Samba"
6681
6687
msgstr ""
6682
6688
6683
#: serverguide/C/security.xml:585(para)
6689
#: serverguide/C/security.xml:600(para)
6684
6690
msgid ""
6685
6691
"Not all applications that require opening a network port come with "
6686
6692
"<application>ufw</application> profiles, but if you have profiled an "
6688
6694
"bug against the package in Launchpad."
6689
6695
msgstr ""
6690
6696
6691
#: serverguide/C/security.xml:591(command)
6697
#: serverguide/C/security.xml:606(command)
6692
6698
msgid "ubuntu-bug nameofpackage"
6693
6699
msgstr ""
6694
6700
6695
#: serverguide/C/security.xml:597(title)
6701
#: serverguide/C/security.xml:612(title)
6696
6702
msgid "IP Masquerading"
6697
6703
msgstr ""
6698
6704
6699
#: serverguide/C/security.xml:598(para)
6705
#: serverguide/C/security.xml:613(para)
6700
6706
msgid ""
6701
6707
"The purpose of IP Masquerading is to allow machines with private, non-"
6702
6708
"routable IP addresses on your network to access the Internet through the "
6713
6719
"to in Microsoft documentation as Internet Connection Sharing."
6714
6720
msgstr ""
6715
6721
6716
#: serverguide/C/security.xml:614(title)
6722
#: serverguide/C/security.xml:629(title)
6717
6723
msgid "ufw Masquerading"
6718
6724
msgstr ""
6719
6725
6720
#: serverguide/C/security.xml:615(para)
6726
#: serverguide/C/security.xml:630(para)
6721
6727
msgid ""
6722
6728
"IP Masquerading can be achieved using custom <application>ufw</application> "
6723
6729
"rules. This is possible because the current back-end for "
6728
6734
"that are more network gateway or bridge related."
6729
6735
msgstr ""
6730
6736
6731
#: serverguide/C/security.xml:621(para)
6737
#: serverguide/C/security.xml:636(para)
6732
6738
msgid ""
6733
6739
"The rules are split into two different files, rules that should be executed "
6734
6740
"before <application>ufw</application> command line rules, and rules that are "
6735
6741
"executed after <application>ufw</application> command line rules."
6736
6742
msgstr ""
6737
6743
6738
#: serverguide/C/security.xml:627(para)
6744
#: serverguide/C/security.xml:642(para)
6739
6745
msgid ""
6740
6746
"First, packet forwarding needs to be enabled in "
6741
6747
"<application>ufw</application>. Two configuration files will need to be "
6743
6749
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6744
6750
msgstr ""
6745
6751
6746
#: serverguide/C/security.xml:631(programlisting)
6752
#: serverguide/C/security.xml:646(programlisting)
6747
6753
#, no-wrap
6748
6754
msgid ""
6749
6755
"\n"
6750
6756
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6751
6757
msgstr ""
6752
6758
6753
#: serverguide/C/security.xml:634(para)
6759
#: serverguide/C/security.xml:649(para)
6754
6760
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6755
6761
msgstr ""
6756
6762
6757
#: serverguide/C/security.xml:637(programlisting)
6763
#: serverguide/C/security.xml:652(programlisting)
6758
6764
#, no-wrap
6759
6765
msgid ""
6760
6766
"\n"
6761
6767
"net/ipv4/ip_forward=1\n"
6762
6768
msgstr ""
6763
6769
6764
#: serverguide/C/security.xml:640(para)
6770
#: serverguide/C/security.xml:655(para)
6765
6771
msgid "Similarly, for IPv6 forwarding uncomment:"
6766
6772
msgstr ""
6767
6773
6768
#: serverguide/C/security.xml:643(programlisting)
6774
#: serverguide/C/security.xml:658(programlisting)
6769
6775
#, no-wrap
6770
6776
msgid ""
6771
6777
"\n"
6772
6778
"net/ipv6/conf/default/forwarding=1\n"
6773
6779
msgstr ""
6774
6780
6775
#: serverguide/C/security.xml:648(para)
6781
#: serverguide/C/security.xml:663(para)
6776
6782
msgid ""
6777
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6778
"file. The default rules only configure the <emphasis>filter</emphasis> "
6779
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6780
"need to be configured. Add the following to the top of the file just after "
6781
"the header comments:"
6783
"Now add rules to the <filename>/etc/ufw/before.rules</filename> file. The "
6784
"default rules only configure the <emphasis>filter</emphasis> table, and to "
6785
"enable masquerading the <emphasis>nat</emphasis> table will need to be "
6786
"configured. Add the following to the top of the file just after the header "
6787
"comments:"
6782
6788
msgstr ""
6783
6789
6784
#: serverguide/C/security.xml:653(programlisting)
6790
#: serverguide/C/security.xml:668(programlisting)
6785
6791
#, no-wrap
6786
6792
msgid ""
6787
6793
"\n"
6797
6803
"COMMIT\n"
6798
6804
msgstr ""
6799
6805
6800
#: serverguide/C/security.xml:664(para)
6806
#: serverguide/C/security.xml:679(para)
6801
6807
msgid ""
6802
6808
"The comments are not strictly necessary, but it is considered good practice "
6803
6809
"to document your configuration. Also, when modifying any of the "
6806
6812
"line for each table modified:"
6807
6813
msgstr ""
6808
6814
6809
#: serverguide/C/security.xml:670(programlisting)
6815
#: serverguide/C/security.xml:685(programlisting)
6810
6816
#, no-wrap
6811
6817
msgid ""
6812
6818
"\n"
6814
6820
"COMMIT\n"
6815
6821
msgstr ""
6816
6822
6817
#: serverguide/C/security.xml:675(para)
6823
#: serverguide/C/security.xml:690(para)
6818
6824
msgid ""
6819
6825
"For each <emphasis>Table</emphasis> a corresponding "
6820
6826
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6823
6829
"<emphasis>mangle</emphasis> tables."
6824
6830
msgstr ""
6825
6831
6826
#: serverguide/C/security.xml:682(para)
6832
#: serverguide/C/security.xml:697(para)
6827
6833
msgid ""
6828
6834
"In the above example replace <emphasis>eth0</emphasis>, "
6829
6835
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6830
6836
"appropriate interfaces and IP range for your network."
6831
6837
msgstr ""
6832
6838
6833
#: serverguide/C/security.xml:690(para)
6839
#: serverguide/C/security.xml:705(para)
6834
6840
msgid ""
6835
6841
"Finally, disable and re-enable <application>ufw</application> to apply the "
6836
6842
"changes:"
6837
6843
msgstr ""
6838
6844
6839
#: serverguide/C/security.xml:694(command)
6845
#: serverguide/C/security.xml:709(command)
6840
6846
msgid "sudo ufw disable && sudo ufw enable"
6841
6847
msgstr ""
6842
6848
6843
#: serverguide/C/security.xml:698(para)
6849
#: serverguide/C/security.xml:713(para)
6844
6850
msgid ""
6845
6851
"IP Masquerading should now be enabled. You can also add any additional "
6846
6852
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6848
6854
"forward</emphasis> chain."
6849
6855
msgstr ""
6850
6856
6851
#: serverguide/C/security.xml:705(title)
6857
#: serverguide/C/security.xml:720(title)
6852
6858
msgid "iptables Masquerading"
6853
6859
msgstr ""
6854
6860
6855
#: serverguide/C/security.xml:706(para)
6861
#: serverguide/C/security.xml:721(para)
6856
6862
msgid ""
6857
6863
"<application>iptables</application> can also be used to enable Masquerading."
6858
6864
msgstr ""
6859
6865
6860
#: serverguide/C/security.xml:711(para)
6866
#: serverguide/C/security.xml:726(para)
6861
6867
msgid ""
6862
6868
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6863
6869
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6864
"uncomment the following line"
6870
"uncomment the following line:"
6865
6871
msgstr ""
6866
6872
6867
#: serverguide/C/security.xml:715(programlisting)
6873
#: serverguide/C/security.xml:730(programlisting)
6868
6874
#, no-wrap
6869
6875
msgid ""
6870
6876
"\n"
6871
6877
"net.ipv4.ip_forward=1\n"
6872
6878
msgstr ""
6873
6879
6874
#: serverguide/C/security.xml:718(para)
6880
#: serverguide/C/security.xml:733(para)
6875
6881
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6876
6882
msgstr ""
6877
6883
6878
#: serverguide/C/security.xml:721(programlisting)
6884
#: serverguide/C/security.xml:736(programlisting)
6879
6885
#, no-wrap
6880
6886
msgid ""
6881
6887
"\n"
6882
6888
"net.ipv6.conf.default.forwarding=1\n"
6883
6889
msgstr ""
6884
6890
6885
#: serverguide/C/security.xml:726(para)
6891
#: serverguide/C/security.xml:741(para)
6886
6892
msgid ""
6887
6893
"Next, execute the <application>sysctl</application> command to enable the "
6888
6894
"new settings in the configuration file:"
6889
6895
msgstr ""
6890
6896
6891
#: serverguide/C/security.xml:730(command)
6897
#: serverguide/C/security.xml:745(command)
6892
6898
msgid "sudo sysctl -p"
6893
6899
msgstr ""
6894
6900
6895
#: serverguide/C/security.xml:734(para)
6901
#: serverguide/C/security.xml:749(para)
6896
6902
msgid ""
6897
6903
"IP Masquerading can now be accomplished with a single iptables rule, which "
6898
6904
"may differ slightly based on your network configuration:"
6899
6905
msgstr ""
6900
6906
6901
#: serverguide/C/security.xml:737(screen)
6907
#: serverguide/C/security.xml:752(screen)
6902
6908
#, no-wrap
6903
6909
msgid ""
6904
6910
"\n"
6905
6911
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6906
6912
msgstr ""
6907
6913
6908
#: serverguide/C/security.xml:740(para)
6914
#: serverguide/C/security.xml:755(para)
6909
6915
msgid ""
6910
6916
"The above command assumes that your private address space is 192.168.0.0/16 "
6911
6917
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6912
6918
"follows:"
6913
6919
msgstr ""
6914
6920
6915
#: serverguide/C/security.xml:745(para)
6921
#: serverguide/C/security.xml:760(para)
6916
6922
msgid "-t nat -- the rule is to go into the nat table"
6917
6923
msgstr ""
6918
6924
6919
#: serverguide/C/security.xml:746(para)
6925
#: serverguide/C/security.xml:761(para)
6920
6926
msgid ""
6921
6927
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6922
6928
msgstr ""
6923
6929
6924
#: serverguide/C/security.xml:747(para)
6930
#: serverguide/C/security.xml:762(para)
6925
6931
msgid ""
6926
6932
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6927
6933
"specified address space"
6928
6934
msgstr ""
6929
6935
6930
#: serverguide/C/security.xml:748(para)
6936
#: serverguide/C/security.xml:763(para)
6931
6937
msgid ""
6932
6938
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6933
6939
"specified network device"
6934
6940
msgstr ""
6935
6941
6936
#: serverguide/C/security.xml:750(para)
6942
#: serverguide/C/security.xml:765(para)
6937
6943
msgid ""
6938
6944
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6939
6945
"MASQUERADE target to be manipulated as described above"
6940
6946
msgstr ""
6941
6947
6942
#: serverguide/C/security.xml:758(para)
6948
#: serverguide/C/security.xml:773(para)
6943
6949
msgid ""
6944
6950
"Also, each chain in the filter table (the default table, and where most or "
6945
6951
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6949
6955
"above rule to work:"
6950
6956
msgstr ""
6951
6957
6952
#: serverguide/C/security.xml:765(screen)
6958
#: serverguide/C/security.xml:780(screen)
6953
6959
#, no-wrap
6954
6960
msgid ""
6955
6961
"\n"
6958
6964
"--state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
6959
6965
msgstr ""
6960
6966
6961
#: serverguide/C/security.xml:770(para)
6967
#: serverguide/C/security.xml:785(para)
6962
6968
msgid ""
6963
6969
"The above commands will allow all connections from your local network to the "
6964
6970
"Internet and all traffic related to those connections to return to the "
6965
6971
"machine that initiated them."
6966
6972
msgstr ""
6967
6973
6968
#: serverguide/C/security.xml:777(para)
6974
#: serverguide/C/security.xml:792(para)
6969
6975
msgid ""
6970
6976
"If you want masquerading to be enabled on reboot, which you probably do, "
6971
6977
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
6972
6978
"example add the first command with no filtering:"
6973
6979
msgstr ""
6974
6980
6975
#: serverguide/C/security.xml:781(screen)
6981
#: serverguide/C/security.xml:796(screen)
6976
6982
#, no-wrap
6977
6983
msgid ""
6978
6984
"\n"
6979
6985
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6980
6986
msgstr ""
6981
6987
6982
#: serverguide/C/security.xml:789(title)
6988
#: serverguide/C/security.xml:804(title)
6983
6989
msgid "Logs"
6984
6990
msgstr ""
6985
6991
6986
#: serverguide/C/security.xml:790(para)
6992
#: serverguide/C/security.xml:805(para)
6987
6993
msgid ""
6988
6994
"Firewall logs are essential for recognizing attacks, troubleshooting your "
6989
6995
"firewall rules, and noticing unusual activity on your network. You must "
6993
6999
"REJECT)."
6994
7000
msgstr ""
6995
7001
6996
#: serverguide/C/security.xml:797(para)
7002
#: serverguide/C/security.xml:812(para)
6997
7003
msgid ""
6998
7004
"If you are using <application>ufw</application>, you can turn on logging by "
6999
7005
"entering the following in a terminal:"
7000
7006
msgstr ""
7001
7007
7002
#: serverguide/C/security.xml:801(command)
7008
#: serverguide/C/security.xml:816(command)
7003
7009
msgid "sudo ufw logging on"
7004
7010
msgstr ""
7005
7011
7006
#: serverguide/C/security.xml:803(para)
7012
#: serverguide/C/security.xml:818(para)
7007
7013
msgid ""
7008
7014
"To turn logging off in <application>ufw</application>, simply replace "
7009
7015
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7010
7016
"role=\"italic\">off</emphasis> in the above command."
7011
7017
msgstr ""
7012
7018
7013
#: serverguide/C/security.xml:806(para)
7019
#: serverguide/C/security.xml:821(para)
7014
7020
msgid ""
7015
7021
"If using <application>iptables</application> instead of "
7016
7022
"<application>ufw</application>, enter:"
7017
7023
msgstr ""
7018
7024
7019
#: serverguide/C/security.xml:809(screen)
7025
#: serverguide/C/security.xml:824(screen)
7020
7026
#, no-wrap
7021
7027
msgid ""
7022
7028
"\n"
7024
7030
"-j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
7025
7031
msgstr ""
7026
7032
7027
#: serverguide/C/security.xml:813(para)
7033
#: serverguide/C/security.xml:828(para)
7028
7034
msgid ""
7029
7035
"A request on port 80 from the local machine, then, would generate a log in "
7030
7036
"dmesg that looks like this (single line split into 3 to fit this document):"
7040
7046
"SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0\n"
7041
7047
msgstr ""
7042
7048
7043
#: serverguide/C/security.xml:822(para)
7049
#: serverguide/C/security.xml:836(para)
7044
7050
msgid ""
7045
7051
"The above log will also appear in <filename>/var/log/messages</filename>, "
7046
7052
"<filename>/var/log/syslog</filename>, and "
7057
7063
"or <application>lire</application>."
7058
7064
msgstr ""
7059
7065
7060
#: serverguide/C/security.xml:837(title)
7066
#: serverguide/C/security.xml:851(title)
7061
7067
msgid "Other Tools"
7062
7068
msgstr ""
7063
7069
7064
#: serverguide/C/security.xml:838(para)
7070
#: serverguide/C/security.xml:852(para)
7065
7071
msgid ""
7066
7072
"There are many tools available to help you construct a complete firewall "
7067
7073
"without intimate knowledge of iptables. For the GUI-inclined:"
7068
7074
msgstr ""
7069
7075
7070
#: serverguide/C/security.xml:844(para)
7076
#: serverguide/C/security.xml:858(para)
7071
7077
msgid ""
7072
7078
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7073
7079
"and will look familiar to an administrator who has used a commercial "
7074
7080
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7075
7081
msgstr ""
7076
7082
7077
#: serverguide/C/security.xml:850(para)
7083
#: serverguide/C/security.xml:864(para)
7078
7084
msgid ""
7079
7085
"If you prefer a command-line tool with plain-text configuration files:"
7080
7086
msgstr ""
7081
7087
7082
#: serverguide/C/security.xml:855(para)
7088
#: serverguide/C/security.xml:869(para)
7083
7089
msgid ""
7084
7090
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7085
7091
"powerful solution to help you configure an advanced firewall for any network."
7086
7092
msgstr ""
7087
7093
7088
#: serverguide/C/security.xml:866(para)
7094
#: serverguide/C/security.xml:880(para)
7089
7095
msgid ""
7090
7096
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7091
7097
"Firewall</ulink> wiki page contains information on the development of "
7092
7098
"<application>ufw</application>."
7093
7099
msgstr ""
7094
7100
7095
#: serverguide/C/security.xml:872(para)
7101
#: serverguide/C/security.xml:886(para)
7096
7102
msgid ""
7097
7103
"Also, the <application>ufw</application> manual page contains some very "
7098
7104
"useful information: <command>man ufw</command>."
7099
7105
msgstr ""
7100
7106
7101
#: serverguide/C/security.xml:877(para)
7107
#: serverguide/C/security.xml:891(para)
7102
7108
msgid ""
7103
7109
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7104
7110
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7105
7111
"on using <application>iptables</application>."
7106
7112
msgstr ""
7107
7113
7108
#: serverguide/C/security.xml:883(para)
7114
#: serverguide/C/security.xml:897(para)
7109
7115
msgid ""
7110
7116
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7111
7117
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7112
7118
msgstr ""
7113
7119
7114
#: serverguide/C/security.xml:889(para)
7120
#: serverguide/C/security.xml:903(para)
7115
7121
msgid ""
7116
7122
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7117
7123
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7118
7124
msgstr ""
7119
7125
7120
#: serverguide/C/security.xml:897(title)
7126
#: serverguide/C/security.xml:911(title)
7121
7127
msgid "AppArmor"
7122
7128
msgstr ""
7123
7129
7124
#: serverguide/C/security.xml:898(para)
7130
#: serverguide/C/security.xml:912(para)
7125
7131
msgid ""
7126
7132
"<application>AppArmor</application> is a Linux Security Module "
7127
7133
"implementation of name-based mandatory access controls. AppArmor confines "
7129
7135
"capabilities."
7130
7136
msgstr ""
7131
7137
7132
#: serverguide/C/security.xml:902(para)
7138
#: serverguide/C/security.xml:916(para)
7133
7139
msgid ""
7134
7140
"<application>AppArmor</application> is installed and loaded by default. It "
7135
7141
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7138
7144
"<application>apparmor-profiles</application> package."
7139
7145
msgstr ""
7140
7146
7141
#: serverguide/C/security.xml:907(para)
7147
#: serverguide/C/security.xml:921(para)
7142
7148
msgid ""
7143
7149
"To install the <application>apparmor-profiles</application> package from a "
7144
7150
"terminal prompt:"
7145
7151
msgstr ""
7146
7152
7147
#: serverguide/C/security.xml:911(command)
7153
#: serverguide/C/security.xml:925(command)
7148
7154
msgid "sudo apt-get install apparmor-profiles"
7149
7155
msgstr "sudo apt-get install apparmor-profiles"
7150
7156
7151
#: serverguide/C/security.xml:913(para)
7157
#: serverguide/C/security.xml:927(para)
7152
7158
msgid "AppArmor profiles have two modes of execution:"
7153
7159
msgstr ""
7154
7160
7155
#: serverguide/C/security.xml:918(para)
7161
#: serverguide/C/security.xml:932(para)
7156
7162
msgid ""
7157
7163
"Complaining/Learning: profile violations are permitted and logged. Useful "
7158
7164
"for testing and developing new profiles."
7159
7165
msgstr ""
7160
7166
7161
#: serverguide/C/security.xml:923(para)
7167
#: serverguide/C/security.xml:937(para)
7162
7168
msgid ""
7163
7169
"Enforced/Confined: enforces profile policy as well as logging the violation."
7164
7170
msgstr ""
7165
7171
7166
#: serverguide/C/security.xml:929(title)
7172
#: serverguide/C/security.xml:943(title)
7167
7173
msgid "Using AppArmor"
7168
7174
msgstr ""
7169
7175
7174
7180
"#1304134</ulink>) and instructions will not work as advertised."
7175
7181
msgstr ""
7176
7182
7177
#: serverguide/C/security.xml:930(para)
7183
#: serverguide/C/security.xml:950(para)
7178
7184
msgid ""
7179
7185
"The <application>apparmor-utils</application> package contains command line "
7180
7186
"utilities that you can use to change the <application>AppArmor</application> "
7181
7187
"execution mode, find the status of a profile, create new profiles, etc."
7182
7188
msgstr ""
7183
7189
7184
#: serverguide/C/security.xml:936(para)
7190
#: serverguide/C/security.xml:956(para)
7185
7191
msgid ""
7186
7192
"<application>apparmor_status</application> is used to view the current "
7187
7193
"status of AppArmor profiles."
7188
7194
msgstr ""
7189
7195
7190
#: serverguide/C/security.xml:940(command)
7196
#: serverguide/C/security.xml:960(command)
7191
7197
msgid "sudo apparmor_status"
7192
7198
msgstr ""
7193
7199
7194
#: serverguide/C/security.xml:944(para)
7200
#: serverguide/C/security.xml:964(para)
7195
7201
msgid ""
7196
7202
"<application>aa-complain</application> places a profile into "
7197
7203
"<emphasis>complain</emphasis> mode."
7198
7204
msgstr ""
7199
7205
7200
#: serverguide/C/security.xml:948(command)
7206
#: serverguide/C/security.xml:968(command)
7201
7207
msgid "sudo aa-complain /path/to/bin"
7202
7208
msgstr ""
7203
7209
7204
#: serverguide/C/security.xml:952(para)
7210
#: serverguide/C/security.xml:972(para)
7205
7211
msgid ""
7206
7212
"<application>aa-enforce</application> places a profile into "
7207
7213
"<emphasis>enforce</emphasis> mode."
7208
7214
msgstr ""
7209
7215
7210
#: serverguide/C/security.xml:956(command)
7216
#: serverguide/C/security.xml:976(command)
7211
7217
msgid "sudo aa-enforce /path/to/bin"
7212
7218
msgstr ""
7213
7219
7214
#: serverguide/C/security.xml:960(para)
7220
#: serverguide/C/security.xml:980(para)
7215
7221
msgid ""
7216
7222
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7217
7223
"profiles are located. It can be used to manipulate the "
7218
7224
"<emphasis>mode</emphasis> of all profiles."
7219
7225
msgstr ""
7220
7226
7221
#: serverguide/C/security.xml:964(para)
7227
#: serverguide/C/security.xml:984(para)
7222
7228
msgid "Enter the following to place all profiles into complain mode:"
7223
7229
msgstr ""
7224
7230
7225
#: serverguide/C/security.xml:968(command)
7231
#: serverguide/C/security.xml:988(command)
7226
7232
msgid "sudo aa-complain /etc/apparmor.d/*"
7227
7233
msgstr ""
7228
7234
7229
#: serverguide/C/security.xml:970(para)
7235
#: serverguide/C/security.xml:990(para)
7230
7236
msgid "To place all profiles in enforce mode:"
7231
7237
msgstr ""
7232
7238
7233
#: serverguide/C/security.xml:974(command)
7239
#: serverguide/C/security.xml:994(command)
7234
7240
msgid "sudo aa-enforce /etc/apparmor.d/*"
7235
7241
msgstr ""
7236
7242
7237
#: serverguide/C/security.xml:978(para)
7243
#: serverguide/C/security.xml:998(para)
7238
7244
msgid ""
7239
7245
"<application>apparmor_parser</application> is used to load a profile into "
7240
7246
"the kernel. It can also be used to reload a currently loaded profile using "
7241
7247
"the <emphasis>-r</emphasis> option. To load a profile:"
7242
7248
msgstr ""
7243
7249
7244
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7250
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7245
7251
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7246
7252
msgstr ""
7247
7253
7248
#: serverguide/C/security.xml:985(para)
7254
#: serverguide/C/security.xml:1005(para)
7249
7255
msgid "To reload a profile:"
7250
7256
msgstr ""
7251
7257
7252
#: serverguide/C/security.xml:989(command)
7258
#: serverguide/C/security.xml:1009(command)
7253
7259
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7254
7260
msgstr ""
7255
7261
7259
7265
"<emphasis>reload</emphasis> all profiles:"
7260
7266
msgstr ""
7261
7267
7262
#: serverguide/C/network-auth.xml:964(command)
7268
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7263
7269
msgid "sudo service apparmor reload"
7264
7270
msgstr ""
7265
7271
7266
#: serverguide/C/security.xml:1001(para)
7272
#: serverguide/C/security.xml:1021(para)
7267
7273
msgid ""
7268
7274
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7269
7275
"with the <application>apparmor_parser -R</application> option to "
7270
7276
"<emphasis>disable</emphasis> a profile."
7271
7277
msgstr ""
7272
7278
7273
#: serverguide/C/security.xml:1006(command)
7279
#: serverguide/C/security.xml:1026(command)
7274
7280
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7275
7281
msgstr ""
7276
7282
7277
#: serverguide/C/security.xml:1007(command)
7283
#: serverguide/C/security.xml:1027(command)
7278
7284
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7279
7285
msgstr ""
7280
7286
7281
#: serverguide/C/security.xml:1009(para)
7287
#: serverguide/C/security.xml:1029(para)
7282
7288
msgid ""
7283
7289
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7284
7290
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7285
7291
"load the profile using the <emphasis>-a</emphasis> option."
7286
7292
msgstr ""
7287
7293
7288
#: serverguide/C/security.xml:1014(command)
7294
#: serverguide/C/security.xml:1034(command)
7289
7295
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7290
7296
msgstr ""
7291
7297
7292
#: serverguide/C/security.xml:1019(para)
7298
#: serverguide/C/security.xml:1039(para)
7293
7299
msgid ""
7294
7300
"<application>AppArmor</application> can be disabled, and the kernel module "
7295
7301
"unloaded by entering the following:"
7299
7305
msgid "sudo service apparmor stop"
7300
7306
msgstr ""
7301
7307
7302
#: serverguide/C/security.xml:1024(command)
7308
#: serverguide/C/security.xml:1044(command)
7303
7309
msgid "sudo update-rc.d -f apparmor remove"
7304
7310
msgstr ""
7305
7311
7306
#: serverguide/C/security.xml:1028(para)
7312
#: serverguide/C/security.xml:1048(para)
7307
7313
msgid "To re-enable <application>AppArmor</application> enter:"
7308
7314
msgstr ""
7309
7315
7311
7317
msgid "sudo service apparmor start"
7312
7318
msgstr ""
7313
7319
7314
#: serverguide/C/security.xml:1033(command)
7320
#: serverguide/C/security.xml:1053(command)
7315
7321
msgid "sudo update-rc.d apparmor defaults"
7316
7322
msgstr ""
7317
7323
7318
#: serverguide/C/security.xml:1038(para)
7324
#: serverguide/C/security.xml:1058(para)
7319
7325
msgid ""
7320
7326
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7321
7327
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7323
7329
"<application>ping</application> command use <filename>/bin/ping</filename>"
7324
7330
msgstr ""
7325
7331
7326
#: serverguide/C/security.xml:1046(title)
7332
#: serverguide/C/security.xml:1066(title)
7327
7333
msgid "Profiles"
7328
7334
msgstr ""
7329
7335
7330
#: serverguide/C/security.xml:1047(para)
7336
#: serverguide/C/security.xml:1067(para)
7331
7337
msgid ""
7332
7338
"<application>AppArmor</application> profiles are simple text files located "
7333
7339
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7336
7342
"profile for the <filename>/bin/ping</filename> command."
7337
7343
msgstr ""
7338
7344
7339
#: serverguide/C/security.xml:1053(para)
7345
#: serverguide/C/security.xml:1073(para)
7340
7346
msgid "There are two main type of rules used in profiles:"
7341
7347
msgstr ""
7342
7348
7343
#: serverguide/C/security.xml:1058(para)
7349
#: serverguide/C/security.xml:1078(para)
7344
7350
msgid ""
7345
"<emphasis>Path entries:</emphasis> which detail which files an application "
7346
"can access in the file system."
7351
"<emphasis>Path entries:</emphasis> detail which files an application can "
7352
"access in the file system."
7347
7353
msgstr ""
7348
7354
7349
#: serverguide/C/security.xml:1063(para)
7355
#: serverguide/C/security.xml:1083(para)
7350
7356
msgid ""
7351
7357
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7352
7358
"confined process is allowed to use."
7353
7359
msgstr ""
7354
7360
7355
#: serverguide/C/security.xml:1068(para)
7361
#: serverguide/C/security.xml:1088(para)
7356
7362
msgid ""
7357
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7363
"As an example, take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7358
7364
msgstr ""
7359
7365
7360
#: serverguide/C/security.xml:1071(programlisting)
7366
#: serverguide/C/security.xml:1091(programlisting)
7361
7367
#, no-wrap
7362
7368
msgid ""
7363
7369
"\n"
7376
7382
"}\n"
7377
7383
msgstr ""
7378
7384
7379
#: serverguide/C/security.xml:1088(para)
7385
#: serverguide/C/security.xml:1108(para)
7380
7386
msgid ""
7381
7387
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7382
7388
"from other files. This allows statements pertaining to multiple applications "
7383
7389
"to be placed in a common file."
7384
7390
msgstr ""
7385
7391
7386
#: serverguide/C/security.xml:1094(para)
7392
#: serverguide/C/security.xml:1114(para)
7387
7393
msgid ""
7388
7394
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7389
7395
"program, also setting the mode to <emphasis>complain</emphasis>."
7390
7396
msgstr ""
7391
7397
7392
#: serverguide/C/security.xml:1100(para)
7398
#: serverguide/C/security.xml:1120(para)
7393
7399
msgid ""
7394
7400
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7395
7401
"the CAP_NET_RAW Posix.1e capability."
7396
7402
msgstr ""
7397
7403
7398
#: serverguide/C/security.xml:1105(para)
7404
#: serverguide/C/security.xml:1125(para)
7399
7405
msgid ""
7400
7406
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7401
7407
"execute access to the file."
7402
7408
msgstr ""
7403
7409
7404
#: serverguide/C/security.xml:1111(para)
7410
#: serverguide/C/security.xml:1131(para)
7405
7411
msgid ""
7406
7412
"After editing a profile file the profile must be reloaded. See <xref "
7407
7413
"linkend=\"apparmor-usage\"/> for details."
7408
7414
msgstr ""
7409
7415
7410
#: serverguide/C/security.xml:1116(title)
7416
#: serverguide/C/security.xml:1136(title)
7411
7417
msgid "Creating a Profile"
7412
7418
msgstr ""
7413
7419
7414
#: serverguide/C/security.xml:1119(para)
7420
#: serverguide/C/security.xml:1139(para)
7415
7421
msgid ""
7416
7422
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7417
7423
"application should be exercised. The test plan should be divided into small "
7419
7425
"steps to follow."
7420
7426
msgstr ""
7421
7427
7422
#: serverguide/C/security.xml:1123(para)
7428
#: serverguide/C/security.xml:1143(para)
7423
7429
msgid "Some standard test cases are:"
7424
7430
msgstr ""
7425
7431
7426
#: serverguide/C/security.xml:1128(para)
7432
#: serverguide/C/security.xml:1148(para)
7427
7433
msgid "Starting the program."
7428
7434
msgstr ""
7429
7435
7430
#: serverguide/C/security.xml:1133(para)
7436
#: serverguide/C/security.xml:1153(para)
7431
7437
msgid "Stopping the program."
7432
7438
msgstr ""
7433
7439
7434
#: serverguide/C/security.xml:1138(para)
7440
#: serverguide/C/security.xml:1158(para)
7435
7441
msgid "Reloading the program."
7436
7442
msgstr ""
7437
7443
7438
#: serverguide/C/security.xml:1143(para)
7444
#: serverguide/C/security.xml:1163(para)
7439
7445
msgid "Testing all the commands supported by the init script."
7440
7446
msgstr ""
7441
7447
7442
#: serverguide/C/security.xml:1150(para)
7448
#: serverguide/C/security.xml:1170(para)
7443
7449
msgid ""
7444
7450
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7445
7451
"genprof</application> to generate a new profile. From a terminal:"
7446
7452
msgstr ""
7447
7453
7448
#: serverguide/C/security.xml:1155(command)
7454
#: serverguide/C/security.xml:1175(command)
7449
7455
msgid "sudo aa-genprof executable"
7450
7456
msgstr ""
7451
7457
7452
#: serverguide/C/security.xml:1157(para)
7458
#: serverguide/C/security.xml:1177(para)
7453
7459
msgid "For example:"
7454
7460
msgstr ""
7455
7461
7456
#: serverguide/C/security.xml:1161(command)
7462
#: serverguide/C/security.xml:1181(command)
7457
7463
msgid "sudo aa-genprof slapd"
7458
7464
msgstr ""
7459
7465
7460
#: serverguide/C/security.xml:1165(para)
7466
#: serverguide/C/security.xml:1185(para)
7461
7467
msgid ""
7462
7468
"To get your new profile included in the <application>apparmor-"
7463
7469
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7466
7472
"/ulink> package:"
7467
7473
msgstr ""
7468
7474
7469
#: serverguide/C/security.xml:1172(para)
7475
#: serverguide/C/security.xml:1192(para)
7470
7476
msgid "Include your test plan and test cases."
7471
7477
msgstr ""
7472
7478
7473
#: serverguide/C/security.xml:1177(para)
7479
#: serverguide/C/security.xml:1197(para)
7474
7480
msgid "Attach your new profile to the bug."
7475
7481
msgstr ""
7476
7482
7477
#: serverguide/C/security.xml:1186(title)
7483
#: serverguide/C/security.xml:1206(title)
7478
7484
msgid "Updating Profiles"
7479
7485
msgstr ""
7480
7486
7481
#: serverguide/C/security.xml:1187(para)
7487
#: serverguide/C/security.xml:1207(para)
7482
7488
msgid ""
7483
7489
"When the program is misbehaving, audit messages are sent to the log files. "
7484
7490
"The program <application>aa-logprof</application> can be used to scan log "
7486
7492
"and update the profiles. From a terminal:"
7487
7493
msgstr ""
7488
7494
7489
#: serverguide/C/security.xml:1192(command)
7495
#: serverguide/C/security.xml:1212(command)
7490
7496
msgid "sudo aa-logprof"
7491
7497
msgstr ""
7492
7498
7493
#: serverguide/C/security.xml:1200(para)
7499
#: serverguide/C/security.xml:1220(para)
7494
7500
msgid ""
7495
7501
"See the <ulink "
7496
7502
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7499
7505
"configuration options."
7500
7506
msgstr ""
7501
7507
7502
#: serverguide/C/security.xml:1207(para)
7508
#: serverguide/C/security.xml:1227(para)
7503
7509
msgid ""
7504
7510
"For details using AppArmor with other Ubuntu releases see the <ulink "
7505
7511
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7506
7512
"Wiki</ulink> page."
7507
7513
msgstr ""
7508
7514
7509
#: serverguide/C/security.xml:1215(para)
7515
#: serverguide/C/security.xml:1235(para)
7510
7516
msgid ""
7511
7517
"The <ulink url=\"http://en.opensuse.org/SDB:AppArmor_geeks\">OpenSUSE "
7512
7518
"AppArmor</ulink> page is another introduction to AppArmor."
7513
7519
msgstr ""
7514
7520
7515
#: serverguide/C/security.xml:1222(para)
7521
#: serverguide/C/security.xml:1242(para)
7516
7522
msgid ""
7517
7523
"A great place to ask for <application>AppArmor</application> assistance, and "
7518
7524
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7520
7526
"url=\"http://freenode.net\">freenode</ulink>."
7521
7527
msgstr ""
7522
7528
7523
#: serverguide/C/security.xml:1232(title)
7529
#: serverguide/C/security.xml:1252(title)
7524
7530
msgid "Certificates"
7525
7531
msgstr ""
7526
7532
7527
#: serverguide/C/security.xml:1233(para)
7533
#: serverguide/C/security.xml:1253(para)
7528
7534
msgid ""
7529
7535
"One of the most common forms of cryptography today is <emphasis>public-"
7530
7536
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7534
7540
"the private key."
7535
7541
msgstr ""
7536
7542
7537
#: serverguide/C/security.xml:1239(para)
7543
#: serverguide/C/security.xml:1259(para)
7538
7544
msgid ""
7539
7545
"A common use for public-key cryptography is encrypting application traffic "
7540
7546
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7541
"connection. For example, configuring Apache to provide "
7547
"connection. One example: configuring Apache to provide "
7542
7548
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7543
7549
"encrypt traffic using a protocol that does not itself provide encryption."
7544
7550
msgstr ""
7545
7551
7546
#: serverguide/C/security.xml:1244(para)
7552
#: serverguide/C/security.xml:1264(para)
7547
7553
msgid ""
7548
7554
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7549
7555
"<emphasis>public key</emphasis> and other information about a server and the "
7550
7556
"organization who is responsible for it. Certificates can be digitally signed "
7551
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7557
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7552
7558
"third party that has confirmed that the information contained in the "
7553
7559
"certificate is accurate."
7554
7560
msgstr ""
7555
7561
7556
#: serverguide/C/security.xml:1251(title)
7562
#: serverguide/C/security.xml:1271(title)
7557
7563
msgid "Types of Certificates"
7558
7564
msgstr ""
7559
7565
7560
#: serverguide/C/security.xml:1252(para)
7566
#: serverguide/C/security.xml:1272(para)
7561
7567
msgid ""
7562
7568
"To set up a secure server using public-key cryptography, in most cases, you "
7563
7569
"send your certificate request (including your public key), proof of your "
7567
7573
"signed</emphasis> certificate."
7568
7574
msgstr ""
7569
7575
7570
#: serverguide/C/security.xml:1262(para)
7576
#: serverguide/C/security.xml:1282(para)
7571
7577
msgid ""
7572
"Note, that self-signed certificates should not be used in most production "
7578
"Note that self-signed certificates should not be used in most production "
7573
7579
"environments."
7574
7580
msgstr ""
7575
7581
7576
#: serverguide/C/security.xml:1266(para)
7582
#: serverguide/C/security.xml:1286(para)
7577
7583
msgid ""
7578
7584
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7579
7585
"capabilities that a self-signed certificate does not:"
7580
7586
msgstr ""
7581
7587
7582
#: serverguide/C/security.xml:1273(para)
7588
#: serverguide/C/security.xml:1293(para)
7583
7589
msgid ""
7584
7590
"Browsers (usually) automatically recognize the certificate and allow a "
7585
7591
"secure connection to be made without prompting the user."
7586
7592
msgstr ""
7587
7593
7588
#: serverguide/C/security.xml:1280(para)
7594
#: serverguide/C/security.xml:1300(para)
7589
7595
msgid ""
7590
7596
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7591
7597
"the organization that is providing the web pages to the browser."
7600
7606
"may generate an error message when using a self-signed certificate."
7601
7607
msgstr ""
7602
7608
7603
#: serverguide/C/security.xml:1296(para)
7609
#: serverguide/C/security.xml:1316(para)
7604
7610
msgid ""
7605
7611
"The process of getting a certificate from a CA is fairly easy. A quick "
7606
7612
"overview is as follows:"
7607
7613
msgstr ""
7608
7614
7609
#: serverguide/C/security.xml:1303(para)
7615
#: serverguide/C/security.xml:1323(para)
7610
7616
msgid "Create a private and public encryption key pair."
7611
7617
msgstr ""
7612
7618
7613
#: serverguide/C/security.xml:1306(para)
7619
#: serverguide/C/security.xml:1326(para)
7614
7620
msgid ""
7615
7621
"Create a certificate request based on the public key. The certificate "
7616
7622
"request contains information about your server and the company hosting it."
7617
7623
msgstr ""
7618
7624
7619
#: serverguide/C/security.xml:1311(para)
7625
#: serverguide/C/security.xml:1331(para)
7620
7626
msgid ""
7621
7627
"Send the certificate request, along with documents proving your identity, to "
7622
7628
"a CA. We cannot tell you which certificate authority to choose. Your "
7624
7630
"your friends or colleagues, or purely on monetary factors."
7625
7631
msgstr ""
7626
7632
7627
#: serverguide/C/security.xml:1317(para)
7633
#: serverguide/C/security.xml:1337(para)
7628
7634
msgid ""
7629
7635
"Once you have decided upon a CA, you need to follow the instructions they "
7630
7636
"provide on how to obtain a certificate from them."
7631
7637
msgstr ""
7632
7638
7633
#: serverguide/C/security.xml:1322(para)
7639
#: serverguide/C/security.xml:1342(para)
7634
7640
msgid ""
7635
7641
"When the CA is satisfied that you are indeed who you claim to be, they send "
7636
7642
"you a digital certificate."
7637
7643
msgstr ""
7638
7644
7639
#: serverguide/C/security.xml:1326(para)
7645
#: serverguide/C/security.xml:1346(para)
7640
7646
msgid ""
7641
7647
"Install this certificate on your secure server, and configure the "
7642
7648
"appropriate applications to use the certificate."
7643
7649
msgstr ""
7644
7650
7645
#: serverguide/C/security.xml:1335(title)
7651
#: serverguide/C/security.xml:1355(title)
7646
7652
msgid "Generating a Certificate Signing Request (CSR)"
7647
7653
msgstr ""
7648
7654
7649
#: serverguide/C/security.xml:1337(para)
7655
#: serverguide/C/security.xml:1357(para)
7650
7656
msgid ""
7651
7657
"Whether you are getting a certificate from a CA or generating your own self-"
7652
7658
"signed certificate, the first step is to generate a key."
7653
7659
msgstr ""
7654
7660
7655
#: serverguide/C/security.xml:1342(para)
7661
#: serverguide/C/security.xml:1362(para)
7656
7662
msgid ""
7657
7663
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7658
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7664
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7659
7665
"passphrase allows the services to start without manual intervention, usually "
7660
7666
"the preferred way to start a daemon."
7661
7667
msgstr ""
7662
7668
7663
#: serverguide/C/security.xml:1348(para)
7669
#: serverguide/C/security.xml:1368(para)
7664
7670
msgid ""
7665
7671
"This section will cover generating a key with a passphrase, and one without. "
7666
7672
"The non-passphrase key will then be used to generate a certificate that can "
7667
7673
"be used with various service daemons."
7668
7674
msgstr ""
7669
7675
7670
#: serverguide/C/security.xml:1354(para)
7676
#: serverguide/C/security.xml:1374(para)
7671
7677
msgid ""
7672
7678
"Running your secure service without a passphrase is convenient because you "
7673
7679
"will not need to enter the passphrase every time you start your secure "
7675
7681
"of the server as well."
7676
7682
msgstr ""
7677
7683
7678
#: serverguide/C/security.xml:1361(para)
7684
#: serverguide/C/security.xml:1381(para)
7679
7685
msgid ""
7680
7686
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7681
7687
"Request (CSR) run the following command from a terminal prompt:"
7682
7688
msgstr ""
7683
7689
7684
#: serverguide/C/security.xml:1367(command)
7690
#: serverguide/C/security.xml:1387(command)
7685
7691
msgid "openssl genrsa -des3 -out server.key 2048"
7686
7692
msgstr ""
7687
7693
7688
#: serverguide/C/security.xml:1370(programlisting)
7694
#: serverguide/C/security.xml:1390(programlisting)
7689
7695
#, no-wrap
7690
7696
msgid ""
7691
7697
"\n"
7696
7702
"Enter pass phrase for server.key:\n"
7697
7703
msgstr ""
7698
7704
7699
#: serverguide/C/security.xml:1378(para)
7705
#: serverguide/C/security.xml:1398(para)
7700
7706
msgid ""
7701
7707
"You can now enter your passphrase. For best security, it should at least "
7702
7708
"contain eight characters. The minimum length when specifying -des3 is four "
7704
7710
"in a dictionary. Also remember that your passphrase is case-sensitive."
7705
7711
msgstr ""
7706
7712
7707
#: serverguide/C/security.xml:1386(para)
7713
#: serverguide/C/security.xml:1406(para)
7708
7714
msgid ""
7709
7715
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7710
7716
"server key is generated and stored in the <filename>server.key</filename> "
7711
7717
"file."
7712
7718
msgstr ""
7713
7719
7714
#: serverguide/C/security.xml:1392(para)
7720
#: serverguide/C/security.xml:1412(para)
7715
7721
msgid ""
7716
7722
"Now create the insecure key, the one without a passphrase, and shuffle the "
7717
7723
"key names:"
7718
7724
msgstr ""
7719
7725
7720
#: serverguide/C/security.xml:1398(command)
7726
#: serverguide/C/security.xml:1418(command)
7721
7727
msgid "openssl rsa -in server.key -out server.key.insecure"
7722
7728
msgstr ""
7723
7729
7724
#: serverguide/C/security.xml:1399(command)
7730
#: serverguide/C/security.xml:1419(command)
7725
7731
msgid "mv server.key server.key.secure"
7726
7732
msgstr ""
7727
7733
7728
#: serverguide/C/security.xml:1400(command)
7734
#: serverguide/C/security.xml:1420(command)
7729
7735
msgid "mv server.key.insecure server.key"
7730
7736
msgstr ""
7731
7737
7732
#: serverguide/C/security.xml:1403(para)
7738
#: serverguide/C/security.xml:1423(para)
7733
7739
msgid ""
7734
7740
"The insecure key is now named <filename>server.key</filename>, and you can "
7735
7741
"use this file to generate the CSR without passphrase."
7736
7742
msgstr ""
7737
7743
7738
#: serverguide/C/security.xml:1408(para)
7744
#: serverguide/C/security.xml:1428(para)
7739
7745
msgid "To create the CSR, run the following command at a terminal prompt:"
7740
7746
msgstr ""
7741
7747
7742
#: serverguide/C/security.xml:1413(command)
7748
#: serverguide/C/security.xml:1433(command)
7743
7749
msgid "openssl req -new -key server.key -out server.csr"
7744
7750
msgstr ""
7745
7751
7746
#: serverguide/C/security.xml:1416(para)
7752
#: serverguide/C/security.xml:1436(para)
7747
7753
msgid ""
7748
7754
"It will prompt you enter the passphrase. If you enter the correct "
7749
7755
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7751
7757
"be stored in the <filename>server.csr</filename> file."
7752
7758
msgstr ""
7753
7759
7754
#: serverguide/C/security.xml:1424(para)
7760
#: serverguide/C/security.xml:1444(para)
7755
7761
msgid ""
7756
7762
"You can now submit this CSR file to a CA for processing. The CA will use "
7757
7763
"this CSR file and issue the certificate. On the other hand, you can create "
7758
7764
"self-signed certificate using this CSR."
7759
7765
msgstr ""
7760
7766
7761
#: serverguide/C/security.xml:1432(title)
7767
#: serverguide/C/security.xml:1452(title)
7762
7768
msgid "Creating a Self-Signed Certificate"
7763
7769
msgstr ""
7764
7770
7765
#: serverguide/C/security.xml:1433(para)
7771
#: serverguide/C/security.xml:1453(para)
7766
7772
msgid ""
7767
7773
"To create the self-signed certificate, run the following command at a "
7768
7774
"terminal prompt:"
7769
7775
msgstr ""
7770
7776
7771
#: serverguide/C/security.xml:1438(command)
7777
#: serverguide/C/security.xml:1458(command)
7772
7778
msgid ""
7773
7779
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7774
7780
"server.crt"
7775
7781
msgstr ""
7776
7782
7777
#: serverguide/C/security.xml:1441(para)
7783
#: serverguide/C/security.xml:1461(para)
7778
7784
msgid ""
7779
7785
"The above command will prompt you to enter the passphrase. Once you enter "
7780
7786
"the correct passphrase, your certificate will be created and it will be "
7781
7787
"stored in the <filename>server.crt</filename> file."
7782
7788
msgstr ""
7783
7789
7784
#: serverguide/C/security.xml:1446(para)
7790
#: serverguide/C/security.xml:1466(para)
7785
7791
msgid ""
7786
7792
"If your secure server is to be used in a production environment, you "
7787
7793
"probably need a CA-signed certificate. It is not recommended to use self-"
7788
7794
"signed certificate."
7789
7795
msgstr ""
7790
7796
7791
#: serverguide/C/security.xml:1454(title)
7797
#: serverguide/C/security.xml:1474(title)
7792
7798
msgid "Installing the Certificate"
7793
7799
msgstr ""
7794
7800
7795
#: serverguide/C/security.xml:1456(para)
7801
#: serverguide/C/security.xml:1476(para)
7796
7802
msgid ""
7797
7803
"You can install the key file <filename>server.key</filename> and certificate "
7798
7804
"file <filename>server.crt</filename>, or the certificate file issued by your "
7799
7805
"CA, by running following commands at a terminal prompt:"
7800
7806
msgstr ""
7801
7807
7802
#: serverguide/C/security.xml:1462(command)
7808
#: serverguide/C/security.xml:1482(command)
7803
7809
msgid "sudo cp server.crt /etc/ssl/certs"
7804
7810
msgstr ""
7805
7811
7806
#: serverguide/C/security.xml:1463(command)
7812
#: serverguide/C/security.xml:1483(command)
7807
7813
msgid "sudo cp server.key /etc/ssl/private"
7808
7814
msgstr ""
7809
7815
7810
#: serverguide/C/security.xml:1465(para)
7816
#: serverguide/C/security.xml:1485(para)
7811
7817
msgid ""
7812
7818
"Now simply configure any applications, with the ability to use public-key "
7813
7819
"cryptography, to use the <emphasis>certificate</emphasis> and "
7816
7822
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7817
7823
msgstr ""
7818
7824
7819
#: serverguide/C/security.xml:1472(title)
7825
#: serverguide/C/security.xml:1492(title)
7820
7826
msgid "Certification Authority"
7821
7827
msgstr ""
7822
7828
7823
#: serverguide/C/security.xml:1474(para)
7829
#: serverguide/C/security.xml:1494(para)
7824
7830
msgid ""
7825
7831
"If the services on your network require more than a few self-signed "
7826
7832
"certificates it may be worth the additional effort to setup your own "
7830
7836
"the same CA."
7831
7837
msgstr ""
7832
7838
7833
#: serverguide/C/security.xml:1484(para)
7839
#: serverguide/C/security.xml:1504(para)
7834
7840
msgid ""
7835
7841
"First, create the directories to hold the CA certificate and related files:"
7836
7842
msgstr ""
7837
7843
7838
#: serverguide/C/security.xml:1489(command)
7844
#: serverguide/C/security.xml:1509(command)
7839
7845
msgid "sudo mkdir /etc/ssl/CA"
7840
7846
msgstr ""
7841
7847
7842
#: serverguide/C/security.xml:1490(command)
7848
#: serverguide/C/security.xml:1510(command)
7843
7849
msgid "sudo mkdir /etc/ssl/newcerts"
7844
7850
msgstr ""
7845
7851
7846
#: serverguide/C/security.xml:1496(para)
7852
#: serverguide/C/security.xml:1516(para)
7847
7853
msgid ""
7848
7854
"The CA needs a few additional files to operate, one to keep track of the "
7849
7855
"last serial number used by the CA, each certificate must have a unique "
7851
7857
"issued:"
7852
7858
msgstr ""
7853
7859
7854
#: serverguide/C/security.xml:1503(command)
7860
#: serverguide/C/security.xml:1523(command)
7855
7861
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7856
7862
msgstr ""
7857
7863
7858
#: serverguide/C/security.xml:1504(command)
7864
#: serverguide/C/security.xml:1524(command)
7859
7865
msgid "sudo touch /etc/ssl/CA/index.txt"
7860
7866
msgstr ""
7861
7867
7862
#: serverguide/C/security.xml:1510(para)
7868
#: serverguide/C/security.xml:1530(para)
7863
7869
msgid ""
7864
7870
"The third file is a CA configuration file. Though not strictly necessary, it "
7865
7871
"is very convenient when issuing multiple certificates. Edit "
7867
7873
"]</emphasis> change:"
7868
7874
msgstr ""
7869
7875
7870
#: serverguide/C/security.xml:1516(programlisting)
7876
#: serverguide/C/security.xml:1536(programlisting)
7871
7877
#, no-wrap
7872
7878
msgid ""
7873
7879
"\n"
7882
7888
msgid "Next, create the self-signed root certificate:"
7883
7889
msgstr ""
7884
7890
7885
#: serverguide/C/security.xml:1532(command)
7891
#: serverguide/C/security.xml:1552(command)
7886
7892
msgid ""
7887
7893
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7888
7894
"days 3650"
7889
7895
msgstr ""
7890
7896
7891
#: serverguide/C/security.xml:1535(para)
7897
#: serverguide/C/security.xml:1555(para)
7892
7898
msgid "You will then be asked to enter the details about the certificate."
7893
7899
msgstr ""
7894
7900
7895
#: serverguide/C/security.xml:1542(para)
7901
#: serverguide/C/security.xml:1562(para)
7896
7902
msgid "Now install the root certificate and key:"
7897
7903
msgstr ""
7898
7904
7899
#: serverguide/C/security.xml:1547(command)
7905
#: serverguide/C/security.xml:1567(command)
7900
7906
msgid "sudo mv cakey.pem /etc/ssl/private/"
7901
7907
msgstr ""
7902
7908
7903
#: serverguide/C/security.xml:1548(command)
7909
#: serverguide/C/security.xml:1568(command)
7904
7910
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7905
7911
msgstr ""
7906
7912
7907
#: serverguide/C/security.xml:1554(para)
7913
#: serverguide/C/security.xml:1574(para)
7908
7914
msgid ""
7909
7915
"You are now ready to start signing certificates. The first item needed is a "
7910
7916
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7912
7918
"certificate signed by the CA:"
7913
7919
msgstr ""
7914
7920
7915
#: serverguide/C/security.xml:1561(command)
7921
#: serverguide/C/security.xml:1581(command)
7916
7922
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7917
7923
msgstr ""
7918
7924
7919
#: serverguide/C/security.xml:1564(para)
7925
#: serverguide/C/security.xml:1584(para)
7920
7926
msgid ""
7921
7927
"After entering the password for the CA key, you will be prompted to sign the "
7922
7928
"certificate, and again to commit the new certificate. You should then see a "
7923
7929
"somewhat large amount of output related to the certificate creation."
7924
7930
msgstr ""
7925
7931
7926
#: serverguide/C/security.xml:1573(para)
7932
#: serverguide/C/security.xml:1593(para)
7927
7933
msgid ""
7928
7934
"There should now be a new file, "
7929
7935
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7934
7940
"<filename>mail.example.com.crt</filename>, is a nice descriptive name."
7935
7941
msgstr ""
7936
7942
7937
#: serverguide/C/security.xml:1581(para)
7943
#: serverguide/C/security.xml:1601(para)
7938
7944
msgid ""
7939
7945
"Subsequent certificates will be named <filename>02.pem</filename>, "
7940
7946
"<filename>03.pem</filename>, etc."
7941
7947
msgstr ""
7942
7948
7943
#: serverguide/C/security.xml:1586(para)
7949
#: serverguide/C/security.xml:1606(para)
7944
7950
msgid ""
7945
7951
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7946
7952
"name."
7947
7953
msgstr ""
7948
7954
7949
#: serverguide/C/security.xml:1594(para)
7955
#: serverguide/C/security.xml:1614(para)
7950
7956
msgid ""
7951
7957
"Finally, copy the new certificate to the host that needs it, and configure "
7952
7958
"the appropriate applications to use it. The default location to install "
7955
7961
"complicated file permissions."
7956
7962
msgstr ""
7957
7963
7958
#: serverguide/C/security.xml:1600(para)
7964
#: serverguide/C/security.xml:1620(para)
7959
7965
msgid ""
7960
7966
"For applications that can be configured to use a CA certificate, you should "
7961
7967
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
7963
7969
"server."
7964
7970
msgstr ""
7965
7971
7966
#: serverguide/C/security.xml:1614(para)
7972
#: serverguide/C/security.xml:1634(para)
7967
7973
msgid ""
7968
7974
"For more detailed instructions on using cryptography see the <ulink "
7969
7975
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
7970
"Certificates HOWTO</ulink> by tldp.org"
7976
"Certificates HOWTO</ulink> by tldp.org:"
7971
7977
msgstr ""
7972
7978
7973
#: serverguide/C/security.xml:1620(para)
7979
#: serverguide/C/security.xml:1640(para)
7974
7980
msgid ""
7975
7981
"The Wikipedia <ulink "
7976
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
7982
"url=\"http://en.wikipedia.org/wiki/HTTPS\">HTTPS</ulink> page has more "
7977
7983
"information regarding HTTPS."
7978
7984
msgstr ""
7979
7985
7980
#: serverguide/C/security.xml:1625(para)
7986
#: serverguide/C/security.xml:1645(para)
7981
7987
msgid ""
7982
7988
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
7983
7989
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
7984
7990
msgstr ""
7985
7991
7986
#: serverguide/C/security.xml:1630(para)
7992
#: serverguide/C/security.xml:1650(para)
7987
7993
msgid ""
7988
7994
"Also, O'Reilly's <ulink "
7989
7995
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
7990
"OpenSSL</ulink> is a good in depth reference."
7996
"OpenSSL</ulink> is a good in-depth reference."
7991
7997
msgstr ""
7992
7998
7993
#: serverguide/C/security.xml:1639(title)
7999
#: serverguide/C/security.xml:1659(title)
7994
8000
msgid "eCryptfs"
7995
8001
msgstr ""
7996
8002
8002
8008
"filesystem, partition type, etc."
8003
8009
msgstr ""
8004
8010
8005
#: serverguide/C/security.xml:1647(para)
8011
#: serverguide/C/security.xml:1667(para)
8006
8012
msgid ""
8007
8013
"During installation there is an option to encrypt the <filename "
8008
8014
"role=\"directory\">/home</filename> partition. This will automatically "
8009
8015
"configure everything needed to encrypt and mount the partition."
8010
8016
msgstr ""
8011
8017
8012
#: serverguide/C/security.xml:1652(para)
8018
#: serverguide/C/security.xml:1672(para)
8013
8019
msgid ""
8014
8020
"As an example, this section will cover configuring <filename "
8015
8021
"role=\"directory\">/srv</filename> to be encrypted using "
8016
8022
"<emphasis>eCryptfs</emphasis>."
8017
8023
msgstr ""
8018
8024
8019
#: serverguide/C/security.xml:1657(title)
8025
#: serverguide/C/security.xml:1677(title)
8020
8026
msgid "Using eCryptfs"
8021
8027
msgstr ""
8022
8028
8023
#: serverguide/C/security.xml:1659(para)
8029
#: serverguide/C/security.xml:1679(para)
8024
8030
msgid "First, install the necessary packages. From a terminal prompt enter:"
8025
8031
msgstr ""
8026
8032
8027
#: serverguide/C/security.xml:1664(command)
8033
#: serverguide/C/security.xml:1684(command)
8028
8034
msgid "sudo apt-get install ecryptfs-utils"
8029
8035
msgstr ""
8030
8036
8031
#: serverguide/C/security.xml:1667(para)
8037
#: serverguide/C/security.xml:1687(para)
8032
8038
msgid "Now mount the partition to be encrypted:"
8033
8039
msgstr ""
8034
8040
8035
#: serverguide/C/security.xml:1672(command)
8041
#: serverguide/C/security.xml:1692(command)
8036
8042
msgid "sudo mount -t ecryptfs /srv /srv"
8037
8043
msgstr ""
8038
8044
8039
#: serverguide/C/security.xml:1675(para)
8045
#: serverguide/C/security.xml:1695(para)
8040
8046
msgid ""
8041
8047
"You will then be prompted for some details on how "
8042
8048
"<application>ecryptfs</application> should encrypt the data."
8043
8049
msgstr ""
8044
8050
8045
#: serverguide/C/security.xml:1679(para)
8051
#: serverguide/C/security.xml:1699(para)
8046
8052
msgid ""
8047
8053
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8048
8054
"copy the <filename>/etc/default</filename> folder to "
8049
8055
"<filename>/srv</filename>:"
8050
8056
msgstr ""
8051
8057
8052
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8058
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8053
8059
msgid "sudo cp -r /etc/default /srv"
8054
8060
msgstr ""
8055
8061
8056
#: serverguide/C/security.xml:1688(para)
8062
#: serverguide/C/security.xml:1708(para)
8057
8063
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8058
8064
msgstr ""
8059
8065
8060
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8066
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8061
8067
msgid "sudo umount /srv"
8062
8068
msgstr ""
8063
8069
8064
#: serverguide/C/security.xml:1694(command)
8070
#: serverguide/C/security.xml:1714(command)
8065
8071
msgid "cat /srv/default/cron"
8066
8072
msgstr ""
8067
8073
8068
#: serverguide/C/security.xml:1697(para)
8074
#: serverguide/C/security.xml:1717(para)
8069
8075
msgid ""
8070
8076
"Remounting <filename>/srv</filename> using "
8071
8077
"<application>ecryptfs</application> will make the data viewable once again."
8072
8078
msgstr ""
8073
8079
8074
#: serverguide/C/security.xml:1703(title)
8080
#: serverguide/C/security.xml:1723(title)
8075
8081
msgid "Automatically Mounting Encrypted Partitions"
8076
8082
msgstr ""
8077
8083
8078
#: serverguide/C/security.xml:1705(para)
8084
#: serverguide/C/security.xml:1725(para)
8079
8085
msgid ""
8080
8086
"There are a couple of ways to automatically mount an "
8081
8087
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8083
8089
"mount options, along with a passphrase file residing on a USB key."
8084
8090
msgstr ""
8085
8091
8086
#: serverguide/C/security.xml:1711(para)
8092
#: serverguide/C/security.xml:1731(para)
8087
8093
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8088
8094
msgstr ""
8089
8095
8090
#: serverguide/C/security.xml:1715(programlisting)
8096
#: serverguide/C/security.xml:1735(programlisting)
8091
8097
#, no-wrap
8092
8098
msgid ""
8093
8099
"\n"
8099
8105
"ecryptfs_enable_filename_crypto=n\n"
8100
8106
msgstr ""
8101
8107
8102
#: serverguide/C/security.xml:1725(para)
8108
#: serverguide/C/security.xml:1745(para)
8103
8109
msgid ""
8104
8110
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8105
8111
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8106
8112
msgstr ""
8107
8113
8108
#: serverguide/C/security.xml:1730(para)
8114
#: serverguide/C/security.xml:1750(para)
8109
8115
msgid ""
8110
8116
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8111
8117
"file:"
8112
8118
msgstr ""
8113
8119
8114
#: serverguide/C/security.xml:1734(programlisting)
8120
#: serverguide/C/security.xml:1754(programlisting)
8115
8121
#, no-wrap
8116
8122
msgid ""
8117
8123
"\n"
8118
8124
"passphrase_passwd=[secrets]\n"
8119
8125
msgstr ""
8120
8126
8121
#: serverguide/C/security.xml:1738(para)
8127
#: serverguide/C/security.xml:1758(para)
8122
8128
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8123
8129
msgstr ""
8124
8130
8125
#: serverguide/C/security.xml:1742(programlisting)
8131
#: serverguide/C/security.xml:1762(programlisting)
8126
8132
#, no-wrap
8127
8133
msgid ""
8128
8134
"\n"
8130
8136
"/srv /srv ecryptfs defaults 0 0\n"
8131
8137
msgstr ""
8132
8138
8133
#: serverguide/C/security.xml:1747(para)
8139
#: serverguide/C/security.xml:1767(para)
8134
8140
msgid "Make sure the USB drive is mounted before the encrypted partition."
8135
8141
msgstr ""
8136
8142
8137
#: serverguide/C/security.xml:1751(para)
8143
#: serverguide/C/security.xml:1771(para)
8138
8144
msgid ""
8139
8145
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8140
8146
"<emphasis>eCryptfs</emphasis>."
8141
8147
msgstr ""
8142
8148
8143
#: serverguide/C/security.xml:1757(title)
8149
#: serverguide/C/security.xml:1777(title)
8144
8150
msgid "Other Utilities"
8145
8151
msgstr "Autres utilitaris"
8146
8152
8147
#: serverguide/C/security.xml:1759(para)
8153
#: serverguide/C/security.xml:1779(para)
8148
8154
msgid ""
8149
8155
"The <application>ecryptfs-utils</application> package includes several other "
8150
8156
"useful utilities:"
8151
8157
msgstr ""
8152
8158
8153
#: serverguide/C/security.xml:1765(para)
8159
#: serverguide/C/security.xml:1785(para)
8154
8160
msgid ""
8155
8161
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8156
8162
"<filename>~/Private</filename> directory to contain encrypted information. "
8158
8164
"other users on the system."
8159
8165
msgstr ""
8160
8166
8161
#: serverguide/C/security.xml:1772(para)
8167
#: serverguide/C/security.xml:1792(para)
8162
8168
msgid ""
8163
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8164
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8165
"directory."
8169
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8170
"private</emphasis> will mount and unmount a user's "
8171
"<filename>~/Private</filename> directory."
8166
8172
msgstr ""
8167
8173
8168
#: serverguide/C/security.xml:1778(para)
8174
#: serverguide/C/security.xml:1798(para)
8169
8175
msgid ""
8170
8176
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8171
8177
"kernel keyring."
8172
8178
msgstr ""
8173
8179
8174
#: serverguide/C/security.xml:1783(para)
8180
#: serverguide/C/security.xml:1803(para)
8175
8181
msgid ""
8176
8182
"<emphasis>ecryptfs-manager:</emphasis> manages "
8177
8183
"<application>eCryptfs</application> objects such as keys."
8178
8184
msgstr ""
8179
8185
8180
#: serverguide/C/security.xml:1788(para)
8186
#: serverguide/C/security.xml:1808(para)
8181
8187
msgid ""
8182
8188
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8183
8189
"<application>ecryptfs</application> meta information for a file."
8184
8190
msgstr ""
8185
8191
8186
#: serverguide/C/security.xml:1801(para)
8192
#: serverguide/C/security.xml:1821(para)
8187
8193
msgid ""
8188
8194
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8189
8195
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8190
8196
msgstr ""
8191
8197
8192
#: serverguide/C/security.xml:1806(para)
8198
#: serverguide/C/security.xml:1826(para)
8193
8199
msgid ""
8194
8200
"There is also a <ulink "
8195
8201
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8208
8214
msgid "Samba"
8209
8215
msgstr ""
8210
8216
8211
#: serverguide/C/windows-networking.xml:13(para)
8217
#: serverguide/C/samba.xml:13(para)
8212
8218
msgid ""
8213
8219
"Computer networks are often comprised of diverse systems, and while "
8214
8220
"operating a network made up entirely of Ubuntu desktop and server computers "
8229
8235
"principis e los espleches utilizats per configurar vòstre servidor Ubuntu "
8230
8236
"per partejar de ressorsas de ret amb d'ordenadors Windows."
8231
8237
8232
#: serverguide/C/windows-networking.xml:25(para)
8238
#: serverguide/C/samba.xml:25(para)
8233
8239
msgid ""
8234
8240
"Successfully networking your Ubuntu system with Windows clients involves "
8235
8241
"providing and integrating with services common to Windows environments. Such "
8243
8249
"e de las informacions suls ordenadors e los utilizaires presents sus la ret. "
8244
8250
"Pòdon èsser classats segon tres categorias principalas segon lor ròtle :"
8245
8251
8246
#: serverguide/C/windows-networking.xml:33(para)
8252
#: serverguide/C/samba.xml:33(para)
8247
8253
msgid ""
8248
8254
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
8249
8255
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
8254
8260
"(SMB) facilita lo partiment de fichièrs, de dorsièrs, de volums, e le "
8255
8261
"partiment de las estampadoiras sus la ret."
8256
8262
8257
#: serverguide/C/windows-networking.xml:39(para)
8263
#: serverguide/C/samba.xml:39(para)
8258
8264
msgid ""
8259
8265
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
8260
8266
"information about the computers and users of the network with such "
8267
8273
"class=\"registered\">Active Directory</trademark> de Microsoft (servicis "
8268
8274
"d'annuari)."
8269
8275
8270
#: serverguide/C/windows-networking.xml:46(para)
8276
#: serverguide/C/samba.xml:46(para)
8271
8277
msgid ""
8272
8278
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
8273
8279
"the identity of a computer or user of the network and determining the "
8281
8287
"amb l'ajuda d'aquestes principis e de tecnologias coma las permissions de "
8282
8288
"fichièrs, de politicas de grop e lo servici d'autentificacion Kerberos."
8283
8289
8284
#: serverguide/C/windows-networking.xml:54(para)
8290
#: serverguide/C/samba.xml:54(para)
8285
8291
msgid ""
8286
8292
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
8287
8293
"clients and share network resources among them. One of the principal pieces "
8294
8300
"en ret amb Windows es la seguida Samba compausada de las aplicacions e "
8295
8301
"espleches per servidor SMB."
8296
8302
8297
#: serverguide/C/windows-networking.xml:60(para)
8303
#: serverguide/C/samba.xml:60(para)
8298
8304
msgid ""
8299
8305
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
8300
8306
"of the common Samba use cases, and how to install and configure the "
8312
8318
msgid "File Server"
8313
8319
msgstr ""
8314
8320
8315
#: serverguide/C/windows-networking.xml:70(para)
8321
#: serverguide/C/samba.xml:70(para)
8316
8322
msgid ""
8317
8323
"One of the most common ways to network Ubuntu and Windows computers is to "
8318
8324
"configure Samba as a File Server. This section covers setting up a "
8323
8329
"l'installacion d'un servidor <application>Samba</application> pet partejar "
8324
8330
"de fichièrs amb de clients Windows."
8325
8331
8326
#: serverguide/C/windows-networking.xml:75(para)
8332
#: serverguide/C/samba.xml:75(para)
8327
8333
msgid ""
8328
8334
"The server will be configured to share files with any client on the network "
8329
8335
"without prompting for a password. If your environment requires stricter "
8334
8340
"contraròtles d'accès mai estricts, consultatz <xref linkend=\"samba-"
8335
8341
"fileprint-security\"/>"
8336
8342
8337
#: serverguide/C/windows-networking.xml:83(para)
8343
#: serverguide/C/samba.xml:83(para)
8338
8344
msgid ""
8339
8345
"The first step is to install the <application>samba</application> package. "
8340
8346
"From a terminal prompt enter:"
8342
8348
"La primièra etapa consistís a installar lo paquet "
8343
8349
"<application>samba</application>. Dins un terminal picatz :"
8344
8350
8345
#: serverguide/C/windows-networking.xml:88(command) serverguide/C/windows-networking.xml:304(command)
8351
#: serverguide/C/samba.xml:88(command) serverguide/C/samba.xml:304(command)
8346
8352
msgid "sudo apt-get install samba"
8347
8353
msgstr "sudo apt-get install samba"
8348
8354
8349
#: serverguide/C/windows-networking.xml:91(para)
8355
#: serverguide/C/samba.xml:91(para)
8350
8356
msgid ""
8351
8357
"That's all there is to it; you are now ready to configure Samba to share "
8352
8358
"files."
8354
8360
"Es tot çò que vos cal far. Ara, sètz prèst a configurar Samba per partejar "
8355
8361
"de fichièrs."
8356
8362
8357
#: serverguide/C/windows-networking.xml:99(para)
8363
#: serverguide/C/samba.xml:99(para)
8358
8364
msgid ""
8359
8365
"The main Samba configuration file is located in "
8360
8366
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
8366
8372
"defaut es amplament comentat per explicar las nombrosas directivas de "
8367
8373
"configuracion."
8368
8374
8369
#: serverguide/C/windows-networking.xml:104(para)
8375
#: serverguide/C/samba.xml:104(para)
8370
8376
msgid ""
8371
8377
"Not all the available options are included in the default configuration "
8372
8378
"file. See the <filename>smb.conf</filename><application>man</application> "
8379
8385
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\"> Samba HOWTO "
8380
8386
"Colleccion (en)</ ulink> per mai de detalhs."
8381
8387
8382
#: serverguide/C/windows-networking.xml:113(para)
8388
#: serverguide/C/samba.xml:113(para)
8383
8389
msgid ""
8384
8390
"First, edit the following key/value pairs in the "
8385
8391
"<emphasis>[global]</emphasis> section of "
8388
8394
"D'en primièr, modificatz los parèlhs clau/valor seguentas dins la seccion "
8389
8395
"<emphasis>[global]</emphasis> de <filename>/etc/samba/smb.conf</filename> :"
8390
8396
8391
#: serverguide/C/windows-networking.xml:118(programlisting) serverguide/C/windows-networking.xml:316(programlisting) serverguide/C/windows-networking.xml:784(programlisting) serverguide/C/windows-networking.xml:1023(programlisting)
8397
#: serverguide/C/samba.xml:118(programlisting) serverguide/C/samba.xml:316(programlisting) serverguide/C/samba.xml:784(programlisting) serverguide/C/samba.xml:1023(programlisting)
8392
8398
#, no-wrap
8393
8399
msgid ""
8394
8400
"\n"
8401
8407
" ... \n"
8402
8408
" security = user\n"
8403
8409
8404
#: serverguide/C/windows-networking.xml:124(para)
8410
#: serverguide/C/samba.xml:124(para)
8405
8411
msgid ""
8406
8412
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
8407
8413
"section, and is commented by default. Also, change "
8411
8417
"[global] es comentat per defaut. Modificatz tanben <emphasis>EXEMPLE</ "
8412
8418
"emphasis> per l'adaptar a vòstre environament."
8413
8419
8414
#: serverguide/C/windows-networking.xml:132(para)
8420
#: serverguide/C/samba.xml:132(para)
8415
8421
msgid ""
8416
8422
"Create a new section at the bottom of the file, or uncomment one of the "
8417
8423
"examples, for the directory to be shared:"
8419
8425
"Creatz una seccion novèla a la fin del fichièr (o descomentatz un dels "
8420
8426
"exemples) pel dorsièr de partejar :"
8421
8427
8422
#: serverguide/C/windows-networking.xml:136(programlisting)
8428
#: serverguide/C/samba.xml:136(programlisting)
8423
8429
#, no-wrap
8424
8430
msgid ""
8425
8431
"\n"
8440
8446
"read only = no\n"
8441
8447
"create mask = 0755\n"
8442
8448
8443
#: serverguide/C/windows-networking.xml:148(para)
8449
#: serverguide/C/samba.xml:148(para)
8444
8450
msgid ""
8445
8451
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
8446
8452
"fit your needs."
8448
8454
"<emphasis>comment :</emphasis> una brèva descripcion del partiment. Adaptatz-"
8449
8455
"lo a vòstres besonhs."
8450
8456
8451
#: serverguide/C/windows-networking.xml:153(para)
8457
#: serverguide/C/samba.xml:153(para)
8452
8458
msgid "<emphasis>path:</emphasis> the path to the directory to share."
8453
8459
msgstr "<emphasis>path :</emphasis> l'emplaçament del dorsièr de partejar."
8454
8460
8455
#: serverguide/C/windows-networking.xml:156(para)
8461
#: serverguide/C/samba.xml:156(para)
8456
8462
msgid ""
8457
8463
"This example uses <filename>/srv/samba/sharename</filename> because, "
8458
8464
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
8472
8478
"tant que las permissions son corrèctas, mas lo respièch dels estandards es "
8473
8479
"recomandat."
8474
8480
8475
#: serverguide/C/windows-networking.xml:165(para)
8481
#: serverguide/C/samba.xml:165(para)
8476
8482
msgid ""
8477
8483
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
8478
8484
"directory using <application>Windows Explorer</application>."
8481
8487
"repertòri partejat en utilizant l'<application>explorador de fichièrs de "
8482
8488
"Windows</application>."
8483
8489
8484
#: serverguide/C/windows-networking.xml:171(para)
8490
#: serverguide/C/samba.xml:171(para)
8485
8491
msgid ""
8486
8492
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
8487
8493
"without supplying a password."
8489
8495
"<emphasis>guest ok :</emphasis> permet als clients de se connectar al "
8490
8496
"repertòri partejat sens provesir de senhal."
8491
8497
8492
#: serverguide/C/windows-networking.xml:176(para)
8498
#: serverguide/C/samba.xml:176(para)
8493
8499
msgid ""
8494
8500
"<emphasis>read only:</emphasis> determines if the share is read only or if "
8495
8501
"write privileges are granted. Write privileges are allowed only when the "
8502
8508
"dins aqueste exemple, se la valor es <emphasis>yes</emphasis>, alara l'accès "
8503
8509
"al partimente es en lectura sola."
8504
8510
8505
#: serverguide/C/windows-networking.xml:181(para)
8511
#: serverguide/C/samba.xml:181(para)
8506
8512
msgid ""
8507
8513
"<emphasis>create mask:</emphasis> determines the permissions new files will "
8508
8514
"have when created."
8510
8516
"<emphasis>create mask :</emphasis> determina las permissions dels fichièrs "
8511
8517
"creats novèlament."
8512
8518
8513
#: serverguide/C/windows-networking.xml:190(para)
8519
#: serverguide/C/samba.xml:190(para)
8514
8520
msgid ""
8515
8521
"Now that <application>Samba</application> is configured, the directory needs "
8516
8522
"to be created and the permissions changed. From a terminal enter:"
8518
8524
"Ara que <application>Samba</application> es configurat, lo repertòri deu "
8519
8525
"èsser creat e las permissions modificadas. Dempuèi un terminal, picatz :"
8520
8526
8521
#: serverguide/C/windows-networking.xml:196(command)
8527
#: serverguide/C/samba.xml:196(command)
8522
8528
msgid "sudo mkdir -p /srv/samba/share"
8523
8529
msgstr "sudo mkdir -p /srv/samba/share"
8524
8530
8525
#: serverguide/C/windows-networking.xml:197(command)
8531
#: serverguide/C/samba.xml:197(command)
8526
8532
msgid "sudo chown nobody:nogroup /srv/samba/share/"
8527
8533
msgstr ""
8528
8534
8529
#: serverguide/C/windows-networking.xml:201(para)
8535
#: serverguide/C/samba.xml:201(para)
8530
8536
msgid ""
8531
8537
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
8532
8538
"directory tree if it doesn't exist."
8533
8539
msgstr ""
8534
8540
8535
#: serverguide/C/windows-networking.xml:209(para)
8541
#: serverguide/C/samba.xml:209(para)
8536
8542
msgid ""
8537
8543
"Finally, restart the <application>samba</application> services to enable the "
8538
8544
"new configuration:"
8540
8546
"Per acabar, reaviatz los servicis <application>samba</application> per "
8541
8547
"activar la configuracion novèla :"
8542
8548
8543
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8549
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4114(command)
8544
8550
msgid "sudo restart smbd"
8545
8551
msgstr ""
8546
8552
8547
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8553
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2533(command) serverguide/C/network-auth.xml:4115(command)
8548
8554
msgid "sudo restart nmbd"
8549
8555
msgstr ""
8550
8556
8551
#: serverguide/C/windows-networking.xml:222(para)
8557
#: serverguide/C/samba.xml:222(para)
8552
8558
msgid ""
8553
8559
"Once again, the above configuration gives all access to any client on the "
8554
8560
"local network. For a more secure configuration see <xref linkend=\"samba-"
8558
8564
"quin que siá sus la ret locala. Per una configuracion mai securizada, "
8559
8565
"consultatz <xref linkend=\"samba-fileprint-security\"/>."
8560
8566
8561
#: serverguide/C/windows-networking.xml:228(para)
8567
#: serverguide/C/samba.xml:228(para)
8562
8568
msgid ""
8563
8569
"From a Windows client you should now be able to browse to the Ubuntu file "
8564
8570
"server and see the shared directory. If your client doesn't show your share "
8567
8573
"working try creating a directory from Windows."
8568
8574
msgstr ""
8569
8575
8570
#: serverguide/C/windows-networking.xml:232(para)
8576
#: serverguide/C/samba.xml:232(para)
8571
8577
msgid ""
8572
8578
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
8573
8579
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
8580
8586
"repertòri que volètz partejar existís e que possedís las permissions "
8581
8587
"necessàrias."
8582
8588
8583
#: serverguide/C/windows-networking.xml:239(para)
8589
#: serverguide/C/samba.xml:239(para)
8584
8590
msgid ""
8585
8591
"The file share named <emphasis>\"[share]\"</emphasis> and the path "
8586
8592
"<filename>/srv/samba/share</filename> are just examples. Adjust the share "
8590
8596
"<filename>/srv/samba/qa</filename>."
8591
8597
msgstr ""
8592
8598
8593
#: serverguide/C/windows-networking.xml:252(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:708(para) serverguide/C/windows-networking.xml:1104(para)
8599
#: serverguide/C/samba.xml:252(para) serverguide/C/samba.xml:351(para) serverguide/C/samba.xml:708(para) serverguide/C/samba.xml:1104(para)
8594
8600
msgid ""
8595
8601
"For in depth Samba configurations see the <ulink "
8596
8602
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
8600
8606
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">guidas "
8601
8607
"practics Samba (en)</ulink>"
8602
8608
8603
#: serverguide/C/windows-networking.xml:258(para) serverguide/C/windows-networking.xml:357(para) serverguide/C/windows-networking.xml:714(para) serverguide/C/windows-networking.xml:1110(para)
8609
#: serverguide/C/samba.xml:258(para) serverguide/C/samba.xml:357(para) serverguide/C/samba.xml:714(para) serverguide/C/samba.xml:1110(para)
8604
8610
msgid ""
8605
8611
"The guide is also available in <ulink "
8606
8612
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
8610
8616
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">format "
8611
8617
"papièr</ulink>."
8612
8618
8613
#: serverguide/C/windows-networking.xml:264(para) serverguide/C/windows-networking.xml:363(para)
8619
#: serverguide/C/samba.xml:264(para) serverguide/C/samba.xml:363(para)
8614
8620
msgid ""
8615
8621
"O'Reilly's <ulink "
8616
8622
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
8619
8625
"<ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using "
8620
8626
"Samba</ulink> d'O'Reilly es una autra bona font d'informacions."
8621
8627
8622
#: serverguide/C/windows-networking.xml:270(para) serverguide/C/windows-networking.xml:374(para) serverguide/C/windows-networking.xml:739(para) serverguide/C/windows-networking.xml:1134(para) serverguide/C/windows-networking.xml:1312(para)
8628
#: serverguide/C/samba.xml:270(para) serverguide/C/samba.xml:374(para) serverguide/C/samba.xml:739(para) serverguide/C/samba.xml:1134(para) serverguide/C/samba.xml:1312(para)
8623
8629
msgid ""
8624
8630
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
8625
8631
"</ulink> page."
8626
8632
msgstr ""
8627
8633
8628
#: serverguide/C/network-config.xml:908(para)
8634
#: serverguide/C/samba.xml:279(title) serverguide/C/network-config.xml:904(para)
8629
8635
msgid "Print Server"
8630
8636
msgstr ""
8631
8637
8632
#: serverguide/C/windows-networking.xml:281(para)
8638
#: serverguide/C/samba.xml:281(para)
8633
8639
msgid ""
8634
8640
"Another common use of Samba is to configure it to share printers installed, "
8635
8641
"either locally or over the network, on an Ubuntu server. Similar to <xref "
8643
8649
"configurar Samba per permetre a un client quin que siá sus la ret d'utilizar "
8644
8650
"las estampadoiras sens demanda de senhal."
8645
8651
8646
#: serverguide/C/windows-networking.xml:287(para)
8652
#: serverguide/C/samba.xml:287(para)
8647
8653
msgid ""
8648
8654
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
8649
8655
"security\"/>."
8651
8657
"Per una configuracion mai securizada, vejatz <xref linkend=\"samba-fileprint-"
8652
8658
"security\"/>."
8653
8659
8654
#: serverguide/C/windows-networking.xml:294(para)
8660
#: serverguide/C/samba.xml:294(para)
8655
8661
msgid ""
8656
8662
"Before installing and configuring Samba it is best to already have a working "
8657
8663
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
8661
8667
"installacion foncionala de <application>CUPS</application>. Vejatz <xref "
8662
8668
"linkend=\"cups\"/> per mai de detalhs."
8663
8669
8664
#: serverguide/C/windows-networking.xml:299(para)
8670
#: serverguide/C/samba.xml:299(para)
8665
8671
msgid ""
8666
8672
"To install the <application>samba</application> package, from a terminal "
8667
8673
"enter:"
8669
8675
"Per installar lo paquet <application>samba</application>, entratz la comanda "
8670
8676
"seguenta dempuèi un terminal :"
8671
8677
8672
#: serverguide/C/windows-networking.xml:310(para)
8678
#: serverguide/C/samba.xml:310(para)
8673
8679
msgid ""
8674
8680
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
8675
8681
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
8677
8683
"role=\"italic\">user</emphasis>:"
8678
8684
msgstr ""
8679
8685
8680
#: serverguide/C/windows-networking.xml:322(para)
8686
#: serverguide/C/samba.xml:322(para)
8681
8687
msgid ""
8682
8688
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
8683
8689
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
8685
8691
"Dins la seccion <emphasis>[printers]</emphasis>, metètz l'opcion "
8686
8692
"<emphasis>guest ok</emphasis> a <emphasis role=\"italic\">yes</emphasis> :"
8687
8693
8688
#: serverguide/C/windows-networking.xml:326(programlisting)
8694
#: serverguide/C/samba.xml:326(programlisting)
8689
8695
#, no-wrap
8690
8696
msgid ""
8691
8697
"\n"
8693
8699
" guest ok = yes\n"
8694
8700
msgstr ""
8695
8701
8696
#: serverguide/C/windows-networking.xml:331(para)
8702
#: serverguide/C/samba.xml:331(para)
8697
8703
msgid "After editing <filename>smb.conf</filename> restart Samba:"
8698
8704
msgstr "Reaviatz Samba aprèp aver modificat <filename>smb.conf</filename>"
8699
8705
8700
#: serverguide/C/windows-networking.xml:340(para)
8706
#: serverguide/C/samba.xml:340(para)
8701
8707
msgid ""
8702
8708
"The default Samba configuration will automatically share any printers "
8703
8709
"installed. Simply install the printer locally on your Windows clients."
8706
8712
"estampadoira installada. Installatz simplament l'estampadoira localament sus "
8707
8713
"vòstres clients Windows."
8708
8714
8709
#: serverguide/C/windows-networking.xml:369(para)
8715
#: serverguide/C/samba.xml:369(para)
8710
8716
msgid ""
8711
8717
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
8712
8718
"more information on configuring CUPS."
8718
8724
msgid "Securing File and Print Server"
8719
8725
msgstr ""
8720
8726
8721
#: serverguide/C/windows-networking.xml:386(title)
8727
#: serverguide/C/samba.xml:386(title)
8722
8728
msgid "Samba Security Modes"
8723
8729
msgstr "Perfils de seguretat de Samba"
8724
8730
8725
#: serverguide/C/windows-networking.xml:388(para)
8731
#: serverguide/C/samba.xml:388(para)
8726
8732
msgid ""
8727
8733
"There are two security levels available to the Common Internet Filesystem "
8728
8734
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
8737
8743
"quatre possibilitat de seguretat al nivèl de l'utilizaire mai una al nivèl "
8738
8744
"del partiment :"
8739
8745
8740
#: serverguide/C/windows-networking.xml:397(para)
8746
#: serverguide/C/samba.xml:397(para)
8741
8747
msgid ""
8742
8748
"<emphasis>security = user:</emphasis> requires clients to supply a username "
8743
8749
"and password to connect to shares. Samba user accounts are separate from "
8751
8757
"utilizaires e senhal del sistèma amb la banca de donadas dels utilizaires "
8752
8758
"Samba."
8753
8759
8754
#: serverguide/C/windows-networking.xml:404(para)
8760
#: serverguide/C/samba.xml:404(para)
8755
8761
msgid ""
8756
8762
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
8757
8763
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
8759
8765
"linkend=\"samba-dc\"/> for further information."
8760
8766
msgstr ""
8761
8767
8762
#: serverguide/C/windows-networking.xml:411(para)
8768
#: serverguide/C/samba.xml:411(para)
8763
8769
msgid ""
8764
8770
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
8765
8771
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
8766
8772
"integration\"/> for details."
8767
8773
msgstr ""
8768
8774
8769
#: serverguide/C/windows-networking.xml:417(para)
8775
#: serverguide/C/samba.xml:417(para)
8770
8776
msgid ""
8771
8777
"<emphasis>security = server:</emphasis> this mode is left over from before "
8772
8778
"Samba could become a member server, and due to some security issues should "
8775
8781
"of the Samba guide for more details."
8776
8782
msgstr ""
8777
8783
8778
#: serverguide/C/windows-networking.xml:425(para)
8784
#: serverguide/C/samba.xml:425(para)
8779
8785
msgid ""
8780
8786
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8781
8787
"without supplying a username and password."
8782
8788
msgstr ""
8783
8789
8784
#: serverguide/C/windows-networking.xml:432(para)
8790
#: serverguide/C/samba.xml:432(para)
8785
8791
msgid ""
8786
8792
"The security mode you choose will depend on your environment and what you "
8787
8793
"need the Samba server to accomplish."
8788
8794
msgstr ""
8789
8795
8790
#: serverguide/C/windows-networking.xml:438(title)
8796
#: serverguide/C/samba.xml:438(title)
8791
8797
msgid "Security = User"
8792
8798
msgstr "Security = User"
8793
8799
8794
#: serverguide/C/windows-networking.xml:440(para)
8800
#: serverguide/C/samba.xml:440(para)
8795
8801
msgid ""
8796
8802
"This section will reconfigure the Samba file and print server, from <xref "
8797
8803
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8798
8804
"require authentication."
8799
8805
msgstr ""
8800
8806
8801
#: serverguide/C/windows-networking.xml:445(para)
8807
#: serverguide/C/samba.xml:445(para)
8802
8808
msgid ""
8803
8809
"First, install the <application>libpam-smbpass</application> package which "
8804
8810
"will sync the system users to the Samba user database:"
8805
8811
msgstr ""
8806
8812
8807
#: serverguide/C/windows-networking.xml:451(command)
8813
#: serverguide/C/samba.xml:451(command)
8808
8814
msgid "sudo apt-get install libpam-smbpass"
8809
8815
msgstr "sudo apt-get install libpam-smbpass"
8810
8816
8811
#: serverguide/C/windows-networking.xml:455(para)
8817
#: serverguide/C/samba.xml:455(para)
8812
8818
msgid ""
8813
8819
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8814
8820
"<application>libpam-smbpass</application> is already installed."
8815
8821
msgstr ""
8816
8822
8817
#: serverguide/C/windows-networking.xml:461(para)
8823
#: serverguide/C/samba.xml:461(para)
8818
8824
msgid ""
8819
8825
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8820
8826
"<emphasis>[share]</emphasis> section change:"
8822
8828
"Modificatz la seccion <emphasis>[share]</emphasis> del fichièr "
8823
8829
"<filename>/etc/samba/smb.conf</filename> :"
8824
8830
8825
#: serverguide/C/windows-networking.xml:465(programlisting)
8831
#: serverguide/C/samba.xml:465(programlisting)
8826
8832
#, no-wrap
8827
8833
msgid ""
8828
8834
"\n"
8831
8837
"\n"
8832
8838
" guest ok = no\n"
8833
8839
8834
#: serverguide/C/windows-networking.xml:469(para)
8840
#: serverguide/C/samba.xml:469(para)
8835
8841
msgid "Finally, restart Samba for the new settings to take effect:"
8836
8842
msgstr ""
8837
8843
"Per acabar, reaviatz Samba per que los paramètres novèls sián preses en "
8838
8844
"compte :"
8839
8845
8840
#: serverguide/C/windows-networking.xml:478(para)
8846
#: serverguide/C/samba.xml:478(para)
8841
8847
msgid ""
8842
8848
"Now when connecting to the shared directories or printers you should be "
8843
8849
"prompted for a username and password."
8844
8850
msgstr ""
8845
8851
8846
#: serverguide/C/windows-networking.xml:483(para)
8852
#: serverguide/C/samba.xml:483(para)
8847
8853
msgid ""
8848
8854
"If you choose to map a network drive to the share you can check the "
8849
8855
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8850
8856
"enter the username and password once, at least until the password changes."
8851
8857
msgstr ""
8852
8858
8853
#: serverguide/C/windows-networking.xml:491(title)
8859
#: serverguide/C/samba.xml:491(title)
8854
8860
msgid "Share Security"
8855
8861
msgstr "Seguretat dels Partiments"
8856
8862
8857
#: serverguide/C/windows-networking.xml:493(para)
8863
#: serverguide/C/samba.xml:493(para)
8858
8864
msgid ""
8859
8865
"There are several options available to increase the security for each "
8860
8866
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8861
8867
"this section will cover some common options."
8862
8868
msgstr ""
8863
8869
8864
#: serverguide/C/windows-networking.xml:499(title)
8870
#: serverguide/C/samba.xml:499(title)
8865
8871
msgid "Groups"
8866
8872
msgstr "Gropes"
8867
8873
8868
#: serverguide/C/windows-networking.xml:501(para)
8874
#: serverguide/C/samba.xml:501(para)
8869
8875
msgid ""
8870
8876
"Groups define a collection of computers or users which have a common level "
8871
8877
"of access to particular network resources and offer a level of granularity "
8887
8893
"have only access to resources explicitly allowing the group they are part of."
8888
8894
msgstr ""
8889
8895
8890
#: serverguide/C/windows-networking.xml:515(para)
8896
#: serverguide/C/samba.xml:515(para)
8891
8897
msgid ""
8892
8898
"By default Samba looks for the local system groups defined in "
8893
8899
"<filename>/etc/group</filename> to determine which users belong to which "
8895
8901
"<xref linkend=\"adding-deleting-users\"/>."
8896
8902
msgstr ""
8897
8903
8898
#: serverguide/C/windows-networking.xml:521(para)
8904
#: serverguide/C/samba.xml:521(para)
8899
8905
msgid ""
8900
8906
"When defining groups in the Samba configuration file, "
8901
8907
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
8906
8912
"role=\"bold\">@sysadmin</emphasis>."
8907
8913
msgstr ""
8908
8914
8909
#: serverguide/C/windows-networking.xml:530(title)
8915
#: serverguide/C/samba.xml:530(title)
8910
8916
msgid "File Permissions"
8911
8917
msgstr "Dreches d'accès als fichièrs"
8912
8918
8913
#: serverguide/C/windows-networking.xml:532(para)
8919
#: serverguide/C/samba.xml:532(para)
8914
8920
msgid ""
8915
8921
"File Permissions define the explicit rights a computer or user has to a "
8916
8922
"particular directory, file, or set of files. Such permissions may be defined "
8918
8924
"the explicit permissions of a defined file share."
8919
8925
msgstr ""
8920
8926
8921
#: serverguide/C/windows-networking.xml:538(para)
8927
#: serverguide/C/samba.xml:538(para)
8922
8928
msgid ""
8923
8929
"For example, if you have defined a Samba share called "
8924
8930
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
8930
8936
"under the <emphasis>[share]</emphasis> entry:"
8931
8937
msgstr ""
8932
8938
8933
#: serverguide/C/windows-networking.xml:547(programlisting)
8939
#: serverguide/C/samba.xml:547(programlisting)
8934
8940
#, no-wrap
8935
8941
msgid ""
8936
8942
"\n"
8941
8947
" read list = @qa\n"
8942
8948
"write list = @sysadmin, vincent\n"
8943
8949
8944
#: serverguide/C/windows-networking.xml:552(para)
8950
#: serverguide/C/samba.xml:552(para)
8945
8951
msgid ""
8946
8952
"Another possible Samba permission is to declare "
8947
8953
"<emphasis>administrative</emphasis> permissions to a particular shared "
8950
8956
"administrative permissions to."
8951
8957
msgstr ""
8952
8958
8953
#: serverguide/C/windows-networking.xml:558(para)
8959
#: serverguide/C/samba.xml:558(para)
8954
8960
msgid ""
8955
8961
"For example, if you wanted to give the user <emphasis "
8956
8962
"role=\"italic\">melissa</emphasis> administrative permissions to the "
8959
8965
"under the <emphasis>[share]</emphasis> entry:"
8960
8966
msgstr ""
8961
8967
8962
#: serverguide/C/windows-networking.xml:565(programlisting)
8968
#: serverguide/C/samba.xml:565(programlisting)
8963
8969
#, no-wrap
8964
8970
msgid ""
8965
8971
"\n"
8968
8974
"\n"
8969
8975
" admin users = melissa\n"
8970
8976
8971
#: serverguide/C/windows-networking.xml:569(para)
8977
#: serverguide/C/samba.xml:569(para)
8972
8978
msgid ""
8973
8979
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
8974
8980
"the changes to take effect:"
8975
8981
msgstr ""
8976
8982
8977
#: serverguide/C/windows-networking.xml:579(para)
8983
#: serverguide/C/samba.xml:579(para)
8978
8984
msgid ""
8979
8985
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
8980
8986
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
8981
8987
"<emphasis role=\"italic\">security = share</emphasis>"
8982
8988
msgstr ""
8983
8989
8984
#: serverguide/C/windows-networking.xml:585(para)
8990
#: serverguide/C/samba.xml:585(para)
8985
8991
msgid ""
8986
8992
"Now that Samba has been configured to limit which groups have access to the "
8987
8993
"shared directory, the filesystem permissions need to be updated."
8988
8994
msgstr ""
8989
8995
8990
#: serverguide/C/windows-networking.xml:590(para)
8996
#: serverguide/C/samba.xml:590(para)
8991
8997
msgid ""
8992
8998
"Traditional Linux file permissions do not map well to Windows NT Access "
8993
8999
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
8996
9002
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
8997
9003
msgstr ""
8998
9004
8999
#: serverguide/C/windows-networking.xml:597(programlisting)
9005
#: serverguide/C/samba.xml:597(programlisting)
9000
9006
#, no-wrap
9001
9007
msgid ""
9002
9008
"\n"
9007
9013
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0 "
9008
9014
"1\n"
9009
9015
9010
#: serverguide/C/windows-networking.xml:601(para)
9016
#: serverguide/C/samba.xml:601(para)
9011
9017
msgid "Then remount the partition:"
9012
9018
msgstr "Puèi remontatz la particion :"
9013
9019
9014
#: serverguide/C/windows-networking.xml:606(command)
9020
#: serverguide/C/samba.xml:606(command)
9015
9021
msgid "sudo mount -v -o remount /srv"
9016
9022
msgstr "sudo mount -v -o remount /srv"
9017
9023
9018
#: serverguide/C/windows-networking.xml:610(para)
9024
#: serverguide/C/samba.xml:610(para)
9019
9025
msgid ""
9020
9026
"The above example assumes <filename>/srv</filename> on a separate partition. "
9021
9027
"If <filename>/srv</filename>, or wherever you have configured your share "
9023
9029
"required."
9024
9030
msgstr ""
9025
9031
9026
#: serverguide/C/windows-networking.xml:617(para)
9032
#: serverguide/C/samba.xml:617(para)
9027
9033
msgid ""
9028
9034
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
9029
9035
"group will be given read, write, and execute permissions to "
9032
9038
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
9033
9039
msgstr ""
9034
9040
9035
#: serverguide/C/windows-networking.xml:625(command)
9041
#: serverguide/C/samba.xml:625(command)
9036
9042
msgid "sudo chown -R melissa /srv/samba/share/"
9037
9043
msgstr "sudo chown -R melissa /srv/samba/share/"
9038
9044
9039
#: serverguide/C/windows-networking.xml:626(command)
9045
#: serverguide/C/samba.xml:626(command)
9040
9046
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
9041
9047
msgstr "sudo chgrp -R sysadmin /srv/samba/share/"
9042
9048
9043
#: serverguide/C/windows-networking.xml:627(command)
9049
#: serverguide/C/samba.xml:627(command)
9044
9050
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
9045
9051
msgstr "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
9046
9052
9047
#: serverguide/C/windows-networking.xml:631(para)
9053
#: serverguide/C/samba.xml:631(para)
9048
9054
msgid ""
9049
9055
"The <application>setfacl</application> command above gives "
9050
9056
"<emphasis>execute</emphasis> permissions to all files in the "
9052
9058
"want."
9053
9059
msgstr ""
9054
9060
9055
#: serverguide/C/windows-networking.xml:637(para)
9061
#: serverguide/C/samba.xml:637(para)
9056
9062
msgid ""
9057
9063
"Now from a Windows client you should notice the new file permissions are "
9058
9064
"implemented. See the <application>acl</application> and "
9060
9066
"ACLs."
9061
9067
msgstr ""
9062
9068
9063
#: serverguide/C/windows-networking.xml:645(title)
9069
#: serverguide/C/samba.xml:645(title)
9064
9070
msgid "Samba AppArmor Profile"
9065
9071
msgstr "Perfil AppArmor per Samba"
9066
9072
9067
#: serverguide/C/windows-networking.xml:647(para)
9073
#: serverguide/C/samba.xml:647(para)
9068
9074
msgid ""
9069
9075
"Ubuntu comes with the <application>AppArmor</application> security module, "
9070
9076
"which provides mandatory access controls. The default AppArmor profile for "
9072
9078
"using AppArmor see <xref linkend=\"apparmor\"/>."
9073
9079
msgstr ""
9074
9080
9075
#: serverguide/C/windows-networking.xml:653(para)
9081
#: serverguide/C/samba.xml:653(para)
9076
9082
msgid ""
9077
9083
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
9078
9084
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
9080
9086
"package, from a terminal prompt enter:"
9081
9087
msgstr ""
9082
9088
9083
#: serverguide/C/windows-networking.xml:660(command)
9089
#: serverguide/C/samba.xml:660(command)
9084
9090
msgid "sudo apt-get install apparmor-profiles apparmor-utils"
9085
9091
msgstr ""
9086
9092
9087
#: serverguide/C/windows-networking.xml:664(para)
9093
#: serverguide/C/samba.xml:664(para)
9088
9094
msgid "This package contains profiles for several other binaries."
9089
9095
msgstr ""
9090
9096
9091
#: serverguide/C/windows-networking.xml:669(para)
9097
#: serverguide/C/samba.xml:669(para)
9092
9098
msgid ""
9093
9099
"By default the profiles for <application>smbd</application> and "
9094
9100
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
9098
9104
"profile will need to be modified to reflect any directories that are shared."
9099
9105
msgstr ""
9100
9106
9101
#: serverguide/C/windows-networking.xml:676(para)
9107
#: serverguide/C/samba.xml:676(para)
9102
9108
msgid ""
9103
9109
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
9104
9110
"for <emphasis>[share]</emphasis> from the file server example:"
9105
9111
msgstr ""
9106
9112
9107
#: serverguide/C/windows-networking.xml:681(programlisting)
9113
#: serverguide/C/samba.xml:681(programlisting)
9108
9114
#, no-wrap
9109
9115
msgid ""
9110
9116
"\n"
9115
9121
" /srv/samba/share/ r,\n"
9116
9122
"/srv/samba/share/** rwkix,\n"
9117
9123
9118
#: serverguide/C/windows-networking.xml:686(para)
9124
#: serverguide/C/samba.xml:686(para)
9119
9125
msgid ""
9120
9126
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
9121
9127
msgstr ""
9122
9128
9123
#: serverguide/C/windows-networking.xml:691(command)
9129
#: serverguide/C/samba.xml:691(command)
9124
9130
msgid "sudo aa-enforce /usr/sbin/smbd"
9125
9131
msgstr "sudo aa-enforce /usr/sbin/smbd"
9126
9132
9127
#: serverguide/C/windows-networking.xml:692(command)
9133
#: serverguide/C/samba.xml:692(command)
9128
9134
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
9129
9135
msgstr "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
9130
9136
9131
#: serverguide/C/windows-networking.xml:695(para)
9137
#: serverguide/C/samba.xml:695(para)
9132
9138
msgid ""
9133
9139
"You should now be able to read, write, and execute files in the shared "
9134
9140
"directory as normal, and the <application>smbd</application> binary will "
9137
9143
"will be logged to <filename>/var/log/syslog</filename>."
9138
9144
msgstr ""
9139
9145
9140
#: serverguide/C/windows-networking.xml:720(para) serverguide/C/windows-networking.xml:1116(para)
9146
#: serverguide/C/samba.xml:720(para) serverguide/C/samba.xml:1116(para)
9141
9147
msgid ""
9142
9148
"O'Reilly's <ulink "
9143
9149
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
9144
9150
"also a good reference."
9145
9151
msgstr ""
9146
9152
9147
#: serverguide/C/windows-networking.xml:726(para)
9153
#: serverguide/C/samba.xml:726(para)
9148
9154
msgid ""
9149
9155
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
9150
9156
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
9151
9157
"security."
9152
9158
msgstr ""
9153
9159
9154
#: serverguide/C/windows-networking.xml:732(para)
9160
#: serverguide/C/samba.xml:732(para)
9155
9161
msgid ""
9156
9162
"For more information on Samba and ACLs see the <ulink "
9157
9163
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
9162
9168
msgid "As a Domain Controller"
9163
9169
msgstr ""
9164
9170
9165
#: serverguide/C/windows-networking.xml:750(para)
9171
#: serverguide/C/samba.xml:750(para)
9166
9172
msgid ""
9167
9173
"Although it cannot act as an Active Directory Primary Domain Controller "
9168
9174
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
9171
9177
"backends to store the user information."
9172
9178
msgstr ""
9173
9179
9174
#: serverguide/C/windows-networking.xml:757(title)
9180
#: serverguide/C/samba.xml:757(title)
9175
9181
msgid "Primary Domain Controller"
9176
9182
msgstr "Contrarotlador principal de domeni"
9177
9183
9178
#: serverguide/C/windows-networking.xml:759(para)
9184
#: serverguide/C/samba.xml:759(para)
9179
9185
msgid ""
9180
9186
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
9181
9187
"using the default smbpasswd backend."
9182
9188
msgstr ""
9183
9189
9184
#: serverguide/C/windows-networking.xml:766(para)
9190
#: serverguide/C/samba.xml:766(para)
9185
9191
msgid ""
9186
9192
"First, install Samba, and <application>libpam-smbpass</application> to sync "
9187
9193
"the user accounts, by entering the following in a terminal prompt:"
9188
9194
msgstr ""
9189
9195
9190
#: serverguide/C/windows-networking.xml:772(command) serverguide/C/windows-networking.xml:1013(command)
9196
#: serverguide/C/samba.xml:772(command) serverguide/C/samba.xml:1013(command)
9191
9197
msgid "sudo apt-get install samba libpam-smbpass"
9192
9198
msgstr "sudo apt-get install samba libpam-smbpass"
9193
9199
9194
#: serverguide/C/windows-networking.xml:778(para)
9200
#: serverguide/C/samba.xml:778(para)
9195
9201
msgid ""
9196
9202
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
9197
9203
"The <emphasis>security</emphasis> mode should be set to <emphasis "
9199
9205
"should relate to your organization:"
9200
9206
msgstr ""
9201
9207
9202
#: serverguide/C/windows-networking.xml:793(para)
9208
#: serverguide/C/samba.xml:793(para)
9203
9209
msgid ""
9204
9210
"In the commented <quote>Domains</quote> section add or uncomment the "
9205
9211
"following (the last line has been split to fit the format of this document):"
9206
9212
msgstr ""
9207
9213
9208
#: serverguide/C/windows-networking.xml:797(programlisting)
9214
#: serverguide/C/samba.xml:797(programlisting)
9209
9215
#, no-wrap
9210
9216
msgid ""
9211
9217
"\n"
9218
9224
" /var/lib/samba -s /bin/false %u\n"
9219
9225
msgstr ""
9220
9226
9221
#: serverguide/C/windows-networking.xml:808(para)
9227
#: serverguide/C/samba.xml:808(para)
9222
9228
msgid ""
9223
9229
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
9224
9230
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
9225
9231
"commented."
9226
9232
msgstr ""
9227
9233
9228
#: serverguide/C/windows-networking.xml:816(para)
9234
#: serverguide/C/samba.xml:816(para)
9229
9235
msgid ""
9230
9236
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
9231
9237
"Samba to act as a domain controller."
9233
9239
"<emphasis>domain logons :</emphasis> permet a Samba d'agir coma un "
9234
9240
"contrarotlador de domeni"
9235
9241
9236
#: serverguide/C/windows-networking.xml:821(para)
9242
#: serverguide/C/samba.xml:821(para)
9237
9243
msgid ""
9238
9244
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
9239
9245
"their home directory. It is also possible to configure a "
9241
9247
"directory."
9242
9248
msgstr ""
9243
9249
9244
#: serverguide/C/windows-networking.xml:827(para)
9250
#: serverguide/C/samba.xml:827(para)
9245
9251
msgid ""
9246
9252
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9247
9253
msgstr ""
9248
9254
9249
#: serverguide/C/windows-networking.xml:832(para)
9255
#: serverguide/C/samba.xml:832(para)
9250
9256
msgid ""
9251
9257
"<emphasis>logon home:</emphasis> specifies the home directory location."
9252
9258
msgstr ""
9253
9259
9254
#: serverguide/C/windows-networking.xml:837(para)
9260
#: serverguide/C/samba.xml:837(para)
9255
9261
msgid ""
9256
9262
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9257
9263
"once a user has logged in. The script needs to be placed in the "
9258
9264
"<emphasis>[netlogon]</emphasis> share."
9259
9265
msgstr ""
9260
9266
9261
#: serverguide/C/windows-networking.xml:843(para)
9267
#: serverguide/C/samba.xml:843(para)
9262
9268
msgid ""
9263
9269
"<emphasis>add machine script:</emphasis> a script that will automatically "
9264
9270
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9265
9271
"workstation to join the domain."
9266
9272
msgstr ""
9267
9273
9268
#: serverguide/C/windows-networking.xml:847(para)
9274
#: serverguide/C/samba.xml:847(para)
9269
9275
msgid ""
9270
9276
"In this example the <emphasis>machines</emphasis> group will need to be "
9271
9277
"created using the <application>addgroup</application> utility see <xref "
9272
9278
"linkend=\"adding-deleting-users\"/> for details."
9273
9279
msgstr ""
9274
9280
9275
#: serverguide/C/windows-networking.xml:858(para)
9281
#: serverguide/C/samba.xml:858(para)
9276
9282
msgid ""
9277
9283
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9278
9284
"role=\"italic\">logon home</emphasis> to be mapped:"
9279
9285
msgstr ""
9280
9286
9281
#: serverguide/C/windows-networking.xml:863(programlisting)
9287
#: serverguide/C/samba.xml:863(programlisting)
9282
9288
#, no-wrap
9283
9289
msgid ""
9284
9290
"\n"
9299
9305
" directory mask = 0700\n"
9300
9306
" valid users = %S\n"
9301
9307
9302
#: serverguide/C/windows-networking.xml:876(para)
9308
#: serverguide/C/samba.xml:876(para)
9303
9309
msgid ""
9304
9310
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
9305
9311
"share needs to be configured. To enable the share, uncomment:"
9306
9312
msgstr ""
9307
9313
9308
#: serverguide/C/windows-networking.xml:881(programlisting)
9314
#: serverguide/C/samba.xml:881(programlisting)
9309
9315
#, no-wrap
9310
9316
msgid ""
9311
9317
"\n"
9324
9330
"read only = yes\n"
9325
9331
"share modes = no\n"
9326
9332
9327
#: serverguide/C/windows-networking.xml:891(para)
9333
#: serverguide/C/samba.xml:891(para)
9328
9334
msgid ""
9329
9335
"The original <emphasis>netlogon</emphasis> share path is "
9330
9336
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
9333
9339
"location for site-specific data provided by the system."
9334
9340
msgstr ""
9335
9341
9336
#: serverguide/C/windows-networking.xml:902(para)
9342
#: serverguide/C/samba.xml:902(para)
9337
9343
msgid ""
9338
9344
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
9339
9345
"and an empty (for now) <filename>logon.cmd</filename> script file:"
9340
9346
msgstr ""
9341
9347
9342
#: serverguide/C/windows-networking.xml:908(command)
9348
#: serverguide/C/samba.xml:908(command)
9343
9349
msgid "sudo mkdir -p /srv/samba/netlogon"
9344
9350
msgstr "sudo mkdir -p /srv/samba/netlogon"
9345
9351
9346
#: serverguide/C/windows-networking.xml:909(command)
9352
#: serverguide/C/samba.xml:909(command)
9347
9353
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9348
9354
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9349
9355
9350
#: serverguide/C/windows-networking.xml:912(para)
9356
#: serverguide/C/samba.xml:912(para)
9351
9357
msgid ""
9352
9358
"You can enter any normal Windows logon script commands in "
9353
9359
"<filename>logon.cmd</filename> to customize the client's environment."
9354
9360
msgstr ""
9355
9361
9356
#: serverguide/C/windows-networking.xml:920(para)
9362
#: serverguide/C/samba.xml:920(para)
9357
9363
msgid "Restart Samba to enable the new domain controller:"
9358
9364
msgstr ""
9359
9365
9360
#: serverguide/C/windows-networking.xml:932(para)
9366
#: serverguide/C/samba.xml:932(para)
9361
9367
msgid ""
9362
9368
"Lastly, there are a few additional commands needed to setup the appropriate "
9363
9369
"rights."
9364
9370
msgstr ""
9365
9371
9366
#: serverguide/C/windows-networking.xml:936(para)
9372
#: serverguide/C/samba.xml:936(para)
9367
9373
msgid ""
9368
9374
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9369
9375
"workstation to the domain, a system group needs to be mapped to the Windows "
9371
9377
"<application>net</application> utility, from a terminal enter:"
9372
9378
msgstr ""
9373
9379
9374
#: serverguide/C/windows-networking.xml:943(command)
9380
#: serverguide/C/samba.xml:943(command)
9375
9381
msgid ""
9376
9382
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9377
9383
"type=d"
9379
9385
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
9380
9386
"type=d"
9381
9387
9382
#: serverguide/C/windows-networking.xml:947(para)
9388
#: serverguide/C/samba.xml:947(para)
9383
9389
msgid ""
9384
9390
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
9385
9391
"prefer. Also, the user used to join the domain needs to be a member of the "
9388
9394
"allows <application>sudo</application> use."
9389
9395
msgstr ""
9390
9396
9391
#: serverguide/C/windows-networking.xml:953(para)
9397
#: serverguide/C/samba.xml:953(para)
9392
9398
msgid ""
9393
9399
"If the user does not have Samba credentials yet, you can add them with the "
9394
9400
"<application>smbpasswd</application> utility, change the "
9397
9403
"</screen>"
9398
9404
msgstr ""
9399
9405
9400
#: serverguide/C/windows-networking.xml:963(para)
9406
#: serverguide/C/samba.xml:963(para)
9401
9407
msgid ""
9402
9408
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9403
9409
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9404
9410
"(and other admin functions) to work. This is achieved by executing:"
9405
9411
msgstr ""
9406
9412
9407
#: serverguide/C/windows-networking.xml:968(command)
9413
#: serverguide/C/samba.xml:968(command)
9408
9414
msgid ""
9409
9415
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9410
9416
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9411
9417
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9412
9418
msgstr ""
9413
9419
9414
#: serverguide/C/windows-networking.xml:976(para)
9420
#: serverguide/C/samba.xml:976(para)
9415
9421
msgid ""
9416
9422
"You should now be able to join Windows clients to the Domain in the same "
9417
9423
"manner as joining them to an NT4 domain running on a Windows server."
9418
9424
msgstr ""
9419
9425
9420
#: serverguide/C/windows-networking.xml:986(title)
9426
#: serverguide/C/samba.xml:986(title)
9421
9427
msgid "Backup Domain Controller"
9422
9428
msgstr "Contrarotlador segondari de domeni"
9423
9429
9424
#: serverguide/C/windows-networking.xml:988(para)
9430
#: serverguide/C/samba.xml:988(para)
9425
9431
msgid ""
9426
9432
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9427
9433
"Backup Domain Controller (BDC) as well. This will allow clients to "
9428
9434
"authenticate in case the PDC becomes unavailable."
9429
9435
msgstr ""
9430
9436
9431
#: serverguide/C/windows-networking.xml:993(para)
9437
#: serverguide/C/samba.xml:993(para)
9432
9438
msgid ""
9433
9439
"When configuring Samba as a BDC you need a way to sync account information "
9434
9440
"with the PDC. There are multiple ways of accomplishing this "
9437
9443
"backend</emphasis>."
9438
9444
msgstr ""
9439
9445
9440
#: serverguide/C/windows-networking.xml:999(para)
9446
#: serverguide/C/samba.xml:999(para)
9441
9447
msgid ""
9442
9448
"Using LDAP is the most robust way to sync account information, because both "
9443
9449
"domain controllers can use the same information in real time. However, "
9445
9451
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
9446
9452
msgstr ""
9447
9453
9448
#: serverguide/C/windows-networking.xml:1008(para)
9454
#: serverguide/C/samba.xml:1008(para)
9449
9455
msgid ""
9450
9456
"First, install <application>samba</application> and <application>libpam-"
9451
9457
"smbpass</application>. From a terminal enter:"
9453
9459
"Per començar, installatz <application>samba</application> e "
9454
9460
"<application>libpam-smbpass</application>. Picatz dins un terminal :"
9455
9461
9456
#: serverguide/C/windows-networking.xml:1019(para)
9462
#: serverguide/C/samba.xml:1019(para)
9457
9463
msgid ""
9458
9464
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
9459
9465
"following in the <emphasis>[global]</emphasis>:"
9460
9466
msgstr ""
9461
9467
9462
#: serverguide/C/windows-networking.xml:1032(para)
9468
#: serverguide/C/samba.xml:1032(para)
9463
9469
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
9464
9470
msgstr ""
9465
9471
9466
#: serverguide/C/windows-networking.xml:1036(programlisting)
9472
#: serverguide/C/samba.xml:1036(programlisting)
9467
9473
#, no-wrap
9468
9474
msgid ""
9469
9475
"\n"
9474
9480
" domain logons = yes\n"
9475
9481
" domain master = no\n"
9476
9482
9477
#: serverguide/C/windows-networking.xml:1044(para)
9483
#: serverguide/C/samba.xml:1044(para)
9478
9484
msgid ""
9479
9485
"Make sure a user has rights to read the files in "
9480
9486
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
9482
9488
"files, enter:"
9483
9489
msgstr ""
9484
9490
9485
#: serverguide/C/windows-networking.xml:1050(command)
9491
#: serverguide/C/samba.xml:1050(command)
9486
9492
msgid "sudo chgrp -R admin /var/lib/samba"
9487
9493
msgstr "sudo chgrp -R admin /var/lib/samba"
9488
9494
9489
#: serverguide/C/windows-networking.xml:1056(para)
9495
#: serverguide/C/samba.xml:1056(para)
9490
9496
msgid ""
9491
9497
"Next, sync the user accounts, using <application>scp</application> to copy "
9492
9498
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9493
9499
msgstr ""
9494
9500
9495
#: serverguide/C/windows-networking.xml:1062(command)
9501
#: serverguide/C/samba.xml:1062(command)
9496
9502
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9497
9503
msgstr "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9498
9504
9499
#: serverguide/C/windows-networking.xml:1066(para)
9505
#: serverguide/C/samba.xml:1066(para)
9500
9506
msgid ""
9501
9507
"Replace <emphasis>username</emphasis> with a valid username and "
9502
9508
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9503
9509
msgstr ""
9504
9510
9505
#: serverguide/C/windows-networking.xml:1075(para)
9511
#: serverguide/C/samba.xml:1075(para)
9506
9512
msgid "Finally, restart <application>samba</application>:"
9507
9513
msgstr ""
9508
9514
9509
#: serverguide/C/windows-networking.xml:1087(para)
9515
#: serverguide/C/samba.xml:1087(para)
9510
9516
msgid ""
9511
9517
"You can test that your Backup Domain controller is working by stopping the "
9512
9518
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9513
9519
"the domain."
9514
9520
msgstr ""
9515
9521
9516
#: serverguide/C/windows-networking.xml:1092(para)
9522
#: serverguide/C/samba.xml:1092(para)
9517
9523
msgid ""
9518
9524
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9519
9525
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9522
9528
"home</emphasis> to reside on a separate file server from the PDC and BDC."
9523
9529
msgstr ""
9524
9530
9525
#: serverguide/C/windows-networking.xml:1122(para)
9531
#: serverguide/C/samba.xml:1122(para)
9526
9532
msgid ""
9527
9533
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
9528
9534
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
9529
9535
"up a Primary Domain Controller."
9530
9536
msgstr ""
9531
9537
9532
#: serverguide/C/windows-networking.xml:1128(para)
9538
#: serverguide/C/samba.xml:1128(para)
9533
9539
msgid ""
9534
9540
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
9535
9541
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
9540
9546
msgid "Active Directory Integration"
9541
9547
msgstr ""
9542
9548
9543
#: serverguide/C/windows-networking.xml:1146(title)
9549
#: serverguide/C/samba.xml:1146(title)
9544
9550
msgid "Accessing a Samba Share"
9545
9551
msgstr "Accedir a un partiment Samba"
9546
9552
9547
#: serverguide/C/windows-networking.xml:1148(para)
9553
#: serverguide/C/samba.xml:1148(para)
9548
9554
msgid ""
9549
9555
"Another, use for Samba is to integrate into an existing Windows network. "
9550
9556
"Once part of an Active Directory domain, Samba can provide file and print "
9560
9566
"Likewise Open documentation</ulink>."
9561
9567
msgstr ""
9562
9568
9563
#: serverguide/C/windows-networking.xml:1159(para)
9569
#: serverguide/C/samba.xml:1159(para)
9564
9570
msgid ""
9565
9571
"Once part of the Active Directory domain, enter the following command in the "
9566
9572
"terminal prompt:"
9567
9573
msgstr ""
9568
9574
9569
#: serverguide/C/windows-networking.xml:1164(command)
9575
#: serverguide/C/samba.xml:1164(command)
9570
9576
msgid "sudo apt-get install samba smbfs smbclient"
9571
9577
msgstr "sudo apt-get install samba smbfs smbclient"
9572
9578
9573
#: serverguide/C/windows-networking.xml:1167(para)
9579
#: serverguide/C/samba.xml:1167(para)
9574
9580
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
9575
9581
msgstr ""
9576
9582
9577
#: serverguide/C/windows-networking.xml:1171(programlisting)
9583
#: serverguide/C/samba.xml:1171(programlisting)
9578
9584
#, no-wrap
9579
9585
msgid ""
9580
9586
"\n"
9597
9603
"idmap uid = 50-9999999999\n"
9598
9604
"idmap gid = 50-9999999999\n"
9599
9605
9600
#: serverguide/C/windows-networking.xml:1182(para)
9606
#: serverguide/C/samba.xml:1182(para)
9601
9607
msgid ""
9602
9608
"Restart <application>samba</application> for the new settings to take effect:"
9603
9609
msgstr ""
9604
9610
9605
#: serverguide/C/windows-networking.xml:1191(para)
9611
#: serverguide/C/samba.xml:1191(para)
9606
9612
msgid ""
9607
9613
"You should now be able to access any <application>Samba</application> shares "
9608
9614
"from a Windows client. However, be sure to give the appropriate AD users or "
9610
9616
"security\"/> for more details."
9611
9617
msgstr ""
9612
9618
9613
#: serverguide/C/windows-networking.xml:1199(title)
9619
#: serverguide/C/samba.xml:1199(title)
9614
9620
msgid "Accessing a Windows Share"
9615
9621
msgstr "Accedir a un partiment Windows"
9616
9622
9617
#: serverguide/C/windows-networking.xml:1201(para)
9623
#: serverguide/C/samba.xml:1201(para)
9618
9624
msgid ""
9619
9625
"Now that the Samba server is part of the Active Directory domain you can "
9620
9626
"access any Windows server shares:"
9621
9627
msgstr ""
9622
9628
9623
#: serverguide/C/windows-networking.xml:1208(para)
9629
#: serverguide/C/samba.xml:1208(para)
9624
9630
msgid ""
9625
9631
"To mount a Windows file share enter the following in a terminal prompt:"
9626
9632
msgstr ""
9627
9633
9628
#: serverguide/C/windows-networking.xml:1212(command)
9634
#: serverguide/C/samba.xml:1212(command)
9629
9635
msgid "mount.cifs //fs01.example.com/share mount_point"
9630
9636
msgstr "mount.cifs //fs01.example.com/partage punt_de_montatge"
9631
9637
9632
#: serverguide/C/windows-networking.xml:1215(para)
9638
#: serverguide/C/samba.xml:1215(para)
9633
9639
msgid ""
9634
9640
"It is also possible to access shares on computers not part of an AD domain, "
9635
9641
"but a username and password will need to be provided."
9636
9642
msgstr ""
9637
9643
9638
#: serverguide/C/windows-networking.xml:1223(para)
9644
#: serverguide/C/samba.xml:1223(para)
9639
9645
msgid ""
9640
9646
"To mount the share during boot place an entry in "
9641
9647
"<filename>/etc/fstab</filename>, for example:"
9642
9648
msgstr ""
9643
9649
9644
#: serverguide/C/windows-networking.xml:1227(programlisting)
9650
#: serverguide/C/samba.xml:1227(programlisting)
9645
9651
#, no-wrap
9646
9652
msgid ""
9647
9653
"\n"
9652
9658
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
9653
9659
"0 0\n"
9654
9660
9655
#: serverguide/C/windows-networking.xml:1234(para)
9661
#: serverguide/C/samba.xml:1234(para)
9656
9662
msgid ""
9657
9663
"Another way to copy files from a Windows server is to use the "
9658
9664
"<application>smbclient</application> utility. To list the files in a Windows "
9659
9665
"share:"
9660
9666
msgstr ""
9661
9667
9662
#: serverguide/C/windows-networking.xml:1240(command)
9668
#: serverguide/C/samba.xml:1240(command)
9663
9669
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9664
9670
msgstr "smbclient //fs01.example.com/share -k -c \"ls\""
9665
9671
9666
#: serverguide/C/windows-networking.xml:1246(para)
9672
#: serverguide/C/samba.xml:1246(para)
9667
9673
msgid "To copy a file from the share, enter:"
9668
9674
msgstr ""
9669
9675
9670
#: serverguide/C/windows-networking.xml:1251(command)
9676
#: serverguide/C/samba.xml:1251(command)
9671
9677
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9672
9678
msgstr "smbclient //fs01.example.com/partage -k -c \"get fichièr.txt\""
9673
9679
9674
#: serverguide/C/windows-networking.xml:1254(para)
9680
#: serverguide/C/samba.xml:1254(para)
9675
9681
msgid ""
9676
9682
"This will copy the <filename>file.txt</filename> into the current directory."
9677
9683
msgstr ""
9678
9684
9679
#: serverguide/C/windows-networking.xml:1261(para)
9685
#: serverguide/C/samba.xml:1261(para)
9680
9686
msgid "And to copy a file to the share:"
9681
9687
msgstr "Per copiar un fichièr cap al partiment :"
9682
9688
9683
#: serverguide/C/windows-networking.xml:1266(command)
9689
#: serverguide/C/samba.xml:1266(command)
9684
9690
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9685
9691
msgstr "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9686
9692
9687
#: serverguide/C/windows-networking.xml:1269(para)
9693
#: serverguide/C/samba.xml:1269(para)
9688
9694
msgid ""
9689
9695
"This will copy the <filename>/etc/hosts</filename> to "
9690
9696
"<filename>//fs01.example.com/share/hosts</filename>."
9691
9697
msgstr ""
9692
9698
9693
#: serverguide/C/windows-networking.xml:1276(para)
9699
#: serverguide/C/samba.xml:1276(para)
9694
9700
msgid ""
9695
9701
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9696
9702
"<application>smbclient</application> command all at once. This is useful for "
9699
9705
"and directory commands, simply execute:"
9700
9706
msgstr ""
9701
9707
9702
#: serverguide/C/windows-networking.xml:1283(command)
9708
#: serverguide/C/samba.xml:1283(command)
9703
9709
msgid "smbclient //fs01.example.com/share -k"
9704
9710
msgstr "smbclient //fs01.example.com/partiment -k"
9705
9711
9706
#: serverguide/C/windows-networking.xml:1290(para)
9712
#: serverguide/C/samba.xml:1290(para)
9707
9713
msgid ""
9708
9714
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
9709
9715
"<emphasis>//192.168.0.5/share</emphasis>, "
9834
9840
"given the opportunity to describe the bug in your own words."
9835
9841
msgstr ""
9836
9842
9837
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:852(userinput)
9843
#: serverguide/C/reporting-bugs.xml:114(userinput) serverguide/C/backups.xml:858(userinput)
9838
9844
#, no-wrap
9839
9845
msgid "1"
9840
9846
msgstr "1"
10050
10056
"<application>Zentyal</application>."
10051
10057
msgstr ""
10052
10058
10053
#: serverguide/C/virtualization.xml:833(para) serverguide/C/remote-administration.xml:16(title)
10059
#: serverguide/C/remote-administration.xml:16(title)
10054
10060
msgid "OpenSSH Server"
10055
10061
msgstr ""
10056
10062
10325
10331
msgid "Preconfiguration"
10326
10332
msgstr ""
10327
10333
10328
#: serverguide/C/remote-administration.xml:256(para)
10334
#: serverguide/C/remote-administration.xml:236(para)
10329
10335
msgid ""
10330
10336
"Prior to configuring <application>puppet</application> you may want to add a "
10331
10337
"DNS <emphasis>CNAME</emphasis> record for "
10336
10342
"linkend=\"dns\"/> for more DNS details."
10337
10343
msgstr ""
10338
10344
10339
#: serverguide/C/remote-administration.xml:263(para)
10345
#: serverguide/C/remote-administration.xml:243(para)
10340
10346
msgid ""
10341
10347
"If you do not wish to use DNS, you can add entries to the server and client "
10342
10348
"<filename>/etc/hosts</filename> file. For example, in the "
10352
10358
"192.168.1.17 puppetclient.example.com puppetclient\n"
10353
10359
msgstr ""
10354
10360
10355
#: serverguide/C/remote-administration.xml:273(para)
10361
#: serverguide/C/remote-administration.xml:253(para)
10356
10362
msgid ""
10357
10363
"On each <application>Puppet</application> client, add an entry for the "
10358
10364
"server:"
10365
10371
"192.168.1.16 puppetmaster.example.com puppetmaster puppet\n"
10366
10372
msgstr ""
10367
10373
10368
#: serverguide/C/remote-administration.xml:282(para)
10374
#: serverguide/C/remote-administration.xml:262(para)
10369
10375
msgid ""
10370
10376
"Replace the example IP addresses and domain names above with your actual "
10371
10377
"server and client addresses and domain names."
10372
10378
msgstr ""
10373
10379
10374
#: serverguide/C/remote-administration.xml:236(para)
10380
#: serverguide/C/remote-administration.xml:271(para)
10375
10381
msgid ""
10376
10382
"To install <application>Puppet</application>, in a terminal on the "
10377
10383
"<emphasis>server</emphasis> enter:"
10378
10384
msgstr ""
10379
10385
10380
#: serverguide/C/remote-administration.xml:241(command)
10386
#: serverguide/C/remote-administration.xml:276(command)
10381
10387
msgid "sudo apt-get install puppetmaster"
10382
10388
msgstr ""
10383
10389
10384
#: serverguide/C/remote-administration.xml:244(para)
10390
#: serverguide/C/remote-administration.xml:279(para)
10385
10391
msgid "On the <emphasis>client</emphasis> machine, or machines, enter:"
10386
10392
msgstr ""
10387
10393
10388
#: serverguide/C/remote-administration.xml:249(command)
10394
#: serverguide/C/remote-administration.xml:284(command)
10389
10395
msgid "sudo apt-get install puppet"
10390
10396
msgstr ""
10391
10397
10442
10448
"<application>Puppet</application> client's host name."
10443
10449
msgstr ""
10444
10450
10445
#: serverguide/C/remote-administration.xml:323(para)
10451
#: serverguide/C/remote-administration.xml:337(para)
10446
10452
msgid ""
10447
10453
"The final step for this simple <application>Puppet</application> server is "
10448
10454
"to restart the daemon:"
10452
10458
msgid "sudo service puppetmaster restart"
10453
10459
msgstr ""
10454
10460
10455
#: serverguide/C/remote-administration.xml:331(para)
10461
#: serverguide/C/remote-administration.xml:345(para)
10456
10462
msgid ""
10457
10463
"Now everything is configured on the <application>Puppet</application> "
10458
10464
"server, it is time to configure the client."
10465
10471
"<emphasis>START</emphasis> to yes:"
10466
10472
msgstr ""
10467
10473
10468
#: serverguide/C/remote-administration.xml:340(programlisting) serverguide/C/mail.xml:627(programlisting)
10474
#: serverguide/C/remote-administration.xml:354(programlisting) serverguide/C/mail.xml:685(programlisting)
10469
10475
#, no-wrap
10470
10476
msgid ""
10471
10477
"\n"
10472
10478
"START=yes\n"
10473
10479
msgstr ""
10474
10480
10475
#: serverguide/C/remote-administration.xml:344(para)
10481
#: serverguide/C/remote-administration.xml:358(para)
10476
10482
msgid "Then start the service:"
10477
10483
msgstr ""
10478
10484
10527
10533
"<application>Puppet</application> client."
10528
10534
msgstr ""
10529
10535
10530
#: serverguide/C/remote-administration.xml:366(para)
10536
#: serverguide/C/remote-administration.xml:406(para)
10531
10537
msgid ""
10532
10538
"This example is <emphasis>very</emphasis> simple, and does not highlight "
10533
10539
"many of <application>Puppet</application>'s features and benefits. For more "
10534
10540
"information see <xref linkend=\"puppet-resources\"/>."
10535
10541
msgstr ""
10536
10542
10537
#: serverguide/C/remote-administration.xml:378(para)
10543
#: serverguide/C/remote-administration.xml:418(para)
10538
10544
msgid ""
10539
10545
"See the <ulink url=\"http://docs.puppetlabs.com/\">Official Puppet "
10540
10546
"Documentation</ulink> web site."
10546
10552
"online repository of puppet modules."
10547
10553
msgstr ""
10548
10554
10549
#: serverguide/C/remote-administration.xml:383(para)
10555
#: serverguide/C/remote-administration.xml:428(para)
10550
10556
msgid ""
10551
10557
"Also see <ulink url=\"http://www.apress.com/9781430230571\">Pro "
10552
10558
"Puppet</ulink>."
10553
10559
msgstr ""
10554
10560
10555
#: serverguide/C/remote-administration.xml:397(title)
10561
#: serverguide/C/remote-administration.xml:437(title)
10556
10562
msgid "Zentyal"
10557
10563
msgstr ""
10558
10564
10559
#: serverguide/C/remote-administration.xml:399(para)
10565
#: serverguide/C/remote-administration.xml:439(para)
10560
10566
msgid ""
10561
10567
"<application>Zentyal</application> is a Linux small business server, that "
10562
10568
"can be configured as a Gateway, Infrastructure Manager, Unified Threat "
10583
10589
"them."
10584
10590
msgstr ""
10585
10591
10586
#: serverguide/C/remote-administration.xml:427(para)
10592
#: serverguide/C/remote-administration.xml:467(para)
10587
10593
msgid ""
10588
10594
"Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules "
10589
10595
"available are:"
10590
10596
msgstr ""
10591
10597
10592
#: serverguide/C/remote-administration.xml:434(para)
10598
#: serverguide/C/remote-administration.xml:474(para)
10593
10599
msgid ""
10594
10600
"zentyal-core & zentyal-common: the core of the "
10595
10601
"<application>Zentyal</application> interface and the common libraries of the "
10597
10603
"administrator an interface to view the logs and generate events from them."
10598
10604
msgstr ""
10599
10605
10600
#: serverguide/C/remote-administration.xml:443(para)
10606
#: serverguide/C/remote-administration.xml:483(para)
10601
10607
msgid ""
10602
10608
"zentyal-network: manages the configuration of the network. From the "
10603
10609
"interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE), to multiple "
10612
10618
"services (e.g. HTTP instead of 80/TCP)."
10613
10619
msgstr ""
10614
10620
10615
#: serverguide/C/remote-administration.xml:458(para)
10621
#: serverguide/C/remote-administration.xml:498(para)
10616
10622
msgid ""
10617
10623
"zentyal-firewall: configures the <application>iptables</application> rules "
10618
10624
"to block forbiden connections, NAT and port redirections."
10619
10625
msgstr ""
10620
10626
10621
#: serverguide/C/remote-administration.xml:464(para)
10627
#: serverguide/C/remote-administration.xml:504(para)
10622
10628
msgid ""
10623
10629
"zentyal-ntp: installs the NTP daemon to keep server on time and allow "
10624
10630
"network clients to synchronize their clocks against the server."
10625
10631
msgstr ""
10626
10632
10627
#: serverguide/C/remote-administration.xml:470(para)
10633
#: serverguide/C/remote-administration.xml:510(para)
10628
10634
msgid ""
10629
10635
"zentyal-dhcp: configures <application>ISC DHCP</application> server "
10630
10636
"supporting network ranges, static leases and other advanced options like "
10631
10637
"NTP, WINS, dynamic DNS updates and network boot with PXE."
10632
10638
msgstr ""
10633
10639
10634
#: serverguide/C/remote-administration.xml:477(para)
10640
#: serverguide/C/remote-administration.xml:517(para)
10635
10641
msgid ""
10636
10642
"zentyal-dns: brings <application>ISC Bind9</application> DNS server into "
10637
10643
"your server for caching local queries as a forwarder or as an authoritative "
10639
10645
"and SRV records."
10640
10646
msgstr ""
10641
10647
10642
#: serverguide/C/remote-administration.xml:485(para)
10648
#: serverguide/C/remote-administration.xml:525(para)
10643
10649
msgid ""
10644
10650
"zentyal-ca: integrates the management of a Certification Authority within "
10645
10651
"Zentyal so users can use certificates to authenticate against the services, "
10646
10652
"like with <application>OpenVPN</application>."
10647
10653
msgstr ""
10648
10654
10649
#: serverguide/C/remote-administration.xml:492(para)
10655
#: serverguide/C/remote-administration.xml:532(para)
10650
10656
msgid ""
10651
10657
"zentyal-openvpn: allows to configure multiple VPN servers and clients using "
10652
10658
"<application>OpenVPN</application> with dynamic routing configuration using "
10653
10659
"<application>Quagga</application>."
10654
10660
msgstr ""
10655
10661
10656
#: serverguide/C/remote-administration.xml:499(para)
10662
#: serverguide/C/remote-administration.xml:539(para)
10657
10663
msgid ""
10658
10664
"zentyal-users: provides an interface to configure and manage users and "
10659
10665
"groups on <application>OpenLDAP</application>. Other services on Zentyal are "
10662
10668
"<application>Microsoft Active Directory</application> domain."
10663
10669
msgstr ""
10664
10670
10665
#: serverguide/C/remote-administration.xml:509(para)
10671
#: serverguide/C/remote-administration.xml:549(para)
10666
10672
msgid ""
10667
10673
"zentyal-squid: configures <application>Squid</application> and "
10668
10674
"<application>Dansguardian</application> for speeding up browsing thanks to "
10669
10675
"the caching capabilities and content filtering."
10670
10676
msgstr ""
10671
10677
10672
#: serverguide/C/remote-administration.xml:516(para)
10678
#: serverguide/C/remote-administration.xml:556(para)
10673
10679
msgid ""
10674
10680
"zentyal-samba: allows <application>Samba</application> configuration and "
10675
10681
"integration with existing LDAP. From the same interface you can define "
10676
10682
"password policies, create shared resources and assign permissions."
10677
10683
msgstr ""
10678
10684
10679
#: serverguide/C/remote-administration.xml:524(para)
10685
#: serverguide/C/remote-administration.xml:564(para)
10680
10686
msgid ""
10681
10687
"zentyal-printers: integrates <application>CUPS</application> with "
10682
10688
"<application>Samba</application> and allows not only to configure the "
10683
10689
"printers but also give them permissions based on LDAP users and groups."
10684
10690
msgstr ""
10685
10691
10686
#: serverguide/C/remote-administration.xml:533(para)
10692
#: serverguide/C/remote-administration.xml:573(para)
10687
10693
msgid ""
10688
10694
"To install <application>Zentyal</application>, in a terminal on the "
10689
10695
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10690
10696
"the modules from the previous list):"
10691
10697
msgstr ""
10692
10698
10693
#: serverguide/C/remote-administration.xml:540(command)
10699
#: serverguide/C/remote-administration.xml:580(command)
10694
10700
msgid "sudo apt-get install <zentyal-module>"
10695
10701
msgstr ""
10696
10702
10697
#: serverguide/C/remote-administration.xml:544(para)
10703
#: serverguide/C/remote-administration.xml:584(para)
10698
10704
msgid ""
10699
10705
"<application>Zentyal</application> publishes one major stable release once a "
10700
10706
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10714
10720
"Personal Package Archive (PPA)</ulink>."
10715
10721
msgstr ""
10716
10722
10717
#: serverguide/C/remote-administration.xml:566(para)
10723
#: serverguide/C/remote-administration.xml:606(para)
10718
10724
msgid ""
10719
10725
"Not present on Ubuntu Universe repositories, but on <ulink "
10720
10726
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10721
10727
"find these other modules:"
10722
10728
msgstr ""
10723
10729
10724
#: serverguide/C/remote-administration.xml:573(para)
10730
#: serverguide/C/remote-administration.xml:613(para)
10725
10731
msgid ""
10726
10732
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10727
10733
"with other modules like the proxy, file sharing or mailfilter."
10728
10734
msgstr ""
10729
10735
10730
#: serverguide/C/remote-administration.xml:580(para)
10736
#: serverguide/C/remote-administration.xml:620(para)
10731
10737
msgid ""
10732
10738
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10733
10739
"a simple PBX with LDAP based authentication."
10734
10740
msgstr ""
10735
10741
10736
#: serverguide/C/remote-administration.xml:586(para)
10742
#: serverguide/C/remote-administration.xml:626(para)
10737
10743
msgid ""
10738
10744
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10739
10745
msgstr ""
10740
10746
10741
#: serverguide/C/remote-administration.xml:592(para)
10747
#: serverguide/C/remote-administration.xml:632(para)
10742
10748
msgid ""
10743
10749
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10744
10750
"LDAP users and groups."
10745
10751
msgstr ""
10746
10752
10747
#: serverguide/C/remote-administration.xml:598(para)
10753
#: serverguide/C/remote-administration.xml:638(para)
10748
10754
msgid ""
10749
10755
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10750
10756
"popular <application>duplicity</application> backup tool."
10751
10757
msgstr ""
10752
10758
10753
#: serverguide/C/remote-administration.xml:604(para)
10759
#: serverguide/C/remote-administration.xml:644(para)
10754
10760
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10755
10761
msgstr ""
10756
10762
10757
#: serverguide/C/remote-administration.xml:609(para)
10763
#: serverguide/C/remote-administration.xml:649(para)
10758
10764
msgid "zentyal-ids: integrates a network intrusion detection system."
10759
10765
msgstr ""
10760
10766
10761
#: serverguide/C/remote-administration.xml:614(para)
10767
#: serverguide/C/remote-administration.xml:654(para)
10762
10768
msgid ""
10763
10769
"zentyal-ipsec: allows to configure IPsec tunnels using "
10764
10770
"<application>OpenSwan</application>."
10765
10771
msgstr ""
10766
10772
10767
#: serverguide/C/remote-administration.xml:620(para)
10773
#: serverguide/C/remote-administration.xml:660(para)
10768
10774
msgid ""
10769
10775
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10770
10776
"with LDAP users and groups."
10771
10777
msgstr ""
10772
10778
10773
#: serverguide/C/remote-administration.xml:626(para)
10779
#: serverguide/C/remote-administration.xml:666(para)
10774
10780
msgid ""
10775
10781
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10776
10782
"solution."
10777
10783
msgstr ""
10778
10784
10779
#: serverguide/C/remote-administration.xml:632(para)
10785
#: serverguide/C/remote-administration.xml:672(para)
10780
10786
msgid ""
10781
10787
"zentyal-mail: a full mail stack including <application>Postfix "
10782
10788
"</application> and <application>Dovecot</application> with LDAP backend."
10783
10789
msgstr ""
10784
10790
10785
#: serverguide/C/remote-administration.xml:639(para)
10791
#: serverguide/C/remote-administration.xml:679(para)
10786
10792
msgid ""
10787
10793
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10788
10794
"stack to filter spam and attached virus."
10789
10795
msgstr ""
10790
10796
10791
#: serverguide/C/remote-administration.xml:645(para)
10797
#: serverguide/C/remote-administration.xml:685(para)
10792
10798
msgid ""
10793
10799
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10794
10800
"server performance and running services."
10795
10801
msgstr ""
10796
10802
10797
#: serverguide/C/remote-administration.xml:651(para)
10803
#: serverguide/C/remote-administration.xml:691(para)
10798
10804
msgid ""
10799
10805
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10800
10806
msgstr ""
10801
10807
10802
#: serverguide/C/remote-administration.xml:656(para)
10808
#: serverguide/C/remote-administration.xml:696(para)
10803
10809
msgid ""
10804
10810
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10805
10811
"users and groups."
10806
10812
msgstr ""
10807
10813
10808
#: serverguide/C/remote-administration.xml:662(para)
10814
#: serverguide/C/remote-administration.xml:702(para)
10809
10815
msgid ""
10810
10816
"zentyal-software: simple interface to manage installed "
10811
10817
"<application>Zentyal</application> modules and system updates."
10812
10818
msgstr ""
10813
10819
10814
#: serverguide/C/remote-administration.xml:668(para)
10820
#: serverguide/C/remote-administration.xml:708(para)
10815
10821
msgid ""
10816
10822
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10817
10823
"throttling and improve latency."
10818
10824
msgstr ""
10819
10825
10820
#: serverguide/C/remote-administration.xml:674(para)
10826
#: serverguide/C/remote-administration.xml:714(para)
10821
10827
msgid ""
10822
10828
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10823
10829
"web browser."
10824
10830
msgstr ""
10825
10831
10826
#: serverguide/C/remote-administration.xml:680(para)
10832
#: serverguide/C/remote-administration.xml:720(para)
10827
10833
msgid ""
10828
10834
"zentyal-virt: simple interface to create and manage virtual machines based "
10829
10835
"on <application>libvirt</application>."
10830
10836
msgstr ""
10831
10837
10832
#: serverguide/C/remote-administration.xml:686(para)
10838
#: serverguide/C/remote-administration.xml:726(para)
10833
10839
msgid ""
10834
10840
"zentyal-webmail: allows to access your mail using the popular "
10835
10841
"<application>Roundcube</application> webmail."
10836
10842
msgstr ""
10837
10843
10838
#: serverguide/C/remote-administration.xml:692(para)
10844
#: serverguide/C/remote-administration.xml:732(para)
10839
10845
msgid ""
10840
10846
"zentyal-webserver: configures <application>Apache</application> webserver to "
10841
10847
"host different sites on your machine."
10842
10848
msgstr ""
10843
10849
10844
#: serverguide/C/remote-administration.xml:698(para)
10850
#: serverguide/C/remote-administration.xml:738(para)
10845
10851
msgid ""
10846
10852
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10847
10853
"with <application>Zentyal</application> mail stack and LDAP."
10848
10854
msgstr ""
10849
10855
10850
#: serverguide/C/remote-administration.xml:710(title)
10856
#: serverguide/C/remote-administration.xml:750(title)
10851
10857
msgid "First steps"
10852
10858
msgstr ""
10853
10859
10854
#: serverguide/C/remote-administration.xml:712(para)
10860
#: serverguide/C/remote-administration.xml:752(para)
10855
10861
msgid ""
10856
10862
"Any system account belonging to the sudo group is allowed to log into "
10857
10863
"<application>Zentyal</application> web interface. If you are using the user "
10858
10864
"created during the installation, this should be in the sudo group by default."
10859
10865
msgstr ""
10860
10866
10861
#: serverguide/C/remote-administration.xml:720(para)
10867
#: serverguide/C/remote-administration.xml:760(para)
10862
10868
msgid "If you need to add another user to the sudo group, just execute:"
10863
10869
msgstr ""
10864
10870
10865
#: serverguide/C/remote-administration.xml:725(command)
10871
#: serverguide/C/remote-administration.xml:765(command)
10866
10872
msgid "sudo adduser username sudo"
10867
10873
msgstr ""
10868
10874
10869
#: serverguide/C/remote-administration.xml:729(para)
10875
#: serverguide/C/remote-administration.xml:769(para)
10870
10876
msgid ""
10871
10877
"To access <application>Zentyal</application> web interface, browse into "
10872
10878
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
10874
10880
"exception on your browser."
10875
10881
msgstr ""
10876
10882
10877
#: serverguide/C/remote-administration.xml:736(para)
10883
#: serverguide/C/remote-administration.xml:776(para)
10878
10884
msgid ""
10879
10885
"Once logged in you will see the dashboard with an overview of your server. "
10880
10886
"To configure any of the features of your installed modules, go to the "
10888
10894
"files."
10889
10895
msgstr ""
10890
10896
10891
#: serverguide/C/remote-administration.xml:750(para)
10897
#: serverguide/C/remote-administration.xml:790(para)
10892
10898
msgid ""
10893
10899
"If you need to customize any configuration file or run certain actions "
10894
10900
"(scripts or commands) to configure features not available on "
10897
10903
"/etc/zentyal/hooks/<module>.<action>."
10898
10904
msgstr ""
10899
10905
10900
#: serverguide/C/remote-administration.xml:763(para)
10906
#: serverguide/C/remote-administration.xml:803(para)
10901
10907
msgid ""
10902
10908
"<ulink url=\"http://doc.zentyal.org/\">Zentyal Official Documentation "
10903
10909
"</ulink> page."
10904
10910
msgstr ""
10905
10911
10906
#: serverguide/C/remote-administration.xml:767(para)
10912
#: serverguide/C/remote-administration.xml:807(para)
10907
10913
msgid ""
10908
10914
"See also <ulink url=\"http://trac.zentyal.org/wiki/Documentation\">Zentyal "
10909
10915
"Community Documentation</ulink> page."
10910
10916
msgstr ""
10911
10917
10912
#: serverguide/C/remote-administration.xml:771(para)
10918
#: serverguide/C/remote-administration.xml:811(para)
10913
10919
msgid ""
10914
10920
"And don't forget to visit the <ulink url=\"http://forum.zentyal.org/\">forum "
10915
10921
"</ulink> for community support, feedback, feature requests, etc."
10923
10929
msgid ""
10924
10930
"Ubuntu features a comprehensive package management system for installing, "
10925
10931
"upgrading, configuring, and removing software. In addition to providing "
10926
"access to an organized base of over 35,000 software packages for your Ubuntu "
10932
"access to an organized base of over 45,000 software packages for your Ubuntu "
10927
10933
"computer, the package management facilities also feature dependency "
10928
10934
"resolution capabilities and software update checking."
10929
10935
msgstr ""
10955
10961
10956
10962
#: serverguide/C/package-management.xml:25(para)
10957
10963
msgid ""
10958
"Many complex packages use the concept of <emphasis "
10964
"Many complex packages use <emphasis "
10959
10965
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10960
10966
"packages required by the principal package in order to function properly. "
10961
10967
"For example, the speech synthesis package "
11277
11283
"menu."
11278
11284
msgstr ""
11279
11285
11280
#: serverguide/C/package-management.xml:246(para)
11286
#: serverguide/C/package-management.xml:263(para)
11281
11287
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11282
11288
msgstr ""
11283
11289
11284
#: serverguide/C/package-management.xml:251(para)
11290
#: serverguide/C/package-management.xml:268(para)
11285
11291
msgid ""
11286
11292
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11287
11293
"configuration remains on system"
11288
11294
msgstr ""
11289
11295
11290
#: serverguide/C/package-management.xml:255(para)
11296
#: serverguide/C/package-management.xml:272(para)
11291
11297
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11292
11298
msgstr ""
11293
11299
11294
#: serverguide/C/package-management.xml:259(para)
11300
#: serverguide/C/package-management.xml:276(para)
11295
11301
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11296
11302
msgstr ""
11297
11303
11298
#: serverguide/C/package-management.xml:263(para)
11304
#: serverguide/C/package-management.xml:280(para)
11299
11305
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11300
11306
msgstr ""
11301
11307
11302
#: serverguide/C/package-management.xml:267(para)
11308
#: serverguide/C/package-management.xml:284(para)
11303
11309
msgid ""
11304
11310
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11305
11311
"configured"
11306
11312
msgstr ""
11307
11313
11308
#: serverguide/C/package-management.xml:271(para)
11314
#: serverguide/C/package-management.xml:288(para)
11309
11315
msgid ""
11310
11316
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11311
11317
"and requires fix"
11312
11318
msgstr ""
11313
11319
11314
#: serverguide/C/package-management.xml:275(para)
11320
#: serverguide/C/package-management.xml:292(para)
11315
11321
msgid ""
11316
11322
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11317
11323
"requires fix"
11318
11324
msgstr ""
11319
11325
11320
#: serverguide/C/package-management.xml:243(para)
11326
#: serverguide/C/package-management.xml:260(para)
11321
11327
msgid ""
11322
11328
"The first column of information displayed in the package list in the top "
11323
11329
"pane, when actually viewing packages lists the current state of the package, "
11325
11331
"<placeholder-1/>"
11326
11332
msgstr ""
11327
11333
11328
#: serverguide/C/package-management.xml:281(para)
11334
#: serverguide/C/package-management.xml:298(para)
11329
11335
msgid ""
11330
11336
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
11331
11337
"wish to exit. Many other functions are available from the Aptitude menu by "
11332
11338
"pressing the <keycap>F10</keycap> key."
11333
11339
msgstr ""
11334
11340
11335
#: serverguide/C/package-management.xml:284(title)
11341
#: serverguide/C/package-management.xml:301(title)
11336
11342
msgid "Command Line Aptitude"
11337
11343
msgstr ""
11338
11344
11339
#: serverguide/C/package-management.xml:285(para)
11345
#: serverguide/C/package-management.xml:302(para)
11340
11346
msgid ""
11341
11347
"You can also use <application>Aptitude</application> as a command-line tool, "
11342
11348
"similar to <application>apt-get</application>. To install the "
11350
11356
"of command line options for <application>Aptitude</application>."
11351
11357
msgstr ""
11352
11358
11353
#: serverguide/C/package-management.xml:298(title)
11359
#: serverguide/C/package-management.xml:315(title)
11354
11360
msgid "Automatic Updates"
11355
11361
msgstr ""
11356
11362
11357
#: serverguide/C/package-management.xml:300(para)
11363
#: serverguide/C/package-management.xml:317(para)
11358
11364
msgid ""
11359
11365
"The <application>unattended-upgrades</application> package can be used to "
11360
11366
"automatically install updated packages, and can be configured to update all "
11362
11368
"entering the following in a terminal:"
11363
11369
msgstr ""
11364
11370
11365
#: serverguide/C/package-management.xml:306(command)
11371
#: serverguide/C/package-management.xml:323(command)
11366
11372
msgid "sudo apt-get install unattended-upgrades"
11367
11373
msgstr ""
11368
11374
11369
#: serverguide/C/package-management.xml:309(para)
11375
#: serverguide/C/package-management.xml:326(para)
11370
11376
msgid ""
11371
11377
"To configure <application>unattended-upgrades</application>, edit "
11372
11378
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
11383
11389
"};\n"
11384
11390
msgstr ""
11385
11391
11386
#: serverguide/C/package-management.xml:321(para)
11392
#: serverguide/C/package-management.xml:338(para)
11387
11393
msgid ""
11388
11394
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
11389
11395
"will not be automatically updated. To blacklist a package, add it to the "
11390
11396
"list:"
11391
11397
msgstr ""
11392
11398
11393
#: serverguide/C/package-management.xml:326(programlisting)
11399
#: serverguide/C/package-management.xml:343(programlisting)
11394
11400
#, no-wrap
11395
11401
msgid ""
11396
11402
"\n"
11402
11408
"};\n"
11403
11409
msgstr ""
11404
11410
11405
#: serverguide/C/package-management.xml:336(para)
11411
#: serverguide/C/package-management.xml:353(para)
11406
11412
msgid ""
11407
11413
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
11408
11414
"whatever follows \"//\" will not be evaluated."
11409
11415
msgstr ""
11410
11416
11411
#: serverguide/C/package-management.xml:341(para)
11417
#: serverguide/C/package-management.xml:358(para)
11412
11418
msgid ""
11413
11419
"To enable automatic updates, edit "
11414
11420
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
11415
11421
"<application>apt</application> configuration options:"
11416
11422
msgstr ""
11417
11423
11418
#: serverguide/C/package-management.xml:345(programlisting)
11424
#: serverguide/C/package-management.xml:362(programlisting)
11419
11425
#, no-wrap
11420
11426
msgid ""
11421
11427
"\n"
11425
11431
"APT::Periodic::Unattended-Upgrade \"1\";\n"
11426
11432
msgstr ""
11427
11433
11428
#: serverguide/C/package-management.xml:352(para)
11434
#: serverguide/C/package-management.xml:369(para)
11429
11435
msgid ""
11430
11436
"The above configuration updates the package list, downloads, and installs "
11431
11437
"available upgrades every day. The local download archive is cleaned every "
11432
11438
"week."
11433
11439
msgstr ""
11434
11440
11435
#: serverguide/C/package-management.xml:358(para)
11441
#: serverguide/C/package-management.xml:375(para)
11436
11442
msgid ""
11437
11443
"You can read more about <application>apt</application> Periodic "
11438
11444
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
11439
11445
"header."
11440
11446
msgstr ""
11441
11447
11442
#: serverguide/C/package-management.xml:363(para)
11448
#: serverguide/C/package-management.xml:380(para)
11443
11449
msgid ""
11444
11450
"The results of <application>unattended-upgrades</application> will be logged "
11445
11451
"to <filename>/var/log/unattended-upgrades</filename>."
11446
11452
msgstr ""
11447
11453
11448
#: serverguide/C/package-management.xml:368(title)
11454
#: serverguide/C/package-management.xml:385(title)
11449
11455
msgid "Notifications"
11450
11456
msgstr ""
11451
11457
11452
#: serverguide/C/package-management.xml:370(para)
11458
#: serverguide/C/package-management.xml:387(para)
11453
11459
msgid ""
11454
11460
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
11455
11461
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
11457
11463
"detailing any packages that need upgrading or have problems."
11458
11464
msgstr ""
11459
11465
11460
#: serverguide/C/package-management.xml:375(para)
11466
#: serverguide/C/package-management.xml:392(para)
11461
11467
msgid ""
11462
11468
"Another useful package is <application>apticron</application>. "
11463
11469
"<application>apticron</application> will configure a "
11466
11472
"summary of changes in each package."
11467
11473
msgstr ""
11468
11474
11469
#: serverguide/C/package-management.xml:381(para)
11475
#: serverguide/C/package-management.xml:398(para)
11470
11476
msgid ""
11471
11477
"To install the <application>apticron</application> package, in a terminal "
11472
11478
"enter:"
11473
11479
msgstr ""
11474
11480
11475
#: serverguide/C/package-management.xml:386(command)
11481
#: serverguide/C/package-management.xml:403(command)
11476
11482
msgid "sudo apt-get install apticron"
11477
11483
msgstr ""
11478
11484
11479
#: serverguide/C/package-management.xml:389(para)
11485
#: serverguide/C/package-management.xml:406(para)
11480
11486
msgid ""
11481
11487
"Once the package is installed edit "
11482
11488
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
11483
11489
"and other options:"
11484
11490
msgstr ""
11485
11491
11486
#: serverguide/C/package-management.xml:393(programlisting)
11492
#: serverguide/C/package-management.xml:410(programlisting)
11487
11493
#, no-wrap
11488
11494
msgid ""
11489
11495
"\n"
11490
11496
"EMAIL=\"root@example.com\"\n"
11491
11497
msgstr ""
11492
11498
11493
#: serverguide/C/package-management.xml:402(para)
11499
#: serverguide/C/package-management.xml:419(para)
11494
11500
msgid ""
11495
11501
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
11496
11502
"system repositories is stored in the "
11500
11506
"repository references from the file."
11501
11507
msgstr ""
11502
11508
11503
#: serverguide/C/package-management.xml:411(para)
11509
#: serverguide/C/package-management.xml:424(para)
11504
11510
msgid ""
11505
11511
"You may edit the file to enable repositories or disable them. For example, "
11506
11512
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
11517
11523
"main restricted\n"
11518
11524
msgstr ""
11519
11525
11520
#: serverguide/C/package-management.xml:422(title)
11526
#: serverguide/C/package-management.xml:435(title)
11521
11527
msgid "Extra Repositories"
11522
11528
msgstr ""
11523
11529
11524
#: serverguide/C/package-management.xml:423(para)
11530
#: serverguide/C/package-management.xml:436(para)
11525
11531
msgid ""
11526
11532
"In addition to the officially supported package repositories available for "
11527
11533
"Ubuntu, there exist additional community-maintained repositories which add "
11532
11538
"which are safe for use with your Ubuntu computer."
11533
11539
msgstr ""
11534
11540
11535
#: serverguide/C/package-management.xml:426(para)
11541
#: serverguide/C/package-management.xml:439(para)
11536
11542
msgid ""
11537
11543
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
11538
11544
"licensing issues that prevent them from being distributed with a free "
11539
11545
"operating system, and they may be illegal in your locality."
11540
11546
msgstr ""
11541
11547
11542
#: serverguide/C/package-management.xml:428(para)
11548
#: serverguide/C/package-management.xml:441(para)
11543
11549
msgid ""
11544
11550
"Be advised that neither the <emphasis>Universe</emphasis> or "
11545
11551
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
11547
11553
"packages."
11548
11554
msgstr ""
11549
11555
11550
#: serverguide/C/package-management.xml:432(para)
11556
#: serverguide/C/package-management.xml:445(para)
11551
11557
msgid ""
11552
11558
"Many other package sources are available, sometimes even offering only one "
11553
11559
"package, as in the case of package sources provided by the developer of a "
11558
11564
"functional in some respects."
11559
11565
msgstr ""
11560
11566
11561
#: serverguide/C/package-management.xml:435(para)
11567
#: serverguide/C/package-management.xml:448(para)
11562
11568
msgid ""
11563
11569
"By default, the <emphasis>Universe</emphasis> and "
11564
11570
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
11589
11595
"deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse\n"
11590
11596
msgstr ""
11591
11597
11592
#: serverguide/C/package-management.xml:468(para)
11598
#: serverguide/C/package-management.xml:481(para)
11593
11599
msgid ""
11594
11600
"Most of the material covered in this chapter is available in "
11595
11601
"<application>man</application> pages, many of which are available online."
11596
11602
msgstr ""
11597
11603
11598
#: serverguide/C/package-management.xml:475(para)
11604
#: serverguide/C/package-management.xml:488(para)
11599
11605
msgid ""
11600
11606
"The <ulink "
11601
11607
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11625
11631
"ude man page</ulink> for more <application>aptitude</application> options."
11626
11632
msgstr ""
11627
11633
11628
#: serverguide/C/package-management.xml:499(para)
11634
#: serverguide/C/package-management.xml:512(para)
11629
11635
msgid ""
11630
11636
"The <ulink "
11631
11637
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
11692
11698
"reboots (e.g.: after a kernel upgrade)."
11693
11699
msgstr ""
11694
11700
11695
#: serverguide/C/other-apps.xml:44(para)
11701
#: serverguide/C/other-apps.xml:61(para)
11696
11702
msgid ""
11697
11703
"<application>pam_motd</application> executes the scripts in "
11698
11704
"<filename>/etc/update-motd.d</filename> in order based on the number "
11701
11707
"concatenated with <filename>/etc/motd.tail</filename>."
11702
11708
msgstr ""
11703
11709
11704
#: serverguide/C/other-apps.xml:50(para)
11710
#: serverguide/C/other-apps.xml:67(para)
11705
11711
msgid ""
11706
11712
"You can add your own dynamic information to the MOTD. For example, to add "
11707
11713
"local weather information:"
11708
11714
msgstr ""
11709
11715
11710
#: serverguide/C/other-apps.xml:56(para)
11716
#: serverguide/C/other-apps.xml:73(para)
11711
11717
msgid "First, install the <application>weather-util</application> package:"
11712
11718
msgstr ""
11713
11719
11714
#: serverguide/C/other-apps.xml:61(command)
11720
#: serverguide/C/other-apps.xml:78(command)
11715
11721
msgid "sudo apt-get install weather-util"
11716
11722
msgstr ""
11717
11723
11718
#: serverguide/C/other-apps.xml:66(para)
11724
#: serverguide/C/other-apps.xml:83(para)
11719
11725
msgid ""
11720
11726
"The <application>weather</application> utility uses METAR data from the "
11721
11727
"National Oceanic and Atmospheric Administration and forecasts from the "
11725
11731
"Weather Service</ulink> site."
11726
11732
msgstr ""
11727
11733
11728
#: serverguide/C/other-apps.xml:73(para)
11734
#: serverguide/C/other-apps.xml:90(para)
11729
11735
msgid ""
11730
11736
"Although the National Weather Service is a United States government agency "
11731
11737
"there are weather stations available world wide. However, local weather "
11732
11738
"information for all locations outside the U.S. may not be available."
11733
11739
msgstr ""
11734
11740
11735
#: serverguide/C/other-apps.xml:79(para)
11741
#: serverguide/C/other-apps.xml:96(para)
11736
11742
msgid ""
11737
11743
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11738
11744
"script to use <application>weather</application> with your local ICAO "
11739
11745
"indicator:"
11740
11746
msgstr ""
11741
11747
11742
#: serverguide/C/other-apps.xml:84(programlisting)
11748
#: serverguide/C/other-apps.xml:101(programlisting)
11743
11749
#, no-wrap
11744
11750
msgid ""
11745
11751
"\n"
11759
11765
"\n"
11760
11766
msgstr ""
11761
11767
11762
#: serverguide/C/other-apps.xml:102(para)
11768
#: serverguide/C/other-apps.xml:119(para)
11763
11769
msgid "Make the script executable:"
11764
11770
msgstr ""
11765
11771
11766
#: serverguide/C/other-apps.xml:107(command)
11772
#: serverguide/C/other-apps.xml:124(command)
11767
11773
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11768
11774
msgstr ""
11769
11775
11770
#: serverguide/C/other-apps.xml:111(para)
11776
#: serverguide/C/other-apps.xml:128(para)
11771
11777
msgid ""
11772
11778
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11773
11779
"weather</filename>:"
11774
11780
msgstr ""
11775
11781
11776
#: serverguide/C/other-apps.xml:116(command)
11782
#: serverguide/C/other-apps.xml:133(command)
11777
11783
msgid ""
11778
11784
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11779
11785
msgstr ""
11780
11786
11781
#: serverguide/C/other-apps.xml:120(para)
11787
#: serverguide/C/other-apps.xml:137(para)
11782
11788
msgid "Finally, exit the server and re-login to view the new MOTD."
11783
11789
msgstr ""
11784
11790
11785
#: serverguide/C/other-apps.xml:126(para)
11791
#: serverguide/C/other-apps.xml:143(para)
11786
11792
msgid ""
11787
11793
"You should now be greeted with some useful information, and some information "
11788
11794
"about the local weather that may not be quite so useful. Hopefully the "
11798
11804
"<application>update-motd</application>."
11799
11805
msgstr ""
11800
11806
11801
#: serverguide/C/other-apps.xml:338(para)
11807
#: serverguide/C/other-apps.xml:163(para)
11802
11808
msgid ""
11803
11809
"The Debian Package of the Day <ulink "
11804
11810
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11806
11812
"details about using the <application>weather</application>utility."
11807
11813
msgstr ""
11808
11814
11809
#: serverguide/C/other-apps.xml:134(title)
11815
#: serverguide/C/other-apps.xml:178(title)
11810
11816
msgid "etckeeper"
11811
11817
msgstr ""
11812
11818
11822
11828
"possible."
11823
11829
msgstr ""
11824
11830
11825
#: serverguide/C/other-apps.xml:144(para)
11831
#: serverguide/C/other-apps.xml:188(para)
11826
11832
msgid ""
11827
11833
"Install <application>etckeeper</application> by entering the following in a "
11828
11834
"terminal:"
11829
11835
msgstr ""
11830
11836
11831
#: serverguide/C/other-apps.xml:149(command)
11837
#: serverguide/C/other-apps.xml:193(command)
11832
11838
msgid "sudo apt-get install etckeeper"
11833
11839
msgstr ""
11834
11840
11843
11849
"It is possible to undo this by entering the following command:"
11844
11850
msgstr ""
11845
11851
11846
#: serverguide/C/other-apps.xml:162(command)
11852
#: serverguide/C/other-apps.xml:204(command)
11847
11853
msgid "sudo etckeeper uninit"
11848
11854
msgstr ""
11849
11855
11850
#: serverguide/C/other-apps.xml:165(para)
11856
#: serverguide/C/other-apps.xml:207(para)
11851
11857
msgid ""
11852
11858
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11853
11859
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11856
11862
"commit your changes manually, together with a commit message, using:"
11857
11863
msgstr ""
11858
11864
11859
#: serverguide/C/other-apps.xml:174(command)
11865
#: serverguide/C/other-apps.xml:214(command)
11860
11866
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11861
11867
msgstr ""
11862
11868
11864
11870
msgid "Using bzr's VCS commands you can view log information:"
11865
11871
msgstr ""
11866
11872
11867
#: serverguide/C/other-apps.xml:182(command)
11873
#: serverguide/C/other-apps.xml:222(command)
11868
11874
msgid "sudo bzr log /etc/passwd"
11869
11875
msgstr ""
11870
11876
11874
11880
"install <application>postfix</application>:"
11875
11881
msgstr ""
11876
11882
11877
#: serverguide/C/other-apps.xml:190(command) serverguide/C/mail.xml:43(command)
11883
#: serverguide/C/other-apps.xml:230(command) serverguide/C/mail.xml:43(command)
11878
11884
msgid "sudo apt-get install postfix"
11879
11885
msgstr ""
11880
11886
11881
#: serverguide/C/other-apps.xml:193(para)
11887
#: serverguide/C/other-apps.xml:233(para)
11882
11888
msgid ""
11883
11889
"When the installation is finished, all the "
11884
11890
"<application>postfix</application> configuration files should be committed "
11885
11891
"to the repository:"
11886
11892
msgstr ""
11887
11893
11888
#: serverguide/C/other-apps.xml:199(computeroutput)
11894
#: serverguide/C/other-apps.xml:239(computeroutput)
11889
11895
#, no-wrap
11890
11896
msgid ""
11891
11897
"Committing to: /etc/\n"
11928
11934
"Committed revision 2."
11929
11935
msgstr ""
11930
11936
11931
#: serverguide/C/other-apps.xml:239(para)
11937
#: serverguide/C/other-apps.xml:279(para)
11932
11938
msgid ""
11933
11939
"For an example of how <application>etckeeper</application> tracks manual "
11934
11940
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11935
11941
"<application>bzr</application> you can see which files have been modified:"
11936
11942
msgstr ""
11937
11943
11938
#: serverguide/C/other-apps.xml:245(command)
11944
#: serverguide/C/other-apps.xml:285(command)
11939
11945
msgid "sudo bzr status /etc/"
11940
11946
msgstr ""
11941
11947
11942
#: serverguide/C/other-apps.xml:246(computeroutput)
11948
#: serverguide/C/other-apps.xml:286(computeroutput)
11943
11949
#, no-wrap
11944
11950
msgid ""
11945
11951
"modified:\n"
11946
11952
" hosts"
11947
11953
msgstr ""
11948
11954
11949
#: serverguide/C/other-apps.xml:250(para)
11955
#: serverguide/C/other-apps.xml:290(para)
11950
11956
msgid "Now commit the changes:"
11951
11957
msgstr ""
11952
11958
11954
11960
msgid "sudo etckeeper commit \"added new host\""
11955
11961
msgstr ""
11956
11962
11957
#: serverguide/C/other-apps.xml:258(para)
11963
#: serverguide/C/other-apps.xml:298(para)
11958
11964
msgid ""
11959
11965
"For more information on <application>bzr</application> see <xref "
11960
11966
"linkend=\"bazaar\"/>."
11961
11967
msgstr ""
11962
11968
11963
#: serverguide/C/other-apps.xml:345(para)
11964
msgid ""
11965
"See the <ulink "
11966
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11967
"more details on using <application>etckeeper</application>."
11968
msgstr ""
11969
11970
#: serverguide/C/other-apps.xml:351(para)
11971
msgid ""
11972
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11973
"Ubuntu Wiki</ulink> page."
11974
msgstr ""
11975
11976
#: serverguide/C/other-apps.xml:356(para)
11969
#: serverguide/C/other-apps.xml:310(para)
11970
msgid ""
11971
"See the <ulink url=\"http://etckeeper.branchable.com/\">etckeeper</ulink> "
11972
"site for more details on using <application>etckeeper</application>."
11973
msgstr ""
11974
11975
#: serverguide/C/other-apps.xml:317(para)
11977
11976
msgid ""
11978
11977
"For the latest news and information about <application>bzr</application> see "
11979
11978
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11980
11979
msgstr ""
11981
11980
11982
#: serverguide/C/other-apps.xml:264(title)
11981
#: serverguide/C/other-apps.xml:329(title)
11983
11982
msgid "Byobu"
11984
11983
msgstr ""
11985
11984
11986
#: serverguide/C/other-apps.xml:337(para)
11985
#: serverguide/C/other-apps.xml:331(para)
11987
11986
msgid ""
11988
11987
"One of the most useful applications for any system administrator is an xterm "
11989
11988
"multiplexor such as <application>screen</application> or "
11995
11994
"changed by the user."
11996
11995
msgstr ""
11997
11996
11998
#: serverguide/C/other-apps.xml:344(para)
11997
#: serverguide/C/other-apps.xml:338(para)
11999
11998
msgid "Invoke it simply with:"
12000
11999
msgstr ""
12001
12000
12002
#: serverguide/C/other-apps.xml:349(command)
12001
#: serverguide/C/other-apps.xml:343(command)
12003
12002
msgid "byobu"
12004
12003
msgstr ""
12005
12004
12006
#: serverguide/C/other-apps.xml:352(para)
12005
#: serverguide/C/other-apps.xml:346(para)
12007
12006
msgid ""
12008
12007
"Now bring up the configuration menu. By default this is done by pressing the "
12009
12008
"<emphasis>F9</emphasis> key. This will allow you to:"
12010
12009
msgstr ""
12011
12010
12012
#: serverguide/C/other-apps.xml:279(para)
12011
#: serverguide/C/other-apps.xml:351(para)
12013
12012
msgid "View the Help menu"
12014
12013
msgstr ""
12015
12014
12016
#: serverguide/C/other-apps.xml:280(para)
12015
#: serverguide/C/other-apps.xml:352(para)
12017
12016
msgid "Change Byobu's background color"
12018
12017
msgstr ""
12019
12018
12020
#: serverguide/C/other-apps.xml:281(para)
12019
#: serverguide/C/other-apps.xml:353(para)
12021
12020
msgid "Change Byobu's foreground color"
12022
12021
msgstr ""
12023
12022
12024
#: serverguide/C/other-apps.xml:282(para)
12023
#: serverguide/C/other-apps.xml:354(para)
12025
12024
msgid "Toggle status notifications"
12026
12025
msgstr ""
12027
12026
12028
#: serverguide/C/other-apps.xml:283(para)
12027
#: serverguide/C/other-apps.xml:355(para)
12029
12028
msgid "Change the key binding set"
12030
12029
msgstr ""
12031
12030
12032
#: serverguide/C/other-apps.xml:284(para)
12031
#: serverguide/C/other-apps.xml:356(para)
12033
12032
msgid "Change the escape sequence"
12034
12033
msgstr ""
12035
12034
12036
#: serverguide/C/other-apps.xml:285(para)
12035
#: serverguide/C/other-apps.xml:357(para)
12037
12036
msgid "Create new windows"
12038
12037
msgstr ""
12039
12038
12040
#: serverguide/C/other-apps.xml:286(para)
12039
#: serverguide/C/other-apps.xml:358(para)
12041
12040
msgid "Manage the default windows"
12042
12041
msgstr ""
12043
12042
12044
#: serverguide/C/other-apps.xml:287(para)
12043
#: serverguide/C/other-apps.xml:359(para)
12045
12044
msgid "Byobu currently does not launch at login (toggle on)"
12046
12045
msgstr ""
12047
12046
12048
#: serverguide/C/other-apps.xml:290(para)
12047
#: serverguide/C/other-apps.xml:362(para)
12049
12048
msgid ""
12050
12049
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12051
12050
"sequence, new window, change window, etc. There are two key binding sets to "
12054
12053
"<emphasis>none</emphasis> set."
12055
12054
msgstr ""
12056
12055
12057
#: serverguide/C/other-apps.xml:296(para)
12056
#: serverguide/C/other-apps.xml:368(para)
12058
12057
msgid ""
12059
12058
"<application>byobu</application> provides a menu which displays the Ubuntu "
12060
12059
"release, processor information, memory information, and the time and date. "
12061
12060
"The effect is similar to a desktop menu."
12062
12061
msgstr ""
12063
12062
12064
#: serverguide/C/other-apps.xml:301(para)
12063
#: serverguide/C/other-apps.xml:373(para)
12065
12064
msgid ""
12066
12065
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
12067
12066
"on)\"</emphasis> option will cause <application>byobu</application> to be "
12070
12069
"affect other users on the system."
12071
12070
msgstr ""
12072
12071
12073
#: serverguide/C/other-apps.xml:307(para)
12072
#: serverguide/C/other-apps.xml:379(para)
12074
12073
msgid ""
12075
12074
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
12076
12075
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
12078
12077
"commands. Here is a quick list of movement commands:"
12079
12078
msgstr ""
12080
12079
12081
#: serverguide/C/other-apps.xml:314(para)
12080
#: serverguide/C/other-apps.xml:386(para)
12082
12081
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12083
12082
msgstr ""
12084
12083
12085
#: serverguide/C/other-apps.xml:315(para)
12084
#: serverguide/C/other-apps.xml:387(para)
12086
12085
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12087
12086
msgstr ""
12088
12087
12089
#: serverguide/C/other-apps.xml:316(para)
12088
#: serverguide/C/other-apps.xml:388(para)
12090
12089
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12091
12090
msgstr ""
12092
12091
12093
#: serverguide/C/other-apps.xml:317(para)
12092
#: serverguide/C/other-apps.xml:389(para)
12094
12093
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12095
12094
msgstr ""
12096
12095
12097
#: serverguide/C/other-apps.xml:318(para)
12096
#: serverguide/C/other-apps.xml:390(para)
12098
12097
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12099
12098
msgstr ""
12100
12099
12101
#: serverguide/C/other-apps.xml:319(para)
12100
#: serverguide/C/other-apps.xml:391(para)
12102
12101
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12103
12102
msgstr ""
12104
12103
12105
#: serverguide/C/other-apps.xml:320(para)
12104
#: serverguide/C/other-apps.xml:392(para)
12106
12105
msgid ""
12107
12106
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12108
12107
"the buffer)"
12109
12108
msgstr ""
12110
12109
12111
#: serverguide/C/other-apps.xml:321(para)
12110
#: serverguide/C/other-apps.xml:393(para)
12112
12111
msgid "<emphasis>/</emphasis> - Search forward"
12113
12112
msgstr ""
12114
12113
12115
#: serverguide/C/other-apps.xml:322(para)
12114
#: serverguide/C/other-apps.xml:394(para)
12116
12115
msgid "<emphasis>?</emphasis> - Search backward"
12117
12116
msgstr ""
12118
12117
12119
#: serverguide/C/other-apps.xml:401(para)
12118
#: serverguide/C/other-apps.xml:395(para)
12120
12119
msgid ""
12121
12120
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
12122
12121
msgstr ""
12123
12122
12124
#: serverguide/C/other-apps.xml:361(para)
12123
#: serverguide/C/other-apps.xml:403(para)
12125
12124
msgid ""
12126
12125
"For more information on <application>screen</application> see the <ulink "
12127
12126
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12128
12127
msgstr ""
12129
12128
12130
#: serverguide/C/other-apps.xml:366(para)
12129
#: serverguide/C/other-apps.xml:408(para)
12131
12130
msgid ""
12132
12131
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12133
12132
"screen</ulink> page."
12134
12133
msgstr ""
12135
12134
12136
#: serverguide/C/other-apps.xml:371(para)
12135
#: serverguide/C/other-apps.xml:413(para)
12137
12136
msgid ""
12138
12137
"Also, see the <application>byobu</application><ulink "
12139
12138
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
12155
12154
"discussion of popular network protocols."
12156
12155
msgstr ""
12157
12156
12158
#: serverguide/C/virtualization.xml:3853(title) serverguide/C/network-config.xml:25(title)
12157
#: serverguide/C/network-config.xml:25(title)
12159
12158
msgid "Network Configuration"
12160
12159
msgstr ""
12161
12160
12438
12437
"persistent way to do DNS client configuration is in a following section."
12439
12438
msgstr ""
12440
12439
12441
#: serverguide/C/network-config.xml:224(programlisting)
12440
#: serverguide/C/network-config.xml:226(programlisting)
12442
12441
#, no-wrap
12443
12442
msgid ""
12444
12443
"\n"
12446
12445
"nameserver 8.8.4.4\n"
12447
12446
msgstr ""
12448
12447
12449
#: serverguide/C/network-config.xml:228(para)
12448
#: serverguide/C/network-config.xml:230(para)
12450
12449
msgid ""
12451
12450
"If you no longer need this configuration and wish to purge all IP "
12452
12451
"configuration from an interface, you can use the "
12453
12452
"<application>ip</application> command with the flush option as shown below."
12454
12453
msgstr ""
12455
12454
12456
#: serverguide/C/network-config.xml:234(command)
12455
#: serverguide/C/network-config.xml:236(command)
12457
12456
msgid "ip addr flush eth0"
12458
12457
msgstr ""
12459
12458
12467
12466
"<filename>/run/resolvconf/resolv.conf</filename>, to be re-written."
12468
12467
msgstr ""
12469
12468
12470
#: serverguide/C/network-config.xml:245(title)
12469
#: serverguide/C/network-config.xml:249(title)
12471
12470
msgid "Dynamic IP Address Assignment (DHCP Client)"
12472
12471
msgstr ""
12473
12472
12474
#: serverguide/C/network-config.xml:246(para)
12473
#: serverguide/C/network-config.xml:250(para)
12475
12474
msgid ""
12476
12475
"To configure your server to use DHCP for dynamic address assignment, add the "
12477
12476
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
12481
12480
"role=\"italic\">eth0</emphasis>."
12482
12481
msgstr ""
12483
12482
12484
#: serverguide/C/network-config.xml:253(programlisting)
12483
#: serverguide/C/network-config.xml:257(programlisting)
12485
12484
#, no-wrap
12486
12485
msgid ""
12487
12486
"\n"
12489
12488
"iface eth0 inet dhcp\n"
12490
12489
msgstr ""
12491
12490
12492
#: serverguide/C/network-config.xml:257(para)
12491
#: serverguide/C/network-config.xml:261(para)
12493
12492
msgid ""
12494
12493
"By adding an interface configuration as shown above, you can manually enable "
12495
12494
"the interface through the <application>ifup</application> command which "
12496
12495
"initiates the DHCP process via <application>dhclient</application>."
12497
12496
msgstr ""
12498
12497
12499
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12498
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12500
12499
msgid "sudo ifup eth0"
12501
12500
msgstr ""
12502
12501
12503
#: serverguide/C/network-config.xml:265(para)
12502
#: serverguide/C/network-config.xml:269(para)
12504
12503
msgid ""
12505
12504
"To manually disable the interface, you can use the "
12506
12505
"<application>ifdown</application> command, which in turn will initiate the "
12507
12506
"DHCP release process and shut down the interface."
12508
12507
msgstr ""
12509
12508
12510
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12509
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12511
12510
msgid "sudo ifdown eth0"
12512
12511
msgstr ""
12513
12512
12514
#: serverguide/C/network-config.xml:276(title)
12513
#: serverguide/C/network-config.xml:280(title)
12515
12514
msgid "Static IP Address Assignment"
12516
12515
msgstr ""
12517
12516
12518
#: serverguide/C/network-config.xml:277(para)
12517
#: serverguide/C/network-config.xml:281(para)
12519
12518
msgid ""
12520
12519
"To configure your system to use a static IP address assignment, add the "
12521
12520
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12529
12528
"network."
12530
12529
msgstr ""
12531
12530
12532
#: serverguide/C/network-config.xml:286(programlisting)
12531
#: serverguide/C/network-config.xml:290(programlisting)
12533
12532
#, no-wrap
12534
12533
msgid ""
12535
12534
"\n"
12540
12539
"gateway 10.0.0.1\n"
12541
12540
msgstr ""
12542
12541
12543
#: serverguide/C/network-config.xml:293(para)
12542
#: serverguide/C/network-config.xml:297(para)
12544
12543
msgid ""
12545
12544
"By adding an interface configuration as shown above, you can manually enable "
12546
12545
"the interface through the <application>ifup</application> command."
12547
12546
msgstr ""
12548
12547
12549
#: serverguide/C/network-config.xml:300(para)
12548
#: serverguide/C/network-config.xml:304(para)
12550
12549
msgid ""
12551
12550
"To manually disable the interface, you can use the "
12552
12551
"<application>ifdown</application> command."
12553
12552
msgstr ""
12554
12553
12555
#: serverguide/C/network-config.xml:310(title)
12554
#: serverguide/C/network-config.xml:314(title)
12556
12555
msgid "Loopback Interface"
12557
12556
msgstr ""
12558
12557
12559
#: serverguide/C/network-config.xml:311(para)
12558
#: serverguide/C/network-config.xml:315(para)
12560
12559
msgid ""
12561
12560
"The loopback interface is identified by the system as <emphasis "
12562
12561
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
12563
12562
"can be viewed using the ifconfig command."
12564
12563
msgstr ""
12565
12564
12566
#: serverguide/C/network-config.xml:316(command)
12565
#: serverguide/C/network-config.xml:320(command)
12567
12566
msgid "ifconfig lo"
12568
12567
msgstr ""
12569
12568
12570
#: serverguide/C/network-config.xml:317(computeroutput)
12569
#: serverguide/C/network-config.xml:321(computeroutput)
12571
12570
#, no-wrap
12572
12571
msgid ""
12573
12572
"lo Link encap:Local Loopback \n"
12580
12579
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)"
12581
12580
msgstr ""
12582
12581
12583
#: serverguide/C/network-config.xml:326(para)
12582
#: serverguide/C/network-config.xml:330(para)
12584
12583
msgid ""
12585
12584
"By default, there should be two lines in "
12586
12585
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12589
12588
"example of the two default lines are shown below."
12590
12589
msgstr ""
12591
12590
12592
#: serverguide/C/network-config.xml:332(programlisting)
12591
#: serverguide/C/network-config.xml:336(programlisting)
12593
12592
#, no-wrap
12594
12593
msgid ""
12595
12594
"\n"
12597
12596
"iface lo inet loopback\n"
12598
12597
msgstr ""
12599
12598
12600
#: serverguide/C/network-config.xml:341(title)
12599
#: serverguide/C/network-config.xml:345(title)
12601
12600
msgid "Name Resolution"
12602
12601
msgstr ""
12603
12602
12604
#: serverguide/C/network-config.xml:342(para)
12603
#: serverguide/C/network-config.xml:346(para)
12605
12604
msgid ""
12606
12605
"Name resolution as it relates to IP networking is the process of mapping IP "
12607
12606
"addresses to hostnames, making it easier to identify resources on a network. "
12609
12608
"name resolution using DNS and static hostname records."
12610
12609
msgstr ""
12611
12610
12612
#: serverguide/C/network-config.xml:350(title)
12611
#: serverguide/C/network-config.xml:354(title)
12613
12612
msgid "DNS Client Configuration"
12614
12613
msgstr ""
12615
12614
12616
#: serverguide/C/network-config.xml:362(programlisting)
12615
#: serverguide/C/network-config.xml:366(programlisting)
12617
12616
#, no-wrap
12618
12617
msgid ""
12619
12618
"\n"
12646
12645
"following:"
12647
12646
msgstr ""
12648
12647
12649
#: serverguide/C/network-config.xml:373(programlisting)
12648
#: serverguide/C/network-config.xml:377(programlisting)
12650
12649
#, no-wrap
12651
12650
msgid ""
12652
12651
"\n"
12658
12657
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12659
12658
msgstr ""
12660
12659
12661
#: serverguide/C/network-config.xml:382(para)
12660
#: serverguide/C/network-config.xml:386(para)
12662
12661
msgid ""
12663
12662
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12664
12663
"multiple domain names so that DNS queries will be appended in the order in "
12669
12668
"role=\"italic\">dev.example.com</emphasis>."
12670
12669
msgstr ""
12671
12670
12672
#: serverguide/C/network-config.xml:389(para)
12671
#: serverguide/C/network-config.xml:393(para)
12673
12672
msgid ""
12674
12673
"If you have multiple domains you wish to search, your configuration might "
12675
12674
"look like the following:"
12676
12675
msgstr ""
12677
12676
12678
#: serverguide/C/network-config.xml:393(programlisting)
12677
#: serverguide/C/network-config.xml:397(programlisting)
12679
12678
#, no-wrap
12680
12679
msgid ""
12681
12680
"\n"
12687
12686
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12688
12687
msgstr ""
12689
12688
12690
#: serverguide/C/network-config.xml:402(para)
12689
#: serverguide/C/network-config.xml:406(para)
12691
12690
msgid ""
12692
12691
"If you try to ping a host with the name of <emphasis "
12693
12692
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12694
12693
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12695
12694
msgstr ""
12696
12695
12697
#: serverguide/C/network-config.xml:409(para)
12696
#: serverguide/C/network-config.xml:413(para)
12698
12697
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12699
12698
msgstr ""
12700
12699
12701
#: serverguide/C/network-config.xml:414(para)
12700
#: serverguide/C/network-config.xml:418(para)
12702
12701
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12703
12702
msgstr ""
12704
12703
12705
#: serverguide/C/network-config.xml:419(para)
12704
#: serverguide/C/network-config.xml:423(para)
12706
12705
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12707
12706
msgstr ""
12708
12707
12709
#: serverguide/C/network-config.xml:424(para)
12708
#: serverguide/C/network-config.xml:428(para)
12710
12709
msgid ""
12711
12710
"If no matches are found, the DNS server will provide a result of <emphasis "
12712
12711
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12713
12712
msgstr ""
12714
12713
12715
#: serverguide/C/network-config.xml:431(title)
12714
#: serverguide/C/network-config.xml:435(title)
12716
12715
msgid "Static Hostnames"
12717
12716
msgstr ""
12718
12717
12719
#: serverguide/C/network-config.xml:432(para)
12718
#: serverguide/C/network-config.xml:436(para)
12720
12719
msgid ""
12721
12720
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12722
12721
"file <filename>/etc/hosts</filename>. Entries in the "
12728
12727
"conveniently set to use static hostnames instead of DNS."
12729
12728
msgstr ""
12730
12729
12731
#: serverguide/C/network-config.xml:439(para)
12730
#: serverguide/C/network-config.xml:443(para)
12732
12731
msgid ""
12733
12732
"The following is an example of a <filename>hosts</filename> file where a "
12734
12733
"number of local servers have been identified by simple hostnames, aliases "
12735
12734
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12736
12735
msgstr ""
12737
12736
12738
#: serverguide/C/network-config.xml:443(programlisting)
12737
#: serverguide/C/network-config.xml:447(programlisting)
12739
12738
#, no-wrap
12740
12739
msgid ""
12741
12740
"\n"
12747
12746
"10.0.0.14\tserver4 server4.example.com file\n"
12748
12747
msgstr ""
12749
12748
12750
#: serverguide/C/network-config.xml:452(para)
12749
#: serverguide/C/network-config.xml:456(para)
12751
12750
msgid ""
12752
12751
"In the above example, notice that each of the servers have been given "
12753
12752
"aliases in addition to their proper names and FQDN's. <emphasis "
12760
12759
"role=\"italic\">file</emphasis>."
12761
12760
msgstr ""
12762
12761
12763
#: serverguide/C/network-config.xml:464(title)
12762
#: serverguide/C/network-config.xml:468(title)
12764
12763
msgid "Name Service Switch Configuration"
12765
12764
msgstr ""
12766
12765
12767
#: serverguide/C/network-config.xml:465(para)
12766
#: serverguide/C/network-config.xml:469(para)
12768
12767
msgid ""
12769
12768
"The order in which your system selects a method of resolving hostnames to IP "
12770
12769
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12775
12774
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12776
12775
msgstr ""
12777
12776
12778
#: serverguide/C/network-config.xml:473(programlisting)
12777
#: serverguide/C/network-config.xml:477(programlisting)
12779
12778
#, no-wrap
12780
12779
msgid ""
12781
12780
"\n"
12782
12781
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12783
12782
msgstr ""
12784
12783
12785
#: serverguide/C/network-config.xml:479(para)
12784
#: serverguide/C/network-config.xml:483(para)
12786
12785
msgid ""
12787
12786
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12788
12787
"hostnames located in <filename>/etc/hosts</filename>."
12789
12788
msgstr ""
12790
12789
12791
#: serverguide/C/network-config.xml:485(para)
12790
#: serverguide/C/network-config.xml:489(para)
12792
12791
msgid ""
12793
12792
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12794
12793
"name using Multicast DNS."
12795
12794
msgstr ""
12796
12795
12797
#: serverguide/C/network-config.xml:490(para)
12796
#: serverguide/C/network-config.xml:494(para)
12798
12797
msgid ""
12799
12798
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12800
12799
"of <emphasis role=\"italic\">notfound</emphasis> by the preceding <emphasis "
12803
12802
"answer."
12804
12803
msgstr ""
12805
12804
12806
#: serverguide/C/network-config.xml:498(para)
12805
#: serverguide/C/network-config.xml:502(para)
12807
12806
msgid ""
12808
12807
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12809
12808
msgstr ""
12810
12809
12811
#: serverguide/C/network-config.xml:503(para)
12810
#: serverguide/C/network-config.xml:507(para)
12812
12811
msgid ""
12813
12812
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12814
12813
msgstr ""
12815
12814
12816
#: serverguide/C/network-config.xml:509(para)
12815
#: serverguide/C/network-config.xml:513(para)
12817
12816
msgid ""
12818
12817
"To modify the order of the above mentioned name resolution methods, you can "
12819
12818
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12822
12821
"<filename>/etc/nsswitch.conf</filename> as shown below."
12823
12822
msgstr ""
12824
12823
12825
#: serverguide/C/network-config.xml:516(programlisting)
12824
#: serverguide/C/network-config.xml:520(programlisting)
12826
12825
#, no-wrap
12827
12826
msgid ""
12828
12827
"\n"
12829
12828
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12830
12829
msgstr ""
12831
12830
12832
#: serverguide/C/virtualization.xml:694(title) serverguide/C/network-config.xml:523(title)
12831
#: serverguide/C/network-config.xml:527(title)
12833
12832
msgid "Bridging"
12834
12833
msgstr ""
12835
12834
12836
#: serverguide/C/network-config.xml:525(para)
12835
#: serverguide/C/network-config.xml:529(para)
12837
12836
msgid ""
12838
12837
"Bridging multiple interfaces is a more advanced configuration, but is very "
12839
12838
"useful in multiple scenarios. One scenario is setting up a bridge with "
12843
12842
"The following example covers the latter scenario."
12844
12843
msgstr ""
12845
12844
12846
#: serverguide/C/network-config.xml:532(para)
12845
#: serverguide/C/network-config.xml:536(para)
12847
12846
msgid ""
12848
12847
"Before configuring a bridge you will need to install the <application>bridge-"
12849
12848
"utils</application> package. To install the package, in a terminal enter:"
12850
12849
msgstr ""
12851
12850
12852
#: serverguide/C/network-config.xml:541(para)
12851
#: serverguide/C/network-config.xml:545(para)
12853
12852
msgid ""
12854
12853
"Next, configure the bridge by editing "
12855
12854
"<filename>/etc/network/interfaces</filename>:"
12856
12855
msgstr ""
12857
12856
12858
#: serverguide/C/network-config.xml:545(programlisting)
12857
#: serverguide/C/network-config.xml:549(programlisting)
12859
12858
#, no-wrap
12860
12859
msgid ""
12861
12860
"\n"
12876
12875
" bridge_stp off\n"
12877
12876
msgstr ""
12878
12877
12879
#: serverguide/C/network-config.xml:564(para)
12878
#: serverguide/C/network-config.xml:568(para)
12880
12879
msgid "Enter the appropriate values for your physical interface and network."
12881
12880
msgstr ""
12882
12881
12888
12887
msgid "sudo ifup br0"
12889
12888
msgstr ""
12890
12889
12891
#: serverguide/C/network-config.xml:576(para)
12890
#: serverguide/C/network-config.xml:580(para)
12892
12891
msgid ""
12893
12892
"The new bridge interface should now be up and running. The "
12894
12893
"<application>brctl</application> provides useful information about the state "
12896
12895
"<command>man brctl</command> for more information."
12897
12896
msgstr ""
12898
12897
12899
#: serverguide/C/network-config.xml:592(para)
12898
#: serverguide/C/network-config.xml:596(para)
12900
12899
msgid ""
12901
12900
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12902
12901
"Network page</ulink> has links to articles covering more advanced network "
12903
12902
"configuration."
12904
12903
msgstr ""
12905
12904
12906
#: serverguide/C/network-config.xml:598(para)
12905
#: serverguide/C/network-config.xml:602(para)
12907
12906
msgid ""
12908
12907
"The <ulink "
12909
12908
"url=\"http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html\">resolvconf"
12910
12909
" man page</ulink> has more information on resolvconf."
12911
12910
msgstr ""
12912
12911
12913
#: serverguide/C/network-config.xml:604(para)
12912
#: serverguide/C/network-config.xml:608(para)
12914
12913
msgid ""
12915
12914
"The <ulink "
12916
12915
"url=\"http://manpages.ubuntu.com/manpages/man5/interfaces.5.html\">interfaces"
12918
12917
"<filename>/etc/network/interfaces</filename>."
12919
12918
msgstr ""
12920
12919
12921
#: serverguide/C/network-config.xml:610(para)
12920
#: serverguide/C/network-config.xml:614(para)
12922
12921
msgid ""
12923
12922
"The <ulink "
12924
12923
"url=\"http://manpages.ubuntu.com/manpages/man8/dhclient.8.html\">dhclient "
12926
12925
"settings."
12927
12926
msgstr ""
12928
12927
12929
#: serverguide/C/network-config.xml:616(para)
12928
#: serverguide/C/network-config.xml:620(para)
12930
12929
msgid ""
12931
12930
"For more information on DNS client configuration see the <ulink "
12932
12931
"url=\"http://manpages.ubuntu.com/manpages/man5/resolver.5.html\">resolver "
12945
12944
"\">Networking-Bridge</ulink> page."
12946
12945
msgstr ""
12947
12946
12948
#: serverguide/C/network-config.xml:635(title)
12947
#: serverguide/C/network-config.xml:639(title)
12949
12948
msgid "TCP/IP"
12950
12949
msgstr ""
12951
12950
12952
#: serverguide/C/network-config.xml:636(para)
12951
#: serverguide/C/network-config.xml:640(para)
12953
12952
msgid ""
12954
12953
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12955
12954
"standard set of protocols developed in the late 1970s by the Defense "
12959
12958
"network protocols on Earth."
12960
12959
msgstr ""
12961
12960
12962
#: serverguide/C/network-config.xml:644(title)
12961
#: serverguide/C/network-config.xml:648(title)
12963
12962
msgid "TCP/IP Introduction"
12964
12963
msgstr ""
12965
12964
12966
#: serverguide/C/network-config.xml:645(para)
12965
#: serverguide/C/network-config.xml:649(para)
12967
12966
msgid ""
12968
12967
"The two protocol components of TCP/IP deal with different aspects of "
12969
12968
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12978
12977
"host."
12979
12978
msgstr ""
12980
12979
12981
#: serverguide/C/network-config.xml:658(title)
12980
#: serverguide/C/network-config.xml:662(title)
12982
12981
msgid "TCP/IP Configuration"
12983
12982
msgstr ""
12984
12983
12985
#: serverguide/C/network-config.xml:659(para)
12984
#: serverguide/C/network-config.xml:663(para)
12986
12985
msgid ""
12987
12986
"The TCP/IP protocol configuration consists of several elements which must be "
12988
12987
"set by editing the appropriate configuration files, or deploying solutions "
12993
12992
"system."
12994
12993
msgstr ""
12995
12994
12996
#: serverguide/C/network-config.xml:671(para)
12995
#: serverguide/C/network-config.xml:675(para)
12997
12996
msgid ""
12998
12997
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12999
12998
"identifying string expressed as four decimal numbers ranging from zero (0) "
13003
13002
"<emphasis>dotted quad notation</emphasis>."
13004
13003
msgstr ""
13005
13004
13006
#: serverguide/C/network-config.xml:681(para)
13005
#: serverguide/C/network-config.xml:685(para)
13007
13006
msgid ""
13008
13007
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
13009
13008
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
13014
13013
"remain available for specifying hosts on the subnetwork."
13015
13014
msgstr ""
13016
13015
13017
#: serverguide/C/network-config.xml:692(para)
13016
#: serverguide/C/network-config.xml:696(para)
13018
13017
msgid ""
13019
13018
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
13020
13019
"represents the bytes comprising the network portion of an IP address. For "
13027
13026
"network and a zero (0) for all the possible hosts on the network."
13028
13027
msgstr ""
13029
13028
13030
#: serverguide/C/network-config.xml:705(para)
13029
#: serverguide/C/network-config.xml:709(para)
13031
13030
msgid ""
13032
13031
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
13033
13032
"is an IP address which allows network data to be sent simultaneously to all "
13041
13040
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
13042
13041
msgstr ""
13043
13042
13044
#: serverguide/C/network-config.xml:718(para)
13043
#: serverguide/C/network-config.xml:722(para)
13045
13044
msgid ""
13046
13045
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
13047
13046
"IP address through which a particular network, or host on a network, may be "
13054
13053
"not be able to reach any hosts beyond those on the same network."
13055
13054
msgstr ""
13056
13055
13057
#: serverguide/C/network-config.xml:729(para)
13056
#: serverguide/C/network-config.xml:733(para)
13058
13057
msgid ""
13059
13058
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
13060
13059
"represent the IP addresses of Domain Name Service (DNS) systems, which "
13080
13079
"command typed at a terminal prompt:"
13081
13080
msgstr ""
13082
13081
13083
#: serverguide/C/network-config.xml:750(para)
13082
#: serverguide/C/network-config.xml:754(para)
13084
13083
msgid ""
13085
13084
"Access the system manual page for <filename>interfaces</filename> with the "
13086
13085
"following command:"
13087
13086
msgstr ""
13088
13087
13089
#: serverguide/C/network-config.xml:755(command)
13088
#: serverguide/C/network-config.xml:759(command)
13090
13089
msgid "man interfaces"
13091
13090
msgstr ""
13092
13091
13093
#: serverguide/C/network-config.xml:667(para)
13092
#: serverguide/C/network-config.xml:671(para)
13094
13093
msgid ""
13095
13094
"The common configuration elements of TCP/IP and their purposes are as "
13096
13095
"follows: <placeholder-1/>"
13097
13096
msgstr ""
13098
13097
13099
#: serverguide/C/network-config.xml:771(title)
13098
#: serverguide/C/network-config.xml:767(title)
13100
13099
msgid "IP Routing"
13101
13100
msgstr ""
13102
13101
13103
#: serverguide/C/network-config.xml:772(para)
13102
#: serverguide/C/network-config.xml:768(para)
13104
13103
msgid ""
13105
13104
"IP routing is a means of specifying and discovering paths in a TCP/IP "
13106
13105
"network along which network data may be sent. Routing uses a set of "
13111
13110
"<emphasis>Dynamic Routing.</emphasis>"
13112
13111
msgstr ""
13113
13112
13114
#: serverguide/C/network-config.xml:781(para)
13113
#: serverguide/C/network-config.xml:777(para)
13115
13114
msgid ""
13116
13115
"Static routing involves manually adding IP routes to the system's routing "
13117
13116
"table, and this is usually done by manipulating the routing table with the "
13126
13125
"and failures along the route due to the fixed nature of the route."
13127
13126
msgstr ""
13128
13127
13129
#: serverguide/C/network-config.xml:791(para)
13128
#: serverguide/C/network-config.xml:787(para)
13130
13129
msgid ""
13131
13130
"Dynamic routing depends on large networks with multiple possible IP routes "
13132
13131
"from a source to a destination and makes use of special routing protocols, "
13143
13142
"immediately benefit the end users, but still consumes network bandwidth."
13144
13143
msgstr ""
13145
13144
13146
#: serverguide/C/network-config.xml:805(title)
13145
#: serverguide/C/network-config.xml:801(title)
13147
13146
msgid "TCP and UDP"
13148
13147
msgstr ""
13149
13148
13150
#: serverguide/C/network-config.xml:806(para)
13149
#: serverguide/C/network-config.xml:802(para)
13151
13150
msgid ""
13152
13151
"TCP is a connection-based protocol, offering error correction and guaranteed "
13153
13152
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
13158
13157
"important information such as database transactions."
13159
13158
msgstr ""
13160
13159
13161
#: serverguide/C/network-config.xml:814(para)
13160
#: serverguide/C/network-config.xml:810(para)
13162
13161
msgid ""
13163
13162
"The User Datagram Protocol (UDP), on the other hand, is a "
13164
13163
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
13169
13168
"loss of a few packets is not generally catastrophic."
13170
13169
msgstr ""
13171
13170
13172
#: serverguide/C/network-config.xml:824(title)
13171
#: serverguide/C/network-config.xml:820(title)
13173
13172
msgid "ICMP"
13174
13173
msgstr ""
13175
13174
13176
#: serverguide/C/network-config.xml:825(para)
13175
#: serverguide/C/network-config.xml:821(para)
13177
13176
msgid ""
13178
13177
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
13179
13178
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
13186
13185
"<emphasis>Time Exceeded</emphasis>."
13187
13186
msgstr ""
13188
13187
13189
#: serverguide/C/network-config.xml:835(title)
13188
#: serverguide/C/network-config.xml:831(title)
13190
13189
msgid "Daemons"
13191
13190
msgstr ""
13192
13191
13193
#: serverguide/C/network-config.xml:836(para)
13192
#: serverguide/C/network-config.xml:832(para)
13194
13193
msgid ""
13195
13194
"Daemons are special system applications which typically execute continuously "
13196
13195
"in the background and await requests for the functions they provide from "
13213
13212
"that contain more useful information."
13214
13213
msgstr ""
13215
13214
13216
#: serverguide/C/network-config.xml:857(para)
13215
#: serverguide/C/network-config.xml:853(para)
13217
13216
msgid ""
13218
13217
"Also, see the <ulink "
13219
13218
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
13220
13219
"and Technical Overview</ulink> IBM Redbook."
13221
13220
msgstr ""
13222
13221
13223
#: serverguide/C/network-config.xml:863(para)
13222
#: serverguide/C/network-config.xml:859(para)
13224
13223
msgid ""
13225
13224
"Another resource is O'Reilly's <ulink "
13226
13225
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
13227
13226
"Administration</ulink>."
13228
13227
msgstr ""
13229
13228
13230
#: serverguide/C/network-config.xml:872(title)
13229
#: serverguide/C/network-config.xml:868(title)
13231
13230
msgid "Dynamic Host Configuration Protocol (DHCP)"
13232
13231
msgstr ""
13233
13232
13234
#: serverguide/C/network-config.xml:873(para)
13233
#: serverguide/C/network-config.xml:869(para)
13235
13234
msgid ""
13236
13235
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
13237
13236
"enables host computers to be automatically assigned settings from a server "
13240
13239
"DHCP server, and the configuration is transparent to the computer's user."
13241
13240
msgstr ""
13242
13241
13243
#: serverguide/C/network-config.xml:880(para)
13242
#: serverguide/C/network-config.xml:876(para)
13244
13243
msgid ""
13245
13244
"The most common settings provided by a DHCP server to DHCP clients include:"
13246
13245
msgstr ""
13247
13246
13248
#: serverguide/C/network-config.xml:885(para)
13247
#: serverguide/C/network-config.xml:881(para)
13249
13248
msgid "IP address and netmask"
13250
13249
msgstr ""
13251
13250
13252
#: serverguide/C/network-config.xml:888(para)
13251
#: serverguide/C/network-config.xml:884(para)
13253
13252
msgid "IP address of the default-gateway to use"
13254
13253
msgstr ""
13255
13254
13256
#: serverguide/C/network-config.xml:891(para)
13255
#: serverguide/C/network-config.xml:887(para)
13257
13256
msgid "IP adresses of the DNS servers to use"
13258
13257
msgstr ""
13259
13258
13260
#: serverguide/C/network-config.xml:894(para)
13259
#: serverguide/C/network-config.xml:890(para)
13261
13260
msgid ""
13262
13261
"However, a DHCP server can also supply configuration properties such as:"
13263
13262
msgstr ""
13264
13263
13265
#: serverguide/C/network-config.xml:899(para)
13264
#: serverguide/C/network-config.xml:895(para)
13266
13265
msgid "Host Name"
13267
13266
msgstr ""
13268
13267
13269
#: serverguide/C/network-config.xml:902(para)
13268
#: serverguide/C/network-config.xml:898(para)
13270
13269
msgid "Domain Name"
13271
13270
msgstr ""
13272
13271
13273
#: serverguide/C/network-config.xml:905(para)
13272
#: serverguide/C/network-config.xml:901(para)
13274
13273
msgid "Time Server"
13275
13274
msgstr ""
13276
13275
13277
#: serverguide/C/network-config.xml:911(para)
13276
#: serverguide/C/network-config.xml:907(para)
13278
13277
msgid ""
13279
13278
"The advantage of using DHCP is that changes to the network, for example a "
13280
13279
"change in the address of the DNS server, need only be changed at the DHCP "
13285
13284
"also reduced."
13286
13285
msgstr ""
13287
13286
13288
#: serverguide/C/network-config.xml:919(para)
13287
#: serverguide/C/network-config.xml:915(para)
13289
13288
msgid ""
13290
13289
"A DHCP server can provide configuration settings using the following methods:"
13291
13290
msgstr ""
13292
13291
13293
#: serverguide/C/network-config.xml:924(term)
13292
#: serverguide/C/network-config.xml:920(term)
13294
13293
msgid "Manual allocation (MAC address)"
13295
13294
msgstr ""
13296
13295
13297
#: serverguide/C/network-config.xml:926(para)
13296
#: serverguide/C/network-config.xml:922(para)
13298
13297
msgid ""
13299
13298
"This method entails using DHCP to identify the unique hardware address of "
13300
13299
"each network card connected to the network and then continually supplying a "
13303
13302
"assigned automatically to that network card, based on it's MAC address."
13304
13303
msgstr ""
13305
13304
13306
#: serverguide/C/network-config.xml:937(term)
13305
#: serverguide/C/network-config.xml:933(term)
13307
13306
msgid "Dynamic allocation (address pool)"
13308
13307
msgstr ""
13309
13308
13321
13320
"renegociate the lease with the server to maintain use of the address."
13322
13321
msgstr ""
13323
13322
13324
#: serverguide/C/network-config.xml:952(term)
13323
#: serverguide/C/network-config.xml:949(term)
13325
13324
msgid "Automatic allocation"
13326
13325
msgstr ""
13327
13326
13328
#: serverguide/C/network-config.xml:954(para)
13327
#: serverguide/C/network-config.xml:951(para)
13329
13328
msgid ""
13330
13329
"Using this method, the DHCP automatically assigns an IP address permanently "
13331
13330
"to a device, selecting it from a pool of available addresses. Usually DHCP "
13347
13346
"and configure and will be automatically started at system boot."
13348
13347
msgstr ""
13349
13348
13350
#: serverguide/C/network-config.xml:976(para)
13349
#: serverguide/C/network-config.xml:974(para)
13351
13350
msgid ""
13352
13351
"At a terminal prompt, enter the following command to install "
13353
13352
"<application>dhcpd</application>:"
13354
13353
msgstr ""
13355
13354
13356
#: serverguide/C/network-config.xml:981(command)
13355
#: serverguide/C/network-config.xml:979(command)
13357
13356
msgid "sudo apt-get install isc-dhcp-server"
13358
13357
msgstr ""
13359
13358
13360
#: serverguide/C/network-config.xml:983(para)
13359
#: serverguide/C/network-config.xml:981(para)
13361
13360
msgid ""
13362
13361
"You will probably need to change the default configuration by editing "
13363
13362
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13364
13363
msgstr ""
13365
13364
13366
#: serverguide/C/network-config.xml:987(para)
13365
#: serverguide/C/network-config.xml:985(para)
13367
13366
msgid ""
13368
13367
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13369
13368
"interfaces dhcpd should listen to."
13370
13369
msgstr ""
13371
13370
13372
#: serverguide/C/network-config.xml:991(para)
13371
#: serverguide/C/network-config.xml:989(para)
13373
13372
msgid ""
13374
13373
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13375
13374
"messages."
13376
13375
msgstr ""
13377
13376
13378
#: serverguide/C/network-config.xml:998(para)
13377
#: serverguide/C/network-config.xml:996(para)
13379
13378
msgid ""
13380
13379
"The error message the installation ends with might be a little confusing, "
13381
13380
"but the following steps will help you configure the service:"
13382
13381
msgstr ""
13383
13382
13384
#: serverguide/C/network-config.xml:1002(para)
13383
#: serverguide/C/network-config.xml:1000(para)
13385
13384
msgid ""
13386
13385
"Most commonly, what you want to do is assign an IP address randomly. This "
13387
13386
"can be done with settings as follows:"
13388
13387
msgstr ""
13389
13388
13390
#: serverguide/C/network-config.xml:1006(programlisting)
13389
#: serverguide/C/network-config.xml:1004(programlisting)
13391
13390
#, no-wrap
13392
13391
msgid ""
13393
13392
"\n"
13403
13402
"} \n"
13404
13403
msgstr ""
13405
13404
13406
#: serverguide/C/network-config.xml:1018(para)
13405
#: serverguide/C/network-config.xml:1016(para)
13407
13406
msgid ""
13408
13407
"This will result in the DHCP server giving clients an IP address from the "
13409
13408
"range 192.168.1.150-192.168.1.200. It will lease an IP address for 600 "
13413
13412
"192.168.1.1 and 192.168.1.2 as its DNS servers."
13414
13413
msgstr ""
13415
13414
13416
#: serverguide/C/network-config.xml:1026(para)
13415
#: serverguide/C/network-config.xml:1024(para)
13417
13416
msgid ""
13418
13417
"After changing the config file you have to restart the "
13419
13418
"<application>dhcpd</application>:"
13423
13422
msgid "sudo service isc-dhcp-server restart"
13424
13423
msgstr ""
13425
13424
13426
#: serverguide/C/network-config.xml:1039(para)
13425
#: serverguide/C/network-config.xml:1037(para)
13427
13426
msgid ""
13428
13427
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
13429
13428
"server Ubuntu Wiki</ulink> page has more information."
13436
13435
"dhcpd.conf man page</ulink>."
13437
13436
msgstr ""
13438
13437
13439
#: serverguide/C/network-config.xml:1051(ulink)
13438
#: serverguide/C/network-config.xml:1049(ulink)
13440
13439
msgid "ISC dhcp-server"
13441
13440
msgstr ""
13442
13441
13443
#: serverguide/C/network-config.xml:1060(title)
13442
#: serverguide/C/network-config.xml:1058(title)
13444
13443
msgid "Time Synchronisation with NTP"
13445
13444
msgstr ""
13446
13445
13447
#: serverguide/C/network-config.xml:1061(para)
13446
#: serverguide/C/network-config.xml:1059(para)
13448
13447
msgid ""
13449
13448
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
13450
13449
"client requests the current time from a server, and uses it to set its own "
13451
13450
"clock."
13452
13451
msgstr ""
13453
13452
13454
#: serverguide/C/network-config.xml:1064(para)
13453
#: serverguide/C/network-config.xml:1062(para)
13455
13454
msgid ""
13456
13455
"Behind this simple description, there is a lot of complexity - there are "
13457
13456
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
13463
13462
"from you!"
13464
13463
msgstr ""
13465
13464
13466
#: serverguide/C/network-config.xml:1067(para)
13465
#: serverguide/C/network-config.xml:1065(para)
13467
13466
msgid "Ubuntu uses ntpdate and ntpd."
13468
13467
msgstr ""
13469
13468
13470
#: serverguide/C/network-config.xml:1072(title)
13469
#: serverguide/C/network-config.xml:1070(title)
13471
13470
msgid "ntpdate"
13472
13471
msgstr ""
13473
13472
13474
#: serverguide/C/network-config.xml:1073(para)
13473
#: serverguide/C/network-config.xml:1071(para)
13475
13474
msgid ""
13476
13475
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
13477
13476
"set up your time according to Ubuntu's NTP server."
13478
13477
msgstr ""
13479
13478
13480
#: serverguide/C/network-config.xml:1076(programlisting)
13479
#: serverguide/C/network-config.xml:1074(programlisting)
13481
13480
#, no-wrap
13482
13481
msgid ""
13483
13482
"\n"
13484
13483
"ntpdate -s ntp.ubuntu.com\n"
13485
13484
msgstr ""
13486
13485
13487
#: serverguide/C/network-config.xml:1082(title)
13486
#: serverguide/C/network-config.xml:1080(title)
13488
13487
msgid "ntpd"
13489
13488
msgstr ""
13490
13489
13491
#: serverguide/C/network-config.xml:1083(para)
13490
#: serverguide/C/network-config.xml:1081(para)
13492
13491
msgid ""
13493
13492
"The ntp daemon ntpd calculates the drift of your system clock and "
13494
13493
"continuously adjusts it, so there are no large corrections that could lead "
13496
13495
"memory, but for a modern server this is negligible."
13497
13496
msgstr ""
13498
13497
13499
#: serverguide/C/network-config.xml:1090(para)
13498
#: serverguide/C/network-config.xml:1088(para)
13500
13499
msgid "To install ntpd, from a terminal prompt enter:"
13501
13500
msgstr ""
13502
13501
13503
#: serverguide/C/virtualization.xml:2195(command) serverguide/C/network-config.xml:1095(command)
13502
#: serverguide/C/network-config.xml:1093(command)
13504
13503
msgid "sudo apt-get install ntp"
13505
13504
msgstr ""
13506
13505
13507
#: serverguide/C/network-config.xml:1102(para)
13506
#: serverguide/C/network-config.xml:1100(para)
13508
13507
msgid ""
13509
13508
"Edit <filename>/etc/ntp.conf</filename> to add/remove server lines. By "
13510
13509
"default these servers are configured:"
13511
13510
msgstr ""
13512
13511
13513
#: serverguide/C/network-config.xml:1107(programlisting)
13512
#: serverguide/C/network-config.xml:1105(programlisting)
13514
13513
#, no-wrap
13515
13514
msgid ""
13516
13515
"\n"
13523
13522
"server 3.ubuntu.pool.ntp.org\n"
13524
13523
msgstr ""
13525
13524
13526
#: serverguide/C/network-config.xml:1117(para)
13525
#: serverguide/C/network-config.xml:1115(para)
13527
13526
msgid ""
13528
13527
"After changing the config file you have to reload the "
13529
13528
"<application>ntpd</application>:"
13533
13532
msgid "sudo service ntp reload"
13534
13533
msgstr ""
13535
13534
13536
#: serverguide/C/network-config.xml:1126(title)
13535
#: serverguide/C/network-config.xml:1124(title)
13537
13536
msgid "View status"
13538
13537
msgstr ""
13539
13538
13541
13540
msgid "Use ntpq to see more info:"
13542
13541
msgstr ""
13543
13542
13544
#: serverguide/C/network-config.xml:1131(command)
13543
#: serverguide/C/network-config.xml:1129(command)
13545
13544
msgid "# sudo ntpq -p"
13546
13545
msgstr ""
13547
13546
13548
#: serverguide/C/network-config.xml:1132(computeroutput)
13547
#: serverguide/C/network-config.xml:1130(computeroutput)
13549
13548
#, no-wrap
13550
13549
msgid ""
13551
13550
" remote refid st t when poll reach delay offset "
13564
13563
"92.792"
13565
13564
msgstr ""
13566
13565
13567
#: serverguide/C/network-config.xml:1147(para)
13566
#: serverguide/C/network-config.xml:1145(para)
13568
13567
msgid ""
13569
13568
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
13570
13569
"Time</ulink> wiki page for more information."
13571
13570
msgstr ""
13572
13571
13573
#: serverguide/C/network-config.xml:1153(ulink)
13572
#: serverguide/C/network-config.xml:1151(ulink)
13574
13573
msgid "ntp.org, home of the Network Time Protocol project"
13575
13574
msgstr ""
13576
13575
13592
13591
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13593
13592
"querying and modifying a X.500-based directory service running over TCP/IP. "
13594
13593
"The current LDAP version is LDAPv3, as defined in <ulink "
13595
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13596
"implementation used in Ubuntu is from OpenLDAP."
13594
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13595
"implementation in Ubuntu is OpenLDAP.\""
13597
13596
msgstr ""
13598
13597
13599
#: serverguide/C/network-auth.xml:27(para)
13598
#: serverguide/C/network-auth.xml:29(para)
13600
13599
msgid ""
13601
13600
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13602
13601
"and terms:"
13603
13602
msgstr ""
13604
13603
13605
#: serverguide/C/network-auth.xml:34(para)
13604
#: serverguide/C/network-auth.xml:36(para)
13606
13605
msgid ""
13607
13606
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13608
13607
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13609
13608
msgstr ""
13610
13609
13611
#: serverguide/C/network-auth.xml:41(para)
13610
#: serverguide/C/network-auth.xml:43(para)
13612
13611
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13613
13612
msgstr ""
13614
13613
13615
#: serverguide/C/network-auth.xml:47(para)
13614
#: serverguide/C/network-auth.xml:49(para)
13616
13615
msgid ""
13617
13616
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13618
13617
"more <emphasis>values</emphasis>."
13619
13618
msgstr ""
13620
13619
13621
#: serverguide/C/network-auth.xml:53(para)
13620
#: serverguide/C/network-auth.xml:55(para)
13622
13621
msgid ""
13623
13622
"Every attribute must be defined in at least one "
13624
13623
"<emphasis>objectClass</emphasis>."
13625
13624
msgstr ""
13626
13625
13627
#: serverguide/C/network-auth.xml:59(para)
13626
#: serverguide/C/network-auth.xml:61(para)
13628
13627
msgid ""
13629
13628
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13630
13629
"objectclass is actually considered as a special kind of attribute)."
13631
13630
msgstr ""
13632
13631
13633
#: serverguide/C/network-auth.xml:66(para)
13632
#: serverguide/C/network-auth.xml:68(para)
13634
13633
msgid ""
13635
13634
"Each entry has a unique identifier: its <emphasis>Distinguished "
13636
13635
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13637
13636
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13638
13637
msgstr ""
13639
13638
13640
#: serverguide/C/network-auth.xml:73(para)
13639
#: serverguide/C/network-auth.xml:75(para)
13641
13640
msgid ""
13642
13641
"The entry's DN is not an attribute. It is not considered part of the entry "
13643
13642
"itself."
13644
13643
msgstr ""
13645
13644
13646
#: serverguide/C/network-auth.xml:81(para)
13645
#: serverguide/C/network-auth.xml:83(para)
13647
13646
msgid ""
13648
13647
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13649
13648
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13651
13650
"term."
13652
13651
msgstr ""
13653
13652
13654
#: serverguide/C/network-auth.xml:87(para)
13653
#: serverguide/C/network-auth.xml:89(para)
13655
13654
msgid ""
13656
13655
"For example, below we have a single entry consisting of 11 attributes where "
13657
13656
"the following is true:"
13658
13657
msgstr ""
13659
13658
13660
#: serverguide/C/network-auth.xml:94(para)
13659
#: serverguide/C/network-auth.xml:96(para)
13661
13660
msgid "DN is \"cn=John Doe,dc=example,dc=com\""
13662
13661
msgstr ""
13663
13662
13664
#: serverguide/C/network-auth.xml:100(para)
13663
#: serverguide/C/network-auth.xml:102(para)
13665
13664
msgid "RDN is \"cn=John Doe\""
13666
13665
msgstr ""
13667
13666
13668
#: serverguide/C/network-auth.xml:106(para)
13667
#: serverguide/C/network-auth.xml:108(para)
13669
13668
msgid "parent DN is \"dc=example,dc=com\""
13670
13669
msgstr ""
13671
13670
13672
#: serverguide/C/network-auth.xml:113(programlisting)
13671
#: serverguide/C/network-auth.xml:115(programlisting)
13673
13672
#, no-wrap
13674
13673
msgid ""
13675
13674
"\n"
13687
13686
" objectClass: top\n"
13688
13687
msgstr ""
13689
13688
13690
#: serverguide/C/network-auth.xml:128(para)
13689
#: serverguide/C/network-auth.xml:130(para)
13691
13690
msgid ""
13692
13691
"The above entry is in <emphasis>LDIF</emphasis> format (LDAP Data "
13693
13692
"Interchange Format). Any information that you feed into your DIT must also "
13695
13694
"url=\"http://tools.ietf.org/html/rfc2849\">RFC2849</ulink>."
13696
13695
msgstr ""
13697
13696
13698
#: serverguide/C/network-auth.xml:133(para)
13697
#: serverguide/C/network-auth.xml:135(para)
13699
13698
msgid ""
13700
13699
"Although this guide will describe how to use it for central authentication, "
13701
13700
"LDAP is good for anything that involves a large number of access requests to "
13703
13702
"address book, a list of email addresses, and a mail server's configuration."
13704
13703
msgstr ""
13705
13704
13706
#: serverguide/C/network-auth.xml:142(para)
13705
#: serverguide/C/network-auth.xml:144(para)
13707
13706
msgid ""
13708
13707
"Install the OpenLDAP server daemon and the traditional LDAP management "
13709
13708
"utilities. These are found in packages <application>slapd</application> and "
13710
13709
"<application>ldap-utils</application> respectively."
13711
13710
msgstr ""
13712
13711
13713
#: serverguide/C/network-auth.xml:147(para)
13712
#: serverguide/C/network-auth.xml:149(para)
13714
13713
msgid ""
13715
13714
"The installation of slapd will create a working configuration. In "
13716
13715
"particular, it will create a database instance that you can use to store "
13722
13721
"a line similar to this:"
13723
13722
msgstr ""
13724
13723
13725
#: serverguide/C/network-auth.xml:155(programlisting)
13724
#: serverguide/C/network-auth.xml:157(programlisting)
13726
13725
#, no-wrap
13727
13726
msgid ""
13728
13727
"\n"
13729
13728
"127.0.1.1 hostname.example.com\thostname\n"
13730
13729
msgstr ""
13731
13730
13732
#: serverguide/C/network-auth.xml:159(para)
13731
#: serverguide/C/network-auth.xml:161(para)
13733
13732
msgid "You can revert the change after package installation."
13734
13733
msgstr ""
13735
13734
13736
#: serverguide/C/network-auth.xml:164(para)
13735
#: serverguide/C/network-auth.xml:166(para)
13737
13736
msgid ""
13738
13737
"This guide will use a database suffix of "
13739
13738
"<emphasis>dc=example,dc=com</emphasis>."
13740
13739
msgstr ""
13741
13740
13742
#: serverguide/C/network-auth.xml:169(para)
13741
#: serverguide/C/network-auth.xml:171(para)
13743
13742
msgid "Proceed with the install:"
13744
13743
msgstr ""
13745
13744
13746
#: serverguide/C/network-auth.xml:174(command)
13745
#: serverguide/C/network-auth.xml:176(command)
13747
13746
msgid "sudo apt-get install slapd ldap-utils"
13748
13747
msgstr ""
13749
13748
13750
#: serverguide/C/network-auth.xml:177(para)
13749
#: serverguide/C/network-auth.xml:179(para)
13751
13750
msgid ""
13752
13751
"Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by "
13753
13752
"dedicating a separate DIT for that purpose. This allows one to dynamically "
13760
13759
"will be eventually phased out."
13761
13760
msgstr ""
13762
13761
13763
#: serverguide/C/network-auth.xml:186(para)
13762
#: serverguide/C/network-auth.xml:188(para)
13764
13763
msgid ""
13765
13764
"Ubuntu now uses the <emphasis>slapd-config</emphasis> method for slapd "
13766
13765
"configuration and this guide reflects that."
13767
13766
msgstr ""
13768
13767
13769
#: serverguide/C/network-auth.xml:192(para)
13768
#: serverguide/C/network-auth.xml:194(para)
13770
13769
msgid ""
13771
13770
"During the install you were prompted to define administrative credentials. "
13772
13771
"These are LDAP-based credentials for the <emphasis>rootDN</emphasis> of your "
13777
13776
"will see how to do this later on."
13778
13777
msgstr ""
13779
13778
13780
#: serverguide/C/network-auth.xml:199(para)
13779
#: serverguide/C/network-auth.xml:201(para)
13781
13780
msgid ""
13782
13781
"Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd "
13783
13782
"nowadays. There is also an included \"core\" schema, a pre-requisite for any "
13784
13783
"schema to work."
13785
13784
msgstr ""
13786
13785
13787
#: serverguide/C/network-auth.xml:207(title)
13786
#: serverguide/C/network-auth.xml:209(title)
13788
13787
msgid "Post-install Inspection"
13789
13788
msgstr ""
13790
13789
13791
#: serverguide/C/network-auth.xml:209(para)
13790
#: serverguide/C/network-auth.xml:211(para)
13792
13791
msgid ""
13793
13792
"The installation process set up 2 DITs. One for slapd-config and one for "
13794
13793
"your own data (dc=example,dc=com). Let's take a look."
13795
13794
msgstr ""
13796
13795
13797
#: serverguide/C/network-auth.xml:216(para)
13796
#: serverguide/C/network-auth.xml:218(para)
13798
13797
msgid ""
13799
13798
"This is what the slapd-config database/DIT looks like. Recall that this "
13800
13799
"database is LDIF-based and lives under "
13801
13800
"<filename>/etc/ldap/slapd.d</filename>:"
13802
13801
msgstr ""
13803
13802
13804
#: serverguide/C/network-auth.xml:222(computeroutput)
13803
#: serverguide/C/network-auth.xml:224(computeroutput)
13805
13804
#, no-wrap
13806
13805
msgid ""
13807
13806
"\n"
13821
13820
" /etc/ldap/slapd.d/cn=config.ldif\n"
13822
13821
msgstr ""
13823
13822
13824
#: serverguide/C/network-auth.xml:242(para)
13823
#: serverguide/C/network-auth.xml:243(para)
13825
13824
msgid ""
13826
13825
"Do not edit the slapd-config database directly. Make changes via the LDAP "
13827
13826
"protocol (utilities)."
13828
13827
msgstr ""
13829
13828
13830
#: serverguide/C/network-auth.xml:250(para)
13829
#: serverguide/C/network-auth.xml:251(para)
13831
13830
msgid "This is what the slapd-config DIT looks like via the LDAP protocol:"
13832
13831
msgstr ""
13833
13832
13834
#: serverguide/C/network-auth.xml:254(para)
13833
#: serverguide/C/network-auth.xml:256(para)
13835
13834
msgid ""
13836
13835
"On Ubuntu server 14.10, and possibly higher, the following command may not "
13837
13836
"work due to a <ulink "
13839
13838
"ulink>"
13840
13839
msgstr ""
13841
13840
13842
#: serverguide/C/network-auth.xml:255(command)
13841
#: serverguide/C/network-auth.xml:262(command)
13843
13842
msgid "sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13844
13843
msgstr ""
13845
13844
13846
#: serverguide/C/network-auth.xml:256(computeroutput)
13845
#: serverguide/C/network-auth.xml:263(computeroutput)
13847
13846
#, no-wrap
13848
13847
msgid ""
13849
13848
"\n"
13870
13869
"dn: olcDatabase={1}hdb,cn=config\n"
13871
13870
msgstr ""
13872
13871
13873
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13872
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13874
13873
msgid "Explanation of entries:"
13875
13874
msgstr ""
13876
13875
13877
#: serverguide/C/network-auth.xml:288(para)
13876
#: serverguide/C/network-auth.xml:295(para)
13878
13877
msgid "<emphasis>cn=config</emphasis>: global settings"
13879
13878
msgstr ""
13880
13879
13881
#: serverguide/C/network-auth.xml:294(para)
13880
#: serverguide/C/network-auth.xml:301(para)
13882
13881
msgid ""
13883
13882
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13884
13883
msgstr ""
13885
13884
13886
#: serverguide/C/network-auth.xml:300(para)
13885
#: serverguide/C/network-auth.xml:307(para)
13887
13886
msgid ""
13888
13887
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13889
13888
"schema"
13890
13889
msgstr ""
13891
13890
13892
#: serverguide/C/network-auth.xml:306(para)
13891
#: serverguide/C/network-auth.xml:313(para)
13893
13892
msgid ""
13894
13893
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13895
13894
"schema"
13896
13895
msgstr ""
13897
13896
13898
#: serverguide/C/network-auth.xml:312(para)
13897
#: serverguide/C/network-auth.xml:319(para)
13899
13898
msgid ""
13900
13899
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13901
13900
msgstr ""
13902
13901
13903
#: serverguide/C/network-auth.xml:318(para)
13902
#: serverguide/C/network-auth.xml:325(para)
13904
13903
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13905
13904
msgstr ""
13906
13905
13907
#: serverguide/C/network-auth.xml:324(para)
13906
#: serverguide/C/network-auth.xml:331(para)
13908
13907
msgid ""
13909
13908
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13910
13909
"inetorgperson schema"
13911
13910
msgstr ""
13912
13911
13913
#: serverguide/C/network-auth.xml:330(para)
13912
#: serverguide/C/network-auth.xml:337(para)
13914
13913
msgid ""
13915
13914
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13916
13915
"type"
13917
13916
msgstr ""
13918
13917
13919
#: serverguide/C/network-auth.xml:336(para)
13918
#: serverguide/C/network-auth.xml:343(para)
13920
13919
msgid ""
13921
13920
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13922
13921
"default settings for other databases"
13923
13922
msgstr ""
13924
13923
13925
#: serverguide/C/network-auth.xml:342(para)
13924
#: serverguide/C/network-auth.xml:349(para)
13926
13925
msgid ""
13927
13926
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13928
13927
"database (cn=config)"
13929
13928
msgstr ""
13930
13929
13931
#: serverguide/C/network-auth.xml:348(para)
13930
#: serverguide/C/network-auth.xml:355(para)
13932
13931
msgid ""
13933
13932
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13934
13933
"(dc=examle,dc=com)"
13935
13934
msgstr ""
13936
13935
13937
#: serverguide/C/network-auth.xml:359(para)
13936
#: serverguide/C/network-auth.xml:366(para)
13938
13937
msgid "This is what the dc=example,dc=com DIT looks like:"
13939
13938
msgstr ""
13940
13939
13941
#: serverguide/C/network-auth.xml:364(command)
13940
#: serverguide/C/network-auth.xml:371(command)
13942
13941
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13943
13942
msgstr ""
13944
13943
13945
#: serverguide/C/network-auth.xml:365(computeroutput)
13944
#: serverguide/C/network-auth.xml:372(computeroutput)
13946
13945
#, no-wrap
13947
13946
msgid ""
13948
13947
"\n"
13951
13950
"dn: cn=admin,dc=example,dc=com\n"
13952
13951
msgstr ""
13953
13952
13954
#: serverguide/C/network-auth.xml:379(para)
13953
#: serverguide/C/network-auth.xml:386(para)
13955
13954
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13956
13955
msgstr ""
13957
13956
13958
#: serverguide/C/network-auth.xml:385(para)
13957
#: serverguide/C/network-auth.xml:392(para)
13959
13958
msgid ""
13960
13959
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13961
13960
"this DIT (set up during package install)"
13962
13961
msgstr ""
13963
13962
13964
#: serverguide/C/network-auth.xml:399(title)
13963
#: serverguide/C/network-auth.xml:406(title)
13965
13964
msgid "Modifying/Populating your Database"
13966
13965
msgstr ""
13967
13966
13968
#: serverguide/C/network-auth.xml:401(para)
13967
#: serverguide/C/network-auth.xml:408(para)
13969
13968
msgid ""
13970
13969
"Let's introduce some content to our database. We will add the following:"
13971
13970
msgstr ""
13972
13971
13973
#: serverguide/C/network-auth.xml:408(para)
13972
#: serverguide/C/network-auth.xml:415(para)
13974
13973
msgid "a node called <emphasis>People</emphasis> (to store users)"
13975
13974
msgstr ""
13976
13975
13977
#: serverguide/C/network-auth.xml:414(para)
13976
#: serverguide/C/network-auth.xml:421(para)
13978
13977
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13979
13978
msgstr ""
13980
13979
13981
#: serverguide/C/network-auth.xml:420(para)
13980
#: serverguide/C/network-auth.xml:427(para)
13982
13981
msgid "a group called <emphasis>miners</emphasis>"
13983
13982
msgstr ""
13984
13983
13985
#: serverguide/C/network-auth.xml:426(para)
13984
#: serverguide/C/network-auth.xml:433(para)
13986
13985
msgid "a user called <emphasis>john</emphasis>"
13987
13986
msgstr ""
13988
13987
13989
#: serverguide/C/network-auth.xml:433(para)
13988
#: serverguide/C/network-auth.xml:440(para)
13990
13989
msgid ""
13991
13990
"Create the following LDIF file and call it "
13992
13991
"<filename>add_content.ldif</filename>:"
13993
13992
msgstr ""
13994
13993
13995
#: serverguide/C/network-auth.xml:437(programlisting)
13994
#: serverguide/C/network-auth.xml:444(programlisting)
13996
13995
#, no-wrap
13997
13996
msgid ""
13998
13997
"\n"
14026
14025
"homeDirectory: /home/john\n"
14027
14026
msgstr ""
14028
14027
14029
#: serverguide/C/network-auth.xml:469(para)
14028
#: serverguide/C/network-auth.xml:476(para)
14030
14029
msgid ""
14031
14030
"It's important that uid and gid values in your directory do not collide with "
14032
14031
"local values. Use high number ranges, such as starting at 5000. By setting "
14034
14033
"what can be done with a local user vs a ldap one. More on that later."
14035
14034
msgstr ""
14036
14035
14037
#: serverguide/C/network-auth.xml:477(para)
14036
#: serverguide/C/network-auth.xml:484(para)
14038
14037
msgid "Add the content:"
14039
14038
msgstr ""
14040
14039
14041
#: serverguide/C/network-auth.xml:482(command)
14040
#: serverguide/C/network-auth.xml:489(command)
14042
14041
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif"
14043
14042
msgstr ""
14044
14043
14045
#: serverguide/C/network-auth.xml:484(application)
14044
#: serverguide/C/network-auth.xml:491(application)
14046
14045
msgid "********"
14047
14046
msgstr ""
14048
14047
14049
#: serverguide/C/network-auth.xml:483(computeroutput)
14048
#: serverguide/C/network-auth.xml:490(computeroutput)
14050
14049
#, no-wrap
14051
14050
msgid ""
14052
14051
"\n"
14060
14059
"adding new entry \"uid=john,ou=People,dc=example,dc=com\"\n"
14061
14060
msgstr ""
14062
14061
14063
#: serverguide/C/network-auth.xml:495(para)
14062
#: serverguide/C/network-auth.xml:502(para)
14064
14063
msgid ""
14065
14064
"We can check that the information has been correctly added with the "
14066
14065
"<application>ldapsearch</application> utility:"
14067
14066
msgstr ""
14068
14067
14069
#: serverguide/C/network-auth.xml:500(command)
14068
#: serverguide/C/network-auth.xml:507(command)
14070
14069
msgid "ldapsearch -x -LLL -b dc=example,dc=com 'uid=john' cn gidNumber"
14071
14070
msgstr ""
14072
14071
14073
#: serverguide/C/network-auth.xml:501(computeroutput)
14072
#: serverguide/C/network-auth.xml:508(computeroutput)
14074
14073
#, no-wrap
14075
14074
msgid ""
14076
14075
"\n"
14079
14078
"gidNumber: 5000\n"
14080
14079
msgstr ""
14081
14080
14082
#: serverguide/C/network-auth.xml:508(para)
14081
#: serverguide/C/network-auth.xml:515(para)
14083
14082
msgid "Explanation of switches:"
14084
14083
msgstr ""
14085
14084
14086
#: serverguide/C/network-auth.xml:515(para)
14085
#: serverguide/C/network-auth.xml:522(para)
14087
14086
msgid ""
14088
14087
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
14089
14088
"method"
14090
14089
msgstr ""
14091
14090
14092
#: serverguide/C/network-auth.xml:521(para)
14091
#: serverguide/C/network-auth.xml:528(para)
14093
14092
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
14094
14093
msgstr ""
14095
14094
14096
#: serverguide/C/network-auth.xml:527(para)
14095
#: serverguide/C/network-auth.xml:534(para)
14097
14096
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
14098
14097
msgstr ""
14099
14098
14100
#: serverguide/C/network-auth.xml:533(para)
14099
#: serverguide/C/network-auth.xml:540(para)
14101
14100
msgid ""
14102
14101
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
14103
14102
"displayed (the default is to show all attributes)"
14104
14103
msgstr ""
14105
14104
14106
#: serverguide/C/network-auth.xml:543(title)
14105
#: serverguide/C/network-auth.xml:550(title)
14107
14106
msgid "Modifying the slapd Configuration Database"
14108
14107
msgstr ""
14109
14108
14110
#: serverguide/C/network-auth.xml:545(para)
14109
#: serverguide/C/network-auth.xml:552(para)
14111
14110
msgid ""
14112
14111
"The slapd-config DIT can also be queried and modified. Here are a few "
14113
14112
"examples."
14114
14113
msgstr ""
14115
14114
14116
#: serverguide/C/network-auth.xml:552(para)
14115
#: serverguide/C/network-auth.xml:559(para)
14117
14116
msgid ""
14118
14117
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
14119
14118
"attribute) to your <application>{1}hdb,cn=config</application> database "
14121
14120
"<filename>uid_index.ldif</filename>, with the following contents:"
14122
14121
msgstr ""
14123
14122
14124
#: serverguide/C/network-auth.xml:557(programlisting)
14123
#: serverguide/C/network-auth.xml:564(programlisting)
14125
14124
#, no-wrap
14126
14125
msgid ""
14127
14126
"\n"
14130
14129
"olcDbIndex: uid eq,pres,sub\n"
14131
14130
msgstr ""
14132
14131
14133
#: serverguide/C/network-auth.xml:563(para)
14132
#: serverguide/C/network-auth.xml:570(para)
14134
14133
msgid "Then issue the command:"
14135
14134
msgstr ""
14136
14135
14137
#: serverguide/C/network-auth.xml:568(command)
14136
#: serverguide/C/network-auth.xml:575(command)
14138
14137
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
14139
14138
msgstr ""
14140
14139
14141
#: serverguide/C/network-auth.xml:569(computeroutput)
14140
#: serverguide/C/network-auth.xml:576(computeroutput)
14142
14141
#, no-wrap
14143
14142
msgid ""
14144
14143
"\n"
14145
14144
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14146
14145
msgstr ""
14147
14146
14148
#: serverguide/C/network-auth.xml:574(para)
14147
#: serverguide/C/network-auth.xml:581(para)
14149
14148
msgid "You can confirm the change in this way:"
14150
14149
msgstr ""
14151
14150
14152
#: serverguide/C/network-auth.xml:579(command)
14151
#: serverguide/C/network-auth.xml:586(command)
14153
14152
msgid ""
14154
14153
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14155
14154
"'(olcDatabase={1}hdb)' olcDbIndex"
14156
14155
msgstr ""
14157
14156
14158
#: serverguide/C/network-auth.xml:581(computeroutput)
14157
#: serverguide/C/network-auth.xml:588(computeroutput)
14159
14158
#, no-wrap
14160
14159
msgid ""
14161
14160
"\n"
14164
14163
"olcDbIndex: uid eq,pres,sub\n"
14165
14164
msgstr ""
14166
14165
14167
#: serverguide/C/network-auth.xml:591(para)
14166
#: serverguide/C/network-auth.xml:598(para)
14168
14167
msgid ""
14169
14168
"Let's add a schema. It will first need to be converted to LDIF format. You "
14170
14169
"can find unconverted schemas in addition to converted ones in the <filename "
14171
14170
"role=\"directory\">/etc/ldap/schema</filename> directory."
14172
14171
msgstr ""
14173
14172
14174
#: serverguide/C/network-auth.xml:599(para)
14173
#: serverguide/C/network-auth.xml:606(para)
14175
14174
msgid ""
14176
14175
"It is not trivial to remove a schema from the slapd-config database. "
14177
14176
"Practice adding schemas on a test system."
14178
14177
msgstr ""
14179
14178
14180
#: serverguide/C/network-auth.xml:605(para)
14179
#: serverguide/C/network-auth.xml:612(para)
14181
14180
msgid ""
14182
14181
"Before adding any schema, you should check which schemas are already "
14183
14182
"installed (shown is a default, out-of-the-box output):"
14184
14183
msgstr ""
14185
14184
14186
#: serverguide/C/network-auth.xml:611(command)
14185
#: serverguide/C/network-auth.xml:618(command)
14187
14186
msgid ""
14188
14187
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=schema,cn=config dn"
14189
14188
msgstr ""
14190
14189
14191
#: serverguide/C/network-auth.xml:613(computeroutput)
14190
#: serverguide/C/network-auth.xml:620(computeroutput)
14192
14191
#, no-wrap
14193
14192
msgid ""
14194
14193
"\n"
14203
14202
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
14204
14203
msgstr ""
14205
14204
14206
#: serverguide/C/network-auth.xml:630(para)
14205
#: serverguide/C/network-auth.xml:637(para)
14207
14206
msgid "In the following example we'll add the CORBA schema."
14208
14207
msgstr ""
14209
14208
14210
#: serverguide/C/network-auth.xml:637(para)
14209
#: serverguide/C/network-auth.xml:644(para)
14211
14210
msgid ""
14212
14211
"Create the conversion configuration file "
14213
14212
"<filename>schema_convert.conf</filename> containing the following lines:"
14214
14213
msgstr ""
14215
14214
14216
#: serverguide/C/network-auth.xml:642(programlisting)
14215
#: serverguide/C/network-auth.xml:649(programlisting)
14217
14216
#, no-wrap
14218
14217
msgid ""
14219
14218
"\n"
14233
14232
"include /etc/ldap/schema/pmi.schema\n"
14234
14233
msgstr ""
14235
14234
14236
#: serverguide/C/network-auth.xml:662(para)
14235
#: serverguide/C/network-auth.xml:669(para)
14237
14236
msgid "Create the output directory <filename>ldif_output</filename>."
14238
14237
msgstr ""
14239
14238
14240
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14239
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14241
14240
msgid "Determine the index of the schema:"
14242
14241
msgstr ""
14243
14242
14244
#: serverguide/C/network-auth.xml:673(command)
14243
#: serverguide/C/network-auth.xml:680(command)
14245
14244
msgid ""
14246
14245
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14247
14246
msgstr ""
14248
14247
14249
#: serverguide/C/network-auth.xml:674(computeroutput)
14248
#: serverguide/C/network-auth.xml:681(computeroutput)
14250
14249
#, no-wrap
14251
14250
msgid ""
14252
14251
"\n"
14253
14252
"cn={1}corba,cn=schema,cn=config\n"
14254
14253
msgstr ""
14255
14254
14256
#: serverguide/C/network-auth.xml:685(para)
14255
#: serverguide/C/network-auth.xml:687(para)
14257
14256
msgid ""
14258
14257
"When slapd ingests objects with the same parent DN it will create an "
14259
14258
"<emphasis>index</emphasis> for that object. An index is contained within "
14260
14259
"braces: <application>{X}</application>."
14261
14260
msgstr ""
14262
14261
14263
#: serverguide/C/network-auth.xml:689(para)
14262
#: serverguide/C/network-auth.xml:696(para)
14264
14263
msgid "Use <application>slapcat</application> to perform the conversion:"
14265
14264
msgstr ""
14266
14265
14267
#: serverguide/C/network-auth.xml:694(command)
14266
#: serverguide/C/network-auth.xml:701(command)
14268
14267
msgid ""
14269
14268
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14270
14269
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14271
14270
msgstr ""
14272
14271
14273
#: serverguide/C/network-auth.xml:698(para)
14272
#: serverguide/C/network-auth.xml:705(para)
14274
14273
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14275
14274
msgstr ""
14276
14275
14277
#: serverguide/C/network-auth.xml:704(para)
14276
#: serverguide/C/network-auth.xml:711(para)
14278
14277
msgid ""
14279
14278
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14280
14279
"attributes:"
14281
14280
msgstr ""
14282
14281
14283
#: serverguide/C/network-auth.xml:708(programlisting)
14282
#: serverguide/C/network-auth.xml:715(programlisting)
14284
14283
#, no-wrap
14285
14284
msgid ""
14286
14285
"\n"
14289
14288
"cn: corba\n"
14290
14289
msgstr ""
14291
14290
14292
#: serverguide/C/network-auth.xml:714(para)
14291
#: serverguide/C/network-auth.xml:721(para)
14293
14292
msgid "Also remove the following lines from the bottom:"
14294
14293
msgstr ""
14295
14294
14296
#: serverguide/C/network-auth.xml:718(programlisting)
14295
#: serverguide/C/network-auth.xml:725(programlisting)
14297
14296
#, no-wrap
14298
14297
msgid ""
14299
14298
"\n"
14306
14305
"modifyTimestamp: 20110829165435Z\n"
14307
14306
msgstr ""
14308
14307
14309
#: serverguide/C/network-auth.xml:728(para) serverguide/C/network-auth.xml:2367(para)
14308
#: serverguide/C/network-auth.xml:735(para) serverguide/C/network-auth.xml:2374(para)
14310
14309
msgid "Your attribute values will vary."
14311
14310
msgstr ""
14312
14311
14313
#: serverguide/C/network-auth.xml:734(para)
14312
#: serverguide/C/network-auth.xml:741(para)
14314
14313
msgid ""
14315
14314
"Finally, use <application>ldapadd</application> to add the new schema to the "
14316
14315
"slapd-config DIT:"
14317
14316
msgstr ""
14318
14317
14319
#: serverguide/C/network-auth.xml:739(command)
14318
#: serverguide/C/network-auth.xml:746(command)
14320
14319
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=corba.ldif"
14321
14320
msgstr ""
14322
14321
14323
#: serverguide/C/network-auth.xml:740(computeroutput)
14322
#: serverguide/C/network-auth.xml:747(computeroutput)
14324
14323
#, no-wrap
14325
14324
msgid ""
14326
14325
"\n"
14327
14326
"adding new entry \"cn=corba,cn=schema,cn=config\"\n"
14328
14327
msgstr ""
14329
14328
14330
#: serverguide/C/network-auth.xml:748(para)
14329
#: serverguide/C/network-auth.xml:755(para)
14331
14330
msgid "Confirm currently loaded schemas:"
14332
14331
msgstr ""
14333
14332
14334
#: serverguide/C/network-auth.xml:753(command)
14333
#: serverguide/C/network-auth.xml:760(command)
14335
14334
msgid ""
14336
14335
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn"
14337
14336
msgstr ""
14338
14337
14339
#: serverguide/C/network-auth.xml:754(computeroutput)
14338
#: serverguide/C/network-auth.xml:761(computeroutput)
14340
14339
#, no-wrap
14341
14340
msgid ""
14342
14341
"\n"
14353
14352
"dn: cn={4}corba,cn=schema,cn=config\n"
14354
14353
msgstr ""
14355
14354
14356
#: serverguide/C/network-auth.xml:778(para)
14355
#: serverguide/C/network-auth.xml:785(para)
14357
14356
msgid ""
14358
14357
"For external applications and clients to authenticate using LDAP they will "
14359
14358
"each need to be specifically configured to do so. Refer to the appropriate "
14360
14359
"client-side documentation for details."
14361
14360
msgstr ""
14362
14361
14363
#: serverguide/C/network-auth.xml:789(para)
14362
#: serverguide/C/network-auth.xml:796(para)
14364
14363
msgid ""
14365
14364
"Activity logging for slapd is indispensible when implementing an OpenLDAP-"
14366
14365
"based solution yet it must be manually enabled after software installation. "
14368
14367
"any other slapd configuration, is enabled via the slapd-config database."
14369
14368
msgstr ""
14370
14369
14371
#: serverguide/C/network-auth.xml:795(para)
14370
#: serverguide/C/network-auth.xml:802(para)
14372
14371
msgid ""
14373
14372
"OpenLDAP comes with multiple logging subsystems (levels) with each one "
14374
14373
"containing the lower one (additive). A good level to try is "
14378
14377
"different subsystems."
14379
14378
msgstr ""
14380
14379
14381
#: serverguide/C/network-auth.xml:801(para)
14380
#: serverguide/C/network-auth.xml:808(para)
14382
14381
msgid ""
14383
14382
"Create the file <filename>logging.ldif</filename> with the following "
14384
14383
"contents:"
14385
14384
msgstr ""
14386
14385
14387
#: serverguide/C/network-auth.xml:805(programlisting)
14386
#: serverguide/C/network-auth.xml:812(programlisting)
14388
14387
#, no-wrap
14389
14388
msgid ""
14390
14389
"\n"
14394
14393
"olcLogLevel: stats\n"
14395
14394
msgstr ""
14396
14395
14397
#: serverguide/C/network-auth.xml:812(para)
14396
#: serverguide/C/network-auth.xml:819(para)
14398
14397
msgid "Implement the change:"
14399
14398
msgstr ""
14400
14399
14401
#: serverguide/C/network-auth.xml:817(command)
14400
#: serverguide/C/network-auth.xml:824(command)
14402
14401
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif"
14403
14402
msgstr ""
14404
14403
14405
#: serverguide/C/network-auth.xml:820(para)
14404
#: serverguide/C/network-auth.xml:827(para)
14406
14405
msgid ""
14407
14406
"This will produce a significant amount of logging and you will want to "
14408
14407
"throttle back to a less verbose level once your system is in production. "
14410
14409
"hard time keeping up and may drop messages:"
14411
14410
msgstr ""
14412
14411
14413
#: serverguide/C/network-auth.xml:826(programlisting)
14412
#: serverguide/C/network-auth.xml:833(programlisting)
14414
14413
#, no-wrap
14415
14414
msgid ""
14416
14415
"\n"
14418
14417
"limiting\n"
14419
14418
msgstr ""
14420
14419
14421
#: serverguide/C/network-auth.xml:830(para)
14420
#: serverguide/C/network-auth.xml:837(para)
14422
14421
msgid ""
14423
14422
"You may consider a change to rsyslog's configuration. In "
14424
14423
"<filename>/etc/rsyslog.conf</filename>, put:"
14425
14424
msgstr ""
14426
14425
14427
#: serverguide/C/network-auth.xml:834(programlisting)
14426
#: serverguide/C/network-auth.xml:841(programlisting)
14428
14427
#, no-wrap
14429
14428
msgid ""
14430
14429
"\n"
14433
14432
"$SystemLogRateLimitInterval 0\n"
14434
14433
msgstr ""
14435
14434
14436
#: serverguide/C/network-auth.xml:840(para)
14435
#: serverguide/C/network-auth.xml:847(para)
14437
14436
msgid "And then restart the rsyslog daemon:"
14438
14437
msgstr ""
14439
14438
14440
#: serverguide/C/network-auth.xml:845(command)
14439
#: serverguide/C/network-auth.xml:852(command)
14441
14440
msgid "sudo service rsyslog restart"
14442
14441
msgstr ""
14443
14442
14444
#: serverguide/C/network-auth.xml:851(title)
14443
#: serverguide/C/network-auth.xml:858(title)
14445
14444
msgid "Replication"
14446
14445
msgstr ""
14447
14446
14448
#: serverguide/C/network-auth.xml:853(para)
14447
#: serverguide/C/network-auth.xml:860(para)
14449
14448
msgid ""
14450
14449
"The LDAP service becomes increasingly important as more networked systems "
14451
14450
"begin to depend on it. In such an environment, it is standard practice to "
14454
14453
"replication</emphasis>."
14455
14454
msgstr ""
14456
14455
14457
#: serverguide/C/network-auth.xml:859(para)
14456
#: serverguide/C/network-auth.xml:866(para)
14458
14457
msgid ""
14459
14458
"Replication is achieved via the <emphasis>Syncrepl</emphasis> engine. This "
14460
14459
"allows changes to be synchronized using a <emphasis>Consumer</emphasis> - "
14466
14465
"be sent, not entire entries."
14467
14466
msgstr ""
14468
14467
14469
#: serverguide/C/network-auth.xml:868(title)
14468
#: serverguide/C/network-auth.xml:875(title)
14470
14469
msgid "Provider Configuration"
14471
14470
msgstr ""
14472
14471
14473
#: serverguide/C/network-auth.xml:870(para)
14472
#: serverguide/C/network-auth.xml:877(para)
14474
14473
msgid "Begin by configuring the <emphasis>Provider</emphasis>."
14475
14474
msgstr ""
14476
14475
14477
#: serverguide/C/network-auth.xml:877(para)
14476
#: serverguide/C/network-auth.xml:884(para)
14478
14477
msgid ""
14479
14478
"Create an LDIF file with the following contents and name it "
14480
14479
"<filename>provider_sync.ldif</filename>:"
14481
14480
msgstr ""
14482
14481
14483
#: serverguide/C/network-auth.xml:881(programlisting)
14482
#: serverguide/C/network-auth.xml:888(programlisting)
14484
14483
#, no-wrap
14485
14484
msgid ""
14486
14485
"\n"
14542
14541
"olcAccessLogPurge: 07+00:00 01+00:00\n"
14543
14542
msgstr ""
14544
14543
14545
#: serverguide/C/network-auth.xml:940(para)
14544
#: serverguide/C/network-auth.xml:947(para)
14546
14545
msgid ""
14547
14546
"Change the rootDN in the LDIF file to match the one you have for your "
14548
14547
"directory."
14549
14548
msgstr ""
14550
14549
14551
#: serverguide/C/network-auth.xml:947(para)
14550
#: serverguide/C/network-auth.xml:954(para)
14552
14551
msgid ""
14553
14552
"The <application>apparmor</application> profile for slapd will not need to "
14554
14553
"be adjusted for the accesslog database location since "
14555
14554
"<filename>/etc/apparmor.d/local/usr.sbin.slapd</filename> contains:"
14556
14555
msgstr ""
14557
14556
14558
#: serverguide/C/network-auth.xml:952(programlisting)
14557
#: serverguide/C/network-auth.xml:959(programlisting)
14559
14558
#, no-wrap
14560
14559
msgid ""
14561
14560
"\n"
14563
14562
"/var/lib/ldap/** rwk,\n"
14564
14563
msgstr ""
14565
14564
14566
#: serverguide/C/network-auth.xml:957(para)
14565
#: serverguide/C/network-auth.xml:964(para)
14567
14566
msgid ""
14568
14567
"Create a directory, set up a databse config file, and reload the apparmor "
14569
14568
"profile:"
14570
14569
msgstr ""
14571
14570
14572
#: serverguide/C/network-auth.xml:962(command)
14571
#: serverguide/C/network-auth.xml:969(command)
14573
14572
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14574
14573
msgstr ""
14575
14574
14576
#: serverguide/C/network-auth.xml:963(command)
14575
#: serverguide/C/network-auth.xml:970(command)
14577
14576
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14578
14577
msgstr ""
14579
14578
14580
#: serverguide/C/network-auth.xml:970(para)
14579
#: serverguide/C/network-auth.xml:977(para)
14581
14580
msgid ""
14582
14581
"Add the new content and, due to the apparmor change, restart the daemon:"
14583
14582
msgstr ""
14584
14583
14585
#: serverguide/C/network-auth.xml:975(command)
14584
#: serverguide/C/network-auth.xml:982(command)
14586
14585
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14587
14586
msgstr ""
14588
14587
14589
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14588
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14590
14589
msgid "sudo service slapd restart"
14591
14590
msgstr ""
14592
14591
14593
#: serverguide/C/network-auth.xml:983(para)
14592
#: serverguide/C/network-auth.xml:990(para)
14594
14593
msgid "The Provider is now configured."
14595
14594
msgstr ""
14596
14595
14597
#: serverguide/C/network-auth.xml:990(title)
14596
#: serverguide/C/network-auth.xml:997(title)
14598
14597
msgid "Consumer Configuration"
14599
14598
msgstr ""
14600
14599
14601
#: serverguide/C/network-auth.xml:992(para)
14600
#: serverguide/C/network-auth.xml:999(para)
14602
14601
msgid "And now configure the <emphasis>Consumer</emphasis>."
14603
14602
msgstr ""
14604
14603
14605
#: serverguide/C/network-auth.xml:999(para)
14604
#: serverguide/C/network-auth.xml:1006(para)
14606
14605
msgid ""
14607
14606
"Install the software by going through <xref linkend=\"openldap-server-"
14608
14607
"installation\"/>. Make sure the slapd-config databse is identical to the "
14610
14609
"same."
14611
14610
msgstr ""
14612
14611
14613
#: serverguide/C/network-auth.xml:1006(para)
14612
#: serverguide/C/network-auth.xml:1013(para)
14614
14613
msgid ""
14615
14614
"Create an LDIF file with the following contents and name it "
14616
14615
"<filename>consumer_sync.ldif</filename>:"
14617
14616
msgstr ""
14618
14617
14619
#: serverguide/C/network-auth.xml:1010(programlisting)
14618
#: serverguide/C/network-auth.xml:1017(programlisting)
14620
14619
#, no-wrap
14621
14620
msgid ""
14622
14621
"\n"
14643
14642
"olcUpdateRef: ldap://ldap01.example.com\n"
14644
14643
msgstr ""
14645
14644
14646
#: serverguide/C/network-auth.xml:1031(para)
14645
#: serverguide/C/network-auth.xml:1038(para)
14647
14646
msgid "Ensure the following attributes have the correct values:"
14648
14647
msgstr ""
14649
14648
14650
#: serverguide/C/network-auth.xml:1036(para)
14649
#: serverguide/C/network-auth.xml:1043(para)
14651
14650
msgid ""
14652
14651
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14653
14652
"ldap01.example.com in this example -- or IP address)"
14654
14653
msgstr ""
14655
14654
14656
#: serverguide/C/network-auth.xml:1037(para)
14655
#: serverguide/C/network-auth.xml:1044(para)
14657
14656
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14658
14657
msgstr ""
14659
14658
14660
#: serverguide/C/network-auth.xml:1038(para)
14659
#: serverguide/C/network-auth.xml:1045(para)
14661
14660
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14662
14661
msgstr ""
14663
14662
14664
#: serverguide/C/network-auth.xml:1039(para)
14663
#: serverguide/C/network-auth.xml:1046(para)
14665
14664
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14666
14665
msgstr ""
14667
14666
14668
#: serverguide/C/network-auth.xml:1040(para)
14667
#: serverguide/C/network-auth.xml:1047(para)
14669
14668
msgid ""
14670
14669
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14671
14670
msgstr ""
14672
14671
14673
#: serverguide/C/network-auth.xml:1041(para)
14672
#: serverguide/C/network-auth.xml:1048(para)
14674
14673
msgid ""
14675
14674
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14676
14675
"replica. Each consumer should have at least one rid)"
14677
14676
msgstr ""
14678
14677
14679
#: serverguide/C/network-auth.xml:1050(para)
14678
#: serverguide/C/network-auth.xml:1057(para)
14680
14679
msgid "Add the new content:"
14681
14680
msgstr ""
14682
14681
14683
#: serverguide/C/network-auth.xml:1055(command)
14682
#: serverguide/C/network-auth.xml:1062(command)
14684
14683
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14685
14684
msgstr ""
14686
14685
14687
#: serverguide/C/network-auth.xml:1062(para)
14686
#: serverguide/C/network-auth.xml:1069(para)
14688
14687
msgid ""
14689
14688
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14690
14689
"synchronizing."
14691
14690
msgstr ""
14692
14691
14693
#: serverguide/C/network-auth.xml:1071(para)
14692
#: serverguide/C/network-auth.xml:1078(para)
14694
14693
msgid "Once replication starts, you can monitor it by running"
14695
14694
msgstr ""
14696
14695
14697
#: serverguide/C/network-auth.xml:1081(command)
14696
#: serverguide/C/network-auth.xml:1083(command)
14698
14697
msgid ""
14699
14698
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14700
14699
"contextCSN"
14701
14700
msgstr ""
14702
14701
14703
#: serverguide/C/network-auth.xml:1077(computeroutput)
14702
#: serverguide/C/network-auth.xml:1084(computeroutput)
14704
14703
#, no-wrap
14705
14704
msgid ""
14706
14705
"\n"
14708
14707
"contextCSN: 20120201193408.178454Z#000000#000#000000\n"
14709
14708
msgstr ""
14710
14709
14711
#: serverguide/C/network-auth.xml:1083(para)
14710
#: serverguide/C/network-auth.xml:1090(para)
14712
14711
msgid ""
14713
14712
"on both the provider and the consumer. Once the output "
14714
14713
"(<computeroutput>20120201193408.178454Z#000000#000#000000</computeroutput> "
14717
14716
"the one in the consumer(s)."
14718
14717
msgstr ""
14719
14718
14720
#: serverguide/C/network-auth.xml:1092(para)
14719
#: serverguide/C/network-auth.xml:1099(para)
14721
14720
msgid ""
14722
14721
"If your connection is slow and/or your ldap database large, it might take a "
14723
14722
"while for the consumer's <emphasis>contextCSN</emphasis> match the "
14725
14724
"<emphasis>contextCSN</emphasis> will be steadly increasing."
14726
14725
msgstr ""
14727
14726
14728
#: serverguide/C/network-auth.xml:1100(para)
14727
#: serverguide/C/network-auth.xml:1107(para)
14729
14728
msgid ""
14730
14729
"If the consumer's <emphasis>contextCSN</emphasis> is missing or does not "
14731
14730
"match the provider, you should stop and figure out the issue before "
14735
14734
"statements) return no errors."
14736
14735
msgstr ""
14737
14736
14738
#: serverguide/C/network-auth.xml:1109(para)
14737
#: serverguide/C/network-auth.xml:1116(para)
14739
14738
msgid ""
14740
14739
"To test if it worked simply query, on the Consumer, the DNs in the database:"
14741
14740
msgstr ""
14742
14741
14743
#: serverguide/C/network-auth.xml:1114(command)
14742
#: serverguide/C/network-auth.xml:1121(command)
14744
14743
msgid ""
14745
14744
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com dn"
14746
14745
msgstr ""
14747
14746
14748
#: serverguide/C/network-auth.xml:1117(para)
14747
#: serverguide/C/network-auth.xml:1124(para)
14749
14748
msgid ""
14750
14749
"You should see the user 'john' and the group 'miners' as well as the nodes "
14751
14750
"'People' and 'Groups'."
14752
14751
msgstr ""
14753
14752
14754
#: serverguide/C/network-auth.xml:1126(title)
14753
#: serverguide/C/network-auth.xml:1133(title)
14755
14754
msgid "Access Control"
14756
14755
msgstr ""
14757
14756
14758
#: serverguide/C/network-auth.xml:1128(para)
14757
#: serverguide/C/network-auth.xml:1135(para)
14759
14758
msgid ""
14760
14759
"The management of what type of access (read, write, etc) users should be "
14761
14760
"granted to resources is known as <emphasis>access control</emphasis>. The "
14763
14762
"lists</emphasis> or ACL."
14764
14763
msgstr ""
14765
14764
14766
#: serverguide/C/network-auth.xml:1133(para)
14765
#: serverguide/C/network-auth.xml:1140(para)
14767
14766
msgid ""
14768
14767
"When we installed the slapd package various ACL were set up automatically. "
14769
14768
"We will look at a few important consequences of those defaults and, in so "
14770
14769
"doing, we'll get an idea of how ACLs work and how they're configured."
14771
14770
msgstr ""
14772
14771
14773
#: serverguide/C/network-auth.xml:1138(para)
14772
#: serverguide/C/network-auth.xml:1145(para)
14774
14773
msgid ""
14775
14774
"To get the effective ACL for an LDAP query we need to look at the ACL "
14776
14775
"entries of the database being queried as well as those of the special "
14782
14781
"(\"dc=example,dc=com\") and those of the frontend database:"
14783
14782
msgstr ""
14784
14783
14785
#: serverguide/C/network-auth.xml:1147(command)
14784
#: serverguide/C/network-auth.xml:1154(command)
14786
14785
msgid ""
14787
14786
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14788
14787
"'(olcDatabase={1}hdb)' olcAccess"
14789
14788
msgstr ""
14790
14789
14791
#: serverguide/C/network-auth.xml:1149(computeroutput)
14790
#: serverguide/C/network-auth.xml:1156(computeroutput)
14792
14791
#, no-wrap
14793
14792
msgid ""
14794
14793
"\n"
14802
14801
" read\n"
14803
14802
msgstr ""
14804
14803
14805
#: serverguide/C/network-auth.xml:1160(para)
14804
#: serverguide/C/network-auth.xml:1167(para)
14806
14805
msgid ""
14807
14806
"The rootDN always has full rights to its database. Including it in an ACL "
14808
14807
"does provide an explicit configuration but it also causes slapd to incur a "
14809
14808
"performance penalty."
14810
14809
msgstr ""
14811
14810
14812
#: serverguide/C/network-auth.xml:1167(command)
14811
#: serverguide/C/network-auth.xml:1174(command)
14813
14812
msgid ""
14814
14813
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14815
14814
"'(olcDatabase={-1}frontend)' olcAccess"
14816
14815
msgstr ""
14817
14816
14818
#: serverguide/C/network-auth.xml:1169(computeroutput)
14817
#: serverguide/C/network-auth.xml:1176(computeroutput)
14819
14818
#, no-wrap
14820
14819
msgid ""
14821
14820
"\n"
14826
14825
"olcAccess: {2}to dn.base=\"cn=Subschema\" by * read\n"
14827
14826
msgstr ""
14828
14827
14829
#: serverguide/C/network-auth.xml:1178(para)
14828
#: serverguide/C/network-auth.xml:1185(para)
14830
14829
msgid "The very first ACL is crucial:"
14831
14830
msgstr ""
14832
14831
14833
#: serverguide/C/network-auth.xml:1182(programlisting)
14832
#: serverguide/C/network-auth.xml:1189(programlisting)
14834
14833
#, no-wrap
14835
14834
msgid ""
14836
14835
"\n"
14839
14838
" auth by dn=\"cn=admin,dc=example,dc=com\" write by * none\n"
14840
14839
msgstr ""
14841
14840
14842
#: serverguide/C/network-auth.xml:1187(para)
14841
#: serverguide/C/network-auth.xml:1194(para)
14843
14842
msgid "This can be represented differently for easier digestion:"
14844
14843
msgstr ""
14845
14844
14846
#: serverguide/C/network-auth.xml:1191(programlisting)
14845
#: serverguide/C/network-auth.xml:1198(programlisting)
14847
14846
#, no-wrap
14848
14847
msgid ""
14849
14848
"\n"
14860
14859
"\tby * none\n"
14861
14860
msgstr ""
14862
14861
14863
#: serverguide/C/network-auth.xml:1205(para)
14862
#: serverguide/C/network-auth.xml:1212(para)
14864
14863
msgid "This compound ACL (there are 2) enforces the following:"
14865
14864
msgstr ""
14866
14865
14867
#: serverguide/C/network-auth.xml:1212(para)
14866
#: serverguide/C/network-auth.xml:1219(para)
14868
14867
msgid ""
14869
14868
"Anonymous 'auth' access is provided to the <emphasis>userPassword</emphasis> "
14870
14869
"attribute for the initial connection to occur. Perhaps counter-intuitively, "
14873
14872
"occur (see next point)."
14874
14873
msgstr ""
14875
14874
14876
#: serverguide/C/network-auth.xml:1220(para)
14875
#: serverguide/C/network-auth.xml:1227(para)
14877
14876
msgid ""
14878
14877
"Authentication can happen because all users have 'read' (due to 'by self "
14879
14878
"write') access to the <emphasis>userPassword</emphasis> attribute."
14880
14879
msgstr ""
14881
14880
14882
#: serverguide/C/network-auth.xml:1226(para)
14881
#: serverguide/C/network-auth.xml:1233(para)
14883
14882
msgid ""
14884
14883
"The <emphasis>userPassword</emphasis> attribute is otherwise unaccessible by "
14885
14884
"all other users, with the exception of the rootDN, who has complete access "
14886
14885
"to it."
14887
14886
msgstr ""
14888
14887
14889
#: serverguide/C/network-auth.xml:1233(para)
14888
#: serverguide/C/network-auth.xml:1240(para)
14890
14889
msgid ""
14891
14890
"In order for users to change their own password, using "
14892
14891
"<command>passwd</command> or other utilities, the "
14894
14893
"a user has authenticated."
14895
14894
msgstr ""
14896
14895
14897
#: serverguide/C/network-auth.xml:1241(para)
14896
#: serverguide/C/network-auth.xml:1248(para)
14898
14897
msgid ""
14899
14898
"This DIT can be searched anonymously because of 'by * read' in this ACL:"
14900
14899
msgstr ""
14901
14900
14902
#: serverguide/C/network-auth.xml:1245(programlisting)
14901
#: serverguide/C/network-auth.xml:1252(programlisting)
14903
14902
#, no-wrap
14904
14903
msgid ""
14905
14904
"\n"
14909
14908
"\tby * read\n"
14910
14909
msgstr ""
14911
14910
14912
#: serverguide/C/network-auth.xml:1252(para)
14911
#: serverguide/C/network-auth.xml:1259(para)
14913
14912
msgid ""
14914
14913
"If this is unwanted then you need to change the ACLs. To force "
14915
14914
"authentication during a bind request you can alternatively (or in "
14916
14915
"combination with the modified ACL) use the 'olcRequire: authc' directive."
14917
14916
msgstr ""
14918
14917
14919
#: serverguide/C/network-auth.xml:1257(para)
14918
#: serverguide/C/network-auth.xml:1264(para)
14920
14919
msgid ""
14921
14920
"As previously mentioned, there is no administrative account created for the "
14922
14921
"slapd-config database. There is, however, a SASL identity that is granted "
14924
14923
"it is:"
14925
14924
msgstr ""
14926
14925
14927
#: serverguide/C/network-auth.xml:1262(programlisting)
14926
#: serverguide/C/network-auth.xml:1269(programlisting)
14928
14927
#, no-wrap
14929
14928
msgid ""
14930
14929
"\n"
14931
14930
"dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \n"
14932
14931
msgstr ""
14933
14932
14934
#: serverguide/C/network-auth.xml:1266(para)
14933
#: serverguide/C/network-auth.xml:1273(para)
14935
14934
msgid ""
14936
14935
"The following command will display the ACLs of the slapd-config database:"
14937
14936
msgstr ""
14938
14937
14939
#: serverguide/C/network-auth.xml:1271(command)
14938
#: serverguide/C/network-auth.xml:1278(command)
14940
14939
msgid ""
14941
14940
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14942
14941
"'(olcDatabase={0}config)' olcAccess"
14943
14942
msgstr ""
14944
14943
14945
#: serverguide/C/network-auth.xml:1273(computeroutput)
14944
#: serverguide/C/network-auth.xml:1280(computeroutput)
14946
14945
#, no-wrap
14947
14946
msgid ""
14948
14947
"\n"
14951
14950
" cn=external,cn=auth manage by * break\n"
14952
14951
msgstr ""
14953
14952
14954
#: serverguide/C/network-auth.xml:1285(para)
14953
#: serverguide/C/network-auth.xml:1287(para)
14955
14954
msgid ""
14956
14955
"Since this is a SASL identity we need to use a SASL "
14957
14956
"<emphasis>mechanism</emphasis> when invoking the LDAP utility in question "
14959
14958
"mechanism. See the previous command for an example. Note that:"
14960
14959
msgstr ""
14961
14960
14962
#: serverguide/C/network-auth.xml:1288(para)
14961
#: serverguide/C/network-auth.xml:1295(para)
14963
14962
msgid ""
14964
14963
"You must use <emphasis>sudo</emphasis> to become the root identity in order "
14965
14964
"for the ACL to match."
14966
14965
msgstr ""
14967
14966
14968
#: serverguide/C/network-auth.xml:1294(para)
14967
#: serverguide/C/network-auth.xml:1301(para)
14969
14968
msgid ""
14970
14969
"The EXTERNAL mechanism works via <emphasis>IPC</emphasis> (UNIX domain "
14971
14970
"sockets). This means you must use the <emphasis>ldapi</emphasis> URI format."
14972
14971
msgstr ""
14973
14972
14974
#: serverguide/C/network-auth.xml:1302(para)
14973
#: serverguide/C/network-auth.xml:1309(para)
14975
14974
msgid "A succinct way to get all the ACLs is like this:"
14976
14975
msgstr ""
14977
14976
14978
#: serverguide/C/network-auth.xml:1307(command)
14977
#: serverguide/C/network-auth.xml:1314(command)
14979
14978
msgid ""
14980
14979
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \\ cn=config "
14981
14980
"'(olcAccess=*)' olcAccess olcSuffix"
14982
14981
msgstr ""
14983
14982
14984
#: serverguide/C/network-auth.xml:1311(para)
14983
#: serverguide/C/network-auth.xml:1318(para)
14985
14984
msgid ""
14986
14985
"There is much to say on the topic of access control. See the man page for "
14987
14986
"<ulink "
14989
14988
".access</ulink>."
14990
14989
msgstr ""
14991
14990
14992
#: serverguide/C/network-auth.xml:1319(title)
14991
#: serverguide/C/network-auth.xml:1326(title)
14993
14992
msgid "TLS"
14994
14993
msgstr ""
14995
14994
14996
#: serverguide/C/network-auth.xml:1321(para)
14995
#: serverguide/C/network-auth.xml:1328(para)
14997
14996
msgid ""
14998
14997
"When authenticating to an OpenLDAP server it is best to do so using an "
14999
14998
"encrypted session. This can be accomplished using Transport Layer Security "
15000
14999
"(TLS)."
15001
15000
msgstr ""
15002
15001
15003
#: serverguide/C/network-auth.xml:1326(para)
15002
#: serverguide/C/network-auth.xml:1333(para)
15004
15003
msgid ""
15005
15004
"Here, we will be our own <emphasis>Certificate Authority</emphasis> and then "
15006
15005
"create and sign our LDAP server certificate as that CA. Since "
15009
15008
"<application>certtool</application> utility to complete these tasks."
15010
15009
msgstr ""
15011
15010
15012
#: serverguide/C/network-auth.xml:1335(para)
15011
#: serverguide/C/network-auth.xml:1342(para)
15013
15012
msgid ""
15014
15013
"Install the <application>gnutls-bin</application> and <application>ssl-"
15015
15014
"cert</application> packages:"
15016
15015
msgstr ""
15017
15016
15018
#: serverguide/C/network-auth.xml:1340(command)
15017
#: serverguide/C/network-auth.xml:1347(command)
15019
15018
msgid "sudo apt-get install gnutls-bin ssl-cert"
15020
15019
msgstr ""
15021
15020
15022
#: serverguide/C/network-auth.xml:1346(para)
15021
#: serverguide/C/network-auth.xml:1353(para)
15023
15022
msgid "Create a private key for the Certificate Authority:"
15024
15023
msgstr ""
15025
15024
15026
#: serverguide/C/network-auth.xml:1351(command)
15025
#: serverguide/C/network-auth.xml:1358(command)
15027
15026
msgid ""
15028
15027
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
15029
15028
msgstr ""
15030
15029
15031
#: serverguide/C/network-auth.xml:1357(para)
15030
#: serverguide/C/network-auth.xml:1364(para)
15032
15031
msgid ""
15033
15032
"Create the template/file <filename>/etc/ssl/ca.info</filename> to define the "
15034
15033
"CA:"
15035
15034
msgstr ""
15036
15035
15037
#: serverguide/C/network-auth.xml:1361(programlisting)
15036
#: serverguide/C/network-auth.xml:1368(programlisting)
15038
15037
#, no-wrap
15039
15038
msgid ""
15040
15039
"\n"
15043
15042
"cert_signing_key\n"
15044
15043
msgstr ""
15045
15044
15046
#: serverguide/C/network-auth.xml:1370(para)
15045
#: serverguide/C/network-auth.xml:1377(para)
15047
15046
msgid "Create the self-signed CA certificate:"
15048
15047
msgstr ""
15049
15048
15050
#: serverguide/C/network-auth.xml:1375(command)
15049
#: serverguide/C/network-auth.xml:1382(command)
15051
15050
msgid ""
15052
15051
"sudo certtool --generate-self-signed \\ --load-privkey "
15053
15052
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
15054
15053
"/etc/ssl/certs/cacert.pem"
15055
15054
msgstr ""
15056
15055
15057
#: serverguide/C/network-auth.xml:1384(para)
15056
#: serverguide/C/network-auth.xml:1391(para)
15058
15057
msgid "Make a private key for the server:"
15059
15058
msgstr ""
15060
15059
15061
#: serverguide/C/network-auth.xml:1389(command)
15060
#: serverguide/C/network-auth.xml:1396(command)
15062
15061
msgid ""
15063
15062
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15064
15063
"/etc/ssl/private/ldap01_slapd_key.pem"
15065
15064
msgstr ""
15066
15065
15067
#: serverguide/C/network-auth.xml:1395(para)
15066
#: serverguide/C/network-auth.xml:1402(para)
15068
15067
msgid ""
15069
15068
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15070
15069
"hostname. Naming the certificate and key for the host and service that will "
15071
15070
"be using them will help keep things clear."
15072
15071
msgstr ""
15073
15072
15074
#: serverguide/C/network-auth.xml:1404(para)
15073
#: serverguide/C/network-auth.xml:1411(para)
15075
15074
msgid ""
15076
15075
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
15077
15076
msgstr ""
15078
15077
15079
#: serverguide/C/network-auth.xml:1408(programlisting)
15078
#: serverguide/C/network-auth.xml:1415(programlisting)
15080
15079
#, no-wrap
15081
15080
msgid ""
15082
15081
"\n"
15088
15087
"expiration_days = 3650\n"
15089
15088
msgstr ""
15090
15089
15091
#: serverguide/C/network-auth.xml:1417(para)
15090
#: serverguide/C/network-auth.xml:1424(para)
15092
15091
msgid "The above certificate is good for 10 years. Adjust accordingly."
15093
15092
msgstr ""
15094
15093
15095
#: serverguide/C/network-auth.xml:1423(para)
15094
#: serverguide/C/network-auth.xml:1430(para)
15096
15095
msgid "Create the server's certificate:"
15097
15096
msgstr ""
15098
15097
15099
#: serverguide/C/network-auth.xml:1428(command)
15098
#: serverguide/C/network-auth.xml:1435(command)
15100
15099
msgid ""
15101
15100
"sudo certtool --generate-certificate \\ --load-privkey "
15102
15101
"/etc/ssl/private/ldap01_slapd_key.pem \\ --load-ca-certificate "
15105
15104
"/etc/ssl/certs/ldap01_slapd_cert.pem"
15106
15105
msgstr ""
15107
15106
15108
#: serverguide/C/network-auth.xml:1440(para)
15107
#: serverguide/C/network-auth.xml:1447(para)
15109
15108
msgid ""
15110
15109
"Create the file <filename>certinfo.ldif</filename> with the following "
15111
15110
"contents (adjust accordingly, our example assumes we created certs using "
15112
15111
"https://www.cacert.org):"
15113
15112
msgstr ""
15114
15113
15115
#: serverguide/C/network-auth.xml:1444(programlisting)
15114
#: serverguide/C/network-auth.xml:1451(programlisting)
15116
15115
#, no-wrap
15117
15116
msgid ""
15118
15117
"\n"
15127
15126
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem\n"
15128
15127
msgstr ""
15129
15128
15130
#: serverguide/C/network-auth.xml:1456(para)
15129
#: serverguide/C/network-auth.xml:1463(para)
15131
15130
msgid ""
15132
15131
"Use the <application>ldapmodify</application> command to tell slapd about "
15133
15132
"our TLS work via the slapd-config database:"
15134
15133
msgstr ""
15135
15134
15136
#: serverguide/C/network-auth.xml:1461(command)
15135
#: serverguide/C/network-auth.xml:1468(command)
15137
15136
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif"
15138
15137
msgstr ""
15139
15138
15140
#: serverguide/C/network-auth.xml:1464(para)
15139
#: serverguide/C/network-auth.xml:1471(para)
15141
15140
msgid ""
15142
15141
"Contratry to popular belief, you do not need <emphasis>ldaps://</emphasis> "
15143
15142
"in <filename>/etc/default/slapd</filename> in order to use encryption. You "
15144
15143
"should have just:"
15145
15144
msgstr ""
15146
15145
15147
#: serverguide/C/network-auth.xml:1469(programlisting)
15146
#: serverguide/C/network-auth.xml:1476(programlisting)
15148
15147
#, no-wrap
15149
15148
msgid ""
15150
15149
"\n"
15151
15150
"SLAPD_SERVICES=\"ldap:/// ldapi:///\"\n"
15152
15151
msgstr ""
15153
15152
15154
#: serverguide/C/network-auth.xml:1474(para)
15153
#: serverguide/C/network-auth.xml:1481(para)
15155
15154
msgid ""
15156
15155
"LDAP over TLS/SSL (ldaps://) is deprecated in favour of "
15157
15156
"<emphasis>StartTLS</emphasis>. The latter refers to an existing LDAP session "
15160
15159
"over TCP port 636."
15161
15160
msgstr ""
15162
15161
15163
#: serverguide/C/network-auth.xml:1482(para)
15162
#: serverguide/C/network-auth.xml:1489(para)
15164
15163
msgid "Tighten up ownership and permissions:"
15165
15164
msgstr ""
15166
15165
15167
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15166
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15168
15167
msgid "sudo adduser openldap ssl-cert"
15169
15168
msgstr ""
15170
15169
15171
#: serverguide/C/network-auth.xml:1488(command)
15170
#: serverguide/C/network-auth.xml:1495(command)
15172
15171
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15173
15172
msgstr ""
15174
15173
15175
#: serverguide/C/network-auth.xml:1489(command)
15174
#: serverguide/C/network-auth.xml:1496(command)
15176
15175
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15177
15176
msgstr ""
15178
15177
15179
#: serverguide/C/network-auth.xml:1490(command)
15178
#: serverguide/C/network-auth.xml:1497(command)
15180
15179
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15181
15180
msgstr ""
15182
15181
15183
#: serverguide/C/network-auth.xml:1493(para)
15182
#: serverguide/C/network-auth.xml:1500(para)
15184
15183
msgid "Restart OpenLDAP:"
15185
15184
msgstr ""
15186
15185
15187
#: serverguide/C/network-auth.xml:1501(para)
15186
#: serverguide/C/network-auth.xml:1508(para)
15188
15187
msgid ""
15189
15188
"Check your host's logs (/var/log/syslog) to see if the server has started "
15190
15189
"properly."
15191
15190
msgstr ""
15192
15191
15193
#: serverguide/C/network-auth.xml:1508(title)
15192
#: serverguide/C/network-auth.xml:1515(title)
15194
15193
msgid "Replication and TLS"
15195
15194
msgstr ""
15196
15195
15197
#: serverguide/C/network-auth.xml:1510(para)
15196
#: serverguide/C/network-auth.xml:1517(para)
15198
15197
msgid ""
15199
15198
"If you have set up replication between servers, it is common practice to "
15200
15199
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15202
15201
"section we will build on that TLS-authentication work."
15203
15202
msgstr ""
15204
15203
15205
#: serverguide/C/network-auth.xml:1516(para)
15204
#: serverguide/C/network-auth.xml:1523(para)
15206
15205
msgid ""
15207
15206
"The assumption here is that you have set up replication between Provider and "
15208
15207
"Consumer according to <xref linkend=\"openldap-server-replication\"/> and "
15210
15209
"linkend=\"openldap-tls\"/>."
15211
15210
msgstr ""
15212
15211
15213
#: serverguide/C/network-auth.xml:1521(para)
15212
#: serverguide/C/network-auth.xml:1528(para)
15214
15213
msgid ""
15215
15214
"As previously stated, the objective (for us) with replication is high "
15216
15215
"availablity for the LDAP service. Since we have TLS for authentication on "
15222
15221
"material over to the Consumer."
15223
15222
msgstr ""
15224
15223
15225
#: serverguide/C/network-auth.xml:1532(para) serverguide/C/network-auth.xml:1689(para)
15224
#: serverguide/C/network-auth.xml:1539(para) serverguide/C/network-auth.xml:1696(para)
15226
15225
msgid "On the Provider,"
15227
15226
msgstr ""
15228
15227
15229
#: serverguide/C/network-auth.xml:1536(para)
15228
#: serverguide/C/network-auth.xml:1543(para)
15230
15229
msgid ""
15231
15230
"Create a holding directory (which will be used for the eventual transfer) "
15232
15231
"and then the Consumer's private key:"
15233
15232
msgstr ""
15234
15233
15235
#: serverguide/C/network-auth.xml:1541(command)
15234
#: serverguide/C/network-auth.xml:1548(command)
15236
15235
msgid "mkdir ldap02-ssl"
15237
15236
msgstr ""
15238
15237
15239
#: serverguide/C/network-auth.xml:1542(command)
15238
#: serverguide/C/network-auth.xml:1549(command)
15240
15239
msgid "cd ldap02-ssl"
15241
15240
msgstr ""
15242
15241
15243
#: serverguide/C/network-auth.xml:1543(command)
15242
#: serverguide/C/network-auth.xml:1550(command)
15244
15243
msgid ""
15245
15244
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15246
15245
"ldap02_slapd_key.pem"
15247
15246
msgstr ""
15248
15247
15249
#: serverguide/C/network-auth.xml:1548(para)
15248
#: serverguide/C/network-auth.xml:1555(para)
15250
15249
msgid ""
15251
15250
"Create an info file, <filename>ldap02.info</filename>, for the Consumer "
15252
15251
"server, adjusting its values accordingly:"
15253
15252
msgstr ""
15254
15253
15255
#: serverguide/C/network-auth.xml:1552(programlisting)
15254
#: serverguide/C/network-auth.xml:1559(programlisting)
15256
15255
#, no-wrap
15257
15256
msgid ""
15258
15257
"\n"
15264
15263
"expiration_days = 3650\n"
15265
15264
msgstr ""
15266
15265
15267
#: serverguide/C/network-auth.xml:1561(para)
15266
#: serverguide/C/network-auth.xml:1568(para)
15268
15267
msgid "Create the Consumer's certificate:"
15269
15268
msgstr ""
15270
15269
15271
#: serverguide/C/network-auth.xml:1566(command)
15270
#: serverguide/C/network-auth.xml:1573(command)
15272
15271
msgid ""
15273
15272
"sudo certtool --generate-certificate \\ --load-privkey ldap02_slapd_key.pem "
15274
15273
"\\ --load-ca-certificate /etc/ssl/certs/cacert.pem \\ --load-ca-privkey "
15276
15275
"ldap02_slapd_cert.pem"
15277
15276
msgstr ""
15278
15277
15279
#: serverguide/C/network-auth.xml:1574(para)
15278
#: serverguide/C/network-auth.xml:1581(para)
15280
15279
msgid "Get a copy of the CA certificate:"
15281
15280
msgstr ""
15282
15281
15283
#: serverguide/C/network-auth.xml:1579(command)
15282
#: serverguide/C/network-auth.xml:1586(command)
15284
15283
msgid "cp /etc/ssl/certs/cacert.pem ."
15285
15284
msgstr ""
15286
15285
15287
#: serverguide/C/network-auth.xml:1582(para)
15286
#: serverguide/C/network-auth.xml:1589(para)
15288
15287
msgid ""
15289
15288
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15290
15289
"the Consumer. Here we use scp (adjust accordingly):"
15291
15290
msgstr ""
15292
15291
15293
#: serverguide/C/network-auth.xml:1587(command)
15292
#: serverguide/C/network-auth.xml:1594(command)
15294
15293
msgid "cd .."
15295
15294
msgstr ""
15296
15295
15297
#: serverguide/C/network-auth.xml:1588(command)
15296
#: serverguide/C/network-auth.xml:1595(command)
15298
15297
msgid "scp -r ldap02-ssl user@consumer:"
15299
15298
msgstr ""
15300
15299
15301
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15300
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15302
15301
msgid "On the Consumer,"
15303
15302
msgstr ""
15304
15303
15305
#: serverguide/C/network-auth.xml:1598(para)
15304
#: serverguide/C/network-auth.xml:1605(para)
15306
15305
msgid "Configure TLS authentication:"
15307
15306
msgstr ""
15308
15307
15309
#: serverguide/C/network-auth.xml:1603(command)
15308
#: serverguide/C/network-auth.xml:1610(command)
15310
15309
msgid "sudo apt-get install ssl-cert"
15311
15310
msgstr ""
15312
15311
15313
#: serverguide/C/network-auth.xml:1605(command)
15312
#: serverguide/C/network-auth.xml:1612(command)
15314
15313
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15315
15314
msgstr ""
15316
15315
15317
#: serverguide/C/network-auth.xml:1606(command)
15316
#: serverguide/C/network-auth.xml:1613(command)
15318
15317
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15319
15318
msgstr ""
15320
15319
15321
#: serverguide/C/network-auth.xml:1607(command)
15320
#: serverguide/C/network-auth.xml:1614(command)
15322
15321
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15323
15322
msgstr ""
15324
15323
15325
#: serverguide/C/network-auth.xml:1608(command)
15324
#: serverguide/C/network-auth.xml:1615(command)
15326
15325
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15327
15326
msgstr ""
15328
15327
15329
#: serverguide/C/network-auth.xml:1609(command)
15328
#: serverguide/C/network-auth.xml:1616(command)
15330
15329
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15331
15330
msgstr ""
15332
15331
15333
#: serverguide/C/network-auth.xml:1612(para)
15332
#: serverguide/C/network-auth.xml:1619(para)
15334
15333
msgid ""
15335
15334
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15336
15335
"following contents (adjust accordingly):"
15337
15336
msgstr ""
15338
15337
15339
#: serverguide/C/network-auth.xml:1616(programlisting)
15338
#: serverguide/C/network-auth.xml:1623(programlisting)
15340
15339
#, no-wrap
15341
15340
msgid ""
15342
15341
"\n"
15351
15350
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem\n"
15352
15351
msgstr ""
15353
15352
15354
#: serverguide/C/network-auth.xml:1628(para)
15353
#: serverguide/C/network-auth.xml:1635(para)
15355
15354
msgid "Configure the slapd-config database:"
15356
15355
msgstr ""
15357
15356
15358
#: serverguide/C/network-auth.xml:1633(command)
15357
#: serverguide/C/network-auth.xml:1640(command)
15359
15358
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif"
15360
15359
msgstr ""
15361
15360
15362
#: serverguide/C/network-auth.xml:1636(para)
15361
#: serverguide/C/network-auth.xml:1643(para)
15363
15362
msgid ""
15364
15363
"Configure <filename>/etc/default/slapd</filename> as on the Provider "
15365
15364
"(SLAPD_SERVICES)."
15366
15365
msgstr ""
15367
15366
15368
#: serverguide/C/network-auth.xml:1646(para)
15367
#: serverguide/C/network-auth.xml:1653(para)
15369
15368
msgid ""
15370
15369
"Configure TLS for Consumer-side replication. Modify the existing "
15371
15370
"<emphasis>olcSyncrepl</emphasis> attribute by tacking on some TLS options. "
15373
15372
"value(s)."
15374
15373
msgstr ""
15375
15374
15376
#: serverguide/C/network-auth.xml:1651(para)
15375
#: serverguide/C/network-auth.xml:1658(para)
15377
15376
msgid ""
15378
15377
"Create the file <filename>consumer_sync_tls.ldif</filename> with the "
15379
15378
"following contents:"
15380
15379
msgstr ""
15381
15380
15382
#: serverguide/C/network-auth.xml:1660(programlisting)
15381
#: serverguide/C/network-auth.xml:1662(programlisting)
15383
15382
#, no-wrap
15384
15383
msgid ""
15385
15384
"\n"
15394
15393
" starttls=critical tls_reqcert=demand\n"
15395
15394
msgstr ""
15396
15395
15397
#: serverguide/C/network-auth.xml:1665(para)
15396
#: serverguide/C/network-auth.xml:1672(para)
15398
15397
msgid ""
15399
15398
"The extra options specify, respectively, that the consumer must use StartTLS "
15400
15399
"and that the CA certificate is required to verify the Provider's identity. "
15402
15401
"('replace')."
15403
15402
msgstr ""
15404
15403
15405
#: serverguide/C/network-auth.xml:1670(para)
15404
#: serverguide/C/network-auth.xml:1677(para)
15406
15405
msgid "Implement these changes:"
15407
15406
msgstr ""
15408
15407
15409
#: serverguide/C/network-auth.xml:1675(command)
15408
#: serverguide/C/network-auth.xml:1682(command)
15410
15409
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f consumer_sync_tls.ldif"
15411
15410
msgstr ""
15412
15411
15413
#: serverguide/C/network-auth.xml:1678(para)
15412
#: serverguide/C/network-auth.xml:1685(para)
15414
15413
msgid "And restart slapd:"
15415
15414
msgstr ""
15416
15415
15417
#: serverguide/C/network-auth.xml:1693(para)
15416
#: serverguide/C/network-auth.xml:1700(para)
15418
15417
msgid ""
15419
15418
"Check to see that a TLS session has been established. In "
15420
15419
"<filename>/var/log/syslog</filename>, providing you have 'conns'-level "
15421
15420
"logging set up, you should see messages similar to:"
15422
15421
msgstr ""
15423
15422
15424
#: serverguide/C/network-auth.xml:1698(programlisting)
15423
#: serverguide/C/network-auth.xml:1705(programlisting)
15425
15424
#, no-wrap
15426
15425
msgid ""
15427
15426
"\n"
15438
15437
"slapd[3620]: conn=1047 op=1 RESULT tag=97 err=0 text\n"
15439
15438
msgstr ""
15440
15439
15441
#: serverguide/C/network-auth.xml:1716(title)
15440
#: serverguide/C/network-auth.xml:1723(title)
15442
15441
msgid "LDAP Authentication"
15443
15442
msgstr ""
15444
15443
15445
#: serverguide/C/network-auth.xml:1723(para)
15444
#: serverguide/C/network-auth.xml:1725(para)
15446
15445
msgid ""
15447
15446
"Once you have a working LDAP server, you will need to install libraries on "
15448
15447
"the client that will know how and when to contact it. On Ubuntu, this has "
15451
15450
"assist you in the configuration step. Install this package now:"
15452
15451
msgstr ""
15453
15452
15454
#: serverguide/C/network-auth.xml:1725(command)
15453
#: serverguide/C/network-auth.xml:1732(command)
15455
15454
msgid "sudo apt-get install libnss-ldap"
15456
15455
msgstr ""
15457
15456
15458
#: serverguide/C/network-auth.xml:1728(para)
15457
#: serverguide/C/network-auth.xml:1735(para)
15459
15458
msgid ""
15460
15459
"You will be prompted for details of your LDAP server. If you make a mistake "
15461
15460
"you can try again using:"
15462
15461
msgstr ""
15463
15462
15464
#: serverguide/C/network-auth.xml:1733(command)
15463
#: serverguide/C/network-auth.xml:1740(command)
15465
15464
msgid "sudo dpkg-reconfigure ldap-auth-config"
15466
15465
msgstr ""
15467
15466
15468
#: serverguide/C/network-auth.xml:1736(para)
15467
#: serverguide/C/network-auth.xml:1743(para)
15469
15468
msgid ""
15470
15469
"The results of the dialog can be seen in "
15471
15470
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15472
15471
"covered in the menu edit this file accordingly."
15473
15472
msgstr ""
15474
15473
15475
#: serverguide/C/network-auth.xml:1741(para)
15474
#: serverguide/C/network-auth.xml:1748(para)
15476
15475
msgid "Now configure the LDAP profile for NSS:"
15477
15476
msgstr ""
15478
15477
15479
#: serverguide/C/network-auth.xml:1746(command)
15478
#: serverguide/C/network-auth.xml:1753(command)
15480
15479
msgid "sudo auth-client-config -t nss -p lac_ldap"
15481
15480
msgstr ""
15482
15481
15483
#: serverguide/C/network-auth.xml:1749(para)
15482
#: serverguide/C/network-auth.xml:1756(para)
15484
15483
msgid "Configure the system to use LDAP for authentication:"
15485
15484
msgstr ""
15486
15485
15487
#: serverguide/C/network-auth.xml:1754(command)
15486
#: serverguide/C/network-auth.xml:1761(command)
15488
15487
msgid "sudo pam-auth-update"
15489
15488
msgstr ""
15490
15489
15491
#: serverguide/C/network-auth.xml:1757(para)
15490
#: serverguide/C/network-auth.xml:1764(para)
15492
15491
msgid ""
15493
15492
"From the menu, choose LDAP and any other authentication mechanisms you need."
15494
15493
msgstr ""
15495
15494
15496
#: serverguide/C/network-auth.xml:1761(para)
15495
#: serverguide/C/network-auth.xml:1768(para)
15497
15496
msgid "You should now be able to log in using LDAP-based credentials."
15498
15497
msgstr ""
15499
15498
15500
#: serverguide/C/network-auth.xml:1765(para)
15499
#: serverguide/C/network-auth.xml:1772(para)
15501
15500
msgid ""
15502
15501
"LDAP clients will need to refer to multiple servers if replication is in "
15503
15502
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15504
15503
msgstr ""
15505
15504
15506
#: serverguide/C/network-auth.xml:1770(programlisting)
15505
#: serverguide/C/network-auth.xml:1777(programlisting)
15507
15506
#, no-wrap
15508
15507
msgid ""
15509
15508
"\n"
15510
15509
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15511
15510
msgstr ""
15512
15511
15513
#: serverguide/C/network-auth.xml:1774(para)
15512
#: serverguide/C/network-auth.xml:1781(para)
15514
15513
msgid ""
15515
15514
"The request will time out and the Consumer (ldap02) will attempt to be "
15516
15515
"reached if the Provider (ldap01) becomes unresponsive."
15517
15516
msgstr ""
15518
15517
15519
#: serverguide/C/network-auth.xml:1778(para)
15518
#: serverguide/C/network-auth.xml:1785(para)
15520
15519
msgid ""
15521
15520
"If you are going to use LDAP to store Samba users you will need to configure "
15522
15521
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15523
15522
"ldap\"/> for details."
15524
15523
msgstr ""
15525
15524
15526
#: serverguide/C/network-auth.xml:1784(para)
15525
#: serverguide/C/network-auth.xml:1791(para)
15527
15526
msgid ""
15528
15527
"An alternative to the <application>libnss-ldap</application> package is the "
15529
15528
"<application>libnss-ldapd</application> package. This, however, will bring "
15531
15530
"wanted. Simply remove it afterwards."
15532
15531
msgstr ""
15533
15532
15534
#: serverguide/C/network-auth.xml:1794(title)
15533
#: serverguide/C/network-auth.xml:1801(title)
15535
15534
msgid "User and Group Management"
15536
15535
msgstr ""
15537
15536
15538
#: serverguide/C/network-auth.xml:1796(para)
15537
#: serverguide/C/network-auth.xml:1803(para)
15539
15538
msgid ""
15540
15539
"The <application>ldap-utils</application> package comes with enough "
15541
15540
"utilities to manage the directory but the long string of options needed can "
15544
15543
"easier to use."
15545
15544
msgstr ""
15546
15545
15547
#: serverguide/C/network-auth.xml:1802(para)
15546
#: serverguide/C/network-auth.xml:1809(para)
15548
15547
msgid "Install the package:"
15549
15548
msgstr ""
15550
15549
15551
#: serverguide/C/network-auth.xml:1807(command)
15550
#: serverguide/C/network-auth.xml:1814(command)
15552
15551
msgid "sudo apt-get install ldapscripts"
15553
15552
msgstr ""
15554
15553
15555
#: serverguide/C/network-auth.xml:1810(para)
15554
#: serverguide/C/network-auth.xml:1817(para)
15556
15555
msgid ""
15557
15556
"Then edit the file <filename>/etc/ldapscripts/ldapscripts.conf</filename> to "
15558
15557
"arrive at something similar to the following:"
15559
15558
msgstr ""
15560
15559
15561
#: serverguide/C/network-auth.xml:1814(programlisting)
15560
#: serverguide/C/network-auth.xml:1821(programlisting)
15562
15561
#, no-wrap
15563
15562
msgid ""
15564
15563
"\n"
15574
15573
"MIDSTART=10000\n"
15575
15574
msgstr ""
15576
15575
15577
#: serverguide/C/network-auth.xml:1827(para)
15576
#: serverguide/C/network-auth.xml:1834(para)
15578
15577
msgid ""
15579
15578
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15580
15579
"access to the directory:"
15581
15580
msgstr ""
15582
15581
15583
#: serverguide/C/network-auth.xml:1832(command)
15582
#: serverguide/C/network-auth.xml:1839(command)
15584
15583
msgid ""
15585
15584
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15586
15585
msgstr ""
15587
15586
15588
#: serverguide/C/network-auth.xml:1833(command)
15587
#: serverguide/C/network-auth.xml:1840(command)
15589
15588
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15590
15589
msgstr ""
15591
15590
15592
#: serverguide/C/network-auth.xml:1837(para)
15591
#: serverguide/C/network-auth.xml:1844(para)
15593
15592
msgid ""
15594
15593
"Replace <quote>secret</quote> with the actual password for your database's "
15595
15594
"rootDN user."
15596
15595
msgstr ""
15597
15596
15598
#: serverguide/C/network-auth.xml:1842(para)
15597
#: serverguide/C/network-auth.xml:1849(para)
15599
15598
msgid ""
15600
15599
"The scripts are now ready to help manage your directory. Here are some "
15601
15600
"examples of how to use them:"
15602
15601
msgstr ""
15603
15602
15604
#: serverguide/C/network-auth.xml:1849(para)
15603
#: serverguide/C/network-auth.xml:1856(para)
15605
15604
msgid "Create a new user:"
15606
15605
msgstr ""
15607
15606
15608
#: serverguide/C/network-auth.xml:1854(command)
15607
#: serverguide/C/network-auth.xml:1861(command)
15609
15608
msgid "sudo ldapadduser george example"
15610
15609
msgstr ""
15611
15610
15612
#: serverguide/C/network-auth.xml:1857(para)
15611
#: serverguide/C/network-auth.xml:1864(para)
15613
15612
msgid ""
15614
15613
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15615
15614
"and set the user's primary group (gid) to <emphasis "
15616
15615
"role=\"italic\">example</emphasis>"
15617
15616
msgstr ""
15618
15617
15619
#: serverguide/C/network-auth.xml:1864(para)
15618
#: serverguide/C/network-auth.xml:1871(para)
15620
15619
msgid "Change a user's password:"
15621
15620
msgstr ""
15622
15621
15623
#: serverguide/C/network-auth.xml:1869(command)
15622
#: serverguide/C/network-auth.xml:1876(command)
15624
15623
msgid "sudo ldapsetpasswd george"
15625
15624
msgstr ""
15626
15625
15627
#: serverguide/C/network-auth.xml:1870(computeroutput)
15626
#: serverguide/C/network-auth.xml:1877(computeroutput)
15628
15627
#, no-wrap
15629
15628
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15630
15629
msgstr ""
15631
15630
15632
#: serverguide/C/network-auth.xml:1871(userinput)
15631
#: serverguide/C/network-auth.xml:1878(userinput)
15633
15632
#, no-wrap
15634
15633
msgid "New Password: "
15635
15634
msgstr ""
15636
15635
15637
#: serverguide/C/network-auth.xml:1872(userinput)
15636
#: serverguide/C/network-auth.xml:1879(userinput)
15638
15637
#, no-wrap
15639
15638
msgid "New Password (verify): "
15640
15639
msgstr ""
15641
15640
15642
#: serverguide/C/network-auth.xml:1878(para)
15641
#: serverguide/C/network-auth.xml:1885(para)
15643
15642
msgid "Delete a user:"
15644
15643
msgstr ""
15645
15644
15646
#: serverguide/C/network-auth.xml:1883(command)
15645
#: serverguide/C/network-auth.xml:1890(command)
15647
15646
msgid "sudo ldapdeleteuser george"
15648
15647
msgstr ""
15649
15648
15650
#: serverguide/C/network-auth.xml:1889(para)
15649
#: serverguide/C/network-auth.xml:1896(para)
15651
15650
msgid "Add a group:"
15652
15651
msgstr ""
15653
15652
15654
#: serverguide/C/network-auth.xml:1894(command)
15653
#: serverguide/C/network-auth.xml:1901(command)
15655
15654
msgid "sudo ldapaddgroup qa"
15656
15655
msgstr ""
15657
15656
15658
#: serverguide/C/network-auth.xml:1900(para)
15657
#: serverguide/C/network-auth.xml:1907(para)
15659
15658
msgid "Delete a group:"
15660
15659
msgstr ""
15661
15660
15662
#: serverguide/C/network-auth.xml:1905(command)
15661
#: serverguide/C/network-auth.xml:1912(command)
15663
15662
msgid "sudo ldapdeletegroup qa"
15664
15663
msgstr ""
15665
15664
15666
#: serverguide/C/network-auth.xml:1911(para)
15665
#: serverguide/C/network-auth.xml:1918(para)
15667
15666
msgid "Add a user to a group:"
15668
15667
msgstr ""
15669
15668
15670
#: serverguide/C/network-auth.xml:1916(command)
15669
#: serverguide/C/network-auth.xml:1923(command)
15671
15670
msgid "sudo ldapaddusertogroup george qa"
15672
15671
msgstr ""
15673
15672
15674
#: serverguide/C/network-auth.xml:1919(para)
15673
#: serverguide/C/network-auth.xml:1926(para)
15675
15674
msgid ""
15676
15675
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15677
15676
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15678
15677
"role=\"italic\">george</emphasis>."
15679
15678
msgstr ""
15680
15679
15681
#: serverguide/C/network-auth.xml:1926(para)
15680
#: serverguide/C/network-auth.xml:1933(para)
15682
15681
msgid "Remove a user from a group:"
15683
15682
msgstr ""
15684
15683
15685
#: serverguide/C/network-auth.xml:1931(command)
15684
#: serverguide/C/network-auth.xml:1938(command)
15686
15685
msgid "sudo ldapdeleteuserfromgroup george qa"
15687
15686
msgstr ""
15688
15687
15689
#: serverguide/C/network-auth.xml:1934(para)
15688
#: serverguide/C/network-auth.xml:1941(para)
15690
15689
msgid ""
15691
15690
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15692
15691
"<emphasis role=\"italic\">qa</emphasis> group."
15693
15692
msgstr ""
15694
15693
15695
#: serverguide/C/network-auth.xml:1941(para)
15694
#: serverguide/C/network-auth.xml:1948(para)
15696
15695
msgid ""
15697
15696
"The <application>ldapmodifyuser</application> script allows you to add, "
15698
15697
"remove, or replace a user's attributes. The script uses the same syntax as "
15699
15698
"the <application>ldapmodify</application> utility. For example:"
15700
15699
msgstr ""
15701
15700
15702
#: serverguide/C/network-auth.xml:1947(command)
15701
#: serverguide/C/network-auth.xml:1954(command)
15703
15702
msgid "sudo ldapmodifyuser george"
15704
15703
msgstr ""
15705
15704
15706
#: serverguide/C/network-auth.xml:1948(computeroutput)
15705
#: serverguide/C/network-auth.xml:1955(computeroutput)
15707
15706
#, no-wrap
15708
15707
msgid ""
15709
15708
"# About to modify the following entry :\n"
15724
15723
"dn: uid=george,ou=People,dc=example,dc=com"
15725
15724
msgstr ""
15726
15725
15727
#: serverguide/C/network-auth.xml:1964(userinput)
15726
#: serverguide/C/network-auth.xml:1971(userinput)
15728
15727
#, no-wrap
15729
15728
msgid ""
15730
15729
"replace: gecos\n"
15731
15730
"gecos: George Carlin"
15732
15731
msgstr ""
15733
15732
15734
#: serverguide/C/network-auth.xml:1968(para)
15733
#: serverguide/C/network-auth.xml:1975(para)
15735
15734
msgid ""
15736
15735
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
15737
15736
"Carlin</quote>."
15738
15737
msgstr ""
15739
15738
15740
#: serverguide/C/network-auth.xml:1979(para)
15739
#: serverguide/C/network-auth.xml:1981(para)
15741
15740
msgid ""
15742
15741
"A nice feature of <application>ldapscripts</application> is the template "
15743
15742
"system. Templates allow you to customize the attributes of user, group, and "
15746
15745
"changing:"
15747
15746
msgstr ""
15748
15747
15749
#: serverguide/C/network-auth.xml:1980(programlisting)
15748
#: serverguide/C/network-auth.xml:1987(programlisting)
15750
15749
#, no-wrap
15751
15750
msgid ""
15752
15751
"\n"
15753
15752
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
15754
15753
msgstr ""
15755
15754
15756
#: serverguide/C/network-auth.xml:1984(para)
15755
#: serverguide/C/network-auth.xml:1991(para)
15757
15756
msgid ""
15758
15757
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
15759
15758
"<filename>/usr/share/doc/ldapscripts/examples</filename> directory. Copy or "
15761
15760
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
15762
15761
msgstr ""
15763
15762
15764
#: serverguide/C/network-auth.xml:1991(command)
15763
#: serverguide/C/network-auth.xml:1998(command)
15765
15764
msgid ""
15766
15765
"sudo cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \\ "
15767
15766
"/etc/ldapscripts/ldapadduser.template"
15768
15767
msgstr ""
15769
15768
15770
#: serverguide/C/network-auth.xml:1995(para)
15769
#: serverguide/C/network-auth.xml:2002(para)
15771
15770
msgid ""
15772
15771
"Edit the new template to add the desired attributes. The following will "
15773
15772
"create new users with an objectClass of inetOrgPerson:"
15774
15773
msgstr ""
15775
15774
15776
#: serverguide/C/network-auth.xml:2000(programlisting)
15775
#: serverguide/C/network-auth.xml:2007(programlisting)
15777
15776
#, no-wrap
15778
15777
msgid ""
15779
15778
"\n"
15792
15791
"title: Employee\n"
15793
15792
msgstr ""
15794
15793
15795
#: serverguide/C/network-auth.xml:2016(para)
15794
#: serverguide/C/network-auth.xml:2023(para)
15796
15795
msgid ""
15797
15796
"Notice the <emphasis><ask></emphasis> option used for the "
15798
15797
"<emphasis>sn</emphasis> attribute. This will make "
15799
15798
"<application>ldapadduser</application> prompt you for its value."
15800
15799
msgstr ""
15801
15800
15802
#: serverguide/C/network-auth.xml:2024(para)
15801
#: serverguide/C/network-auth.xml:2031(para)
15803
15802
msgid ""
15804
15803
"There are utilities in the package that were not covered here. Here is a "
15805
15804
"complete list:"
15806
15805
msgstr ""
15807
15806
15808
#: serverguide/C/network-auth.xml:2029(ulink)
15807
#: serverguide/C/network-auth.xml:2036(ulink)
15809
15808
msgid "ldaprenamemachine"
15810
15809
msgstr ""
15811
15810
15812
#: serverguide/C/network-auth.xml:2030(ulink)
15811
#: serverguide/C/network-auth.xml:2037(ulink)
15813
15812
msgid "ldapadduser"
15814
15813
msgstr ""
15815
15814
15816
#: serverguide/C/network-auth.xml:2031(ulink)
15815
#: serverguide/C/network-auth.xml:2038(ulink)
15817
15816
msgid "ldapdeleteuserfromgroup"
15818
15817
msgstr ""
15819
15818
15820
#: serverguide/C/network-auth.xml:2032(ulink)
15819
#: serverguide/C/network-auth.xml:2039(ulink)
15821
15820
msgid "ldapfinger"
15822
15821
msgstr ""
15823
15822
15824
#: serverguide/C/network-auth.xml:2033(ulink)
15823
#: serverguide/C/network-auth.xml:2040(ulink)
15825
15824
msgid "ldapid"
15826
15825
msgstr ""
15827
15826
15828
#: serverguide/C/network-auth.xml:2034(ulink)
15827
#: serverguide/C/network-auth.xml:2041(ulink)
15829
15828
msgid "ldapgid"
15830
15829
msgstr ""
15831
15830
15832
#: serverguide/C/network-auth.xml:2035(ulink)
15831
#: serverguide/C/network-auth.xml:2042(ulink)
15833
15832
msgid "ldapmodifyuser"
15834
15833
msgstr ""
15835
15834
15836
#: serverguide/C/network-auth.xml:2036(ulink)
15835
#: serverguide/C/network-auth.xml:2043(ulink)
15837
15836
msgid "ldaprenameuser"
15838
15837
msgstr ""
15839
15838
15840
#: serverguide/C/network-auth.xml:2037(ulink)
15839
#: serverguide/C/network-auth.xml:2044(ulink)
15841
15840
msgid "lsldap"
15842
15841
msgstr ""
15843
15842
15844
#: serverguide/C/network-auth.xml:2038(ulink)
15843
#: serverguide/C/network-auth.xml:2045(ulink)
15845
15844
msgid "ldapaddusertogroup"
15846
15845
msgstr ""
15847
15846
15848
#: serverguide/C/network-auth.xml:2039(ulink)
15847
#: serverguide/C/network-auth.xml:2046(ulink)
15849
15848
msgid "ldapsetpasswd"
15850
15849
msgstr ""
15851
15850
15852
#: serverguide/C/network-auth.xml:2040(ulink)
15851
#: serverguide/C/network-auth.xml:2047(ulink)
15853
15852
msgid "ldapinit"
15854
15853
msgstr ""
15855
15854
15856
#: serverguide/C/network-auth.xml:2041(ulink)
15855
#: serverguide/C/network-auth.xml:2048(ulink)
15857
15856
msgid "ldapaddgroup"
15858
15857
msgstr ""
15859
15858
15860
#: serverguide/C/network-auth.xml:2042(ulink)
15859
#: serverguide/C/network-auth.xml:2049(ulink)
15861
15860
msgid "ldapdeletegroup"
15862
15861
msgstr ""
15863
15862
15864
#: serverguide/C/network-auth.xml:2043(ulink)
15863
#: serverguide/C/network-auth.xml:2050(ulink)
15865
15864
msgid "ldapmodifygroup"
15866
15865
msgstr ""
15867
15866
15868
#: serverguide/C/network-auth.xml:2044(ulink)
15867
#: serverguide/C/network-auth.xml:2051(ulink)
15869
15868
msgid "ldapdeletemachine"
15870
15869
msgstr ""
15871
15870
15872
#: serverguide/C/network-auth.xml:2045(ulink)
15871
#: serverguide/C/network-auth.xml:2052(ulink)
15873
15872
msgid "ldaprenamegroup"
15874
15873
msgstr ""
15875
15874
15876
#: serverguide/C/network-auth.xml:2046(ulink)
15875
#: serverguide/C/network-auth.xml:2053(ulink)
15877
15876
msgid "ldapaddmachine"
15878
15877
msgstr ""
15879
15878
15880
#: serverguide/C/network-auth.xml:2047(ulink)
15879
#: serverguide/C/network-auth.xml:2054(ulink)
15881
15880
msgid "ldapmodifymachine"
15882
15881
msgstr ""
15883
15882
15884
#: serverguide/C/network-auth.xml:2048(ulink)
15883
#: serverguide/C/network-auth.xml:2055(ulink)
15885
15884
msgid "ldapsetprimarygroup"
15886
15885
msgstr ""
15887
15886
15888
#: serverguide/C/network-auth.xml:2049(ulink)
15887
#: serverguide/C/network-auth.xml:2056(ulink)
15889
15888
msgid "ldapdeleteuser"
15890
15889
msgstr ""
15891
15890
15892
#: serverguide/C/network-auth.xml:2055(title)
15891
#: serverguide/C/network-auth.xml:2062(title)
15893
15892
msgid "Backup and Restore"
15894
15893
msgstr ""
15895
15894
15896
#: serverguide/C/network-auth.xml:2057(para)
15895
#: serverguide/C/network-auth.xml:2064(para)
15897
15896
msgid ""
15898
15897
"Now we have ldap running just the way we want, it is time to ensure we can "
15899
15898
"save all of our work and restore it as needed."
15900
15899
msgstr ""
15901
15900
15902
#: serverguide/C/network-auth.xml:2062(para)
15901
#: serverguide/C/network-auth.xml:2069(para)
15903
15902
msgid ""
15904
15903
"What we need is a way to backup the ldap database(s), specifically the "
15905
15904
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15908
15907
"script, called <filename>/usr/local/bin/ldapbackup</filename>:"
15909
15908
msgstr ""
15910
15909
15911
#: serverguide/C/network-auth.xml:2072(programlisting)
15910
#: serverguide/C/network-auth.xml:2079(programlisting)
15912
15911
#, no-wrap
15913
15912
msgid ""
15914
15913
"\n"
15923
15922
"chmod 640 ${BACKUP_PATH}/*.ldif\n"
15924
15923
msgstr ""
15925
15924
15926
#: serverguide/C/network-auth.xml:2085(para)
15925
#: serverguide/C/network-auth.xml:2092(para)
15927
15926
msgid ""
15928
15927
"These files are uncompressed text files containing everything in your ldap "
15929
15928
"databases including the tree layout, usernames, and every password. So, you "
15933
15932
"requirements."
15934
15933
msgstr ""
15935
15934
15936
#: serverguide/C/network-auth.xml:2096(para)
15935
#: serverguide/C/network-auth.xml:2103(para)
15937
15936
msgid ""
15938
15937
"Then, it is just a matter of having a cron script to run this program as "
15939
15938
"often as we feel comfortable with. For many, once a day suffices. For "
15942
15941
"22:45h:"
15943
15942
msgstr ""
15944
15943
15945
#: serverguide/C/network-auth.xml:2104(programlisting)
15944
#: serverguide/C/network-auth.xml:2111(programlisting)
15946
15945
#, no-wrap
15947
15946
msgid ""
15948
15947
"\n"
15950
15949
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15951
15950
msgstr ""
15952
15951
15953
#: serverguide/C/network-auth.xml:2109(para)
15952
#: serverguide/C/network-auth.xml:2116(para)
15954
15953
msgid "Now the files are created, they should be copied to a backup server."
15955
15954
msgstr ""
15956
15955
15957
#: serverguide/C/network-auth.xml:2114(para)
15956
#: serverguide/C/network-auth.xml:2121(para)
15958
15957
msgid ""
15959
15958
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15960
15959
"something like this:"
15961
15960
msgstr ""
15962
15961
15963
#: serverguide/C/network-auth.xml:2120(command)
15962
#: serverguide/C/network-auth.xml:2127(command)
15964
15963
msgid "sudo service slapd stop"
15965
15964
msgstr ""
15966
15965
15967
#: serverguide/C/network-auth.xml:2121(command)
15966
#: serverguide/C/network-auth.xml:2128(command)
15968
15967
msgid "sudo mkdir /var/lib/ldap/accesslog"
15969
15968
msgstr ""
15970
15969
15971
#: serverguide/C/network-auth.xml:2122(command)
15970
#: serverguide/C/network-auth.xml:2129(command)
15972
15971
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15973
15972
msgstr ""
15974
15973
15975
#: serverguide/C/network-auth.xml:2123(command)
15974
#: serverguide/C/network-auth.xml:2130(command)
15976
15975
msgid ""
15977
15976
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15978
15977
msgstr ""
15979
15978
15980
#: serverguide/C/network-auth.xml:2124(command)
15979
#: serverguide/C/network-auth.xml:2131(command)
15981
15980
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15982
15981
msgstr ""
15983
15982
15984
#: serverguide/C/network-auth.xml:2125(command)
15983
#: serverguide/C/network-auth.xml:2132(command)
15985
15984
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
15986
15985
msgstr ""
15987
15986
15988
#: serverguide/C/network-auth.xml:2126(command)
15987
#: serverguide/C/network-auth.xml:2133(command)
15989
15988
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
15990
15989
msgstr ""
15991
15990
15992
#: serverguide/C/network-auth.xml:2127(command)
15991
#: serverguide/C/network-auth.xml:2134(command)
15993
15992
msgid "sudo service slapd start"
15994
15993
msgstr ""
15995
15994
15996
#: serverguide/C/network-auth.xml:2138(para)
15995
#: serverguide/C/network-auth.xml:2145(para)
15997
15996
msgid ""
15998
15997
"The primary resource is the upstream documentation: <ulink "
15999
15998
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
16000
15999
msgstr ""
16001
16000
16002
#: serverguide/C/network-auth.xml:2144(para)
16001
#: serverguide/C/network-auth.xml:2151(para)
16003
16002
msgid ""
16004
16003
"There are many man pages that come with the slapd package. Here are some "
16005
16004
"important ones, especially considering the material presented in this guide:"
16006
16005
msgstr ""
16007
16006
16008
#: serverguide/C/network-auth.xml:2150(ulink)
16007
#: serverguide/C/network-auth.xml:2157(ulink)
16009
16008
msgid "slapd"
16010
16009
msgstr ""
16011
16010
16012
#: serverguide/C/network-auth.xml:2151(ulink)
16011
#: serverguide/C/network-auth.xml:2158(ulink)
16013
16012
msgid "slapd-config"
16014
16013
msgstr ""
16015
16014
16016
#: serverguide/C/network-auth.xml:2152(ulink)
16015
#: serverguide/C/network-auth.xml:2159(ulink)
16017
16016
msgid "slapd.access"
16018
16017
msgstr ""
16019
16018
16020
#: serverguide/C/network-auth.xml:2153(ulink)
16019
#: serverguide/C/network-auth.xml:2160(ulink)
16021
16020
msgid "slapo-syncprov"
16022
16021
msgstr ""
16023
16022
16024
#: serverguide/C/network-auth.xml:2159(para)
16023
#: serverguide/C/network-auth.xml:2166(para)
16025
16024
msgid "Other man pages:"
16026
16025
msgstr ""
16027
16026
16028
#: serverguide/C/network-auth.xml:2164(ulink)
16027
#: serverguide/C/network-auth.xml:2171(ulink)
16029
16028
msgid "auth-client-config"
16030
16029
msgstr ""
16031
16030
16032
#: serverguide/C/network-auth.xml:2165(ulink)
16031
#: serverguide/C/network-auth.xml:2172(ulink)
16033
16032
msgid "pam-auth-update"
16034
16033
msgstr ""
16035
16034
16036
#: serverguide/C/network-auth.xml:2171(para)
16035
#: serverguide/C/network-auth.xml:2178(para)
16037
16036
msgid ""
16038
16037
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
16039
16038
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
16040
16039
msgstr ""
16041
16040
16042
#: serverguide/C/network-auth.xml:2177(para)
16041
#: serverguide/C/network-auth.xml:2184(para)
16043
16042
msgid ""
16044
16043
"A Ubuntu community <ulink "
16045
16044
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16046
16045
"wiki</ulink> page has a collection of notes"
16047
16046
msgstr ""
16048
16047
16049
#: serverguide/C/network-auth.xml:2183(para)
16048
#: serverguide/C/network-auth.xml:2190(para)
16050
16049
msgid ""
16051
16050
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16052
16051
"Administration</ulink> (textbook; 2003)"
16053
16052
msgstr ""
16054
16053
16055
#: serverguide/C/network-auth.xml:2189(para)
16054
#: serverguide/C/network-auth.xml:2196(para)
16056
16055
msgid ""
16057
16056
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16058
16057
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
16059
16058
msgstr ""
16060
16059
16061
#: serverguide/C/network-auth.xml:2200(title)
16060
#: serverguide/C/network-auth.xml:2207(title)
16062
16061
msgid "Samba and LDAP"
16063
16062
msgstr ""
16064
16063
16065
#: serverguide/C/network-auth.xml:2202(para)
16064
#: serverguide/C/network-auth.xml:2209(para)
16066
16065
msgid ""
16067
16066
"This section covers the integration of Samba with LDAP. The Samba server's "
16068
16067
"role will be that of a \"standalone\" server and the LDAP directory will "
16075
16074
"specifically you want Samba to do for you and then configure it accordingly."
16076
16075
msgstr ""
16077
16076
16078
#: serverguide/C/network-auth.xml:2211(title)
16077
#: serverguide/C/network-auth.xml:2218(title) serverguide/C/network-auth.xml:4000(title)
16079
16078
msgid "Software Installation"
16080
16079
msgstr ""
16081
16080
16082
#: serverguide/C/network-auth.xml:2213(para)
16081
#: serverguide/C/network-auth.xml:2220(para)
16083
16082
msgid ""
16084
16083
"There are three packages needed when integrating Samba with LDAP: "
16085
16084
"<application>samba</application>, <application>samba-doc</application>, and "
16086
16085
"<application>smbldap-tools</application> packages."
16087
16086
msgstr ""
16088
16087
16089
#: serverguide/C/network-auth.xml:2223(para)
16088
#: serverguide/C/network-auth.xml:2225(para)
16090
16089
msgid ""
16091
16090
"Strictly speaking, the <application>smbldap-tools</application> package "
16092
16091
"isn't needed, but unless you have some other way to manage the various Samba "
16094
16093
"install it."
16095
16094
msgstr ""
16096
16095
16097
#: serverguide/C/network-auth.xml:2223(para)
16096
#: serverguide/C/network-auth.xml:2230(para)
16098
16097
msgid "Install these packages now:"
16099
16098
msgstr ""
16100
16099
16101
#: serverguide/C/network-auth.xml:2228(command)
16100
#: serverguide/C/network-auth.xml:2235(command)
16102
16101
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16103
16102
msgstr ""
16104
16103
16105
#: serverguide/C/network-auth.xml:2234(title)
16104
#: serverguide/C/network-auth.xml:2241(title)
16106
16105
msgid "LDAP Configuration"
16107
16106
msgstr ""
16108
16107
16109
#: serverguide/C/network-auth.xml:2236(para)
16108
#: serverguide/C/network-auth.xml:2243(para)
16110
16109
msgid ""
16111
16110
"We will now configure the LDAP server so that it can accomodate Samba data. "
16112
16111
"We will perform three tasks in this section:"
16113
16112
msgstr ""
16114
16113
16115
#: serverguide/C/network-auth.xml:2243(para)
16114
#: serverguide/C/network-auth.xml:2250(para)
16116
16115
msgid "Import a schema"
16117
16116
msgstr ""
16118
16117
16119
#: serverguide/C/network-auth.xml:2247(para)
16118
#: serverguide/C/network-auth.xml:2254(para)
16120
16119
msgid "Index some entries"
16121
16120
msgstr ""
16122
16121
16123
#: serverguide/C/network-auth.xml:2251(para)
16122
#: serverguide/C/network-auth.xml:2258(para)
16124
16123
msgid "Add objects"
16125
16124
msgstr ""
16126
16125
16127
#: serverguide/C/network-auth.xml:2257(title)
16126
#: serverguide/C/network-auth.xml:2264(title)
16128
16127
msgid "Samba schema"
16129
16128
msgstr ""
16130
16129
16131
#: serverguide/C/network-auth.xml:2259(para)
16130
#: serverguide/C/network-auth.xml:2266(para)
16132
16131
msgid ""
16133
16132
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16134
16133
"will need to use attributes that can properly describe Samba data. Such "
16136
16135
"now."
16137
16136
msgstr ""
16138
16137
16139
#: serverguide/C/network-auth.xml:2265(para)
16138
#: serverguide/C/network-auth.xml:2272(para)
16140
16139
msgid ""
16141
16140
"For more information on schemas and their installation see <xref "
16142
16141
"linkend=\"openldap-configuration\"/>."
16143
16142
msgstr ""
16144
16143
16145
#: serverguide/C/network-auth.xml:2273(para)
16144
#: serverguide/C/network-auth.xml:2280(para)
16146
16145
msgid ""
16147
16146
"The schema is found in the now-installed <application>samba-"
16148
16147
"doc</application> package. It needs to be unzipped and copied to the "
16149
16148
"<filename>/etc/ldap/schema</filename> directory:"
16150
16149
msgstr ""
16151
16150
16152
#: serverguide/C/network-auth.xml:2279(command)
16151
#: serverguide/C/network-auth.xml:2286(command)
16153
16152
msgid ""
16154
16153
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
16155
16154
"/etc/ldap/schema"
16156
16155
msgstr ""
16157
16156
16158
#: serverguide/C/network-auth.xml:2280(command)
16157
#: serverguide/C/network-auth.xml:2287(command)
16159
16158
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
16160
16159
msgstr ""
16161
16160
16162
#: serverguide/C/network-auth.xml:2286(para)
16161
#: serverguide/C/network-auth.xml:2293(para)
16163
16162
msgid ""
16164
16163
"Have the configuration file <filename>schema_convert.conf</filename> that "
16165
16164
"contains the following lines:"
16166
16165
msgstr ""
16167
16166
16168
#: serverguide/C/network-auth.xml:2290(programlisting)
16167
#: serverguide/C/network-auth.xml:2297(programlisting)
16169
16168
#, no-wrap
16170
16169
msgid ""
16171
16170
"\n"
16186
16185
"include /etc/ldap/schema/samba.schema\n"
16187
16186
msgstr ""
16188
16187
16189
#: serverguide/C/network-auth.xml:2311(para)
16188
#: serverguide/C/network-auth.xml:2318(para)
16190
16189
msgid "Have the directory <filename>ldif_output</filename> hold output."
16191
16190
msgstr ""
16192
16191
16193
#: serverguide/C/network-auth.xml:2322(command)
16192
#: serverguide/C/network-auth.xml:2329(command)
16194
16193
msgid ""
16195
16194
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16196
16195
msgstr ""
16197
16196
16198
#: serverguide/C/network-auth.xml:2323(computeroutput)
16197
#: serverguide/C/network-auth.xml:2330(computeroutput)
16199
16198
#, no-wrap
16200
16199
msgid ""
16201
16200
"\n"
16202
16201
"dn: cn={14}samba,cn=schema,cn=config\n"
16203
16202
msgstr ""
16204
16203
16205
#: serverguide/C/network-auth.xml:2331(para)
16204
#: serverguide/C/network-auth.xml:2338(para)
16206
16205
msgid "Convert the schema to LDIF format:"
16207
16206
msgstr ""
16208
16207
16209
#: serverguide/C/network-auth.xml:2336(command)
16208
#: serverguide/C/network-auth.xml:2343(command)
16210
16209
msgid ""
16211
16210
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16212
16211
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16213
16212
msgstr ""
16214
16213
16215
#: serverguide/C/network-auth.xml:2343(para)
16214
#: serverguide/C/network-auth.xml:2350(para)
16216
16215
msgid ""
16217
16216
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16218
16217
"information to arrive at:"
16219
16218
msgstr ""
16220
16219
16221
#: serverguide/C/network-auth.xml:2347(programlisting)
16220
#: serverguide/C/network-auth.xml:2354(programlisting)
16222
16221
#, no-wrap
16223
16222
msgid ""
16224
16223
"\n"
16227
16226
"cn: samba\n"
16228
16227
msgstr ""
16229
16228
16230
#: serverguide/C/network-auth.xml:2353(para)
16229
#: serverguide/C/network-auth.xml:2360(para)
16231
16230
msgid "Remove the bottom lines:"
16232
16231
msgstr ""
16233
16232
16234
#: serverguide/C/network-auth.xml:2357(programlisting)
16233
#: serverguide/C/network-auth.xml:2364(programlisting)
16235
16234
#, no-wrap
16236
16235
msgid ""
16237
16236
"\n"
16244
16243
"modifyTimestamp: 20080827045234Z\n"
16245
16244
msgstr ""
16246
16245
16247
#: serverguide/C/network-auth.xml:2373(para)
16246
#: serverguide/C/network-auth.xml:2380(para)
16248
16247
msgid "Add the new schema:"
16249
16248
msgstr ""
16250
16249
16251
#: serverguide/C/network-auth.xml:2378(command)
16250
#: serverguide/C/network-auth.xml:2385(command)
16252
16251
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16253
16252
msgstr ""
16254
16253
16255
#: serverguide/C/network-auth.xml:2381(para)
16254
#: serverguide/C/network-auth.xml:2388(para)
16256
16255
msgid "To query and view this new schema:"
16257
16256
msgstr ""
16258
16257
16259
#: serverguide/C/network-auth.xml:2386(command)
16258
#: serverguide/C/network-auth.xml:2393(command)
16260
16259
msgid ""
16261
16260
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16262
16261
"'cn=*samba*'"
16263
16262
msgstr ""
16264
16263
16265
#: serverguide/C/network-auth.xml:2396(title)
16264
#: serverguide/C/network-auth.xml:2403(title)
16266
16265
msgid "Samba indices"
16267
16266
msgstr ""
16268
16267
16269
#: serverguide/C/network-auth.xml:2398(para)
16268
#: serverguide/C/network-auth.xml:2405(para)
16270
16269
msgid ""
16271
16270
"Now that slapd knows about the Samba attributes, we can set up some indices "
16272
16271
"based on them. Indexing entries is a way to improve performance when a "
16273
16272
"client performs a filtered search on the DIT."
16274
16273
msgstr ""
16275
16274
16276
#: serverguide/C/network-auth.xml:2403(para)
16275
#: serverguide/C/network-auth.xml:2410(para)
16277
16276
msgid ""
16278
16277
"Create the file <filename>samba_indices.ldif</filename> with the following "
16279
16278
"contents:"
16280
16279
msgstr ""
16281
16280
16282
#: serverguide/C/network-auth.xml:2407(programlisting)
16281
#: serverguide/C/network-auth.xml:2414(programlisting)
16283
16282
#, no-wrap
16284
16283
msgid ""
16285
16284
"\n"
16300
16299
"olcDbIndex: default sub\n"
16301
16300
msgstr ""
16302
16301
16303
#: serverguide/C/network-auth.xml:2425(para)
16302
#: serverguide/C/network-auth.xml:2432(para)
16304
16303
msgid ""
16305
16304
"Using the <application>ldapmodify</application> utility load the new indices:"
16306
16305
msgstr ""
16307
16306
16308
#: serverguide/C/network-auth.xml:2430(command)
16307
#: serverguide/C/network-auth.xml:2437(command)
16309
16308
msgid "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif"
16310
16309
msgstr ""
16311
16310
16312
#: serverguide/C/network-auth.xml:2433(para)
16311
#: serverguide/C/network-auth.xml:2440(para)
16313
16312
msgid ""
16314
16313
"If all went well you should see the new indices using "
16315
16314
"<application>ldapsearch</application>:"
16316
16315
msgstr ""
16317
16316
16318
#: serverguide/C/network-auth.xml:2438(command)
16317
#: serverguide/C/network-auth.xml:2445(command)
16319
16318
msgid ""
16320
16319
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H \\ ldapi:/// -b cn=config "
16321
16320
"olcDatabase={1}hdb olcDbIndex"
16322
16321
msgstr ""
16323
16322
16324
#: serverguide/C/network-auth.xml:2445(title)
16323
#: serverguide/C/network-auth.xml:2452(title)
16325
16324
msgid "Adding Samba LDAP objects"
16326
16325
msgstr ""
16327
16326
16328
#: serverguide/C/network-auth.xml:2452(para)
16327
#: serverguide/C/network-auth.xml:2454(para)
16329
16328
msgid ""
16330
16329
"Next, configure the <application>smbldap-tools</application> package to "
16331
16330
"match your environment. The package is supposed to come with a configuration "
16336
16335
"smbldap-tools')."
16337
16336
msgstr ""
16338
16337
16339
#: serverguide/C/network-auth.xml:2459(para)
16338
#: serverguide/C/network-auth.xml:2461(para)
16340
16339
msgid ""
16341
16340
"To manually configure the package, you need to create and edit the files "
16342
16341
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16343
16342
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16344
16343
msgstr ""
16345
16344
16346
#: serverguide/C/network-auth.xml:2464(para)
16345
#: serverguide/C/network-auth.xml:2466(para)
16347
16346
msgid ""
16348
16347
"The <application>smbldap-populate</application> script will then add the "
16349
16348
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16350
16349
"your DIT using <application>slapcat</application>:"
16351
16350
msgstr ""
16352
16351
16353
#: serverguide/C/network-auth.xml:2473(command)
16352
#: serverguide/C/network-auth.xml:2472(command)
16354
16353
msgid "sudo slapcat -l backup.ldif"
16355
16354
msgstr ""
16356
16355
16357
#: serverguide/C/network-auth.xml:2476(para)
16356
#: serverguide/C/network-auth.xml:2475(para)
16358
16357
msgid "Once you have a backup proceed to populate your directory:"
16359
16358
msgstr ""
16360
16359
16361
#: serverguide/C/network-auth.xml:2481(command)
16360
#: serverguide/C/network-auth.xml:2480(command)
16362
16361
msgid "sudo smbldap-populate"
16363
16362
msgstr ""
16364
16363
16365
#: serverguide/C/network-auth.xml:2484(para)
16364
#: serverguide/C/network-auth.xml:2483(para)
16366
16365
msgid ""
16367
16366
"You can create a LDIF file containing the new Samba objects by executing "
16368
16367
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16371
16370
"and import its data per usual."
16372
16371
msgstr ""
16373
16372
16374
#: serverguide/C/network-auth.xml:2490(para)
16373
#: serverguide/C/network-auth.xml:2489(para)
16375
16374
msgid ""
16376
16375
"Your LDAP directory now has the necessary information to authenticate Samba "
16377
16376
"users."
16378
16377
msgstr ""
16379
16378
16380
#: serverguide/C/network-auth.xml:2499(title)
16379
#: serverguide/C/network-auth.xml:2498(title) serverguide/C/network-auth.xml:4032(title)
16381
16380
msgid "Samba Configuration"
16382
16381
msgstr ""
16383
16382
16384
#: serverguide/C/network-auth.xml:2498(para)
16383
#: serverguide/C/network-auth.xml:2500(para)
16385
16384
msgid ""
16386
16385
"There are multiple ways to configure Samba. For details on some common "
16387
16386
"configurations see <xref linkend=\"samba\"/>. To configure Samba to use "
16390
16389
"adding some ldap-related ones:"
16391
16390
msgstr ""
16392
16391
16393
#: serverguide/C/network-auth.xml:2507(programlisting)
16392
#: serverguide/C/network-auth.xml:2506(programlisting)
16394
16393
#, no-wrap
16395
16394
msgid ""
16396
16395
"\n"
16410
16409
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
16411
16410
msgstr ""
16412
16411
16413
#: serverguide/C/network-auth.xml:2524(para)
16412
#: serverguide/C/network-auth.xml:2523(para)
16414
16413
msgid "Change the values to match your environment."
16415
16414
msgstr ""
16416
16415
16417
#: serverguide/C/network-auth.xml:2528(para)
16416
#: serverguide/C/network-auth.xml:2527(para)
16418
16417
msgid "Restart <application>samba</application> to enable the new settings:"
16419
16418
msgstr ""
16420
16419
16421
#: serverguide/C/network-auth.xml:2537(para)
16420
#: serverguide/C/network-auth.xml:2536(para)
16422
16421
msgid ""
16423
16422
"Now inform Samba about the rootDN user's password (the one set during the "
16424
16423
"installation of the slapd package):"
16425
16424
msgstr ""
16426
16425
16427
#: serverguide/C/network-auth.xml:2542(command)
16426
#: serverguide/C/network-auth.xml:2541(command)
16428
16427
msgid "sudo smbpasswd -w password"
16429
16428
msgstr ""
16430
16429
16431
#: serverguide/C/network-auth.xml:2545(para)
16430
#: serverguide/C/network-auth.xml:2544(para)
16432
16431
msgid ""
16433
16432
"If you have existing LDAP users that you want to include in your new LDAP-"
16434
16433
"backed Samba they will, of course, also need to be given some of the extra "
16438
16437
"<application>libnss-ldap</application>):"
16439
16438
msgstr ""
16440
16439
16441
#: serverguide/C/network-auth.xml:2553(command)
16440
#: serverguide/C/network-auth.xml:2552(command)
16442
16441
msgid "sudo smbpasswd -a username"
16443
16442
msgstr ""
16444
16443
16445
#: serverguide/C/network-auth.xml:2556(para)
16444
#: serverguide/C/network-auth.xml:2555(para)
16446
16445
msgid ""
16447
16446
"You will prompted to enter a password. It will be considered as the new "
16448
16447
"password for that user. Making it the same as before is reasonable."
16449
16448
msgstr ""
16450
16449
16451
#: serverguide/C/network-auth.xml:2560(para)
16450
#: serverguide/C/network-auth.xml:2559(para)
16452
16451
msgid ""
16453
16452
"To manage user, group, and machine accounts use the utilities provided by "
16454
16453
"the <application>smbldap-tools</application> package. Here are some examples:"
16455
16454
msgstr ""
16456
16455
16457
#: serverguide/C/network-auth.xml:2568(para)
16456
#: serverguide/C/network-auth.xml:2567(para)
16458
16457
msgid "To add a new user:"
16459
16458
msgstr ""
16460
16459
16461
#: serverguide/C/network-auth.xml:2573(command)
16460
#: serverguide/C/network-auth.xml:2572(command)
16462
16461
msgid "sudo smbldap-useradd -a -P username"
16463
16462
msgstr ""
16464
16463
16465
#: serverguide/C/network-auth.xml:2576(para)
16464
#: serverguide/C/network-auth.xml:2575(para)
16466
16465
msgid ""
16467
16466
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16468
16467
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16470
16469
"a password for the user."
16471
16470
msgstr ""
16472
16471
16473
#: serverguide/C/network-auth.xml:2583(para)
16472
#: serverguide/C/network-auth.xml:2582(para)
16474
16473
msgid "To remove a user:"
16475
16474
msgstr ""
16476
16475
16477
#: serverguide/C/network-auth.xml:2588(command)
16476
#: serverguide/C/network-auth.xml:2587(command)
16478
16477
msgid "sudo smbldap-userdel username"
16479
16478
msgstr ""
16480
16479
16481
#: serverguide/C/network-auth.xml:2591(para)
16480
#: serverguide/C/network-auth.xml:2590(para)
16482
16481
msgid ""
16483
16482
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16484
16483
"user's home directory."
16485
16484
msgstr ""
16486
16485
16487
#: serverguide/C/network-auth.xml:2597(para)
16486
#: serverguide/C/network-auth.xml:2596(para)
16488
16487
msgid "To add a group:"
16489
16488
msgstr ""
16490
16489
16491
#: serverguide/C/network-auth.xml:2602(command)
16490
#: serverguide/C/network-auth.xml:2601(command)
16492
16491
msgid "sudo smbldap-groupadd -a groupname"
16493
16492
msgstr ""
16494
16493
16495
#: serverguide/C/network-auth.xml:2605(para)
16494
#: serverguide/C/network-auth.xml:2604(para)
16496
16495
msgid ""
16497
16496
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16498
16497
"a</emphasis> adds the Samba attributes."
16499
16498
msgstr ""
16500
16499
16501
#: serverguide/C/network-auth.xml:2611(para)
16500
#: serverguide/C/network-auth.xml:2610(para)
16502
16501
msgid "To make an existing user a member of a group:"
16503
16502
msgstr ""
16504
16503
16505
#: serverguide/C/network-auth.xml:2616(command)
16504
#: serverguide/C/network-auth.xml:2615(command)
16506
16505
msgid "sudo smbldap-groupmod -m username groupname"
16507
16506
msgstr ""
16508
16507
16509
#: serverguide/C/network-auth.xml:2619(para)
16508
#: serverguide/C/network-auth.xml:2618(para)
16510
16509
msgid ""
16511
16510
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16512
16511
"listing them in comma-separated format."
16513
16512
msgstr ""
16514
16513
16515
#: serverguide/C/network-auth.xml:2625(para)
16514
#: serverguide/C/network-auth.xml:2624(para)
16516
16515
msgid "To remove a user from a group:"
16517
16516
msgstr ""
16518
16517
16519
#: serverguide/C/network-auth.xml:2630(command)
16518
#: serverguide/C/network-auth.xml:2629(command)
16520
16519
msgid "sudo smbldap-groupmod -x username groupname"
16521
16520
msgstr ""
16522
16521
16523
#: serverguide/C/network-auth.xml:2636(para)
16522
#: serverguide/C/network-auth.xml:2635(para)
16524
16523
msgid "To add a Samba machine account:"
16525
16524
msgstr ""
16526
16525
16527
#: serverguide/C/network-auth.xml:2641(command)
16526
#: serverguide/C/network-auth.xml:2640(command)
16528
16527
msgid "sudo smbldap-useradd -t 0 -w username"
16529
16528
msgstr ""
16530
16529
16531
#: serverguide/C/network-auth.xml:2644(para)
16530
#: serverguide/C/network-auth.xml:2643(para)
16532
16531
msgid ""
16533
16532
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16534
16533
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16538
16537
"<application>smbldap-useradd</application>."
16539
16538
msgstr ""
16540
16539
16541
#: serverguide/C/network-auth.xml:2653(para)
16540
#: serverguide/C/network-auth.xml:2652(para)
16542
16541
msgid ""
16543
16542
"There are utilities in the <application>smbldap-tools</application> package "
16544
16543
"that were not covered here. Here is a complete list:"
16545
16544
msgstr ""
16546
16545
16546
#: serverguide/C/network-auth.xml:2657(ulink)
16547
msgid "smbldap-groupadd"
16548
msgstr ""
16549
16547
16550
#: serverguide/C/network-auth.xml:2658(ulink)
16548
msgid "smbldap-groupadd"
16551
msgid "smbldap-groupdel"
16549
16552
msgstr ""
16550
16553
16551
16554
#: serverguide/C/network-auth.xml:2659(ulink)
16552
msgid "smbldap-groupdel"
16555
msgid "smbldap-groupmod"
16553
16556
msgstr ""
16554
16557
16555
16558
#: serverguide/C/network-auth.xml:2660(ulink)
16556
msgid "smbldap-groupmod"
16559
msgid "smbldap-groupshow"
16557
16560
msgstr ""
16558
16561
16559
16562
#: serverguide/C/network-auth.xml:2661(ulink)
16560
msgid "smbldap-groupshow"
16563
msgid "smbldap-passwd"
16561
16564
msgstr ""
16562
16565
16563
16566
#: serverguide/C/network-auth.xml:2662(ulink)
16564
msgid "smbldap-passwd"
16567
msgid "smbldap-populate"
16565
16568
msgstr ""
16566
16569
16567
16570
#: serverguide/C/network-auth.xml:2663(ulink)
16568
msgid "smbldap-populate"
16571
msgid "smbldap-useradd"
16569
16572
msgstr ""
16570
16573
16571
16574
#: serverguide/C/network-auth.xml:2664(ulink)
16572
msgid "smbldap-useradd"
16575
msgid "smbldap-userdel"
16573
16576
msgstr ""
16574
16577
16575
16578
#: serverguide/C/network-auth.xml:2665(ulink)
16576
msgid "smbldap-userdel"
16579
msgid "smbldap-userinfo"
16577
16580
msgstr ""
16578
16581
16579
16582
#: serverguide/C/network-auth.xml:2666(ulink)
16580
msgid "smbldap-userinfo"
16583
msgid "smbldap-userlist"
16581
16584
msgstr ""
16582
16585
16583
16586
#: serverguide/C/network-auth.xml:2667(ulink)
16584
msgid "smbldap-userlist"
16587
msgid "smbldap-usermod"
16585
16588
msgstr ""
16586
16589
16587
16590
#: serverguide/C/network-auth.xml:2668(ulink)
16588
msgid "smbldap-usermod"
16589
msgstr ""
16590
16591
#: serverguide/C/network-auth.xml:2669(ulink)
16592
16591
msgid "smbldap-usershow"
16593
16592
msgstr ""
16594
16593
16595
#: serverguide/C/network-auth.xml:2677(para)
16594
#: serverguide/C/network-auth.xml:2679(para)
16596
16595
msgid ""
16597
16596
"For more information on installing and configuring Samba see <xref "
16598
16597
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16599
16598
msgstr ""
16600
16599
16601
#: serverguide/C/network-auth.xml:2686(para)
16600
#: serverguide/C/network-auth.xml:2685(para)
16602
16601
msgid ""
16603
16602
"There are multiple places where LDAP and Samba is documented in the upstream "
16604
16603
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16605
16604
"HOWTO Collection</ulink>."
16606
16605
msgstr ""
16607
16606
16608
#: serverguide/C/network-auth.xml:2693(para)
16607
#: serverguide/C/network-auth.xml:2692(para)
16609
16608
msgid ""
16610
16609
"Regarding the above, see specifically the <ulink "
16611
16610
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16612
16611
"Collection/passdb.html\">passdb section</ulink>."
16613
16612
msgstr ""
16614
16613
16615
#: serverguide/C/network-auth.xml:2699(para)
16614
#: serverguide/C/network-auth.xml:2698(para)
16616
16615
msgid ""
16617
16616
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16618
16617
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16619
16618
"valuable notes."
16620
16619
msgstr ""
16621
16620
16622
#: serverguide/C/network-auth.xml:2705(para)
16621
#: serverguide/C/network-auth.xml:2704(para)
16623
16622
msgid ""
16624
16623
"The main page of the <ulink "
16625
16624
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16627
16626
"prove useful."
16628
16627
msgstr ""
16629
16628
16630
#: serverguide/C/network-auth.xml:2718(title)
16629
#: serverguide/C/network-auth.xml:2717(title)
16631
16630
msgid "Kerberos"
16632
16631
msgstr "Kerberos"
16633
16632
16634
#: serverguide/C/network-auth.xml:2720(para)
16633
#: serverguide/C/network-auth.xml:2719(para)
16635
16634
msgid ""
16636
16635
"<application>Kerberos</application> is a network authentication system based "
16637
16636
"on the principal of a trusted third party. The other two parties being the "
16640
16639
"network environment one step closer to being Single Sign On (SSO)."
16641
16640
msgstr ""
16642
16641
16643
#: serverguide/C/network-auth.xml:2726(para)
16642
#: serverguide/C/network-auth.xml:2725(para)
16644
16643
msgid ""
16645
16644
"This section covers installation and configuration of a Kerberos server, and "
16646
16645
"some example client configurations."
16647
16646
msgstr ""
16648
16647
16649
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16648
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16650
16649
msgid "Overview"
16651
16650
msgstr ""
16652
16651
16653
#: serverguide/C/network-auth.xml:2733(para)
16652
#: serverguide/C/network-auth.xml:2732(para)
16654
16653
msgid ""
16655
16654
"If you are new to Kerberos there are a few terms that are good to understand "
16656
16655
"before setting up a Kerberos server. Most of the terms will relate to things "
16657
16656
"you may be familiar with in other environments:"
16658
16657
msgstr ""
16659
16658
16660
#: serverguide/C/network-auth.xml:2740(para)
16659
#: serverguide/C/network-auth.xml:2739(para)
16661
16660
msgid ""
16662
16661
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16663
16662
"by servers need to be defined as Kerberos Principals."
16664
16663
msgstr ""
16665
16664
16666
#: serverguide/C/network-auth.xml:2745(para)
16665
#: serverguide/C/network-auth.xml:2744(para)
16667
16666
msgid ""
16668
16667
"<emphasis>Instances:</emphasis> are used for service principals and special "
16669
16668
"administrative principals."
16670
16669
msgstr ""
16671
16670
16672
#: serverguide/C/network-auth.xml:2750(para)
16671
#: serverguide/C/network-auth.xml:2749(para)
16673
16672
msgid ""
16674
16673
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16675
16674
"Kerberos installation. Think of it as the domain or group your hosts and "
16678
16677
"as the realm."
16679
16678
msgstr ""
16680
16679
16681
#: serverguide/C/network-auth.xml:2759(para)
16680
#: serverguide/C/network-auth.xml:2758(para)
16682
16681
msgid ""
16683
16682
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
16684
16683
"a database of all principals, the authentication server, and the ticket "
16685
16684
"granting server. For each realm there must be at least one KDC."
16686
16685
msgstr ""
16687
16686
16688
#: serverguide/C/network-auth.xml:2765(para)
16687
#: serverguide/C/network-auth.xml:2764(para)
16689
16688
msgid ""
16690
16689
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
16691
16690
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
16692
16691
"password which is known only to the user and the KDC."
16693
16692
msgstr ""
16694
16693
16695
#: serverguide/C/network-auth.xml:2771(para)
16694
#: serverguide/C/network-auth.xml:2770(para)
16696
16695
msgid ""
16697
16696
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
16698
16697
"clients upon request."
16699
16698
msgstr ""
16700
16699
16701
#: serverguide/C/network-auth.xml:2776(para)
16700
#: serverguide/C/network-auth.xml:2775(para)
16702
16701
msgid ""
16703
16702
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
16704
16703
"One principal being a user and the other a service requested by the user. "
16706
16705
"authenticated session."
16707
16706
msgstr ""
16708
16707
16709
#: serverguide/C/network-auth.xml:2782(para)
16708
#: serverguide/C/network-auth.xml:2781(para)
16710
16709
msgid ""
16711
16710
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
16712
16711
"principal database and contain the encryption key for a service or host."
16713
16712
msgstr ""
16714
16713
16715
#: serverguide/C/network-auth.xml:2789(para)
16714
#: serverguide/C/network-auth.xml:2788(para)
16716
16715
msgid ""
16717
16716
"To put the pieces together, a Realm has at least one KDC, preferably more "
16718
16717
"for redundancy, which contains a database of Principals. When a user "
16724
16723
"entering another username and password."
16725
16724
msgstr ""
16726
16725
16727
#: serverguide/C/network-auth.xml:2798(title)
16726
#: serverguide/C/network-auth.xml:2797(title)
16728
16727
msgid "Kerberos Server"
16729
16728
msgstr ""
16730
16729
16731
#: serverguide/C/network-auth.xml:2802(para)
16730
#: serverguide/C/network-auth.xml:2801(para)
16732
16731
msgid ""
16733
16732
"For this discussion, we will create a MIT Kerberos domain with the following "
16734
16733
"features (edit them to fit your needs):"
16735
16734
msgstr ""
16736
16735
16737
#: serverguide/C/network-auth.xml:2809(para)
16736
#: serverguide/C/network-auth.xml:2808(para)
16738
16737
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16739
16738
msgstr ""
16740
16739
16741
#: serverguide/C/network-auth.xml:2814(para)
16740
#: serverguide/C/network-auth.xml:2813(para)
16742
16741
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16743
16742
msgstr ""
16744
16743
16745
#: serverguide/C/network-auth.xml:2819(para)
16744
#: serverguide/C/network-auth.xml:2818(para)
16746
16745
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16747
16746
msgstr ""
16748
16747
16749
#: serverguide/C/network-auth.xml:2824(para)
16748
#: serverguide/C/network-auth.xml:2823(para)
16750
16749
msgid "<emphasis>User principal:</emphasis> steve"
16751
16750
msgstr ""
16752
16751
16753
#: serverguide/C/network-auth.xml:2829(para)
16752
#: serverguide/C/network-auth.xml:2828(para)
16754
16753
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16755
16754
msgstr ""
16756
16755
16757
#: serverguide/C/network-auth.xml:2836(para)
16756
#: serverguide/C/network-auth.xml:2835(para)
16758
16757
msgid ""
16759
16758
"It is <emphasis>strongly</emphasis> recommended that your network-"
16760
16759
"authenticated users have their uid in a different range (say, starting at "
16761
16760
"5000) than that of your local users."
16762
16761
msgstr ""
16763
16762
16764
#: serverguide/C/network-auth.xml:2842(para)
16763
#: serverguide/C/network-auth.xml:2841(para)
16765
16764
msgid ""
16766
16765
"Before installing the Kerberos server a properly configured DNS server is "
16767
16766
"needed for your domain. Since the Kerberos Realm by convention matches the "
16770
16769
"documentation."
16771
16770
msgstr ""
16772
16771
16773
#: serverguide/C/network-auth.xml:2848(para)
16772
#: serverguide/C/network-auth.xml:2847(para)
16774
16773
msgid ""
16775
16774
"Also, Kerberos is a time sensitive protocol. So if the local system time "
16776
16775
"between a client machine and the server differs by more than five minutes "
16780
16779
"setting up NTP see <xref linkend=\"NTP\"/>."
16781
16780
msgstr ""
16782
16781
16783
#: serverguide/C/network-auth.xml:2856(para)
16782
#: serverguide/C/network-auth.xml:2855(para)
16784
16783
msgid ""
16785
16784
"The first step in creating a Kerberos Realm is to install the "
16786
16785
"<application>krb5-kdc</application> and <application>krb5-admin-"
16787
16786
"server</application> packages. From a terminal enter:"
16788
16787
msgstr ""
16789
16788
16790
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16789
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16791
16790
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16792
16791
msgstr ""
16793
16792
16794
#: serverguide/C/network-auth.xml:2865(para)
16793
#: serverguide/C/network-auth.xml:2864(para)
16795
16794
msgid ""
16796
16795
"You will be asked at the end of the install to supply the hostname for the "
16797
16796
"Kerberos and Admin servers, which may or may not be the same server, for the "
16798
16797
"realm."
16799
16798
msgstr ""
16800
16799
16801
#: serverguide/C/network-auth.xml:2872(para)
16800
#: serverguide/C/network-auth.xml:2871(para)
16802
16801
msgid "By default the realm is created from the KDC's domain name."
16803
16802
msgstr ""
16804
16803
16805
#: serverguide/C/network-auth.xml:2877(para)
16804
#: serverguide/C/network-auth.xml:2876(para)
16806
16805
msgid ""
16807
16806
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16808
16807
"utility:"
16809
16808
msgstr ""
16810
16809
16811
#: serverguide/C/network-auth.xml:2882(command)
16810
#: serverguide/C/network-auth.xml:2881(command)
16812
16811
msgid "sudo krb5_newrealm"
16813
16812
msgstr ""
16814
16813
16815
#: serverguide/C/network-auth.xml:2889(para)
16814
#: serverguide/C/network-auth.xml:2888(para)
16816
16815
msgid ""
16817
16816
"The questions asked during installation are used to configure the "
16818
16817
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16822
16821
"typing"
16823
16822
msgstr ""
16824
16823
16825
#: serverguide/C/network-auth.xml:2896(command)
16824
#: serverguide/C/network-auth.xml:2895(command)
16826
16825
msgid "sudo dpkg-reconfigure krb5-kdc"
16827
16826
msgstr ""
16828
16827
16829
#: serverguide/C/network-auth.xml:2902(para)
16828
#: serverguide/C/network-auth.xml:2901(para)
16830
16829
msgid ""
16831
16830
"Once the KDC is properly running, an admin user -- the <emphasis>admin "
16832
16831
"principal</emphasis> -- is needed. It is recommended to use a different "
16834
16833
"<application>kadmin.local</application> utility in a terminal prompt enter:"
16835
16834
msgstr ""
16836
16835
16837
#: serverguide/C/network-auth.xml:2910(command) serverguide/C/network-auth.xml:3780(command)
16836
#: serverguide/C/network-auth.xml:2909(command) serverguide/C/network-auth.xml:3779(command)
16838
16837
msgid "sudo kadmin.local"
16839
16838
msgstr ""
16840
16839
16841
#: serverguide/C/network-auth.xml:2911(computeroutput)
16840
#: serverguide/C/network-auth.xml:2910(computeroutput)
16842
16841
#, no-wrap
16843
16842
msgid ""
16844
16843
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16845
16844
"kadmin.local:"
16846
16845
msgstr ""
16847
16846
16848
#: serverguide/C/network-auth.xml:2912(userinput)
16847
#: serverguide/C/network-auth.xml:2911(userinput)
16849
16848
#, no-wrap
16850
16849
msgid " addprinc steve/admin"
16851
16850
msgstr ""
16852
16851
16853
#: serverguide/C/network-auth.xml:2913(computeroutput)
16852
#: serverguide/C/network-auth.xml:2912(computeroutput)
16854
16853
#, no-wrap
16855
16854
msgid ""
16856
16855
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
16861
16860
"kadmin.local:"
16862
16861
msgstr ""
16863
16862
16864
#: serverguide/C/network-auth.xml:2917(userinput)
16863
#: serverguide/C/network-auth.xml:2916(userinput)
16865
16864
#, no-wrap
16866
16865
msgid " quit"
16867
16866
msgstr ""
16868
16867
16869
#: serverguide/C/network-auth.xml:2920(para)
16868
#: serverguide/C/network-auth.xml:2919(para)
16870
16869
msgid ""
16871
16870
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
16872
16871
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
16878
16877
"rights."
16879
16878
msgstr ""
16880
16879
16881
#: serverguide/C/network-auth.xml:2930(para)
16880
#: serverguide/C/network-auth.xml:2929(para)
16882
16881
msgid ""
16883
16882
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
16884
16883
"your Realm and admin username."
16885
16884
msgstr ""
16886
16885
16887
#: serverguide/C/network-auth.xml:2938(para)
16886
#: serverguide/C/network-auth.xml:2937(para)
16888
16887
msgid ""
16889
16888
"Next, the new admin user needs to have the appropriate Access Control List "
16890
16889
"(ACL) permissions. The permissions are configured in the "
16891
16890
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
16892
16891
msgstr ""
16893
16892
16894
#: serverguide/C/network-auth.xml:2943(programlisting)
16893
#: serverguide/C/network-auth.xml:2942(programlisting)
16895
16894
#, no-wrap
16896
16895
msgid ""
16897
16896
"\n"
16898
16897
"steve/admin@EXAMPLE.COM *\n"
16899
16898
msgstr ""
16900
16899
16901
#: serverguide/C/network-auth.xml:2947(para)
16900
#: serverguide/C/network-auth.xml:2946(para)
16902
16901
msgid ""
16903
16902
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
16904
16903
"any operation on all principals in the realm. You can configure principals "
16907
16906
"<emphasis>kadm5.acl</emphasis> man page for details."
16908
16907
msgstr ""
16909
16908
16910
#: serverguide/C/network-auth.xml:2959(para)
16909
#: serverguide/C/network-auth.xml:2958(para)
16911
16910
msgid ""
16912
16911
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16913
16912
"to take affect:"
16914
16913
msgstr ""
16915
16914
16916
#: serverguide/C/network-auth.xml:2961(command)
16915
#: serverguide/C/network-auth.xml:2963(command)
16917
16916
msgid "sudo service krb5-admin-server restart"
16918
16917
msgstr ""
16919
16918
16920
#: serverguide/C/network-auth.xml:2970(para)
16919
#: serverguide/C/network-auth.xml:2969(para)
16921
16920
msgid ""
16922
16921
"The new user principal can be tested using the <application>kinit "
16923
16922
"utility</application>:"
16924
16923
msgstr ""
16925
16924
16926
#: serverguide/C/network-auth.xml:2975(command)
16925
#: serverguide/C/network-auth.xml:2974(command)
16927
16926
msgid "kinit steve/admin"
16928
16927
msgstr ""
16929
16928
16930
#: serverguide/C/network-auth.xml:2976(computeroutput)
16929
#: serverguide/C/network-auth.xml:2975(computeroutput)
16931
16930
#, no-wrap
16932
16931
msgid "steve/admin@EXAMPLE.COM's Password:"
16933
16932
msgstr ""
16934
16933
16935
#: serverguide/C/network-auth.xml:2979(para)
16934
#: serverguide/C/network-auth.xml:2978(para)
16936
16935
msgid ""
16937
16936
"After entering the password, use the <application>klist</application> "
16938
16937
"utility to view information about the Ticket Granting Ticket (TGT):"
16939
16938
msgstr ""
16940
16939
16941
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16940
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
16942
16941
msgid "klist"
16943
16942
msgstr ""
16944
16943
16945
#: serverguide/C/network-auth.xml:2986(computeroutput)
16944
#: serverguide/C/network-auth.xml:2985(computeroutput)
16946
16945
#, no-wrap
16947
16946
msgid ""
16948
16947
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
16952
16951
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
16953
16952
msgstr ""
16954
16953
16955
#: serverguide/C/network-auth.xml:2993(para)
16954
#: serverguide/C/network-auth.xml:2992(para)
16956
16955
msgid ""
16957
16956
"Where the cache filename <filename>krb5cc_1000</filename> is composed of the "
16958
16957
"prefix <filename>krb5cc_</filename> and the user id (uid), which in this "
16961
16960
"For example:"
16962
16961
msgstr ""
16963
16962
16964
#: serverguide/C/network-auth.xml:3002(programlisting)
16963
#: serverguide/C/network-auth.xml:3001(programlisting)
16965
16964
#, no-wrap
16966
16965
msgid ""
16967
16966
"\n"
16968
16967
"192.168.0.1 kdc01.example.com kdc01\n"
16969
16968
msgstr ""
16970
16969
16971
#: serverguide/C/network-auth.xml:3006(para)
16970
#: serverguide/C/network-auth.xml:3005(para)
16972
16971
msgid ""
16973
16972
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC. "
16974
16973
"This usually happens when you have a Kerberos realm encompassing different "
16975
16974
"networks separated by routers."
16976
16975
msgstr ""
16977
16976
16978
#: serverguide/C/network-auth.xml:3015(para)
16977
#: serverguide/C/network-auth.xml:3014(para)
16979
16978
msgid ""
16980
16979
"The best way to allow clients to automatically determine the KDC for the "
16981
16980
"Realm is using DNS SRV records. Add the following to "
16982
16981
"<filename>/etc/named/db.example.com</filename>:"
16983
16982
msgstr ""
16984
16983
16985
#: serverguide/C/network-auth.xml:3021(programlisting)
16984
#: serverguide/C/network-auth.xml:3020(programlisting)
16986
16985
#, no-wrap
16987
16986
msgid ""
16988
16987
"\n"
16994
16993
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
16995
16994
msgstr ""
16996
16995
16997
#: serverguide/C/network-auth.xml:3031(para)
16996
#: serverguide/C/network-auth.xml:3030(para)
16998
16997
msgid ""
16999
16998
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
17000
16999
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
17001
17000
"KDC."
17002
17001
msgstr ""
17003
17002
17004
#: serverguide/C/network-auth.xml:3037(para)
17003
#: serverguide/C/network-auth.xml:3036(para)
17005
17004
msgid ""
17006
17005
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
17007
17006
msgstr ""
17008
17007
17009
#: serverguide/C/network-auth.xml:3044(para)
17008
#: serverguide/C/network-auth.xml:3043(para)
17010
17009
msgid "Your new Kerberos Realm is now ready to authenticate clients."
17011
17010
msgstr ""
17012
17011
17013
#: serverguide/C/network-auth.xml:3051(title)
17012
#: serverguide/C/network-auth.xml:3050(title)
17014
17013
msgid "Secondary KDC"
17015
17014
msgstr ""
17016
17015
17017
#: serverguide/C/network-auth.xml:3053(para)
17016
#: serverguide/C/network-auth.xml:3052(para)
17018
17017
msgid ""
17019
17018
"Once you have one Key Distribution Center (KDC) on your network, it is good "
17020
17019
"practice to have a Secondary KDC in case the primary becomes unavailable. "
17023
17022
"of those networks."
17024
17023
msgstr ""
17025
17024
17026
#: serverguide/C/network-auth.xml:3064(para)
17025
#: serverguide/C/network-auth.xml:3063(para)
17027
17026
msgid ""
17028
17027
"First, install the packages, and when asked for the Kerberos and Admin "
17029
17028
"server names enter the name of the Primary KDC:"
17030
17029
msgstr ""
17031
17030
17032
#: serverguide/C/network-auth.xml:3075(para)
17031
#: serverguide/C/network-auth.xml:3074(para)
17033
17032
msgid ""
17034
17033
"Once you have the packages installed, create the Secondary KDC's host "
17035
17034
"principal. From a terminal prompt, enter:"
17036
17035
msgstr ""
17037
17036
17038
#: serverguide/C/network-auth.xml:3080(command)
17037
#: serverguide/C/network-auth.xml:3079(command)
17039
17038
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
17040
17039
msgstr ""
17041
17040
17042
#: serverguide/C/network-auth.xml:3084(para)
17041
#: serverguide/C/network-auth.xml:3083(para)
17043
17042
msgid ""
17044
17043
"After, issuing any <application>kadmin</application> commands you will be "
17045
17044
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
17046
17045
"password."
17047
17046
msgstr ""
17048
17047
17049
#: serverguide/C/network-auth.xml:3093(para)
17048
#: serverguide/C/network-auth.xml:3092(para)
17050
17049
msgid "Extract the <emphasis>keytab</emphasis> file:"
17051
17050
msgstr ""
17052
17051
17053
#: serverguide/C/network-auth.xml:3098(command)
17052
#: serverguide/C/network-auth.xml:3097(command)
17054
17053
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
17055
17054
msgstr ""
17056
17055
17057
#: serverguide/C/network-auth.xml:3104(para)
17056
#: serverguide/C/network-auth.xml:3103(para)
17058
17057
msgid ""
17059
17058
"There should now be a <filename>keytab.kdc02</filename> in the current "
17060
17059
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17061
17060
msgstr ""
17062
17061
17063
#: serverguide/C/network-auth.xml:3110(command)
17062
#: serverguide/C/network-auth.xml:3109(command)
17064
17063
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17065
17064
msgstr ""
17066
17065
17067
#: serverguide/C/network-auth.xml:3114(para)
17066
#: serverguide/C/network-auth.xml:3113(para)
17068
17067
msgid ""
17069
17068
"If the path to the <filename>keytab.kdc02</filename> file is different "
17070
17069
"adjust accordingly."
17071
17070
msgstr ""
17072
17071
17073
#: serverguide/C/network-auth.xml:3119(para)
17072
#: serverguide/C/network-auth.xml:3118(para)
17074
17073
msgid ""
17075
17074
"Also, you can list the principals in a Keytab file, which can be useful when "
17076
17075
"troubleshooting, using the <application>klist</application> utility:"
17077
17076
msgstr ""
17078
17077
17079
#: serverguide/C/network-auth.xml:3125(command)
17078
#: serverguide/C/network-auth.xml:3124(command)
17080
17079
msgid "sudo klist -k /etc/krb5.keytab"
17081
17080
msgstr ""
17082
17081
17083
#: serverguide/C/network-auth.xml:3128(para)
17082
#: serverguide/C/network-auth.xml:3127(para)
17084
17083
msgid ""
17085
17084
"The <application>-k</application> option indicates the file is a keytab file."
17086
17085
msgstr ""
17087
17086
17088
#: serverguide/C/network-auth.xml:3135(para)
17087
#: serverguide/C/network-auth.xml:3134(para)
17089
17088
msgid ""
17090
17089
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17091
17090
"that lists all KDCs for the Realm. For example, on both primary and "
17092
17091
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17093
17092
msgstr ""
17094
17093
17095
#: serverguide/C/network-auth.xml:3140(programlisting)
17094
#: serverguide/C/network-auth.xml:3139(programlisting)
17096
17095
#, no-wrap
17097
17096
msgid ""
17098
17097
"\n"
17100
17099
"host/kdc02.example.com@EXAMPLE.COM\n"
17101
17100
msgstr ""
17102
17101
17103
#: serverguide/C/network-auth.xml:3148(para)
17102
#: serverguide/C/network-auth.xml:3147(para)
17104
17103
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17105
17104
msgstr ""
17106
17105
17107
#: serverguide/C/network-auth.xml:3153(command)
17106
#: serverguide/C/network-auth.xml:3152(command)
17108
17107
msgid "sudo kdb5_util -s create"
17109
17108
msgstr ""
17110
17109
17111
#: serverguide/C/network-auth.xml:3159(para)
17110
#: serverguide/C/network-auth.xml:3158(para)
17112
17111
msgid ""
17113
17112
"Now start the <application>kpropd</application> daemon, which listens for "
17114
17113
"connections from the <application>kprop</application> utility. "
17115
17114
"<application>kprop</application> is used to transfer dump files:"
17116
17115
msgstr ""
17117
17116
17118
#: serverguide/C/network-auth.xml:3166(command)
17117
#: serverguide/C/network-auth.xml:3165(command)
17119
17118
msgid "sudo kpropd -S"
17120
17119
msgstr ""
17121
17120
17122
#: serverguide/C/network-auth.xml:3172(para)
17121
#: serverguide/C/network-auth.xml:3171(para)
17123
17122
msgid ""
17124
17123
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17125
17124
"of the principal database:"
17126
17125
msgstr ""
17127
17126
17128
#: serverguide/C/network-auth.xml:3177(command)
17127
#: serverguide/C/network-auth.xml:3176(command)
17129
17128
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17130
17129
msgstr ""
17131
17130
17132
#: serverguide/C/network-auth.xml:3183(para)
17131
#: serverguide/C/network-auth.xml:3182(para)
17133
17132
msgid ""
17134
17133
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17135
17134
"<filename>/etc/krb5.keytab</filename>:"
17136
17135
msgstr ""
17137
17136
17137
#: serverguide/C/network-auth.xml:3187(command)
17138
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17139
msgstr ""
17140
17138
17141
#: serverguide/C/network-auth.xml:3188(command)
17139
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17140
msgstr ""
17141
17142
#: serverguide/C/network-auth.xml:3189(command)
17143
17142
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17144
17143
msgstr ""
17145
17144
17146
#: serverguide/C/network-auth.xml:3193(para)
17145
#: serverguide/C/network-auth.xml:3192(para)
17147
17146
msgid ""
17148
17147
"Make sure there is a <emphasis>host</emphasis> for "
17149
17148
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17150
17149
msgstr ""
17151
17150
17152
#: serverguide/C/network-auth.xml:3201(para)
17151
#: serverguide/C/network-auth.xml:3200(para)
17153
17152
msgid ""
17154
17153
"Using the <application>kprop</application> utility push the database to the "
17155
17154
"Secondary KDC:"
17156
17155
msgstr ""
17157
17156
17158
#: serverguide/C/network-auth.xml:3206(command)
17157
#: serverguide/C/network-auth.xml:3205(command)
17159
17158
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17160
17159
msgstr ""
17161
17160
17162
#: serverguide/C/network-auth.xml:3210(para)
17161
#: serverguide/C/network-auth.xml:3209(para)
17163
17162
msgid ""
17164
17163
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17165
17164
"worked. If there is an error message check "
17167
17166
"information."
17168
17167
msgstr ""
17169
17168
17170
#: serverguide/C/network-auth.xml:3216(para)
17169
#: serverguide/C/network-auth.xml:3215(para)
17171
17170
msgid ""
17172
17171
"You may also want to create a <application>cron</application> job to "
17173
17172
"periodically update the database on the Secondary KDC. For example, the "
17175
17174
"split to fit the format of this document):"
17176
17175
msgstr ""
17177
17176
17178
#: serverguide/C/network-auth.xml:3221(programlisting)
17177
#: serverguide/C/network-auth.xml:3220(programlisting)
17179
17178
#, no-wrap
17180
17179
msgid ""
17181
17180
"\n"
17184
17183
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
17185
17184
msgstr ""
17186
17185
17187
#: serverguide/C/network-auth.xml:3230(para)
17186
#: serverguide/C/network-auth.xml:3229(para)
17188
17187
msgid ""
17189
17188
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
17190
17189
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
17191
17190
msgstr ""
17192
17191
17193
#: serverguide/C/network-auth.xml:3236(command)
17192
#: serverguide/C/network-auth.xml:3235(command)
17194
17193
msgid "sudo kdb5_util stash"
17195
17194
msgstr ""
17196
17195
17197
#: serverguide/C/network-auth.xml:3242(para)
17196
#: serverguide/C/network-auth.xml:3241(para)
17198
17197
msgid ""
17199
17198
"Finally, start the <application>krb5-kdc</application> daemon on the "
17200
17199
"Secondary KDC:"
17201
17200
msgstr ""
17202
17201
17203
#: serverguide/C/network-auth.xml:3244(command) serverguide/C/network-auth.xml:3920(command)
17202
#: serverguide/C/network-auth.xml:3246(command) serverguide/C/network-auth.xml:3922(command)
17204
17203
msgid "sudo service krb5-kdc start"
17205
17204
msgstr ""
17206
17205
17207
#: serverguide/C/network-auth.xml:3253(para)
17206
#: serverguide/C/network-auth.xml:3252(para)
17208
17207
msgid ""
17209
17208
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
17210
17209
"for the Realm. You can test this by stopping the <application>krb5-"
17215
17214
"<filename>/var/log/auth.log</filename> in the Secondary KDC."
17216
17215
msgstr ""
17217
17216
17218
#: serverguide/C/network-auth.xml:3264(title)
17217
#: serverguide/C/network-auth.xml:3263(title)
17219
17218
msgid "Kerberos Linux Client"
17220
17219
msgstr ""
17221
17220
17222
#: serverguide/C/network-auth.xml:3266(para)
17221
#: serverguide/C/network-auth.xml:3265(para)
17223
17222
msgid ""
17224
17223
"This section covers configuring a Linux system as a "
17225
17224
"<application>Kerberos</application> client. This will allow access to any "
17226
17225
"kerberized services once a user has successfully logged into the system."
17227
17226
msgstr ""
17228
17227
17229
#: serverguide/C/network-auth.xml:3274(para)
17228
#: serverguide/C/network-auth.xml:3273(para)
17230
17229
msgid ""
17231
17230
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
17232
17231
"user</application> and <application>libpam-krb5</application> packages are "
17235
17234
"prompt:"
17236
17235
msgstr ""
17237
17236
17238
#: serverguide/C/network-auth.xml:3281(command)
17237
#: serverguide/C/network-auth.xml:3280(command)
17239
17238
msgid ""
17240
17239
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
17241
17240
msgstr ""
17242
17241
17243
#: serverguide/C/network-auth.xml:3284(para)
17242
#: serverguide/C/network-auth.xml:3283(para)
17244
17243
msgid ""
17245
17244
"The <application>auth-client-config</application> package allows simple "
17246
17245
"configuration of PAM for authentication from multiple sources, and the "
17251
17250
"be accessed off the network as well."
17252
17251
msgstr ""
17253
17252
17254
#: serverguide/C/network-auth.xml:3295(para)
17253
#: serverguide/C/network-auth.xml:3294(para)
17255
17254
msgid "To configure the client in a terminal enter:"
17256
17255
msgstr ""
17257
17256
17258
#: serverguide/C/network-auth.xml:3300(command)
17257
#: serverguide/C/network-auth.xml:3299(command)
17259
17258
msgid "sudo dpkg-reconfigure krb5-config"
17260
17259
msgstr ""
17261
17260
17262
#: serverguide/C/network-auth.xml:3303(para)
17261
#: serverguide/C/network-auth.xml:3302(para)
17263
17262
msgid ""
17264
17263
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
17265
17264
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
17267
17266
"Center (KDC) and Realm Administration server."
17268
17267
msgstr ""
17269
17268
17270
#: serverguide/C/network-auth.xml:3309(para)
17269
#: serverguide/C/network-auth.xml:3308(para)
17271
17270
msgid ""
17272
17271
"The <application>dpkg-reconfigure</application> adds entries to the "
17273
17272
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
17274
17273
"entries similar to the following:"
17275
17274
msgstr ""
17276
17275
17277
#: serverguide/C/network-auth.xml:3311(programlisting)
17276
#: serverguide/C/network-auth.xml:3313(programlisting)
17278
17277
#, no-wrap
17279
17278
msgid ""
17280
17279
"\n"
17288
17287
" }\n"
17289
17288
msgstr ""
17290
17289
17291
#: serverguide/C/network-auth.xml:3326(para)
17290
#: serverguide/C/network-auth.xml:3325(para)
17292
17291
msgid ""
17293
17292
"If you set the uid of each of your network-authenticated users to start at "
17294
17293
"5000, as suggested in <xref linkend=\"kerberos-server-installation\"/>, you "
17296
17295
"> 5000:"
17297
17296
msgstr ""
17298
17297
17299
#: serverguide/C/network-auth.xml:3334(command)
17298
#: serverguide/C/network-auth.xml:3333(command)
17300
17299
msgid ""
17301
17300
"# Kerberos should only be applied to ldap/kerberos users, not local ones. "
17302
17301
"for i in common-auth common-session common-account common-password; do sudo "
17304
17303
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17305
17304
msgstr ""
17306
17305
17307
#: serverguide/C/network-auth.xml:3341(para)
17306
#: serverguide/C/network-auth.xml:3340(para)
17308
17307
msgid ""
17309
17308
"This will avoid being asked for the (non-existent) Kerberos password of a "
17310
17309
"locally authenticated user when changing its password using "
17311
17310
"<command>passwd</command>."
17312
17311
msgstr ""
17313
17312
17314
#: serverguide/C/network-auth.xml:3348(para)
17313
#: serverguide/C/network-auth.xml:3347(para)
17315
17314
msgid ""
17316
17315
"You can test the configuration by requesting a ticket using the "
17317
17316
"<application>kinit</application> utility. For example:"
17318
17317
msgstr ""
17319
17318
17320
#: serverguide/C/network-auth.xml:3353(command)
17319
#: serverguide/C/network-auth.xml:3352(command)
17321
17320
msgid "kinit steve@EXAMPLE.COM"
17322
17321
msgstr ""
17323
17322
17324
#: serverguide/C/network-auth.xml:3354(computeroutput)
17323
#: serverguide/C/network-auth.xml:3353(computeroutput)
17325
17324
#, no-wrap
17326
17325
msgid "Password for steve@EXAMPLE.COM:"
17327
17326
msgstr ""
17328
17327
17329
#: serverguide/C/network-auth.xml:3357(para)
17328
#: serverguide/C/network-auth.xml:3356(para)
17330
17329
msgid ""
17331
17330
"When a ticket has been granted, the details can be viewed using "
17332
17331
"<application>klist</application>:"
17333
17332
msgstr ""
17334
17333
17335
#: serverguide/C/network-auth.xml:3363(computeroutput)
17334
#: serverguide/C/network-auth.xml:3362(computeroutput)
17336
17335
#, no-wrap
17337
17336
msgid ""
17338
17337
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17347
17346
"klist: You have no tickets cached"
17348
17347
msgstr ""
17349
17348
17350
#: serverguide/C/network-auth.xml:3375(para)
17349
#: serverguide/C/network-auth.xml:3374(para)
17351
17350
msgid ""
17352
17351
"Next, use the <application>auth-client-config</application> to configure the "
17353
17352
"<application>libpam-krb5</application> module to request a ticket during "
17354
17353
"login:"
17355
17354
msgstr ""
17356
17355
17357
#: serverguide/C/network-auth.xml:3381(command)
17356
#: serverguide/C/network-auth.xml:3380(command)
17358
17357
msgid "sudo auth-client-config -a -p kerberos_example"
17359
17358
msgstr ""
17360
17359
17361
#: serverguide/C/network-auth.xml:3384(para)
17360
#: serverguide/C/network-auth.xml:3383(para)
17362
17361
msgid ""
17363
17362
"You will should now receive a ticket upon successful login authentication."
17364
17363
msgstr ""
17365
17364
17366
#: serverguide/C/network-auth.xml:3395(para)
17365
#: serverguide/C/network-auth.xml:3394(para)
17367
17366
msgid ""
17368
17367
"For more information on MIT's version of Kerberos, see the <ulink "
17369
17368
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
17370
17369
msgstr ""
17371
17370
17372
#: serverguide/C/network-auth.xml:3400(para)
17371
#: serverguide/C/network-auth.xml:3399(para)
17373
17372
msgid ""
17374
17373
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
17375
17374
"Kerberos</ulink> page has more details."
17376
17375
msgstr ""
17377
17376
17378
#: serverguide/C/network-auth.xml:3405(para)
17377
#: serverguide/C/network-auth.xml:3404(para)
17379
17378
msgid ""
17380
17379
"O'Reilly's <ulink "
17381
17380
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17382
17381
"Guide</ulink> is a great reference when setting up Kerberos."
17383
17382
msgstr ""
17384
17383
17385
#: serverguide/C/network-auth.xml:3411(para)
17384
#: serverguide/C/network-auth.xml:3410(para)
17386
17385
msgid ""
17387
17386
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17388
17387
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17389
17388
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17390
17389
msgstr ""
17391
17390
17392
#: serverguide/C/network-auth.xml:3423(title)
17391
#: serverguide/C/network-auth.xml:3422(title)
17393
17392
msgid "Kerberos and LDAP"
17394
17393
msgstr ""
17395
17394
17396
#: serverguide/C/network-auth.xml:3425(para)
17395
#: serverguide/C/network-auth.xml:3424(para)
17397
17396
msgid ""
17398
17397
"Most people will not use Kerberos by itself; once an user is authenticated "
17399
17398
"(Kerberos), we need to figure out what this user can do (authorization). And "
17400
17399
"that would be the job of programs such as <application>LDAP</application>."
17401
17400
msgstr ""
17402
17401
17403
#: serverguide/C/network-auth.xml:3432(para)
17402
#: serverguide/C/network-auth.xml:3431(para)
17404
17403
msgid ""
17405
17404
"Replicating a Kerberos principal database between two servers can be "
17406
17405
"complicated, and adds an additional user database to your network. "
17410
17409
"<application>OpenLDAP</application> for the principal database."
17411
17410
msgstr ""
17412
17411
17413
#: serverguide/C/network-auth.xml:3440(para)
17412
#: serverguide/C/network-auth.xml:3439(para)
17414
17413
msgid ""
17415
17414
"The examples presented here assume <application>MIT Kerberos</application> "
17416
17415
"and <application>OpenLDAP</application>."
17417
17416
msgstr ""
17418
17417
17419
#: serverguide/C/network-auth.xml:3448(title)
17418
#: serverguide/C/network-auth.xml:3447(title)
17420
17419
msgid "Configuring OpenLDAP"
17421
17420
msgstr ""
17422
17421
17423
#: serverguide/C/network-auth.xml:3450(para)
17422
#: serverguide/C/network-auth.xml:3449(para)
17424
17423
msgid ""
17425
17424
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
17426
17425
"<application>OpenLDAP</application> server that has network connectivity to "
17429
17428
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17430
17429
msgstr ""
17431
17430
17432
#: serverguide/C/network-auth.xml:3456(para)
17431
#: serverguide/C/network-auth.xml:3455(para)
17433
17432
msgid ""
17434
17433
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17435
17434
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17436
17435
"linkend=\"openldap-tls\"/> for details."
17437
17436
msgstr ""
17438
17437
17439
#: serverguide/C/network-auth.xml:3462(para)
17438
#: serverguide/C/network-auth.xml:3461(para)
17440
17439
msgid ""
17441
17440
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17442
17441
"edit the ldap database. Many times it is the RootDN. Change its value to "
17443
17442
"reflect your setup."
17444
17443
msgstr ""
17445
17444
17446
#: serverguide/C/network-auth.xml:3471(para)
17445
#: serverguide/C/network-auth.xml:3470(para)
17447
17446
msgid ""
17448
17447
"To load the schema into LDAP, on the LDAP server install the "
17449
17448
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17450
17449
msgstr ""
17451
17450
17452
#: serverguide/C/network-auth.xml:3477(command)
17451
#: serverguide/C/network-auth.xml:3476(command)
17453
17452
msgid "sudo apt-get install krb5-kdc-ldap"
17454
17453
msgstr ""
17455
17454
17456
#: serverguide/C/network-auth.xml:3482(para)
17455
#: serverguide/C/network-auth.xml:3481(para)
17457
17456
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17458
17457
msgstr ""
17459
17458
17459
#: serverguide/C/network-auth.xml:3486(command)
17460
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17461
msgstr ""
17462
17460
17463
#: serverguide/C/network-auth.xml:3487(command)
17461
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17462
msgstr ""
17463
17464
#: serverguide/C/network-auth.xml:3488(command)
17465
17464
msgid ""
17466
17465
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17467
17466
msgstr ""
17468
17467
17469
#: serverguide/C/network-auth.xml:3494(para)
17468
#: serverguide/C/network-auth.xml:3493(para)
17470
17469
msgid ""
17471
17470
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17472
17471
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17474
17473
"linkend=\"openldap-configuration\"/>."
17475
17474
msgstr ""
17476
17475
17477
#: serverguide/C/network-auth.xml:3502(para)
17476
#: serverguide/C/network-auth.xml:3501(para)
17478
17477
msgid ""
17479
17478
"First, create a configuration file named "
17480
17479
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
17481
17480
"containing the following lines:"
17482
17481
msgstr ""
17483
17482
17484
#: serverguide/C/network-auth.xml:3507(programlisting)
17483
#: serverguide/C/network-auth.xml:3506(programlisting)
17485
17484
#, no-wrap
17486
17485
msgid ""
17487
17486
"\n"
17500
17499
"include /etc/ldap/schema/kerberos.schema\n"
17501
17500
msgstr ""
17502
17501
17503
#: serverguide/C/network-auth.xml:3527(para)
17502
#: serverguide/C/network-auth.xml:3526(para)
17504
17503
msgid "Create a temporary directory to hold the LDIF files:"
17505
17504
msgstr ""
17506
17505
17507
#: serverguide/C/network-auth.xml:3531(command)
17506
#: serverguide/C/network-auth.xml:3530(command)
17508
17507
msgid "mkdir /tmp/ldif_output"
17509
17508
msgstr ""
17510
17509
17511
#: serverguide/C/network-auth.xml:3537(para)
17510
#: serverguide/C/network-auth.xml:3536(para)
17512
17511
msgid ""
17513
17512
"Now use <application>slapcat</application> to convert the schema files:"
17514
17513
msgstr ""
17515
17514
17516
#: serverguide/C/network-auth.xml:3542(command)
17515
#: serverguide/C/network-auth.xml:3541(command)
17517
17516
msgid ""
17518
17517
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17519
17518
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17520
17519
msgstr ""
17521
17520
17522
#: serverguide/C/network-auth.xml:3546(para)
17521
#: serverguide/C/network-auth.xml:3545(para)
17523
17522
msgid ""
17524
17523
"Change the above file and path names to match your own if they are different."
17525
17524
msgstr ""
17526
17525
17527
#: serverguide/C/network-auth.xml:3553(para)
17526
#: serverguide/C/network-auth.xml:3552(para)
17528
17527
msgid ""
17529
17528
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17530
17529
"changing the following attributes:"
17531
17530
msgstr ""
17532
17531
17533
#: serverguide/C/network-auth.xml:3557(programlisting)
17532
#: serverguide/C/network-auth.xml:3556(programlisting)
17534
17533
#, no-wrap
17535
17534
msgid ""
17536
17535
"\n"
17539
17538
"cn: kerberos\n"
17540
17539
msgstr ""
17541
17540
17542
#: serverguide/C/network-auth.xml:3563(para)
17541
#: serverguide/C/network-auth.xml:3562(para)
17543
17542
msgid "And remove the following lines from the end of the file:"
17544
17543
msgstr ""
17545
17544
17546
#: serverguide/C/network-auth.xml:3567(programlisting)
17545
#: serverguide/C/network-auth.xml:3566(programlisting)
17547
17546
#, no-wrap
17548
17547
msgid ""
17549
17548
"\n"
17556
17555
"modifyTimestamp: 20090111203515Z\n"
17557
17556
msgstr ""
17558
17557
17559
#: serverguide/C/network-auth.xml:3577(para)
17558
#: serverguide/C/network-auth.xml:3576(para)
17560
17559
msgid ""
17561
17560
"The attribute values will vary, just be sure the attributes are removed."
17562
17561
msgstr ""
17563
17562
17564
#: serverguide/C/network-auth.xml:3584(para)
17563
#: serverguide/C/network-auth.xml:3583(para)
17565
17564
msgid "Load the new schema with <application>ldapadd</application>:"
17566
17565
msgstr ""
17567
17566
17568
#: serverguide/C/network-auth.xml:3589(command)
17567
#: serverguide/C/network-auth.xml:3588(command)
17569
17568
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
17570
17569
msgstr ""
17571
17570
17572
#: serverguide/C/network-auth.xml:3595(para)
17571
#: serverguide/C/network-auth.xml:3594(para)
17573
17572
msgid ""
17574
17573
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
17575
17574
msgstr ""
17576
17575
17577
#: serverguide/C/network-auth.xml:3600(command) serverguide/C/network-auth.xml:3617(command)
17576
#: serverguide/C/network-auth.xml:3599(command) serverguide/C/network-auth.xml:3616(command)
17578
17577
msgid "ldapmodify -x -D cn=admin,cn=config -W"
17579
17578
msgstr ""
17580
17579
17581
#: serverguide/C/network-auth.xml:3602(userinput)
17580
#: serverguide/C/network-auth.xml:3601(userinput)
17582
17581
#, no-wrap
17583
17582
msgid ""
17584
17583
"dn: olcDatabase={1}hdb,cn=config\n"
17586
17585
"olcDbIndex: krbPrincipalName eq,pres,sub"
17587
17586
msgstr ""
17588
17587
17589
#: serverguide/C/network-auth.xml:3601(computeroutput)
17588
#: serverguide/C/network-auth.xml:3600(computeroutput)
17590
17589
#, no-wrap
17591
17590
msgid ""
17592
17591
"Enter LDAP Password:\n"
17595
17594
"modifying entry \"olcDatabase={1}hdb,cn=config\""
17596
17595
msgstr ""
17597
17596
17598
#: serverguide/C/network-auth.xml:3612(para)
17597
#: serverguide/C/network-auth.xml:3611(para)
17599
17598
msgid "Finally, update the Access Control Lists (ACL):"
17600
17599
msgstr ""
17601
17600
17602
#: serverguide/C/network-auth.xml:3619(userinput)
17601
#: serverguide/C/network-auth.xml:3618(userinput)
17603
17602
#, no-wrap
17604
17603
msgid ""
17605
17604
"dn: olcDatabase={1}hdb,cn=config\n"
17615
17614
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
17616
17615
msgstr ""
17617
17616
17618
#: serverguide/C/network-auth.xml:3618(computeroutput)
17617
#: serverguide/C/network-auth.xml:3617(computeroutput)
17619
17618
#, no-wrap
17620
17619
msgid ""
17621
17620
"Enter LDAP Password: \n"
17624
17623
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17625
17624
msgstr ""
17626
17625
17627
#: serverguide/C/network-auth.xml:3639(para)
17626
#: serverguide/C/network-auth.xml:3638(para)
17628
17627
msgid ""
17629
17628
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17630
17629
"database."
17631
17630
msgstr ""
17632
17631
17633
#: serverguide/C/network-auth.xml:3645(title)
17632
#: serverguide/C/network-auth.xml:3644(title)
17634
17633
msgid "Primary KDC Configuration"
17635
17634
msgstr ""
17636
17635
17637
#: serverguide/C/network-auth.xml:3647(para)
17636
#: serverguide/C/network-auth.xml:3646(para)
17638
17637
msgid ""
17639
17638
"With <application>OpenLDAP</application> configured it is time to configure "
17640
17639
"the KDC."
17641
17640
msgstr ""
17642
17641
17643
#: serverguide/C/network-auth.xml:3653(para)
17642
#: serverguide/C/network-auth.xml:3652(para)
17644
17643
msgid "First, install the necessary packages, from a terminal enter:"
17645
17644
msgstr ""
17646
17645
17647
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17646
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17648
17647
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17649
17648
msgstr ""
17650
17649
17651
#: serverguide/C/network-auth.xml:3664(para)
17650
#: serverguide/C/network-auth.xml:3663(para)
17652
17651
msgid ""
17653
17652
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17654
17653
"under the appropriate sections:"
17655
17654
msgstr ""
17656
17655
17657
#: serverguide/C/network-auth.xml:3668(programlisting)
17656
#: serverguide/C/network-auth.xml:3667(programlisting)
17658
17657
#, no-wrap
17659
17658
msgid ""
17660
17659
"\n"
17704
17703
" }\n"
17705
17704
msgstr ""
17706
17705
17707
#: serverguide/C/network-auth.xml:3713(para)
17706
#: serverguide/C/network-auth.xml:3712(para)
17708
17707
msgid ""
17709
17708
"Change <emphasis>example.com</emphasis>, "
17710
17709
"<emphasis>dc=example,dc=com</emphasis>, "
17713
17712
"object, and LDAP server for your network."
17714
17713
msgstr ""
17715
17714
17716
#: serverguide/C/network-auth.xml:3722(para)
17715
#: serverguide/C/network-auth.xml:3721(para)
17717
17716
msgid ""
17718
17717
"Next, use the <application>kdb5_ldap_util</application> utility to create "
17719
17718
"the realm:"
17720
17719
msgstr ""
17721
17720
17722
#: serverguide/C/network-auth.xml:3727(command)
17721
#: serverguide/C/network-auth.xml:3726(command)
17723
17722
msgid ""
17724
17723
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees \\ "
17725
17724
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
17726
17725
msgstr ""
17727
17726
17728
#: serverguide/C/network-auth.xml:3734(para)
17727
#: serverguide/C/network-auth.xml:3733(para)
17729
17728
msgid ""
17730
17729
"Create a stash of the password used to bind to the LDAP server. This "
17731
17730
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
17733
17732
"<filename>/etc/krb5.conf</filename>:"
17734
17733
msgstr ""
17735
17734
17736
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17735
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17737
17736
msgid ""
17738
17737
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17739
17738
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17740
17739
msgstr ""
17741
17740
17742
#: serverguide/C/network-auth.xml:3747(para)
17741
#: serverguide/C/network-auth.xml:3746(para)
17743
17742
msgid "Copy the CA certificate from the LDAP server:"
17744
17743
msgstr ""
17745
17744
17745
#: serverguide/C/network-auth.xml:3751(command)
17746
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17747
msgstr ""
17748
17746
17749
#: serverguide/C/network-auth.xml:3752(command)
17747
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17748
msgstr ""
17749
17750
#: serverguide/C/network-auth.xml:3753(command)
17751
17750
msgid "sudo cp cacert.pem /etc/ssl/certs"
17752
17751
msgstr ""
17753
17752
17754
#: serverguide/C/network-auth.xml:3756(para)
17753
#: serverguide/C/network-auth.xml:3755(para)
17755
17754
msgid ""
17756
17755
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17757
17756
msgstr ""
17758
17757
17759
#: serverguide/C/network-auth.xml:3760(programlisting)
17758
#: serverguide/C/network-auth.xml:3759(programlisting)
17760
17759
#, no-wrap
17761
17760
msgid ""
17762
17761
"\n"
17763
17762
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17764
17763
msgstr ""
17765
17764
17766
#: serverguide/C/network-auth.xml:3765(para)
17765
#: serverguide/C/network-auth.xml:3764(para)
17767
17766
msgid ""
17768
17767
"The certificate will also need to be copied to the Secondary KDC, to allow "
17769
17768
"the connection to the LDAP servers using LDAPS."
17770
17769
msgstr ""
17771
17770
17772
#: serverguide/C/network-auth.xml:3774(para)
17771
#: serverguide/C/network-auth.xml:3773(para)
17773
17772
msgid ""
17774
17773
"You can now add Kerberos principals to the LDAP database, and they will be "
17775
17774
"copied to any other LDAP servers configured for replication. To add a "
17776
17775
"principal using the <application>kadmin.local</application> utility enter:"
17777
17776
msgstr ""
17778
17777
17779
#: serverguide/C/network-auth.xml:3782(userinput)
17778
#: serverguide/C/network-auth.xml:3781(userinput)
17780
17779
#, no-wrap
17781
17780
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17782
17781
msgstr ""
17783
17782
17784
#: serverguide/C/network-auth.xml:3781(computeroutput)
17783
#: serverguide/C/network-auth.xml:3780(computeroutput)
17785
17784
#, no-wrap
17786
17785
msgid ""
17787
17786
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17792
17791
"Principal \"steve@EXAMPLE.COM\" created."
17793
17792
msgstr ""
17794
17793
17795
#: serverguide/C/network-auth.xml:3789(para)
17794
#: serverguide/C/network-auth.xml:3788(para)
17796
17795
msgid ""
17797
17796
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
17798
17797
"krbExtraData attributes added to the "
17801
17800
"utilities to test that the user is indeed issued a ticket."
17802
17801
msgstr ""
17803
17802
17804
#: serverguide/C/network-auth.xml:3796(para)
17803
#: serverguide/C/network-auth.xml:3795(para)
17805
17804
msgid ""
17806
17805
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
17807
17806
"option is needed to add the Kerberos attributes. Otherwise a new "
17808
17807
"<emphasis>principal</emphasis> object will be created in the realm subtree."
17809
17808
msgstr ""
17810
17809
17811
#: serverguide/C/network-auth.xml:3804(title)
17810
#: serverguide/C/network-auth.xml:3803(title)
17812
17811
msgid "Secondary KDC Configuration"
17813
17812
msgstr ""
17814
17813
17815
#: serverguide/C/network-auth.xml:3806(para)
17814
#: serverguide/C/network-auth.xml:3805(para)
17816
17815
msgid ""
17817
17816
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
17818
17817
"one using the normal Kerberos database."
17819
17818
msgstr ""
17820
17819
17821
#: serverguide/C/network-auth.xml:3812(para)
17820
#: serverguide/C/network-auth.xml:3811(para)
17822
17821
msgid "First, install the necessary packages. In a terminal enter:"
17823
17822
msgstr ""
17824
17823
17825
#: serverguide/C/network-auth.xml:3823(para)
17824
#: serverguide/C/network-auth.xml:3822(para)
17826
17825
msgid ""
17827
17826
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
17828
17827
msgstr ""
17829
17828
17830
#: serverguide/C/network-auth.xml:3827(programlisting)
17829
#: serverguide/C/network-auth.xml:3826(programlisting)
17831
17830
#, no-wrap
17832
17831
msgid ""
17833
17832
"\n"
17876
17875
" }\n"
17877
17876
msgstr ""
17878
17877
17879
#: serverguide/C/network-auth.xml:3874(para)
17878
#: serverguide/C/network-auth.xml:3873(para)
17880
17879
msgid "Create the stash for the LDAP bind password:"
17881
17880
msgstr ""
17882
17881
17883
#: serverguide/C/network-auth.xml:3886(para)
17882
#: serverguide/C/network-auth.xml:3885(para)
17884
17883
msgid ""
17885
17884
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
17886
17885
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
17889
17888
"media."
17890
17889
msgstr ""
17891
17890
17891
#: serverguide/C/network-auth.xml:3892(command)
17892
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17893
msgstr ""
17894
17892
17895
#: serverguide/C/network-auth.xml:3893(command)
17893
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17894
msgstr ""
17895
17896
#: serverguide/C/network-auth.xml:3894(command)
17897
17896
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17898
17897
msgstr ""
17899
17898
17900
#: serverguide/C/network-auth.xml:3898(para)
17899
#: serverguide/C/network-auth.xml:3897(para)
17901
17900
msgid ""
17902
17901
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17903
17902
msgstr ""
17904
17903
17905
#: serverguide/C/network-auth.xml:3906(para)
17904
#: serverguide/C/network-auth.xml:3905(para)
17906
17905
msgid ""
17907
17906
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17908
17907
"only,"
17909
17908
msgstr ""
17910
17909
17911
#: serverguide/C/network-auth.xml:3918(para)
17910
#: serverguide/C/network-auth.xml:3917(para)
17912
17911
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17913
17912
msgstr ""
17914
17913
17915
#: serverguide/C/network-auth.xml:3929(para)
17914
#: serverguide/C/network-auth.xml:3928(para)
17916
17915
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17917
17916
msgstr ""
17918
17917
17919
#: serverguide/C/network-auth.xml:3936(para)
17918
#: serverguide/C/network-auth.xml:3935(para)
17920
17919
msgid ""
17921
17920
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17922
17921
"you should be able to continue to authenticate users if one LDAP server, one "
17923
17922
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17924
17923
msgstr ""
17925
17924
17926
#: serverguide/C/network-auth.xml:3948(para)
17925
#: serverguide/C/network-auth.xml:3947(para)
17927
17926
msgid ""
17928
17927
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17929
17928
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17930
17929
"Guide</ulink> has some additional details."
17931
17930
msgstr ""
17932
17931
17933
#: serverguide/C/network-auth.xml:3951(para)
17932
#: serverguide/C/network-auth.xml:3953(para)
17934
17933
msgid ""
17935
17934
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17936
17935
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17940
17939
"l\">kdb5_ldap_util man page</ulink>."
17941
17940
msgstr ""
17942
17941
17943
#: serverguide/C/network-auth.xml:3959(para)
17942
#: serverguide/C/network-auth.xml:3961(para)
17944
17943
msgid ""
17945
17944
"Another useful link is the <ulink "
17946
17945
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man5/krb5.conf.5.html\">k"
17947
17946
"rb5.conf man page</ulink>."
17948
17947
msgstr ""
17949
17948
17950
#: serverguide/C/network-auth.xml:3967(para)
17949
#: serverguide/C/network-auth.xml:3966(para)
17951
17950
msgid ""
17952
17951
"Also, see the <ulink "
17953
17952
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
17954
17953
"and LDAP</ulink> Ubuntu wiki page."
17955
17954
msgstr ""
17956
17955
17957
#: serverguide/C/network-auth.xml:3973(title)
17956
#: serverguide/C/network-auth.xml:3975(title)
17958
17957
msgid "SSSD and Active Directory"
17959
17958
msgstr ""
17960
17959
17961
#: serverguide/C/network-auth.xml:3974(para)
17960
#: serverguide/C/network-auth.xml:3976(para)
17962
17961
msgid ""
17963
17962
"This section describes the use of sssd to authenticate user logins against "
17964
17963
"an Active Directory via using sssd's \"ad\" provider. In previous versions "
17969
17968
"requires no modifications to the AD structure."
17970
17969
msgstr ""
17971
17970
17972
#: serverguide/C/network-auth.xml:3978(title)
17971
#: serverguide/C/network-auth.xml:3980(title)
17973
17972
msgid "Prerequisites, Assumptions, and Requirements"
17974
17973
msgstr ""
17975
17974
17976
#: serverguide/C/network-auth.xml:3981(para)
17975
#: serverguide/C/network-auth.xml:3983(para)
17977
17976
msgid ""
17978
17977
"This guide does not explain Active Directory, how it works, how to set one "
17979
17978
"up, or how to maintain it. It may not provide “best practices” for your "
17980
17979
"environment."
17981
17980
msgstr ""
17982
17981
17983
#: serverguide/C/network-auth.xml:3983(para)
17982
#: serverguide/C/network-auth.xml:3985(para)
17984
17983
msgid ""
17985
17984
"This guide assumes that a working Active Directory domain is already "
17986
17985
"configured."
17987
17986
msgstr ""
17988
17987
17989
#: serverguide/C/network-auth.xml:3985(para)
17988
#: serverguide/C/network-auth.xml:3987(para)
17990
17989
msgid ""
17991
17990
"The domain controller is acting as an authoritative DNS server for the "
17992
17991
"domain."
17993
17992
msgstr ""
17994
17993
17995
#: serverguide/C/network-auth.xml:3987(para)
17994
#: serverguide/C/network-auth.xml:3989(para)
17996
17995
msgid ""
17997
17996
"The domain controller is the primary DNS resolver as specified in "
17998
17997
"<filename>/etc/resolv.conf</filename>."
17999
17998
msgstr ""
18000
17999
18001
#: serverguide/C/network-auth.xml:3990(para)
18000
#: serverguide/C/network-auth.xml:3992(para)
18002
18001
msgid ""
18003
18002
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
18004
18003
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
18005
18004
"(see Resources section for external links)."
18006
18005
msgstr ""
18007
18006
18008
#: serverguide/C/network-auth.xml:3992(para)
18007
#: serverguide/C/network-auth.xml:3994(para)
18009
18008
msgid ""
18010
18009
"System time is synchronized on the domain controller (necessary for "
18011
18010
"Kerberos)."
18012
18011
msgstr ""
18013
18012
18014
#: serverguide/C/network-auth.xml:3994(para)
18013
#: serverguide/C/network-auth.xml:3996(para)
18015
18014
msgid ""
18016
18015
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
18017
18016
"."
18018
18017
msgstr ""
18019
18018
18020
#: serverguide/C/network-auth.xml:3999(para)
18019
#: serverguide/C/network-auth.xml:4001(para)
18021
18020
msgid ""
18022
18021
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
18023
18022
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18026
18025
"controllers are needed for this step."
18027
18026
msgstr ""
18028
18027
18029
#: serverguide/C/network-auth.xml:4000(para)
18028
#: serverguide/C/network-auth.xml:4002(para)
18030
18029
msgid "Install these packages now."
18031
18030
msgstr ""
18032
18031
18033
#: serverguide/C/network-auth.xml:4002(command)
18032
#: serverguide/C/network-auth.xml:4004(command)
18034
18033
msgid "sudo apt-get install krb5-user samba sssd ntp"
18035
18034
msgstr ""
18036
18035
18037
#: serverguide/C/network-auth.xml:4003(para)
18036
#: serverguide/C/network-auth.xml:4005(para)
18038
18037
msgid ""
18039
18038
"See the next section for the answers to the questions asked by the "
18040
18039
"<emphasis>krb5-user</emphasis> postinstall script."
18041
18040
msgstr ""
18042
18041
18043
#: serverguide/C/network-auth.xml:4006(title)
18042
#: serverguide/C/network-auth.xml:4008(title)
18044
18043
msgid "Kerberos Configuration"
18045
18044
msgstr ""
18046
18045
18047
#: serverguide/C/network-auth.xml:4007(para)
18046
#: serverguide/C/network-auth.xml:4009(para)
18048
18047
msgid ""
18049
18048
"The installation of <emphasis>krb5-user</emphasis> will prompt for the realm "
18050
18049
"name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin "
18054
18053
"not, then both are needed."
18055
18054
msgstr ""
18056
18055
18057
#: serverguide/C/network-auth.xml:4008(para)
18056
#: serverguide/C/network-auth.xml:4010(para)
18058
18057
msgid ""
18059
18058
"If the domain is <emphasis>myubuntu.example.com</emphasis>, enter the realm "
18060
18059
"as <emphasis>MYUBUNTU.EXAMPLE.COM</emphasis>"
18061
18060
msgstr ""
18062
18061
18063
#: serverguide/C/network-auth.xml:4011(para)
18062
#: serverguide/C/network-auth.xml:4013(para)
18064
18063
msgid ""
18065
18064
"Optionally, edit <emphasis>/etc/krb5.conf</emphasis> with a few additional "
18066
18065
"settings to specify Kerberos ticket lifetime (these values are safe to use "
18067
18066
"as defaults):"
18068
18067
msgstr ""
18069
18068
18070
#: serverguide/C/network-auth.xml:4012(programlisting)
18069
#: serverguide/C/network-auth.xml:4014(programlisting)
18071
18070
#, no-wrap
18072
18071
msgid ""
18073
18072
"\n"
18079
18078
"\t\t"
18080
18079
msgstr ""
18081
18080
18082
#: serverguide/C/network-auth.xml:4020(para)
18081
#: serverguide/C/network-auth.xml:4022(para)
18083
18082
msgid ""
18084
18083
"If default_realm is not specified, it may be necessary to log in with "
18085
18084
"“username@domain” instead of “username”."
18086
18085
msgstr ""
18087
18086
18088
#: serverguide/C/network-auth.xml:4022(para)
18087
#: serverguide/C/network-auth.xml:4024(para)
18089
18088
msgid ""
18090
18089
"The system time on the Active Directory member needs to be consistent with "
18091
18090
"that of the domain controller, or Kerberos authentication may fail. Ideally, "
18093
18092
"<filename>/etc/ntp.conf</filename>:"
18094
18093
msgstr ""
18095
18094
18096
#: serverguide/C/network-auth.xml:4024(programlisting)
18095
#: serverguide/C/network-auth.xml:4026(programlisting)
18097
18096
#, no-wrap
18098
18097
msgid ""
18099
18098
"\n"
18100
18099
"server dc.myubuntu.example.com\n"
18101
18100
msgstr ""
18102
18101
18103
#: serverguide/C/network-auth.xml:4031(para)
18102
#: serverguide/C/network-auth.xml:4033(para)
18104
18103
msgid ""
18105
18104
"Samba will be used to perform netbios/nmbd services related to Active "
18106
18105
"Directory authentication, even if no file shares are exported. Edit the file "
18108
18107
"<emphasis>[global]</emphasis> section:"
18109
18108
msgstr ""
18110
18109
18111
#: serverguide/C/network-auth.xml:4033(programlisting)
18110
#: serverguide/C/network-auth.xml:4035(programlisting)
18112
18111
#, no-wrap
18113
18112
msgid ""
18114
18113
"\n"
18122
18121
"security = ads\n"
18123
18122
msgstr ""
18124
18123
18125
#: serverguide/C/network-auth.xml:4044(para)
18124
#: serverguide/C/network-auth.xml:4046(para)
18126
18125
msgid ""
18127
18126
"Some guides specify that \"password server\" should be specified and pointed "
18128
18127
"to the domain controller. This is only necessary if DNS is not properly set "
18130
18129
"server\" is specified with \"security = ads\"."
18131
18130
msgstr ""
18132
18131
18133
#: serverguide/C/network-auth.xml:4049(title)
18132
#: serverguide/C/network-auth.xml:4051(title)
18134
18133
msgid "SSSD Configuration"
18135
18134
msgstr ""
18136
18135
18137
#: serverguide/C/network-auth.xml:4051(para)
18136
#: serverguide/C/network-auth.xml:4053(para)
18138
18137
msgid ""
18139
18138
"There is no default/example config file for "
18140
18139
"<filename>/etc/sssd/sssd.conf</filename> included in the sssd package. It is "
18141
18140
"necessary to create one. This is a minimal working config file:"
18142
18141
msgstr ""
18143
18142
18144
#: serverguide/C/network-auth.xml:4053(programlisting)
18143
#: serverguide/C/network-auth.xml:4055(programlisting)
18145
18144
#, no-wrap
18146
18145
msgid ""
18147
18146
"\n"
18173
18172
"# enumerate = true\n"
18174
18173
msgstr ""
18175
18174
18176
#: serverguide/C/network-auth.xml:4080(para)
18175
#: serverguide/C/network-auth.xml:4082(para)
18177
18176
msgid ""
18178
18177
"After saving this file, set the ownership to root and the file permissions "
18179
18178
"to 600:"
18180
18179
msgstr ""
18181
18180
18182
#: serverguide/C/network-auth.xml:4081(command)
18181
#: serverguide/C/network-auth.xml:4083(command)
18183
18182
msgid "sudo chown root:root /etc/sssd/sssd.conf"
18184
18183
msgstr ""
18185
18184
18186
#: serverguide/C/network-auth.xml:4082(command)
18185
#: serverguide/C/network-auth.xml:4084(command)
18187
18186
msgid "sudo chmod 600 /etc/sssd/sssd.conf"
18188
18187
msgstr ""
18189
18188
18190
#: serverguide/C/network-auth.xml:4084(para)
18189
#: serverguide/C/network-auth.xml:4086(para)
18191
18190
msgid ""
18192
18191
"If the ownership or permissions are not correct, sssd will refuse to start."
18193
18192
msgstr ""
18194
18193
18195
#: serverguide/C/network-auth.xml:4088(title)
18194
#: serverguide/C/network-auth.xml:4090(title)
18196
18195
msgid "Verify nsswitch.conf Configuration"
18197
18196
msgstr ""
18198
18197
18199
#: serverguide/C/network-auth.xml:4089(para)
18198
#: serverguide/C/network-auth.xml:4091(para)
18200
18199
msgid ""
18201
18200
"The post-install script for the sssd package makes some modifications to "
18202
18201
"/etc/nsswitch.conf automatically. It should look something like this:"
18203
18202
msgstr ""
18204
18203
18205
#: serverguide/C/network-auth.xml:4091(programlisting)
18204
#: serverguide/C/network-auth.xml:4093(programlisting)
18206
18205
#, no-wrap
18207
18206
msgid ""
18208
18207
"\n"
18213
18212
"sudoers: files sss\n"
18214
18213
msgstr ""
18215
18214
18216
#: serverguide/C/network-auth.xml:4101(title)
18215
#: serverguide/C/network-auth.xml:4103(title)
18217
18216
msgid "Modify /etc/hosts"
18218
18217
msgstr ""
18219
18218
18220
#: serverguide/C/network-auth.xml:4102(para)
18219
#: serverguide/C/network-auth.xml:4104(para)
18221
18220
msgid ""
18222
18221
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18223
18222
"example:"
18224
18223
msgstr ""
18225
18224
18226
#: serverguide/C/network-auth.xml:4103(programlisting)
18225
#: serverguide/C/network-auth.xml:4105(programlisting)
18227
18226
#, no-wrap
18228
18227
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18229
18228
msgstr ""
18230
18229
18231
#: serverguide/C/network-auth.xml:4105(para)
18230
#: serverguide/C/network-auth.xml:4107(para)
18232
18231
msgid "This is useful in conjunction with dynamic DNS updates."
18233
18232
msgstr ""
18234
18233
18235
#: serverguide/C/network-auth.xml:4109(title)
18234
#: serverguide/C/network-auth.xml:4111(title)
18236
18235
msgid "Join the Active Directory"
18237
18236
msgstr ""
18238
18237
18239
#: serverguide/C/network-auth.xml:4110(para)
18238
#: serverguide/C/network-auth.xml:4112(para)
18240
18239
msgid "Now, restart ntp and samba and start sssd."
18241
18240
msgstr ""
18242
18241
18243
#: serverguide/C/virtualization.xml:2208(command)
18242
#: serverguide/C/network-auth.xml:4113(command)
18244
18243
msgid "sudo service ntp restart"
18245
18244
msgstr ""
18246
18245
18247
#: serverguide/C/network-auth.xml:4114(command)
18246
#: serverguide/C/network-auth.xml:4116(command)
18248
18247
msgid "sudo start sssd"
18249
18248
msgstr ""
18250
18249
18251
#: serverguide/C/network-auth.xml:4116(para)
18250
#: serverguide/C/network-auth.xml:4118(para)
18252
18251
msgid "Test the configuration by obtaining a Kerberos ticket:"
18253
18252
msgstr ""
18254
18253
18255
#: serverguide/C/network-auth.xml:4118(command)
18254
#: serverguide/C/network-auth.xml:4120(command)
18256
18255
msgid "sudo kinit Administrator"
18257
18256
msgstr ""
18258
18257
18259
#: serverguide/C/network-auth.xml:4120(para)
18258
#: serverguide/C/network-auth.xml:4122(para)
18260
18259
msgid "Verify the ticket with:"
18261
18260
msgstr ""
18262
18261
18263
#: serverguide/C/network-auth.xml:4121(command)
18262
#: serverguide/C/network-auth.xml:4123(command)
18264
18263
msgid "sudo klist"
18265
18264
msgstr ""
18266
18265
18267
#: serverguide/C/network-auth.xml:4123(para)
18266
#: serverguide/C/network-auth.xml:4125(para)
18268
18267
msgid ""
18269
18268
"If there is a ticket with an expiration date listed, then it is time to join "
18270
18269
"the domain:"
18271
18270
msgstr ""
18272
18271
18273
#: serverguide/C/network-auth.xml:4125(command)
18272
#: serverguide/C/network-auth.xml:4127(command)
18274
18273
msgid "sudo net ads join -k"
18275
18274
msgstr ""
18276
18275
18277
#: serverguide/C/network-auth.xml:4127(para)
18276
#: serverguide/C/network-auth.xml:4129(para)
18278
18277
msgid ""
18279
18278
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18280
18279
"probably means that there is no (correct) alias in "
18284
18283
"\"Modify /etc/hosts\" above."
18285
18284
msgstr ""
18286
18285
18287
#: serverguide/C/network-auth.xml:4129(para)
18286
#: serverguide/C/network-auth.xml:4131(para)
18288
18287
msgid ""
18289
18288
"(The message \"NT_STATUS_UNSUCCESSFUL\" indicates the domain join failed and "
18290
18289
"something is incorrect. Review the prior steps before proceeding)."
18291
18290
msgstr ""
18292
18291
18293
#: serverguide/C/network-auth.xml:4131(para)
18292
#: serverguide/C/network-auth.xml:4133(para)
18294
18293
msgid ""
18295
18294
"Here are a couple of (optional) checks to verify that the domain join was "
18296
18295
"successful. Note that if the domain was successfully joined but one or both "
18298
18297
"Some of the changes appear to be asynchronous."
18299
18298
msgstr ""
18300
18299
18301
#: serverguide/C/network-auth.xml:4133(para)
18300
#: serverguide/C/network-auth.xml:4135(para)
18302
18301
msgid "Verification option #1:"
18303
18302
msgstr ""
18304
18303
18305
#: serverguide/C/network-auth.xml:4134(para)
18304
#: serverguide/C/network-auth.xml:4136(para)
18306
18305
msgid ""
18307
18306
"Check the default Organizational Unit for computer accounts in the Active "
18308
18307
"Directory to verify that the computer account was created. (Organizational "
18309
18308
"Units in Active Directory is a topic outside the scope of this guide)."
18310
18309
msgstr ""
18311
18310
18312
#: serverguide/C/network-auth.xml:4136(para)
18311
#: serverguide/C/network-auth.xml:4138(para)
18313
18312
msgid "Verification option #2"
18314
18313
msgstr ""
18315
18314
18316
#: serverguide/C/network-auth.xml:4137(para)
18315
#: serverguide/C/network-auth.xml:4139(para)
18317
18316
msgid "Execute this command for a specific AD user (e.g. administrator)"
18318
18317
msgstr ""
18319
18318
18320
#: serverguide/C/network-auth.xml:4138(command)
18319
#: serverguide/C/network-auth.xml:4140(command)
18321
18320
msgid "getent passwd username"
18322
18321
msgstr ""
18323
18322
18324
#: serverguide/C/network-auth.xml:4140(para)
18323
#: serverguide/C/network-auth.xml:4142(para)
18325
18324
msgid ""
18326
18325
"If <emphasis>enumerate = true</emphasis> is set in "
18327
18326
"<filename>sssd.conf</filename>, <emphasis>getent passwd</emphasis> with no "
18329
18328
"testing, but is slow and not recommended for production."
18330
18329
msgstr ""
18331
18330
18332
#: serverguide/C/network-auth.xml:4144(title)
18331
#: serverguide/C/network-auth.xml:4146(title)
18333
18332
msgid "Test Authentication"
18334
18333
msgstr ""
18335
18334
18336
#: serverguide/C/network-auth.xml:4145(para)
18335
#: serverguide/C/network-auth.xml:4147(para)
18337
18336
msgid ""
18338
18337
"It should now be possible to authenticate using an Active Directory User's "
18339
18338
"credentials:"
18340
18339
msgstr ""
18341
18340
18342
#: serverguide/C/network-auth.xml:4147(command)
18341
#: serverguide/C/network-auth.xml:4149(command)
18343
18342
msgid "su - username"
18344
18343
msgstr ""
18345
18344
18346
#: serverguide/C/network-auth.xml:4149(para)
18345
#: serverguide/C/network-auth.xml:4151(para)
18347
18346
msgid ""
18348
18347
"If this works, then other login methods (getty, ssh) should also work."
18349
18348
msgstr ""
18350
18349
18351
#: serverguide/C/network-auth.xml:4151(para)
18350
#: serverguide/C/network-auth.xml:4153(para)
18352
18351
msgid ""
18353
18352
"If the computer account was created, indicating that the system was "
18354
18353
"\"joined\" to the domain, but authentication is unsuccessful, it may be "
18357
18356
"earlier in this guide."
18358
18357
msgstr ""
18359
18358
18360
#: serverguide/C/network-auth.xml:4155(title)
18359
#: serverguide/C/network-auth.xml:4157(title)
18361
18360
msgid "Home directories with pam_mkhomedir (optional)"
18362
18361
msgstr ""
18363
18362
18364
#: serverguide/C/network-auth.xml:4156(para)
18363
#: serverguide/C/network-auth.xml:4158(para)
18365
18364
msgid ""
18366
18365
"When logging in using an Active Directory user account, it is likely that "
18367
18366
"user has no home directory. This can be fixed with pam_mkdhomedir.so, which "
18370
18369
"after <emphasis>session required pam_unix.so:</emphasis>"
18371
18370
msgstr ""
18372
18371
18373
#: serverguide/C/network-auth.xml:4157(programlisting)
18372
#: serverguide/C/network-auth.xml:4159(programlisting)
18374
18373
#, no-wrap
18375
18374
msgid ""
18376
18375
"\n"
18377
18376
"session required pam_mkhomedir.so skel=/etc/skel/ umask=0022\n"
18378
18377
msgstr ""
18379
18378
18380
#: serverguide/C/network-auth.xml:4161(para)
18379
#: serverguide/C/network-auth.xml:4163(para)
18381
18380
msgid ""
18382
18381
"This may also need <emphasis>override_homedir</emphasis> in "
18383
18382
"<filename>sssd.conf</filename> to function correctly, so make sure that’s "
18384
18383
"set."
18385
18384
msgstr ""
18386
18385
18387
#: serverguide/C/network-auth.xml:4165(title)
18386
#: serverguide/C/network-auth.xml:4167(title)
18388
18387
msgid "Desktop Ubuntu Authentication"
18389
18388
msgstr ""
18390
18389
18391
#: serverguide/C/network-auth.xml:4166(para)
18390
#: serverguide/C/network-auth.xml:4168(para)
18392
18391
msgid ""
18393
18392
"It is possible to also authenticate logins to Ubuntu Desktop using Active "
18394
18393
"Directory accounts. The AD accounts will not show up in the pick list with "
18397
18396
"append the following two lines:"
18398
18397
msgstr ""
18399
18398
18400
#: serverguide/C/network-auth.xml:4168(programlisting)
18399
#: serverguide/C/network-auth.xml:4170(programlisting)
18401
18400
#, no-wrap
18402
18401
msgid ""
18403
18402
"\n"
18405
18404
"greeter-hide-users=true\n"
18406
18405
msgstr ""
18407
18406
18408
#: serverguide/C/network-auth.xml:4173(para)
18407
#: serverguide/C/network-auth.xml:4175(para)
18409
18408
msgid ""
18410
18409
"Reboot to restart lightdm. It should now be possible to log in using a "
18411
18410
"domain account using either <emphasis>username</emphasis> or "
18412
18411
"<emphasis>username/username@domain</emphasis> format."
18413
18412
msgstr ""
18414
18413
18415
#: serverguide/C/network-auth.xml:4179(ulink)
18414
#: serverguide/C/network-auth.xml:4181(ulink)
18416
18415
msgid "SSSD Project"
18417
18416
msgstr ""
18418
18417
18419
#: serverguide/C/network-auth.xml:4180(ulink)
18418
#: serverguide/C/network-auth.xml:4182(ulink)
18420
18419
msgid "DNS Server Configuration guidelines"
18421
18420
msgstr ""
18422
18421
18423
#: serverguide/C/network-auth.xml:4181(ulink)
18422
#: serverguide/C/network-auth.xml:4183(ulink)
18424
18423
msgid "Active Directory DNS Zone Entries"
18425
18424
msgstr ""
18426
18425
18427
#: serverguide/C/network-auth.xml:4182(ulink)
18426
#: serverguide/C/network-auth.xml:4184(ulink)
18428
18427
msgid "Kerberos config options"
18429
18428
msgstr ""
18430
18429
18436
18435
msgid "Attribute"
18437
18436
msgstr ""
18438
18437
18439
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1624(entry)
18438
#: serverguide/C/multipath-device-attributes-table.xml:9(entry) serverguide/C/multipath-config-defaults-table.xml:14(entry) serverguide/C/multipath-components-table.xml:12(entry) serverguide/C/multipath-attributes-table.xml:9(entry) serverguide/C/dm-multipath.xml:1623(entry)
18440
18439
msgid "Description"
18441
18440
msgstr ""
18442
18441
18570
18569
"levels are between 0 and 6. The default value is 2."
18571
18570
msgstr ""
18572
18571
18573
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1050(parameter) serverguide/C/dm-multipath.xml:1205(parameter)
18572
#: serverguide/C/multipath-config-defaults-table.xml:61(emphasis) serverguide/C/multipath-config-defaults-table.xml:323(emphasis) serverguide/C/dm-multipath.xml:1049(parameter) serverguide/C/dm-multipath.xml:1204(parameter)
18574
18573
msgid "path_selector"
18575
18574
msgstr ""
18576
18575
18605
18604
"The default value is <emphasis role=\"bold\">round-robin 0</emphasis>."
18606
18605
msgstr ""
18607
18606
18608
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1045(parameter) serverguide/C/dm-multipath.xml:1195(parameter)
18607
#: serverguide/C/multipath-config-defaults-table.xml:98(emphasis) serverguide/C/dm-multipath.xml:1044(parameter) serverguide/C/dm-multipath.xml:1194(parameter)
18609
18608
msgid "path_grouping_policy"
18610
18609
msgstr ""
18611
18610
18648
18647
msgid "The default value is <emphasis role=\"bold\">failover.</emphasis>"
18649
18648
msgstr ""
18650
18649
18651
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1200(parameter)
18650
#: serverguide/C/multipath-config-defaults-table.xml:139(emphasis) serverguide/C/dm-multipath.xml:1199(parameter)
18652
18651
msgid "getuid_callout"
18653
18652
msgstr ""
18654
18653
18664
18663
"path identifier. An absolute path is required. <placeholder-1/>"
18665
18664
msgstr ""
18666
18665
18667
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1059(parameter) serverguide/C/dm-multipath.xml:1224(parameter)
18666
#: serverguide/C/multipath-config-defaults-table.xml:150(emphasis) serverguide/C/dm-multipath.xml:1058(parameter) serverguide/C/dm-multipath.xml:1223(parameter)
18668
18667
msgid "prio"
18669
18668
msgstr ""
18670
18669
18720
18719
msgid "The default value is <emphasis role=\"bold\">const</emphasis>."
18721
18720
msgstr ""
18722
18721
18723
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1064(parameter) serverguide/C/dm-multipath.xml:1229(parameter)
18722
#: serverguide/C/multipath-config-defaults-table.xml:202(emphasis) serverguide/C/dm-multipath.xml:1063(parameter) serverguide/C/dm-multipath.xml:1228(parameter)
18724
18723
msgid "prio_args"
18725
18724
msgstr ""
18726
18725
18732
18731
"value is (null) <emphasis role=\"bold\">\"\"</emphasis>."
18733
18732
msgstr ""
18734
18733
18735
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1215(parameter)
18734
#: serverguide/C/multipath-config-defaults-table.xml:216(emphasis) serverguide/C/dm-multipath.xml:1214(parameter)
18736
18735
msgid "features"
18737
18736
msgstr ""
18738
18737
18740
18739
msgid "queue_if_no_path"
18741
18740
msgstr ""
18742
18741
18743
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1069(parameter) serverguide/C/dm-multipath.xml:1234(parameter)
18742
#: serverguide/C/multipath-config-defaults-table.xml:221(emphasis) serverguide/C/multipath-config-defaults-table.xml:334(emphasis) serverguide/C/dm-multipath.xml:1068(parameter) serverguide/C/dm-multipath.xml:1233(parameter)
18744
18743
msgid "no_path_retry"
18745
18744
msgstr ""
18746
18745
18760
18759
"feature, see Section, <placeholder-4/>."
18761
18760
msgstr ""
18762
18761
18763
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1210(parameter)
18762
#: serverguide/C/multipath-config-defaults-table.xml:228(emphasis) serverguide/C/dm-multipath.xml:1209(parameter)
18764
18763
msgid "path_checker"
18765
18764
msgstr ""
18766
18765
18810
18809
msgid "The default value is <emphasis role=\"bold\">directio</emphasis>."
18811
18810
msgstr ""
18812
18811
18813
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1055(parameter) serverguide/C/dm-multipath.xml:1220(parameter)
18812
#: serverguide/C/multipath-config-defaults-table.xml:275(emphasis) serverguide/C/dm-multipath.xml:1054(parameter) serverguide/C/dm-multipath.xml:1219(parameter)
18814
18813
msgid "failback"
18815
18814
msgstr ""
18816
18815
18841
18840
msgid "The default value is <emphasis role=\"bold\">manual</emphasis>."
18842
18841
msgstr ""
18843
18842
18844
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1074(parameter) serverguide/C/dm-multipath.xml:1239(parameter)
18843
#: serverguide/C/multipath-config-defaults-table.xml:307(emphasis) serverguide/C/multipath-config-defaults-table.xml:321(emphasis) serverguide/C/multipath-config-defaults-table.xml:325(emphasis) serverguide/C/dm-multipath.xml:1073(parameter) serverguide/C/dm-multipath.xml:1238(parameter)
18845
18844
msgid "rr_min_io"
18846
18845
msgstr ""
18847
18846
18855
18854
"the next path in the current path group.<placeholder-1/>"
18856
18855
msgstr ""
18857
18856
18858
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1079(parameter) serverguide/C/dm-multipath.xml:1244(parameter)
18857
#: serverguide/C/multipath-config-defaults-table.xml:317(emphasis) serverguide/C/dm-multipath.xml:1078(parameter) serverguide/C/dm-multipath.xml:1243(parameter)
18859
18858
msgid "rr_weight"
18860
18859
msgstr ""
18861
18860
18909
18908
msgid "alias"
18910
18909
msgstr ""
18911
18910
18912
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:765(emphasis)
18911
#: serverguide/C/multipath-config-defaults-table.xml:354(emphasis) serverguide/C/multipath-config-defaults-table.xml:357(emphasis) serverguide/C/multipath-config-defaults-table.xml:379(emphasis) serverguide/C/multipath-config-defaults-table.xml:391(emphasis) serverguide/C/multipath-components-table.xml:31(emphasis) serverguide/C/multipath-components-table.xml:44(emphasis) serverguide/C/multipath-attributes-table.xml:18(emphasis) serverguide/C/multipath-attributes-table.xml:19(emphasis) serverguide/C/multipath-attributes-table.xml:28(emphasis) serverguide/C/multipath-attributes-table.xml:29(emphasis) serverguide/C/dm-multipath.xml:764(emphasis)
18913
18912
msgid "multipath"
18914
18913
msgstr ""
18915
18914
18946
18945
"devices when it is shut down. <placeholder-2/>"
18947
18946
msgstr ""
18948
18947
18949
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1084(parameter) serverguide/C/dm-multipath.xml:1259(parameter)
18948
#: serverguide/C/multipath-config-defaults-table.xml:376(emphasis) serverguide/C/dm-multipath.xml:1083(parameter) serverguide/C/dm-multipath.xml:1258(parameter)
18950
18949
msgid "flush_on_last_del"
18951
18950
msgstr ""
18952
18951
18992
18991
"explicit timeout, in seconds. <placeholder-1/>"
18993
18992
msgstr ""
18994
18993
18995
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1249(parameter)
18994
#: serverguide/C/multipath-config-defaults-table.xml:413(emphasis) serverguide/C/dm-multipath.xml:1248(parameter)
18996
18995
msgid "fast_io_fail_tmo"
18997
18996
msgstr ""
18998
18997
19008
19007
"this to off will disable the timeout. <placeholder-1/>"
19009
19008
msgstr ""
19010
19009
19011
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1254(parameter)
19010
#: serverguide/C/multipath-config-defaults-table.xml:425(emphasis) serverguide/C/dm-multipath.xml:1253(parameter)
19012
19011
msgid "dev_loss_tmo"
19013
19012
msgstr ""
19014
19013
19690
19689
"IMAP server."
19691
19690
msgstr ""
19692
19691
19693
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:837(application) serverguide/C/mail.xml:869(title) serverguide/C/mail.xml:947(title) serverguide/C/mail.xml:1519(title)
19692
#: serverguide/C/mail.xml:22(title) serverguide/C/mail.xml:896(application) serverguide/C/mail.xml:928(title) serverguide/C/mail.xml:1006(title) serverguide/C/mail.xml:1577(title)
19694
19693
msgid "Postfix"
19695
19694
msgstr ""
19696
19695
19813
19812
"your Mail Delivery Agent (MDA) to use the same path."
19814
19813
msgstr ""
19815
19814
19816
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:550(title)
19815
#: serverguide/C/mail.xml:106(title) serverguide/C/mail.xml:608(title)
19817
19816
msgid "SMTP Authentication"
19818
19817
msgstr ""
19819
19818
19964
19963
"tls_random_source = dev:/dev/urandom\n"
19965
19964
msgstr ""
19966
19965
19967
#: serverguide/C/mail.xml:188(para)
19966
#: serverguide/C/mail.xml:229(para)
19968
19967
msgid ""
19969
19968
"The postfix initial configuration is complete. Run the following command to "
19970
19969
"restart the postfix daemon:"
19974
19973
msgid "sudo service postfix restart"
19975
19974
msgstr ""
19976
19975
19977
#: serverguide/C/mail.xml:197(para)
19976
#: serverguide/C/mail.xml:238(para)
19978
19977
msgid ""
19979
19978
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
19980
19979
"url=\"http://www.ietf.org/rfc/rfc2554.txt\">RFC2554</ulink>. It is based on "
19983
19982
"AUTH."
19984
19983
msgstr ""
19985
19984
19986
#: serverguide/C/mail.xml:207(title) serverguide/C/mail.xml:614(title)
19985
#: serverguide/C/mail.xml:248(title) serverguide/C/mail.xml:672(title)
19987
19986
msgid "Configuring SASL"
19988
19987
msgstr ""
19989
19988
19990
#: serverguide/C/mail.xml:208(para)
19989
#: serverguide/C/mail.xml:249(para)
19991
19990
msgid ""
19992
19991
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
19993
19992
"enable Dovecot SASL the <application>dovecot-common</application> package "
19994
19993
"will need to be installed. From a terminal prompt enter the following:"
19995
19994
msgstr ""
19996
19995
19997
#: serverguide/C/mail.xml:214(command)
19996
#: serverguide/C/mail.xml:255(command)
19998
19997
msgid "sudo apt-get install dovecot-common"
19999
19998
msgstr ""
20000
19999
20056
20055
"auth_mechanisms = plain login\n"
20057
20056
msgstr ""
20058
20057
20059
#: serverguide/C/mail.xml:253(para)
20058
#: serverguide/C/mail.xml:298(para)
20060
20059
msgid ""
20061
20060
"Once you have <application>Dovecot</application> configured restart it with:"
20062
20061
msgstr ""
20065
20064
msgid "sudo service dovecot restart"
20066
20065
msgstr ""
20067
20066
20068
#: serverguide/C/mail.xml:262(title)
20067
#: serverguide/C/mail.xml:307(title)
20069
20068
msgid "Mail-Stack Delivery"
20070
20069
msgstr ""
20071
20070
20072
#: serverguide/C/mail.xml:264(para)
20071
#: serverguide/C/mail.xml:309(para)
20073
20072
msgid ""
20074
20073
"Another option for configuring <application>Postfix</application> for SMTP-"
20075
20074
"AUTH is using the <application>mail-stack-delivery</application> package "
20080
20079
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
20081
20080
msgstr ""
20082
20081
20083
#: serverguide/C/mail.xml:274(para)
20082
#: serverguide/C/mail.xml:319(para)
20084
20083
msgid ""
20085
20084
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
20086
20085
"server. For example, if you are configuring your server to be a mail "
20088
20087
"the above commands to configure Postfix for SMTP-AUTH."
20089
20088
msgstr ""
20090
20089
20091
#: serverguide/C/mail.xml:281(para)
20090
#: serverguide/C/mail.xml:326(para)
20092
20091
msgid "To install the package, from a terminal prompt enter:"
20093
20092
msgstr ""
20094
20093
20095
#: serverguide/C/mail.xml:286(command)
20094
#: serverguide/C/mail.xml:331(command)
20096
20095
msgid "sudo apt-get install mail-stack-delivery"
20097
20096
msgstr ""
20098
20097
20099
#: serverguide/C/mail.xml:289(para)
20098
#: serverguide/C/mail.xml:334(para)
20100
20099
msgid ""
20101
20100
"You should now have a working mail server, but there are a few options that "
20102
20101
"you may wish to further customize. For example, the package uses the "
20106
20105
"for more details."
20107
20106
msgstr ""
20108
20107
20109
#: serverguide/C/mail.xml:295(para)
20108
#: serverguide/C/mail.xml:340(para)
20110
20109
msgid ""
20111
20110
"Once you have a customized certificate and key for the host, change the "
20112
20111
"following options in <filename>/etc/postfix/main.cf</filename>:"
20113
20112
msgstr ""
20114
20113
20115
#: serverguide/C/mail.xml:299(programlisting)
20114
#: serverguide/C/mail.xml:344(programlisting)
20116
20115
#, no-wrap
20117
20116
msgid ""
20118
20117
"\n"
20120
20119
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
20121
20120
msgstr ""
20122
20121
20123
#: serverguide/C/mail.xml:304(para)
20122
#: serverguide/C/mail.xml:349(para)
20124
20123
msgid "Then restart Postfix:"
20125
20124
msgstr ""
20126
20125
20127
#: serverguide/C/mail.xml:315(para)
20126
#: serverguide/C/mail.xml:360(para)
20128
20127
msgid ""
20129
20128
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
20130
20129
msgstr ""
20131
20130
20132
#: serverguide/C/mail.xml:318(para)
20131
#: serverguide/C/mail.xml:363(para)
20133
20132
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
20134
20133
msgstr ""
20135
20134
20136
#: serverguide/C/mail.xml:323(command)
20135
#: serverguide/C/mail.xml:368(command)
20137
20136
msgid "telnet mail.example.com 25"
20138
20137
msgstr ""
20139
20138
20140
#: serverguide/C/mail.xml:325(para)
20139
#: serverguide/C/mail.xml:370(para)
20141
20140
msgid ""
20142
20141
"After you have established the connection to the postfix mail server, type:"
20143
20142
msgstr ""
20144
20143
20145
#: serverguide/C/mail.xml:329(screen)
20144
#: serverguide/C/mail.xml:374(screen)
20146
20145
#, no-wrap
20147
20146
msgid ""
20148
20147
"\n"
20149
20148
"ehlo mail.example.com\n"
20150
20149
msgstr ""
20151
20150
20152
#: serverguide/C/mail.xml:332(para)
20151
#: serverguide/C/mail.xml:377(para)
20153
20152
msgid ""
20154
20153
"If you see the following lines among others, then everything is working "
20155
20154
"perfectly. Type <command>quit</command> to exit."
20156
20155
msgstr ""
20157
20156
20158
#: serverguide/C/mail.xml:336(programlisting)
20157
#: serverguide/C/mail.xml:381(programlisting)
20159
20158
#, no-wrap
20160
20159
msgid ""
20161
20160
"\n"
20165
20164
"250 8BITMIME\n"
20166
20165
msgstr ""
20167
20166
20168
#: serverguide/C/mail.xml:346(para)
20167
#: serverguide/C/mail.xml:391(para)
20169
20168
msgid ""
20170
20169
"This section introduces some common ways to determine the cause if problems "
20171
20170
"arise."
20172
20171
msgstr ""
20173
20172
20174
#: serverguide/C/mail.xml:350(title)
20173
#: serverguide/C/mail.xml:395(title)
20175
20174
msgid "Escaping chroot"
20176
20175
msgstr ""
20177
20176
20178
#: serverguide/C/mail.xml:351(para)
20177
#: serverguide/C/mail.xml:396(para)
20179
20178
msgid ""
20180
20179
"The Ubuntu <application>postfix</application> package will by default "
20181
20180
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
20182
20181
"This can add greater complexity when troubleshooting problems."
20183
20182
msgstr ""
20184
20183
20185
#: serverguide/C/mail.xml:355(para)
20184
#: serverguide/C/mail.xml:400(para)
20186
20185
msgid ""
20187
20186
"To turn off the chroot operation locate for the following line in the "
20188
20187
"<filename>/etc/postfix/master.cf</filename> configuration file:"
20189
20188
msgstr ""
20190
20189
20191
#: serverguide/C/mail.xml:359(screen)
20190
#: serverguide/C/mail.xml:404(screen)
20192
20191
#, no-wrap
20193
20192
msgid ""
20194
20193
"\n"
20195
20194
"smtp inet n - - - - smtpd\n"
20196
20195
msgstr ""
20197
20196
20198
#: serverguide/C/mail.xml:362(para)
20197
#: serverguide/C/mail.xml:407(para)
20199
20198
msgid "and modify it as follows:"
20200
20199
msgstr ""
20201
20200
20202
#: serverguide/C/mail.xml:365(screen)
20201
#: serverguide/C/mail.xml:410(screen)
20203
20202
#, no-wrap
20204
20203
msgid ""
20205
20204
"\n"
20206
20205
"smtp inet n - n - - smtpd\n"
20207
20206
msgstr ""
20208
20207
20209
#: serverguide/C/mail.xml:368(para)
20208
#: serverguide/C/mail.xml:413(para)
20210
20209
msgid ""
20211
20210
"You will then need to restart Postfix to use the new configuration. From a "
20212
20211
"terminal prompt enter:"
20234
20233
"\t "
20235
20234
msgstr ""
20236
20235
20237
#: serverguide/C/mail.xml:376(title)
20236
#: serverguide/C/mail.xml:434(title)
20238
20237
msgid "Log Files"
20239
20238
msgstr ""
20240
20239
20241
#: serverguide/C/mail.xml:377(para)
20240
#: serverguide/C/mail.xml:435(para)
20242
20241
msgid ""
20243
20242
"<application>Postfix</application> sends all log messages to "
20244
20243
"<filename>/var/log/mail.log</filename>. However error and warning messages "
20247
20246
"<filename>/var/log/mail.warn</filename> respectively."
20248
20247
msgstr ""
20249
20248
20250
#: serverguide/C/mail.xml:382(para)
20249
#: serverguide/C/mail.xml:440(para)
20251
20250
msgid ""
20252
20251
"To see messages entered into the logs in real time you can use the "
20253
20252
"<application>tail -f</application> command:"
20254
20253
msgstr ""
20255
20254
20256
#: serverguide/C/mail.xml:387(command)
20255
#: serverguide/C/mail.xml:445(command)
20257
20256
msgid "tail -f /var/log/mail.err"
20258
20257
msgstr ""
20259
20258
20260
#: serverguide/C/mail.xml:389(para)
20259
#: serverguide/C/mail.xml:447(para)
20261
20260
msgid ""
20262
20261
"The amount of detail that is recorded in the logs can be increased. Below "
20263
20262
"are some configuration options for increasing the log level for some of the "
20264
20263
"areas covered above."
20265
20264
msgstr ""
20266
20265
20267
#: serverguide/C/mail.xml:395(para)
20266
#: serverguide/C/mail.xml:453(para)
20268
20267
msgid ""
20269
20268
"To increase <emphasis>TLS</emphasis> activity logging set the "
20270
20269
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20271
20270
msgstr ""
20272
20271
20273
#: serverguide/C/mail.xml:399(command)
20272
#: serverguide/C/mail.xml:457(command)
20274
20273
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20275
20274
msgstr ""
20276
20275
20277
#: serverguide/C/mail.xml:403(para)
20276
#: serverguide/C/mail.xml:461(para)
20278
20277
msgid ""
20279
20278
"If you are having trouble sending or receiving mail from a specific domain "
20280
20279
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20281
20280
msgstr ""
20282
20281
20283
#: serverguide/C/mail.xml:408(command)
20282
#: serverguide/C/mail.xml:466(command)
20284
20283
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20285
20284
msgstr ""
20286
20285
20287
#: serverguide/C/mail.xml:412(para)
20286
#: serverguide/C/mail.xml:470(para)
20288
20287
msgid ""
20289
20288
"You can increase the verbosity of any <application>Postfix</application> "
20290
20289
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20292
20291
"<emphasis>smtp</emphasis> entry:"
20293
20292
msgstr ""
20294
20293
20295
#: serverguide/C/mail.xml:416(programlisting)
20294
#: serverguide/C/mail.xml:474(programlisting)
20296
20295
#, no-wrap
20297
20296
msgid ""
20298
20297
"\n"
20314
20313
"<filename>/etc/dovecot/conf.d/10-logging.conf</filename>"
20315
20314
msgstr ""
20316
20315
20317
#: serverguide/C/mail.xml:433(programlisting)
20316
#: serverguide/C/mail.xml:491(programlisting)
20318
20317
#, no-wrap
20319
20318
msgid ""
20320
20319
"\n"
20329
20328
"reloaded: <command>sudo service dovecot reload</command>."
20330
20329
msgstr ""
20331
20330
20332
#: serverguide/C/mail.xml:446(para)
20331
#: serverguide/C/mail.xml:504(para)
20333
20332
msgid ""
20334
20333
"Some of the options above can drastically increase the amount of information "
20335
20334
"sent to the log files. Remember to return the log level back to normal after "
20337
20336
"new configuration to take affect."
20338
20337
msgstr ""
20339
20338
20340
#: serverguide/C/mail.xml:454(para)
20339
#: serverguide/C/mail.xml:512(para)
20341
20340
msgid ""
20342
20341
"Administering a <application>Postfix</application> server can be a very "
20343
20342
"complicated task. At some point you may need to turn to the Ubuntu community "
20344
20343
"for more experienced help."
20345
20344
msgstr ""
20346
20345
20347
#: serverguide/C/mail.xml:458(para)
20346
#: serverguide/C/mail.xml:516(para)
20348
20347
msgid ""
20349
20348
"A great place to ask for <application>Postfix</application> assistance, and "
20350
20349
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20354
20353
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
20355
20354
msgstr ""
20356
20355
20357
#: serverguide/C/mail.xml:463(para)
20356
#: serverguide/C/mail.xml:521(para)
20358
20357
msgid ""
20359
20358
"For in depth <application>Postfix</application> information Ubuntu "
20360
20359
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
20361
20360
"Book of Postfix</ulink>."
20362
20361
msgstr ""
20363
20362
20364
#: serverguide/C/mail.xml:467(para)
20363
#: serverguide/C/mail.xml:525(para)
20365
20364
msgid ""
20366
20365
"Finally, the <ulink "
20367
20366
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
20375
20374
"Wiki Postfix</ulink> page has more information."
20376
20375
msgstr ""
20377
20376
20378
#: serverguide/C/mail.xml:479(title) serverguide/C/mail.xml:875(title) serverguide/C/mail.xml:991(title)
20377
#: serverguide/C/mail.xml:537(title) serverguide/C/mail.xml:934(title) serverguide/C/mail.xml:1050(title)
20379
20378
msgid "Exim4"
20380
20379
msgstr ""
20381
20380
20382
#: serverguide/C/mail.xml:480(para)
20381
#: serverguide/C/mail.xml:538(para)
20383
20382
msgid ""
20384
20383
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
20385
20384
"developed at the University of Cambridge for use on Unix systems connected "
20389
20388
"<application>sendmail</application>."
20390
20389
msgstr ""
20391
20390
20392
#: serverguide/C/mail.xml:491(para)
20391
#: serverguide/C/mail.xml:549(para)
20393
20392
msgid ""
20394
20393
"To install <application>exim4</application>, run the following command: "
20395
20394
"<screen>\n"
20397
20396
"</screen>"
20398
20397
msgstr ""
20399
20398
20400
#: serverguide/C/mail.xml:500(para)
20399
#: serverguide/C/mail.xml:558(para)
20401
20400
msgid ""
20402
20401
"To configure <application>Exim4</application>, run the following command:"
20403
20402
msgstr ""
20404
20403
20405
#: serverguide/C/mail.xml:504(command)
20404
#: serverguide/C/mail.xml:562(command)
20406
20405
msgid "sudo dpkg-reconfigure exim4-config"
20407
20406
msgstr ""
20408
20407
20409
#: serverguide/C/mail.xml:506(para)
20408
#: serverguide/C/mail.xml:564(para)
20410
20409
msgid ""
20411
20410
"The user interface will be displayed. The user interface lets you configure "
20412
20411
"many parameters. For example, In <application>Exim4</application> the "
20414
20413
"in one file you can configure accordingly in this user interface."
20415
20414
msgstr ""
20416
20415
20417
#: serverguide/C/mail.xml:514(para)
20416
#: serverguide/C/mail.xml:572(para)
20418
20417
msgid ""
20419
20418
"All the parameters you configure in the user interface are stored in "
20420
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20421
"configure, either you re-run the configuration wizard or manually edit this "
20422
"file using your favorite editor. Once you configure, you can run the "
20419
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20420
"re-configure, either you re-run the configuration wizard or manually edit "
20421
"this file using your favorite editor. Once you configure, you can run the "
20423
20422
"following command to generate the master configuration file:"
20424
20423
msgstr ""
20425
20424
20426
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20425
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20427
20426
msgid "sudo update-exim4.conf"
20428
20427
msgstr ""
20429
20428
20430
#: serverguide/C/mail.xml:527(para)
20429
#: serverguide/C/mail.xml:585(para)
20431
20430
msgid ""
20432
20431
"The master configuration file, is generated and it is stored in "
20433
20432
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20434
20433
msgstr ""
20435
20434
20436
#: serverguide/C/mail.xml:533(para)
20435
#: serverguide/C/mail.xml:591(para)
20437
20436
msgid ""
20438
20437
"At any time, you should not edit the master configuration file, "
20439
20438
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20440
20439
"updated automatically every time you run <command>update-exim4.conf</command>"
20441
20440
msgstr ""
20442
20441
20443
#: serverguide/C/mail.xml:541(para)
20442
#: serverguide/C/mail.xml:599(para)
20444
20443
msgid ""
20445
20444
"You can run the following command to start <application>Exim4</application> "
20446
20445
"daemon."
20450
20449
msgid "sudo service exim4 start"
20451
20450
msgstr ""
20452
20451
20453
#: serverguide/C/mail.xml:551(para)
20452
#: serverguide/C/mail.xml:609(para)
20454
20453
msgid ""
20455
20454
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
20456
20455
msgstr ""
20457
20456
20458
#: serverguide/C/mail.xml:554(para)
20457
#: serverguide/C/mail.xml:612(para)
20459
20458
msgid ""
20460
20459
"The first step is to create a certificate for use with TLS. Enter the "
20461
20460
"following into a terminal prompt:"
20462
20461
msgstr ""
20463
20462
20464
#: serverguide/C/mail.xml:558(command)
20463
#: serverguide/C/mail.xml:616(command)
20465
20464
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
20466
20465
msgstr ""
20467
20466
20468
#: serverguide/C/mail.xml:560(para)
20467
#: serverguide/C/mail.xml:618(para)
20469
20468
msgid ""
20470
20469
"Now Exim4 needs to be configured for TLS by editing "
20471
20470
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
20472
20471
"the following:"
20473
20472
msgstr ""
20474
20473
20475
#: serverguide/C/mail.xml:564(programlisting)
20474
#: serverguide/C/mail.xml:622(programlisting)
20476
20475
#, no-wrap
20477
20476
msgid ""
20478
20477
"\n"
20479
20478
"MAIN_TLS_ENABLE = yes\n"
20480
20479
msgstr ""
20481
20480
20482
#: serverguide/C/mail.xml:567(para)
20481
#: serverguide/C/mail.xml:625(para)
20483
20482
msgid ""
20484
20483
"Next you need to configure <application>Exim4</application> to use the "
20485
20484
"<application>saslauthd</application> for authentication. Edit "
20488
20487
"<emphasis>login_saslauthd_server</emphasis> sections:"
20489
20488
msgstr ""
20490
20489
20491
#: serverguide/C/mail.xml:572(programlisting)
20490
#: serverguide/C/mail.xml:630(programlisting)
20492
20491
#, no-wrap
20493
20492
msgid ""
20494
20493
"\n"
20514
20513
" .endif\n"
20515
20514
msgstr ""
20516
20515
20517
#: serverguide/C/mail.xml:594(para)
20516
#: serverguide/C/mail.xml:652(para)
20518
20517
msgid ""
20519
20518
"Additionally, in order for outside mail client to be able to connect to new "
20520
20519
"exim server, new user needs to be added into exim by using the following "
20525
20524
msgid "sudo /usr/share/doc/exim4-base/examples/exim-adduser"
20526
20525
msgstr ""
20527
20526
20528
#: serverguide/C/mail.xml:600(para)
20527
#: serverguide/C/mail.xml:658(para)
20529
20528
msgid ""
20530
20529
"Users should protect the new exim password files with the following commands."
20531
20530
msgstr ""
20532
20531
20533
#: serverguide/C/mail.xml:602(command)
20532
#: serverguide/C/mail.xml:660(command)
20534
20533
msgid "sudo chown root:Debian-exim /etc/exim4/passwd"
20535
20534
msgstr ""
20536
20535
20537
#: serverguide/C/mail.xml:603(command)
20536
#: serverguide/C/mail.xml:661(command)
20538
20537
msgid "sudo chmod 640 /etc/exim4/passwd"
20539
20538
msgstr ""
20540
20539
20541
#: serverguide/C/mail.xml:605(para)
20540
#: serverguide/C/mail.xml:663(para)
20542
20541
msgid "Finally, update the Exim4 configuration and restart the service:"
20543
20542
msgstr ""
20544
20543
20546
20545
msgid "sudo service exim4 restart"
20547
20546
msgstr ""
20548
20547
20549
#: serverguide/C/mail.xml:615(para)
20548
#: serverguide/C/mail.xml:673(para)
20550
20549
msgid ""
20551
20550
"This section provides details on configuring the saslauthd to provide "
20552
20551
"authentication for <application>Exim4</application>."
20553
20552
msgstr ""
20554
20553
20555
#: serverguide/C/mail.xml:618(para)
20554
#: serverguide/C/mail.xml:676(para)
20556
20555
msgid ""
20557
20556
"The first step is to install the sasl2-bin package. From a terminal prompt "
20558
20557
"enter the following:"
20559
20558
msgstr ""
20560
20559
20561
#: serverguide/C/mail.xml:622(command)
20560
#: serverguide/C/mail.xml:680(command)
20562
20561
msgid "sudo apt-get install sasl2-bin"
20563
20562
msgstr ""
20564
20563
20565
#: serverguide/C/mail.xml:624(para)
20564
#: serverguide/C/mail.xml:682(para)
20566
20565
msgid ""
20567
20566
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20568
20567
"and set START=no to:"
20569
20568
msgstr ""
20570
20569
20571
#: serverguide/C/mail.xml:630(para)
20570
#: serverguide/C/mail.xml:688(para)
20572
20571
msgid ""
20573
20572
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20574
20573
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20575
20574
"service:"
20576
20575
msgstr ""
20577
20576
20578
#: serverguide/C/mail.xml:635(command)
20577
#: serverguide/C/mail.xml:693(command)
20579
20578
msgid "sudo adduser Debian-exim sasl"
20580
20579
msgstr ""
20581
20580
20582
#: serverguide/C/mail.xml:637(para)
20581
#: serverguide/C/mail.xml:695(para)
20583
20582
msgid "Now start the <application>saslauthd</application> service:"
20584
20583
msgstr ""
20585
20584
20587
20586
msgid "sudo service saslauthd start"
20588
20587
msgstr ""
20589
20588
20590
#: serverguide/C/mail.xml:643(para)
20589
#: serverguide/C/mail.xml:701(para)
20591
20590
msgid ""
20592
20591
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20593
20592
"and SASL authentication."
20594
20593
msgstr ""
20595
20594
20596
#: serverguide/C/mail.xml:652(para)
20595
#: serverguide/C/mail.xml:710(para)
20597
20596
msgid ""
20598
20597
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20599
20598
"information."
20600
20599
msgstr ""
20601
20600
20602
#: serverguide/C/mail.xml:657(para)
20601
#: serverguide/C/mail.xml:715(para)
20603
20602
msgid ""
20604
20603
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20605
20604
"server\">Exim4 Book</ulink> available."
20606
20605
msgstr ""
20607
20606
20608
#: serverguide/C/mail.xml:662(para)
20607
#: serverguide/C/mail.xml:720(para)
20609
20608
msgid ""
20610
20609
"Another resource is the <ulink "
20611
20610
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20612
20611
"page."
20613
20612
msgstr ""
20614
20613
20615
#: serverguide/C/mail.xml:671(title)
20614
#: serverguide/C/mail.xml:729(title)
20616
20615
msgid "Dovecot Server"
20617
20616
msgstr ""
20618
20617
20619
#: serverguide/C/mail.xml:672(para)
20618
#: serverguide/C/mail.xml:730(para)
20620
20619
msgid ""
20621
20620
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20622
20621
"security primarily in mind. It supports the major mailbox formats: mbox or "
20623
20622
"Maildir. This section explain how to set it up as an imap or pop3 server."
20624
20623
msgstr ""
20625
20624
20626
#: serverguide/C/mail.xml:680(para)
20625
#: serverguide/C/mail.xml:738(para)
20627
20626
msgid ""
20628
20627
"To install <application>dovecot</application>, run the following command in "
20629
20628
"the command prompt:"
20630
20629
msgstr ""
20631
20630
20632
#: serverguide/C/mail.xml:685(command)
20631
#: serverguide/C/mail.xml:743(command)
20633
20632
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20634
20633
msgstr ""
20635
20634
20636
#: serverguide/C/mail.xml:690(para)
20635
#: serverguide/C/mail.xml:748(para)
20637
20636
msgid ""
20638
20637
"To configure <application>dovecot</application>, you can edit the file "
20639
20638
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20645
20644
"link>."
20646
20645
msgstr ""
20647
20646
20648
#: serverguide/C/mail.xml:700(para)
20647
#: serverguide/C/mail.xml:758(para)
20649
20648
msgid ""
20650
20649
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
20651
20650
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
20652
20651
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
20653
20652
msgstr ""
20654
20653
20655
#: serverguide/C/mail.xml:706(programlisting)
20654
#: serverguide/C/mail.xml:764(programlisting)
20656
20655
#, no-wrap
20657
20656
msgid ""
20658
20657
"\n"
20677
20676
"following line:"
20678
20677
msgstr ""
20679
20678
20680
#: serverguide/C/mail.xml:722(programlisting)
20679
#: serverguide/C/mail.xml:780(programlisting)
20681
20680
#, no-wrap
20682
20681
msgid ""
20683
20682
"\n"
20686
20685
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
20687
20686
msgstr ""
20688
20687
20689
#: serverguide/C/mail.xml:728(para)
20688
#: serverguide/C/mail.xml:786(para)
20690
20689
msgid ""
20691
20690
"You should configure your Mail Transport Agent (MTA) to transfer the "
20692
20691
"incoming mail to this type of mailbox if it is different from the one you "
20693
20692
"have configured."
20694
20693
msgstr ""
20695
20694
20696
#: serverguide/C/mail.xml:734(para)
20695
#: serverguide/C/mail.xml:792(para)
20697
20696
msgid ""
20698
20697
"Once you have configured dovecot, restart the "
20699
20698
"<application>dovecot</application> daemon in order to test your setup:"
20700
20699
msgstr ""
20701
20700
20702
#: serverguide/C/mail.xml:743(para)
20701
#: serverguide/C/mail.xml:801(para)
20703
20702
msgid ""
20704
20703
"If you have enabled imap, or pop3, you can also try to log in with the "
20705
20704
"commands <command>telnet localhost pop3</command> or <command>telnet "
20707
20706
"installation has been successful:"
20708
20707
msgstr ""
20709
20708
20710
#: serverguide/C/mail.xml:750(programlisting)
20709
#: serverguide/C/mail.xml:808(programlisting)
20711
20710
#, no-wrap
20712
20711
msgid ""
20713
20712
"\n"
20718
20717
"+OK Dovecot ready.\n"
20719
20718
msgstr ""
20720
20719
20721
#: serverguide/C/mail.xml:759(title)
20720
#: serverguide/C/mail.xml:817(title)
20722
20721
msgid "Dovecot SSL Configuration"
20723
20722
msgstr ""
20724
20723
20741
20740
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
20742
20741
msgstr ""
20743
20742
20744
#: serverguide/C/mail.xml:786(title)
20743
#: serverguide/C/mail.xml:845(title)
20745
20744
msgid "Firewall Configuration for an Email Server"
20746
20745
msgstr ""
20747
20746
20748
#: serverguide/C/mail.xml:792(para)
20747
#: serverguide/C/mail.xml:851(para)
20749
20748
msgid "IMAP - 143"
20750
20749
msgstr ""
20751
20750
20752
#: serverguide/C/mail.xml:793(para)
20751
#: serverguide/C/mail.xml:852(para)
20753
20752
msgid "IMAPS - 993"
20754
20753
msgstr ""
20755
20754
20756
#: serverguide/C/mail.xml:794(para)
20755
#: serverguide/C/mail.xml:853(para)
20757
20756
msgid "POP3 - 110"
20758
20757
msgstr ""
20759
20758
20760
#: serverguide/C/mail.xml:795(para)
20759
#: serverguide/C/mail.xml:854(para)
20761
20760
msgid "POP3S - 995"
20762
20761
msgstr ""
20763
20762
20764
#: serverguide/C/mail.xml:787(para)
20763
#: serverguide/C/mail.xml:846(para)
20765
20764
msgid ""
20766
20765
"To access your mail server from another computer, you must configure your "
20767
20766
"firewall to allow connections to the server on the necessary ports. "
20768
20767
"<placeholder-1/>"
20769
20768
msgstr ""
20770
20769
20771
#: serverguide/C/mail.xml:804(para)
20770
#: serverguide/C/mail.xml:863(para)
20772
20771
msgid ""
20773
20772
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20774
20773
"more information."
20775
20774
msgstr ""
20776
20775
20777
#: serverguide/C/mail.xml:809(para)
20776
#: serverguide/C/mail.xml:868(para)
20778
20777
msgid ""
20779
20778
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20780
20779
"Ubuntu Wiki</ulink> page has more details."
20781
20780
msgstr ""
20782
20781
20783
#: serverguide/C/mail.xml:818(title) serverguide/C/mail.xml:893(title) serverguide/C/mail.xml:1116(title)
20782
#: serverguide/C/mail.xml:877(title) serverguide/C/mail.xml:952(title) serverguide/C/mail.xml:1175(title)
20784
20783
msgid "Mailman"
20785
20784
msgstr ""
20786
20785
20787
#: serverguide/C/mail.xml:819(para)
20786
#: serverguide/C/mail.xml:878(para)
20788
20787
msgid ""
20789
20788
"Mailman is an open source program for managing electronic mail discussions "
20790
20789
"and e-newsletter lists. Many open source mailing lists (including all the "
20793
20792
"and maintain."
20794
20793
msgstr ""
20795
20794
20796
#: serverguide/C/mail.xml:829(para)
20795
#: serverguide/C/mail.xml:888(para)
20797
20796
msgid ""
20798
20797
"Mailman provides a web interface for the administrators and users, using an "
20799
20798
"external mail server to send and receive emails. It works perfectly with the "
20800
20799
"following mail servers:"
20801
20800
msgstr ""
20802
20801
20803
#: serverguide/C/mail.xml:840(application)
20802
#: serverguide/C/mail.xml:899(application)
20804
20803
msgid "Exim"
20805
20804
msgstr ""
20806
20805
20807
#: serverguide/C/mail.xml:843(application)
20806
#: serverguide/C/mail.xml:902(application)
20808
20807
msgid "Sendmail"
20809
20808
msgstr "Sendmail"
20810
20809
20811
#: serverguide/C/mail.xml:846(application)
20810
#: serverguide/C/mail.xml:905(application)
20812
20811
msgid "Qmail"
20813
20812
msgstr ""
20814
20813
20815
#: serverguide/C/mail.xml:851(para)
20814
#: serverguide/C/mail.xml:910(para)
20816
20815
msgid ""
20817
20816
"We will see how to install and configure Mailman with, the Apache web "
20818
20817
"server, and either the Postfix or Exim mail server. If you wish to install "
20819
20818
"Mailman with a different mail server, please refer to the references section."
20820
20819
msgstr ""
20821
20820
20822
#: serverguide/C/mail.xml:858(para)
20821
#: serverguide/C/mail.xml:917(para)
20823
20822
msgid ""
20824
20823
"You only need to install one mail server and "
20825
20824
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20826
20825
msgstr ""
20827
20826
20828
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20827
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20829
20828
msgid "Apache2"
20830
20829
msgstr ""
20831
20830
20832
#: serverguide/C/mail.xml:864(para)
20831
#: serverguide/C/mail.xml:923(para)
20833
20832
msgid ""
20834
20833
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20835
20834
"details."
20836
20835
msgstr ""
20837
20836
20838
#: serverguide/C/mail.xml:870(para)
20837
#: serverguide/C/mail.xml:929(para)
20839
20838
msgid ""
20840
20839
"For instructions on installing and configuring Postfix refer to <xref "
20841
20840
"linkend=\"postfix\"/>"
20842
20841
msgstr ""
20843
20842
20844
#: serverguide/C/mail.xml:876(para)
20843
#: serverguide/C/mail.xml:935(para)
20845
20844
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20846
20845
msgstr ""
20847
20846
20848
#: serverguide/C/mail.xml:879(para)
20847
#: serverguide/C/mail.xml:938(para)
20849
20848
msgid ""
20850
20849
"Once exim4 is installed, the configuration files are stored in the "
20851
20850
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20854
20853
"<filename>/etc/exim4/update-exim4.conf</filename> file:"
20855
20854
msgstr ""
20856
20855
20857
#: serverguide/C/mail.xml:886(programlisting)
20856
#: serverguide/C/mail.xml:945(programlisting)
20858
20857
#, no-wrap
20859
20858
msgid ""
20860
20859
"\n"
20861
20860
"dc_use_split_config='true'\n"
20862
20861
msgstr ""
20863
20862
20864
#: serverguide/C/mail.xml:894(para)
20863
#: serverguide/C/mail.xml:953(para)
20865
20864
msgid ""
20866
20865
"To install <application>Mailman</application>, run following command at a "
20867
20866
"terminal prompt:"
20868
20867
msgstr ""
20869
20868
20870
#: serverguide/C/mail.xml:898(command)
20869
#: serverguide/C/mail.xml:957(command)
20871
20870
msgid "sudo apt-get install mailman"
20872
20871
msgstr ""
20873
20872
20874
#: serverguide/C/mail.xml:900(para)
20873
#: serverguide/C/mail.xml:959(para)
20875
20874
msgid ""
20876
20875
"It copies the installation files in "
20877
20876
"<application>/var/lib/mailman</application> directory. It installs the CGI "
20881
20880
"this user."
20882
20881
msgstr ""
20883
20882
20884
#: serverguide/C/mail.xml:912(para)
20883
#: serverguide/C/mail.xml:971(para)
20885
20884
msgid ""
20886
20885
"This section assumes you have successfully installed "
20887
20886
"<application>mailman</application>, <application>apache2</application>, and "
20889
20888
"you just need to configure them."
20890
20889
msgstr ""
20891
20890
20892
#: serverguide/C/mail.xml:921(para)
20891
#: serverguide/C/mail.xml:980(para)
20893
20892
msgid ""
20894
20893
"An example Apache configuration file comes with "
20895
20894
"<application>Mailman</application> and is placed in "
20898
20897
"available</filename>:"
20899
20898
msgstr ""
20900
20899
20901
#: serverguide/C/mail.xml:927(command)
20900
#: serverguide/C/mail.xml:986(command)
20902
20901
msgid ""
20903
20902
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
20904
20903
msgstr ""
20905
20904
20906
#: serverguide/C/mail.xml:929(para)
20905
#: serverguide/C/mail.xml:988(para)
20907
20906
msgid ""
20908
20907
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
20909
20908
"Mailman administration site. Now enable the new configuration and restart "
20910
20909
"Apache:"
20911
20910
msgstr ""
20912
20911
20913
#: serverguide/C/mail.xml:934(command)
20912
#: serverguide/C/mail.xml:993(command)
20914
20913
msgid "sudo a2ensite mailman.conf"
20915
20914
msgstr ""
20916
20915
20917
#: serverguide/C/mail.xml:937(para)
20916
#: serverguide/C/mail.xml:996(para)
20918
20917
msgid ""
20919
20918
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
20920
20919
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
20923
20922
"available/mailman.conf</filename> file if you wish to change this behavior."
20924
20923
msgstr ""
20925
20924
20926
#: serverguide/C/mail.xml:948(para)
20925
#: serverguide/C/mail.xml:1007(para)
20927
20926
msgid ""
20928
20927
"For <application>Postfix</application> integration, we will associate the "
20929
20928
"domain lists.example.com with the mailing lists. Please replace "
20930
20929
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20931
20930
msgstr ""
20932
20931
20933
#: serverguide/C/mail.xml:952(para)
20932
#: serverguide/C/mail.xml:1011(para)
20934
20933
msgid ""
20935
20934
"You can use the postconf command to add the necessary configuration to "
20936
20935
"<filename>/etc/postfix/main.cf</filename>:"
20937
20936
msgstr ""
20938
20937
20939
#: serverguide/C/mail.xml:956(command)
20938
#: serverguide/C/mail.xml:1015(command)
20940
20939
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20941
20940
msgstr ""
20942
20941
20943
#: serverguide/C/mail.xml:957(command)
20942
#: serverguide/C/mail.xml:1016(command)
20944
20943
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20945
20944
msgstr ""
20946
20945
20947
#: serverguide/C/mail.xml:958(command)
20946
#: serverguide/C/mail.xml:1017(command)
20948
20947
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20949
20948
msgstr ""
20950
20949
20951
#: serverguide/C/mail.xml:960(para)
20950
#: serverguide/C/mail.xml:1019(para)
20952
20951
msgid ""
20953
20952
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
20954
20953
"the following transport:"
20955
20954
msgstr ""
20956
20955
20957
#: serverguide/C/mail.xml:963(programlisting)
20956
#: serverguide/C/mail.xml:1022(programlisting)
20958
20957
#, no-wrap
20959
20958
msgid ""
20960
20959
"\n"
20963
20962
" ${nexthop} ${user}\n"
20964
20963
msgstr ""
20965
20964
20966
#: serverguide/C/mail.xml:968(para)
20965
#: serverguide/C/mail.xml:1027(para)
20967
20966
msgid ""
20968
20967
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
20969
20968
"is delivered to a list."
20970
20969
msgstr ""
20971
20970
20972
#: serverguide/C/mail.xml:971(para)
20971
#: serverguide/C/mail.xml:1030(para)
20973
20972
msgid ""
20974
20973
"Associate the domain lists.example.com to the Mailman transport with the "
20975
20974
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
20976
20975
msgstr ""
20977
20976
20978
#: serverguide/C/mail.xml:974(programlisting)
20977
#: serverguide/C/mail.xml:1033(programlisting)
20979
20978
#, no-wrap
20980
20979
msgid ""
20981
20980
"\n"
20982
20981
"lists.example.com mailman:\n"
20983
20982
msgstr ""
20984
20983
20985
#: serverguide/C/mail.xml:977(para)
20984
#: serverguide/C/mail.xml:1036(para)
20986
20985
msgid ""
20987
20986
"Now have <application>Postfix</application> build the transport map by "
20988
20987
"entering the following from a terminal prompt:"
20989
20988
msgstr ""
20990
20989
20991
#: serverguide/C/mail.xml:981(command)
20990
#: serverguide/C/mail.xml:1040(command)
20992
20991
msgid "sudo postmap -v /etc/postfix/transport"
20993
20992
msgstr ""
20994
20993
20995
#: serverguide/C/mail.xml:983(para)
20994
#: serverguide/C/mail.xml:1042(para)
20996
20995
msgid "Then restart Postfix to enable the new configurations:"
20997
20996
msgstr ""
20998
20997
20999
#: serverguide/C/mail.xml:992(para)
20998
#: serverguide/C/mail.xml:1051(para)
21000
20999
msgid ""
21001
21000
"Once Exim4 is installed, you can start the Exim server using the following "
21002
21001
"command from a terminal prompt:"
21003
21002
msgstr ""
21004
21003
21005
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21004
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21006
21005
msgid "Main"
21007
21006
msgstr ""
21008
21007
21009
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21008
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21010
21009
msgid "Transport"
21011
21010
msgstr ""
21012
21011
21013
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21012
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21014
21013
msgid "Router"
21015
21014
msgstr ""
21016
21015
21017
#: serverguide/C/mail.xml:999(para)
21016
#: serverguide/C/mail.xml:1058(para)
21018
21017
msgid ""
21019
21018
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21020
21019
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21026
21025
"is very important."
21027
21026
msgstr ""
21028
21027
21029
#: serverguide/C/mail.xml:1030(programlisting)
21028
#: serverguide/C/mail.xml:1089(programlisting)
21030
21029
#, no-wrap
21031
21030
msgid ""
21032
21031
"\n"
21060
21059
"# end\n"
21061
21060
msgstr ""
21062
21061
21063
#: serverguide/C/mail.xml:1024(para)
21062
#: serverguide/C/mail.xml:1083(para)
21064
21063
msgid ""
21065
21064
"All the configuration files belonging to the main type are stored in the "
21066
21065
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
21068
21067
"config_mailman</filename>: <placeholder-1/>"
21069
21068
msgstr ""
21070
21069
21071
#: serverguide/C/mail.xml:1070(programlisting)
21070
#: serverguide/C/mail.xml:1129(programlisting)
21072
21071
#, no-wrap
21073
21072
msgid ""
21074
21073
"\n"
21086
21085
" group = MM_GID\n"
21087
21086
msgstr ""
21088
21087
21089
#: serverguide/C/mail.xml:1064(para)
21088
#: serverguide/C/mail.xml:1123(para)
21090
21089
msgid ""
21091
21090
"All the configuration files belonging to transport type are stored in the "
21092
21091
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
21094
21093
"config_mailman</filename>: <placeholder-1/>"
21095
21094
msgstr ""
21096
21095
21097
#: serverguide/C/mail.xml:1091(programlisting)
21096
#: serverguide/C/mail.xml:1150(programlisting)
21098
21097
#, no-wrap
21099
21098
msgid ""
21100
21099
"\n"
21108
21107
" transport = mailman_transport\n"
21109
21108
msgstr ""
21110
21109
21111
#: serverguide/C/mail.xml:1087(para)
21110
#: serverguide/C/mail.xml:1146(para)
21112
21111
msgid ""
21113
21112
"All the configuration files belonging to router type are stored in the "
21114
21113
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
21116
21115
"config_mailman</filename>: <placeholder-1/>"
21117
21116
msgstr ""
21118
21117
21119
#: serverguide/C/mail.xml:1104(para)
21118
#: serverguide/C/mail.xml:1163(para)
21120
21119
msgid ""
21121
21120
"The order of main and transport configuration files can be in any order. "
21122
21121
"But, the order of router configuration files must be the same. This "
21126
21125
"details, please refer to the references section."
21127
21126
msgstr ""
21128
21127
21129
#: serverguide/C/mail.xml:1117(para)
21128
#: serverguide/C/mail.xml:1176(para)
21130
21129
msgid ""
21131
21130
"Once mailman is installed, you can run it using the following command:"
21132
21131
msgstr ""
21135
21134
msgid "sudo service mailman start"
21136
21135
msgstr ""
21137
21136
21138
#: serverguide/C/mail.xml:1123(para)
21137
#: serverguide/C/mail.xml:1182(para)
21139
21138
msgid ""
21140
21139
"Once mailman is installed, you should create the default mailing list. Run "
21141
21140
"the following command to create the mailing list:"
21142
21141
msgstr ""
21143
21142
21144
#: serverguide/C/mail.xml:1129(command)
21143
#: serverguide/C/mail.xml:1188(command)
21145
21144
msgid "sudo /usr/sbin/newlist mailman"
21146
21145
msgstr ""
21147
21146
21148
#: serverguide/C/mail.xml:1132(programlisting)
21147
#: serverguide/C/mail.xml:1191(programlisting)
21149
21148
#, no-wrap
21150
21149
msgid ""
21151
21150
"\n"
21176
21175
" # \n"
21177
21176
msgstr ""
21178
21177
21179
#: serverguide/C/mail.xml:1155(para)
21178
#: serverguide/C/mail.xml:1214(para)
21180
21179
msgid ""
21181
21180
"We have configured either Postfix or Exim4 to recognize all emails from "
21182
21181
"mailman. So, it is not mandatory to make any new entries in "
21185
21184
"continuing to next section."
21186
21185
msgstr ""
21187
21186
21188
#: serverguide/C/mail.xml:1163(para)
21187
#: serverguide/C/mail.xml:1222(para)
21189
21188
msgid ""
21190
21189
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
21191
21190
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
21193
21192
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
21194
21193
msgstr ""
21195
21194
21196
#: serverguide/C/mail.xml:1174(title)
21195
#: serverguide/C/mail.xml:1233(title)
21197
21196
msgid "Administration"
21198
21197
msgstr "Administracion"
21199
21198
21200
#: serverguide/C/mail.xml:1175(para)
21199
#: serverguide/C/mail.xml:1234(para)
21201
21200
msgid ""
21202
21201
"We assume you have a default installation. The mailman cgi scripts are still "
21203
21202
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
21205
21204
"point your browser to the following url:"
21206
21205
msgstr ""
21207
21206
21208
#: serverguide/C/mail.xml:1183(para)
21207
#: serverguide/C/mail.xml:1242(para)
21209
21208
msgid "http://hostname/cgi-bin/mailman/admin"
21210
21209
msgstr ""
21211
21210
21212
#: serverguide/C/mail.xml:1187(para)
21211
#: serverguide/C/mail.xml:1246(para)
21213
21212
msgid ""
21214
21213
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21215
21214
"screen. If you click the mailing list name, it will ask for your "
21220
21219
"mailing list using the web interface."
21221
21220
msgstr ""
21222
21221
21223
#: serverguide/C/mail.xml:1200(title)
21222
#: serverguide/C/mail.xml:1259(title)
21224
21223
msgid "Users"
21225
21224
msgstr "Utilizaires"
21226
21225
21227
#: serverguide/C/mail.xml:1201(para)
21226
#: serverguide/C/mail.xml:1260(para)
21228
21227
msgid ""
21229
21228
"Mailman provides a web based interface for users. To access this page, point "
21230
21229
"your browser to the following url:"
21231
21230
msgstr ""
21232
21231
21233
#: serverguide/C/mail.xml:1206(para)
21232
#: serverguide/C/mail.xml:1265(para)
21234
21233
msgid "http://hostname/cgi-bin/mailman/listinfo"
21235
21234
msgstr ""
21236
21235
21237
#: serverguide/C/mail.xml:1210(para)
21236
#: serverguide/C/mail.xml:1269(para)
21238
21237
msgid ""
21239
21238
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
21240
21239
"screen. If you click the mailing list name, it will display the subscription "
21243
21242
"instructions in the email to subscribe."
21244
21243
msgstr ""
21245
21244
21246
#: serverguide/C/mail.xml:1222(ulink)
21245
#: serverguide/C/mail.xml:1281(ulink)
21247
21246
msgid "GNU Mailman - Installation Manual"
21248
21247
msgstr ""
21249
21248
21250
#: serverguide/C/mail.xml:1226(ulink)
21249
#: serverguide/C/mail.xml:1285(ulink)
21251
21250
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
21252
21251
msgstr ""
21253
21252
21254
#: serverguide/C/mail.xml:1229(para)
21253
#: serverguide/C/mail.xml:1288(para)
21255
21254
msgid ""
21256
21255
"Also, see the <ulink "
21257
21256
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
21258
21257
"Wiki</ulink> page."
21259
21258
msgstr ""
21260
21259
21261
#: serverguide/C/mail.xml:1235(title)
21260
#: serverguide/C/mail.xml:1294(title)
21262
21261
msgid "Mail Filtering"
21263
21262
msgstr ""
21264
21263
21265
#: serverguide/C/mail.xml:1236(para)
21264
#: serverguide/C/mail.xml:1295(para)
21266
21265
msgid ""
21267
21266
"One of the largest issues with email today is the problem of Unsolicited "
21268
21267
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
21270
21269
"the bulk of all email traffic on the Internet."
21271
21270
msgstr ""
21272
21271
21273
#: serverguide/C/mail.xml:1241(para)
21272
#: serverguide/C/mail.xml:1300(para)
21274
21273
msgid ""
21275
21274
"This section will cover integrating <application>Amavisd-new</application>, "
21276
21275
"<application>Spamassassin</application>, and "
21284
21283
"spf</application>."
21285
21284
msgstr ""
21286
21285
21287
#: serverguide/C/mail.xml:1251(para)
21286
#: serverguide/C/mail.xml:1310(para)
21288
21287
msgid ""
21289
21288
"<application>Amavisd-new</application> is a wrapper program that can call "
21290
21289
"any number of content filtering programs for spam detection, antivirus, etc."
21291
21290
msgstr ""
21292
21291
21293
#: serverguide/C/mail.xml:1257(para)
21292
#: serverguide/C/mail.xml:1316(para)
21294
21293
msgid ""
21295
21294
"<application>Spamassassin</application> uses a variety of mechanisms to "
21296
21295
"filter email based on the message content."
21297
21296
msgstr ""
21298
21297
21299
#: serverguide/C/mail.xml:1262(para)
21298
#: serverguide/C/mail.xml:1321(para)
21300
21299
msgid ""
21301
21300
"<application>ClamAV</application> is an open source antivirus application."
21302
21301
msgstr ""
21303
21302
21304
#: serverguide/C/mail.xml:1267(para)
21303
#: serverguide/C/mail.xml:1326(para)
21305
21304
msgid ""
21306
21305
"<application>opendkim</application> implements a Sendmail Mail Filter "
21307
21306
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21308
21307
msgstr ""
21309
21308
21310
#: serverguide/C/mail.xml:1273(para)
21309
#: serverguide/C/mail.xml:1332(para)
21311
21310
msgid ""
21312
21311
"<application>python-policyd-spf</application> enables Sender Policy "
21313
21312
"Framework (SPF) checking with <application>Postfix</application>."
21314
21313
msgstr ""
21315
21314
21316
#: serverguide/C/mail.xml:1278(para)
21315
#: serverguide/C/mail.xml:1337(para)
21317
21316
msgid "This is how the pieces fit together:"
21318
21317
msgstr ""
21319
21318
21320
#: serverguide/C/mail.xml:1283(para)
21319
#: serverguide/C/mail.xml:1342(para)
21321
21320
msgid "An email message is accepted by <application>Postfix</application>."
21322
21321
msgstr ""
21323
21322
21324
#: serverguide/C/mail.xml:1288(para)
21323
#: serverguide/C/mail.xml:1347(para)
21325
21324
msgid ""
21326
21325
"The message is passed through any external filters "
21327
21326
"<application>opendkim</application> and <application>python-policyd-"
21328
21327
"spf</application> in this case."
21329
21328
msgstr ""
21330
21329
21331
#: serverguide/C/mail.xml:1294(para)
21330
#: serverguide/C/mail.xml:1353(para)
21332
21331
msgid "<application>Amavisd-new</application> then processes the message."
21333
21332
msgstr ""
21334
21333
21335
#: serverguide/C/mail.xml:1299(para)
21334
#: serverguide/C/mail.xml:1358(para)
21336
21335
msgid ""
21337
21336
"<application>ClamAV</application> is used to scan the message. If the "
21338
21337
"message contains a virus <application>Postfix</application> will reject the "
21339
21338
"message."
21340
21339
msgstr ""
21341
21340
21342
#: serverguide/C/mail.xml:1305(para)
21341
#: serverguide/C/mail.xml:1364(para)
21343
21342
msgid ""
21344
21343
"Clean messages will then be analyzed by "
21345
21344
"<application>Spamassassin</application> to find out if the message is spam. "
21348
21347
"message."
21349
21348
msgstr ""
21350
21349
21351
#: serverguide/C/mail.xml:1312(para)
21350
#: serverguide/C/mail.xml:1371(para)
21352
21351
msgid ""
21353
21352
"For example, if a message has a Spam score of over fifty the message could "
21354
21353
"be automatically dropped from the queue without the recipient ever having to "
21357
21356
"see fit."
21358
21357
msgstr ""
21359
21358
21360
#: serverguide/C/mail.xml:1319(para)
21359
#: serverguide/C/mail.xml:1378(para)
21361
21360
msgid ""
21362
21361
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21363
21362
"configuring Postfix."
21364
21363
msgstr ""
21365
21364
21366
#: serverguide/C/mail.xml:1322(para)
21365
#: serverguide/C/mail.xml:1381(para)
21367
21366
msgid ""
21368
21367
"To install the rest of the applications enter the following from a terminal "
21369
21368
"prompt:"
21370
21369
msgstr ""
21371
21370
21372
#: serverguide/C/mail.xml:1326(command)
21371
#: serverguide/C/mail.xml:1385(command)
21373
21372
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21374
21373
msgstr ""
21375
21374
21376
#: serverguide/C/mail.xml:1327(command)
21375
#: serverguide/C/mail.xml:1386(command)
21377
21376
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21378
21377
msgstr ""
21379
21378
21380
#: serverguide/C/mail.xml:1329(para)
21379
#: serverguide/C/mail.xml:1388(para)
21381
21380
msgid ""
21382
21381
"There are some optional packages that integrate with "
21383
21382
"<application>Spamassassin</application> for better spam detection:"
21384
21383
msgstr ""
21385
21384
21386
#: serverguide/C/mail.xml:1333(command)
21385
#: serverguide/C/mail.xml:1392(command)
21387
21386
msgid "sudo apt-get install pyzor razor"
21388
21387
msgstr ""
21389
21388
21390
#: serverguide/C/mail.xml:1335(para)
21389
#: serverguide/C/mail.xml:1394(para)
21391
21390
msgid ""
21392
21391
"Along with the main filtering applications compression utilities are needed "
21393
21392
"to process some email attachments:"
21394
21393
msgstr ""
21395
21394
21396
#: serverguide/C/mail.xml:1339(command)
21395
#: serverguide/C/mail.xml:1398(command)
21397
21396
msgid ""
21398
21397
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21399
21398
msgstr ""
21400
21399
21401
#: serverguide/C/mail.xml:1342(para)
21400
#: serverguide/C/mail.xml:1401(para)
21402
21401
msgid ""
21403
21402
"If some packages are not found, check that the "
21404
21403
"<emphasis>multiverse</emphasis> repository is enabled in "
21405
21404
"<filename>/etc/apt/sources.list</filename>"
21406
21405
msgstr ""
21407
21406
21408
#: serverguide/C/mail.xml:1343(para)
21407
#: serverguide/C/mail.xml:1402(para)
21409
21408
msgid ""
21410
21409
"If you make changes to the file, be sure to run <command>sudo apt-get "
21411
21410
"update</command> before trying to install again."
21412
21411
msgstr ""
21413
21412
21414
#: serverguide/C/mail.xml:1348(para)
21413
#: serverguide/C/mail.xml:1407(para)
21415
21414
msgid "Now configure everything to work together and filter email."
21416
21415
msgstr ""
21417
21416
21418
#: serverguide/C/mail.xml:1352(title)
21417
#: serverguide/C/mail.xml:1411(title)
21419
21418
msgid "ClamAV"
21420
21419
msgstr ""
21421
21420
21422
#: serverguide/C/mail.xml:1353(para)
21421
#: serverguide/C/mail.xml:1412(para)
21423
21422
msgid ""
21424
21423
"The default behaviour of <application>ClamAV</application> will fit our "
21425
21424
"needs. For more ClamAV configuration options, check the configuration files "
21426
21425
"in <filename>/etc/clamav</filename>."
21427
21426
msgstr ""
21428
21427
21429
#: serverguide/C/mail.xml:1358(para)
21428
#: serverguide/C/mail.xml:1417(para)
21430
21429
msgid ""
21431
21430
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21432
21431
"group in order for <application>Amavisd-new</application> to have the "
21433
21432
"appropriate access to scan files:"
21434
21433
msgstr ""
21435
21434
21436
#: serverguide/C/mail.xml:1363(command)
21435
#: serverguide/C/mail.xml:1422(command)
21437
21436
msgid "sudo adduser clamav amavis"
21438
21437
msgstr ""
21439
21438
21440
#: serverguide/C/mail.xml:1364(command)
21439
#: serverguide/C/mail.xml:1423(command)
21441
21440
msgid "sudo adduser amavis clamav"
21442
21441
msgstr ""
21443
21442
21444
#: serverguide/C/mail.xml:1368(title)
21443
#: serverguide/C/mail.xml:1427(title)
21445
21444
msgid "Spamassassin"
21446
21445
msgstr ""
21447
21446
21448
#: serverguide/C/mail.xml:1369(para)
21447
#: serverguide/C/mail.xml:1428(para)
21449
21448
msgid ""
21450
21449
"Spamassassin automatically detects optional components and will use them if "
21451
21450
"they are present. This means that there is no need to configure "
21452
21451
"<application>pyzor</application> and <application>razor</application>."
21453
21452
msgstr ""
21454
21453
21455
#: serverguide/C/mail.xml:1373(para)
21454
#: serverguide/C/mail.xml:1432(para)
21456
21455
msgid ""
21457
21456
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21458
21457
"<application>Spamassassin</application> daemon. Change "
21459
21458
"<emphasis>ENABLED=0</emphasis> to:"
21460
21459
msgstr ""
21461
21460
21462
#: serverguide/C/mail.xml:1377(programlisting)
21461
#: serverguide/C/mail.xml:1436(programlisting)
21463
21462
#, no-wrap
21464
21463
msgid ""
21465
21464
"\n"
21466
21465
"ENABLED=1\n"
21467
21466
msgstr ""
21468
21467
21469
#: serverguide/C/mail.xml:1380(para)
21468
#: serverguide/C/mail.xml:1439(para)
21470
21469
msgid "Now start the daemon:"
21471
21470
msgstr ""
21472
21471
21474
21473
msgid "sudo service spamassassin start"
21475
21474
msgstr ""
21476
21475
21477
#: serverguide/C/mail.xml:1388(title)
21476
#: serverguide/C/mail.xml:1447(title)
21478
21477
msgid "Amavisd-new"
21479
21478
msgstr ""
21480
21479
21481
#: serverguide/C/mail.xml:1389(para)
21480
#: serverguide/C/mail.xml:1448(para)
21482
21481
msgid ""
21483
21482
"First activate spam and antivirus detection in <application>Amavisd-"
21484
21483
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
21485
21484
"content_filter_mode</filename>:"
21486
21485
msgstr ""
21487
21486
21488
#: serverguide/C/mail.xml:1393(programlisting)
21487
#: serverguide/C/mail.xml:1452(programlisting)
21489
21488
#, no-wrap
21490
21489
msgid ""
21491
21490
"\n"
21516
21515
"1; # insure a defined return\n"
21517
21516
msgstr ""
21518
21517
21519
#: serverguide/C/mail.xml:1419(para)
21518
#: serverguide/C/mail.xml:1477(para)
21520
21519
msgid ""
21521
21520
"Bouncing spam can be a bad idea as the return address is often faked. The "
21522
21521
"default behaviour is to instead discard. This is configured in "
21525
21524
"D_BOUNCE."
21526
21525
msgstr ""
21527
21526
21528
#: serverguide/C/mail.xml:1425(para)
21527
#: serverguide/C/mail.xml:1483(para)
21529
21528
msgid ""
21530
21529
"Additionally, you may want to adjust the following options to flag more "
21531
21530
"messages as spam:"
21532
21531
msgstr ""
21533
21532
21534
#: serverguide/C/mail.xml:1429(programlisting)
21533
#: serverguide/C/mail.xml:1487(programlisting)
21535
21534
#, no-wrap
21536
21535
msgid ""
21537
21536
"\n"
21542
21541
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
21543
21542
msgstr ""
21544
21543
21545
#: serverguide/C/mail.xml:1436(para)
21544
#: serverguide/C/mail.xml:1494(para)
21546
21545
msgid ""
21547
21546
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
21548
21547
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
21551
21550
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
21552
21551
msgstr ""
21553
21552
21554
#: serverguide/C/mail.xml:1443(programlisting)
21553
#: serverguide/C/mail.xml:1501(programlisting)
21555
21554
#, no-wrap
21556
21555
msgid ""
21557
21556
"\n"
21559
21558
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
21560
21559
msgstr ""
21561
21560
21562
#: serverguide/C/mail.xml:1448(para)
21561
#: serverguide/C/mail.xml:1506(para)
21563
21562
msgid ""
21564
21563
"If you want to cover multiple domains you can use the following in "
21565
21564
"the<filename>/etc/amavis/conf.d/50-user</filename>"
21566
21565
msgstr ""
21567
21566
21568
#: serverguide/C/mail.xml:1451(programlisting)
21567
#: serverguide/C/mail.xml:1509(programlisting)
21569
21568
#, no-wrap
21570
21569
msgid ""
21571
21570
"\n"
21572
21571
"@local_domains_acl = qw(.);\n"
21573
21572
msgstr ""
21574
21573
21575
#: serverguide/C/mail.xml:1455(para)
21574
#: serverguide/C/mail.xml:1513(para)
21576
21575
msgid ""
21577
21576
"After configuration <application>Amavisd-new</application> needs to be "
21578
21577
"restarted:"
21582
21581
msgid "sudo service amavis restart"
21583
21582
msgstr ""
21584
21583
21585
#: serverguide/C/mail.xml:1462(title)
21584
#: serverguide/C/mail.xml:1520(title)
21586
21585
msgid "DKIM Whitelist"
21587
21586
msgstr ""
21588
21587
21589
#: serverguide/C/mail.xml:1464(para)
21588
#: serverguide/C/mail.xml:1522(para)
21590
21589
msgid ""
21591
21590
"<application>Amavisd-new</application> can be configured to automatically "
21592
21591
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
21594
21593
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21595
21594
msgstr ""
21596
21595
21597
#: serverguide/C/mail.xml:1470(para)
21596
#: serverguide/C/mail.xml:1528(para)
21598
21597
msgid "There are multiple ways to configure the Whitelist for a domain:"
21599
21598
msgstr ""
21600
21599
21601
#: serverguide/C/mail.xml:1476(para)
21600
#: serverguide/C/mail.xml:1534(para)
21602
21601
msgid ""
21603
21602
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21604
21603
"address from the \"example.com\" domain."
21605
21604
msgstr ""
21606
21605
21607
#: serverguide/C/mail.xml:1481(para)
21606
#: serverguide/C/mail.xml:1539(para)
21608
21607
msgid ""
21609
21608
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21610
21609
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21611
21610
"have a valid signature."
21612
21611
msgstr ""
21613
21612
21614
#: serverguide/C/mail.xml:1487(para)
21613
#: serverguide/C/mail.xml:1545(para)
21615
21614
msgid ""
21616
21615
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21617
21616
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21618
21617
"role=\"italic\">example.com</emphasis> the parent domain."
21619
21618
msgstr ""
21620
21619
21621
#: serverguide/C/mail.xml:1493(para)
21620
#: serverguide/C/mail.xml:1551(para)
21622
21621
msgid ""
21623
21622
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21624
21623
"that have a valid signature from \"example.com\". This is usually used for "
21625
21624
"discussion groups that sign their messages."
21626
21625
msgstr ""
21627
21626
21628
#: serverguide/C/mail.xml:1500(para)
21627
#: serverguide/C/mail.xml:1558(para)
21629
21628
msgid ""
21630
21629
"A domain can also have multiple Whitelist configurations. After editing the "
21631
21630
"file, restart <application>amavisd-new</application>:"
21632
21631
msgstr ""
21633
21632
21634
#: serverguide/C/mail.xml:1510(para)
21633
#: serverguide/C/mail.xml:1568(para)
21635
21634
msgid ""
21636
21635
"In this context, once a domain has been added to the Whitelist the message "
21637
21636
"will not receive any anti-virus or spam filtering. This may or may not be "
21638
21637
"the intended behavior you wish for a domain."
21639
21638
msgstr ""
21640
21639
21641
#: serverguide/C/mail.xml:1520(para)
21640
#: serverguide/C/mail.xml:1578(para)
21642
21641
msgid ""
21643
21642
"For <application>Postfix</application> integration, enter the following from "
21644
21643
"a terminal prompt:"
21645
21644
msgstr ""
21646
21645
21647
#: serverguide/C/mail.xml:1524(command)
21646
#: serverguide/C/mail.xml:1582(command)
21648
21647
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21649
21648
msgstr ""
21650
21649
21651
#: serverguide/C/mail.xml:1526(para)
21650
#: serverguide/C/mail.xml:1584(para)
21652
21651
msgid ""
21653
21652
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21654
21653
"to the end of the file:"
21687
21686
"_milters\n"
21688
21687
msgstr ""
21689
21688
21690
#: serverguide/C/mail.xml:1556(para)
21689
#: serverguide/C/mail.xml:1614(para)
21691
21690
msgid ""
21692
21691
"Also add the following two lines immediately below the "
21693
21692
"<emphasis>\"pickup\"</emphasis> transport service:"
21694
21693
msgstr ""
21695
21694
21696
#: serverguide/C/mail.xml:1559(programlisting)
21695
#: serverguide/C/mail.xml:1617(programlisting)
21697
21696
#, no-wrap
21698
21697
msgid ""
21699
21698
"\n"
21701
21700
" -o receive_override_options=no_header_body_checks\n"
21702
21701
msgstr ""
21703
21702
21704
#: serverguide/C/mail.xml:1563(para)
21703
#: serverguide/C/mail.xml:1621(para)
21705
21704
msgid ""
21706
21705
"This will prevent messages that are generated to report on spam from being "
21707
21706
"classified as spam."
21708
21707
msgstr ""
21709
21708
21710
#: serverguide/C/mail.xml:1566(para)
21709
#: serverguide/C/mail.xml:1624(para)
21711
21710
msgid "Now restart <application>Postfix</application>:"
21712
21711
msgstr ""
21713
21712
21714
#: serverguide/C/mail.xml:1572(para)
21713
#: serverguide/C/mail.xml:1630(para)
21715
21714
msgid "Content filtering with spam and virus detection is now enabled."
21716
21715
msgstr ""
21717
21716
21718
#: serverguide/C/mail.xml:1578(title)
21717
#: serverguide/C/mail.xml:1636(title)
21719
21718
msgid "Amavisd-new and Spamassassin"
21720
21719
msgstr ""
21721
21720
21722
#: serverguide/C/mail.xml:1580(para)
21721
#: serverguide/C/mail.xml:1638(para)
21723
21722
msgid ""
21724
21723
"When integrating <application>Amavisd-new</application> with "
21725
21724
"<application>Spamassassin</application>, if you choose to disable the bayes "
21730
21729
"<application>cron</application> job."
21731
21730
msgstr ""
21732
21731
21733
#: serverguide/C/mail.xml:1587(para)
21732
#: serverguide/C/mail.xml:1645(para)
21734
21733
msgid "There are several ways to handle this situation:"
21735
21734
msgstr ""
21736
21735
21737
#: serverguide/C/mail.xml:1593(para)
21736
#: serverguide/C/mail.xml:1651(para)
21738
21737
msgid "Configure your MDA to filter messages you do not wish to see."
21739
21738
msgstr ""
21740
21739
21741
#: serverguide/C/mail.xml:1598(para)
21740
#: serverguide/C/mail.xml:1656(para)
21742
21741
msgid ""
21743
21742
"Change <filename>/usr/sbin/amavisd-new-cronjob</filename> to check for "
21744
21743
"<emphasis>use_bayes 0</emphasis>. For example, edit "
21746
21745
"the top before the <emphasis>test</emphasis> statements:"
21747
21746
msgstr ""
21748
21747
21749
#: serverguide/C/mail.xml:1602(programlisting)
21748
#: serverguide/C/mail.xml:1660(programlisting)
21750
21749
#, no-wrap
21751
21750
msgid ""
21752
21751
"\n"
21754
21753
"exit 0\n"
21755
21754
msgstr ""
21756
21755
21757
#: serverguide/C/mail.xml:1612(para)
21756
#: serverguide/C/mail.xml:1670(para)
21758
21757
msgid ""
21759
21758
"First, test that the <application>Amavisd-new</application> SMTP is "
21760
21759
"listening:"
21761
21760
msgstr ""
21762
21761
21763
#: serverguide/C/mail.xml:1615(programlisting)
21762
#: serverguide/C/mail.xml:1673(programlisting)
21764
21763
#, no-wrap
21765
21764
msgid ""
21766
21765
"\n"
21772
21771
"^]\n"
21773
21772
msgstr ""
21774
21773
21775
#: serverguide/C/mail.xml:1623(para)
21774
#: serverguide/C/mail.xml:1681(para)
21776
21775
msgid ""
21777
21776
"In the Header of messages that go through the content filter you should see:"
21778
21777
msgstr ""
21779
21778
21780
#: serverguide/C/mail.xml:1626(programlisting)
21779
#: serverguide/C/mail.xml:1684(programlisting)
21781
21780
#, no-wrap
21782
21781
msgid ""
21783
21782
"\n"
21788
21787
"X-Spam-Level: \n"
21789
21788
msgstr ""
21790
21789
21791
#: serverguide/C/mail.xml:1633(para)
21790
#: serverguide/C/mail.xml:1691(para)
21792
21791
msgid ""
21793
21792
"Your output will vary, but the important thing is that there are <emphasis>X-"
21794
21793
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
21795
21794
msgstr ""
21796
21795
21797
#: serverguide/C/mail.xml:1641(para)
21796
#: serverguide/C/mail.xml:1699(para)
21798
21797
msgid ""
21799
21798
"The best way to figure out why something is going wrong is to check the log "
21800
21799
"files."
21801
21800
msgstr ""
21802
21801
21803
#: serverguide/C/mail.xml:1646(para)
21802
#: serverguide/C/mail.xml:1704(para)
21804
21803
msgid ""
21805
21804
"For instructions on <application>Postfix</application> logging see the <xref "
21806
21805
"linkend=\"postfix-troubleshooting\"/> section."
21807
21806
msgstr ""
21808
21807
21809
#: serverguide/C/mail.xml:1652(para)
21808
#: serverguide/C/mail.xml:1710(para)
21810
21809
msgid ""
21811
21810
"<application>Amavisd-new</application> uses "
21812
21811
"<application>Syslog</application> to send messages to "
21816
21815
"1 to 5."
21817
21816
msgstr ""
21818
21817
21819
#: serverguide/C/mail.xml:1657(programlisting)
21818
#: serverguide/C/mail.xml:1715(programlisting)
21820
21819
#, no-wrap
21821
21820
msgid ""
21822
21821
"\n"
21823
21822
"$log_level = 2;\n"
21824
21823
msgstr ""
21825
21824
21826
#: serverguide/C/mail.xml:1661(para)
21825
#: serverguide/C/mail.xml:1719(para)
21827
21826
msgid ""
21828
21827
"When the <application>Amavisd-new</application> log output is increased "
21829
21828
"<application>Spamassassin</application> log output is also increased."
21830
21829
msgstr ""
21831
21830
21832
#: serverguide/C/mail.xml:1668(para)
21831
#: serverguide/C/mail.xml:1726(para)
21833
21832
msgid ""
21834
21833
"The <application>ClamAV</application> log level can be increased by editing "
21835
21834
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
21836
21835
msgstr ""
21837
21836
21838
#: serverguide/C/mail.xml:1672(programlisting)
21837
#: serverguide/C/mail.xml:1730(programlisting)
21839
21838
#, no-wrap
21840
21839
msgid ""
21841
21840
"\n"
21842
21841
"LogVerbose true\n"
21843
21842
msgstr ""
21844
21843
21845
#: serverguide/C/mail.xml:1675(para)
21844
#: serverguide/C/mail.xml:1733(para)
21846
21845
msgid ""
21847
21846
"By default <application>ClamAV</application> will send log messages to "
21848
21847
"<filename>/var/log/clamav/clamav.log</filename>."
21849
21848
msgstr ""
21850
21849
21851
#: serverguide/C/mail.xml:1681(para)
21850
#: serverguide/C/mail.xml:1739(para)
21852
21851
msgid ""
21853
21852
"After changing an applications log settings remember to restart the service "
21854
21853
"for the new settings to take affect. Also, once the issue you are "
21856
21855
"back to normal."
21857
21856
msgstr ""
21858
21857
21859
#: serverguide/C/mail.xml:1689(para)
21858
#: serverguide/C/mail.xml:1747(para)
21860
21859
msgid "For more information on filtering mail see the following links:"
21861
21860
msgstr ""
21862
21861
21863
#: serverguide/C/mail.xml:1695(ulink)
21862
#: serverguide/C/mail.xml:1753(ulink)
21864
21863
msgid "Amavisd-new Documentation"
21865
21864
msgstr ""
21866
21865
21867
#: serverguide/C/mail.xml:1699(para)
21866
#: serverguide/C/mail.xml:1757(para)
21868
21867
msgid ""
21869
21868
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21870
21869
"Documentation</ulink> and <ulink "
21871
21870
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21872
21871
msgstr ""
21873
21872
21874
#: serverguide/C/mail.xml:1706(ulink)
21873
#: serverguide/C/mail.xml:1764(ulink)
21875
21874
msgid "Spamassassin Wiki"
21876
21875
msgstr ""
21877
21876
21878
#: serverguide/C/mail.xml:1711(ulink)
21877
#: serverguide/C/mail.xml:1769(ulink)
21879
21878
msgid "Pyzor Homepage"
21880
21879
msgstr ""
21881
21880
21882
#: serverguide/C/mail.xml:1716(ulink)
21881
#: serverguide/C/mail.xml:1774(ulink)
21883
21882
msgid "Razor Homepage"
21884
21883
msgstr ""
21885
21884
21886
#: serverguide/C/mail.xml:1721(ulink)
21885
#: serverguide/C/mail.xml:1779(ulink)
21887
21886
msgid "DKIM.org"
21888
21887
msgstr ""
21889
21888
21890
#: serverguide/C/mail.xml:1726(ulink)
21889
#: serverguide/C/mail.xml:1784(ulink)
21891
21890
msgid "Postfix Amavis New"
21892
21891
msgstr ""
21893
21892
21894
#: serverguide/C/mail.xml:1730(para)
21893
#: serverguide/C/mail.xml:1788(para)
21895
21894
msgid ""
21896
21895
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21897
21896
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
21996
21995
21997
21996
#: serverguide/C/lamp-applications.xml:104(para)
21998
21997
msgid ""
21999
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
21998
"MoinMoin is a wiki engine implemented in Python, based on the PikiPiki Wiki "
22000
21999
"engine, and licensed under the GNU GPL."
22001
22000
msgstr ""
22002
22001
22013
22012
#: serverguide/C/lamp-applications.xml:121(para)
22014
22013
msgid ""
22015
22014
"You should also install <application>apache2</application> web server. For "
22016
"installing <application>apache2</application> web server, please refer to "
22017
"<xref linkend=\"http-installation\"/> sub-section in <xref "
22015
"installing the <application>apache2</application> web server, please refer "
22016
"to <xref linkend=\"http-installation\"/> sub-section in <xref "
22018
22017
"linkend=\"httpd\"/> section."
22019
22018
msgstr ""
22020
22019
22021
22020
#: serverguide/C/lamp-applications.xml:132(para)
22022
22021
msgid ""
22023
"For configuring your first Wiki application, please run the following set of "
22024
"commands. Let us assume that you are creating a Wiki named "
22022
"To configure your first wiki application, please run the following set of "
22023
"commands. Let us assume that you are creating a wiki named "
22025
22024
"<emphasis>mywiki</emphasis>:"
22026
22025
msgstr ""
22027
22026
22060
22059
#: serverguide/C/lamp-applications.xml:149(para)
22061
22060
msgid ""
22062
22061
"Now you should configure <application>MoinMoin</application> to find your "
22063
"new Wiki <emphasis>mywiki</emphasis>. To configure "
22062
"new wiki <emphasis>mywiki</emphasis>. To configure "
22064
22063
"<application>MoinMoin</application>, open "
22065
22064
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
22066
22065
msgstr ""
22094
22093
22095
22094
#: serverguide/C/lamp-applications.xml:174(para)
22096
22095
msgid ""
22097
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
22096
"If the <filename>/etc/moin/mywiki.py</filename> file does not exist, you "
22098
22097
"should copy <filename>/usr/share/moin/config/wikifarm/mywiki.py</filename> "
22099
22098
"file to <filename>/etc/moin/mywiki.py</filename> file and do the above "
22100
22099
"mentioned change."
22102
22101
22103
22102
#: serverguide/C/lamp-applications.xml:182(para)
22104
22103
msgid ""
22105
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
22104
"If you have named your wiki as <emphasis>my_wiki_name</emphasis> you should "
22106
22105
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
22107
22106
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
22108
22107
"<quote>(\"mywiki\", r\".*\")</quote>."
22111
22110
#: serverguide/C/lamp-applications.xml:190(para)
22112
22111
msgid ""
22113
22112
"Once you have configured <application>MoinMoin</application> to find your "
22114
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
22115
"<application>apache2</application> and make it ready for your Wiki "
22116
"application."
22113
"first wiki application, <emphasis>mywiki</emphasis>, you should configure "
22114
"<application>apache2</application> and make it ready for your wiki."
22117
22115
msgstr ""
22118
22116
22119
22117
#: serverguide/C/lamp-applications.xml:197(para)
22129
22127
"\n"
22130
22128
"### moin\n"
22131
22129
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
22132
" alias /moin_static193 \"/usr/share/moin/htdocs\"\n"
22130
" alias /moin_static<version> \"/usr/share/moin/htdocs\"\n"
22133
22131
" <Directory /usr/share/moin/htdocs>\n"
22134
22132
" Order allow,deny\n"
22135
22133
" allow from all\n"
22138
22136
msgstr ""
22139
22137
22140
22138
#: serverguide/C/lamp-applications.xml:214(para)
22139
msgid "The version in the above example is determined by running:"
22140
msgstr ""
22141
22142
#: serverguide/C/lamp-applications.xml:218(programlisting)
22143
#, no-wrap
22144
msgid ""
22145
"\n"
22146
"$ moin --version\n"
22147
msgstr ""
22148
22149
#: serverguide/C/lamp-applications.xml:222(para)
22150
msgid "If the output shows version 1.9.7, your second line should be:"
22151
msgstr ""
22152
22153
#: serverguide/C/lamp-applications.xml:226(programlisting)
22154
#, no-wrap
22155
msgid ""
22156
"\n"
22157
"alias /moin_static197 \"/usr/share/moin/htdocs\"\n"
22158
msgstr ""
22159
22160
#: serverguide/C/lamp-applications.xml:230(para)
22141
22161
msgid ""
22142
22162
"Once you configure the <application>apache2</application> web server and "
22143
"make it ready for your Wiki application, you should restart it. You can run "
22163
"make it ready for your wiki application, you should restart it. You can run "
22144
22164
"the following command to restart the <application>apache2</application> web "
22145
22165
"server:"
22146
22166
msgstr ""
22147
22167
22148
#: serverguide/C/lamp-applications.xml:227(title) serverguide/C/installation.xml:1242(title)
22168
#: serverguide/C/lamp-applications.xml:243(title) serverguide/C/installation.xml:1315(title)
22149
22169
msgid "Verification"
22150
22170
msgstr ""
22151
22171
22152
#: serverguide/C/lamp-applications.xml:229(para)
22172
#: serverguide/C/lamp-applications.xml:245(para)
22153
22173
msgid ""
22154
22174
"You can verify the Wiki application and see if it works by pointing your web "
22155
22175
"browser to the following URL:"
22156
22176
msgstr ""
22157
22177
22158
#: serverguide/C/lamp-applications.xml:233(programlisting)
22178
#: serverguide/C/lamp-applications.xml:249(programlisting)
22159
22179
#, no-wrap
22160
22180
msgid ""
22161
22181
"\n"
22162
22182
"http://localhost/mywiki\n"
22163
22183
msgstr ""
22164
22184
22165
#: serverguide/C/lamp-applications.xml:237(para)
22185
#: serverguide/C/lamp-applications.xml:253(para)
22166
22186
msgid ""
22167
22187
"For more details, please refer to the <ulink "
22168
22188
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
22169
22189
msgstr ""
22170
22190
22171
#: serverguide/C/lamp-applications.xml:248(para)
22191
#: serverguide/C/lamp-applications.xml:264(para)
22172
22192
msgid ""
22173
22193
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
22174
22194
"Wiki</ulink>."
22175
22195
msgstr ""
22176
22196
22177
#: serverguide/C/lamp-applications.xml:253(para)
22197
#: serverguide/C/lamp-applications.xml:269(para)
22178
22198
msgid ""
22179
22199
"Also, see the <ulink "
22180
22200
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
22181
22201
"MoinMoin</ulink> page."
22182
22202
msgstr ""
22183
22203
22184
#: serverguide/C/lamp-applications.xml:262(title)
22204
#: serverguide/C/lamp-applications.xml:278(title)
22185
22205
msgid "MediaWiki"
22186
22206
msgstr ""
22187
22207
22188
#: serverguide/C/lamp-applications.xml:264(para)
22208
#: serverguide/C/lamp-applications.xml:280(para)
22189
22209
msgid ""
22190
22210
"MediaWiki is an web based Wiki software written in the PHP language. It can "
22191
22211
"either use <application>MySQL</application> or "
22192
22212
"<application>PostgreSQL</application> Database Management System."
22193
22213
msgstr ""
22194
22214
22195
#: serverguide/C/lamp-applications.xml:274(para)
22215
#: serverguide/C/lamp-applications.xml:290(para)
22196
22216
msgid ""
22197
22217
"Before installing <application>MediaWiki</application> you should also "
22198
22218
"install <application>Apache2</application>, the "
22203
22223
"installation instructions."
22204
22224
msgstr ""
22205
22225
22206
#: serverguide/C/lamp-applications.xml:282(para)
22226
#: serverguide/C/lamp-applications.xml:298(para)
22207
22227
msgid ""
22208
22228
"To install <application>MediaWiki</application>, run the following command "
22209
22229
"in the command prompt:"
22210
22230
msgstr ""
22211
22231
22212
#: serverguide/C/lamp-applications.xml:288(command)
22232
#: serverguide/C/lamp-applications.xml:304(command)
22213
22233
msgid "sudo apt-get install mediawiki php5-gd"
22214
22234
msgstr ""
22215
22235
22216
#: serverguide/C/lamp-applications.xml:291(para)
22236
#: serverguide/C/lamp-applications.xml:307(para)
22217
22237
msgid ""
22218
22238
"For additional <application>MediaWiki</application> functionality see the "
22219
22239
"<application>mediawiki-extensions</application> package."
22220
22240
msgstr ""
22221
22241
22222
#: serverguide/C/lamp-applications.xml:301(para)
22242
#: serverguide/C/lamp-applications.xml:317(para)
22223
22243
msgid ""
22224
22244
"The Apache configuration file <filename>mediawiki.conf</filename> for "
22225
22245
"<application>MediaWiki</application> is installed in "
22228
22248
"file."
22229
22249
msgstr ""
22230
22250
22231
#: serverguide/C/lamp-applications.xml:309(screen)
22251
#: serverguide/C/lamp-applications.xml:324(screen)
22232
22252
#, no-wrap
22233
22253
msgid ""
22234
22254
"\n"
22235
22255
"# Alias /mediawiki /var/lib/mediawiki\n"
22236
22256
msgstr ""
22237
22257
22238
#: serverguide/C/lamp-applications.xml:312(para)
22258
#: serverguide/C/lamp-applications.xml:328(para)
22239
22259
msgid ""
22240
22260
"The <application>MediaWiki</application> configuration also needs to be "
22241
22261
"enabled."
22242
22262
msgstr ""
22243
22263
22244
#: serverguide/C/lamp-applications.xml:316(command)
22264
#: serverguide/C/lamp-applications.xml:332(command)
22245
22265
msgid "sudo a2enconf mediawiki.conf"
22246
22266
msgstr ""
22247
22267
22248
#: serverguide/C/lamp-applications.xml:319(para)
22268
#: serverguide/C/lamp-applications.xml:335(para)
22249
22269
msgid "Restart Apache server."
22250
22270
msgstr ""
22251
22271
22252
#: serverguide/C/lamp-applications.xml:326(para)
22272
#: serverguide/C/lamp-applications.xml:342(para)
22253
22273
msgid ""
22254
22274
"Access <application>MediaWiki</application> by visiting <ulink "
22255
22275
"url=\"http://localhost/mediawiki/mw-"
22259
22279
"config/index.php</ulink> if your server has no GUI.)"
22260
22280
msgstr ""
22261
22281
22262
#: serverguide/C/lamp-applications.xml:334(para)
22282
#: serverguide/C/lamp-applications.xml:350(para)
22263
22283
msgid ""
22264
22284
"Please read the <quote>Environmental checks</quote> section of the "
22265
22285
"configuration page. You should be able to fix many issues by carefully "
22266
22286
"reading this section."
22267
22287
msgstr ""
22268
22288
22269
#: serverguide/C/lamp-applications.xml:330(para)
22289
#: serverguide/C/lamp-applications.xml:357(para)
22270
22290
msgid ""
22271
22291
"Once the configuration is complete, you should copy the "
22272
22292
"<filename>LocalSettings.php</filename> file to "
22273
22293
"<filename>/etc/mediawiki</filename> directory:"
22274
22294
msgstr ""
22275
22295
22276
#: serverguide/C/lamp-applications.xml:337(command)
22296
#: serverguide/C/lamp-applications.xml:364(command)
22277
22297
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22278
22298
msgstr ""
22279
22299
22280
#: serverguide/C/lamp-applications.xml:340(para)
22300
#: serverguide/C/lamp-applications.xml:367(para)
22281
22301
msgid ""
22282
22302
"You may also want to edit "
22283
22303
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22284
22304
"memory limit (disabled by default):"
22285
22305
msgstr ""
22286
22306
22287
#: serverguide/C/lamp-applications.xml:345(programlisting)
22307
#: serverguide/C/lamp-applications.xml:372(programlisting)
22288
22308
#, no-wrap
22289
22309
msgid ""
22290
22310
"\n"
22291
22311
"ini_set( 'memory_limit', '64M' );\n"
22292
22312
msgstr ""
22293
22313
22294
#: serverguide/C/lamp-applications.xml:352(title)
22314
#: serverguide/C/lamp-applications.xml:379(title)
22295
22315
msgid "Extensions"
22296
22316
msgstr ""
22297
22317
22298
#: serverguide/C/lamp-applications.xml:353(para)
22318
#: serverguide/C/lamp-applications.xml:380(para)
22299
22319
msgid ""
22300
22320
"The extensions add new features and enhancements for the MediaWiki "
22301
22321
"application. The extensions give wiki administrators and end users the "
22302
22322
"ability to customize MediaWiki to their requirements."
22303
22323
msgstr ""
22304
22324
22305
#: serverguide/C/lamp-applications.xml:359(para)
22325
#: serverguide/C/lamp-applications.xml:386(para)
22306
22326
msgid ""
22307
22327
"You can download MediaWiki extensions as an archive file or checkout from "
22308
22328
"the Subversion repository. You should copy it to "
22311
22331
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
22312
22332
msgstr ""
22313
22333
22314
#: serverguide/C/lamp-applications.xml:367(programlisting)
22334
#: serverguide/C/lamp-applications.xml:394(programlisting)
22315
22335
#, no-wrap
22316
22336
msgid ""
22317
22337
"\n"
22318
22338
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
22319
22339
msgstr ""
22320
22340
22321
#: serverguide/C/lamp-applications.xml:377(para)
22341
#: serverguide/C/lamp-applications.xml:404(para)
22322
22342
msgid ""
22323
22343
"For more details, please refer to the <ulink "
22324
22344
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
22325
22345
msgstr ""
22326
22346
22327
#: serverguide/C/lamp-applications.xml:394(para)
22347
#: serverguide/C/lamp-applications.xml:410(para)
22328
22348
msgid ""
22329
22349
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
22330
22350
"Administrators' Tutorial Guide</ulink> contains a wealth of information for "
22331
22351
"new MediaWiki administrators."
22332
22352
msgstr ""
22333
22353
22334
#: serverguide/C/lamp-applications.xml:389(para)
22354
#: serverguide/C/lamp-applications.xml:416(para)
22335
22355
msgid ""
22336
22356
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
22337
22357
"Wiki MediaWiki</ulink> page is a good resource."
22338
22358
msgstr ""
22339
22359
22340
#: serverguide/C/lamp-applications.xml:399(title)
22360
#: serverguide/C/lamp-applications.xml:426(title)
22341
22361
msgid "phpMyAdmin"
22342
22362
msgstr ""
22343
22363
22344
#: serverguide/C/lamp-applications.xml:401(para)
22364
#: serverguide/C/lamp-applications.xml:428(para)
22345
22365
msgid ""
22346
22366
"<application>phpMyAdmin</application> is a LAMP application specifically "
22347
22367
"written for administering <application>MySQL</application> servers. Written "
22349
22369
"phpMyAdmin provides a graphical interface for database administration tasks."
22350
22370
msgstr ""
22351
22371
22352
#: serverguide/C/lamp-applications.xml:410(para)
22372
#: serverguide/C/lamp-applications.xml:437(para)
22353
22373
msgid ""
22354
22374
"Before installing <application>phpMyAdmin</application> you will need access "
22355
22375
"to a <application>MySQL</application> database either on the same host as "
22358
22378
"enter:"
22359
22379
msgstr ""
22360
22380
22361
#: serverguide/C/lamp-applications.xml:417(command)
22381
#: serverguide/C/lamp-applications.xml:444(command)
22362
22382
msgid "sudo apt-get install phpmyadmin"
22363
22383
msgstr ""
22364
22384
22365
#: serverguide/C/lamp-applications.xml:420(para)
22385
#: serverguide/C/lamp-applications.xml:447(para)
22366
22386
msgid ""
22367
22387
"At the prompt choose which web server to be configured for "
22368
22388
"<application>phpMyAdmin</application>. The rest of this section will use "
22369
22389
"<application>Apache2</application> for the web server."
22370
22390
msgstr ""
22371
22391
22372
#: serverguide/C/lamp-applications.xml:436(para)
22392
#: serverguide/C/lamp-applications.xml:452(para)
22373
22393
msgid ""
22374
22394
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
22375
22395
"replacing <emphasis role=\"italic\">servername</emphasis> with the server's "
22379
22399
"user's password."
22380
22400
msgstr ""
22381
22401
22382
#: serverguide/C/lamp-applications.xml:432(para)
22402
#: serverguide/C/lamp-applications.xml:459(para)
22383
22403
msgid ""
22384
22404
"Once logged in you can reset the <emphasis>root</emphasis> password if "
22385
22405
"needed, create users, create/destroy databases and tables, etc."
22386
22406
msgstr ""
22387
22407
22388
#: serverguide/C/lamp-applications.xml:440(para)
22408
#: serverguide/C/lamp-applications.xml:467(para)
22389
22409
msgid ""
22390
22410
"The configuration files for <application>phpMyAdmin</application> are "
22391
22411
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
22394
22414
"<application>phpMyAdmin</application>."
22395
22415
msgstr ""
22396
22416
22397
#: serverguide/C/lamp-applications.xml:446(para)
22417
#: serverguide/C/lamp-applications.xml:473(para)
22398
22418
msgid ""
22399
22419
"To use <application>phpMyAdmin</application> to administer a MySQL database "
22400
22420
"hosted on another server, adjust the following in "
22401
22421
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
22402
22422
msgstr ""
22403
22423
22404
#: serverguide/C/lamp-applications.xml:451(programlisting)
22424
#: serverguide/C/lamp-applications.xml:478(programlisting)
22405
22425
#, no-wrap
22406
22426
msgid ""
22407
22427
"\n"
22408
22428
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
22409
22429
msgstr ""
22410
22430
22411
#: serverguide/C/lamp-applications.xml:456(para)
22431
#: serverguide/C/lamp-applications.xml:483(para)
22412
22432
msgid ""
22413
22433
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
22414
22434
"remote database server name or IP address. Also, be sure that the "
22416
22436
"remote database."
22417
22437
msgstr ""
22418
22438
22419
#: serverguide/C/lamp-applications.xml:462(para)
22439
#: serverguide/C/lamp-applications.xml:489(para)
22420
22440
msgid ""
22421
22441
"Once configured, log out of <application>phpMyAdmin</application> and back "
22422
22442
"in, and you should be accessing the new server."
22423
22443
msgstr ""
22424
22444
22425
#: serverguide/C/lamp-applications.xml:466(para)
22445
#: serverguide/C/lamp-applications.xml:493(para)
22426
22446
msgid ""
22427
22447
"The <filename>config.header.inc.php</filename> and "
22428
22448
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22429
22449
"header and footer to <application>phpMyAdmin</application>."
22430
22450
msgstr ""
22431
22451
22432
#: serverguide/C/lamp-applications.xml:471(para)
22452
#: serverguide/C/lamp-applications.xml:498(para)
22433
22453
msgid ""
22434
22454
"Another important configuration file is "
22435
22455
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22436
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22437
"configure <application>Apache2</application> to serve the "
22438
"<application>phpMyAdmin</application> site. The file contains directives for "
22439
"loading <application>PHP</application>, directory permissions, etc. For more "
22440
"information on configuring <application>Apache2</application> see <xref "
22441
"linkend=\"httpd\"/>."
22442
msgstr ""
22443
22444
#: serverguide/C/lamp-applications.xml:485(para)
22456
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22457
"enabled, is used to configure <application>Apache2</application> to serve "
22458
"the <application>phpMyAdmin</application> site. The file contains directives "
22459
"for loading <application>PHP</application>, directory permissions, etc. From "
22460
"a terminal type:"
22461
msgstr ""
22462
22463
#: serverguide/C/lamp-applications.xml:506(command)
22464
msgid ""
22465
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22466
"available/phpmyadmin.conf"
22467
msgstr ""
22468
22469
#: serverguide/C/lamp-applications.xml:507(command)
22470
msgid "sudo a2enconf phpmyadmin.conf"
22471
msgstr ""
22472
22473
#: serverguide/C/lamp-applications.xml:511(para)
22474
msgid ""
22475
"For more information on configuring <application>Apache2</application> see "
22476
"<xref linkend=\"httpd\"/>."
22477
msgstr ""
22478
22479
#: serverguide/C/lamp-applications.xml:522(para)
22445
22480
msgid ""
22446
22481
"The <application>phpMyAdmin</application> documentation comes installed with "
22447
22482
"the package and can be accessed from the <emphasis>phpMyAdmin "
22450
22485
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22451
22486
msgstr ""
22452
22487
22453
#: serverguide/C/lamp-applications.xml:492(para)
22488
#: serverguide/C/lamp-applications.xml:529(para)
22454
22489
msgid ""
22455
22490
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22456
22491
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22457
22492
msgstr ""
22458
22493
22459
#: serverguide/C/lamp-applications.xml:497(para)
22494
#: serverguide/C/lamp-applications.xml:534(para)
22460
22495
msgid ""
22461
22496
"A third resource is the <ulink "
22462
22497
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22463
22498
"Wiki</ulink> page."
22464
22499
msgstr ""
22465
22500
22466
#: serverguide/C/lamp-applications.xml:517(title)
22501
#: serverguide/C/lamp-applications.xml:543(title)
22467
22502
msgid "WordPress"
22468
22503
msgstr ""
22469
22504
22470
#: serverguide/C/lamp-applications.xml:518(para)
22505
#: serverguide/C/lamp-applications.xml:544(para)
22471
22506
msgid ""
22472
22507
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22473
22508
"licensed under the GNU GPLv2."
22474
22509
msgstr ""
22475
22510
22476
#: serverguide/C/lamp-applications.xml:524(para)
22511
#: serverguide/C/lamp-applications.xml:550(para)
22477
22512
msgid ""
22478
22513
"To install <application>WordPress</application>, run the following comand in "
22479
22514
"the command prompt:"
22480
22515
msgstr ""
22481
22516
22482
#: serverguide/C/lamp-applications.xml:529(command)
22517
#: serverguide/C/lamp-applications.xml:555(command)
22483
22518
msgid "sudo apt-get install wordpress"
22484
22519
msgstr ""
22485
22520
22486
#: serverguide/C/lamp-applications.xml:532(para)
22521
#: serverguide/C/lamp-applications.xml:558(para)
22487
22522
msgid ""
22488
22523
"You should also install <application>apache2</application> web server and "
22489
22524
"<application>mysql</application> server. For installing "
22494
22529
"linkend=\"mysql\"/> section."
22495
22530
msgstr ""
22496
22531
22497
#: serverguide/C/lamp-applications.xml:546(para)
22532
#: serverguide/C/lamp-applications.xml:572(para)
22498
22533
msgid ""
22499
22534
"For configuring your first <application>WordPress</application> application, "
22500
22535
"configure an apache site. Open <filename>/etc/apache2/sites-"
22501
22536
"available/wordpress.conf</filename> and write the following lines:"
22502
22537
msgstr ""
22503
22538
22504
#: serverguide/C/lamp-applications.xml:553(programlisting)
22539
#: serverguide/C/lamp-applications.xml:579(programlisting)
22505
22540
#, no-wrap
22506
22541
msgid ""
22507
22542
"\n"
22521
22556
" "
22522
22557
msgstr ""
22523
22558
22524
#: serverguide/C/lamp-applications.xml:569(para)
22559
#: serverguide/C/lamp-applications.xml:595(para)
22525
22560
msgid "Enable this new <application>WordPress</application> site"
22526
22561
msgstr ""
22527
22562
22528
#: serverguide/C/lamp-applications.xml:572(command)
22563
#: serverguide/C/lamp-applications.xml:598(command)
22529
22564
msgid "sudo a2ensite wordpress"
22530
22565
msgstr ""
22531
22566
22532
#: serverguide/C/lamp-applications.xml:575(para)
22567
#: serverguide/C/lamp-applications.xml:601(para)
22533
22568
msgid ""
22534
22569
"Once you configure the <application>apache2</application> web server and "
22535
22570
"make it ready for your <application>WordPress</application> application, you "
22537
22572
"<application>apache2</application> web server:"
22538
22573
msgstr ""
22539
22574
22540
#: serverguide/C/lamp-applications.xml:587(para)
22575
#: serverguide/C/lamp-applications.xml:613(para)
22541
22576
msgid ""
22542
22577
"To facilitate multiple <application>WordPress</application> installations, "
22543
22578
"the name of this configuration file is based on the Host header of the HTTP "
22550
22585
"NAME_OF_YOUR_VIRTUAL_HOST.php."
22551
22586
msgstr ""
22552
22587
22553
#: serverguide/C/lamp-applications.xml:598(para)
22588
#: serverguide/C/lamp-applications.xml:624(para)
22554
22589
msgid ""
22555
22590
"Once the configuration file is written, it is up to you to choose a "
22556
22591
"convention for username and password to mysql for each "
22558
22593
"shows only one, localhost, example."
22559
22594
msgstr ""
22560
22595
22561
#: serverguide/C/lamp-applications.xml:605(para)
22596
#: serverguide/C/lamp-applications.xml:631(para)
22562
22597
msgid ""
22563
22598
"Now configure <application>WordPress</application> to use a mysql database. "
22564
22599
"Open <filename>/etc/wordpress/config-localhost.php</filename> file and write "
22565
22600
"the following lines:"
22566
22601
msgstr ""
22567
22602
22568
#: serverguide/C/lamp-applications.xml:611(programlisting)
22603
#: serverguide/C/lamp-applications.xml:637(programlisting)
22569
22604
#, no-wrap
22570
22605
msgid ""
22571
22606
"\n"
22578
22613
"?>\n"
22579
22614
msgstr ""
22580
22615
22581
#: serverguide/C/lamp-applications.xml:620(para)
22616
#: serverguide/C/lamp-applications.xml:646(para)
22582
22617
msgid ""
22583
22618
"Now create this mysql database. Open a temporary file with mysql commands "
22584
22619
"<filename>wordpress.sql</filename> and write the following lines:"
22585
22620
msgstr ""
22586
22621
22587
#: serverguide/C/lamp-applications.xml:623(programlisting)
22622
#: serverguide/C/lamp-applications.xml:649(programlisting)
22588
22623
#, no-wrap
22589
22624
msgid ""
22590
22625
"\n"
22596
22631
"FLUSH PRIVILEGES;\n"
22597
22632
msgstr ""
22598
22633
22599
#: serverguide/C/lamp-applications.xml:631(para)
22634
#: serverguide/C/lamp-applications.xml:657(para)
22600
22635
msgid "Execute these commands."
22601
22636
msgstr ""
22602
22637
22603
#: serverguide/C/lamp-applications.xml:633(command)
22638
#: serverguide/C/lamp-applications.xml:659(command)
22604
22639
msgid ""
22605
22640
"cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf"
22606
22641
msgstr ""
22607
22642
22608
#: serverguide/C/lamp-applications.xml:635(para)
22643
#: serverguide/C/lamp-applications.xml:661(para)
22609
22644
msgid ""
22610
22645
"Your new <application>WordPress</application> can now be configured by "
22611
22646
"visiting <ulink url=\"http://localhost/blog/wp-"
22618
22653
"mail and click Install WordPress."
22619
22654
msgstr ""
22620
22655
22621
#: serverguide/C/lamp-applications.xml:642(para)
22656
#: serverguide/C/lamp-applications.xml:668(para)
22622
22657
msgid ""
22623
22658
"Note the generated password (if applicable) and click the login password. "
22624
22659
"Your <application>WordPress</application> is now ready for use."
22625
22660
msgstr ""
22626
22661
22627
#: serverguide/C/lamp-applications.xml:652(ulink)
22662
#: serverguide/C/lamp-applications.xml:678(ulink)
22628
22663
msgid "WordPress.org Codex"
22629
22664
msgstr ""
22630
22665
22631
#: serverguide/C/lamp-applications.xml:657(ulink)
22666
#: serverguide/C/lamp-applications.xml:683(ulink)
22632
22667
msgid "Ubuntu Wiki WordPress"
22633
22668
msgstr ""
22634
22669
22665
22700
#: serverguide/C/introduction.xml:31(para)
22666
22701
msgid ""
22667
22702
"There are a couple of different ways that Ubuntu Server Edition is "
22668
"supported, commercial support and community support. The main commercial "
22669
"support (and development funding) is available from Canonical Ltd. They "
22670
"supply reasonably priced support contracts on a per desktop or per server "
22703
"supported: commercial support and community support. The main commercial "
22704
"support (and development funding) is available from Canonical, Ltd. They "
22705
"supply reasonably- priced support contracts on a per desktop or per server "
22671
22706
"basis. For more information see the <ulink "
22672
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22673
"page."
22707
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22674
22708
msgstr ""
22675
22709
22676
#: serverguide/C/introduction.xml:38(para)
22710
#: serverguide/C/introduction.xml:40(para)
22677
22711
msgid ""
22678
"Community support is also provided by dedicated individuals, and companies, "
22712
"Community support is also provided by dedicated individuals and companies "
22679
22713
"that wish to make Ubuntu the best distribution possible. Support is provided "
22680
22714
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22681
22715
"large amount of information available can be overwhelming, but a good search "
22723
22757
msgid "Install Type"
22724
22758
msgstr ""
22725
22759
22726
#: serverguide/C/virtualization.xml:1186(para) serverguide/C/virtualization.xml:1248(para) serverguide/C/installation.xml:36(para)
22760
#: serverguide/C/installation.xml:36(para)
22727
22761
msgid "CPU"
22728
22762
msgstr ""
22729
22763
22755
22789
msgid "512 megabytes"
22756
22790
msgstr ""
22757
22791
22758
#: serverguide/C/installation.xml:51(para)
22792
#: serverguide/C/installation.xml:50(para)
22759
22793
msgid "1 gigabyte"
22760
22794
msgstr ""
22761
22795
22767
22801
msgid "Server (Minimal)"
22768
22802
msgstr ""
22769
22803
22770
#: serverguide/C/installation.xml:48(para)
22804
#: serverguide/C/installation.xml:55(para)
22771
22805
msgid "300 megahertz"
22772
22806
msgstr ""
22773
22807
22783
22817
msgid "1.4 gigabytes"
22784
22818
msgstr ""
22785
22819
22786
#: serverguide/C/installation.xml:56(para)
22820
#: serverguide/C/installation.xml:64(para)
22787
22821
msgid ""
22788
22822
"The Server Edition provides a common base for all sorts of server "
22789
22823
"applications. It is a minimalist design providing a platform for the desired "
22790
22824
"services, such as file/print services, web hosting, email hosting, etc."
22791
22825
msgstr ""
22792
22826
22793
#: serverguide/C/installation.xml:70(title)
22827
#: serverguide/C/installation.xml:72(title)
22794
22828
msgid "Server and Desktop Differences"
22795
22829
msgstr ""
22796
22830
22797
#: serverguide/C/installation.xml:71(para)
22831
#: serverguide/C/installation.xml:73(para)
22798
22832
msgid ""
22799
22833
"There are a few differences between the <emphasis>Ubuntu Server "
22800
22834
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
22810
22844
"environment in the Server Edition and the installation process."
22811
22845
msgstr ""
22812
22846
22813
#: serverguide/C/installation.xml:84(title)
22847
#: serverguide/C/installation.xml:86(title)
22814
22848
msgid "Kernel Differences:"
22815
22849
msgstr ""
22816
22850
22817
#: serverguide/C/installation.xml:85(para)
22851
#: serverguide/C/installation.xml:87(para)
22818
22852
msgid ""
22819
22853
"Ubuntu version 10.10 and prior, actually had different kernels for the "
22820
22854
"server and desktop editions. Ubuntu no longer has separate -server and -"
22822
22856
"flavor to help reduce the maintenance burden over the life of the release."
22823
22857
msgstr ""
22824
22858
22825
#: serverguide/C/installation.xml:90(para)
22859
#: serverguide/C/installation.xml:92(para)
22826
22860
msgid ""
22827
22861
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
22828
22862
"limited by memory addressing space."
22836
22870
"great resource on the options available."
22837
22871
msgstr ""
22838
22872
22839
#: serverguide/C/installation.xml:104(title)
22873
#: serverguide/C/installation.xml:106(title)
22840
22874
msgid "Backing Up"
22841
22875
msgstr ""
22842
22876
22843
#: serverguide/C/installation.xml:107(para)
22877
#: serverguide/C/installation.xml:109(para)
22844
22878
msgid ""
22845
22879
"Before installing <application>Ubuntu Server Edition</application> you "
22846
22880
"should make sure all data on the system is backed up. See <xref "
22847
22881
"linkend=\"backups\"/> for backup options."
22848
22882
msgstr ""
22849
22883
22850
#: serverguide/C/installation.xml:111(para)
22884
#: serverguide/C/installation.xml:113(para)
22851
22885
msgid ""
22852
22886
"If this is not the first time an operating system has been installed on your "
22853
22887
"computer, it is likely you will need to re-partition your disk to make room "
22854
22888
"for Ubuntu."
22855
22889
msgstr ""
22856
22890
22857
#: serverguide/C/installation.xml:115(para)
22891
#: serverguide/C/installation.xml:117(para)
22858
22892
msgid ""
22859
22893
"Any time you partition your disk, you should be prepared to lose everything "
22860
22894
"on the disk should you make a mistake or something goes wrong during "
22862
22896
"have seen years of use, but they also perform destructive actions."
22863
22897
msgstr ""
22864
22898
22865
#: serverguide/C/installation.xml:127(title)
22899
#: serverguide/C/installation.xml:129(title)
22866
22900
msgid "Installing from CD"
22867
22901
msgstr ""
22868
22902
22869
#: serverguide/C/installation.xml:128(para)
22903
#: serverguide/C/installation.xml:130(para)
22870
22904
msgid ""
22871
22905
"The basic steps to install Ubuntu Server Edition from CD are the same as "
22872
22906
"those for installing any operating system from CD. Unlike the "
22875
22909
"Server Edition uses a console menu based process instead."
22876
22910
msgstr ""
22877
22911
22878
#: serverguide/C/installation.xml:135(para)
22912
#: serverguide/C/installation.xml:137(para)
22879
22913
msgid ""
22880
"First, download and burn the appropriate ISO file from the <ulink "
22914
"Download and burn the appropriate ISO file from the <ulink "
22881
22915
"url=\"http://www.ubuntu.com/download/server/download\"> Ubuntu web "
22882
22916
"site</ulink>."
22883
22917
msgstr ""
22884
22918
22885
#: serverguide/C/installation.xml:141(para)
22919
#: serverguide/C/installation.xml:143(para)
22886
22920
msgid "Boot the system from the CD-ROM drive."
22887
22921
msgstr ""
22888
22922
22889
#: serverguide/C/installation.xml:146(para)
22923
#: serverguide/C/installation.xml:148(para)
22890
22924
msgid "At the boot prompt you will be asked to select a language."
22891
22925
msgstr ""
22892
22926
22893
#: serverguide/C/installation.xml:151(para)
22927
#: serverguide/C/installation.xml:153(para)
22894
22928
msgid ""
22895
22929
"From the main boot menu there are some additional options to install Ubuntu "
22896
22930
"Server Edition. You can install a basic Ubuntu Server, check the CD-ROM for "
22899
22933
"install."
22900
22934
msgstr ""
22901
22935
22902
#: serverguide/C/installation.xml:158(para)
22936
#: serverguide/C/installation.xml:160(para)
22903
22937
msgid ""
22904
"The installer asks for which language it should use. Afterwards, you are "
22905
"asked to select your location."
22938
"The installer asks which language it should use. Afterwards, you are asked "
22939
"to select your location."
22906
22940
msgstr ""
22907
22941
22908
#: serverguide/C/installation.xml:164(para)
22942
#: serverguide/C/installation.xml:166(para)
22909
22943
msgid ""
22910
22944
"Next, the installation process begins by asking for your keyboard layout. "
22911
22945
"You can ask the installer to attempt auto-detecting it, or you can select it "
22912
22946
"manually from a list."
22913
22947
msgstr ""
22914
22948
22915
#: serverguide/C/installation.xml:170(para)
22949
#: serverguide/C/installation.xml:172(para)
22916
22950
msgid ""
22917
22951
"The installer then discovers your hardware configuration, and configures the "
22918
22952
"network settings using DHCP. If you do not wish to use DHCP at the next "
22924
22958
msgid "Next, the installer asks for the system's hostname."
22925
22959
msgstr ""
22926
22960
22927
#: serverguide/C/installation.xml:195(para)
22961
#: serverguide/C/installation.xml:184(para)
22928
22962
msgid ""
22929
22963
"A new user is set up; this user will have <emphasis>root</emphasis> access "
22930
22964
"through the <application>sudo</application> utility."
22931
22965
msgstr ""
22932
22966
22933
#: serverguide/C/installation.xml:201(para)
22967
#: serverguide/C/installation.xml:190(para)
22934
22968
msgid ""
22935
"After the user settings have been completed, you will be asked to encrypt "
22936
"your <filename role=\"directory\">home</filename> directory."
22969
"After the user settings have been completed, you will be asked if you want "
22970
"to encrypt your <filename role=\"directory\">home</filename> directory."
22937
22971
msgstr ""
22938
22972
22939
22973
#: serverguide/C/installation.xml:196(para)
22940
22974
msgid "Next, the installer asks for the system's Time Zone."
22941
22975
msgstr ""
22942
22976
22943
#: serverguide/C/installation.xml:182(para)
22977
#: serverguide/C/installation.xml:201(para)
22944
22978
msgid ""
22945
22979
"You can then choose from several options to configure the hard drive layout. "
22946
"Afterwards you are asked for which disk to install to. You may get "
22947
"confirmation prompts before rewriting the partition table or setting up LVM "
22948
"depending on disk layout. If you choose LVM, you will be asked for the size "
22949
"of the root logical volume. For advanced disk options see <xref "
22950
"linkend=\"advanced-installation\"/>."
22980
"Afterwards you are asked which disk to install to. You may get confirmation "
22981
"prompts before rewriting the partition table or setting up LVM depending on "
22982
"disk layout. If you choose LVM, you will be asked for the size of the root "
22983
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
22984
"installation\"/>."
22951
22985
msgstr ""
22952
22986
22953
#: serverguide/C/installation.xml:190(para)
22987
#: serverguide/C/installation.xml:209(para)
22954
22988
msgid "The Ubuntu base system is then installed."
22955
22989
msgstr ""
22956
22990
22957
#: serverguide/C/installation.xml:207(para)
22991
#: serverguide/C/installation.xml:214(para)
22958
22992
msgid ""
22959
22993
"The next step in the installation process is to decide how you want to "
22960
22994
"update the system. There are three options:"
22961
22995
msgstr ""
22962
22996
22963
#: serverguide/C/installation.xml:213(para)
22997
#: serverguide/C/installation.xml:220(para)
22964
22998
msgid ""
22965
22999
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
22966
23000
"log into the machine and manually install updates."
22967
23001
msgstr ""
22968
23002
22969
#: serverguide/C/installation.xml:219(para)
23003
#: serverguide/C/installation.xml:226(para)
22970
23004
msgid ""
22971
23005
"<emphasis>Install security updates automatically</emphasis>: this will "
22972
23006
"install the <application>unattended-upgrades</application> package, which "
22974
23008
"For more details see <xref linkend=\"automatic-updates\"/>."
22975
23009
msgstr ""
22976
23010
22977
#: serverguide/C/installation.xml:226(para)
23011
#: serverguide/C/installation.xml:233(para)
22978
23012
msgid ""
22979
23013
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
22980
23014
"service provided by Canonical to help manage your Ubuntu machines. See the "
22981
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
22982
"site for details."
23015
"<ulink url=\"http://landscape.canonical.com/\">Landscape</ulink> site for "
23016
"details."
22983
23017
msgstr ""
22984
23018
22985
#: serverguide/C/installation.xml:235(para)
23019
#: serverguide/C/installation.xml:242(para)
22986
23020
msgid ""
22987
23021
"You now have the option to install, or not install, several package tasks. "
22988
23022
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
22990
23024
"install. For more information see <xref linkend=\"aptitude\"/>."
22991
23025
msgstr ""
22992
23026
22993
#: serverguide/C/installation.xml:243(para)
23027
#: serverguide/C/installation.xml:250(para)
22994
23028
msgid "Finally, the last step before rebooting is to set the clock to UTC."
22995
23029
msgstr ""
22996
23030
22997
#: serverguide/C/installation.xml:249(para)
23031
#: serverguide/C/installation.xml:256(para)
22998
23032
msgid ""
22999
23033
"If at any point during installation you are not satisfied by the default "
23000
23034
"setting, use the \"Go Back\" function at any prompt to be brought to a "
23002
23036
"settings."
23003
23037
msgstr ""
23004
23038
23005
#: serverguide/C/installation.xml:254(para)
23039
#: serverguide/C/installation.xml:261(para)
23006
23040
msgid ""
23007
23041
"At some point during the installation process you may want to read the help "
23008
23042
"screen provided by the installation system. To do this, press F1."
23015
23049
"Installation Guide</ulink>."
23016
23050
msgstr ""
23017
23051
23018
#: serverguide/C/installation.xml:265(title)
23052
#: serverguide/C/installation.xml:272(title)
23019
23053
msgid "Package Tasks"
23020
23054
msgstr ""
23021
23055
23022
#: serverguide/C/installation.xml:266(para)
23056
#: serverguide/C/installation.xml:273(para)
23023
23057
msgid ""
23024
23058
"During the Server Edition installation you have the option of installing "
23025
23059
"additional packages from the CD. The packages are grouped by the type of "
23026
23060
"service they provide."
23027
23061
msgstr ""
23028
23062
23029
#: serverguide/C/installation.xml:272(para)
23063
#: serverguide/C/installation.xml:279(para)
23030
23064
msgid "DNS server: Selects the BIND DNS server and its documentation."
23031
23065
msgstr ""
23032
23066
23033
#: serverguide/C/installation.xml:277(para)
23067
#: serverguide/C/installation.xml:284(para)
23034
23068
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23035
23069
msgstr ""
23036
23070
23037
#: serverguide/C/installation.xml:282(para)
23071
#: serverguide/C/installation.xml:289(para)
23038
23072
msgid ""
23039
23073
"Mail server: This task selects a variety of packages useful for a general "
23040
23074
"purpose mail server system."
23041
23075
msgstr ""
23042
23076
23043
#: serverguide/C/installation.xml:287(para)
23077
#: serverguide/C/installation.xml:294(para)
23044
23078
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23045
23079
msgstr ""
23046
23080
23047
#: serverguide/C/installation.xml:292(para)
23081
#: serverguide/C/installation.xml:299(para)
23048
23082
msgid ""
23049
23083
"PostgreSQL database: This task selects client and server packages for the "
23050
23084
"PostgreSQL database."
23051
23085
msgstr ""
23052
23086
23053
#: serverguide/C/installation.xml:297(para)
23087
#: serverguide/C/installation.xml:304(para)
23054
23088
msgid "Print server: This task sets up your system to be a print server."
23055
23089
msgstr ""
23056
23090
23057
#: serverguide/C/installation.xml:302(para)
23091
#: serverguide/C/installation.xml:309(para)
23058
23092
msgid ""
23059
23093
"Samba File server: This task sets up your system to be a Samba file server, "
23060
23094
"which is especially suitable in networks with both Windows and Linux systems."
23061
23095
msgstr ""
23062
23096
23063
#: serverguide/C/installation.xml:308(para)
23097
#: serverguide/C/installation.xml:315(para)
23064
23098
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23065
23099
msgstr ""
23066
23100
23067
#: serverguide/C/installation.xml:313(para)
23101
#: serverguide/C/installation.xml:320(para)
23068
23102
msgid ""
23069
23103
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23070
23104
msgstr ""
23071
23105
23072
#: serverguide/C/installation.xml:318(para)
23106
#: serverguide/C/installation.xml:325(para)
23073
23107
msgid ""
23074
23108
"Manually select packages: Executes <application>aptitude</application> "
23075
23109
"allowing you to individually select packages."
23076
23110
msgstr ""
23077
23111
23078
#: serverguide/C/installation.xml:323(para)
23112
#: serverguide/C/installation.xml:330(para)
23079
23113
msgid ""
23080
23114
"Installing the package groups is accomplished using the "
23081
23115
"<application>tasksel</application> utility. One of the important differences "
23086
23120
"a fully integrated service."
23087
23121
msgstr ""
23088
23122
23089
#: serverguide/C/installation.xml:330(para)
23123
#: serverguide/C/installation.xml:337(para)
23090
23124
msgid ""
23091
23125
"Once the installation process has finished you can view a list of available "
23092
23126
"tasks by entering the following from a terminal prompt:"
23093
23127
msgstr ""
23094
23128
23095
#: serverguide/C/installation.xml:335(command)
23129
#: serverguide/C/installation.xml:342(command)
23096
23130
msgid "tasksel --list-tasks"
23097
23131
msgstr ""
23098
23132
23099
#: serverguide/C/installation.xml:338(para)
23133
#: serverguide/C/installation.xml:345(para)
23100
23134
msgid ""
23101
23135
"The output will list tasks from other Ubuntu based distributions such as "
23102
23136
"Kubuntu and Edubuntu. Note that you can also invoke the "
23104
23138
"the different tasks available."
23105
23139
msgstr ""
23106
23140
23107
#: serverguide/C/installation.xml:344(para)
23141
#: serverguide/C/installation.xml:351(para)
23108
23142
msgid ""
23109
23143
"You can view a list of which packages are installed with each task using the "
23110
23144
"<emphasis>--task-packages</emphasis> option. For example, to list the "
23112
23146
"following:"
23113
23147
msgstr ""
23114
23148
23115
#: serverguide/C/installation.xml:349(command)
23149
#: serverguide/C/installation.xml:356(command)
23116
23150
msgid "tasksel --task-packages dns-server"
23117
23151
msgstr ""
23118
23152
23119
#: serverguide/C/installation.xml:351(para)
23153
#: serverguide/C/installation.xml:358(para)
23120
23154
msgid "The output of the command should list:"
23121
23155
msgstr ""
23122
23156
23123
#: serverguide/C/installation.xml:354(programlisting)
23157
#: serverguide/C/installation.xml:361(programlisting)
23124
23158
#, no-wrap
23125
23159
msgid ""
23126
23160
"\n"
23129
23163
"bind9\n"
23130
23164
msgstr ""
23131
23165
23132
#: serverguide/C/installation.xml:359(para)
23166
#: serverguide/C/installation.xml:366(para)
23133
23167
msgid ""
23134
23168
"If you did not install one of the tasks during the installation process, but "
23135
23169
"for example you decide to make your new LAMP server a DNS server as well, "
23136
23170
"simply insert the installation CD and from a terminal:"
23137
23171
msgstr ""
23138
23172
23139
#: serverguide/C/installation.xml:364(command)
23173
#: serverguide/C/installation.xml:371(command)
23140
23174
msgid "sudo tasksel install dns-server"
23141
23175
msgstr ""
23142
23176
23143
#: serverguide/C/installation.xml:369(title)
23177
#: serverguide/C/installation.xml:376(title)
23144
23178
msgid "Upgrading"
23145
23179
msgstr ""
23146
23180
23147
#: serverguide/C/installation.xml:370(para)
23181
#: serverguide/C/installation.xml:377(para)
23148
23182
msgid ""
23149
23183
"There are several ways to upgrade from one Ubuntu release to another. This "
23150
23184
"section gives an overview of the recommended upgrade method."
23151
23185
msgstr ""
23152
23186
23153
#: serverguide/C/installation.xml:374(title) serverguide/C/installation.xml:389(command)
23187
#: serverguide/C/installation.xml:381(title) serverguide/C/installation.xml:396(command)
23154
23188
msgid "do-release-upgrade"
23155
23189
msgstr ""
23156
23190
23157
#: serverguide/C/installation.xml:375(para)
23191
#: serverguide/C/installation.xml:382(para)
23158
23192
msgid ""
23159
23193
"The recommended way to upgrade a Server Edition installation is to use the "
23160
23194
"<application>do-release-upgrade</application> utility. Part of the "
23162
23196
"graphical dependencies and is installed by default."
23163
23197
msgstr ""
23164
23198
23165
#: serverguide/C/installation.xml:380(para)
23199
#: serverguide/C/installation.xml:387(para)
23166
23200
msgid ""
23167
23201
"Debian based systems can also be upgraded by using <command>apt-get dist-"
23168
23202
"upgrade</command>. However, using <application>do-release-"
23170
23204
"system configuration changes sometimes needed between releases."
23171
23205
msgstr ""
23172
23206
23173
#: serverguide/C/installation.xml:385(para)
23207
#: serverguide/C/installation.xml:392(para)
23174
23208
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23175
23209
msgstr ""
23176
23210
23177
#: serverguide/C/installation.xml:391(para)
23211
#: serverguide/C/installation.xml:398(para)
23178
23212
msgid ""
23179
23213
"It is also possible to use <application>do-release-upgrade</application> to "
23180
23214
"upgrade to a development version of Ubuntu. To accomplish this use the "
23181
23215
"<emphasis>-d</emphasis> switch:"
23182
23216
msgstr ""
23183
23217
23184
#: serverguide/C/installation.xml:396(command)
23218
#: serverguide/C/installation.xml:403(command)
23185
23219
msgid "do-release-upgrade -d"
23186
23220
msgstr ""
23187
23221
23188
#: serverguide/C/installation.xml:399(para)
23222
#: serverguide/C/installation.xml:406(para)
23189
23223
msgid ""
23190
23224
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23191
23225
"for production environments."
23192
23226
msgstr ""
23193
23227
23194
#: serverguide/C/installation.xml:406(title)
23228
#: serverguide/C/installation.xml:413(title)
23195
23229
msgid "Advanced Installation"
23196
23230
msgstr ""
23197
23231
23198
#: serverguide/C/installation.xml:409(title)
23232
#: serverguide/C/installation.xml:416(title)
23199
23233
msgid "Software RAID"
23200
23234
msgstr ""
23201
23235
23202
#: serverguide/C/installation.xml:411(para)
23236
#: serverguide/C/installation.xml:418(para)
23203
23237
msgid ""
23204
23238
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23205
23239
"disks to provide different balances of increasing data reliability and/or "
23210
23244
"the drives 'invisibly')."
23211
23245
msgstr ""
23212
23246
23213
#: serverguide/C/installation.xml:419(para)
23247
#: serverguide/C/installation.xml:426(para)
23214
23248
msgid ""
23215
23249
"The RAID software included with current versions of Linux (and Ubuntu) is "
23216
23250
"based on the <application>'mdadm'</application> driver and works very well, "
23220
23254
"another for <emphasis>swap</emphasis>."
23221
23255
msgstr ""
23222
23256
23223
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23257
#: serverguide/C/installation.xml:434(title)
23224
23258
msgid "Partitioning"
23225
23259
msgstr ""
23226
23260
23227
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23261
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23228
23262
msgid ""
23229
23263
"Follow the installation steps until you get to the <emphasis>Partition "
23230
23264
"disks</emphasis> step, then:"
23231
23265
msgstr ""
23232
23266
23233
#: serverguide/C/installation.xml:436(para)
23267
#: serverguide/C/installation.xml:443(para)
23234
23268
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23235
23269
msgstr ""
23236
23270
23237
#: serverguide/C/installation.xml:443(para)
23271
#: serverguide/C/installation.xml:450(para)
23238
23272
msgid ""
23239
23273
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23240
23274
"partition table on this device?\"</emphasis>."
23241
23275
msgstr ""
23242
23276
23243
#: serverguide/C/installation.xml:447(para)
23277
#: serverguide/C/installation.xml:454(para)
23244
23278
msgid ""
23245
23279
"Repeat this step for each drive you wish to be part of the RAID array."
23246
23280
msgstr ""
23247
23281
23248
#: serverguide/C/installation.xml:454(para)
23282
#: serverguide/C/installation.xml:461(para)
23249
23283
msgid ""
23250
23284
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23251
23285
"select <emphasis>\"Create a new partition\"</emphasis>."
23252
23286
msgstr ""
23253
23287
23254
#: serverguide/C/installation.xml:461(para)
23288
#: serverguide/C/installation.xml:468(para)
23255
23289
msgid ""
23256
23290
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23257
23291
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23259
23293
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
23260
23294
msgstr ""
23261
23295
23262
#: serverguide/C/installation.xml:468(para)
23296
#: serverguide/C/installation.xml:475(para)
23263
23297
msgid ""
23264
23298
"A swap partition size of twice the available RAM capacity may not always be "
23265
23299
"desirable, especially on systems with large amounts of RAM. Calculating the "
23267
23301
"going to be used."
23268
23302
msgstr ""
23269
23303
23270
#: serverguide/C/installation.xml:477(para)
23304
#: serverguide/C/installation.xml:484(para)
23271
23305
msgid ""
23272
23306
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
23273
23307
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
23275
23309
"<emphasis>\"Done setting up partition\"</emphasis>."
23276
23310
msgstr ""
23277
23311
23278
#: serverguide/C/installation.xml:486(para)
23312
#: serverguide/C/installation.xml:493(para)
23279
23313
msgid ""
23280
23314
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
23281
23315
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
23282
23316
"partition\"</emphasis>."
23283
23317
msgstr ""
23284
23318
23285
#: serverguide/C/installation.xml:494(para)
23319
#: serverguide/C/installation.xml:501(para)
23286
23320
msgid ""
23287
23321
"Use the rest of the free space on the drive and choose "
23288
23322
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
23289
23323
msgstr ""
23290
23324
23291
#: serverguide/C/installation.xml:501(para)
23325
#: serverguide/C/installation.xml:508(para)
23292
23326
msgid ""
23293
23327
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
23294
23328
"at the top, changing it to <emphasis>\"physical volume for "
23297
23331
"<emphasis>\"Done setting up partition\"</emphasis>."
23298
23332
msgstr ""
23299
23333
23300
#: serverguide/C/installation.xml:511(para)
23334
#: serverguide/C/installation.xml:518(para)
23301
23335
msgid "Repeat steps three through eight for the other disk and partitions."
23302
23336
msgstr ""
23303
23337
23304
#: serverguide/C/installation.xml:520(title)
23338
#: serverguide/C/installation.xml:527(title)
23305
23339
msgid "RAID Configuration"
23306
23340
msgstr ""
23307
23341
23308
#: serverguide/C/installation.xml:522(para)
23342
#: serverguide/C/installation.xml:529(para)
23309
23343
msgid "With the partitions setup the arrays are ready to be configured:"
23310
23344
msgstr ""
23311
23345
23312
#: serverguide/C/installation.xml:529(para)
23346
#: serverguide/C/installation.xml:536(para)
23313
23347
msgid ""
23314
23348
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23315
23349
"Software RAID\"</emphasis> at the top."
23316
23350
msgstr ""
23317
23351
23318
#: serverguide/C/installation.xml:536(para)
23352
#: serverguide/C/installation.xml:543(para)
23319
23353
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23320
23354
msgstr ""
23321
23355
23322
#: serverguide/C/installation.xml:543(para)
23356
#: serverguide/C/installation.xml:550(para)
23323
23357
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23324
23358
msgstr ""
23325
23359
23326
#: serverguide/C/installation.xml:550(para)
23360
#: serverguide/C/installation.xml:557(para)
23327
23361
msgid ""
23328
23362
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23329
23363
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23330
23364
msgstr ""
23331
23365
23332
#: serverguide/C/installation.xml:556(para)
23366
#: serverguide/C/installation.xml:563(para)
23333
23367
msgid ""
23334
23368
"In order to use <emphasis>RAID5</emphasis> you need at least "
23335
23369
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
23336
23370
"<emphasis>two</emphasis> drives are required."
23337
23371
msgstr ""
23338
23372
23339
#: serverguide/C/installation.xml:565(para)
23373
#: serverguide/C/installation.xml:572(para)
23340
23374
msgid ""
23341
23375
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23342
23376
"of hard drives you have, for the array. Then select "
23343
23377
"<emphasis>\"Continue\"</emphasis>."
23344
23378
msgstr ""
23345
23379
23346
#: serverguide/C/installation.xml:573(para)
23380
#: serverguide/C/installation.xml:580(para)
23347
23381
msgid ""
23348
23382
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23349
23383
"default, then choose <emphasis>\"Continue\"</emphasis>."
23350
23384
msgstr ""
23351
23385
23352
#: serverguide/C/installation.xml:580(para)
23386
#: serverguide/C/installation.xml:587(para)
23353
23387
msgid ""
23354
23388
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23355
23389
"etc. The numbers will usually match and the different letters correspond to "
23356
23390
"different hard drives."
23357
23391
msgstr ""
23358
23392
23359
#: serverguide/C/installation.xml:585(para)
23393
#: serverguide/C/installation.xml:592(para)
23360
23394
msgid ""
23361
23395
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23362
23396
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23363
23397
"go to the next step."
23364
23398
msgstr ""
23365
23399
23366
#: serverguide/C/installation.xml:593(para)
23400
#: serverguide/C/installation.xml:600(para)
23367
23401
msgid ""
23368
23402
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23369
23403
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23370
23404
"and <emphasis>sdb2</emphasis>."
23371
23405
msgstr ""
23372
23406
23373
#: serverguide/C/installation.xml:601(para)
23407
#: serverguide/C/installation.xml:608(para)
23374
23408
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23375
23409
msgstr ""
23376
23410
23377
#: serverguide/C/installation.xml:611(title)
23411
#: serverguide/C/installation.xml:618(title)
23378
23412
msgid "Formatting"
23379
23413
msgstr ""
23380
23414
23381
#: serverguide/C/installation.xml:613(para)
23415
#: serverguide/C/installation.xml:620(para)
23382
23416
msgid ""
23383
23417
"There should now be a list of hard drives and RAID devices. The next step is "
23384
23418
"to format and set the mount point for the RAID devices. Treat the RAID "
23385
23419
"device as a local hard drive, format and mount accordingly."
23386
23420
msgstr ""
23387
23421
23388
#: serverguide/C/installation.xml:621(para)
23422
#: serverguide/C/installation.xml:628(para)
23389
23423
msgid ""
23390
23424
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23391
23425
"#0\"</emphasis> partition."
23392
23426
msgstr ""
23393
23427
23394
#: serverguide/C/installation.xml:628(para)
23428
#: serverguide/C/installation.xml:635(para)
23395
23429
msgid ""
23396
23430
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23397
23431
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23398
23432
msgstr ""
23399
23433
23400
#: serverguide/C/installation.xml:636(para)
23434
#: serverguide/C/installation.xml:643(para)
23401
23435
msgid ""
23402
23436
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23403
23437
"#1\"</emphasis> partition."
23404
23438
msgstr ""
23405
23439
23406
#: serverguide/C/installation.xml:643(para)
23440
#: serverguide/C/installation.xml:650(para)
23407
23441
msgid ""
23408
23442
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23409
23443
"journaling file system\"</emphasis>."
23410
23444
msgstr ""
23411
23445
23412
#: serverguide/C/installation.xml:650(para)
23446
#: serverguide/C/installation.xml:657(para)
23413
23447
msgid ""
23414
23448
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23415
23449
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23417
23451
"partition\"</emphasis>."
23418
23452
msgstr ""
23419
23453
23420
#: serverguide/C/installation.xml:658(para)
23454
#: serverguide/C/installation.xml:665(para)
23421
23455
msgid ""
23422
23456
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23423
23457
"disk\"</emphasis>."
23424
23458
msgstr ""
23425
23459
23426
#: serverguide/C/installation.xml:665(para)
23460
#: serverguide/C/installation.xml:672(para)
23427
23461
msgid ""
23428
23462
"If you choose to place the root partition on a RAID array, the installer "
23429
23463
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23430
23464
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23431
23465
msgstr ""
23432
23466
23433
#: serverguide/C/installation.xml:670(para)
23467
#: serverguide/C/installation.xml:677(para)
23434
23468
msgid "The installation process will then continue normally."
23435
23469
msgstr ""
23436
23470
23437
#: serverguide/C/installation.xml:676(title)
23471
#: serverguide/C/installation.xml:683(title)
23438
23472
msgid "Degraded RAID"
23439
23473
msgstr ""
23440
23474
23441
#: serverguide/C/installation.xml:678(para)
23475
#: serverguide/C/installation.xml:685(para)
23442
23476
msgid ""
23443
23477
"At some point in the life of the computer a disk failure event may occur. "
23444
23478
"When this happens, using Software RAID, the operating system will place the "
23445
23479
"array into what is known as a <emphasis>degraded</emphasis> state."
23446
23480
msgstr ""
23447
23481
23448
#: serverguide/C/installation.xml:683(para)
23482
#: serverguide/C/installation.xml:690(para)
23449
23483
msgid ""
23450
23484
"If the array has become degraded, due to the chance of data corruption, by "
23451
23485
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23456
23490
"Booting to a degraded array can be configured several ways:"
23457
23491
msgstr ""
23458
23492
23459
#: serverguide/C/installation.xml:694(para)
23493
#: serverguide/C/installation.xml:701(para)
23460
23494
msgid ""
23461
23495
"The <application>dpkg-reconfigure</application> utility can be used to "
23462
23496
"configure the default behavior, and during the process you will be queried "
23465
23499
"following:"
23466
23500
msgstr ""
23467
23501
23468
#: serverguide/C/installation.xml:701(command)
23502
#: serverguide/C/installation.xml:708(command)
23469
23503
msgid "sudo dpkg-reconfigure mdadm"
23470
23504
msgstr ""
23471
23505
23472
#: serverguide/C/installation.xml:707(para)
23506
#: serverguide/C/installation.xml:714(para)
23473
23507
msgid ""
23474
23508
"The <command>dpkg-reconfigure mdadm</command> process will change the "
23475
23509
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
23477
23511
"behavior, and can also be manually edited:"
23478
23512
msgstr ""
23479
23513
23480
#: serverguide/C/installation.xml:713(programlisting)
23514
#: serverguide/C/installation.xml:720(programlisting)
23481
23515
#, no-wrap
23482
23516
msgid ""
23483
23517
"\n"
23484
23518
"BOOT_DEGRADED=true\n"
23485
23519
msgstr ""
23486
23520
23487
#: serverguide/C/installation.xml:718(para)
23521
#: serverguide/C/installation.xml:725(para)
23488
23522
msgid "The configuration file can be overridden by using a Kernel argument."
23489
23523
msgstr ""
23490
23524
23491
#: serverguide/C/installation.xml:726(para)
23525
#: serverguide/C/installation.xml:733(para)
23492
23526
msgid ""
23493
23527
"Using a Kernel argument will allow the system to boot to a degraded array as "
23494
23528
"well:"
23495
23529
msgstr ""
23496
23530
23497
#: serverguide/C/installation.xml:732(para)
23531
#: serverguide/C/installation.xml:739(para)
23498
23532
msgid ""
23499
23533
"When the server is booting press <keycap>Shift</keycap> to open the "
23500
23534
"<application>Grub</application> menu."
23501
23535
msgstr ""
23502
23536
23503
#: serverguide/C/installation.xml:737(para)
23537
#: serverguide/C/installation.xml:744(para)
23504
23538
msgid "Press <keycap>e</keycap> to edit your kernel command options."
23505
23539
msgstr ""
23506
23540
23507
#: serverguide/C/installation.xml:742(para)
23541
#: serverguide/C/installation.xml:749(para)
23508
23542
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
23509
23543
msgstr ""
23510
23544
23511
#: serverguide/C/installation.xml:747(para)
23545
#: serverguide/C/installation.xml:754(para)
23512
23546
msgid ""
23513
23547
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
23514
23548
"end of the line."
23515
23549
msgstr ""
23516
23550
23517
#: serverguide/C/installation.xml:752(para)
23551
#: serverguide/C/installation.xml:759(para)
23518
23552
msgid ""
23519
23553
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
23520
23554
"the system."
23521
23555
msgstr ""
23522
23556
23523
#: serverguide/C/installation.xml:761(para)
23557
#: serverguide/C/installation.xml:768(para)
23524
23558
msgid ""
23525
23559
"Once the system has booted you can either repair the array see <xref "
23526
23560
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23527
23561
"another machine due to major hardware failure."
23528
23562
msgstr ""
23529
23563
23530
#: serverguide/C/installation.xml:768(title)
23564
#: serverguide/C/installation.xml:775(title)
23531
23565
msgid "RAID Maintenance"
23532
23566
msgstr ""
23533
23567
23534
#: serverguide/C/installation.xml:770(para)
23568
#: serverguide/C/installation.xml:777(para)
23535
23569
msgid ""
23536
23570
"The <application>mdadm</application> utility can be used to view the status "
23537
23571
"of an array, add disks to an array, remove disks, etc:"
23538
23572
msgstr ""
23539
23573
23540
#: serverguide/C/installation.xml:777(para)
23574
#: serverguide/C/installation.xml:784(para)
23541
23575
msgid "To view the status of an array, from a terminal prompt enter:"
23542
23576
msgstr ""
23543
23577
23544
#: serverguide/C/installation.xml:781(command)
23578
#: serverguide/C/installation.xml:788(command)
23545
23579
msgid "sudo mdadm -D /dev/md0"
23546
23580
msgstr ""
23547
23581
23548
#: serverguide/C/installation.xml:784(para)
23582
#: serverguide/C/installation.xml:791(para)
23549
23583
msgid ""
23550
23584
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23551
23585
"display <emphasis>detailed</emphasis> information about the "
23553
23587
"with the appropriate RAID device."
23554
23588
msgstr ""
23555
23589
23556
#: serverguide/C/installation.xml:790(para)
23590
#: serverguide/C/installation.xml:797(para)
23557
23591
msgid "To view the status of a disk in an array:"
23558
23592
msgstr ""
23559
23593
23560
#: serverguide/C/installation.xml:794(command)
23594
#: serverguide/C/installation.xml:801(command)
23561
23595
msgid "sudo mdadm -E /dev/sda1"
23562
23596
msgstr ""
23563
23597
23564
#: serverguide/C/installation.xml:796(para)
23598
#: serverguide/C/installation.xml:803(para)
23565
23599
msgid ""
23566
23600
"The output if very similar to the <command>mdadm -D</command> command, "
23567
23601
"adjust <filename>/dev/sda1</filename> for each disk."
23568
23602
msgstr ""
23569
23603
23570
#: serverguide/C/installation.xml:801(para)
23604
#: serverguide/C/installation.xml:808(para)
23571
23605
msgid "If a disk fails and needs to be removed from an array enter:"
23572
23606
msgstr ""
23573
23607
23574
#: serverguide/C/installation.xml:805(command)
23608
#: serverguide/C/installation.xml:812(command)
23575
23609
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23576
23610
msgstr ""
23577
23611
23578
#: serverguide/C/installation.xml:807(para)
23612
#: serverguide/C/installation.xml:814(para)
23579
23613
msgid ""
23580
23614
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23581
23615
"the appropriate RAID device and disk."
23582
23616
msgstr ""
23583
23617
23584
#: serverguide/C/installation.xml:812(para)
23618
#: serverguide/C/installation.xml:819(para)
23585
23619
msgid "Similarly, to add a new disk:"
23586
23620
msgstr ""
23587
23621
23588
#: serverguide/C/installation.xml:816(command)
23622
#: serverguide/C/installation.xml:823(command)
23589
23623
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23590
23624
msgstr ""
23591
23625
23592
#: serverguide/C/installation.xml:821(para)
23626
#: serverguide/C/installation.xml:828(para)
23593
23627
msgid ""
23594
23628
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23595
23629
"though there is nothing physically wrong with the drive. It is usually "
23598
23632
"the array, it is a good indication of hardware failure."
23599
23633
msgstr ""
23600
23634
23601
#: serverguide/C/installation.xml:827(para)
23635
#: serverguide/C/installation.xml:834(para)
23602
23636
msgid ""
23603
23637
"The <filename>/proc/mdstat</filename> file also contains useful information "
23604
23638
"about the system's RAID devices:"
23605
23639
msgstr ""
23606
23640
23607
#: serverguide/C/installation.xml:832(command)
23641
#: serverguide/C/installation.xml:839(command)
23608
23642
msgid "cat /proc/mdstat"
23609
23643
msgstr ""
23610
23644
23611
#: serverguide/C/installation.xml:833(computeroutput)
23645
#: serverguide/C/installation.xml:840(computeroutput)
23612
23646
#, no-wrap
23613
23647
msgid ""
23614
23648
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
23619
23653
"unused devices: <none>"
23620
23654
msgstr ""
23621
23655
23622
#: serverguide/C/installation.xml:840(para)
23656
#: serverguide/C/installation.xml:847(para)
23623
23657
msgid ""
23624
23658
"The following command is great for watching the status of a syncing drive:"
23625
23659
msgstr ""
23626
23660
23627
#: serverguide/C/installation.xml:845(command)
23661
#: serverguide/C/installation.xml:852(command)
23628
23662
msgid "watch -n1 cat /proc/mdstat"
23629
23663
msgstr ""
23630
23664
23631
#: serverguide/C/installation.xml:848(para)
23665
#: serverguide/C/installation.xml:855(para)
23632
23666
msgid ""
23633
23667
"Press <emphasis>Ctrl+c</emphasis> to stop the "
23634
23668
"<application>watch</application> command."
23635
23669
msgstr ""
23636
23670
23637
#: serverguide/C/installation.xml:852(para)
23671
#: serverguide/C/installation.xml:859(para)
23638
23672
msgid ""
23639
23673
"If you do need to replace a faulty drive, after the drive has been replaced "
23640
23674
"and synced, <application>grub</application> will need to be installed. To "
23642
23676
"following:"
23643
23677
msgstr ""
23644
23678
23645
#: serverguide/C/installation.xml:858(command)
23679
#: serverguide/C/installation.xml:865(command)
23646
23680
msgid "sudo grub-install /dev/md0"
23647
23681
msgstr ""
23648
23682
23649
#: serverguide/C/installation.xml:861(para)
23683
#: serverguide/C/installation.xml:868(para)
23650
23684
msgid ""
23651
23685
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23652
23686
msgstr ""
23653
23687
23654
#: serverguide/C/installation.xml:869(para)
23688
#: serverguide/C/installation.xml:876(para)
23655
23689
msgid ""
23656
23690
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23657
23691
"can be configured. Please see the following links for more information:"
23658
23692
msgstr ""
23659
23693
23660
#: serverguide/C/installation.xml:876(para)
23694
#: serverguide/C/installation.xml:883(para)
23661
23695
msgid ""
23662
23696
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23663
23697
"Wiki Articles on RAID</ulink>."
23664
23698
msgstr ""
23665
23699
23666
#: serverguide/C/installation.xml:882(ulink)
23700
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23667
23701
msgid "Software RAID HOWTO"
23668
23702
msgstr ""
23669
23703
23670
#: serverguide/C/installation.xml:887(ulink)
23704
#: serverguide/C/installation.xml:894(ulink)
23671
23705
msgid "Managing RAID on Linux"
23672
23706
msgstr ""
23673
23707
23674
#: serverguide/C/installation.xml:894(title)
23708
#: serverguide/C/installation.xml:901(title)
23675
23709
msgid "Logical Volume Manager (LVM)"
23676
23710
msgstr ""
23677
23711
23678
#: serverguide/C/installation.xml:896(para)
23712
#: serverguide/C/installation.xml:903(para)
23679
23713
msgid ""
23680
23714
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23681
23715
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23684
23718
"giving greater flexibility to systems as requirements change."
23685
23719
msgstr ""
23686
23720
23687
#: serverguide/C/installation.xml:905(para)
23721
#: serverguide/C/installation.xml:912(para)
23688
23722
msgid ""
23689
23723
"A side effect of LVM's power and flexibility is a greater degree of "
23690
23724
"complication. Before diving into the LVM installation process, it is best to "
23691
23725
"get familiar with some terms."
23692
23726
msgstr ""
23693
23727
23694
#: serverguide/C/installation.xml:912(para)
23728
#: serverguide/C/installation.xml:919(para)
23695
23729
msgid ""
23696
23730
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23697
23731
"partition or software RAID partition formatted as LVM PV."
23698
23732
msgstr ""
23699
23733
23700
#: serverguide/C/installation.xml:918(para)
23734
#: serverguide/C/installation.xml:925(para)
23701
23735
msgid ""
23702
23736
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23703
23737
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23704
23738
"disk drive, from which one or more logical volumes are carved."
23705
23739
msgstr ""
23706
23740
23707
#: serverguide/C/installation.xml:924(para)
23741
#: serverguide/C/installation.xml:931(para)
23708
23742
msgid ""
23709
23743
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23710
23744
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23711
23745
"etc), it is then available for mounting and data storage."
23712
23746
msgstr ""
23713
23747
23714
#: serverguide/C/installation.xml:935(para)
23748
#: serverguide/C/installation.xml:942(para)
23715
23749
msgid ""
23716
23750
"As an example this section covers installing Ubuntu Server Edition with "
23717
23751
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23720
23754
"can be extended."
23721
23755
msgstr ""
23722
23756
23723
#: serverguide/C/installation.xml:941(para)
23757
#: serverguide/C/installation.xml:948(para)
23724
23758
msgid ""
23725
23759
"There are several installation options for LVM, <emphasis>\"Guided - use the "
23726
23760
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
23731
23765
"the Manual approach."
23732
23766
msgstr ""
23733
23767
23734
#: serverguide/C/installation.xml:958(para)
23768
#: serverguide/C/installation.xml:965(para)
23735
23769
msgid ""
23736
23770
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
23737
23771
"<emphasis>\"Manual\"</emphasis>."
23738
23772
msgstr ""
23739
23773
23740
#: serverguide/C/installation.xml:965(para)
23774
#: serverguide/C/installation.xml:972(para)
23741
23775
msgid ""
23742
23776
"Select the hard disk and on the next screen choose \"yes\" to "
23743
23777
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
23744
23778
msgstr ""
23745
23779
23746
#: serverguide/C/installation.xml:972(para)
23780
#: serverguide/C/installation.xml:979(para)
23747
23781
msgid ""
23748
23782
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
23749
23783
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
23750
23784
msgstr ""
23751
23785
23752
#: serverguide/C/installation.xml:980(para)
23786
#: serverguide/C/installation.xml:987(para)
23753
23787
msgid ""
23754
23788
"For the LVM <emphasis>/srv</emphasis>, create a new "
23755
23789
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
23757
23791
"<emphasis>\"Done setting up the partition\"</emphasis>."
23758
23792
msgstr ""
23759
23793
23760
#: serverguide/C/installation.xml:988(para)
23794
#: serverguide/C/installation.xml:995(para)
23761
23795
msgid ""
23762
23796
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
23763
23797
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
23764
23798
"disk."
23765
23799
msgstr ""
23766
23800
23767
#: serverguide/C/installation.xml:996(para)
23801
#: serverguide/C/installation.xml:1003(para)
23768
23802
msgid ""
23769
23803
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
23770
23804
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
23773
23807
"<emphasis>\"Continue\"</emphasis>."
23774
23808
msgstr ""
23775
23809
23776
#: serverguide/C/installation.xml:1005(para)
23810
#: serverguide/C/installation.xml:1012(para)
23777
23811
msgid ""
23778
23812
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
23779
23813
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
23784
23818
"main <emphasis>\"Partition Disks\"</emphasis> screen."
23785
23819
msgstr ""
23786
23820
23787
#: serverguide/C/installation.xml:1015(para)
23821
#: serverguide/C/installation.xml:1022(para)
23788
23822
msgid ""
23789
23823
"Now add a filesystem to the new LVM. Select the partition under "
23790
23824
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
23793
23827
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23794
23828
msgstr ""
23795
23829
23796
#: serverguide/C/installation.xml:1024(para)
23830
#: serverguide/C/installation.xml:1031(para)
23797
23831
msgid ""
23798
23832
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23799
23833
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23800
23834
"the installation."
23801
23835
msgstr ""
23802
23836
23803
#: serverguide/C/installation.xml:1032(para)
23837
#: serverguide/C/installation.xml:1039(para)
23804
23838
msgid "There are some useful utilities to view information about LVM:"
23805
23839
msgstr ""
23806
23840
23807
#: serverguide/C/installation.xml:1037(para)
23841
#: serverguide/C/installation.xml:1044(para)
23808
23842
msgid ""
23809
23843
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23810
23844
msgstr ""
23811
23845
23812
#: serverguide/C/installation.xml:1038(para)
23846
#: serverguide/C/installation.xml:1045(para)
23813
23847
msgid ""
23814
23848
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23815
23849
msgstr ""
23816
23850
23817
#: serverguide/C/installation.xml:1039(para)
23851
#: serverguide/C/installation.xml:1046(para)
23818
23852
msgid ""
23819
23853
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23820
23854
msgstr ""
23821
23855
23822
#: serverguide/C/installation.xml:1044(title)
23856
#: serverguide/C/installation.xml:1051(title)
23823
23857
msgid "Extending Volume Groups"
23824
23858
msgstr ""
23825
23859
23826
#: serverguide/C/installation.xml:1046(para)
23860
#: serverguide/C/installation.xml:1053(para)
23827
23861
msgid ""
23828
23862
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23829
23863
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23835
23869
"partitions and use them as different physical volumes)"
23836
23870
msgstr ""
23837
23871
23838
#: serverguide/C/installation.xml:1054(para)
23872
#: serverguide/C/installation.xml:1061(para)
23839
23873
msgid ""
23840
23874
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23841
23875
"before issuing the commands below. You could lose some data if you issue "
23842
23876
"those commands on a non-empty disk."
23843
23877
msgstr ""
23844
23878
23845
#: serverguide/C/installation.xml:1062(para)
23879
#: serverguide/C/installation.xml:1069(para)
23846
23880
msgid "First, create the physical volume, in a terminal execute:"
23847
23881
msgstr ""
23848
23882
23849
#: serverguide/C/installation.xml:1067(command)
23883
#: serverguide/C/installation.xml:1074(command)
23850
23884
msgid "sudo pvcreate /dev/sdb"
23851
23885
msgstr ""
23852
23886
23853
#: serverguide/C/installation.xml:1073(para)
23887
#: serverguide/C/installation.xml:1080(para)
23854
23888
msgid "Now extend the Volume Group (VG):"
23855
23889
msgstr ""
23856
23890
23857
#: serverguide/C/installation.xml:1078(command)
23891
#: serverguide/C/installation.xml:1085(command)
23858
23892
msgid "sudo vgextend vg01 /dev/sdb"
23859
23893
msgstr ""
23860
23894
23861
#: serverguide/C/installation.xml:1084(para)
23895
#: serverguide/C/installation.xml:1091(para)
23862
23896
msgid ""
23863
23897
"Use <application>vgdisplay</application> to find out the free physical "
23864
23898
"extents - Free PE / size (the size you can allocate). We will assume a free "
23866
23900
"whole free space available. Use your own PE and/or free space."
23867
23901
msgstr ""
23868
23902
23869
#: serverguide/C/installation.xml:1090(para)
23903
#: serverguide/C/installation.xml:1097(para)
23870
23904
msgid ""
23871
23905
"The Logical Volume (LV) can now be extended by different methods, we will "
23872
23906
"only see how to use the PE to extend the LV:"
23873
23907
msgstr ""
23874
23908
23875
#: serverguide/C/installation.xml:1095(command)
23909
#: serverguide/C/installation.xml:1102(command)
23876
23910
msgid "sudo lvextend /dev/vg01/srv -l +511"
23877
23911
msgstr ""
23878
23912
23879
#: serverguide/C/installation.xml:1098(para)
23913
#: serverguide/C/installation.xml:1105(para)
23880
23914
msgid ""
23881
23915
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
23882
23916
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
23883
23917
"Gig, Tera, etc bytes."
23884
23918
msgstr ""
23885
23919
23886
#: serverguide/C/installation.xml:1106(para)
23920
#: serverguide/C/installation.xml:1113(para)
23887
23921
msgid ""
23888
23922
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
23889
23923
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
23892
23926
"first is compulsory)."
23893
23927
msgstr ""
23894
23928
23895
#: serverguide/C/installation.xml:1112(para)
23929
#: serverguide/C/installation.xml:1119(para)
23896
23930
msgid ""
23897
23931
"The following commands are for an <emphasis>EXT3</emphasis> or "
23898
23932
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23899
23933
"there may be other utilities available."
23900
23934
msgstr ""
23901
23935
23902
#: serverguide/C/installation.xml:1119(command)
23903
msgid "sudo e2fsck -f /dev/vg01/srv"
23904
msgstr ""
23905
23906
#: serverguide/C/installation.xml:1122(para)
23907
msgid ""
23908
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
23909
"forces checking even if the system seems clean."
23910
msgstr ""
23911
23912
#: serverguide/C/installation.xml:1129(para)
23913
msgid "Finally, resize the filesystem:"
23914
msgstr ""
23915
23916
#: serverguide/C/installation.xml:1134(command)
23917
msgid "sudo resize2fs /dev/vg01/srv"
23918
msgstr ""
23919
23920
#: serverguide/C/installation.xml:1140(para)
23936
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
23921
23937
msgid "Now mount the partition and check its size."
23922
23938
msgstr ""
23923
23939
23924
#: serverguide/C/installation.xml:1145(command)
23940
#: serverguide/C/installation.xml:1136(para)
23941
msgid ""
23942
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
23943
msgstr ""
23944
23945
#: serverguide/C/installation.xml:1141(command)
23925
23946
msgid "mount /dev/vg01/srv /srv && df -h /srv"
23926
23947
msgstr ""
23927
23948
23928
#: serverguide/C/installation.xml:1157(para)
23949
#: serverguide/C/installation.xml:1153(para)
23929
23950
msgid ""
23930
23951
"See the <ulink "
23931
23952
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
23932
23953
"Articles</ulink>."
23933
23954
msgstr ""
23934
23955
23935
#: serverguide/C/installation.xml:1162(para)
23956
#: serverguide/C/installation.xml:1158(para)
23936
23957
msgid ""
23937
23958
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
23938
23959
"HOWTO</ulink> for more information."
23939
23960
msgstr ""
23940
23961
23941
#: serverguide/C/installation.xml:1167(para)
23942
msgid ""
23943
"Another good article is <ulink "
23944
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
23945
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
23946
"linuxdevcenter.com site."
23947
msgstr ""
23948
23949
#: serverguide/C/installation.xml:1181(para)
23950
msgid ""
23951
"For more information on <application>fdisk</application> see the <ulink "
23952
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
23953
" man page</ulink>."
23954
msgstr ""
23955
23956
#: serverguide/C/installation.xml:1185(title)
23962
#: serverguide/C/installation.xml:1171(title)
23963
msgid "bla bla 4"
23964
msgstr ""
23965
23966
#: serverguide/C/installation.xml:1174(para)
23967
msgid "bla bla 4 para."
23968
msgstr ""
23969
23970
#: serverguide/C/installation.xml:1179(para)
23971
msgid "bla bla 5 para."
23972
msgstr ""
23973
23974
#: serverguide/C/installation.xml:1184(para)
23975
msgid "list item 1."
23976
msgstr ""
23977
23978
#: serverguide/C/installation.xml:1189(para)
23979
msgid "list item 2."
23980
msgstr ""
23981
23982
#: serverguide/C/installation.xml:1194(para)
23983
msgid "list item 3."
23984
msgstr ""
23985
23986
#: serverguide/C/installation.xml:1199(para)
23987
msgid "bla bla para"
23988
msgstr ""
23989
23990
#: serverguide/C/installation.xml:1204(para)
23991
msgid "bla bla 6 para."
23992
msgstr ""
23993
23994
#: serverguide/C/installation.xml:1209(para)
23995
msgid "bla bla 7 para."
23996
msgstr ""
23997
23998
#: serverguide/C/installation.xml:1214(para)
23999
msgid "bla bla 8 para."
24000
msgstr ""
24001
24002
#: serverguide/C/installation.xml:1219(para)
24003
msgid "bla bla 9 para."
24004
msgstr ""
24005
24006
#: serverguide/C/installation.xml:1226(title)
24007
msgid "bla bla 5"
24008
msgstr ""
24009
24010
#: serverguide/C/installation.xml:1229(title)
24011
msgid "bla bla 6"
24012
msgstr ""
24013
24014
#: serverguide/C/installation.xml:1232(title)
24015
msgid "bla bla 7"
24016
msgstr ""
24017
24018
#: serverguide/C/installation.xml:1235(title)
24019
msgid "bla bla 8"
24020
msgstr ""
24021
24022
#: serverguide/C/installation.xml:1238(title)
24023
msgid "bla bla 9"
24024
msgstr ""
24025
24026
#: serverguide/C/installation.xml:1241(title)
24027
msgid "bla bla a"
24028
msgstr ""
24029
24030
#: serverguide/C/installation.xml:1244(title)
24031
msgid "bla bla b"
24032
msgstr ""
24033
24034
#: serverguide/C/installation.xml:1247(title)
24035
msgid "bla bla c"
24036
msgstr ""
24037
24038
#: serverguide/C/installation.xml:1250(title)
24039
msgid "bla bla d"
24040
msgstr ""
24041
24042
#: serverguide/C/installation.xml:1253(title)
24043
msgid "bla bla e"
24044
msgstr ""
24045
24046
#: serverguide/C/installation.xml:1258(title)
23957
24047
msgid "Kernel Crash Dump"
23958
24048
msgstr ""
23959
24049
23960
#: serverguide/C/installation.xml:1192(para)
24050
#: serverguide/C/installation.xml:1265(para)
23961
24051
msgid "Kernel Panic"
23962
24052
msgstr ""
23963
24053
23964
#: serverguide/C/installation.xml:1193(para)
24054
#: serverguide/C/installation.xml:1266(para)
23965
24055
msgid "Non Maskable Interrupts (NMI)"
23966
24056
msgstr ""
23967
24057
23968
#: serverguide/C/installation.xml:1194(para)
24058
#: serverguide/C/installation.xml:1267(para)
23969
24059
msgid "Machine Check Exceptions (MCE)"
23970
24060
msgstr ""
23971
24061
23972
#: serverguide/C/installation.xml:1195(para)
24062
#: serverguide/C/installation.xml:1268(para)
23973
24063
msgid "Hardware failure"
23974
24064
msgstr ""
23975
24065
23976
#: serverguide/C/installation.xml:1196(para)
24066
#: serverguide/C/installation.xml:1269(para)
23977
24067
msgid "Manual intervention"
23978
24068
msgstr ""
23979
24069
23980
#: serverguide/C/installation.xml:1188(para)
24070
#: serverguide/C/installation.xml:1261(para)
23981
24071
msgid ""
23982
24072
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
23983
24073
"(RAM) that is copied to disk whenever the execution of the kernel is "
23991
24081
"memory contents."
23992
24082
msgstr ""
23993
24083
23994
#: serverguide/C/installation.xml:1205(title)
24084
#: serverguide/C/installation.xml:1278(title)
23995
24085
msgid "Kernel Crash Dump Mechanism"
23996
24086
msgstr ""
23997
24087
23998
#: serverguide/C/installation.xml:1207(para)
24088
#: serverguide/C/installation.xml:1280(para)
23999
24089
msgid ""
24000
24090
"When a kernel panic occurs, the kernel relies on the "
24001
24091
"<emphasis>kexec</emphasis> mechanism to quickly reboot a new instance of the "
24004
24094
"untouched in order to safely copy its contents to storage."
24005
24095
msgstr ""
24006
24096
24007
#: serverguide/C/installation.xml:1216(para)
24097
#: serverguide/C/installation.xml:1289(para)
24008
24098
msgid ""
24009
24099
"The kernel crash dump utility is installed with the following command:"
24010
24100
msgstr ""
24011
24101
24012
#: serverguide/C/installation.xml:1221(command)
24102
#: serverguide/C/installation.xml:1294(command)
24013
24103
msgid "sudo apt-get install linux-crashdump"
24014
24104
msgstr ""
24015
24105
24016
#: serverguide/C/installation.xml:1230(programlisting)
24106
#: serverguide/C/installation.xml:1303(programlisting)
24017
24107
#, no-wrap
24018
24108
msgid ""
24019
24109
"\n"
24020
24110
"USE_KDUMP=1\n"
24021
24111
msgstr ""
24022
24112
24023
#: serverguide/C/installation.xml:1228(para)
24113
#: serverguide/C/installation.xml:1301(para)
24024
24114
msgid ""
24025
"Edit <filename>/etc/default/kdump-tool</filename> by including the following "
24026
"line: <placeholder-1/>"
24115
"Edit <filename>/etc/default/kdump-tools</filename> by including the "
24116
"following line: <placeholder-1/>"
24027
24117
msgstr ""
24028
24118
24029
#: serverguide/C/installation.xml:1235(para)
24119
#: serverguide/C/installation.xml:1308(para)
24030
24120
msgid "A reboot is then needed."
24031
24121
msgstr ""
24032
24122
24033
#: serverguide/C/installation.xml:1244(para)
24123
#: serverguide/C/installation.xml:1317(para)
24034
24124
msgid ""
24035
24125
"To confirm that the kernel dump mechanism is enabled, there are a few things "
24036
24126
"to verify. First, confirm that the <emphasis>crashkernel</emphasis> boot "
24038
24128
"fit the format of this document:"
24039
24129
msgstr ""
24040
24130
24041
#: serverguide/C/installation.xml:1251(command)
24131
#: serverguide/C/installation.xml:1324(command)
24042
24132
msgid "cat /proc/cmdline"
24043
24133
msgstr ""
24044
24134
24045
#: serverguide/C/installation.xml:1252(computeroutput)
24135
#: serverguide/C/installation.xml:1325(computeroutput)
24046
24136
#, no-wrap
24047
24137
msgid ""
24048
24138
"\n"
24050
24140
" crashkernel=384M-2G:64M,2G-:128M\n"
24051
24141
msgstr ""
24052
24142
24053
#: serverguide/C/installation.xml:1260(programlisting)
24143
#: serverguide/C/installation.xml:1333(programlisting)
24054
24144
#, no-wrap
24055
24145
msgid ""
24056
24146
"\n"
24060
24150
" "
24061
24151
msgstr ""
24062
24152
24063
#: serverguide/C/installation.xml:1258(para)
24153
#: serverguide/C/installation.xml:1331(para)
24064
24154
msgid ""
24065
24155
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24066
24156
"<placeholder-1/>"
24067
24157
msgstr ""
24068
24158
24069
#: serverguide/C/installation.xml:1268(programlisting)
24159
#: serverguide/C/installation.xml:1341(programlisting)
24070
24160
#, no-wrap
24071
24161
msgid ""
24072
24162
"\n"
24073
24163
"crashkernel=384M-2G:64M,2G-:128M\n"
24074
24164
msgstr ""
24075
24165
24076
#: serverguide/C/installation.xml:1266(para)
24166
#: serverguide/C/installation.xml:1339(para)
24077
24167
msgid ""
24078
24168
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24079
24169
"we would have : <placeholder-1/>"
24080
24170
msgstr ""
24081
24171
24082
#: serverguide/C/installation.xml:1273(para)
24172
#: serverguide/C/installation.xml:1346(para)
24083
24173
msgid "The above value means:"
24084
24174
msgstr ""
24085
24175
24086
#: serverguide/C/installation.xml:1275(para)
24176
#: serverguide/C/installation.xml:1348(para)
24087
24177
msgid ""
24088
24178
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24089
24179
"\"rescue\" case)"
24090
24180
msgstr ""
24091
24181
24092
#: serverguide/C/installation.xml:1277(para)
24182
#: serverguide/C/installation.xml:1350(para)
24093
24183
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24094
24184
msgstr ""
24095
24185
24096
#: serverguide/C/installation.xml:1278(para)
24186
#: serverguide/C/installation.xml:1351(para)
24097
24187
msgid "if the RAM size is larger than 2G, then reserve 128M"
24098
24188
msgstr ""
24099
24189
24100
#: serverguide/C/installation.xml:1281(para)
24190
#: serverguide/C/installation.xml:1354(para)
24101
24191
msgid ""
24102
24192
"Second, verify that the kernel has reserved the requested memory area for "
24103
24193
"the kdump kernel by doing:"
24104
24194
msgstr ""
24105
24195
24106
#: serverguide/C/installation.xml:1286(command)
24196
#: serverguide/C/installation.xml:1359(command)
24107
24197
msgid "dmesg | grep -i crash"
24108
24198
msgstr ""
24109
24199
24110
#: serverguide/C/installation.xml:1287(computeroutput)
24200
#: serverguide/C/installation.xml:1360(computeroutput)
24111
24201
#, no-wrap
24112
24202
msgid ""
24113
24203
"\n"
24116
24206
"RAM: 1023MB)\n"
24117
24207
msgstr ""
24118
24208
24119
#: serverguide/C/installation.xml:1296(title)
24209
#: serverguide/C/installation.xml:1369(title)
24120
24210
msgid "Testing the Crash Dump Mechanism"
24121
24211
msgstr ""
24122
24212
24123
#: serverguide/C/installation.xml:1299(para)
24213
#: serverguide/C/installation.xml:1372(para)
24124
24214
msgid ""
24125
24215
"Testing the Crash Dump Mechanism will cause <emphasis>a system "
24126
24216
"reboot.</emphasis> In certain situations, this can cause data loss if the "
24128
24218
"that the system is idle or under very light load."
24129
24219
msgstr ""
24130
24220
24131
#: serverguide/C/installation.xml:1306(para)
24221
#: serverguide/C/installation.xml:1379(para)
24132
24222
msgid ""
24133
24223
"Verify that the <emphasis>SysRQ</emphasis> mechanism is enabled by looking "
24134
24224
"at the value of the <filename>/proc/sys/kernel/sysrq</filename> kernel "
24135
24225
"parameter :"
24136
24226
msgstr ""
24137
24227
24138
#: serverguide/C/installation.xml:1312(command)
24228
#: serverguide/C/installation.xml:1385(command)
24139
24229
msgid "cat /proc/sys/kernel/sysrq"
24140
24230
msgstr ""
24141
24231
24142
#: serverguide/C/installation.xml:1315(para)
24232
#: serverguide/C/installation.xml:1388(para)
24143
24233
msgid ""
24144
24234
"If a value of <emphasis>0</emphasis> is returned the feature is disabled. "
24145
24235
"Enable it with the following command :"
24146
24236
msgstr ""
24147
24237
24148
#: serverguide/C/installation.xml:1320(command)
24238
#: serverguide/C/installation.xml:1393(command)
24149
24239
msgid "sudo sysctl -w kernel.sysrq=1"
24150
24240
msgstr ""
24151
24241
24152
#: serverguide/C/installation.xml:1323(para)
24242
#: serverguide/C/installation.xml:1396(para)
24153
24243
msgid ""
24154
24244
"Once this is done, you must become root, as just using "
24155
24245
"<command>sudo</command> will not be sufficient. As the "
24160
24250
"the advantage of making the kernel dump process visible."
24161
24251
msgstr ""
24162
24252
24163
#: serverguide/C/installation.xml:1330(para)
24253
#: serverguide/C/installation.xml:1403(para)
24164
24254
msgid "A typical test output should look like the following :"
24165
24255
msgstr ""
24166
24256
24167
#: serverguide/C/installation.xml:1335(command)
24257
#: serverguide/C/installation.xml:1408(command)
24168
24258
msgid "sudo -s"
24169
24259
msgstr ""
24170
24260
24171
#: serverguide/C/installation.xml:1337(command)
24261
#: serverguide/C/installation.xml:1410(command)
24172
24262
msgid "echo c > /proc/sysrq-trigger"
24173
24263
msgstr ""
24174
24264
24175
#: serverguide/C/installation.xml:1334(screen)
24265
#: serverguide/C/installation.xml:1407(screen)
24176
24266
#, no-wrap
24177
24267
msgid ""
24178
24268
"\n"
24189
24279
"....\n"
24190
24280
msgstr ""
24191
24281
24192
#: serverguide/C/installation.xml:1347(para)
24282
#: serverguide/C/installation.xml:1420(para)
24193
24283
msgid ""
24194
24284
"The rest of the output is truncated, but you should see the system rebooting "
24195
24285
"and somewhere in the log, you will see the following line : <screen>Begin: "
24198
24288
"file in the <filename>/var/crash</filename> directory :"
24199
24289
msgstr ""
24200
24290
24201
#: serverguide/C/installation.xml:1354(command)
24291
#: serverguide/C/installation.xml:1427(command)
24202
24292
msgid "ls /var/crash"
24203
24293
msgstr ""
24204
24294
24205
#: serverguide/C/installation.xml:1353(screen)
24295
#: serverguide/C/installation.xml:1426(screen)
24206
24296
#, no-wrap
24207
24297
msgid ""
24208
24298
"\n"
24210
24300
"linux-image-3.0.0-12-server.0.crash\n"
24211
24301
msgstr ""
24212
24302
24213
#: serverguide/C/installation.xml:1363(para)
24303
#: serverguide/C/installation.xml:1436(para)
24214
24304
msgid ""
24215
24305
"Kernel Crash Dump is a vast topic that requires good knowledge of the linux "
24216
24306
"kernel. You can find more information on the topic here :"
24217
24307
msgstr ""
24218
24308
24219
#: serverguide/C/installation.xml:1369(para)
24309
#: serverguide/C/installation.xml:1442(para)
24220
24310
msgid ""
24221
24311
"<ulink url=\"http://www.kernel.org/doc/Documentation/kdump/kdump.txt\">Kdump "
24222
24312
"kernel documentation</ulink>."
24223
24313
msgstr ""
24224
24314
24225
#: serverguide/C/installation.xml:1375(ulink)
24315
#: serverguide/C/installation.xml:1448(ulink)
24226
24316
msgid "The crash tool"
24227
24317
msgstr ""
24228
24318
24229
#: serverguide/C/installation.xml:1379(para)
24319
#: serverguide/C/installation.xml:1452(para)
24230
24320
msgid ""
24231
24321
"<ulink url=\"http://www.dedoimedo.com/computers/crash-"
24232
24322
"analyze.html\">Analyzing Linux Kernel Crash</ulink> (Based on Fedora, it "
24700
24790
"as follows:"
24701
24791
msgstr ""
24702
24792
24703
#: serverguide/C/file-server.xml:430(programlisting)
24793
#: serverguide/C/file-server.xml:429(programlisting)
24704
24794
#, no-wrap
24705
24795
msgid ""
24706
24796
"\n"
24708
24798
"rsize=8192,wsize=8192,timeo=14,intr\n"
24709
24799
msgstr ""
24710
24800
24711
#: serverguide/C/file-server.xml:434(para)
24801
#: serverguide/C/file-server.xml:433(para)
24712
24802
msgid ""
24713
24803
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
24714
24804
"common</application> package is installed on your client. To install "
24718
24808
"</screen>"
24719
24809
msgstr ""
24720
24810
24721
#: serverguide/C/file-server.xml:447(ulink)
24811
#: serverguide/C/file-server.xml:446(ulink)
24722
24812
msgid "Linux NFS faq"
24723
24813
msgstr ""
24724
24814
24725
#: serverguide/C/file-server.xml:449(ulink)
24815
#: serverguide/C/file-server.xml:448(ulink)
24726
24816
msgid "Ubuntu Wiki NFS Howto"
24727
24817
msgstr ""
24728
24818
24729
#: serverguide/C/file-server.xml:455(title)
24819
#: serverguide/C/file-server.xml:454(title)
24730
24820
msgid "iSCSI Initiator"
24731
24821
msgstr ""
24732
24822
24733
#: serverguide/C/file-server.xml:457(para)
24823
#: serverguide/C/file-server.xml:456(para)
24734
24824
msgid ""
24735
24825
"<emphasis>iSCSI</emphasis> (Internet Small Computer System Interface) is a "
24736
24826
"protocol that allows SCSI commands to be transmitted over a network. "
24750
24840
"your vendor documentation to configure your specific iSCSI target."
24751
24841
msgstr ""
24752
24842
24753
#: serverguide/C/file-server.xml:471(title)
24843
#: serverguide/C/file-server.xml:470(title)
24754
24844
msgid "iSCSI Initiator Install"
24755
24845
msgstr ""
24756
24846
24757
#: serverguide/C/file-server.xml:473(para)
24847
#: serverguide/C/file-server.xml:472(para)
24758
24848
msgid ""
24759
24849
"To configure Ubuntu Server as an iSCSI initiator install the "
24760
24850
"<application>open-iscsi</application> package. In a terminal enter:"
24761
24851
msgstr ""
24762
24852
24763
#: serverguide/C/file-server.xml:478(command)
24853
#: serverguide/C/file-server.xml:477(command)
24764
24854
msgid "sudo apt-get install open-iscsi"
24765
24855
msgstr ""
24766
24856
24767
#: serverguide/C/file-server.xml:483(title)
24857
#: serverguide/C/file-server.xml:482(title)
24768
24858
msgid "iSCSI Initiator Configuration"
24769
24859
msgstr ""
24770
24860
24771
#: serverguide/C/file-server.xml:485(para)
24861
#: serverguide/C/file-server.xml:484(para)
24772
24862
msgid ""
24773
24863
"Once the <application>open-iscsi</application> package is installed, edit "
24774
24864
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24775
24865
msgstr ""
24776
24866
24777
#: serverguide/C/file-server.xml:489(programlisting)
24867
#: serverguide/C/file-server.xml:488(programlisting)
24778
24868
#, no-wrap
24779
24869
msgid ""
24780
24870
"\n"
24781
24871
"node.startup = automatic\n"
24782
24872
msgstr ""
24783
24873
24784
#: serverguide/C/file-server.xml:493(para)
24874
#: serverguide/C/file-server.xml:492(para)
24785
24875
msgid ""
24786
24876
"You can check which targets are available by using the "
24787
24877
"<application>iscsiadm</application> utility. Enter the following in a "
24788
24878
"terminal:"
24789
24879
msgstr ""
24790
24880
24791
#: serverguide/C/file-server.xml:498(command)
24881
#: serverguide/C/file-server.xml:497(command)
24792
24882
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
24793
24883
msgstr ""
24794
24884
24885
#: serverguide/C/file-server.xml:501(para)
24886
msgid ""
24887
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24888
msgstr ""
24889
24795
24890
#: serverguide/C/file-server.xml:502(para)
24796
msgid ""
24797
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24891
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24798
24892
msgstr ""
24799
24893
24800
24894
#: serverguide/C/file-server.xml:503(para)
24801
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24802
msgstr ""
24803
24804
#: serverguide/C/file-server.xml:504(para)
24805
24895
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24806
24896
msgstr ""
24807
24897
24808
#: serverguide/C/file-server.xml:508(para)
24898
#: serverguide/C/file-server.xml:507(para)
24809
24899
msgid ""
24810
24900
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24811
24901
"your network."
24812
24902
msgstr ""
24813
24903
24814
#: serverguide/C/file-server.xml:513(para)
24904
#: serverguide/C/file-server.xml:512(para)
24815
24905
msgid ""
24816
24906
"If the target is available you should see output similar to the following:"
24817
24907
msgstr ""
24818
24908
24819
#: serverguide/C/file-server.xml:518(computeroutput)
24909
#: serverguide/C/file-server.xml:517(computeroutput)
24820
24910
#, no-wrap
24821
24911
msgid ""
24822
24912
"\n"
24823
24913
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24824
24914
msgstr ""
24825
24915
24826
#: serverguide/C/file-server.xml:524(para)
24916
#: serverguide/C/file-server.xml:523(para)
24827
24917
msgid ""
24828
24918
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24829
24919
"on your hardware."
24830
24920
msgstr ""
24831
24921
24832
#: serverguide/C/file-server.xml:529(para)
24922
#: serverguide/C/file-server.xml:528(para)
24833
24923
msgid ""
24834
24924
"You should now be able to connect to the iSCSI target, and depending on your "
24835
24925
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24836
24926
msgstr ""
24837
24927
24838
#: serverguide/C/file-server.xml:535(command)
24928
#: serverguide/C/file-server.xml:534(command)
24839
24929
msgid "sudo iscsiadm -m node --login"
24840
24930
msgstr ""
24841
24931
24842
#: serverguide/C/file-server.xml:538(para)
24932
#: serverguide/C/file-server.xml:537(para)
24843
24933
msgid ""
24844
24934
"Check to make sure that the new disk has been detected using "
24845
24935
"<application>dmesg</application>:"
24846
24936
msgstr ""
24847
24937
24848
#: serverguide/C/file-server.xml:543(command)
24938
#: serverguide/C/file-server.xml:542(command)
24849
24939
msgid "dmesg | grep sd"
24850
24940
msgstr ""
24851
24941
24852
#: serverguide/C/file-server.xml:544(computeroutput)
24942
#: serverguide/C/file-server.xml:543(computeroutput)
24853
24943
#, no-wrap
24854
24944
msgid ""
24855
24945
"\n"
24878
24968
"[ 2486.964862] sd 4:0:0:3: [sdb] Attached SCSI disk\n"
24879
24969
msgstr ""
24880
24970
24881
#: serverguide/C/file-server.xml:568(para)
24971
#: serverguide/C/file-server.xml:567(para)
24882
24972
msgid ""
24883
24973
"In the output above <emphasis>sdb</emphasis> is the new iSCSI disk. Remember "
24884
24974
"this is just an example; the output you see on your screen will vary."
24885
24975
msgstr ""
24886
24976
24887
#: serverguide/C/file-server.xml:573(para)
24977
#: serverguide/C/file-server.xml:572(para)
24888
24978
msgid ""
24889
24979
"Next, create a partition, format the file system, and mount the new iSCSI "
24890
24980
"disk. In a terminal enter:"
24891
24981
msgstr ""
24892
24982
24983
#: serverguide/C/file-server.xml:577(command)
24984
msgid "sudo fdisk /dev/sdb"
24985
msgstr ""
24986
24893
24987
#: serverguide/C/file-server.xml:578(command)
24894
msgid "sudo fdisk /dev/sdb"
24988
msgid "n"
24895
24989
msgstr ""
24896
24990
24897
24991
#: serverguide/C/file-server.xml:579(command)
24898
msgid "n"
24992
msgid "p"
24899
24993
msgstr ""
24900
24994
24901
24995
#: serverguide/C/file-server.xml:580(command)
24902
msgid "p"
24996
msgid "enter"
24903
24997
msgstr ""
24904
24998
24905
24999
#: serverguide/C/file-server.xml:581(command)
24906
msgid "enter"
24907
msgstr ""
24908
24909
#: serverguide/C/file-server.xml:582(command)
24910
25000
msgid "w"
24911
25001
msgstr ""
24912
25002
24913
#: serverguide/C/file-server.xml:586(para)
25003
#: serverguide/C/file-server.xml:585(para)
24914
25004
msgid ""
24915
25005
"The above commands are from inside the <application>fdisk</application> "
24916
25006
"utility; see <command>man fdisk</command> for more detailed instructions. "
24918
25008
"friendly."
24919
25009
msgstr ""
24920
25010
24921
#: serverguide/C/file-server.xml:592(para)
25011
#: serverguide/C/file-server.xml:591(para)
24922
25012
msgid ""
24923
25013
"Now format the file system and mount it to <filename>/srv</filename> as an "
24924
25014
"example:"
24925
25015
msgstr ""
24926
25016
25017
#: serverguide/C/file-server.xml:596(command)
25018
msgid "sudo mkfs.ext4 /dev/sdb1"
25019
msgstr ""
25020
24927
25021
#: serverguide/C/file-server.xml:597(command)
24928
msgid "sudo mkfs.ext4 /dev/sdb1"
24929
msgstr ""
24930
24931
#: serverguide/C/file-server.xml:598(command)
24932
25022
msgid "sudo mount /dev/sdb1 /srv"
24933
25023
msgstr ""
24934
25024
24935
#: serverguide/C/file-server.xml:602(para)
25025
#: serverguide/C/file-server.xml:601(para)
24936
25026
msgid ""
24937
25027
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
24938
25028
"drive during boot:"
24939
25029
msgstr ""
24940
25030
24941
#: serverguide/C/file-server.xml:606(programlisting)
25031
#: serverguide/C/file-server.xml:605(programlisting)
24942
25032
#, no-wrap
24943
25033
msgid ""
24944
25034
"\n"
24945
25035
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
24946
25036
msgstr ""
24947
25037
24948
#: serverguide/C/file-server.xml:610(para)
25038
#: serverguide/C/file-server.xml:609(para)
24949
25039
msgid ""
24950
25040
"It is a good idea to make sure everything is working as expected by "
24951
25041
"rebooting the server."
24952
25042
msgstr ""
24953
25043
24954
#: serverguide/C/file-server.xml:619(ulink)
25044
#: serverguide/C/file-server.xml:618(ulink)
24955
25045
msgid "Open-iSCSI Website"
24956
25046
msgstr ""
24957
25047
24958
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25048
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
24959
25049
msgid "Debian Open-iSCSI page"
24960
25050
msgstr ""
24961
25051
24962
#: serverguide/C/file-server.xml:629(title)
25052
#: serverguide/C/file-server.xml:628(title)
24963
25053
msgid "CUPS - Print Server"
24964
25054
msgstr ""
24965
25055
24966
#: serverguide/C/file-server.xml:630(para)
25056
#: serverguide/C/file-server.xml:629(para)
24967
25057
msgid ""
24968
25058
"The primary mechanism for Ubuntu printing and print services is the "
24969
25059
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
24971
25061
"become the new standard for printing in most Linux distributions."
24972
25062
msgstr ""
24973
25063
24974
#: serverguide/C/file-server.xml:637(para)
25064
#: serverguide/C/file-server.xml:636(para)
24975
25065
msgid ""
24976
25066
"CUPS manages print jobs and queues and provides network printing using the "
24977
25067
"standard Internet Printing Protocol (IPP), while offering support for a very "
24981
25071
"administration tool."
24982
25072
msgstr ""
24983
25073
24984
#: serverguide/C/file-server.xml:647(para)
25074
#: serverguide/C/file-server.xml:646(para)
24985
25075
msgid ""
24986
25076
"To install CUPS on your Ubuntu computer, simply use "
24987
25077
"<application>sudo</application> with the <application>apt-get</application> "
24991
25081
"CUPS:"
24992
25082
msgstr ""
24993
25083
24994
#: serverguide/C/file-server.xml:652(command)
25084
#: serverguide/C/file-server.xml:651(command)
24995
25085
msgid "sudo apt-get install cups"
24996
25086
msgstr ""
24997
25087
24998
#: serverguide/C/file-server.xml:655(para)
25088
#: serverguide/C/file-server.xml:654(para)
24999
25089
msgid ""
25000
25090
"Upon authenticating with your user password, the packages should be "
25001
25091
"downloaded and installed without error. Upon the conclusion of installation, "
25002
25092
"the CUPS server will be started automatically."
25003
25093
msgstr ""
25004
25094
25005
#: serverguide/C/file-server.xml:660(para)
25095
#: serverguide/C/file-server.xml:659(para)
25006
25096
msgid ""
25007
25097
"For troubleshooting purposes, you can access CUPS server errors via the "
25008
25098
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
25015
25105
"from becoming overly large."
25016
25106
msgstr ""
25017
25107
25018
#: serverguide/C/file-server.xml:673(para)
25108
#: serverguide/C/file-server.xml:672(para)
25019
25109
msgid ""
25020
25110
"The Common UNIX Printing System server's behavior is configured through the "
25021
25111
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
25026
25116
"initially will be presented here."
25027
25117
msgstr ""
25028
25118
25029
#: serverguide/C/file-server.xml:683(para)
25119
#: serverguide/C/file-server.xml:682(para)
25030
25120
msgid ""
25031
25121
"Prior to editing the configuration file, you should make a copy of the "
25032
25122
"original file and protect it from writing, so you will have the original "
25033
25123
"settings as a reference, and to reuse as necessary."
25034
25124
msgstr ""
25035
25125
25036
#: serverguide/C/file-server.xml:687(para)
25126
#: serverguide/C/file-server.xml:686(para)
25037
25127
msgid ""
25038
25128
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
25039
25129
"writing with the following commands, issued at a terminal prompt:"
25040
25130
msgstr ""
25041
25131
25132
#: serverguide/C/file-server.xml:692(command)
25133
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25134
msgstr ""
25135
25042
25136
#: serverguide/C/file-server.xml:693(command)
25043
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25044
msgstr ""
25045
25046
#: serverguide/C/file-server.xml:694(command)
25047
25137
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
25048
25138
msgstr ""
25049
25139
25050
#: serverguide/C/file-server.xml:699(para)
25140
#: serverguide/C/file-server.xml:698(para)
25051
25141
msgid ""
25052
25142
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
25053
25143
"address of the designated administrator of the CUPS server, simply edit the "
25059
25149
"as such:"
25060
25150
msgstr ""
25061
25151
25062
#: serverguide/C/file-server.xml:710(screen)
25152
#: serverguide/C/file-server.xml:709(screen)
25063
25153
#, no-wrap
25064
25154
msgid ""
25065
25155
"\n"
25066
25156
"ServerAdmin bjoy@somebigco.com\n"
25067
25157
msgstr ""
25068
25158
25069
#: serverguide/C/file-server.xml:716(para)
25159
#: serverguide/C/file-server.xml:715(para)
25070
25160
msgid ""
25071
25161
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
25072
25162
"server installation listens only on the loopback interface at IP address "
25081
25171
"such:"
25082
25172
msgstr ""
25083
25173
25084
#: serverguide/C/file-server.xml:730(screen)
25174
#: serverguide/C/file-server.xml:729(screen)
25085
25175
#, no-wrap
25086
25176
msgid ""
25087
25177
"\n"
25091
25181
"(IPP)\n"
25092
25182
msgstr ""
25093
25183
25094
#: serverguide/C/file-server.xml:736(para)
25184
#: serverguide/C/file-server.xml:735(para)
25095
25185
msgid ""
25096
25186
"In the example above, you may comment out or remove the reference to the "
25097
25187
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
25102
25192
"<emphasis>socrates</emphasis> as such:"
25103
25193
msgstr ""
25104
25194
25105
#: serverguide/C/file-server.xml:746(screen)
25195
#: serverguide/C/file-server.xml:745(screen)
25106
25196
#, no-wrap
25107
25197
msgid ""
25108
25198
"\n"
25109
25199
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
25110
25200
msgstr ""
25111
25201
25112
#: serverguide/C/file-server.xml:750(para)
25202
#: serverguide/C/file-server.xml:749(para)
25113
25203
msgid ""
25114
25204
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
25115
25205
"instead, as in:"
25116
25206
msgstr ""
25117
25207
25118
#: serverguide/C/file-server.xml:752(screen)
25208
#: serverguide/C/file-server.xml:751(screen)
25119
25209
#, no-wrap
25120
25210
msgid ""
25121
25211
"\n"
25122
25212
"Port 631 # Listen on port 631 on all interfaces\n"
25123
25213
msgstr ""
25124
25214
25125
#: serverguide/C/file-server.xml:759(para)
25215
#: serverguide/C/file-server.xml:758(para)
25126
25216
msgid ""
25127
25217
"For more examples of configuration directives in the CUPS server "
25128
25218
"configuration file, view the associated system manual page by entering the "
25129
25219
"following command at a terminal prompt:"
25130
25220
msgstr ""
25131
25221
25132
#: serverguide/C/file-server.xml:766(command)
25222
#: serverguide/C/file-server.xml:765(command)
25133
25223
msgid "man cupsd.conf"
25134
25224
msgstr ""
25135
25225
25136
#: serverguide/C/file-server.xml:770(para)
25226
#: serverguide/C/file-server.xml:769(para)
25137
25227
msgid ""
25138
25228
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
25139
25229
"configuration file, you'll need to restart the CUPS server by typing the "
25144
25234
msgid "sudo service cups restart"
25145
25235
msgstr ""
25146
25236
25147
#: serverguide/C/file-server.xml:782(title)
25237
#: serverguide/C/file-server.xml:781(title)
25148
25238
msgid "Web Interface"
25149
25239
msgstr ""
25150
25240
25151
#: serverguide/C/file-server.xml:784(para)
25241
#: serverguide/C/file-server.xml:783(para)
25152
25242
msgid ""
25153
25243
"CUPS can be configured and monitored using a web interface, which by default "
25154
25244
"is available at <ulink "
25156
25246
"web interface can be used to perform all printer management tasks."
25157
25247
msgstr ""
25158
25248
25159
#: serverguide/C/file-server.xml:788(para)
25249
#: serverguide/C/file-server.xml:787(para)
25160
25250
msgid ""
25161
25251
"In order to perform administrative tasks via the web interface, you must "
25162
25252
"either have the root account enabled on your server, or authenticate as a "
25164
25254
"reasons, CUPS won't authenticate a user that doesn't have a password."
25165
25255
msgstr ""
25166
25256
25167
#: serverguide/C/file-server.xml:791(para)
25257
#: serverguide/C/file-server.xml:790(para)
25168
25258
msgid ""
25169
25259
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
25170
25260
"at the terminal prompt: <screen>\n"
25172
25262
"</screen>"
25173
25263
msgstr ""
25174
25264
25175
#: serverguide/C/file-server.xml:797(para)
25265
#: serverguide/C/file-server.xml:796(para)
25176
25266
msgid ""
25177
25267
"Further documentation is available in the <emphasis "
25178
25268
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
25179
25269
msgstr ""
25180
25270
25181
#: serverguide/C/file-server.xml:805(ulink)
25271
#: serverguide/C/file-server.xml:804(ulink)
25182
25272
msgid "CUPS Website"
25183
25273
msgstr ""
25184
25274
25309
25399
"prompt:"
25310
25400
msgstr ""
25311
25401
25312
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:195(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:289(command) serverguide/C/dns.xml:317(command) serverguide/C/dns.xml:594(command)
25402
#: serverguide/C/dns.xml:116(command) serverguide/C/dns.xml:199(command) serverguide/C/dns.xml:257(command) serverguide/C/dns.xml:293(command) serverguide/C/dns.xml:321(command) serverguide/C/dns.xml:603(command)
25313
25403
msgid "sudo service bind9 restart"
25314
25404
msgstr ""
25315
25405
25359
25449
"command below.)"
25360
25450
msgstr ""
25361
25451
25362
#: serverguide/C/dns.xml:141(para)
25452
#: serverguide/C/dns.xml:145(para)
25363
25453
msgid ""
25364
25454
"Now use an existing zone file as a template to create the "
25365
25455
"<filename>/etc/bind/db.example.com</filename> file:"
25366
25456
msgstr ""
25367
25457
25368
#: serverguide/C/dns.xml:145(command)
25458
#: serverguide/C/dns.xml:149(command)
25369
25459
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
25370
25460
msgstr ""
25371
25461
25372
#: serverguide/C/dns.xml:147(para)
25462
#: serverguide/C/dns.xml:151(para)
25373
25463
msgid ""
25374
25464
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
25375
25465
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
25380
25470
"this file is for."
25381
25471
msgstr ""
25382
25472
25383
#: serverguide/C/dns.xml:154(para)
25473
#: serverguide/C/dns.xml:158(para)
25384
25474
msgid ""
25385
25475
"Create an <emphasis>A record</emphasis> for the base domain, <emphasis "
25386
25476
"role=\"italic\">example.com</emphasis>. Also, create an <emphasis>A "
25388
25478
"the name server in this example:"
25389
25479
msgstr ""
25390
25480
25391
#: serverguide/C/dns.xml:159(programlisting)
25481
#: serverguide/C/dns.xml:163(programlisting)
25392
25482
#, no-wrap
25393
25483
msgid ""
25394
25484
"\n"
25410
25500
"ns IN A 192.168.1.10\n"
25411
25501
msgstr ""
25412
25502
25413
#: serverguide/C/dns.xml:177(para)
25503
#: serverguide/C/dns.xml:181(para)
25414
25504
msgid ""
25415
25505
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25416
25506
"make changes to the zone file. If you make multiple changes before "
25417
25507
"restarting BIND9, simply increment the Serial once."
25418
25508
msgstr ""
25419
25509
25420
#: serverguide/C/dns.xml:181(para)
25510
#: serverguide/C/dns.xml:185(para)
25421
25511
msgid ""
25422
25512
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25423
25513
"linkend=\"dns-record-types\"/> for details."
25424
25514
msgstr ""
25425
25515
25426
#: serverguide/C/dns.xml:185(para)
25516
#: serverguide/C/dns.xml:189(para)
25427
25517
msgid ""
25428
25518
"Many admins like to use the last date edited as the serial of a zone, such "
25429
25519
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25430
25520
"<emphasis>ss</emphasis> is the Serial Number)"
25431
25521
msgstr ""
25432
25522
25433
#: serverguide/C/dns.xml:190(para)
25523
#: serverguide/C/dns.xml:194(para)
25434
25524
msgid ""
25435
25525
"Once you have made changes to the zone file <application>BIND9</application> "
25436
25526
"needs to be restarted for the changes to take effect:"
25437
25527
msgstr ""
25438
25528
25439
#: serverguide/C/dns.xml:199(title)
25529
#: serverguide/C/dns.xml:203(title)
25440
25530
msgid "Reverse Zone File"
25441
25531
msgstr ""
25442
25532
25443
#: serverguide/C/dns.xml:200(para)
25533
#: serverguide/C/dns.xml:204(para)
25444
25534
msgid ""
25445
25535
"Now that the zone is setup and resolving names to IP Adresses a "
25446
25536
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25447
25537
"DNS to resolve an address to a name."
25448
25538
msgstr ""
25449
25539
25450
#: serverguide/C/dns.xml:204(para)
25540
#: serverguide/C/dns.xml:208(para)
25451
25541
msgid "Edit /etc/bind/named.conf.local and add the following:"
25452
25542
msgstr ""
25453
25543
25454
#: serverguide/C/dns.xml:207(programlisting)
25544
#: serverguide/C/dns.xml:211(programlisting)
25455
25545
#, no-wrap
25456
25546
msgid ""
25457
25547
"\n"
25461
25551
"};\n"
25462
25552
msgstr ""
25463
25553
25464
#: serverguide/C/dns.xml:214(para)
25554
#: serverguide/C/dns.xml:218(para)
25465
25555
msgid ""
25466
25556
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
25467
25557
"whatever network you are using. Also, name the zone file "
25469
25559
"first octet of your network."
25470
25560
msgstr ""
25471
25561
25472
#: serverguide/C/dns.xml:219(para)
25562
#: serverguide/C/dns.xml:223(para)
25473
25563
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
25474
25564
msgstr ""
25475
25565
25476
#: serverguide/C/dns.xml:223(command)
25566
#: serverguide/C/dns.xml:227(command)
25477
25567
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
25478
25568
msgstr ""
25479
25569
25480
#: serverguide/C/dns.xml:225(para)
25570
#: serverguide/C/dns.xml:229(para)
25481
25571
msgid ""
25482
25572
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
25483
25573
"same options as <filename>/etc/bind/db.example.com</filename>:"
25484
25574
msgstr ""
25485
25575
25486
#: serverguide/C/dns.xml:229(programlisting)
25576
#: serverguide/C/dns.xml:233(programlisting)
25487
25577
#, no-wrap
25488
25578
msgid ""
25489
25579
"\n"
25502
25592
"10 IN PTR ns.example.com.\n"
25503
25593
msgstr ""
25504
25594
25505
#: serverguide/C/dns.xml:244(para)
25595
#: serverguide/C/dns.xml:248(para)
25506
25596
msgid ""
25507
25597
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
25508
25598
"incremented on each change as well. For each <emphasis>A record</emphasis> "
25511
25601
"<filename>/etc/bind/db.192</filename>."
25512
25602
msgstr ""
25513
25603
25514
#: serverguide/C/dns.xml:249(para)
25604
#: serverguide/C/dns.xml:253(para)
25515
25605
msgid ""
25516
25606
"After creating the reverse zone file restart "
25517
25607
"<application>BIND9</application>:"
25518
25608
msgstr ""
25519
25609
25520
#: serverguide/C/dns.xml:258(title)
25610
#: serverguide/C/dns.xml:262(title)
25521
25611
msgid "Secondary Master"
25522
25612
msgstr ""
25523
25613
25524
#: serverguide/C/dns.xml:259(para)
25614
#: serverguide/C/dns.xml:263(para)
25525
25615
msgid ""
25526
25616
"Once a <emphasis>Primary Master</emphasis> has been configured a "
25527
25617
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
25528
25618
"availability of the domain should the Primary become unavailable."
25529
25619
msgstr ""
25530
25620
25531
#: serverguide/C/dns.xml:263(para)
25621
#: serverguide/C/dns.xml:267(para)
25532
25622
msgid ""
25533
25623
"First, on the Primary Master server, the zone transfer needs to be allowed. "
25534
25624
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
25536
25626
"<filename>/etc/bind/named.conf.local</filename>:"
25537
25627
msgstr ""
25538
25628
25539
#: serverguide/C/dns.xml:267(programlisting)
25629
#: serverguide/C/dns.xml:271(programlisting)
25540
25630
#, no-wrap
25541
25631
msgid ""
25542
25632
"\n"
25553
25643
"};\n"
25554
25644
msgstr ""
25555
25645
25556
#: serverguide/C/dns.xml:281(para)
25646
#: serverguide/C/dns.xml:285(para)
25557
25647
msgid ""
25558
25648
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
25559
25649
"Secondary nameserver."
25560
25650
msgstr ""
25561
25651
25562
#: serverguide/C/dns.xml:285(para)
25652
#: serverguide/C/dns.xml:289(para)
25563
25653
msgid "Restart <application>BIND9</application> on the Primary Master:"
25564
25654
msgstr ""
25565
25655
25566
#: serverguide/C/dns.xml:291(para)
25656
#: serverguide/C/dns.xml:295(para)
25567
25657
msgid ""
25568
25658
"Next, on the Secondary Master, install the <application>bind9</application> "
25569
25659
"package the same way as on the Primary. Then edit the "
25571
25661
"declarations for the Forward and Reverse zones:"
25572
25662
msgstr ""
25573
25663
25574
#: serverguide/C/dns.xml:295(programlisting)
25664
#: serverguide/C/dns.xml:299(programlisting)
25575
25665
#, no-wrap
25576
25666
msgid ""
25577
25667
"\n"
25588
25678
"};\n"
25589
25679
msgstr ""
25590
25680
25591
#: serverguide/C/dns.xml:309(para)
25681
#: serverguide/C/dns.xml:313(para)
25592
25682
msgid ""
25593
25683
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
25594
25684
"Primary nameserver."
25595
25685
msgstr ""
25596
25686
25597
#: serverguide/C/dns.xml:313(para)
25687
#: serverguide/C/dns.xml:317(para)
25598
25688
msgid "Restart <application>BIND9</application> on the Secondary Master:"
25599
25689
msgstr ""
25600
25690
25601
#: serverguide/C/dns.xml:319(para)
25691
#: serverguide/C/dns.xml:323(para)
25602
25692
msgid ""
25603
25693
"In <filename>/var/log/syslog</filename> you should see something similar to "
25604
25694
"(some lines have been split to fit the format of this document):"
25605
25695
msgstr ""
25606
25696
25607
#: serverguide/C/dns.xml:322(programlisting)
25697
#: serverguide/C/dns.xml:326(programlisting)
25608
25698
#, no-wrap
25609
25699
msgid ""
25610
25700
"\n"
25629
25719
"8 records, 225 bytes, 0.002 secs (112500 bytes/sec)\n"
25630
25720
msgstr ""
25631
25721
25632
#: serverguide/C/dns.xml:341(para)
25722
#: serverguide/C/dns.xml:345(para)
25633
25723
msgid ""
25634
25724
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
25635
25725
"on the Primary is larger than the one on the Secondary. If you want to have "
25639
25729
"below:"
25640
25730
msgstr ""
25641
25731
25642
#: serverguide/C/dns.xml:345(programlisting)
25732
#: serverguide/C/dns.xml:349(programlisting)
25643
25733
#, no-wrap
25644
25734
msgid ""
25645
25735
"\n"
25659
25749
"\t"
25660
25750
msgstr ""
25661
25751
25662
#: serverguide/C/dns.xml:361(para)
25752
#: serverguide/C/dns.xml:365(para)
25663
25753
msgid ""
25664
25754
"The default directory for non-authoritative zone files is "
25665
25755
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
25668
25758
"on AppArmor see <xref linkend=\"apparmor\"/>."
25669
25759
msgstr ""
25670
25760
25671
#: serverguide/C/dns.xml:372(para)
25761
#: serverguide/C/dns.xml:376(para)
25672
25762
msgid ""
25673
25763
"This section covers ways to help determine the cause when problems happen "
25674
25764
"with DNS and <application>BIND9</application>."
25675
25765
msgstr ""
25676
25766
25677
#: serverguide/C/dns.xml:378(title)
25767
#: serverguide/C/dns.xml:382(title)
25678
25768
msgid "resolv.conf"
25679
25769
msgstr ""
25680
25770
25688
25778
"<filename>/etc/resolv.conf</filename> contains (for this example):"
25689
25779
msgstr ""
25690
25780
25691
#: serverguide/C/dns.xml:384(programlisting)
25781
#: serverguide/C/dns.xml:389(programlisting)
25692
25782
#, no-wrap
25693
25783
msgid ""
25694
25784
"\n"
25704
25794
"to RESOLVCONF=yes."
25705
25795
msgstr ""
25706
25796
25707
#: serverguide/C/dns.xml:389(para)
25797
#: serverguide/C/dns.xml:398(para)
25708
25798
msgid ""
25709
25799
"You should also add the IP Address of the Secondary nameserver in case the "
25710
25800
"Primary becomes unavailable."
25711
25801
msgstr ""
25712
25802
25713
#: serverguide/C/dns.xml:395(title)
25803
#: serverguide/C/dns.xml:404(title)
25714
25804
msgid "dig"
25715
25805
msgstr ""
25716
25806
25717
#: serverguide/C/dns.xml:396(para)
25807
#: serverguide/C/dns.xml:405(para)
25718
25808
msgid ""
25719
25809
"If you installed the <application>dnsutils</application> package you can "
25720
25810
"test your setup using the DNS lookup utility <application>dig</application>:"
25721
25811
msgstr ""
25722
25812
25723
#: serverguide/C/dns.xml:402(para)
25813
#: serverguide/C/dns.xml:411(para)
25724
25814
msgid ""
25725
25815
"After installing <application>BIND9</application> use "
25726
25816
"<application>dig</application> against the loopback interface to make sure "
25727
25817
"it is listening on port 53. From a terminal prompt:"
25728
25818
msgstr ""
25729
25819
25730
#: serverguide/C/dns.xml:407(command)
25820
#: serverguide/C/dns.xml:416(command)
25731
25821
msgid "dig -x 127.0.0.1"
25732
25822
msgstr ""
25733
25823
25734
#: serverguide/C/dns.xml:409(para)
25824
#: serverguide/C/dns.xml:418(para)
25735
25825
msgid "You should see lines similar to the following in the command output:"
25736
25826
msgstr ""
25737
25827
25738
#: serverguide/C/dns.xml:412(programlisting)
25828
#: serverguide/C/dns.xml:421(programlisting)
25739
25829
#, no-wrap
25740
25830
msgid ""
25741
25831
"\n"
25743
25833
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
25744
25834
msgstr ""
25745
25835
25746
#: serverguide/C/dns.xml:418(para)
25836
#: serverguide/C/dns.xml:427(para)
25747
25837
msgid ""
25748
25838
"If you have configured <application>BIND9</application> as a "
25749
25839
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
25750
25840
"the query time:"
25751
25841
msgstr ""
25752
25842
25753
#: serverguide/C/dns.xml:423(command)
25843
#: serverguide/C/dns.xml:432(command)
25754
25844
msgid "dig ubuntu.com"
25755
25845
msgstr ""
25756
25846
25757
#: serverguide/C/dns.xml:425(para)
25847
#: serverguide/C/dns.xml:434(para)
25758
25848
msgid "Note the query time toward the end of the command output:"
25759
25849
msgstr ""
25760
25850
25761
#: serverguide/C/dns.xml:428(programlisting)
25851
#: serverguide/C/dns.xml:437(programlisting)
25762
25852
#, no-wrap
25763
25853
msgid ""
25764
25854
"\n"
25765
25855
";; Query time: 49 msec\n"
25766
25856
msgstr ""
25767
25857
25768
#: serverguide/C/dns.xml:431(para)
25858
#: serverguide/C/dns.xml:440(para)
25769
25859
msgid "After a second dig there should be improvement:"
25770
25860
msgstr ""
25771
25861
25772
#: serverguide/C/dns.xml:434(programlisting)
25862
#: serverguide/C/dns.xml:443(programlisting)
25773
25863
#, no-wrap
25774
25864
msgid ""
25775
25865
"\n"
25776
25866
";; Query time: 1 msec\n"
25777
25867
msgstr ""
25778
25868
25779
#: serverguide/C/dns.xml:441(title)
25869
#: serverguide/C/dns.xml:450(title)
25780
25870
msgid "ping"
25781
25871
msgstr ""
25782
25872
25783
#: serverguide/C/dns.xml:443(para)
25873
#: serverguide/C/dns.xml:452(para)
25784
25874
msgid ""
25785
25875
"Now to demonstrate how applications make use of DNS to resolve a host name "
25786
25876
"use the <application>ping</application> utility to send an ICMP echo "
25787
25877
"request. From a terminal prompt enter:"
25788
25878
msgstr ""
25789
25879
25790
#: serverguide/C/dns.xml:449(command)
25880
#: serverguide/C/dns.xml:458(command)
25791
25881
msgid "ping example.com"
25792
25882
msgstr ""
25793
25883
25794
#: serverguide/C/dns.xml:451(para)
25884
#: serverguide/C/dns.xml:460(para)
25795
25885
msgid ""
25796
25886
"This tests if the nameserver can resolve the name "
25797
25887
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25798
25888
"should resemble:"
25799
25889
msgstr ""
25800
25890
25801
#: serverguide/C/dns.xml:455(programlisting)
25891
#: serverguide/C/dns.xml:464(programlisting)
25802
25892
#, no-wrap
25803
25893
msgid ""
25804
25894
"\n"
25807
25897
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
25808
25898
msgstr ""
25809
25899
25810
#: serverguide/C/dns.xml:462(title)
25900
#: serverguide/C/dns.xml:471(title)
25811
25901
msgid "named-checkzone"
25812
25902
msgstr ""
25813
25903
25814
#: serverguide/C/dns.xml:463(para)
25904
#: serverguide/C/dns.xml:472(para)
25815
25905
msgid ""
25816
25906
"A great way to test your zone files is by using the <application>named-"
25817
25907
"checkzone</application> utility installed with the "
25820
25910
"<application>BIND9</application> and making the changes live."
25821
25911
msgstr ""
25822
25912
25823
#: serverguide/C/dns.xml:470(para)
25913
#: serverguide/C/dns.xml:479(para)
25824
25914
msgid ""
25825
25915
"To test our example Forward zone file enter the following from a command "
25826
25916
"prompt:"
25827
25917
msgstr ""
25828
25918
25829
#: serverguide/C/dns.xml:474(command)
25919
#: serverguide/C/dns.xml:483(command)
25830
25920
msgid "named-checkzone example.com /etc/bind/db.example.com"
25831
25921
msgstr ""
25832
25922
25833
#: serverguide/C/dns.xml:476(para)
25923
#: serverguide/C/dns.xml:485(para)
25834
25924
msgid ""
25835
25925
"If everything is configured correctly you should see output similar to:"
25836
25926
msgstr ""
25837
25927
25838
#: serverguide/C/dns.xml:479(programlisting)
25928
#: serverguide/C/dns.xml:488(programlisting)
25839
25929
#, no-wrap
25840
25930
msgid ""
25841
25931
"\n"
25843
25933
"OK\n"
25844
25934
msgstr ""
25845
25935
25846
#: serverguide/C/dns.xml:485(para)
25936
#: serverguide/C/dns.xml:494(para)
25847
25937
msgid "Similarly, to test the Reverse zone file enter the following:"
25848
25938
msgstr ""
25849
25939
25850
#: serverguide/C/dns.xml:489(command)
25940
#: serverguide/C/dns.xml:498(command)
25851
25941
msgid "named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.192"
25852
25942
msgstr ""
25853
25943
25854
#: serverguide/C/dns.xml:491(para)
25944
#: serverguide/C/dns.xml:500(para)
25855
25945
msgid "The output should be similar to:"
25856
25946
msgstr ""
25857
25947
25858
#: serverguide/C/dns.xml:494(programlisting)
25948
#: serverguide/C/dns.xml:503(programlisting)
25859
25949
#, no-wrap
25860
25950
msgid ""
25861
25951
"\n"
25863
25953
"OK\n"
25864
25954
msgstr ""
25865
25955
25866
#: serverguide/C/dns.xml:501(para)
25956
#: serverguide/C/dns.xml:510(para)
25867
25957
msgid ""
25868
25958
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
25869
25959
"different."
25870
25960
msgstr ""
25871
25961
25872
#: serverguide/C/dns.xml:509(para)
25962
#: serverguide/C/dns.xml:518(para)
25873
25963
msgid ""
25874
25964
"<application>BIND9</application> has a wide variety of logging configuration "
25875
25965
"options available. There are two main options. The "
25877
25967
"<emphasis>category</emphasis> option determines what information to log."
25878
25968
msgstr ""
25879
25969
25880
#: serverguide/C/dns.xml:513(para)
25970
#: serverguide/C/dns.xml:522(para)
25881
25971
msgid "If no logging option is configured the default option is:"
25882
25972
msgstr ""
25883
25973
25884
#: serverguide/C/dns.xml:516(programlisting)
25974
#: serverguide/C/dns.xml:525(programlisting)
25885
25975
#, no-wrap
25886
25976
msgid ""
25887
25977
"\n"
25891
25981
"};\n"
25892
25982
msgstr ""
25893
25983
25894
#: serverguide/C/dns.xml:522(para)
25984
#: serverguide/C/dns.xml:531(para)
25895
25985
msgid ""
25896
25986
"This section covers configuring <application>BIND9</application> to send "
25897
25987
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
25898
25988
"file."
25899
25989
msgstr ""
25900
25990
25901
#: serverguide/C/dns.xml:527(para)
25991
#: serverguide/C/dns.xml:536(para)
25902
25992
msgid ""
25903
25993
"First, we need to configure a channel to specify which file to send the "
25904
25994
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
25905
25995
"the following:"
25906
25996
msgstr ""
25907
25997
25908
#: serverguide/C/dns.xml:531(programlisting)
25998
#: serverguide/C/dns.xml:540(programlisting)
25909
25999
#, no-wrap
25910
26000
msgid ""
25911
26001
"\n"
25917
26007
"};\n"
25918
26008
msgstr ""
25919
26009
25920
#: serverguide/C/dns.xml:541(para)
26010
#: serverguide/C/dns.xml:550(para)
25921
26011
msgid "Next, configure a category to send all DNS queries to the query file:"
25922
26012
msgstr ""
25923
26013
25924
#: serverguide/C/dns.xml:544(programlisting)
26014
#: serverguide/C/dns.xml:553(programlisting)
25925
26015
#, no-wrap
25926
26016
msgid ""
25927
26017
"\n"
25934
26024
"};\n"
25935
26025
msgstr ""
25936
26026
25937
#: serverguide/C/dns.xml:556(para)
26027
#: serverguide/C/dns.xml:565(para)
25938
26028
msgid ""
25939
26029
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
25940
26030
"level isn't specified level 1 is the default."
25941
26031
msgstr ""
25942
26032
25943
#: serverguide/C/dns.xml:562(para)
26033
#: serverguide/C/dns.xml:571(para)
25944
26034
msgid ""
25945
26035
"Since the <emphasis>named daemon</emphasis> runs as the "
25946
26036
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
25947
26037
"file must be created and the ownership changed:"
25948
26038
msgstr ""
25949
26039
25950
#: serverguide/C/dns.xml:567(command)
26040
#: serverguide/C/dns.xml:576(command)
25951
26041
msgid "sudo touch /var/log/query.log"
25952
26042
msgstr ""
25953
26043
25954
#: serverguide/C/dns.xml:568(command)
26044
#: serverguide/C/dns.xml:577(command)
25955
26045
msgid "sudo chown bind /var/log/query.log"
25956
26046
msgstr ""
25957
26047
25958
#: serverguide/C/dns.xml:572(para)
26048
#: serverguide/C/dns.xml:581(para)
25959
26049
msgid ""
25960
26050
"Before <application>named</application> daemon can write to the new log file "
25961
26051
"the <application>AppArmor</application> profile must be updated. First, edit "
25962
26052
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
25963
26053
msgstr ""
25964
26054
25965
#: serverguide/C/dns.xml:576(programlisting)
26055
#: serverguide/C/dns.xml:585(programlisting)
25966
26056
#, no-wrap
25967
26057
msgid ""
25968
26058
"\n"
25969
26059
"/var/log/query.log w,\n"
25970
26060
msgstr ""
25971
26061
25972
#: serverguide/C/dns.xml:579(para)
26062
#: serverguide/C/dns.xml:588(para)
25973
26063
msgid "Next, reload the profile:"
25974
26064
msgstr ""
25975
26065
25976
#: serverguide/C/dns.xml:583(command)
26066
#: serverguide/C/dns.xml:592(command)
25977
26067
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
25978
26068
msgstr ""
25979
26069
25980
#: serverguide/C/dns.xml:585(para)
26070
#: serverguide/C/dns.xml:594(para)
25981
26071
msgid ""
25982
26072
"For more information on <application>AppArmor</application> see <xref "
25983
26073
"linkend=\"apparmor\"/>"
25984
26074
msgstr ""
25985
26075
25986
#: serverguide/C/dns.xml:590(para)
26076
#: serverguide/C/dns.xml:599(para)
25987
26077
msgid ""
25988
26078
"Now restart <application>BIND9</application> for the changes to take effect:"
25989
26079
msgstr ""
25990
26080
25991
#: serverguide/C/dns.xml:598(para)
26081
#: serverguide/C/dns.xml:607(para)
25992
26082
msgid ""
25993
26083
"You should see the file <filename>/var/log/query.log</filename> fill with "
25994
26084
"query information. This is a simple example of the "
25996
26086
"options see <xref linkend=\"dns-more-info\"/>."
25997
26087
msgstr ""
25998
26088
25999
#: serverguide/C/dns.xml:607(title)
26089
#: serverguide/C/dns.xml:616(title)
26000
26090
msgid "Common Record Types"
26001
26091
msgstr ""
26002
26092
26003
#: serverguide/C/dns.xml:608(para)
26093
#: serverguide/C/dns.xml:617(para)
26004
26094
msgid "This section covers some of the most common DNS record types."
26005
26095
msgstr ""
26006
26096
26007
#: serverguide/C/dns.xml:613(para)
26097
#: serverguide/C/dns.xml:622(para)
26008
26098
msgid ""
26009
26099
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26010
26100
msgstr ""
26011
26101
26012
#: serverguide/C/dns.xml:616(programlisting)
26102
#: serverguide/C/dns.xml:625(programlisting)
26013
26103
#, no-wrap
26014
26104
msgid ""
26015
26105
"\n"
26016
26106
"www IN A 192.168.1.12\n"
26017
26107
msgstr ""
26018
26108
26019
#: serverguide/C/dns.xml:621(para)
26109
#: serverguide/C/dns.xml:630(para)
26020
26110
msgid ""
26021
26111
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26022
26112
"record. You cannot create a CNAME record pointing to another CNAME record."
26023
26113
msgstr ""
26024
26114
26025
#: serverguide/C/dns.xml:624(programlisting)
26115
#: serverguide/C/dns.xml:633(programlisting)
26026
26116
#, no-wrap
26027
26117
msgid ""
26028
26118
"\n"
26029
26119
"web IN CNAME www\n"
26030
26120
msgstr ""
26031
26121
26032
#: serverguide/C/dns.xml:629(para)
26122
#: serverguide/C/dns.xml:638(para)
26033
26123
msgid ""
26034
26124
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26035
26125
"to. Must point to an A record, not a CNAME."
26036
26126
msgstr ""
26037
26127
26038
#: serverguide/C/dns.xml:632(programlisting)
26128
#: serverguide/C/dns.xml:641(programlisting)
26039
26129
#, no-wrap
26040
26130
msgid ""
26041
26131
"\n"
26043
26133
"mail IN A 192.168.1.13\n"
26044
26134
msgstr ""
26045
26135
26046
#: serverguide/C/dns.xml:638(para)
26136
#: serverguide/C/dns.xml:647(para)
26047
26137
msgid ""
26048
26138
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
26049
26139
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
26050
26140
"Secondary servers are defined."
26051
26141
msgstr ""
26052
26142
26053
#: serverguide/C/dns.xml:642(programlisting)
26143
#: serverguide/C/dns.xml:651(programlisting)
26054
26144
#, no-wrap
26055
26145
msgid ""
26056
26146
"\n"
26060
26150
"ns2 IN A 192.168.1.11\n"
26061
26151
msgstr ""
26062
26152
26063
#: serverguide/C/virtualization.xml:2018(title) serverguide/C/dns.xml:652(title)
26153
#: serverguide/C/dns.xml:661(title)
26064
26154
msgid "More Information"
26065
26155
msgstr ""
26066
26156
26091
26181
"BIND on IPv6</ulink> book."
26092
26182
msgstr ""
26093
26183
26094
#: serverguide/C/dns.xml:670(para)
26184
#: serverguide/C/dns.xml:684(para)
26095
26185
msgid ""
26096
26186
"A great place to ask for <application>BIND9</application> assistance, and "
26097
26187
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
26274
26364
"Components</link> describes the components of the DM-Multipath package."
26275
26365
msgstr ""
26276
26366
26277
#: serverguide/C/dm-multipath.xml:184(title)
26367
#: serverguide/C/dm-multipath.xml:183(title)
26278
26368
msgid "DM-Multipath Setup Overview"
26279
26369
msgstr ""
26280
26370
26281
#: serverguide/C/dm-multipath.xml:191(para)
26371
#: serverguide/C/dm-multipath.xml:190(para)
26282
26372
msgid ""
26283
26373
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26284
26374
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26285
26375
msgstr ""
26286
26376
26287
#: serverguide/C/dm-multipath.xml:197(para)
26377
#: serverguide/C/dm-multipath.xml:196(para)
26288
26378
msgid ""
26289
26379
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26290
26380
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26291
26381
msgstr ""
26292
26382
26293
#: serverguide/C/dm-multipath.xml:203(para)
26383
#: serverguide/C/dm-multipath.xml:202(para)
26294
26384
msgid ""
26295
26385
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26296
26386
"configuration file to modify default values and save the updated file."
26297
26387
msgstr ""
26298
26388
26299
#: serverguide/C/dm-multipath.xml:209(para)
26389
#: serverguide/C/dm-multipath.xml:208(para)
26300
26390
msgid "Start the multipath daemon"
26301
26391
msgstr ""
26302
26392
26303
#: serverguide/C/dm-multipath.xml:213(para)
26393
#: serverguide/C/dm-multipath.xml:212(para)
26304
26394
msgid "Update initial ramdisk"
26305
26395
msgstr ""
26306
26396
26307
#: serverguide/C/dm-multipath.xml:186(para)
26397
#: serverguide/C/dm-multipath.xml:185(para)
26308
26398
msgid ""
26309
26399
"DM-Multipath includes compiled-in default settings that are suitable for "
26310
26400
"common multipath configurations. Setting up DM-multipath is often a simple "
26314
26404
"overview\">Setting Up DM-Multipath</link>."
26315
26405
msgstr ""
26316
26406
26317
#: serverguide/C/dm-multipath.xml:223(title)
26407
#: serverguide/C/dm-multipath.xml:222(title)
26318
26408
msgid "Multipath Devices"
26319
26409
msgstr ""
26320
26410
26321
#: serverguide/C/dm-multipath.xml:225(para)
26411
#: serverguide/C/dm-multipath.xml:224(para)
26322
26412
msgid ""
26323
26413
"Without DM-Multipath, each path from a server node to a storage controller "
26324
26414
"is treated by the system as a separate device, even when the I/O path "
26327
26417
"multipath device on top of the underlying devices."
26328
26418
msgstr ""
26329
26419
26330
#: serverguide/C/dm-multipath.xml:233(title)
26420
#: serverguide/C/dm-multipath.xml:232(title)
26331
26421
msgid "Multipath Device Identifiers"
26332
26422
msgstr ""
26333
26423
26334
#: serverguide/C/dm-multipath.xml:261(para)
26424
#: serverguide/C/dm-multipath.xml:260(para)
26335
26425
msgid ""
26336
26426
"The devices in <emphasis role=\"bold\">/dev/mapper</emphasis> are created "
26337
26427
"early in the boot process. Use these devices to access the multipathed "
26338
26428
"devices, for example when creating logical volumes."
26339
26429
msgstr ""
26340
26430
26341
#: serverguide/C/dm-multipath.xml:268(para)
26431
#: serverguide/C/dm-multipath.xml:267(para)
26342
26432
msgid ""
26343
26433
"Any devices of the form <emphasis role=\"bold\">/dev/dm-n</emphasis> are for "
26344
26434
"internal use only and should never be used."
26384
26474
"Device Configuration Attributes</link>."
26385
26475
msgstr ""
26386
26476
26387
#: serverguide/C/dm-multipath.xml:289(title)
26477
#: serverguide/C/dm-multipath.xml:288(title)
26388
26478
msgid "Consistent Multipath Device Names in a Cluster"
26389
26479
msgstr ""
26390
26480
26391
#: serverguide/C/dm-multipath.xml:291(para)
26481
#: serverguide/C/dm-multipath.xml:290(para)
26392
26482
msgid ""
26393
26483
"When the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26394
26484
"configuration option is set to yes, the name of the multipath device is "
26411
26501
"procedure:"
26412
26502
msgstr ""
26413
26503
26414
#: serverguide/C/dm-multipath.xml:313(para)
26504
#: serverguide/C/dm-multipath.xml:312(para)
26415
26505
msgid "Set up all of the multipath devices on one machine."
26416
26506
msgstr ""
26417
26507
26418
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26508
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26419
26509
msgid ""
26420
26510
"Disable all of your multipath devices on your other machines by running the "
26421
26511
"following commands:"
26422
26512
msgstr ""
26423
26513
26424
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26514
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26425
26515
#, no-wrap
26426
26516
msgid ""
26427
26517
"# service multipath-tools stop\n"
26428
26518
"# multipath -F\n"
26429
26519
msgstr ""
26430
26520
26431
#: serverguide/C/dm-multipath.xml:326(para)
26521
#: serverguide/C/dm-multipath.xml:325(para)
26432
26522
msgid ""
26433
26523
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26434
26524
"machine to all the other machines in the cluster."
26435
26525
msgstr ""
26436
26526
26437
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26527
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26438
26528
msgid ""
26439
26529
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26440
26530
"running the following command:"
26441
26531
msgstr ""
26442
26532
26443
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26533
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26444
26534
#, no-wrap
26445
26535
msgid "# service multipath-tools start"
26446
26536
msgstr ""
26447
26537
26448
#: serverguide/C/dm-multipath.xml:339(para)
26538
#: serverguide/C/dm-multipath.xml:338(para)
26449
26539
msgid "If you add a new device, you will need to repeat this process."
26450
26540
msgstr ""
26451
26541
26452
#: serverguide/C/dm-multipath.xml:342(para)
26542
#: serverguide/C/dm-multipath.xml:341(para)
26453
26543
msgid ""
26454
26544
"Similarly, if you configure an alias for a device that you would like to be "
26455
26545
"consistent across the nodes in the cluster, you should ensure that the "
26457
26547
"the cluster by following the same procedure:"
26458
26548
msgstr ""
26459
26549
26460
#: serverguide/C/dm-multipath.xml:349(para)
26550
#: serverguide/C/dm-multipath.xml:348(para)
26461
26551
msgid ""
26462
26552
"Configure the aliases for the multipath devices in the in the "
26463
26553
"<filename>multipath.conf</filename> file on one machine."
26464
26554
msgstr ""
26465
26555
26466
#: serverguide/C/dm-multipath.xml:363(para)
26556
#: serverguide/C/dm-multipath.xml:362(para)
26467
26557
msgid ""
26468
26558
"Copy the <filename>multipath.conf</filename> file from the first machine to "
26469
26559
"all the other machines in the cluster."
26470
26560
msgstr ""
26471
26561
26472
#: serverguide/C/dm-multipath.xml:375(para)
26562
#: serverguide/C/dm-multipath.xml:374(para)
26473
26563
msgid "When you add a new device you will need to repeat this process."
26474
26564
msgstr ""
26475
26565
26476
#: serverguide/C/dm-multipath.xml:380(title)
26566
#: serverguide/C/dm-multipath.xml:379(title)
26477
26567
msgid "Multipath Device attributes"
26478
26568
msgstr ""
26479
26569
26480
#: serverguide/C/dm-multipath.xml:382(para)
26570
#: serverguide/C/dm-multipath.xml:381(para)
26481
26571
msgid ""
26482
26572
"In addition to the <emphasis role=\"bold\">user_friendly_names</emphasis> "
26483
26573
"and <emphasis role=\"bold\">alias</emphasis> options, a multipath device has "
26490
26580
"linkend=\"multipath-config-multipath\"/>\"."
26491
26581
msgstr ""
26492
26582
26493
#: serverguide/C/dm-multipath.xml:395(title)
26583
#: serverguide/C/dm-multipath.xml:394(title)
26494
26584
msgid "Multipath Devices in Logical Volumes"
26495
26585
msgstr ""
26496
26586
26497
#: serverguide/C/dm-multipath.xml:397(para)
26587
#: serverguide/C/dm-multipath.xml:396(para)
26498
26588
msgid ""
26499
26589
"After creating multipath devices, you can use the multipath device names "
26500
26590
"just as you would use a physical device name when creating an LVM physical "
26505
26595
"you would use any other LVM physical device."
26506
26596
msgstr ""
26507
26597
26508
#: serverguide/C/dm-multipath.xml:406(para)
26598
#: serverguide/C/dm-multipath.xml:405(para)
26509
26599
msgid ""
26510
26600
"If you attempt to create an LVM physical volume on a whole device on which "
26511
26601
"you have configured partitions, the pvcreate command will fail."
26512
26602
msgstr ""
26513
26603
26514
#: serverguide/C/dm-multipath.xml:426(para)
26604
#: serverguide/C/dm-multipath.xml:425(para)
26515
26605
msgid ""
26516
26606
"Every time either <filename>/etc/lvm.conf</filename> or "
26517
26607
"<filename>/etc/multipath.conf</filename> is updated, the initrd should be "
26519
26609
"filters are necessary to maintain a stable storage configuration."
26520
26610
msgstr ""
26521
26611
26522
#: serverguide/C/dm-multipath.xml:411(para)
26612
#: serverguide/C/dm-multipath.xml:410(para)
26523
26613
msgid ""
26524
26614
"When you create an LVM logical volume that uses active/passive multipath "
26525
26615
"arrays as the underlying physical devices, you should include filters in the "
26538
26628
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26539
26629
msgstr ""
26540
26630
26541
#: serverguide/C/dm-multipath.xml:436(title)
26631
#: serverguide/C/dm-multipath.xml:435(title)
26542
26632
msgid "Setting up DM-Multipath Overview"
26543
26633
msgstr ""
26544
26634
26545
#: serverguide/C/dm-multipath.xml:438(para)
26635
#: serverguide/C/dm-multipath.xml:437(para)
26546
26636
msgid ""
26547
26637
"This section provides step-by-step example procedures for configuring DM-"
26548
26638
"Multipath. It includes the following procedures:"
26549
26639
msgstr ""
26550
26640
26551
#: serverguide/C/dm-multipath.xml:443(para)
26641
#: serverguide/C/dm-multipath.xml:442(para)
26552
26642
msgid "Basic DM-Multipath setup"
26553
26643
msgstr ""
26554
26644
26555
#: serverguide/C/dm-multipath.xml:447(para)
26645
#: serverguide/C/dm-multipath.xml:446(para)
26556
26646
msgid "Ignoring local disks"
26557
26647
msgstr ""
26558
26648
26559
#: serverguide/C/dm-multipath.xml:451(para)
26649
#: serverguide/C/dm-multipath.xml:450(para)
26560
26650
msgid "Adding more devices to the configuration file"
26561
26651
msgstr ""
26562
26652
26563
#: serverguide/C/dm-multipath.xml:456(title)
26653
#: serverguide/C/dm-multipath.xml:455(title)
26564
26654
msgid "Setting Up DM-Multipath"
26565
26655
msgstr ""
26566
26656
26567
#: serverguide/C/dm-multipath.xml:458(para)
26657
#: serverguide/C/dm-multipath.xml:457(para)
26568
26658
msgid ""
26569
26659
"Before setting up DM-Multipath on your system, ensure that your system has "
26570
26660
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26573
26663
"boot</application></emphasis> package is also required."
26574
26664
msgstr ""
26575
26665
26576
#: serverguide/C/dm-multipath.xml:476(para)
26666
#: serverguide/C/dm-multipath.xml:475(para)
26577
26667
msgid ""
26578
26668
"To work around a quirk in multipathd, when an "
26579
26669
"<filename>/etc/multipath.conf</filename> doesn't exist, the previous command "
26590
26680
"database."
26591
26681
msgstr ""
26592
26682
26593
#: serverguide/C/dm-multipath.xml:465(para)
26683
#: serverguide/C/dm-multipath.xml:464(para)
26594
26684
msgid ""
26595
26685
"A basic <emphasis role=\"bold\">/etc/multipath.conf </emphasis> need not "
26596
26686
"even exist, when <emphasis role=\"bold\">multpath</emphasis> is run without "
26606
26696
"multipath.conf-live</screen><placeholder-1/>"
26607
26697
msgstr ""
26608
26698
26609
#: serverguide/C/dm-multipath.xml:493(title)
26699
#: serverguide/C/dm-multipath.xml:492(title)
26610
26700
msgid "Installing with Multipath Support"
26611
26701
msgstr ""
26612
26702
26613
#: serverguide/C/dm-multipath.xml:495(para)
26703
#: serverguide/C/dm-multipath.xml:494(para)
26614
26704
msgid ""
26615
26705
"To enable <ulink "
26616
26706
"url=\"http://wiki.debian.org/DebianInstaller/MultipathSupport\">multipath "
26620
26710
"role=\"bold\">/dev/mapper/mpath<X></emphasis> during installation."
26621
26711
msgstr ""
26622
26712
26623
#: serverguide/C/dm-multipath.xml:504(title)
26713
#: serverguide/C/dm-multipath.xml:503(title)
26624
26714
msgid "Ignoring Local Disks When Generating Multipath Devices"
26625
26715
msgstr ""
26626
26716
26627
#: serverguide/C/dm-multipath.xml:506(para)
26717
#: serverguide/C/dm-multipath.xml:505(para)
26628
26718
msgid ""
26629
26719
"Some machines have local SCSI cards for their internal disks. DM-Multipath "
26630
26720
"is not recommended for these devices. The following procedure shows how to "
26645
26735
"linkend=\"multipath-command-output\">Multipath Command Output</link>."
26646
26736
msgstr ""
26647
26737
26648
#: serverguide/C/dm-multipath.xml:525(screen)
26738
#: serverguide/C/dm-multipath.xml:524(screen)
26649
26739
#, no-wrap
26650
26740
msgid ""
26651
26741
"\n"
26682
26772
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26683
26773
msgstr ""
26684
26774
26685
#: serverguide/C/dm-multipath.xml:561(para)
26775
#: serverguide/C/dm-multipath.xml:560(para)
26686
26776
msgid ""
26687
26777
"In order to prevent the device mapper from mapping <emphasis "
26688
26778
"role=\"bold\">/dev/sda</emphasis> in its multipath maps, edit the blacklist "
26699
26789
"the following in the <filename>/etc/multipath.conf</filename> file."
26700
26790
msgstr ""
26701
26791
26702
#: serverguide/C/dm-multipath.xml:576(screen)
26792
#: serverguide/C/dm-multipath.xml:575(screen)
26703
26793
#, no-wrap
26704
26794
msgid ""
26705
26795
"\n"
26708
26798
"}\n"
26709
26799
msgstr ""
26710
26800
26711
#: serverguide/C/dm-multipath.xml:584(para)
26801
#: serverguide/C/dm-multipath.xml:583(para)
26712
26802
msgid ""
26713
26803
"After you have updated the <filename>/etc/multipath.conf</filename> file, "
26714
26804
"you must manually tell the <emphasis role=\"bold\">multipathd</emphasis> "
26716
26806
"<filename>/etc/multipath.conf</filename> file."
26717
26807
msgstr ""
26718
26808
26719
#: serverguide/C/dm-multipath.xml:589(screen)
26809
#: serverguide/C/dm-multipath.xml:588(screen)
26720
26810
#, no-wrap
26721
26811
msgid "# service multipath-tools reload"
26722
26812
msgstr ""
26723
26813
26724
#: serverguide/C/dm-multipath.xml:593(para)
26814
#: serverguide/C/dm-multipath.xml:592(para)
26725
26815
msgid "Run the following command to remove the multipath device:"
26726
26816
msgstr ""
26727
26817
26728
#: serverguide/C/dm-multipath.xml:596(screen)
26818
#: serverguide/C/dm-multipath.xml:595(screen)
26729
26819
#, no-wrap
26730
26820
msgid ""
26731
26821
"\n"
26745
26835
"specify a <emphasis role=\"bold\">-v</emphasis> option."
26746
26836
msgstr ""
26747
26837
26748
#: serverguide/C/dm-multipath.xml:613(screen)
26838
#: serverguide/C/dm-multipath.xml:612(screen)
26749
26839
#, no-wrap
26750
26840
msgid ""
26751
26841
"\n"
26776
26866
" `- 3:0:0:3 sdg 8:128 undef ready running\n"
26777
26867
msgstr ""
26778
26868
26779
#: serverguide/C/dm-multipath.xml:645(title)
26869
#: serverguide/C/dm-multipath.xml:644(title)
26780
26870
msgid "Configuring Storage Devices"
26781
26871
msgstr ""
26782
26872
26783
#: serverguide/C/dm-multipath.xml:647(para)
26873
#: serverguide/C/dm-multipath.xml:646(para)
26784
26874
msgid ""
26785
26875
"By default, DM-Multipath includes support for the most common storage arrays "
26786
26876
"that support DM-Multipath. The default configuration values, including "
26788
26878
"<filename>multipath.conf.defaults</filename> file."
26789
26879
msgstr ""
26790
26880
26791
#: serverguide/C/dm-multipath.xml:652(para)
26881
#: serverguide/C/dm-multipath.xml:651(para)
26792
26882
msgid ""
26793
26883
"If you need to add a storage device that is not supported by default as a "
26794
26884
"known multipath device, edit the <filename>/etc/multipath.conf</filename> "
26795
26885
"file and insert the appropriate device information."
26796
26886
msgstr ""
26797
26887
26798
#: serverguide/C/dm-multipath.xml:656(para)
26888
#: serverguide/C/dm-multipath.xml:655(para)
26799
26889
msgid ""
26800
26890
"For example, to add information about the HP Open-V series the entry looks "
26801
26891
"like this, where <emphasis role=\"bold\">%n</emphasis> is the device name:"
26802
26892
msgstr ""
26803
26893
26804
#: serverguide/C/dm-multipath.xml:660(screen)
26894
#: serverguide/C/dm-multipath.xml:659(screen)
26805
26895
#, no-wrap
26806
26896
msgid ""
26807
26897
"devices {\n"
26814
26904
"}\n"
26815
26905
msgstr ""
26816
26906
26817
#: serverguide/C/dm-multipath.xml:669(para)
26907
#: serverguide/C/dm-multipath.xml:668(para)
26818
26908
msgid ""
26819
26909
"For more information on the devices section of the configuration file, see "
26820
26910
"Section <xref endterm=\"config-device-title\" linkend=\"multipath-config-"
26821
26911
"device\"/>."
26822
26912
msgstr ""
26823
26913
26824
#: serverguide/C/dm-multipath.xml:676(title)
26914
#: serverguide/C/dm-multipath.xml:675(title)
26825
26915
msgid "The DM-Multipath Configuration File"
26826
26916
msgstr ""
26827
26917
26828
#: serverguide/C/dm-multipath.xml:678(para)
26918
#: serverguide/C/dm-multipath.xml:677(para)
26829
26919
msgid ""
26830
26920
"By default, DM-Multipath provides configuration values for the most common "
26831
26921
"uses of multipathing. In addition, DM-Multipath includes support for the "
26834
26924
"<filename>multipath.conf.defaults</filename> file."
26835
26925
msgstr ""
26836
26926
26837
#: serverguide/C/dm-multipath.xml:684(para)
26927
#: serverguide/C/dm-multipath.xml:683(para)
26838
26928
msgid ""
26839
26929
"You can override the default configuration values for DM-Multipath by "
26840
26930
"editing the <filename>/etc/multipath.conf</filename> configuration file. If "
26844
26934
"on the following topics: <placeholder-1/>"
26845
26935
msgstr ""
26846
26936
26847
#: serverguide/C/dm-multipath.xml:716(para)
26937
#: serverguide/C/dm-multipath.xml:715(para)
26848
26938
msgid ""
26849
26939
"In the multipath configuration file, you need to specify only the sections "
26850
26940
"that you need for your configuration, or that you wish to change from the "
26854
26944
"can leave them commented out, as they are in the initial file."
26855
26945
msgstr ""
26856
26946
26857
#: serverguide/C/dm-multipath.xml:724(para)
26947
#: serverguide/C/dm-multipath.xml:723(para)
26858
26948
msgid "The configuration file allows regular expression description syntax."
26859
26949
msgstr ""
26860
26950
26861
#: serverguide/C/dm-multipath.xml:727(para)
26951
#: serverguide/C/dm-multipath.xml:726(para)
26862
26952
msgid ""
26863
26953
"An annotated version of the configuration file can be found in "
26864
26954
"<filename><filename>/usr/share/doc/multipath-"
26865
26955
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26866
26956
msgstr ""
26867
26957
26868
#: serverguide/C/dm-multipath.xml:731(title)
26958
#: serverguide/C/dm-multipath.xml:730(title)
26869
26959
msgid "Configuration File Overview"
26870
26960
msgstr ""
26871
26961
26872
#: serverguide/C/dm-multipath.xml:733(para)
26962
#: serverguide/C/dm-multipath.xml:732(para)
26873
26963
msgid ""
26874
26964
"The multipath configuration file is divided into the following sections:"
26875
26965
msgstr ""
26876
26966
26877
#: serverguide/C/dm-multipath.xml:738(emphasis)
26967
#: serverguide/C/dm-multipath.xml:737(emphasis)
26878
26968
msgid "blacklist"
26879
26969
msgstr ""
26880
26970
26881
#: serverguide/C/dm-multipath.xml:741(para)
26971
#: serverguide/C/dm-multipath.xml:740(para)
26882
26972
msgid ""
26883
26973
"Listing of specific devices that will not be considered for multipath."
26884
26974
msgstr ""
26885
26975
26886
#: serverguide/C/dm-multipath.xml:747(emphasis)
26976
#: serverguide/C/dm-multipath.xml:746(emphasis)
26887
26977
msgid "blacklist_exceptions"
26888
26978
msgstr ""
26889
26979
26890
#: serverguide/C/dm-multipath.xml:750(para)
26980
#: serverguide/C/dm-multipath.xml:749(para)
26891
26981
msgid ""
26892
26982
"Listing of multipath candidates that would otherwise be blacklisted "
26893
26983
"according to the parameters of the blacklist section."
26894
26984
msgstr ""
26895
26985
26896
#: serverguide/C/dm-multipath.xml:757(emphasis)
26986
#: serverguide/C/dm-multipath.xml:756(emphasis)
26897
26987
msgid "defaults"
26898
26988
msgstr ""
26899
26989
26900
#: serverguide/C/dm-multipath.xml:760(para)
26990
#: serverguide/C/dm-multipath.xml:759(para)
26901
26991
msgid "General default settings for DM-Multipath."
26902
26992
msgstr ""
26903
26993
26904
#: serverguide/C/dm-multipath.xml:768(para)
26994
#: serverguide/C/dm-multipath.xml:767(para)
26905
26995
msgid ""
26906
26996
"Settings for the characteristics of individual multipath devices. These "
26907
26997
"values overwrite what is specified in the <emphasis "
26909
26999
"role=\"bold\">devices</emphasis> sections of the configuration file."
26910
27000
msgstr ""
26911
27001
26912
#: serverguide/C/dm-multipath.xml:777(emphasis)
27002
#: serverguide/C/dm-multipath.xml:776(emphasis)
26913
27003
msgid "devices"
26914
27004
msgstr ""
26915
27005
26916
#: serverguide/C/dm-multipath.xml:780(para)
27006
#: serverguide/C/dm-multipath.xml:779(para)
26917
27007
msgid ""
26918
27008
"Settings for the individual storage controllers. These values overwrite what "
26919
27009
"is specified in the <emphasis role=\"bold\">defaults</emphasis> section of "
26922
27012
"array."
26923
27013
msgstr ""
26924
27014
26925
#: serverguide/C/dm-multipath.xml:789(para)
27015
#: serverguide/C/dm-multipath.xml:788(para)
26926
27016
msgid ""
26927
27017
"When the system determines the attributes of a multipath device, first it "
26928
27018
"checks the multipath settings, then the per devices settings, then the "
26929
27019
"multipath system defaults."
26930
27020
msgstr ""
26931
27021
26932
#: serverguide/C/dm-multipath.xml:795(title)
27022
#: serverguide/C/dm-multipath.xml:794(title)
26933
27023
msgid "Configuration File Blacklist"
26934
27024
msgstr ""
26935
27025
26936
#: serverguide/C/dm-multipath.xml:797(para)
27026
#: serverguide/C/dm-multipath.xml:796(para)
26937
27027
msgid ""
26938
27028
"The blacklist section of the multipath configuration file specifies the "
26939
27029
"devices that will not be used when the system configures multipath devices. "
26940
27030
"Devices that are blacklisted will not be grouped into a multipath device."
26941
27031
msgstr ""
26942
27032
26943
#: serverguide/C/dm-multipath.xml:804(para)
27033
#: serverguide/C/dm-multipath.xml:803(para)
26944
27034
msgid ""
26945
27035
"If you do need to blacklist devices, you can do so according to the "
26946
27036
"following criteria:"
26947
27037
msgstr ""
26948
27038
26949
#: serverguide/C/dm-multipath.xml:809(para)
27039
#: serverguide/C/dm-multipath.xml:808(para)
26950
27040
msgid ""
26951
27041
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
26952
27042
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
26953
27043
msgstr ""
26954
27044
26955
#: serverguide/C/dm-multipath.xml:815(para)
27045
#: serverguide/C/dm-multipath.xml:814(para)
26956
27046
msgid ""
26957
27047
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
26958
27048
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
26959
27049
msgstr ""
26960
27050
26961
#: serverguide/C/dm-multipath.xml:821(para)
27051
#: serverguide/C/dm-multipath.xml:820(para)
26962
27052
msgid ""
26963
27053
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
26964
27054
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
26965
27055
msgstr ""
26966
27056
26967
#: serverguide/C/dm-multipath.xml:827(para)
27057
#: serverguide/C/dm-multipath.xml:826(para)
26968
27058
msgid ""
26969
27059
"By default, a variety of device types are blacklisted, even after you "
26970
27060
"comment out the initial blacklist section of the configuration file. For "
26972
27062
"linkend=\"multipath-config-blacklist-by-device-name\"/>"
26973
27063
msgstr ""
26974
27064
26975
#: serverguide/C/dm-multipath.xml:836(title)
27065
#: serverguide/C/dm-multipath.xml:835(title)
26976
27066
msgid "Blacklisting By WWID"
26977
27067
msgstr ""
26978
27068
26979
#: serverguide/C/dm-multipath.xml:839(para)
27069
#: serverguide/C/dm-multipath.xml:838(para)
26980
27070
msgid ""
26981
27071
"You can specify individual devices to blacklist by their World-Wide "
26982
27072
"IDentification with a <emphasis role=\"bold\">wwid</emphasis> entry in the "
26984
27074
"file."
26985
27075
msgstr ""
26986
27076
26987
#: serverguide/C/dm-multipath.xml:844(para)
27077
#: serverguide/C/dm-multipath.xml:843(para)
26988
27078
msgid ""
26989
27079
"The following example shows the lines in the configuration file that would "
26990
27080
"blacklist a device with a WWID of 26353900f02796769."
26991
27081
msgstr ""
26992
27082
26993
#: serverguide/C/dm-multipath.xml:847(screen)
27083
#: serverguide/C/dm-multipath.xml:846(screen)
26994
27084
#, no-wrap
26995
27085
msgid ""
26996
27086
"\n"
26999
27089
"}\n"
27000
27090
msgstr ""
27001
27091
27002
#: serverguide/C/dm-multipath.xml:855(title)
27092
#: serverguide/C/dm-multipath.xml:854(title)
27003
27093
msgid "Blacklisting By Device Name"
27004
27094
msgstr ""
27005
27095
27006
#: serverguide/C/dm-multipath.xml:858(para)
27096
#: serverguide/C/dm-multipath.xml:857(para)
27007
27097
msgid ""
27008
27098
"You can blacklist device types by device name so that they will not be "
27009
27099
"grouped into a multipath device by specifying a <emphasis "
27011
27101
"role=\"bold\">blacklist</emphasis> section of the configuration file."
27012
27102
msgstr ""
27013
27103
27014
#: serverguide/C/dm-multipath.xml:864(para)
27104
#: serverguide/C/dm-multipath.xml:863(para)
27015
27105
msgid ""
27016
27106
"The following example shows the lines in the configuration file that would "
27017
27107
"blacklist all SCSI devices, since it blacklists all sd* devices. <screen>\n"
27020
27110
"}</screen>"
27021
27111
msgstr ""
27022
27112
27023
#: serverguide/C/dm-multipath.xml:871(para)
27113
#: serverguide/C/dm-multipath.xml:870(para)
27024
27114
msgid ""
27025
27115
"You can use a <emphasis role=\"bold\">devnode</emphasis> entry in the "
27026
27116
"<emphasis role=\"bold\">blacklist</emphasis> section of the configuration "
27032
27122
"on reboot."
27033
27123
msgstr ""
27034
27124
27035
#: serverguide/C/dm-multipath.xml:881(para)
27125
#: serverguide/C/dm-multipath.xml:880(para)
27036
27126
msgid ""
27037
27127
"By default, the following <emphasis role=\"bold\">devnode</emphasis> entries "
27038
27128
"are compiled in the default blacklist; the devices that these entries "
27048
27138
"</screen>"
27049
27139
msgstr ""
27050
27140
27051
#: serverguide/C/dm-multipath.xml:898(title)
27141
#: serverguide/C/dm-multipath.xml:897(title)
27052
27142
msgid "Blacklisting By Device Type"
27053
27143
msgstr ""
27054
27144
27055
#: serverguide/C/dm-multipath.xml:901(para)
27145
#: serverguide/C/dm-multipath.xml:900(para)
27056
27146
msgid ""
27057
27147
"You can specify specific device types in the <emphasis "
27058
27148
"role=\"bold\">blacklist</emphasis> section of the configuration file with a "
27071
27161
"</screen>"
27072
27162
msgstr ""
27073
27163
27074
#: serverguide/C/dm-multipath.xml:919(title)
27164
#: serverguide/C/dm-multipath.xml:918(title)
27075
27165
msgid "Blacklist Exceptions"
27076
27166
msgstr ""
27077
27167
27078
#: serverguide/C/dm-multipath.xml:922(para)
27168
#: serverguide/C/dm-multipath.xml:921(para)
27079
27169
msgid ""
27080
27170
"You can use the <emphasis role=\"bold\">blacklist_exceptions</emphasis> "
27081
27171
"section of the configuration file to enable multipathing on devices that "
27082
27172
"have been blacklisted by default."
27083
27173
msgstr ""
27084
27174
27085
#: serverguide/C/dm-multipath.xml:927(para)
27175
#: serverguide/C/dm-multipath.xml:926(para)
27086
27176
msgid ""
27087
27177
"For example, if you have a large number of devices and want to multipath "
27088
27178
"only one of them (with the WWID of 3600d0230000000000e13955cc3757803), "
27100
27190
"</screen>"
27101
27191
msgstr ""
27102
27192
27103
#: serverguide/C/dm-multipath.xml:942(para)
27193
#: serverguide/C/dm-multipath.xml:941(para)
27104
27194
msgid ""
27105
27195
"When specifying devices in the <emphasis "
27106
27196
"role=\"bold\">blacklist_exceptions</emphasis> section of the configuration "
27112
27202
"only to devnode entries, and device exceptions apply only to device entries."
27113
27203
msgstr ""
27114
27204
27115
#: serverguide/C/dm-multipath.xml:955(title)
27205
#: serverguide/C/dm-multipath.xml:954(title)
27116
27206
msgid "Configuration File Defaults"
27117
27207
msgstr ""
27118
27208
27119
#: serverguide/C/dm-multipath.xml:957(para)
27209
#: serverguide/C/dm-multipath.xml:956(para)
27120
27210
msgid ""
27121
27211
"The <filename>/etc/multipath.conf</filename> configuration file includes a "
27122
27212
"<emphasis role=\"bold\">defaults</emphasis> section that sets the <emphasis "
27124
27214
"role=\"bold\">yes</emphasis>, as follows."
27125
27215
msgstr ""
27126
27216
27127
#: serverguide/C/dm-multipath.xml:962(screen)
27217
#: serverguide/C/dm-multipath.xml:961(screen)
27128
27218
#, no-wrap
27129
27219
msgid ""
27130
27220
"\n"
27133
27223
"}\n"
27134
27224
msgstr ""
27135
27225
27136
#: serverguide/C/dm-multipath.xml:968(para)
27226
#: serverguide/C/dm-multipath.xml:967(para)
27137
27227
msgid ""
27138
27228
"This overwrites the default value of the <emphasis "
27139
27229
"role=\"bold\">user_friendly_names</emphasis> parameter."
27140
27230
msgstr ""
27141
27231
27142
#: serverguide/C/dm-multipath.xml:971(para)
27232
#: serverguide/C/dm-multipath.xml:970(para)
27143
27233
msgid ""
27144
27234
"The configuration file includes a template of configuration defaults. This "
27145
27235
"section is commented out, as follows."
27146
27236
msgstr ""
27147
27237
27148
#: serverguide/C/dm-multipath.xml:974(screen)
27238
#: serverguide/C/dm-multipath.xml:973(screen)
27149
27239
#, no-wrap
27150
27240
msgid ""
27151
27241
"\n"
27166
27256
"#}\n"
27167
27257
msgstr ""
27168
27258
27169
#: serverguide/C/dm-multipath.xml:991(para)
27259
#: serverguide/C/dm-multipath.xml:990(para)
27170
27260
msgid ""
27171
27261
"To overwrite the default value for any of the configuration parameters, you "
27172
27262
"can copy the relevant line from this template into the <emphasis "
27179
27269
"uncomment it, as follows."
27180
27270
msgstr ""
27181
27271
27182
#: serverguide/C/dm-multipath.xml:1002(screen)
27272
#: serverguide/C/dm-multipath.xml:1001(screen)
27183
27273
#, no-wrap
27184
27274
msgid ""
27185
27275
"\n"
27189
27279
"}\n"
27190
27280
msgstr ""
27191
27281
27192
#: serverguide/C/dm-multipath.xml:1009(para)
27282
#: serverguide/C/dm-multipath.xml:1008(para)
27193
27283
msgid ""
27194
27284
"Table <xref endterm=\"config-defaults-table-title\" linkend=\"multipath-"
27195
27285
"config-defaults-table\"/> describes the attributes that are set in the "
27201
27291
"<filename>multipath.conf</filename> file."
27202
27292
msgstr ""
27203
27293
27204
#: serverguide/C/dm-multipath.xml:1023(title)
27294
#: serverguide/C/dm-multipath.xml:1022(title)
27205
27295
msgid "Configuration File Multipath Attributes"
27206
27296
msgstr ""
27207
27297
27208
#: serverguide/C/dm-multipath.xml:1026(para)
27298
#: serverguide/C/dm-multipath.xml:1025(para)
27209
27299
msgid ""
27210
27300
"Table <xref endterm=\"attributes-table-title\" linkend=\"multipath-"
27211
27301
"attributes-table\"/> shows the attributes that you can set in the <emphasis "
27217
27307
"role=\"bold\">devices</emphasis> sections of the multipath.conf file."
27218
27308
msgstr ""
27219
27309
27220
#: serverguide/C/dm-multipath.xml:1039(para)
27310
#: serverguide/C/dm-multipath.xml:1038(para)
27221
27311
msgid ""
27222
27312
"In addition, the following parameters may be overridden in this <emphasis "
27223
27313
"role=\"bold\">multipath</emphasis> section"
27224
27314
msgstr ""
27225
27315
27226
#: serverguide/C/dm-multipath.xml:1088(para)
27316
#: serverguide/C/dm-multipath.xml:1087(para)
27227
27317
msgid ""
27228
27318
"The following example shows multipath attributes specified in the "
27229
27319
"configuration file for two specific multipath devices. The first device has "
27238
27328
"are set to priorities."
27239
27329
msgstr ""
27240
27330
27241
#: serverguide/C/dm-multipath.xml:1098(screen)
27331
#: serverguide/C/dm-multipath.xml:1097(screen)
27242
27332
#, no-wrap
27243
27333
msgid ""
27244
27334
"\n"
27260
27350
"}\n"
27261
27351
msgstr ""
27262
27352
27263
#: serverguide/C/dm-multipath.xml:1119(title)
27353
#: serverguide/C/dm-multipath.xml:1118(title)
27264
27354
msgid "Configuration File Devices"
27265
27355
msgstr ""
27266
27356
27267
#: serverguide/C/dm-multipath.xml:1121(para)
27357
#: serverguide/C/dm-multipath.xml:1120(para)
27268
27358
msgid ""
27269
27359
"Table <xref endterm=\"device-attributes-table-title\" linkend=\"multipath-"
27270
27360
"device-attributes-table\"/> shows the attributes that you can set for each "
27278
27368
"<filename>multipath.conf</filename> file."
27279
27369
msgstr ""
27280
27370
27281
#: serverguide/C/dm-multipath.xml:1132(para)
27371
#: serverguide/C/dm-multipath.xml:1131(para)
27282
27372
msgid ""
27283
27373
"Many devices that support multipathing are included by default in a "
27284
27374
"multipath configuration. The values for the devices that are supported by "
27292
27382
"the device and override the values that you want to change."
27293
27383
msgstr ""
27294
27384
27295
#: serverguide/C/dm-multipath.xml:1144(para)
27385
#: serverguide/C/dm-multipath.xml:1143(para)
27296
27386
msgid ""
27297
27387
"To add a device to this section of the configuration file that is not "
27298
27388
"configured automatically by default, you must set the <emphasis "
27304
27394
"device_name is the device to be multipathed, as in the following example:"
27305
27395
msgstr ""
27306
27396
27307
#: serverguide/C/dm-multipath.xml:1154(screen)
27397
#: serverguide/C/dm-multipath.xml:1153(screen)
27308
27398
#, no-wrap
27309
27399
msgid ""
27310
27400
"\n"
27314
27404
"SF2372\n"
27315
27405
msgstr ""
27316
27406
27317
#: serverguide/C/dm-multipath.xml:1161(para)
27407
#: serverguide/C/dm-multipath.xml:1160(para)
27318
27408
msgid ""
27319
27409
"The additional parameters to specify depend on your specific device. If the "
27320
27410
"device is active/active, you will usually not need to set additional "
27327
27417
"table\"/>."
27328
27418
msgstr ""
27329
27419
27330
#: serverguide/C/dm-multipath.xml:1171(para)
27420
#: serverguide/C/dm-multipath.xml:1170(para)
27331
27421
msgid ""
27332
27422
"If the device is active/passive, but it automatically switches paths with "
27333
27423
"I/O to the passive path, you need to change the checker function to one that "
27338
27428
"the Test Unit Ready command, which most do."
27339
27429
msgstr ""
27340
27430
27341
#: serverguide/C/dm-multipath.xml:1180(para)
27431
#: serverguide/C/dm-multipath.xml:1179(para)
27342
27432
msgid ""
27343
27433
"If the device needs a special command to switch paths, then configuring this "
27344
27434
"device for multipath requires a hardware handler kernel module. The current "
27346
27436
"device, you may not be able to configure the device for multipath."
27347
27437
msgstr ""
27348
27438
27349
#: serverguide/C/dm-multipath.xml:1189(para)
27439
#: serverguide/C/dm-multipath.xml:1188(para)
27350
27440
msgid ""
27351
27441
"In addition, the following parameters may be overridden in this <emphasis "
27352
27442
"role=\"bold\">device</emphasis> section"
27353
27443
msgstr ""
27354
27444
27355
#: serverguide/C/dm-multipath.xml:1264(para)
27445
#: serverguide/C/dm-multipath.xml:1263(para)
27356
27446
msgid ""
27357
27447
"Whenever a hardware_handler is specified, it is your responsibility to "
27358
27448
"ensure that the appropriate kernel module is loaded to support the specified "
27366
27456
"# update-initramfs -u -k all</screen>"
27367
27457
msgstr ""
27368
27458
27369
#: serverguide/C/dm-multipath.xml:1275(para)
27459
#: serverguide/C/dm-multipath.xml:1274(para)
27370
27460
msgid ""
27371
27461
"The following example shows a device entry in the multipath configuration "
27372
27462
"file."
27373
27463
msgstr ""
27374
27464
27375
#: serverguide/C/dm-multipath.xml:1278(screen)
27465
#: serverguide/C/dm-multipath.xml:1277(screen)
27376
27466
#, no-wrap
27377
27467
msgid ""
27378
27468
"\n"
27387
27477
"#}\n"
27388
27478
msgstr ""
27389
27479
27390
#: serverguide/C/dm-multipath.xml:1290(para)
27480
#: serverguide/C/dm-multipath.xml:1289(para)
27391
27481
msgid ""
27392
27482
"The spacing reserved in the <emphasis role=\"bold\">vendor</emphasis>, "
27393
27483
"<emphasis role=\"bold\">product</emphasis>, and <emphasis "
27404
27494
"characters or spaces, as seen in the example above"
27405
27495
msgstr ""
27406
27496
27407
#: serverguide/C/dm-multipath.xml:1307(para)
27497
#: serverguide/C/dm-multipath.xml:1306(para)
27408
27498
msgid "vendor: 8 characters"
27409
27499
msgstr ""
27410
27500
27411
#: serverguide/C/dm-multipath.xml:1311(para)
27501
#: serverguide/C/dm-multipath.xml:1310(para)
27412
27502
msgid "product: 16 characters"
27413
27503
msgstr ""
27414
27504
27415
#: serverguide/C/dm-multipath.xml:1315(para)
27505
#: serverguide/C/dm-multipath.xml:1314(para)
27416
27506
msgid "revision: 4 characters"
27417
27507
msgstr ""
27418
27508
27419
#: serverguide/C/dm-multipath.xml:1319(para)
27509
#: serverguide/C/dm-multipath.xml:1318(para)
27420
27510
msgid ""
27421
27511
"To create a more robust configuration file, regular expressions can also be "
27422
27512
"used. Operators include <emphasis role=\"bold\">^ $ [ ] . * ? +</emphasis>. "
27425
27515
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27426
27516
msgstr ""
27427
27517
27428
#: serverguide/C/dm-multipath.xml:1326(screen)
27518
#: serverguide/C/dm-multipath.xml:1325(screen)
27429
27519
#, no-wrap
27430
27520
msgid "# echo 'show config' | multipathd -k"
27431
27521
msgstr ""
27432
27522
27433
#: serverguide/C/dm-multipath.xml:1331(title)
27523
#: serverguide/C/dm-multipath.xml:1330(title)
27434
27524
msgid "DM-Multipath Administration and Troubleshooting"
27435
27525
msgstr ""
27436
27526
27437
#: serverguide/C/dm-multipath.xml:1334(title)
27527
#: serverguide/C/dm-multipath.xml:1333(title)
27438
27528
msgid "Resizing an Online Multipath Device"
27439
27529
msgstr ""
27440
27530
27441
#: serverguide/C/dm-multipath.xml:1336(para)
27531
#: serverguide/C/dm-multipath.xml:1335(para)
27442
27532
msgid ""
27443
27533
"If you need to resize an online multipath device, use the following procedure"
27444
27534
msgstr ""
27445
27535
27446
#: serverguide/C/dm-multipath.xml:1341(para)
27536
#: serverguide/C/dm-multipath.xml:1340(para)
27447
27537
msgid "Resize your physical device. This is storage platform specific."
27448
27538
msgstr ""
27449
27539
27450
#: serverguide/C/dm-multipath.xml:1346(para)
27540
#: serverguide/C/dm-multipath.xml:1345(para)
27451
27541
msgid "Use the following command to find the paths to the LUN:"
27452
27542
msgstr ""
27453
27543
27454
#: serverguide/C/dm-multipath.xml:1348(screen)
27544
#: serverguide/C/dm-multipath.xml:1347(screen)
27455
27545
#, no-wrap
27456
27546
msgid "# multipath -l"
27457
27547
msgstr ""
27458
27548
27459
#: serverguide/C/dm-multipath.xml:1352(para)
27549
#: serverguide/C/dm-multipath.xml:1351(para)
27460
27550
msgid ""
27461
27551
"Resize your paths. For SCSI devices, writing 1 to the "
27462
27552
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27463
27553
"rescan, as in the following command:"
27464
27554
msgstr ""
27465
27555
27466
#: serverguide/C/dm-multipath.xml:1356(screen)
27556
#: serverguide/C/dm-multipath.xml:1355(screen)
27467
27557
#, no-wrap
27468
27558
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27469
27559
msgstr ""
27470
27560
27471
#: serverguide/C/dm-multipath.xml:1360(para)
27561
#: serverguide/C/dm-multipath.xml:1359(para)
27472
27562
msgid ""
27473
27563
"Resize your multipath device by running the multipathd resize command:"
27474
27564
msgstr ""
27475
27565
27476
#: serverguide/C/dm-multipath.xml:1363(screen)
27566
#: serverguide/C/dm-multipath.xml:1362(screen)
27477
27567
#, no-wrap
27478
27568
msgid "# multipathd -k 'resize map mpatha'"
27479
27569
msgstr ""
27480
27570
27481
#: serverguide/C/dm-multipath.xml:1367(para)
27571
#: serverguide/C/dm-multipath.xml:1366(para)
27482
27572
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27483
27573
msgstr ""
27484
27574
27485
#: serverguide/C/dm-multipath.xml:1370(screen)
27575
#: serverguide/C/dm-multipath.xml:1369(screen)
27486
27576
#, no-wrap
27487
27577
msgid "# resize2fs /dev/mapper/mpatha"
27488
27578
msgstr ""
27489
27579
27490
#: serverguide/C/dm-multipath.xml:1376(title)
27580
#: serverguide/C/dm-multipath.xml:1375(title)
27491
27581
msgid ""
27492
27582
"Moving root File Systems from a Single Path Device to a Multipath Device"
27493
27583
msgstr ""
27494
27584
27495
#: serverguide/C/dm-multipath.xml:1379(para)
27585
#: serverguide/C/dm-multipath.xml:1378(para)
27496
27586
msgid ""
27497
27587
"This is dramatically simplified by the use of UUIDs to identify devices as "
27498
27588
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27501
27591
"mounted by UUID."
27502
27592
msgstr ""
27503
27593
27504
#: serverguide/C/dm-multipath.xml:1386(para)
27594
#: serverguide/C/dm-multipath.xml:1385(para)
27505
27595
msgid ""
27506
27596
"Whenever <filename>multipath.conf</filename> is updated, so should the "
27507
27597
"initrd by executing <command>update-initramfs -u -k all</command>. The "
27510
27600
"blacklist and device sections."
27511
27601
msgstr ""
27512
27602
27513
#: serverguide/C/dm-multipath.xml:1395(title)
27603
#: serverguide/C/dm-multipath.xml:1394(title)
27514
27604
msgid ""
27515
27605
"Moving swap File Systems from a Single Path Device to a Multipath Device"
27516
27606
msgstr ""
27517
27607
27518
#: serverguide/C/dm-multipath.xml:1398(para)
27608
#: serverguide/C/dm-multipath.xml:1397(para)
27519
27609
msgid ""
27520
27610
"The procedure is exactly the same as illustrated in the previous section "
27521
27611
"called <link linkend=\"multipath-moving-rootfs-from-single-path-to-multipath-"
27523
27613
"Device</link>."
27524
27614
msgstr ""
27525
27615
27526
#: serverguide/C/dm-multipath.xml:1406(title)
27616
#: serverguide/C/dm-multipath.xml:1405(title)
27527
27617
msgid "The Multipath Daemon"
27528
27618
msgstr ""
27529
27619
27530
#: serverguide/C/dm-multipath.xml:1408(para)
27620
#: serverguide/C/dm-multipath.xml:1407(para)
27531
27621
msgid ""
27532
27622
"If you find you have trouble implementing a multipath configuration, you "
27533
27623
"should ensure the multipath daemon is running as described in <link "
27539
27629
"<command>multipathd</command> as a debugging aid."
27540
27630
msgstr ""
27541
27631
27542
#: serverguide/C/dm-multipath.xml:1448(title)
27632
#: serverguide/C/dm-multipath.xml:1447(title)
27543
27633
msgid "Issues with queue_if_no_path"
27544
27634
msgstr ""
27545
27635
27546
#: serverguide/C/dm-multipath.xml:1450(para)
27636
#: serverguide/C/dm-multipath.xml:1449(para)
27547
27637
msgid ""
27548
27638
"If <emphasis role=\"bold\">features \"1 queue_if_no_path\"</emphasis> is "
27549
27639
"specified in the <filename>/etc/multipath.conf</filename> file, then any "
27553
27643
"<filename>/etc/multipath.conf</filename>."
27554
27644
msgstr ""
27555
27645
27556
#: serverguide/C/dm-multipath.xml:1457(para)
27646
#: serverguide/C/dm-multipath.xml:1456(para)
27557
27647
msgid ""
27558
27648
"When you set the <emphasis role=\"bold\">no_path_retry</emphasis> parameter, "
27559
27649
"remove the <emphasis role=\"bold\">features \"1 "
27569
27659
"<filename>/etc/multipath.conf</filename> and editing to suit your needs."
27570
27660
msgstr ""
27571
27661
27572
#: serverguide/C/dm-multipath.xml:1471(para)
27662
#: serverguide/C/dm-multipath.xml:1470(para)
27573
27663
msgid ""
27574
27664
"If you need to use the <option>features \"1 queue_if_no_path\"</option> "
27575
27665
"option and you experience the issue noted here, use the "
27580
27670
"<option> \"fail_if_no_path\"</option>, execute the following command."
27581
27671
msgstr ""
27582
27672
27583
#: serverguide/C/dm-multipath.xml:1480(screen)
27673
#: serverguide/C/dm-multipath.xml:1479(screen)
27584
27674
#, no-wrap
27585
27675
msgid "# dmsetup message mpathc 0 \"fail_if_no_path\""
27586
27676
msgstr ""
27587
27677
27588
#: serverguide/C/dm-multipath.xml:1483(para)
27678
#: serverguide/C/dm-multipath.xml:1482(para)
27589
27679
msgid ""
27590
27680
"You must specify the <filename>mpathN</filename> alias rather than the path"
27591
27681
msgstr ""
27592
27682
27593
#: serverguide/C/dm-multipath.xml:1489(title)
27683
#: serverguide/C/dm-multipath.xml:1488(title)
27594
27684
msgid "Multipath Command Output"
27595
27685
msgstr ""
27596
27686
27597
#: serverguide/C/dm-multipath.xml:1491(para)
27687
#: serverguide/C/dm-multipath.xml:1490(para)
27598
27688
msgid ""
27599
27689
"When you create, modify, or list a multipath device, you get a printout of "
27600
27690
"the current device setup. The format is as follows. For each multipath "
27601
27691
"device:"
27602
27692
msgstr ""
27603
27693
27604
#: serverguide/C/dm-multipath.xml:1495(screen)
27694
#: serverguide/C/dm-multipath.xml:1494(screen)
27605
27695
#, no-wrap
27606
27696
msgid ""
27607
27697
" action_if_any: alias (wwid_if_different_from_alias) "
27610
27700
"wp=write_permission_if_known"
27611
27701
msgstr ""
27612
27702
27613
#: serverguide/C/dm-multipath.xml:1498(para)
27703
#: serverguide/C/dm-multipath.xml:1497(para)
27614
27704
msgid "For each path group:"
27615
27705
msgstr ""
27616
27706
27617
#: serverguide/C/dm-multipath.xml:1500(screen)
27707
#: serverguide/C/dm-multipath.xml:1499(screen)
27618
27708
#, no-wrap
27619
27709
msgid ""
27620
27710
" -+- policy='scheduling_policy' prio=prio_if_known\n"
27621
27711
" status=path_group_status_if_known"
27622
27712
msgstr ""
27623
27713
27624
#: serverguide/C/dm-multipath.xml:1503(para)
27714
#: serverguide/C/dm-multipath.xml:1502(para)
27625
27715
msgid "For each path:"
27626
27716
msgstr ""
27627
27717
27628
#: serverguide/C/dm-multipath.xml:1505(screen)
27718
#: serverguide/C/dm-multipath.xml:1504(screen)
27629
27719
#, no-wrap
27630
27720
msgid ""
27631
27721
" `- host:channel:id:lun devnode major:minor dm_status_if_known "
27633
27723
" online_status"
27634
27724
msgstr ""
27635
27725
27636
#: serverguide/C/dm-multipath.xml:1508(para)
27726
#: serverguide/C/dm-multipath.xml:1507(para)
27637
27727
msgid ""
27638
27728
"For example, the output of a multipath command might appear as follows:"
27639
27729
msgstr ""
27640
27730
27641
#: serverguide/C/dm-multipath.xml:1511(screen)
27731
#: serverguide/C/dm-multipath.xml:1510(screen)
27642
27732
#, no-wrap
27643
27733
msgid ""
27644
27734
" 3600d0230000000000e13955cc3757800 dm-1 WINSYS,SF2372\n"
27649
27739
" `- 7:0:0:0 sdf 8:80 active ready running"
27650
27740
msgstr ""
27651
27741
27652
#: serverguide/C/dm-multipath.xml:1518(para)
27742
#: serverguide/C/dm-multipath.xml:1517(para)
27653
27743
msgid ""
27654
27744
"If the path is up and ready for I/O, the status of the path is <emphasis "
27655
27745
"role=\"bold\">ready</emphasis> or <emphasis "
27660
27750
"defined in the <filename>/etc/multipath.conf</filename> file."
27661
27751
msgstr ""
27662
27752
27663
#: serverguide/C/dm-multipath.xml:1526(para)
27753
#: serverguide/C/dm-multipath.xml:1525(para)
27664
27754
msgid ""
27665
27755
"The dm status is similar to the path status, but from the kernel's point of "
27666
27756
"view. The dm status has two states: <emphasis "
27671
27761
"not agree."
27672
27762
msgstr ""
27673
27763
27674
#: serverguide/C/dm-multipath.xml:1534(para)
27764
#: serverguide/C/dm-multipath.xml:1533(para)
27675
27765
msgid ""
27676
27766
"The possible values for <emphasis role=\"bold\">online_status</emphasis> are "
27677
27767
"<emphasis role=\"bold\">running</emphasis> and <emphasis "
27680
27770
"disabled."
27681
27771
msgstr ""
27682
27772
27683
#: serverguide/C/dm-multipath.xml:1542(para)
27773
#: serverguide/C/dm-multipath.xml:1541(para)
27684
27774
msgid ""
27685
27775
"When a multipath device is being created or modified , the path group "
27686
27776
"status, the dm device name, the write permissions, and the dm status are not "
27687
27777
"known. Also, the features are not always correct"
27688
27778
msgstr ""
27689
27779
27690
#: serverguide/C/dm-multipath.xml:1549(title)
27780
#: serverguide/C/dm-multipath.xml:1548(title)
27691
27781
msgid "Multipath Queries with multipath Command"
27692
27782
msgstr ""
27693
27783
27694
#: serverguide/C/dm-multipath.xml:1551(para)
27784
#: serverguide/C/dm-multipath.xml:1550(para)
27695
27785
msgid ""
27696
27786
"You can use the <emphasis role=\"bold\">-l </emphasis>and <emphasis "
27697
27787
"role=\"bold\">-ll</emphasis> options of the <emphasis "
27703
27793
"available components of the system."
27704
27794
msgstr ""
27705
27795
27706
#: serverguide/C/dm-multipath.xml:1560(para)
27796
#: serverguide/C/dm-multipath.xml:1559(para)
27707
27797
msgid ""
27708
27798
"When displaying the multipath configuration, there are three verbosity "
27709
27799
"levels you can specify with the <emphasis role=\"bold\">-v</emphasis> option "
27714
27804
"v2</emphasis> prints all detected paths, multipaths, and device maps."
27715
27805
msgstr ""
27716
27806
27717
#: serverguide/C/dm-multipath.xml:1570(para)
27807
#: serverguide/C/dm-multipath.xml:1569(para)
27718
27808
msgid ""
27719
27809
"The default <emphasis role=\"bold\">verbosity</emphasis> level of multipath "
27720
27810
"is <emphasis role=\"bold\">2</emphasis> and can be globally modified by "
27723
27813
"of <filename>multipath.conf</filename>."
27724
27814
msgstr ""
27725
27815
27726
#: serverguide/C/dm-multipath.xml:1577(para)
27816
#: serverguide/C/dm-multipath.xml:1576(para)
27727
27817
msgid ""
27728
27818
"The following example shows the output of a <emphasis "
27729
27819
"role=\"bold\">multipath -l</emphasis> command."
27730
27820
msgstr ""
27731
27821
27732
#: serverguide/C/dm-multipath.xml:1580(screen)
27822
#: serverguide/C/dm-multipath.xml:1579(screen)
27733
27823
#, no-wrap
27734
27824
msgid ""
27735
27825
"# multipath -l\n"
27741
27831
" `- 7:0:0:0 sdf 8:80 active ready running"
27742
27832
msgstr ""
27743
27833
27744
#: serverguide/C/dm-multipath.xml:1588(para)
27834
#: serverguide/C/dm-multipath.xml:1587(para)
27745
27835
msgid ""
27746
27836
"The following example shows the output of a <emphasis "
27747
27837
"role=\"bold\">multipath -ll</emphasis> command."
27748
27838
msgstr ""
27749
27839
27750
#: serverguide/C/dm-multipath.xml:1591(screen)
27840
#: serverguide/C/dm-multipath.xml:1590(screen)
27751
27841
#, no-wrap
27752
27842
msgid ""
27753
27843
"# multipath -ll\n"
27764
27854
" `- 18:0:0:3 sdj 8:144 active ready running"
27765
27855
msgstr ""
27766
27856
27767
#: serverguide/C/dm-multipath.xml:1606(title)
27857
#: serverguide/C/dm-multipath.xml:1605(title)
27768
27858
msgid "Multipath Command Options"
27769
27859
msgstr ""
27770
27860
27771
#: serverguide/C/dm-multipath.xml:1608(para)
27861
#: serverguide/C/dm-multipath.xml:1607(para)
27772
27862
msgid ""
27773
27863
"Table <xref endterm=\"useful-multipath-command-options-title\" "
27774
27864
"linkend=\"useful-multipath-command-options\"/> describes some options of the "
27776
27866
"useful."
27777
27867
msgstr ""
27778
27868
27779
#: serverguide/C/dm-multipath.xml:1614(title)
27869
#: serverguide/C/dm-multipath.xml:1613(title)
27780
27870
msgid "Useful multipath Command Options"
27781
27871
msgstr ""
27782
27872
27783
#: serverguide/C/dm-multipath.xml:1623(entry)
27873
#: serverguide/C/dm-multipath.xml:1622(entry)
27784
27874
msgid "Option"
27785
27875
msgstr ""
27786
27876
27787
#: serverguide/C/dm-multipath.xml:1630(emphasis)
27877
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27788
27878
msgid "-l"
27789
27879
msgstr ""
27790
27880
27791
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
27881
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27792
27882
msgid "sysfs"
27793
27883
msgstr ""
27794
27884
27795
#: serverguide/C/dm-multipath.xml:1631(entry)
27885
#: serverguide/C/dm-multipath.xml:1630(entry)
27796
27886
msgid ""
27797
27887
"Display the current multipath configuration gathered from <placeholder-1/> "
27798
27888
"and the device mapper."
27799
27889
msgstr ""
27800
27890
27801
#: serverguide/C/dm-multipath.xml:1637(emphasis)
27891
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27802
27892
msgid "-ll"
27803
27893
msgstr ""
27804
27894
27805
#: serverguide/C/dm-multipath.xml:1638(entry)
27895
#: serverguide/C/dm-multipath.xml:1637(entry)
27806
27896
msgid ""
27807
27897
"Display the current multipath configuration gathered from <placeholder-1/>, "
27808
27898
"the device mapper, and all other available components on the system."
27809
27899
msgstr ""
27810
27900
27811
#: serverguide/C/dm-multipath.xml:1644(emphasis)
27901
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27812
27902
msgid "-f device"
27813
27903
msgstr ""
27814
27904
27815
#: serverguide/C/dm-multipath.xml:1645(entry)
27905
#: serverguide/C/dm-multipath.xml:1644(entry)
27816
27906
msgid "Remove the named multipath device."
27817
27907
msgstr ""
27818
27908
27819
#: serverguide/C/dm-multipath.xml:1649(emphasis)
27909
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27820
27910
msgid "-F"
27821
27911
msgstr ""
27822
27912
27823
#: serverguide/C/dm-multipath.xml:1650(entry)
27913
#: serverguide/C/dm-multipath.xml:1649(entry)
27824
27914
msgid "Remove all unused multipath devices."
27825
27915
msgstr ""
27826
27916
27827
#: serverguide/C/dm-multipath.xml:1658(title)
27917
#: serverguide/C/dm-multipath.xml:1657(title)
27828
27918
msgid "Determining Device Mapper Entries with dmsetup Command"
27829
27919
msgstr ""
27830
27920
27831
#: serverguide/C/dm-multipath.xml:1660(para)
27921
#: serverguide/C/dm-multipath.xml:1659(para)
27832
27922
msgid ""
27833
27923
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27834
27924
"out which device mapper entries match the <emphasis "
27835
27925
"role=\"bold\">multipathed</emphasis> devices."
27836
27926
msgstr ""
27837
27927
27838
#: serverguide/C/dm-multipath.xml:1664(para)
27928
#: serverguide/C/dm-multipath.xml:1663(para)
27839
27929
msgid ""
27840
27930
"The following command displays all the device mapper devices and their major "
27841
27931
"and minor numbers. The minor numbers determine the name of the dm device. "
27844
27934
"role=\"bold\"><filename>/dev/dm-3</filename></emphasis>."
27845
27935
msgstr ""
27846
27936
27847
#: serverguide/C/dm-multipath.xml:1670(screen)
27937
#: serverguide/C/dm-multipath.xml:1669(screen)
27848
27938
#, no-wrap
27849
27939
msgid ""
27850
27940
"\n"
27867
27957
" "
27868
27958
msgstr ""
27869
27959
27870
#: serverguide/C/dm-multipath.xml:1691(title)
27960
#: serverguide/C/dm-multipath.xml:1690(title)
27871
27961
msgid "Troubleshooting with the multipathd interactive console"
27872
27962
msgstr ""
27873
27963
27874
#: serverguide/C/dm-multipath.xml:1693(para)
27964
#: serverguide/C/dm-multipath.xml:1692(para)
27875
27965
msgid ""
27876
27966
"The <emphasis role=\"bold\">multipathd -k</emphasis> command is an "
27877
27967
"interactive interface to the <emphasis role=\"bold\">multipathd</emphasis> "
27881
27971
"role=\"bold\">CTRL-D</emphasis> to quit."
27882
27972
msgstr ""
27883
27973
27884
#: serverguide/C/dm-multipath.xml:1700(para)
27974
#: serverguide/C/dm-multipath.xml:1699(para)
27885
27975
msgid ""
27886
27976
"The multipathd interactive console can be used to troubleshoot problems you "
27887
27977
"may be having with your system. For example, the following command sequence "
27891
27981
"Multipathd\"</ulink> for more examples."
27892
27982
msgstr ""
27893
27983
27894
#: serverguide/C/dm-multipath.xml:1707(screen)
27984
#: serverguide/C/dm-multipath.xml:1706(screen)
27895
27985
#, no-wrap
27896
27986
msgid ""
27897
27987
"# multipathd -k\n"
27899
27989
" > > CTRL-D"
27900
27990
msgstr ""
27901
27991
27902
#: serverguide/C/dm-multipath.xml:1711(para)
27992
#: serverguide/C/dm-multipath.xml:1710(para)
27903
27993
msgid ""
27904
27994
"The following command sequence ensures that multipath has picked up any "
27905
27995
"changes to the multipath.conf,"
27906
27996
msgstr ""
27907
27997
27908
#: serverguide/C/dm-multipath.xml:1714(screen)
27998
#: serverguide/C/dm-multipath.xml:1713(screen)
27909
27999
#, no-wrap
27910
28000
msgid ""
27911
28001
"\n"
27914
28004
"> > CTRL-D\n"
27915
28005
msgstr ""
27916
28006
27917
#: serverguide/C/dm-multipath.xml:1720(para)
28007
#: serverguide/C/dm-multipath.xml:1719(para)
27918
28008
msgid ""
27919
28009
"Use the following command sequence to ensure that the path checker is "
27920
28010
"working properly."
27921
28011
msgstr ""
27922
28012
27923
#: serverguide/C/dm-multipath.xml:1723(screen)
28013
#: serverguide/C/dm-multipath.xml:1722(screen)
27924
28014
#, no-wrap
27925
28015
msgid ""
27926
28016
"\n"
27929
28019
"> > CTRL-D\n"
27930
28020
msgstr ""
27931
28021
27932
#: serverguide/C/dm-multipath.xml:1729(para)
28022
#: serverguide/C/dm-multipath.xml:1728(para)
27933
28023
msgid ""
27934
28024
"Commands can also be streamed into multipathd using stdin like so:<screen># "
27935
28025
"echo 'show config' | multipathd -k</screen>"
27943
28033
msgid "Ubuntu provides two popular database servers. They are:"
27944
28034
msgstr ""
27945
28035
27946
#: serverguide/C/virtualization.xml:832(para) serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
28036
#: serverguide/C/databases.xml:17(trademark) serverguide/C/databases.xml:29(title)
27947
28037
msgid "MySQL"
27948
28038
msgstr "MySQL"
27949
28039
27950
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:300(title)
28040
#: serverguide/C/databases.xml:20(application) serverguide/C/databases.xml:293(title)
27951
28041
msgid "PostgreSQL"
27952
28042
msgstr ""
27953
28043
27968
28058
msgid "To install MySQL, run the following command from a terminal prompt:"
27969
28059
msgstr ""
27970
28060
27971
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
28061
#: serverguide/C/databases.xml:42(command)
27972
28062
msgid "sudo apt-get install mysql-server"
27973
28063
msgstr ""
27974
28064
27975
#: serverguide/C/databases.xml:51(para)
28065
#: serverguide/C/databases.xml:44(para)
27976
28066
msgid ""
27977
28067
"During the installation process you will be prompted to enter a password for "
27978
28068
"the MySQL root user."
27979
28069
msgstr ""
27980
28070
27981
#: serverguide/C/databases.xml:55(para)
28071
#: serverguide/C/databases.xml:48(para)
27982
28072
msgid ""
27983
28073
"Once the installation is complete, the MySQL server should be started "
27984
28074
"automatically. You can run the following command from a terminal prompt to "
27985
28075
"check whether the MySQL server is running:"
27986
28076
msgstr ""
27987
28077
27988
#: serverguide/C/databases.xml:62(command)
28078
#: serverguide/C/databases.xml:55(command)
27989
28079
msgid "sudo netstat -tap | grep mysql"
27990
28080
msgstr ""
27991
28081
27992
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
28082
#: serverguide/C/databases.xml:58(para)
27993
28083
msgid ""
27994
28084
"When you run this command, you should see the following line or something "
27995
28085
"similar:"
27996
28086
msgstr ""
27997
28087
27998
#: serverguide/C/databases.xml:69(programlisting)
28088
#: serverguide/C/databases.xml:62(programlisting)
27999
28089
#, no-wrap
28000
28090
msgid ""
28001
28091
"\n"
28003
28093
"2556/mysqld\n"
28004
28094
msgstr ""
28005
28095
28006
#: serverguide/C/databases.xml:72(para)
28096
#: serverguide/C/databases.xml:65(para)
28007
28097
msgid ""
28008
28098
"If the server is not running correctly, you can type the following command "
28009
28099
"to start it:"
28010
28100
msgstr ""
28011
28101
28012
#: serverguide/C/databases.xml:76(command) serverguide/C/databases.xml:100(command)
28102
#: serverguide/C/databases.xml:69(command) serverguide/C/databases.xml:93(command)
28013
28103
msgid "sudo service mysql restart"
28014
28104
msgstr ""
28015
28105
28016
#: serverguide/C/databases.xml:81(para)
28106
#: serverguide/C/databases.xml:74(para)
28017
28107
msgid ""
28018
28108
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
28019
28109
"the basic settings -- log file, port number, etc. For example, to configure "
28021
28111
"<emphasis>bind-address</emphasis> directive to the server's IP address:"
28022
28112
msgstr ""
28023
28113
28024
#: serverguide/C/databases.xml:87(programlisting)
28114
#: serverguide/C/databases.xml:80(programlisting)
28025
28115
#, no-wrap
28026
28116
msgid ""
28027
28117
"\n"
28028
28118
"bind-address = 192.168.0.5\n"
28029
28119
msgstr ""
28030
28120
28031
#: serverguide/C/databases.xml:91(para)
28121
#: serverguide/C/databases.xml:84(para)
28032
28122
msgid "Replace 192.168.0.5 with the appropriate address."
28033
28123
msgstr ""
28034
28124
28035
#: serverguide/C/databases.xml:95(para)
28125
#: serverguide/C/databases.xml:88(para)
28036
28126
msgid ""
28037
28127
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28038
28128
"daemon will need to be restarted:"
28039
28129
msgstr ""
28040
28130
28041
#: serverguide/C/databases.xml:102(para)
28131
#: serverguide/C/databases.xml:95(para)
28042
28132
msgid ""
28043
28133
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28044
28134
"a terminal enter:"
28045
28135
msgstr ""
28046
28136
28047
#: serverguide/C/databases.xml:107(command)
28137
#: serverguide/C/databases.xml:100(command)
28048
28138
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28049
28139
msgstr ""
28050
28140
28051
#: serverguide/C/databases.xml:109(para)
28141
#: serverguide/C/databases.xml:102(para)
28052
28142
msgid ""
28053
28143
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28054
28144
"password."
28055
28145
msgstr ""
28056
28146
28057
#: serverguide/C/databases.xml:114(title)
28147
#: serverguide/C/databases.xml:107(title)
28058
28148
msgid "Database Engines"
28059
28149
msgstr ""
28060
28150
28061
#: serverguide/C/databases.xml:115(para)
28151
#: serverguide/C/databases.xml:108(para)
28062
28152
msgid ""
28063
28153
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28064
28154
"perfectly functional and performs well there are things you may wish to "
28065
28155
"consider before you proceed."
28066
28156
msgstr ""
28067
28157
28068
#: serverguide/C/databases.xml:119(para)
28158
#: serverguide/C/databases.xml:112(para)
28069
28159
msgid ""
28070
28160
"MySQL is designed to allow data to be stored in different ways. These "
28071
28161
"methods are referred to as either database or storage engines. There are two "
28075
28165
"use, you will interact with the database in the same way."
28076
28166
msgstr ""
28077
28167
28078
#: serverguide/C/databases.xml:126(para)
28168
#: serverguide/C/databases.xml:119(para)
28079
28169
msgid "Each engine has its own advantages and disadvantages."
28080
28170
msgstr ""
28081
28171
28082
#: serverguide/C/databases.xml:129(para)
28172
#: serverguide/C/databases.xml:122(para)
28083
28173
msgid ""
28084
28174
"While it is possible, and may be advantageous to mix and match database "
28085
28175
"engines on a table level, doing so reduces the effectiveness of the "
28087
28177
"two engines instead of dedicating them to one."
28088
28178
msgstr ""
28089
28179
28090
#: serverguide/C/databases.xml:136(para)
28180
#: serverguide/C/databases.xml:129(para)
28091
28181
msgid ""
28092
28182
"MyISAM is the older of the two. It can be faster than InnoDB under certain "
28093
28183
"circumstances and favours a read only workload. Some web applications have "
28103
28193
"production/\">MyISAM on a production database</ulink>."
28104
28194
msgstr ""
28105
28195
28106
#: serverguide/C/databases.xml:150(para)
28196
#: serverguide/C/databases.xml:143(para)
28107
28197
msgid ""
28108
28198
"InnoDB is a more modern database engine, designed to be <ulink "
28109
28199
"url=\"http://en.wikipedia.org/wiki/ACID\">ACID compliant</ulink> which "
28116
28206
"reliable data recovery as data consistency can be checked."
28117
28207
msgstr ""
28118
28208
28119
#: serverguide/C/databases.xml:163(para)
28209
#: serverguide/C/databases.xml:156(para)
28120
28210
msgid ""
28121
28211
"As of MySQL 5.5 InnoDB is the default engine, and is highly recommended over "
28122
28212
"MyISAM unless you have specific need for features unique to the engine."
28123
28213
msgstr ""
28124
28214
28125
#: serverguide/C/databases.xml:170(title)
28215
#: serverguide/C/databases.xml:163(title)
28126
28216
msgid "Creating a tuned my.cnf file"
28127
28217
msgstr ""
28128
28218
28129
#: serverguide/C/databases.xml:171(para)
28219
#: serverguide/C/databases.xml:164(para)
28130
28220
msgid ""
28131
28221
"There are a number of parameters that can be adjusted within MySQL's "
28132
28222
"configuration file that will allow you to improve the performance of the "
28179
28269
"</screen> Once that is complete all is good to go!"
28180
28270
msgstr ""
28181
28271
28182
#: serverguide/C/databases.xml:213(para)
28272
#: serverguide/C/databases.xml:206(para)
28183
28273
msgid ""
28184
28274
"This is not necessary for all my.cnf changes. Most of the variables you may "
28185
28275
"wish to change to improve performance are adjustable even whilst the server "
28187
28277
"files and data before making changes."
28188
28278
msgstr ""
28189
28279
28190
#: serverguide/C/databases.xml:222(title)
28280
#: serverguide/C/databases.xml:215(title)
28191
28281
msgid "MySQL Tuner"
28192
28282
msgstr ""
28193
28283
28194
#: serverguide/C/databases.xml:223(para)
28284
#: serverguide/C/databases.xml:216(para)
28195
28285
msgid ""
28196
28286
"<application>MySQL Tuner</application> is a useful tool that will connect to "
28197
28287
"a running MySQL instance and offer suggestions for how it can be best "
28223
28313
"</screen>"
28224
28314
msgstr ""
28225
28315
28226
#: serverguide/C/databases.xml:257(para)
28316
#: serverguide/C/databases.xml:250(para)
28227
28317
msgid ""
28228
28318
"One final comment on tuning databases: Whilst we can broadly say that "
28229
28319
"certain settings are the best, performance can vary from application to "
28238
28328
"either using more powerful hardware or by adding slave servers."
28239
28329
msgstr ""
28240
28330
28241
#: serverguide/C/databases.xml:274(para)
28331
#: serverguide/C/databases.xml:267(para)
28242
28332
msgid ""
28243
28333
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
28244
28334
"more information."
28245
28335
msgstr ""
28246
28336
28247
#: serverguide/C/databases.xml:279(para)
28337
#: serverguide/C/databases.xml:272(para)
28248
28338
msgid ""
28249
28339
"Full documentation is available in both online and offline formats from the "
28250
28340
"<ulink url=\"http://dev.mysql.com/doc/\"> MySQL Developers portal</ulink>"
28251
28341
msgstr ""
28252
28342
28253
#: serverguide/C/databases.xml:285(para)
28343
#: serverguide/C/databases.xml:278(para)
28254
28344
msgid ""
28255
28345
"For general SQL information see <ulink "
28256
28346
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\"> Using "
28257
28347
"SQL Special Edition</ulink> by Rafe Colburn."
28258
28348
msgstr ""
28259
28349
28260
#: serverguide/C/databases.xml:291(para)
28350
#: serverguide/C/databases.xml:284(para)
28261
28351
msgid ""
28262
28352
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
28263
28353
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
28276
28366
"in the command prompt:"
28277
28367
msgstr ""
28278
28368
28279
#: serverguide/C/databases.xml:314(command)
28369
#: serverguide/C/databases.xml:307(command)
28280
28370
msgid "sudo apt-get install postgresql"
28281
28371
msgstr ""
28282
28372
28323
28413
"<filename>/etc/postgresql/9.1/main/postgresql.conf</filename>"
28324
28414
msgstr ""
28325
28415
28326
#: serverguide/C/databases.xml:346(para)
28416
#: serverguide/C/databases.xml:339(para)
28327
28417
msgid ""
28328
28418
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
28329
28419
"change it to:"
28355
28445
"default <application>PostgreSQL</application> template database:"
28356
28446
msgstr ""
28357
28447
28358
#: serverguide/C/databases.xml:370(command)
28448
#: serverguide/C/databases.xml:362(command)
28359
28449
msgid "sudo -u postgres psql template1"
28360
28450
msgstr ""
28361
28451
28369
28459
"user <emphasis role=\"italics\">postgres</emphasis>."
28370
28460
msgstr ""
28371
28461
28372
#: serverguide/C/databases.xml:380(command)
28462
#: serverguide/C/databases.xml:372(command)
28373
28463
msgid "ALTER USER postgres with encrypted password 'your_password';"
28374
28464
msgstr ""
28375
28465
28381
28471
"<emphasis>postgres</emphasis> user:"
28382
28472
msgstr ""
28383
28473
28384
#: serverguide/C/databases.xml:388(programlisting)
28474
#: serverguide/C/databases.xml:380(programlisting)
28385
28475
#, no-wrap
28386
28476
msgid ""
28387
28477
"\n"
28388
28478
"local all postgres md5\n"
28389
28479
msgstr ""
28390
28480
28391
#: serverguide/C/databases.xml:392(para)
28481
#: serverguide/C/databases.xml:384(para)
28392
28482
msgid ""
28393
28483
"Finally, you should restart the <application>PostgreSQL</application> "
28394
28484
"service to initialize the new configuration. From a terminal prompt enter "
28424
28514
msgid "Replace the domain name with your actual server domain name."
28425
28515
msgstr ""
28426
28516
28427
#: serverguide/C/backups.xml:11(title)
28517
#: serverguide/C/databases.xml:413(title) serverguide/C/backups.xml:11(title)
28428
28518
msgid "Backups"
28429
28519
msgstr "Salvaments"
28430
28520
28455
28545
"9.1/html/index.html</command> into the address bar of your browser."
28456
28546
msgstr ""
28457
28547
28458
#: serverguide/C/databases.xml:426(para)
28548
#: serverguide/C/databases.xml:436(para)
28459
28549
msgid ""
28460
28550
"For general SQL information see <ulink "
28461
28551
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
28462
28552
"Special Edition</ulink> by Rafe Colburn."
28463
28553
msgstr ""
28464
28554
28465
#: serverguide/C/databases.xml:432(para)
28555
#: serverguide/C/databases.xml:442(para)
28466
28556
msgid ""
28467
28557
"Also, see the <ulink "
28468
28558
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
29108
29198
#: serverguide/C/cgroups.xml:113(para)
29109
29199
msgid ""
29110
29200
"and tasks can be moved into the new child cgroup by writing their process "
29111
"ids into the 'tasks' or 'cgroup.procs' file:"
29201
"IDs into the 'tasks' or 'cgroup.procs' file:"
29112
29202
msgstr ""
29113
29203
29114
29204
#: serverguide/C/cgroups.xml:118(command)
29115
msgid "sleep 100 echo $! > /cgroup1/child1/cgroup.procs"
29205
msgid "sleep 100 & echo $! > /cgroup1/child1/cgroup.procs"
29116
29206
msgstr ""
29117
29207
29118
29208
#: serverguide/C/cgroups.xml:123(para)
29276
29366
#, no-wrap
29277
29367
msgid ""
29278
29368
"\n"
29279
"#!/bin/sh\n"
29369
"#!/bin/bash\n"
29280
29370
"####################################\n"
29281
29371
"#\n"
29282
29372
"# Backup to NFS mount script.\n"
29401
29491
#: serverguide/C/backups.xml:153(para)
29402
29492
msgid ""
29403
29493
"The simplest way of executing the above backup script is to copy and paste "
29404
"the contents into a file. <filename>backup.sh</filename> for example. Then "
29405
"from a terminal prompt:"
29494
"the contents into a file. <filename>backup.sh</filename> for example. The "
29495
"file must be made executable:"
29406
29496
msgstr ""
29407
29497
29408
29498
#: serverguide/C/backups.xml:158(command)
29409
msgid "sudo bash backup.sh"
29410
msgstr "sudo bash backup.sh"
29499
msgid "chmod u+x backup.sh"
29500
msgstr ""
29411
29501
29412
29502
#: serverguide/C/backups.xml:160(para)
29503
msgid "Then from a terminal prompt:"
29504
msgstr ""
29505
29506
#: serverguide/C/backups.xml:164(command)
29507
msgid "sudo ./backup.sh"
29508
msgstr ""
29509
29510
#: serverguide/C/backups.xml:166(para)
29413
29511
msgid ""
29414
29512
"This is a great way to test the script to make sure everything works as "
29415
29513
"expected."
29416
29514
msgstr ""
29417
29515
29418
#: serverguide/C/backups.xml:165(title)
29516
#: serverguide/C/backups.xml:171(title)
29419
29517
msgid "Executing with cron"
29420
29518
msgstr "Execucion amb cron"
29421
29519
29422
#: serverguide/C/backups.xml:166(para)
29520
#: serverguide/C/backups.xml:172(para)
29423
29521
msgid ""
29424
29522
"The <application>cron</application> utility can be used to automate the "
29425
29523
"script execution. The <application>cron</application> daemon allows the "
29426
29524
"execution of scripts, or commands, at a specified time and date."
29427
29525
msgstr ""
29428
29526
29429
#: serverguide/C/backups.xml:170(para)
29527
#: serverguide/C/backups.xml:176(para)
29430
29528
msgid ""
29431
29529
"<application>cron</application> is configured through entries in a "
29432
29530
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
29433
29531
"separated into fields:"
29434
29532
msgstr ""
29435
29533
29436
#: serverguide/C/backups.xml:174(programlisting)
29534
#: serverguide/C/backups.xml:180(programlisting)
29437
29535
#, no-wrap
29438
29536
msgid ""
29439
29537
"\n"
29440
29538
"# m h dom mon dow command\n"
29441
29539
msgstr ""
29442
29540
29443
#: serverguide/C/backups.xml:179(para)
29541
#: serverguide/C/backups.xml:185(para)
29444
29542
msgid ""
29445
29543
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29446
29544
msgstr ""
29447
29545
29448
#: serverguide/C/backups.xml:184(para)
29546
#: serverguide/C/backups.xml:190(para)
29449
29547
msgid ""
29450
29548
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29451
29549
msgstr ""
29452
29550
29453
#: serverguide/C/backups.xml:189(para)
29551
#: serverguide/C/backups.xml:195(para)
29454
29552
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29455
29553
msgstr ""
29456
29554
29457
#: serverguide/C/backups.xml:194(para)
29555
#: serverguide/C/backups.xml:200(para)
29458
29556
msgid ""
29459
29557
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29460
29558
"12."
29461
29559
msgstr ""
29462
29560
29463
#: serverguide/C/backups.xml:199(para)
29561
#: serverguide/C/backups.xml:205(para)
29464
29562
msgid ""
29465
29563
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29466
29564
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29467
29565
"valid."
29468
29566
msgstr ""
29469
29567
29470
#: serverguide/C/backups.xml:204(para)
29568
#: serverguide/C/backups.xml:210(para)
29471
29569
msgid "<emphasis>command:</emphasis> the command to execute."
29472
29570
msgstr ""
29473
29571
29474
#: serverguide/C/backups.xml:209(para)
29572
#: serverguide/C/backups.xml:215(para)
29475
29573
msgid ""
29476
29574
"To add or change entries in a <filename>crontab</filename> file the "
29477
29575
"<application>crontab -e</application> command should be used. Also, the "
29479
29577
"<application>crontab -l</application> command."
29480
29578
msgstr ""
29481
29579
29482
#: serverguide/C/backups.xml:213(para)
29580
#: serverguide/C/backups.xml:219(para)
29483
29581
msgid ""
29484
29582
"To execute the <application>backup.sh</application> script listed above "
29485
29583
"using <application>cron</application>. Enter the following from a terminal "
29486
29584
"prompt:"
29487
29585
msgstr ""
29488
29586
29489
#: serverguide/C/backups.xml:218(command)
29587
#: serverguide/C/backups.xml:224(command)
29490
29588
msgid "sudo crontab -e"
29491
29589
msgstr "sudo crontab -e"
29492
29590
29493
#: serverguide/C/backups.xml:221(para)
29591
#: serverguide/C/backups.xml:227(para)
29494
29592
msgid ""
29495
29593
"Using <application>sudo</application> with the <application>crontab -"
29496
29594
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
29498
29596
"access to."
29499
29597
msgstr ""
29500
29598
29501
#: serverguide/C/backups.xml:226(para)
29599
#: serverguide/C/backups.xml:232(para)
29502
29600
msgid "Add the following entry to the <filename>crontab</filename> file:"
29503
29601
msgstr ""
29504
29602
29505
#: serverguide/C/backups.xml:229(programlisting)
29603
#: serverguide/C/backups.xml:235(programlisting)
29506
29604
#, no-wrap
29507
29605
msgid ""
29508
29606
"\n"
29510
29608
"0 0 * * * bash /usr/local/bin/backup.sh\n"
29511
29609
msgstr ""
29512
29610
29513
#: serverguide/C/backups.xml:233(para)
29611
#: serverguide/C/backups.xml:239(para)
29514
29612
msgid ""
29515
29613
"The <application>backup.sh</application> script will now be executed every "
29516
29614
"day at 12:00 am."
29517
29615
msgstr ""
29518
29616
29519
#: serverguide/C/backups.xml:237(para)
29617
#: serverguide/C/backups.xml:243(para)
29520
29618
msgid ""
29521
29619
"The <application>backup.sh</application> script will need to be copied to "
29522
29620
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
29524
29622
"simply change the script path appropriately."
29525
29623
msgstr ""
29526
29624
29527
#: serverguide/C/backups.xml:242(para)
29625
#: serverguide/C/backups.xml:248(para)
29528
29626
msgid ""
29529
29627
"For more in-depth <application>crontab</application> options see <xref "
29530
29628
"linkend=\"backup-shellscript-references\"/>."
29531
29629
msgstr ""
29532
29630
29533
#: serverguide/C/backups.xml:248(title)
29631
#: serverguide/C/backups.xml:254(title)
29534
29632
msgid "Restoring from the Archive"
29535
29633
msgstr ""
29536
29634
29537
#: serverguide/C/backups.xml:249(para)
29635
#: serverguide/C/backups.xml:255(para)
29538
29636
msgid ""
29539
29637
"Once an archive has been created it is important to test the archive. The "
29540
29638
"archive can be tested by listing the files it contains, but the best test is "
29541
29639
"to <emphasis>restore</emphasis> a file from the archive."
29542
29640
msgstr ""
29543
29641
29544
#: serverguide/C/backups.xml:255(para)
29642
#: serverguide/C/backups.xml:261(para)
29545
29643
msgid ""
29546
29644
"To see a listing of the archive contents. From a terminal prompt type:"
29547
29645
msgstr ""
29548
29646
29549
#: serverguide/C/backups.xml:259(command)
29647
#: serverguide/C/backups.xml:265(command)
29550
29648
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29551
29649
msgstr "tar -tzvf /mnt/backup/host-Monday.tgz"
29552
29650
29553
#: serverguide/C/backups.xml:263(para)
29651
#: serverguide/C/backups.xml:269(para)
29554
29652
msgid "To restore a file from the archive to a different directory enter:"
29555
29653
msgstr ""
29556
29654
29557
#: serverguide/C/backups.xml:267(command)
29655
#: serverguide/C/backups.xml:273(command)
29558
29656
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29559
29657
msgstr "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29560
29658
29561
#: serverguide/C/backups.xml:269(para)
29659
#: serverguide/C/backups.xml:275(para)
29562
29660
msgid ""
29563
29661
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29564
29662
"redirects the extracted files to the specified directory. The above example "
29567
29665
"recreates the directory structure that it contains."
29568
29666
msgstr ""
29569
29667
29570
#: serverguide/C/backups.xml:274(para)
29668
#: serverguide/C/backups.xml:280(para)
29571
29669
msgid ""
29572
29670
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29573
29671
"the file to restore."
29574
29672
msgstr ""
29575
29673
29576
#: serverguide/C/backups.xml:279(para)
29674
#: serverguide/C/backups.xml:285(para)
29577
29675
msgid "To restore all files in the archive enter the following:"
29578
29676
msgstr ""
29579
29677
29580
#: serverguide/C/backups.xml:283(command)
29678
#: serverguide/C/backups.xml:289(command)
29581
29679
msgid "cd /"
29582
29680
msgstr "cd /"
29583
29681
29584
#: serverguide/C/backups.xml:284(command)
29682
#: serverguide/C/backups.xml:290(command)
29585
29683
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29586
29684
msgstr "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29587
29685
29588
#: serverguide/C/backups.xml:289(para)
29686
#: serverguide/C/backups.xml:295(para)
29589
29687
msgid "This will overwrite the files currently on the file system."
29590
29688
msgstr ""
29591
29689
29592
#: serverguide/C/backups.xml:298(para)
29690
#: serverguide/C/backups.xml:304(para)
29593
29691
msgid ""
29594
29692
"For more information on shell scripting see the <ulink "
29595
29693
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29596
29694
msgstr ""
29597
29695
29598
#: serverguide/C/backups.xml:303(para)
29696
#: serverguide/C/backups.xml:309(para)
29599
29697
msgid ""
29600
29698
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29601
29699
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29602
29700
"great resource for shell scripting."
29603
29701
msgstr ""
29604
29702
29605
#: serverguide/C/backups.xml:309(para)
29703
#: serverguide/C/backups.xml:315(para)
29606
29704
msgid ""
29607
29705
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29608
29706
"Wiki Page</ulink> contains details on advanced "
29609
29707
"<application>cron</application> options."
29610
29708
msgstr ""
29611
29709
29612
#: serverguide/C/backups.xml:316(para)
29710
#: serverguide/C/backups.xml:322(para)
29613
29711
msgid ""
29614
29712
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29615
29713
"tar Manual</ulink> for more <application>tar</application> options."
29616
29714
msgstr ""
29617
29715
29618
#: serverguide/C/backups.xml:322(para)
29716
#: serverguide/C/backups.xml:328(para)
29619
29717
msgid ""
29620
29718
"The Wikipedia <ulink "
29621
29719
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29622
29720
"Scheme</ulink> article contains information on other backup rotation schemes."
29623
29721
msgstr ""
29624
29722
29625
#: serverguide/C/backups.xml:328(para)
29723
#: serverguide/C/backups.xml:334(para)
29626
29724
msgid ""
29627
29725
"The shell script uses <application>tar</application> to create the archive, "
29628
29726
"but there many other command line utilities that can be used. For example:"
29629
29727
msgstr ""
29630
29728
29631
#: serverguide/C/backups.xml:334(para)
29729
#: serverguide/C/backups.xml:340(para)
29632
29730
msgid ""
29633
29731
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29634
29732
"files to and from archives."
29635
29733
msgstr ""
29636
29734
29637
#: serverguide/C/backups.xml:339(para)
29735
#: serverguide/C/backups.xml:345(para)
29638
29736
msgid ""
29639
29737
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
29640
29738
"the <application>coreutils</application> package. A low level utility that "
29641
29739
"can copy data from one format to another."
29642
29740
msgstr ""
29643
29741
29644
#: serverguide/C/backups.xml:345(para)
29742
#: serverguide/C/backups.xml:351(para)
29645
29743
msgid ""
29646
29744
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
29647
29745
"snapshot utility used to create copies of an entire file system."
29648
29746
msgstr ""
29649
29747
29650
#: serverguide/C/backups.xml:351(para)
29748
#: serverguide/C/backups.xml:357(para)
29651
29749
msgid ""
29652
29750
"<ulink url=\"http://www.samba.org/ftp/rsync/rsync.html\">rsync</ulink>: a "
29653
29751
"flexible utility used to create incremental copies of files."
29654
29752
msgstr ""
29655
29753
29656
#: serverguide/C/backups.xml:362(title)
29754
#: serverguide/C/backups.xml:368(title)
29657
29755
msgid "Archive Rotation"
29658
29756
msgstr ""
29659
29757
29660
#: serverguide/C/backups.xml:363(para)
29758
#: serverguide/C/backups.xml:369(para)
29661
29759
msgid ""
29662
29760
"The shell script in <xref linkend=\"backup-shellscripts\"/> only allows for "
29663
29761
"seven different archives. For a server whose data doesn't change often, this "
29665
29763
"rotation scheme should be used."
29666
29764
msgstr ""
29667
29765
29668
#: serverguide/C/backups.xml:369(title)
29766
#: serverguide/C/backups.xml:375(title)
29669
29767
msgid "Rotating NFS Archives"
29670
29768
msgstr ""
29671
29769
29672
#: serverguide/C/backups.xml:370(para)
29770
#: serverguide/C/backups.xml:376(para)
29673
29771
msgid ""
29674
29772
"In this section, the shell script will be slightly modified to implement a "
29675
29773
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29676
29774
msgstr ""
29677
29775
29678
#: serverguide/C/backups.xml:376(para)
29776
#: serverguide/C/backups.xml:382(para)
29679
29777
msgid ""
29680
29778
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29681
29779
"Friday."
29682
29780
msgstr ""
29683
29781
29684
#: serverguide/C/backups.xml:381(para)
29782
#: serverguide/C/backups.xml:387(para)
29685
29783
msgid ""
29686
29784
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29687
29785
"weekly backups a month."
29688
29786
msgstr ""
29689
29787
29690
#: serverguide/C/backups.xml:386(para)
29788
#: serverguide/C/backups.xml:392(para)
29691
29789
msgid ""
29692
29790
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29693
29791
"rotating two monthly backups based on if the month is odd or even."
29694
29792
msgstr ""
29695
29793
29696
#: serverguide/C/backups.xml:392(para)
29794
#: serverguide/C/backups.xml:398(para)
29697
29795
msgid "Here is the new script:"
29698
29796
msgstr ""
29699
29797
29700
#: serverguide/C/backups.xml:395(programlisting)
29798
#: serverguide/C/backups.xml:401(programlisting)
29701
29799
#, no-wrap
29702
29800
msgid ""
29703
29801
"\n"
29766
29864
"ls -lh $dest/\n"
29767
29865
msgstr ""
29768
29866
29769
#: serverguide/C/backups.xml:460(para)
29867
#: serverguide/C/backups.xml:466(para)
29770
29868
msgid ""
29771
29869
"The script can be executed using the same methods as in <xref "
29772
29870
"linkend=\"backup-executing-shellscript\"/>."
29773
29871
msgstr ""
29774
29872
29775
#: serverguide/C/backups.xml:463(para)
29873
#: serverguide/C/backups.xml:469(para)
29776
29874
msgid ""
29777
29875
"It is good practice to take backup media off-site in case of a disaster. In "
29778
29876
"the shell script example the backup media is another server providing an NFS "
29781
29879
"the archive file over a WAN link to a server in another location."
29782
29880
msgstr ""
29783
29881
29784
#: serverguide/C/backups.xml:469(para)
29882
#: serverguide/C/backups.xml:475(para)
29785
29883
msgid ""
29786
29884
"Another option is to copy the archive file to an external hard drive which "
29787
29885
"can then be taken off-site. Since the price of external hard drives continue "
29790
29888
"backup server and one in another location."
29791
29889
msgstr ""
29792
29890
29793
#: serverguide/C/backups.xml:476(title)
29891
#: serverguide/C/backups.xml:482(title)
29794
29892
msgid "Tape Drives"
29795
29893
msgstr ""
29796
29894
29797
#: serverguide/C/backups.xml:477(para)
29895
#: serverguide/C/backups.xml:483(para)
29798
29896
msgid ""
29799
29897
"A tape drive attached to the server can be used instead of an NFS share. "
29800
29898
"Using a tape drive simplifies archive rotation, and makes taking the media "
29801
29899
"off-site easier as well."
29802
29900
msgstr ""
29803
29901
29804
#: serverguide/C/backups.xml:481(para)
29902
#: serverguide/C/backups.xml:487(para)
29805
29903
msgid ""
29806
29904
"When using a tape drive, the filename portions of the script aren't needed "
29807
29905
"because the data is sent directly to the tape device. Some commands to "
29810
29908
"<application>cpio</application> package."
29811
29909
msgstr ""
29812
29910
29813
#: serverguide/C/backups.xml:486(para)
29911
#: serverguide/C/backups.xml:492(para)
29814
29912
msgid "Here is the shell script modified to use a tape drive:"
29815
29913
msgstr ""
29816
29914
29817
#: serverguide/C/backups.xml:489(programlisting)
29915
#: serverguide/C/backups.xml:495(programlisting)
29818
29916
#, no-wrap
29819
29917
msgid ""
29820
29918
"\n"
29851
29949
"date\n"
29852
29950
msgstr ""
29853
29951
29854
#: serverguide/C/backups.xml:523(para)
29952
#: serverguide/C/backups.xml:529(para)
29855
29953
msgid ""
29856
29954
"The default device name for a SCSI tape drive is "
29857
29955
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
29858
29956
"system."
29859
29957
msgstr ""
29860
29958
29861
#: serverguide/C/backups.xml:528(para)
29959
#: serverguide/C/backups.xml:534(para)
29862
29960
msgid ""
29863
29961
"Restoring from a tape drive is basically the same as restoring from a file. "
29864
29962
"Simply rewind the tape and use the device path instead of a file path. For "
29866
29964
"<filename>/tmp/etc/hosts</filename>:"
29867
29965
msgstr ""
29868
29966
29869
#: serverguide/C/backups.xml:533(command)
29967
#: serverguide/C/backups.xml:539(command)
29870
29968
msgid "mt -f /dev/st0 rewind"
29871
29969
msgstr ""
29872
29970
29873
#: serverguide/C/backups.xml:534(command)
29971
#: serverguide/C/backups.xml:540(command)
29874
29972
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
29875
29973
msgstr ""
29876
29974
29877
#: serverguide/C/backups.xml:539(title)
29975
#: serverguide/C/backups.xml:545(title)
29878
29976
msgid "Bacula"
29879
29977
msgstr "Bacula"
29880
29978
29881
#: serverguide/C/backups.xml:540(para)
29979
#: serverguide/C/backups.xml:546(para)
29882
29980
msgid ""
29883
29981
"<application>Bacula</application> is a backup program enabling you to "
29884
29982
"backup, restore, and verify data across your network. There are Bacula "
29886
29984
"network wide solution."
29887
29985
msgstr ""
29888
29986
29889
#: serverguide/C/backups.xml:546(para)
29987
#: serverguide/C/backups.xml:552(para)
29890
29988
msgid ""
29891
29989
"<application>Bacula</application> is made up of several components and "
29892
29990
"services used to manage which files to backup and backup locations:"
29893
29991
msgstr ""
29894
29992
29895
#: serverguide/C/backups.xml:551(para)
29993
#: serverguide/C/backups.xml:557(para)
29896
29994
msgid ""
29897
29995
"<application>Bacula Director:</application> a service that controls all "
29898
29996
"backup, restore, verify, and archive operations."
29899
29997
msgstr ""
29900
29998
29901
#: serverguide/C/backups.xml:556(para)
29999
#: serverguide/C/backups.xml:562(para)
29902
30000
msgid ""
29903
30001
"<application>Bacula Console:</application> an application allowing "
29904
30002
"communication with the Director. There are three versions of the Console:"
29905
30003
msgstr ""
29906
30004
29907
#: serverguide/C/backups.xml:561(para)
30005
#: serverguide/C/backups.xml:567(para)
29908
30006
msgid "Text based command line version."
29909
30007
msgstr ""
29910
30008
29911
#: serverguide/C/backups.xml:562(para)
30009
#: serverguide/C/backups.xml:568(para)
29912
30010
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
29913
30011
msgstr "Version grafica GTK+ (Gnome)."
29914
30012
29915
#: serverguide/C/backups.xml:563(para)
30013
#: serverguide/C/backups.xml:569(para)
29916
30014
msgid "wxWidgets GUI interface."
29917
30015
msgstr "Version grafica wxWidgets."
29918
30016
29919
#: serverguide/C/backups.xml:567(para)
30017
#: serverguide/C/backups.xml:573(para)
29920
30018
msgid ""
29921
30019
"<application>Bacula File:</application> also known as the "
29922
30020
"<application>Bacula Client</application> program. This application is "
29924
30022
"requested by the Director."
29925
30023
msgstr ""
29926
30024
29927
#: serverguide/C/backups.xml:573(para)
30025
#: serverguide/C/backups.xml:579(para)
29928
30026
msgid ""
29929
30027
"<application>Bacula Storage:</application> the programs that perform the "
29930
30028
"storage and recovery of data to the physical media."
29931
30029
msgstr ""
29932
30030
29933
#: serverguide/C/backups.xml:578(para)
30031
#: serverguide/C/backups.xml:584(para)
29934
30032
msgid ""
29935
30033
"<application>Bacula Catalog:</application> is responsible for maintaining "
29936
30034
"the file indexes and volume databases for all files backed up, enabling "
29938
30036
"different databases MySQL, PostgreSQL, and SQLite."
29939
30037
msgstr ""
29940
30038
29941
#: serverguide/C/backups.xml:584(para)
30039
#: serverguide/C/backups.xml:590(para)
29942
30040
msgid ""
29943
30041
"<application>Bacula Monitor:</application> allows the monitoring of the "
29944
30042
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
29945
30043
"available as a GTK+ GUI application."
29946
30044
msgstr ""
29947
30045
29948
#: serverguide/C/backups.xml:590(para)
30046
#: serverguide/C/backups.xml:596(para)
29949
30047
msgid ""
29950
30048
"These services and applications can be run on multiple servers and clients, "
29951
30049
"or they can be installed on one machine if backing up a single disk or "
29952
30050
"volume."
29953
30051
msgstr ""
29954
30052
29955
#: serverguide/C/backups.xml:598(para)
30053
#: serverguide/C/backups.xml:604(para)
29956
30054
msgid ""
29957
30055
"If using MySQL or PostgreSQL as your database, you should already have the "
29958
30056
"services available. <application>Bacula</application> will not install them "
29959
30057
"for you."
29960
30058
msgstr ""
29961
30059
29962
#: serverguide/C/backups.xml:603(para)
30060
#: serverguide/C/backups.xml:609(para)
29963
30061
msgid ""
29964
30062
"There are multiple packages containing the different "
29965
30063
"<application>Bacula</application> components. To install Bacula, from a "
29966
30064
"terminal prompt enter:"
29967
30065
msgstr ""
29968
30066
29969
#: serverguide/C/backups.xml:608(command)
30067
#: serverguide/C/backups.xml:614(command)
29970
30068
msgid "sudo apt-get install bacula"
29971
30069
msgstr "sudo apt-get install bacula"
29972
30070
29973
#: serverguide/C/backups.xml:610(para)
30071
#: serverguide/C/backups.xml:616(para)
29974
30072
msgid ""
29975
30073
"By default installing the <application>bacula</application> package will use "
29976
30074
"a <application>MySQL</application> database for the Catalog. If you want to "
29979
30077
"pgsql</application> respectively."
29980
30078
msgstr ""
29981
30079
29982
#: serverguide/C/backups.xml:616(para)
30080
#: serverguide/C/backups.xml:622(para)
29983
30081
msgid ""
29984
30082
"During the install process you will be asked to supply credentials for the "
29985
30083
"database <emphasis>administrator</emphasis> and the "
29988
30086
"database, see <xref linkend=\"mysql\"/> for more information."
29989
30087
msgstr ""
29990
30088
29991
#: serverguide/C/backups.xml:626(para)
30089
#: serverguide/C/backups.xml:632(para)
29992
30090
msgid ""
29993
30091
"<application>Bacula</application> configuration files are formatted based on "
29994
30092
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
29997
30095
"directory."
29998
30096
msgstr ""
29999
30097
30000
#: serverguide/C/backups.xml:631(para)
30098
#: serverguide/C/backups.xml:637(para)
30001
30099
msgid ""
30002
30100
"The various <application>Bacula</application> components must authorize "
30003
30101
"themselves to each other. This is accomplished using the "
30008
30106
"<filename>/etc/bacula/bacula-sd.conf</filename>."
30009
30107
msgstr ""
30010
30108
30011
#: serverguide/C/backups.xml:637(para)
30109
#: serverguide/C/backups.xml:643(para)
30012
30110
msgid ""
30013
30111
"By default the backup job named <emphasis>Client1</emphasis> is configured "
30014
30112
"to archive the <application>Bacula</application> Catalog. If you plan on "
30017
30115
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
30018
30116
msgstr ""
30019
30117
30020
#: serverguide/C/backups.xml:642(programlisting)
30118
#: serverguide/C/backups.xml:648(programlisting)
30021
30119
#, no-wrap
30022
30120
msgid ""
30023
30121
"\n"
30031
30129
"}\n"
30032
30130
msgstr ""
30033
30131
30034
#: serverguide/C/backups.xml:653(para)
30132
#: serverguide/C/backups.xml:659(para)
30035
30133
msgid ""
30036
30134
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
30037
30135
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
30038
30136
"your appropriate hostname, or other descriptive name."
30039
30137
msgstr ""
30040
30138
30041
#: serverguide/C/backups.xml:658(para)
30139
#: serverguide/C/backups.xml:664(para)
30042
30140
msgid ""
30043
30141
"The <emphasis>Console</emphasis> can be used to query the "
30044
30142
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
30047
30145
"the following from a terminal:"
30048
30146
msgstr ""
30049
30147
30050
#: serverguide/C/backups.xml:664(command)
30148
#: serverguide/C/backups.xml:670(command)
30051
30149
msgid "sudo adduser $username bacula"
30052
30150
msgstr "sudo adduser $username bacula"
30053
30151
30054
#: serverguide/C/backups.xml:667(para)
30152
#: serverguide/C/backups.xml:673(para)
30055
30153
msgid ""
30056
30154
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
30057
30155
"you are adding the current user to the group you should log out and back in "
30058
30156
"for the new permissions to take effect."
30059
30157
msgstr ""
30060
30158
30061
#: serverguide/C/backups.xml:674(title)
30159
#: serverguide/C/backups.xml:680(title)
30062
30160
msgid "Localhost Backup"
30063
30161
msgstr ""
30064
30162
30065
#: serverguide/C/backups.xml:675(para)
30163
#: serverguide/C/backups.xml:681(para)
30066
30164
msgid ""
30067
30165
"This section describes how to backup specified directories on a single host "
30068
30166
"to a local tape drive."
30069
30167
msgstr ""
30070
30168
30071
#: serverguide/C/backups.xml:680(para)
30169
#: serverguide/C/backups.xml:686(para)
30072
30170
msgid ""
30073
30171
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
30074
30172
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
30075
30173
msgstr ""
30076
30174
30077
#: serverguide/C/backups.xml:683(programlisting)
30175
#: serverguide/C/backups.xml:689(programlisting)
30078
30176
#, no-wrap
30079
30177
msgid ""
30080
30178
"\n"
30105
30203
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
30106
30204
"}\n"
30107
30205
30108
#: serverguide/C/backups.xml:697(para)
30206
#: serverguide/C/backups.xml:703(para)
30109
30207
msgid ""
30110
30208
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the "
30111
30209
"<quote>Media Type</quote> and <quote>Archive Device</quote> to match your "
30112
30210
"hardware."
30113
30211
msgstr ""
30114
30212
30115
#: serverguide/C/backups.xml:700(para)
30213
#: serverguide/C/backups.xml:706(para)
30116
30214
msgid "You could also uncomment one of the other examples in the file."
30117
30215
msgstr ""
30118
30216
30119
#: serverguide/C/backups.xml:705(para)
30217
#: serverguide/C/backups.xml:711(para)
30120
30218
msgid ""
30121
30219
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
30122
30220
"<application>Storage</application> daemon will need to be restarted:"
30123
30221
msgstr ""
30124
30222
30125
#: serverguide/C/backups.xml:710(command)
30223
#: serverguide/C/backups.xml:716(command)
30126
30224
msgid "sudo service bacula-sd restart"
30127
30225
msgstr ""
30128
30226
30129
#: serverguide/C/backups.xml:714(para)
30227
#: serverguide/C/backups.xml:720(para)
30130
30228
msgid ""
30131
30229
"Now add a <emphasis>Storage</emphasis> resource in "
30132
30230
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
30133
30231
msgstr ""
30134
30232
30135
#: serverguide/C/backups.xml:717(programlisting)
30233
#: serverguide/C/backups.xml:723(programlisting)
30136
30234
#, no-wrap
30137
30235
msgid ""
30138
30236
"\n"
30149
30247
"}\n"
30150
30248
msgstr ""
30151
30249
30152
#: serverguide/C/backups.xml:729(para)
30250
#: serverguide/C/backups.xml:735(para)
30153
30251
msgid ""
30154
30252
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
30155
30253
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
30156
30254
"to the actual host name."
30157
30255
msgstr ""
30158
30256
30159
#: serverguide/C/backups.xml:733(para)
30257
#: serverguide/C/backups.xml:739(para)
30160
30258
msgid ""
30161
30259
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
30162
30260
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
30163
30261
msgstr ""
30164
30262
30165
#: serverguide/C/backups.xml:739(para)
30263
#: serverguide/C/backups.xml:745(para)
30166
30264
msgid ""
30167
30265
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
30168
30266
"directories to backup, by adding:"
30169
30267
msgstr ""
30170
30268
30171
#: serverguide/C/backups.xml:742(programlisting)
30269
#: serverguide/C/backups.xml:748(programlisting)
30172
30270
#, no-wrap
30173
30271
msgid ""
30174
30272
"\n"
30199
30297
" }\n"
30200
30298
"}\n"
30201
30299
30202
#: serverguide/C/backups.xml:756(para)
30300
#: serverguide/C/backups.xml:762(para)
30203
30301
msgid ""
30204
30302
"This <emphasis>FileSet</emphasis> will backup the <filename "
30205
30303
"role=\"directory\">/etc</filename> and <filename "
30209
30307
"using GZIP."
30210
30308
msgstr ""
30211
30309
30212
#: serverguide/C/backups.xml:763(para)
30310
#: serverguide/C/backups.xml:769(para)
30213
30311
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
30214
30312
msgstr ""
30215
30313
30216
#: serverguide/C/backups.xml:766(programlisting)
30314
#: serverguide/C/backups.xml:772(programlisting)
30217
30315
#, no-wrap
30218
30316
msgid ""
30219
30317
"\n"
30230
30328
" Run = Full daily at 00:01\n"
30231
30329
"}\n"
30232
30330
30233
#: serverguide/C/backups.xml:773(para)
30331
#: serverguide/C/backups.xml:779(para)
30234
30332
msgid ""
30235
30333
"The job will run every day at 00:01 or 12:01 am. There are many other "
30236
30334
"scheduling options available."
30237
30335
msgstr ""
30238
30336
30239
#: serverguide/C/backups.xml:778(para)
30337
#: serverguide/C/backups.xml:784(para)
30240
30338
msgid "Finally create the <emphasis>Job</emphasis>:"
30241
30339
msgstr "Per acabar, creatz lo <emphasis>prètzfach</emphasis> :"
30242
30340
30243
#: serverguide/C/backups.xml:781(programlisting)
30341
#: serverguide/C/backups.xml:787(programlisting)
30244
30342
#, no-wrap
30245
30343
msgid ""
30246
30344
"\n"
30269
30367
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
30270
30368
"} \n"
30271
30369
30272
#: serverguide/C/backups.xml:794(para)
30370
#: serverguide/C/backups.xml:800(para)
30273
30371
msgid ""
30274
30372
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
30275
30373
"drive."
30276
30374
msgstr ""
30277
30375
30278
#: serverguide/C/backups.xml:799(para)
30376
#: serverguide/C/backups.xml:805(para)
30279
30377
msgid ""
30280
30378
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
30281
30379
"current tape does not have a label <application>Bacula</application> will "
30283
30381
"<application>Console</application> enter the following from a terminal:"
30284
30382
msgstr ""
30285
30383
30286
#: serverguide/C/backups.xml:805(command)
30384
#: serverguide/C/backups.xml:811(command)
30287
30385
msgid "bconsole"
30288
30386
msgstr "bconsole"
30289
30387
30290
#: serverguide/C/backups.xml:809(para)
30388
#: serverguide/C/backups.xml:815(para)
30291
30389
msgid "At the Bacula Console prompt enter:"
30292
30390
msgstr ""
30293
30391
30294
#: serverguide/C/backups.xml:813(command)
30392
#: serverguide/C/backups.xml:819(command)
30295
30393
msgid "label"
30296
30394
msgstr "etiqueta"
30297
30395
30298
#: serverguide/C/backups.xml:817(para)
30396
#: serverguide/C/backups.xml:823(para)
30299
30397
msgid ""
30300
30398
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
30301
30399
msgstr ""
30302
30400
30303
#: serverguide/C/backups.xml:827(userinput)
30401
#: serverguide/C/backups.xml:833(userinput)
30304
30402
#, no-wrap
30305
30403
msgid "2"
30306
30404
msgstr "2"
30307
30405
30308
#: serverguide/C/backups.xml:821(computeroutput)
30406
#: serverguide/C/backups.xml:827(computeroutput)
30309
30407
#, no-wrap
30310
30408
msgid ""
30311
30409
"\n"
30324
30422
" 2: TapeDrive\n"
30325
30423
"Select Storage resource (1-2):<placeholder-1/>\n"
30326
30424
30327
#: serverguide/C/backups.xml:832(para)
30425
#: serverguide/C/backups.xml:838(para)
30328
30426
msgid "Enter the new <emphasis>Volume</emphasis> name:"
30329
30427
msgstr ""
30330
30428
30331
#: serverguide/C/backups.xml:837(userinput)
30429
#: serverguide/C/backups.xml:843(userinput)
30332
30430
#, no-wrap
30333
30431
msgid "Sunday"
30334
30432
msgstr "Dimenge"
30335
30433
30336
#: serverguide/C/backups.xml:836(computeroutput)
30434
#: serverguide/C/backups.xml:842(computeroutput)
30337
30435
#, no-wrap
30338
30436
msgid ""
30339
30437
"\n"
30348
30446
"1: Default\n"
30349
30447
"2: Scratch"
30350
30448
30351
#: serverguide/C/backups.xml:842(para)
30449
#: serverguide/C/backups.xml:848(para)
30352
30450
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
30353
30451
msgstr "Remplaçatz <emphasis>dimenge</emphasis> per l'etiqueta desirada."
30354
30452
30355
#: serverguide/C/backups.xml:847(para)
30453
#: serverguide/C/backups.xml:853(para)
30356
30454
msgid "Now, select the <emphasis>Pool</emphasis>:"
30357
30455
msgstr "Seleccionatz ara lo <emphasis>pool</emphasis>:"
30358
30456
30359
#: serverguide/C/backups.xml:851(computeroutput)
30457
#: serverguide/C/backups.xml:857(computeroutput)
30360
30458
#, no-wrap
30361
30459
msgid ""
30362
30460
"\n"
30369
30467
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
30370
30468
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
30371
30469
30372
#: serverguide/C/backups.xml:859(para)
30470
#: serverguide/C/backups.xml:865(para)
30373
30471
msgid ""
30374
30472
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
30375
30473
"backup the localhost to an attached tape drive."
30377
30475
"Felicitacions, venètz de configurar <emphasis>Bacula</emphasis> per salvar "
30378
30476
"l'òste local cap a un lector de benda connectat."
30379
30477
30380
#: serverguide/C/backups.xml:867(para)
30478
#: serverguide/C/backups.xml:873(para)
30381
30479
msgid ""
30382
30480
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
30383
30481
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
30387
30485
"referissètz-vos al <ulink url=\"http://www.bacula.org/en/rel-"
30388
30486
"manual/index.html\">Manual de l'utilizaire Bacula</ulink> (en anglés)"
30389
30487
30390
#: serverguide/C/backups.xml:873(para)
30488
#: serverguide/C/backups.xml:879(para)
30391
30489
msgid ""
30392
30490
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
30393
30491
"the latest Bacula news and developments."
30395
30493
"La <ulink url=\"http://www.bacula.org/\">pagina d'acuèlh de Bacula</ulink> "
30396
30494
"conten las darrièras informacions e versions de desvolopament."
30397
30495
30398
#: serverguide/C/backups.xml:878(para)
30496
#: serverguide/C/backups.xml:884(para)
30399
30497
msgid ""
30400
30498
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
30401
30499
"Ubuntu Wiki</ulink> page."
30410
30508
30411
30509
#~ msgid "sudo chown nobody.nogroup /srv/samba/share/"
30412
30510
#~ msgstr "sudo chown nobody.nogroup /srv/samba/share/"
30511
30512
#~ msgid "sudo bash backup.sh"
30513
#~ msgstr "sudo bash backup.sh"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1