354
354
"virtual host file, and remember to create that directory if necessary!"
357
#: serverguide/C/web-servers.xml:265(para)
357
#: serverguide/C/web-servers.xml:278(para)
359
359
"Enable the new <emphasis>VirtualHost</emphasis> using the "
360
360
"<application>a2ensite</application> utility and restart Apache2:"
363
#: serverguide/C/web-servers.xml:271(command)
363
#: serverguide/C/web-servers.xml:284(command)
364
364
msgid "sudo a2ensite mynewsite"
365
365
msgstr "sudo a2ensite moja-nova-stran"
367
#: serverguide/C/web-servers.xml:272(command) serverguide/C/web-servers.xml:290(command) serverguide/C/web-servers.xml:531(command) serverguide/C/web-servers.xml:540(command) serverguide/C/web-servers.xml:599(command) serverguide/C/mail.xml:935(command) serverguide/C/lamp-applications.xml:222(command)
367
#: serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:303(command) serverguide/C/web-servers.xml:544(command) serverguide/C/web-servers.xml:553(command) serverguide/C/web-servers.xml:612(command) serverguide/C/mail.xml:994(command) serverguide/C/lamp-applications.xml:238(command) serverguide/C/lamp-applications.xml:339(command) serverguide/C/lamp-applications.xml:610(command)
368
368
msgid "sudo service apache2 restart"
371
#: serverguide/C/web-servers.xml:276(para)
371
#: serverguide/C/web-servers.xml:289(para)
373
373
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
374
374
"name for the VirtualHost. One method is to name the file after the "
375
375
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
378
#: serverguide/C/web-servers.xml:283(para)
378
#: serverguide/C/web-servers.xml:296(para)
380
380
"Similarly, use the <application>a2dissite</application> utility to disable "
381
381
"sites. This is can be useful when troubleshooting configuration problems "
382
382
"with multiple VirtualHosts:"
385
#: serverguide/C/web-servers.xml:289(command)
385
#: serverguide/C/web-servers.xml:302(command)
386
386
msgid "sudo a2dissite mynewsite"
387
387
msgstr "sudo a2dissite moja-nova-stran"
389
#: serverguide/C/web-servers.xml:295(title)
389
#: serverguide/C/web-servers.xml:308(title)
390
390
msgid "Default Settings"
391
391
msgstr "Privzete nastavitve"
393
#: serverguide/C/web-servers.xml:297(para)
393
#: serverguide/C/web-servers.xml:310(para)
395
395
"This section explains configuration of the Apache2 server default settings. "
396
396
"For example, if you add a virtual host, the settings you configure for the "
608
608
"<emphasis><IfModule></emphasis> block."
611
#: serverguide/C/web-servers.xml:510(para)
611
#: serverguide/C/web-servers.xml:523(para)
613
613
"You can install additional Apache2 modules and use them with your Web "
614
614
"server. For example, run the following command from a terminal prompt to "
615
615
"install the <emphasis>MySQL Authentication</emphasis> module:"
618
#: serverguide/C/web-servers.xml:517(command)
618
#: serverguide/C/web-servers.xml:530(command)
619
619
msgid "sudo apt-get install libapache2-mod-auth-mysql"
620
620
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
622
#: serverguide/C/web-servers.xml:520(para)
622
#: serverguide/C/web-servers.xml:533(para)
624
624
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
625
625
"additional modules."
628
#: serverguide/C/web-servers.xml:524(para)
628
#: serverguide/C/web-servers.xml:537(para)
630
630
"Use the <application>a2enmod</application> utility to enable a module:"
632
632
"Za omogočitev modula uporabite orodje <application>a2enmod</application>:"
634
#: serverguide/C/web-servers.xml:530(command)
634
#: serverguide/C/web-servers.xml:543(command)
635
635
msgid "sudo a2enmod auth_mysql"
636
636
msgstr "sudo a2enmod auth_mysql"
638
#: serverguide/C/web-servers.xml:534(para)
638
#: serverguide/C/web-servers.xml:547(para)
639
639
msgid "Similarly, <application>a2dismod</application> will disable a module:"
641
641
"Z orodjem <application>a2dismod</application> lahko modul onemogočite:"
643
#: serverguide/C/web-servers.xml:539(command)
643
#: serverguide/C/web-servers.xml:552(command)
644
644
msgid "sudo a2dismod auth_mysql"
645
645
msgstr "sudo a2dismod auth_mysql"
647
#: serverguide/C/web-servers.xml:546(title)
647
#: serverguide/C/web-servers.xml:559(title)
648
648
msgid "HTTPS Configuration"
649
649
msgstr "Nastavljanje HTTPS"
651
#: serverguide/C/web-servers.xml:548(para)
651
#: serverguide/C/web-servers.xml:561(para)
653
653
"The <application>mod_ssl</application> module adds an important feature to "
654
654
"the Apache2 server - the ability to encrypt communications. Thus, when your "
782
791
"Oglejte si <ulink url=\"http://www.modssl.org/docs/\">dokumentacijo Mod "
783
792
"SSL</ulink> za več podatkov o SSL-ju."
785
#: serverguide/C/web-servers.xml:656(para)
794
#: serverguide/C/web-servers.xml:676(para)
787
796
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
788
797
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
789
798
"configurations."
792
#: serverguide/C/web-servers.xml:662(para)
801
#: serverguide/C/web-servers.xml:682(para)
794
803
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
795
804
"server</emphasis> IRC channel on <ulink "
796
805
"url=\"http://freenode.net/\">freenode.net</ulink>."
799
#: serverguide/C/web-servers.xml:668(para)
808
#: serverguide/C/web-servers.xml:688(para)
801
810
"Usually integrated with PHP and MySQL the <ulink "
802
811
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
803
812
"Ubuntu Wiki </ulink> page is a good resource."
806
#: serverguide/C/web-servers.xml:679(title)
815
#: serverguide/C/web-servers.xml:699(title)
807
816
msgid "PHP5 - Scripting Language"
810
#: serverguide/C/web-servers.xml:680(para)
819
#: serverguide/C/web-servers.xml:700(para)
812
821
"PHP is a general-purpose scripting language suited for Web development. The "
813
822
"PHP script can be embedded into HTML. This section explains how to install "
814
823
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
817
#: serverguide/C/web-servers.xml:684(para)
826
#: serverguide/C/web-servers.xml:704(para)
819
828
"This section assumes you have installed and configured Apache2 Web Server "
820
829
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
1159
1168
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1162
#: serverguide/C/web-servers.xml:966(para)
1171
#: serverguide/C/web-servers.xml:985(para)
1164
1173
"Once you have <application>Apache</application> and "
1165
1174
"<application>MySQL</application> packages installed, you are ready to "
1166
1175
"install <application>Ruby on Rails</application> package."
1169
#: serverguide/C/web-servers.xml:973(para)
1178
#: serverguide/C/web-servers.xml:992(para)
1171
1180
"To install the <application>Ruby</application> base packages and "
1172
1181
"<application>Ruby on Rails</application>, you can enter the following "
1173
1182
"command in the terminal prompt:"
1176
#: serverguide/C/web-servers.xml:979(command)
1185
#: serverguide/C/web-servers.xml:998(command)
1177
1186
msgid "sudo apt-get install rails"
1178
1187
msgstr "sudo apt-get install rails"
1180
#: serverguide/C/web-servers.xml:997(para)
1189
#: serverguide/C/web-servers.xml:1004(para)
1182
1191
"Modify the <filename>/etc/apache2/sites-available/000-"
1183
1192
"default.conf</filename> configuration file to setup your domains."
1186
#: serverguide/C/web-servers.xml:989(para)
1195
#: serverguide/C/web-servers.xml:1008(para)
1188
1197
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1191
#: serverguide/C/web-servers.xml:993(programlisting)
1200
#: serverguide/C/web-servers.xml:1012(programlisting)
1424
1433
"command in the terminal prompt:"
1427
#: serverguide/C/web-servers.xml:1153(command)
1436
#: serverguide/C/web-servers.xml:1160(command)
1428
1437
msgid "sudo apt-get install tomcat7-docs"
1431
#: serverguide/C/web-servers.xml:1142(title)
1440
#: serverguide/C/web-servers.xml:1164(title)
1432
1441
msgid "Tomcat administration webapps"
1435
#: serverguide/C/web-servers.xml:1158(para)
1444
#: serverguide/C/web-servers.xml:1165(para)
1437
1446
"The <application>tomcat7-admin</application> package contains two webapps "
1438
1447
"that can be used to administer the Tomcat server using a web interface. You "
1439
1448
"can install them by entering the following command in the terminal prompt:"
1442
#: serverguide/C/web-servers.xml:1163(command)
1451
#: serverguide/C/web-servers.xml:1170(command)
1443
1452
msgid "sudo apt-get install tomcat7-admin"
1446
#: serverguide/C/web-servers.xml:1150(para)
1455
#: serverguide/C/web-servers.xml:1172(para)
1448
1457
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
1449
1458
"access by default at http://yourserver:8080/manager/html. It is primarily "
1450
1459
"used to get server status and restart webapps."
1453
#: serverguide/C/web-servers.xml:1168(para)
1462
#: serverguide/C/web-servers.xml:1175(para)
1455
1464
"Access to the <emphasis>manager</emphasis> application is protected by "
1456
1465
"default: you need to define a user with the role \"manager-gui\" in "
1457
1466
"<filename>/etc/tomcat7/tomcat-users.xml</filename> before you can access it."
1460
#: serverguide/C/web-servers.xml:1157(para)
1469
#: serverguide/C/web-servers.xml:1179(para)
1462
1471
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
1463
1472
"can access by default at http://yourserver:8080/host-manager/html. It can be "
1464
1473
"used to create virtual hosts dynamically."
1467
#: serverguide/C/web-servers.xml:1176(para)
1476
#: serverguide/C/web-servers.xml:1183(para)
1469
1478
"Access to the <emphasis>host-manager</emphasis> application is also "
1470
1479
"protected by default: you need to define a user with the role \"admin-gui\" "
1519
1528
"system-installed libraries."
1522
#: serverguide/C/web-servers.xml:1200(para)
1531
#: serverguide/C/web-servers.xml:1222(para)
1524
1533
"It is possible to run the system-wide instance and the private instances in "
1525
1534
"parallel, as long as they do not use the same TCP ports."
1528
#: serverguide/C/web-servers.xml:1204(title)
1537
#: serverguide/C/web-servers.xml:1226(title)
1529
1538
msgid "Installing private instance support"
1532
#: serverguide/C/web-servers.xml:1205(para)
1541
#: serverguide/C/web-servers.xml:1227(para)
1534
1543
"You can install everything necessary to run private instances by entering "
1535
1544
"the following command in the terminal prompt:"
1538
#: serverguide/C/web-servers.xml:1223(command)
1547
#: serverguide/C/web-servers.xml:1230(command)
1539
1548
msgid "sudo apt-get install tomcat7-user"
1542
#: serverguide/C/web-servers.xml:1212(title)
1551
#: serverguide/C/web-servers.xml:1234(title)
1543
1552
msgid "Creating a private instance"
1546
#: serverguide/C/web-servers.xml:1213(para)
1555
#: serverguide/C/web-servers.xml:1235(para)
1548
1557
"You can create a private instance directory by entering the following "
1549
1558
"command in the terminal prompt:"
1552
#: serverguide/C/web-servers.xml:1231(command)
1561
#: serverguide/C/web-servers.xml:1238(command)
1553
1562
msgid "tomcat7-instance-create my-instance"
1556
#: serverguide/C/web-servers.xml:1218(para)
1565
#: serverguide/C/web-servers.xml:1240(para)
1558
1567
"This will create a new <filename>my-instance</filename> directory with all "
1559
1568
"the necessary subdirectories and scripts. You can for example install your "
1760
#: serverguide/C/vpn.xml:90(para)
1769
#: serverguide/C/vpn.xml:94(para)
1762
1771
"Enter the following to generate the master Certificate Authority (CA) "
1763
1772
"certificate and key:"
1766
#: serverguide/C/vpn.xml:95(command) serverguide/C/vpn.xml:143(command)
1775
#: serverguide/C/vpn.xml:99(command) serverguide/C/vpn.xml:147(command)
1767
1776
msgid "cd /etc/openvpn/easy-rsa/"
1768
1777
msgstr "cd /etc/openvpn/easy-rsa/"
1770
#: serverguide/C/vpn.xml:96(command) serverguide/C/vpn.xml:144(command)
1779
#: serverguide/C/vpn.xml:100(command) serverguide/C/vpn.xml:148(command)
1771
1780
msgid "source vars"
1772
1781
msgstr "source vars"
1774
#: serverguide/C/vpn.xml:97(command)
1783
#: serverguide/C/vpn.xml:101(command)
1775
1784
msgid "./clean-all"
1776
1785
msgstr "./clean-all"
1778
#: serverguide/C/vpn.xml:98(command)
1787
#: serverguide/C/vpn.xml:102(command)
1779
1788
msgid "./build-ca"
1782
#: serverguide/C/vpn.xml:103(title)
1791
#: serverguide/C/vpn.xml:107(title)
1783
1792
msgid "Server Certificates"
1784
1793
msgstr "Potrdila strežnika"
1786
#: serverguide/C/vpn.xml:105(para)
1795
#: serverguide/C/vpn.xml:109(para)
1787
1796
msgid "Next, we will generate a certificate and private key for the server:"
1790
#: serverguide/C/vpn.xml:110(command)
1799
#: serverguide/C/vpn.xml:114(command)
1791
1800
msgid "./build-key-server myservername"
1794
#: serverguide/C/vpn.xml:113(para)
1803
#: serverguide/C/vpn.xml:117(para)
1796
1805
"As in the previous step, most parameters can be defaulted. Two other queries "
1797
1806
"require positive responses, \"Sign the certificate? [y/n]\" and \"1 out of 1 "
1798
1807
"certificate requests certified, commit? [y/n]\"."
1801
#: serverguide/C/vpn.xml:117(para)
1810
#: serverguide/C/vpn.xml:121(para)
1802
1811
msgid "Diffie Hellman parameters must be generated for the OpenVPN server:"
1805
#: serverguide/C/vpn.xml:122(command)
1814
#: serverguide/C/vpn.xml:126(command)
1806
1815
msgid "./build-dh"
1807
1816
msgstr "./build-dh"
1809
#: serverguide/C/vpn.xml:125(para)
1818
#: serverguide/C/vpn.xml:129(para)
1811
1820
"All certificates and keys have been generated in the subdirectory keys/. "
1812
1821
"Common practice is to copy them to /etc/openvpn/:"
1815
#: serverguide/C/vpn.xml:129(command)
1824
#: serverguide/C/vpn.xml:133(command)
1816
1825
msgid "cd keys/"
1835
#: serverguide/C/vpn.xml:145(command)
1844
#: serverguide/C/vpn.xml:149(command)
1836
1845
msgid "./build-key client1"
1839
#: serverguide/C/vpn.xml:148(para)
1848
#: serverguide/C/vpn.xml:152(para)
1840
1849
msgid "Copy the following files to the client using a secure method:"
1843
#: serverguide/C/vpn.xml:153(para)
1852
#: serverguide/C/vpn.xml:157(para)
1844
1853
msgid "/etc/openvpn/ca.crt"
1845
1854
msgstr "/etc/openvpn/ca.crt"
1847
#: serverguide/C/vpn.xml:154(para)
1856
#: serverguide/C/vpn.xml:158(para)
1848
1857
msgid "/etc/openvpn/easy-rsa/keys/client1.crt"
1851
#: serverguide/C/vpn.xml:155(para)
1860
#: serverguide/C/vpn.xml:159(para)
1852
1861
msgid "/etc/openvpn/easy-rsa/keys/client1.key"
1855
#: serverguide/C/vpn.xml:158(para)
1864
#: serverguide/C/vpn.xml:162(para)
1857
1866
"As the client certificates and keys are only required on the client machine, "
1858
1867
"you should remove them from the server."
1861
#: serverguide/C/vpn.xml:166(title)
1870
#: serverguide/C/vpn.xml:170(title)
1862
1871
msgid "Simple Server Configuration"
1865
#: serverguide/C/vpn.xml:168(para)
1874
#: serverguide/C/vpn.xml:172(para)
1867
1876
"Along with your <application>OpenVPN</application> installation you got "
1868
1877
"these sample config files (and many more if if you check):"
1871
#: serverguide/C/vpn.xml:172(programlisting)
1880
#: serverguide/C/vpn.xml:176(programlisting)
2121
#: serverguide/C/vpn.xml:322(para)
2130
#: serverguide/C/vpn.xml:350(para)
2123
2132
"Can the client connect to the server machine? Maybe a firewall is blocking "
2124
2133
"access? Check syslog on server."
2127
#: serverguide/C/vpn.xml:325(para)
2136
#: serverguide/C/vpn.xml:353(para)
2129
2138
"Client and server must use same protocol and port, e.g. UDP port 1194, see "
2130
2139
"port and proto config option"
2133
#: serverguide/C/vpn.xml:328(para)
2142
#: serverguide/C/vpn.xml:356(para)
2135
2144
"Client and server must use same config regarding compression, see comp-lzo "
2136
2145
"config option"
2139
#: serverguide/C/vpn.xml:331(para)
2148
#: serverguide/C/vpn.xml:359(para)
2141
2150
"Client and server must use same config regarding bridged vs routed mode, see "
2142
2151
"server vs server-bridge config option"
2145
#: serverguide/C/databases.xml:168(title)
2154
#: serverguide/C/vpn.xml:366(title) serverguide/C/databases.xml:161(title)
2146
2155
msgid "Advanced configuration"
2149
#: serverguide/C/vpn.xml:342(title)
2158
#: serverguide/C/vpn.xml:369(title)
2150
2159
msgid "Advanced routed VPN configuration on server"
2153
#: serverguide/C/vpn.xml:344(para)
2162
#: serverguide/C/vpn.xml:371(para)
2155
2164
"The above is a very simple working VPN. The client can access services on "
2156
2165
"the VPN server machine through an encrypted tunnel. If you want to reach "
2240
2249
"push \"dhcp-option DNS 10.1.0.2\"\n"
2243
#: serverguide/C/vpn.xml:410(para)
2252
#: serverguide/C/vpn.xml:437(para)
2244
2253
msgid "Allow client to client communication."
2247
#: serverguide/C/vpn.xml:413(programlisting)
2256
#: serverguide/C/vpn.xml:440(programlisting)
2251
2260
"client-to-client\n"
2254
#: serverguide/C/vpn.xml:417(para)
2263
#: serverguide/C/vpn.xml:444(para)
2255
2264
msgid "Enable compression on the VPN link."
2258
#: serverguide/C/vpn.xml:420(programlisting)
2267
#: serverguide/C/vpn.xml:447(programlisting)
2265
#: serverguide/C/vpn.xml:424(para)
2274
#: serverguide/C/vpn.xml:451(para)
2267
"The keepalive directive causes ping-like messages to be sent back and forth "
2268
"over the link so that each side knows when the other side has gone down. "
2269
"Ping every 1 second, assume that remote peer is down if no ping received "
2270
"during a 3 second time period."
2276
"The <emphasis>keepalive</emphasis> directive causes ping-like messages to be "
2277
"sent back and forth over the link so that each side knows when the other "
2278
"side has gone down. Ping every 1 second, assume that remote peer is down if "
2279
"no ping received during a 3 second time period."
2273
#: serverguide/C/vpn.xml:433(programlisting)
2282
#: serverguide/C/vpn.xml:460(programlisting)
2277
2286
"keepalive 1 3\n"
2280
#: serverguide/C/vpn.xml:437(para)
2289
#: serverguide/C/vpn.xml:464(para)
2282
2291
"It's a good idea to reduce the OpenVPN daemon's privileges after "
2283
2292
"initialization."
2286
#: serverguide/C/vpn.xml:440(programlisting)
2295
#: serverguide/C/vpn.xml:467(programlisting)
2933
2942
#: serverguide/C/virtualization.xml:113(para)
2935
2944
"Yet another way to install an Ubuntu virtual machine is to use "
2936
"<application>uvtool</application>. This application, available as of 14.04 "
2945
"<application>uvtool</application>. This application, available as of 14.04, "
2937
2946
"allows you to set up specific VM options, execute custom post-install "
2938
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>"
2947
"scripts, etc. For details see <xref linkend=\"cloud-images-and-uvtool\"/>."
2941
#: serverguide/C/virtualization.xml:101(para)
2950
#: serverguide/C/virtualization.xml:119(para)
2943
2952
"Libvirt can also be configured work with <application>Xen</application>. For "
2944
2953
"details, see the Xen Ubuntu community page referenced below."
2947
#: serverguide/C/virtualization.xml:106(title)
2956
#: serverguide/C/virtualization.xml:125(title)
2948
2957
msgid "virt-install"
2949
2958
msgstr "virt-install"
2951
#: serverguide/C/virtualization.xml:107(para)
2960
#: serverguide/C/virtualization.xml:127(para)
2953
2962
"<application>virt-install</application> is part of the "
2954
2963
"<application>virtinst</application> package. To install it, from a terminal "
2955
2964
"prompt enter:"
2958
#: serverguide/C/virtualization.xml:111(command)
2967
#: serverguide/C/virtualization.xml:132(command)
2959
2968
msgid "sudo apt-get install virtinst"
2962
#: serverguide/C/virtualization.xml:113(para)
2971
#: serverguide/C/virtualization.xml:135(para)
2964
2973
"There are several options available when using <application>virt-"
2965
2974
"install</application>. For example:"
3034
3043
"After launching <application>virt-install</application> you can connect to "
3035
3044
"the virtual machine's console either locally using a GUI (if your server has "
3036
"a GUI), or via a remote VNC client from a GUI based computer."
3045
"a GUI), or via a remote VNC client from a GUI-based computer."
3039
#: serverguide/C/virtualization.xml:179(title)
3048
#: serverguide/C/virtualization.xml:206(title)
3040
3049
msgid "virt-clone"
3041
3050
msgstr "virt-clone"
3043
#: serverguide/C/virtualization.xml:180(para)
3052
#: serverguide/C/virtualization.xml:208(para)
3045
3054
"The <application>virt-clone</application> application can be used to copy "
3046
3055
"one virtual machine to another. For example:"
3049
#: serverguide/C/virtualization.xml:184(command)
3058
#: serverguide/C/virtualization.xml:212(command)
3051
3060
"sudo virt-clone -o web_devel -n database_devel -f "
3052
3061
"/path/to/database_devel.img \\ --connect=qemu:///system"
3055
#: serverguide/C/virtualization.xml:189(para)
3064
#: serverguide/C/virtualization.xml:218(para)
3056
3065
msgid "<emphasis>-o:</emphasis> original virtual machine."
3057
3066
msgstr "<emphasis>-o:</emphasis> izvirna navidezna naprava"
3059
#: serverguide/C/virtualization.xml:194(para)
3068
#: serverguide/C/virtualization.xml:222(para)
3060
3069
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3061
3070
msgstr "<emphasis>-n:</emphasis> ime nove navidezne naprave"
3063
#: serverguide/C/virtualization.xml:199(para)
3072
#: serverguide/C/virtualization.xml:227(para)
3065
3074
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3066
3075
"be used by the new virtual machine."
3069
#: serverguide/C/virtualization.xml:204(para)
3078
#: serverguide/C/virtualization.xml:232(para)
3071
3080
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3074
#: serverguide/C/virtualization.xml:209(para)
3083
#: serverguide/C/virtualization.xml:237(para)
3076
3085
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3077
3086
"help troubleshoot problems with <application>virt-clone</application>."
3080
#: serverguide/C/virtualization.xml:214(para)
3089
#: serverguide/C/virtualization.xml:242(para)
3082
3091
"Replace <emphasis>web_devel</emphasis> and "
3083
3092
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3086
#: serverguide/C/virtualization.xml:220(title)
3095
#: serverguide/C/virtualization.xml:249(title)
3087
3096
msgid "Virtual Machine Management"
3088
3097
msgstr "Upravljanje navideznih naprav"
3090
#: serverguide/C/virtualization.xml:222(title)
3099
#: serverguide/C/virtualization.xml:252(title)
3094
#: serverguide/C/virtualization.xml:223(para)
3103
#: serverguide/C/virtualization.xml:254(para)
3096
3105
"There are several utilities available to manage virtual machines and "
3097
3106
"<application>libvirt</application>. The <application>virsh</application> "
3098
3107
"utility can be used from the command line. Some examples:"
3101
#: serverguide/C/virtualization.xml:229(para)
3110
#: serverguide/C/virtualization.xml:261(para)
3102
3111
msgid "To list running virtual machines:"
3103
3112
msgstr "Za izpis zagnanih navideznih naprav:"
3105
#: serverguide/C/virtualization.xml:233(command)
3114
#: serverguide/C/virtualization.xml:264(command)
3106
3115
msgid "virsh -c qemu:///system list"
3107
3116
msgstr "virsh -c qemu:///system list"
3109
#: serverguide/C/virtualization.xml:237(para)
3118
#: serverguide/C/virtualization.xml:269(para)
3110
3119
msgid "To start a virtual machine:"
3111
3120
msgstr "Za zagon navidezne naprave:"
3113
#: serverguide/C/virtualization.xml:241(command)
3122
#: serverguide/C/virtualization.xml:272(command)
3114
3123
msgid "virsh -c qemu:///system start web_devel"
3115
3124
msgstr "virsh -c qemu:///system start ime-naprave"
3117
#: serverguide/C/virtualization.xml:245(para)
3126
#: serverguide/C/virtualization.xml:277(para)
3118
3127
msgid "Similarly, to start a virtual machine at boot:"
3121
#: serverguide/C/virtualization.xml:249(command)
3130
#: serverguide/C/virtualization.xml:280(command)
3122
3131
msgid "virsh -c qemu:///system autostart web_devel"
3123
3132
msgstr "virsh -c qemu:///system autostart ime-naprave"
3125
#: serverguide/C/virtualization.xml:253(para)
3134
#: serverguide/C/virtualization.xml:285(para)
3126
3135
msgid "Reboot a virtual machine with:"
3127
3136
msgstr "Navidezno napravo lahko znova zaženete z:"
3129
#: serverguide/C/virtualization.xml:257(command)
3138
#: serverguide/C/virtualization.xml:288(command)
3130
3139
msgid "virsh -c qemu:///system reboot web_devel"
3131
3140
msgstr "virsh -c qemu:///system reboot ime-naprave"
3133
#: serverguide/C/virtualization.xml:261(para)
3142
#: serverguide/C/virtualization.xml:293(para)
3135
3144
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3136
3145
"order to be restored later. The following will save the virtual machine "
3137
3146
"state into a file named according to the date:"
3140
#: serverguide/C/virtualization.xml:266(command)
3149
#: serverguide/C/virtualization.xml:299(command)
3141
3150
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3142
3151
msgstr "virsh -c qemu:///system save ime-naprave ime-naprave-022708.state"
3144
#: serverguide/C/virtualization.xml:268(para)
3153
#: serverguide/C/virtualization.xml:302(para)
3145
3154
msgid "Once saved the virtual machine will no longer be running."
3148
#: serverguide/C/virtualization.xml:273(para)
3157
#: serverguide/C/virtualization.xml:307(para)
3149
3158
msgid "A saved virtual machine can be restored using:"
3150
3159
msgstr "Shranjeno navidezno napravo lahko obnovite z:"
3152
#: serverguide/C/virtualization.xml:277(command)
3161
#: serverguide/C/virtualization.xml:310(command)
3153
3162
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3154
3163
msgstr "virsh -c qemu:///system restore ime-naprave-022708.state"
3156
#: serverguide/C/virtualization.xml:281(para)
3165
#: serverguide/C/virtualization.xml:315(para)
3157
3166
msgid "To shutdown a virtual machine do:"
3158
3167
msgstr "Za izklop navidezne naprave vpišite:"
3160
#: serverguide/C/virtualization.xml:285(command)
3169
#: serverguide/C/virtualization.xml:318(command)
3161
3170
msgid "virsh -c qemu:///system shutdown web_devel"
3162
3171
msgstr "virsh -c qemu:///system shutdown ime-naprave"
3164
#: serverguide/C/virtualization.xml:289(para)
3173
#: serverguide/C/virtualization.xml:323(para)
3165
3174
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3168
#: serverguide/C/virtualization.xml:293(command)
3177
#: serverguide/C/virtualization.xml:327(command)
3169
3178
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3171
3180
"virsh -c qemu:///system attach-disk ime-naprave /dev/cdrom /media/cdrom"
3173
#: serverguide/C/virtualization.xml:298(para)
3182
#: serverguide/C/virtualization.xml:333(para)
3175
3184
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3176
3185
"appropriate virtual machine name, and <filename>web_devel-"
3177
3186
"022708.state</filename> with a descriptive file name."
3180
#: serverguide/C/virtualization.xml:305(title)
3189
#: serverguide/C/virtualization.xml:341(title)
3181
3190
msgid "Virtual Machine Manager"
3182
3191
msgstr "Upravitelj navideznih naprav"
3184
#: serverguide/C/virtualization.xml:306(para)
3193
#: serverguide/C/virtualization.xml:343(para)
3186
3195
"The <application>virt-manager</application> package contains a graphical "
3187
3196
"utility to manage local and remote virtual machines. To install virt-manager "
3243
#: serverguide/C/virtualization.xml:343(para)
3252
#: serverguide/C/virtualization.xml:390(para)
3245
3254
"To install <application>virt-viewer</application> from a terminal enter:"
3247
3256
"Za namestitev programa <application>virt-viewer</application> iz terminala, "
3250
#: serverguide/C/virtualization.xml:347(command)
3259
#: serverguide/C/virtualization.xml:394(command)
3251
3260
msgid "sudo apt-get install virt-viewer"
3252
3261
msgstr "sudo apt-get install virt-viewer"
3254
#: serverguide/C/virtualization.xml:349(para)
3263
#: serverguide/C/virtualization.xml:397(para)
3256
3265
"Once a virtual machine is installed and running you can connect to the "
3257
3266
"virtual machine's console by using:"
3260
#: serverguide/C/virtualization.xml:353(command)
3269
#: serverguide/C/virtualization.xml:401(command)
3261
3270
msgid "virt-viewer -c qemu:///system web_devel"
3262
3271
msgstr "virt-viewer -c qemu:///system ime-naprave"
3264
#: serverguide/C/virtualization.xml:355(para)
3273
#: serverguide/C/virtualization.xml:404(para)
3266
3275
"Similar to <application>virt-manager</application>, <application>virt-"
3267
3276
"viewer</application> can connect to a remote host using "
3268
3277
"<emphasis>SSH</emphasis> with key authentication, as well:"
3271
#: serverguide/C/virtualization.xml:360(command)
3280
#: serverguide/C/virtualization.xml:409(command)
3272
3281
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3274
3283
"virt-viewer -c qemu+ssh://virtnode1.moja-domena.com/system ime-naprave"
3276
#: serverguide/C/virtualization.xml:362(para)
3285
#: serverguide/C/virtualization.xml:412(para)
3278
3287
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3279
3288
"appropriate virtual machine name."
3305
3314
"Za več podrobnosti o <application>libvirt</application> si oglejte <ulink "
3306
3315
"url=\"http://libvirt.org/\">domačo stran libvirt</ulink>."
3308
#: serverguide/C/virtualization.xml:384(para)
3317
#: serverguide/C/virtualization.xml:436(para)
3310
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3311
"Manager</ulink> site has more information on <application>virt-"
3312
"manager</application> development."
3319
"The <ulink url=\"http://virt-manager.org/\">Virtual Machine Manager</ulink> "
3320
"site has more information on <application>virt-manager</application> "
3315
#: serverguide/C/virtualization.xml:390(para)
3324
#: serverguide/C/virtualization.xml:442(para)
3317
3326
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3318
3327
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3319
3328
"technology in Ubuntu."
3322
#: serverguide/C/virtualization.xml:396(para)
3331
#: serverguide/C/virtualization.xml:448(para)
3324
3333
"Another good resource is the <ulink "
3325
3334
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
3328
#: serverguide/C/virtualization.xml:401(para)
3337
#: serverguide/C/virtualization.xml:454(para)
3330
3339
"For information on Xen, including using Xen with libvirt, please see the "
3331
3340
"<ulink url=\"https://help.ubuntu.com/community/Xen\">Ubuntu Wiki Xen</ulink> "
3336
3345
msgid "Cloud images and uvtool"
3339
#: serverguide/C/windows-networking.xml:23(title) serverguide/C/virtualization.xml:412(title) serverguide/C/security.xml:352(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1187(title)
3348
#: serverguide/C/virtualization.xml:467(title) serverguide/C/security.xml:367(title) serverguide/C/samba.xml:23(title) serverguide/C/remote-administration.xml:18(title) serverguide/C/package-management.xml:18(title) serverguide/C/introduction.xml:11(title) serverguide/C/installation.xml:1260(title)
3340
3349
msgid "Introduction"
3343
3352
#: serverguide/C/virtualization.xml:469(para)
3345
"With Ubuntu being one of the most used operating systems on most of the "
3346
"cloud platforms, the availability of stable and secure cloud images has "
3347
"become very important. As of 12.04 the utilization of cloud images outside "
3348
"of a cloud infrastructure has been improved. It is now possible to use those "
3354
"With Ubuntu being one of the most used operating systems on many cloud "
3355
"platforms, the availability of stable and secure cloud images has become "
3356
"very important. As of 12.04 the utilization of cloud images outside of a "
3357
"cloud infrastructure has been improved. It is now possible to use those "
3349
3358
"images to create a virtual machine without the need of a complete "
3350
3359
"installation."
3353
#: serverguide/C/virtualization.xml:478(title)
3362
#: serverguide/C/virtualization.xml:477(title)
3354
3363
msgid "Creating virtual machines using uvtool"
3357
#: serverguide/C/virtualization.xml:480(para)
3366
#: serverguide/C/virtualization.xml:479(para)
3359
3368
"Starting with 14.04 LTS, a tool called uvtool greatly facilitates the task "
3360
3369
"of generating virtual machines (VM) using the cloud images. "
3362
3371
"synchronize cloud-images locally and use them to create new VMs in minutes."
3365
#: serverguide/C/virtualization.xml:487(title)
3374
#: serverguide/C/virtualization.xml:486(title)
3366
3375
msgid "Uvtool packages"
3369
#: serverguide/C/virtualization.xml:489(para)
3378
#: serverguide/C/virtualization.xml:488(para)
3371
"The following packages and their dependancies will be required in order to "
3380
"The following packages and their dependencies will be required in order to "
3375
#: serverguide/C/virtualization.xml:496(para)
3384
#: serverguide/C/virtualization.xml:495(para)
3379
#: serverguide/C/virtualization.xml:500(para)
3388
#: serverguide/C/virtualization.xml:499(para)
3380
3389
msgid "uvtool-libvirt"
3383
#: serverguide/C/virtualization.xml:505(para)
3385
"Installation of <application>uvtool</application> is done the same as for "
3386
"any other application by using apt-get:"
3392
#: serverguide/C/virtualization.xml:504(para)
3393
msgid "To install <application>uvtool</application>, run:"
3389
#: serverguide/C/virtualization.xml:507(programlisting)
3396
#: serverguide/C/virtualization.xml:505(programlisting)
3391
3398
msgid "$ apt-get -y install uvtool"
3394
#: serverguide/C/virtualization.xml:509(para)
3401
#: serverguide/C/virtualization.xml:507(para)
3395
3402
msgid "This will install uvtool's main commands:"
3398
#: serverguide/C/virtualization.xml:511(application)
3405
#: serverguide/C/virtualization.xml:509(application)
3399
3406
msgid "uvt-simplestreams-libvirt"
3402
#: serverguide/C/virtualization.xml:512(application)
3409
#: serverguide/C/virtualization.xml:510(application)
3403
3410
msgid "uvt-kvm"
3406
#: serverguide/C/virtualization.xml:517(title)
3413
#: serverguide/C/virtualization.xml:515(title)
3408
3415
"Get the Ubuntu Cloud Image with <application>uvt-simplestreams-"
3409
3416
"libvirt</application>"
3412
#: serverguide/C/virtualization.xml:519(para)
3419
#: serverguide/C/virtualization.xml:517(para)
3414
3421
"This is one of the major simplifications that "
3415
3422
"<application>uvtool</application> brings. It is aware of where to find the "
3441
3448
"release=trusty arch=amd64 label=beta1 (20140226.1)\n"
3444
#: serverguide/C/virtualization.xml:538(para)
3451
#: serverguide/C/virtualization.xml:536(para)
3446
3453
"In the case where you want to synchronize only one specific cloud-image, you "
3447
3454
"need to use the release= and arch= filters to identify which image needs to "
3448
3455
"be synchronized."
3451
#: serverguide/C/virtualization.xml:541(programlisting)
3458
#: serverguide/C/virtualization.xml:539(programlisting)
3453
3460
msgid "$ uvt-simplestreams-libvirt sync release=precise arch=amd64\n"
3456
#: serverguide/C/virtualization.xml:546(title)
3463
#: serverguide/C/virtualization.xml:544(title)
3457
3464
msgid "Create the VM using uvt-kvm"
3460
#: serverguide/C/virtualization.xml:548(para)
3467
#: serverguide/C/virtualization.xml:546(para)
3462
"In order to be able to connect to the virtual machine once it has been "
3463
"created, it is necessary to have a valid SSH key available for the ubuntu "
3464
"user. If your environment does not have a ssh key, you can easily create one "
3465
"using the following command:"
3469
"In order to connect to the virtual machine once it has been created, you "
3470
"must have a valid SSH key available for the Ubuntu user. If your environment "
3471
"does not have an SSH key, you can easily create one using the following "
3468
#: serverguide/C/virtualization.xml:552(programlisting)
3475
#: serverguide/C/virtualization.xml:548(programlisting)
3492
3499
"+-----------------+\n"
3502
#: serverguide/C/virtualization.xml:571(para)
3504
"To create of a new virtual machine using uvtool, run the following in a "
3508
#: serverguide/C/virtualization.xml:573(programlisting)
3510
msgid "$ uvt-kvm create firsttest"
3495
3513
#: serverguide/C/virtualization.xml:575(para)
3497
"The creation of a new virtual machine using uvtool is easy. In its simplest "
3498
"form, you only need to do:"
3501
#: serverguide/C/virtualization.xml:578(programlisting)
3503
msgid "$ uvt-kvm create firsttest"
3506
#: serverguide/C/virtualization.xml:580(para)
3508
3515
"This will create a VM named <emphasis role=\"bold\">firsttest</emphasis> "
3509
3516
"using the current LTS cloud image available locally. If you want to specify "
3510
3517
"a release to be used to create the VM, you need to use the <emphasis "
3511
"role=\"bold\">release=</emphasis> filter"
3518
"role=\"bold\">release=</emphasis> filter:"
3521
#: serverguide/C/virtualization.xml:578(programlisting)
3523
msgid "$ uvt-kvm create secondtest release=trusty"
3526
#: serverguide/C/virtualization.xml:580(para)
3528
"<application>uvt-kvm wait</application> can be used to wait until the "
3529
"creation of the VM has completed:"
3514
3532
#: serverguide/C/virtualization.xml:583(programlisting)
3516
msgid "$ uvt-kvm create secondtest release=trusty"
3519
#: serverguide/C/virtualization.xml:585(para)
3521
"The <application>uvt-kvm wait {name}</application> can be used to wait until "
3522
"the creation of the VM has completed"
3525
#: serverguide/C/virtualization.xml:588(programlisting)
3528
3535
"$ uvt-kvm wait secondttest --insecure\n"
3529
3536
"Warning: secure wait for boot-finished not yet implemented; use --insecure.\n"
3532
#: serverguide/C/virtualization.xml:593(title)
3539
#: serverguide/C/virtualization.xml:588(title)
3533
3540
msgid "Connect to the running VM"
3536
#: serverguide/C/virtualization.xml:594(para)
3543
#: serverguide/C/virtualization.xml:589(para)
3538
3545
"Once the virtual machine creation is completed, you can connect to it using "
3542
#: serverguide/C/virtualization.xml:597(programlisting)
3549
#: serverguide/C/virtualization.xml:592(programlisting)
3544
3551
msgid "$ uvt-kvm ssh secondtest --insecure"
3547
#: serverguide/C/virtualization.xml:599(para)
3554
#: serverguide/C/virtualization.xml:594(para)
3549
3556
"For the time being, the <emphasis role=\"bold\">--insecure</emphasis> is "
3550
"required so you should be using this mechanism to connect to your VM only if "
3551
"you completely trust your network infrastructure"
3557
"required, so use this mechanism to connect to your VM only if you completely "
3558
"trust your network infrastructure."
3554
#: serverguide/C/virtualization.xml:602(para)
3561
#: serverguide/C/virtualization.xml:596(para)
3556
"You can also connect to your VM using a regular ssh session using the IP "
3563
"You can also connect to your VM using a regular SSH session using the IP "
3557
3564
"address of the VM. The address can be queried using the following command:"
3560
#: serverguide/C/virtualization.xml:605(programlisting)
3567
#: serverguide/C/virtualization.xml:598(programlisting)
3591
#: serverguide/C/virtualization.xml:631(title)
3598
#: serverguide/C/virtualization.xml:624(title)
3592
3599
msgid "Get the list of running VMs"
3595
#: serverguide/C/virtualization.xml:632(para)
3596
msgid "You can get the list of VM running on your system with this command:"
3602
#: serverguide/C/virtualization.xml:625(para)
3603
msgid "You can get the list of VMs running on your system with this command:"
3599
#: serverguide/C/virtualization.xml:634(programlisting)
3606
#: serverguide/C/virtualization.xml:627(programlisting)
3602
3609
"$ uvt-kvm list\n"
3606
#: serverguide/C/virtualization.xml:639(title)
3613
#: serverguide/C/virtualization.xml:632(title)
3607
3614
msgid "Destroy your VM"
3610
#: serverguide/C/virtualization.xml:640(para)
3611
msgid "Once you are done with your VM, you can proceed to destroy it with:"
3617
#: serverguide/C/virtualization.xml:633(para)
3618
msgid "Once you are done with your VM, you can destroy it with:"
3614
#: serverguide/C/virtualization.xml:642(programlisting)
3621
#: serverguide/C/virtualization.xml:635(programlisting)
3616
3623
msgid "$ uvt-kvm destroy secondtest"
3619
#: serverguide/C/virtualization.xml:644(title)
3626
#: serverguide/C/virtualization.xml:637(title)
3620
3627
msgid "More uvt-kvm options"
3623
#: serverguide/C/virtualization.xml:646(para)
3630
#: serverguide/C/virtualization.xml:639(para)
3625
3632
"The following options can be used to change some of the characteristics of "
3626
"the virtual memory that you are creating"
3633
"the VM that you are creating:"
3636
#: serverguide/C/virtualization.xml:642(para)
3637
msgid "--memory : Amount of RAM in megabytes. Default: 512."
3640
#: serverguide/C/virtualization.xml:643(para)
3641
msgid "--disk : Size of the OS disk in gigabytes. Default: 8."
3644
#: serverguide/C/virtualization.xml:644(para)
3645
msgid "--cpu : Number of CPU cores. Default: 1."
3648
#: serverguide/C/virtualization.xml:647(para)
3650
"Some other parameters will have an impact on the cloud-init configuration:"
3653
#: serverguide/C/virtualization.xml:649(para)
3655
"--password password : Allow login to the VM using the Ubuntu account and "
3656
"this provided password."
3629
3659
#: serverguide/C/virtualization.xml:650(para)
3630
msgid "--memory : Amount of RAM in megabytes. Default: 512"
3633
#: serverguide/C/virtualization.xml:651(para)
3634
msgid "--disk : Size of the OS disk in gigabytes. Default: 8"
3637
#: serverguide/C/virtualization.xml:652(para)
3638
msgid "--cpu : Number of CPU cores. Default: 1"
3641
#: serverguide/C/virtualization.xml:655(para)
3643
"Some other parameters will have an impact on the cloud-init configuration"
3646
#: serverguide/C/virtualization.xml:657(para)
3648
"--password password : Allow login to the VM using the ubuntu account and "
3649
"this provided password"
3652
#: serverguide/C/virtualization.xml:658(para)
3654
3661
"--run-script-once script_file : Run script_file as root on the VM the first "
3655
3662
"time it is booted, but never again."
3658
#: serverguide/C/virtualization.xml:659(para)
3665
#: serverguide/C/virtualization.xml:651(para)
3660
3667
"--packages package_list : Install the comma-separated packages specified in "
3661
3668
"package_list on first boot."
3664
#: serverguide/C/virtualization.xml:662(para)
3671
#: serverguide/C/virtualization.xml:654(para)
3666
3673
"A complete description of all available modifiers is available in the "
3667
"manpage of uvt-kvm"
3674
"manpage of uvt-kvm."
3670
#: serverguide/C/virtualization.xml:1073(para)
3677
#: serverguide/C/virtualization.xml:661(para)
3672
3679
"If you are interested in learning more, have questions or suggestions, "
3673
3680
"please contact the Ubuntu Server Team at:"
3676
#: serverguide/C/virtualization.xml:1078(para)
3683
#: serverguide/C/virtualization.xml:666(para)
3677
3684
msgid "IRC: #ubuntu-server on freenode"
3678
3685
msgstr "IRC: #ubuntu-server na freenode-u"
3680
#: serverguide/C/virtualization.xml:1083(para)
3687
#: serverguide/C/virtualization.xml:670(para)
3682
3689
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
3683
3690
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3686
#: serverguide/C/virtualization.xml:2121(title)
3693
#: serverguide/C/virtualization.xml:679(title)
3687
3694
msgid "Ubuntu Cloud"
3690
#: serverguide/C/virtualization.xml:2122(para)
3697
#: serverguide/C/virtualization.xml:681(para)
3692
3699
"<application>Cloud computing</application> is a computing model that allows "
3693
3700
"vast pools of resources to be allocated on-demand. These resources such as "
3711
3718
"concerning installation and configuration."
3714
#: serverguide/C/virtualization.xml:2452(title)
3721
#: serverguide/C/virtualization.xml:703(title)
3715
3722
msgid "Support and Troubleshooting"
3718
#: serverguide/C/virtualization.xml:2453(para)
3725
#: serverguide/C/virtualization.xml:705(para)
3719
3726
msgid "Community Support"
3722
#: serverguide/C/virtualization.xml:2457(ulink)
3729
#: serverguide/C/virtualization.xml:709(ulink)
3723
3730
msgid "OpenStack Mailing list"
3726
#: serverguide/C/virtualization.xml:2462(ulink)
3733
#: serverguide/C/virtualization.xml:714(ulink)
3727
3734
msgid "The OpenStack Wiki search"
3730
#: serverguide/C/virtualization.xml:2468(ulink)
3737
#: serverguide/C/virtualization.xml:719(ulink)
3731
3738
msgid "Launchpad bugs area"
3734
#: serverguide/C/virtualization.xml:2472(para)
3741
#: serverguide/C/virtualization.xml:724(para)
3735
3742
msgid "Join the IRC channel #openstack on freenode."
3738
#: serverguide/C/virtualization.xml:2486(ulink)
3745
#: serverguide/C/virtualization.xml:735(ulink)
3739
3746
msgid "Cloud Computing - Service models"
3742
#: serverguide/C/virtualization.xml:2491(ulink)
3749
#: serverguide/C/virtualization.xml:741(ulink)
3743
3750
msgid "OpenStack Compute"
3746
#: serverguide/C/virtualization.xml:2496(ulink)
3753
#: serverguide/C/virtualization.xml:747(ulink)
3747
3754
msgid "OpenStack Image Service"
3750
#: serverguide/C/virtualization.xml:2501(ulink)
3757
#: serverguide/C/virtualization.xml:753(ulink)
3751
3758
msgid "OpenStack Object Storage Administration Guide"
3754
#: serverguide/C/virtualization.xml:2506(ulink)
3761
#: serverguide/C/virtualization.xml:759(ulink)
3755
3762
msgid "Installing OpenStack Object Storage on Ubuntu"
3758
#: serverguide/C/virtualization.xml:2511(ulink)
3765
#: serverguide/C/virtualization.xml:765(ulink)
3759
3766
msgid "http://cloudglossary.com/"
3762
#: serverguide/C/virtualization.xml:2586(title)
3769
#: serverguide/C/virtualization.xml:775(title)
3766
#: serverguide/C/virtualization.xml:785(para)
3773
#: serverguide/C/virtualization.xml:777(para)
3768
3775
"Containers are a lightweight virtualization technology. They are more akin "
3769
3776
"to an enhanced chroot than to full virtualization like Qemu or VMware, both "
4010
#: serverguide/C/virtualization.xml:1015(para)
4017
#: serverguide/C/virtualization.xml:1007(para)
4012
4019
"<filename>default.conf</filename> specifies configuration which every newly "
4013
4020
"created container should contain. This usually contains at least a network "
4014
4021
"section, and, for unprivileged users, an id mapping section"
4017
#: serverguide/C/virtualization.xml:1022(para)
4024
#: serverguide/C/virtualization.xml:1014(para)
4019
4026
"<filename>lxc-usernet.conf</filename> specifies how unprivileged users may "
4020
4027
"connect their containers to the host-owned network."
4023
#: serverguide/C/virtualization.xml:1002(para)
4030
#: serverguide/C/virtualization.xml:994(para)
4025
4032
"The following configuration files are consulted by LXC. For privileged use, "
4026
4033
"they are found under <filename>/etc/lxc</filename>, while for unprivileged "
4027
4034
"use they are under <filename>~/.config/lxc</filename>. <placeholder-1/>"
4030
#: serverguide/C/virtualization.xml:1028(para)
4037
#: serverguide/C/virtualization.xml:1020(para)
4032
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are "
4033
"exist both under <filename>/etc/lxc</filename> and "
4039
"<filename>lxc.conf</filename> and <filename>default.conf</filename> are both "
4040
"under <filename>/etc/lxc</filename> and "
4034
4041
"<filename>$HOME/.config/lxc</filename>, while <filename>lxc-"
4035
4042
"usernet.conf</filename> is only host-wide."
4038
#: serverguide/C/virtualization.xml:1033(para)
4045
#: serverguide/C/virtualization.xml:1025(para)
4040
4047
"By default, containers are located under /var/lib/lxc for the root user, and "
4041
4048
"$HOME/.local/share/lxc otherwise. The location can be specified for all lxc "
4042
4049
"commands using the \"-P|--lxcpath\" argument."
4045
#: serverguide/C/virtualization.xml:1210(para) serverguide/C/virtualization.xml:1272(para) serverguide/C/network-config.xml:11(title)
4052
#: serverguide/C/virtualization.xml:1034(title) serverguide/C/network-config.xml:11(title)
4046
4053
msgid "Networking"
4049
#: serverguide/C/virtualization.xml:1043(para)
4056
#: serverguide/C/virtualization.xml:1035(para)
4051
4058
"By default LXC creates a private network namespace for each container, which "
4052
4059
"includes a layer 2 networking stack. Containers usually connect to the "
4439
4447
"i/o, guarantee minimum cpu shares, and to lock containers to specific cpus."
4442
#: serverguide/C/virtualization.xml:1377(para)
4450
#: serverguide/C/virtualization.xml:1369(para)
4444
"By default, a privileged container CN will be assigned a cgroup called "
4452
"By default, a privileged container CN will be assigned to a cgroup called "
4445
4453
"<filename>/lxc/CN</filename>. In the case of name conflicts (which can occur "
4446
4454
"when using custom lxcpaths) a suffix \"-n\", where n is an integer starting "
4447
4455
"at 0, will be appended to the cgroup name."
4450
#: serverguide/C/virtualization.xml:1383(para)
4458
#: serverguide/C/virtualization.xml:1375(para)
4452
"By default, a privileged container CN will be assigned a cgroup called "
4460
"By default, a privileged container CN will be assigned to a cgroup called "
4453
4461
"<filename>CN</filename> under the cgroup of the task which started the "
4454
4462
"container, for instance <filename>/usr/1000.user/1.session/CN</filename>. "
4455
4463
"The container root will be given group ownership of the directory (but not "
4456
4464
"all files) so that it is allowed to create new child cgroups."
4459
#: serverguide/C/virtualization.xml:1390(para)
4467
#: serverguide/C/virtualization.xml:1382(para)
4461
4469
"As of Ubuntu 14.04, LXC uses the cgroup manager (cgmanager) to administer "
4462
4470
"cgroups. The cgroup manager receives D-Bus requests over the Unix socket "
4463
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To fascilitate safe "
4471
"<filename>/sys/fs/cgroup/cgmanager/sock</filename>. To facilitate safe "
4464
4472
"nested containers, the line <screen>\n"
4466
4474
"lxc.mount.auto = cgroup\n"
4516
4524
"container, and to only use its snapshots."
4519
#: serverguide/C/virtualization.xml:1446(para)
4527
#: serverguide/C/virtualization.xml:1438(para)
4520
4528
msgid "Given an existing container called C1, a copy can be created using:"
4523
#: serverguide/C/virtualization.xml:3274(command)
4531
#: serverguide/C/virtualization.xml:1442(command)
4524
4532
msgid "sudo lxc-clone -o C1 -n C2"
4527
#: serverguide/C/virtualization.xml:1455(para)
4528
msgid "A snapshot can be created using"
4535
#: serverguide/C/virtualization.xml:1447(para)
4536
msgid "A snapshot can be created using:"
4531
#: serverguide/C/virtualization.xml:3288(command)
4539
#: serverguide/C/virtualization.xml:1449(command)
4532
4540
msgid "sudo lxc-clone -s -o C1 -n C2"
4535
#: serverguide/C/virtualization.xml:1461(para)
4543
#: serverguide/C/virtualization.xml:1453(para)
4536
4544
msgid "See the lxc-clone manpage for more information."
4539
#: serverguide/C/virtualization.xml:1464(title)
4547
#: serverguide/C/virtualization.xml:1456(title)
4540
4548
msgid "Snapshots"
4543
#: serverguide/C/virtualization.xml:1465(para)
4551
#: serverguide/C/virtualization.xml:1457(para)
4545
4553
"To more easily support the use of snapshot clones for iterative container "
4546
4554
"development, LXC supports <emphasis>snapshots</emphasis>. When working on a "
4598
4606
"page for more options."
4601
#: serverguide/C/virtualization.xml:1527(title)
4609
#: serverguide/C/virtualization.xml:1519(title)
4602
4610
msgid "Lifecycle management hooks"
4605
#: serverguide/C/virtualization.xml:1529(para)
4613
#: serverguide/C/virtualization.xml:1521(para)
4607
4615
"Beginning with Ubuntu 12.10, it is possible to define hooks to be executed "
4608
4616
"at specific points in a container's lifetime:"
4611
#: serverguide/C/virtualization.xml:1534(para)
4619
#: serverguide/C/virtualization.xml:1526(para)
4613
4621
"Pre-start hooks are run in the host's namespace before the container ttys, "
4614
4622
"consoles, or mounts are up. If any mounts are done in this hook, they should "
4615
4623
"be cleaned up in the post-stop hook."
4618
#: serverguide/C/virtualization.xml:1541(para)
4626
#: serverguide/C/virtualization.xml:1533(para)
4620
4628
"Pre-mount hooks are run in the container's namespaces, but before the root "
4621
4629
"filesystem has been mounted. Mounts done in this hook will be automatically "
4622
4630
"cleaned up when the container shuts down."
4625
#: serverguide/C/virtualization.xml:1548(para)
4633
#: serverguide/C/virtualization.xml:1540(para)
4627
4635
"Mount hooks are run after the container filesystems have been mounted, but "
4628
4636
"before the container has called <command>pivot_root</command> to change its "
4629
4637
"root filesystem."
4632
#: serverguide/C/virtualization.xml:1555(para)
4640
#: serverguide/C/virtualization.xml:1547(para)
4634
4642
"Start hooks are run immediately before executing the container's init. Since "
4635
4643
"these are executed after pivoting into the container's filesystem, the "
4636
4644
"command to be executed must be copied into the container's filesystem."
4639
#: serverguide/C/virtualization.xml:1562(para)
4647
#: serverguide/C/virtualization.xml:1554(para)
4640
4648
msgid "Post-stop hooks are executed after the container has been shut down."
4643
#: serverguide/C/virtualization.xml:1567(para)
4651
#: serverguide/C/virtualization.xml:1559(para)
4645
4653
"If any hook returns an error, the container's run will be aborted. Any "
4646
4654
"<emphasis>post-stop</emphasis> hook will still be executed. Any output "
4647
4655
"generated by the script will be logged at the debug priority."
4650
#: serverguide/C/virtualization.xml:1572(para)
4658
#: serverguide/C/virtualization.xml:1564(para)
4652
4660
"Please see the lxc.container.conf manual page for the configuration file "
4653
4661
"format with which to specify hooks. Some sample hooks are shipped with the "
4654
4662
"lxc package to serve as an example of how to write and use such hooks."
4657
#: serverguide/C/virtualization.xml:3452(title)
4665
#: serverguide/C/virtualization.xml:1571(title)
4658
4666
msgid "Consoles"
4661
#: serverguide/C/virtualization.xml:1581(para)
4669
#: serverguide/C/virtualization.xml:1573(para)
4663
4671
"Containers have a configurable number of consoles. One always exists on the "
4664
4672
"container's <filename>/dev/console</filename>. This is shown on the terminal "
4905
4913
"to the use of containers."
4908
#: serverguide/C/virtualization.xml:4398(para)
4916
#: serverguide/C/virtualization.xml:1795(para)
4910
4918
"The <ulink url=\"http://www.ibm.com/developerworks/linux/library/l-lxc-"
4911
4919
"security/index.html\"> Secure Containers Cookbook</ulink> demonstrated the "
4912
4920
"use of security modules to make containers more secure."
4915
#: serverguide/C/virtualization.xml:1810(para) serverguide/C/cgroups.xml:202(para)
4923
#: serverguide/C/virtualization.xml:1802(para) serverguide/C/cgroups.xml:202(para)
4916
4924
msgid "Manual pages referenced above can be found at:"
4919
#: serverguide/C/virtualization.xml:4407(ulink)
4927
#: serverguide/C/virtualization.xml:1804(ulink)
4920
4928
msgid "capabilities"
4923
#: serverguide/C/virtualization.xml:4408(ulink)
4931
#: serverguide/C/virtualization.xml:1805(ulink)
4924
4932
msgid "lxc.conf"
4927
#: serverguide/C/virtualization.xml:1818(para)
4935
#: serverguide/C/virtualization.xml:1810(para)
4929
4937
"The upstream LXC project is hosted at <ulink "
4930
4938
"url=\"http://linuxcontainers.org\">linuxcontainers.org</ulink>."
4933
#: serverguide/C/virtualization.xml:4420(para)
4941
#: serverguide/C/virtualization.xml:1815(para)
4935
4943
"LXC security issues are listed and discussed at <ulink "
4936
4944
"url=\"http://wiki.ubuntu.com/LxcSecurity\">the LXC Security wiki page</ulink>"
4939
#: serverguide/C/virtualization.xml:1829(para)
4947
#: serverguide/C/virtualization.xml:1821(para)
4941
4949
"For more on namespaces in Linux, see: S. Bhattiprolu, E. W. Biederman, S. E. "
4942
4950
"Hallyn, and D. Lezcano. Virtual Servers and Check- point/Restart in "
5036
5044
"access or a central server."
5039
#: serverguide/C/vcs.xml:88(para)
5047
#: serverguide/C/vcs.xml:95(para)
5041
5049
"The <application>git</application> version control system is installed with "
5042
5050
"the following command"
5045
#: serverguide/C/vcs.xml:92(command)
5053
#: serverguide/C/vcs.xml:99(command)
5046
5054
msgid "sudo apt-get install git"
5049
#: serverguide/C/vcs.xml:97(para)
5057
#: serverguide/C/vcs.xml:104(para)
5051
5059
"Every git user should first introduce himself to git, by running these two "
5055
#: serverguide/C/vcs.xml:99(command)
5063
#: serverguide/C/vcs.xml:106(command)
5056
5064
msgid "git config --global user.email \"you@example.com\""
5059
#: serverguide/C/vcs.xml:100(command)
5067
#: serverguide/C/vcs.xml:107(command)
5060
5068
msgid "git config --global user.name \"Your Name\""
5063
#: serverguide/C/vcs.xml:105(para)
5071
#: serverguide/C/vcs.xml:112(para)
5065
5073
"The above is already sufficient to use git in a distributed and secure way, "
5066
5074
"provided users have access to the machine assuming the server role via SSH. "
5067
"On the server machine, creating a new repository can be done with"
5075
"On the server machine, creating a new repository can be done with:"
5070
#: serverguide/C/vcs.xml:108(command)
5078
#: serverguide/C/vcs.xml:119(command)
5071
5079
msgid "git init --bare /path/to/repository"
5074
#: serverguide/C/vcs.xml:110(para)
5082
#: serverguide/C/vcs.xml:121(para)
5076
5084
"This creates a bare repository, that cannot be used to edit files directly. "
5077
5085
"If you would rather have a working copy of the contents of the repository on "
5078
5086
"the server, ommit the <emphasis>--bare</emphasis> option."
5081
#: serverguide/C/vcs.xml:111(para)
5089
#: serverguide/C/vcs.xml:122(para)
5083
"Any client with ssh access to the machine can from then on clone the "
5091
"Any client with SSH access to the machine can then clone the repository with:"
5087
#: serverguide/C/vcs.xml:113(command)
5094
#: serverguide/C/vcs.xml:127(command)
5088
5095
msgid "git clone username@hostname:/path/to/repository"
5091
#: serverguide/C/vcs.xml:115(para)
5098
#: serverguide/C/vcs.xml:129(para)
5093
5100
"Once cloned to the client's machine, the client can edit files, then commit "
5094
5101
"and share them with:"
5097
#: serverguide/C/vcs.xml:119(command)
5104
#: serverguide/C/vcs.xml:133(command)
5098
5105
msgid "cd /path/to/repository"
5101
#: serverguide/C/vcs.xml:120(command)
5108
#: serverguide/C/vcs.xml:134(command)
5102
5109
msgid "#(edit some files"
5105
#: serverguide/C/vcs.xml:121(command)
5112
#: serverguide/C/vcs.xml:135(command)
5107
5114
"git commit -a # Commit all changes to the local version of the repository"
5110
#: serverguide/C/vcs.xml:122(command)
5117
#: serverguide/C/vcs.xml:136(command)
5112
5119
"git push origin master # Push changes to the server's version of the "
5116
#: serverguide/C/vcs.xml:127(title)
5123
#: serverguide/C/vcs.xml:141(title)
5117
5124
msgid "Installing a gitolite server"
5120
#: serverguide/C/vcs.xml:128(para)
5127
#: serverguide/C/vcs.xml:142(para)
5122
5129
"While the above is sufficient to create, clone and edit repositories, users "
5123
5130
"wanting to install git on a server will most likely want to have git work "
5251
5258
" R = denise\n"
5254
#: serverguide/C/vcs.xml:195(title)
5261
#: serverguide/C/vcs.xml:209(title)
5255
5262
msgid "Using your server"
5258
#: serverguide/C/vcs.xml:196(para)
5265
#: serverguide/C/vcs.xml:210(para)
5260
5267
"To use the newly created server, users have to have the gitolite admin "
5261
5268
"import their public key into the gitolite configuration repository, they can "
5262
5269
"then access any project they have access to with the following command:"
5265
#: serverguide/C/vcs.xml:198(command)
5272
#: serverguide/C/vcs.xml:212(command)
5266
5273
msgid "git clone git@$SERVER_IP:$PROJECT_NAME.git"
5269
#: serverguide/C/vcs.xml:200(para)
5276
#: serverguide/C/vcs.xml:214(para)
5271
5278
"Or add the server's project as a remote for an existing git repository:"
5274
#: serverguide/C/vcs.xml:202(command)
5281
#: serverguide/C/vcs.xml:216(command)
5275
5282
msgid "git remote add gitolite git@$SERVER_IP:$PROJECT_NAME.git"
5278
#: serverguide/C/vcs.xml:79(title)
5285
#: serverguide/C/vcs.xml:221(title)
5279
5286
msgid "Subversion"
5280
5287
msgstr "Subversion"
5282
#: serverguide/C/vcs.xml:80(para)
5289
#: serverguide/C/vcs.xml:222(para)
5284
5291
"Subversion is an open source version control system. Using Subversion, you "
5285
5292
"can record the history of source files and documents. It manages files and "
5299
5306
"section to install and configure the digital certificate."
5302
#: serverguide/C/vcs.xml:94(para)
5309
#: serverguide/C/vcs.xml:236(para)
5304
5311
"To install Subversion, run the following command from a terminal prompt:"
5307
#: serverguide/C/vcs.xml:227(command)
5314
#: serverguide/C/vcs.xml:241(command)
5308
5315
msgid "sudo apt-get install subversion apache2 libapache2-svn"
5311
#: serverguide/C/vcs.xml:105(title)
5318
#: serverguide/C/vcs.xml:247(title)
5312
5319
msgid "Server Configuration"
5313
5320
msgstr "Nastavljanje strežnika"
5315
#: serverguide/C/vcs.xml:106(para)
5322
#: serverguide/C/vcs.xml:248(para)
5317
5324
"This step assumes you have installed above mentioned packages on your "
5318
5325
"system. This section explains how to create a Subversion repository and "
5319
5326
"access the project."
5322
#: serverguide/C/vcs.xml:109(title)
5329
#: serverguide/C/vcs.xml:251(title)
5323
5330
msgid "Create Subversion Repository"
5324
5331
msgstr "Ustvarite skladišče Subversion"
5326
#: serverguide/C/vcs.xml:110(para)
5333
#: serverguide/C/vcs.xml:252(para)
5328
5335
"The Subversion repository can be created using the following command from a "
5329
5336
"terminal prompt:"
5332
#: serverguide/C/vcs.xml:114(command)
5339
#: serverguide/C/vcs.xml:256(command)
5333
5340
msgid "svnadmin create /path/to/repos/project"
5336
#: serverguide/C/vcs.xml:119(title)
5343
#: serverguide/C/vcs.xml:261(title)
5337
5344
msgid "Importing Files"
5338
5345
msgstr "Uvažanje datotek"
5340
#: serverguide/C/vcs.xml:120(para)
5347
#: serverguide/C/vcs.xml:262(para)
5342
5349
"Once you create the repository you can <emphasis>import</emphasis> files "
5343
5350
"into the repository. To import a directory, enter the following from a "
5359
5366
"schemes map to the available access methods."
5362
#: serverguide/C/vcs.xml:144(para)
5369
#: serverguide/C/vcs.xml:286(para)
5366
#: serverguide/C/vcs.xml:145(para)
5373
#: serverguide/C/vcs.xml:287(para)
5367
5374
msgid "Access Method"
5368
5375
msgstr "Metoda dostopa"
5370
#: serverguide/C/vcs.xml:150(para)
5377
#: serverguide/C/vcs.xml:292(para)
5371
5378
msgid "file://"
5372
5379
msgstr "file://"
5374
#: serverguide/C/vcs.xml:151(para)
5381
#: serverguide/C/vcs.xml:293(para)
5375
5382
msgid "direct repository access (on local disk)"
5378
#: serverguide/C/vcs.xml:154(para)
5385
#: serverguide/C/vcs.xml:296(para)
5379
5386
msgid "http://"
5380
5387
msgstr "http://"
5382
#: serverguide/C/vcs.xml:155(para)
5389
#: serverguide/C/vcs.xml:297(para)
5383
5390
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5386
#: serverguide/C/vcs.xml:158(para)
5393
#: serverguide/C/vcs.xml:300(para)
5387
5394
msgid "https://"
5388
5395
msgstr "https://"
5390
#: serverguide/C/vcs.xml:159(para)
5397
#: serverguide/C/vcs.xml:301(para)
5391
5398
msgid "Same as http://, but with SSL encryption"
5392
5399
msgstr "Enako kot http://, ampak s šifriranjem SSL"
5394
#: serverguide/C/vcs.xml:162(para)
5401
#: serverguide/C/vcs.xml:304(para)
5396
5403
msgstr "svn://"
5398
#: serverguide/C/vcs.xml:163(para)
5405
#: serverguide/C/vcs.xml:305(para)
5399
5406
msgid "Access via custom protocol to an svnserve server"
5402
#: serverguide/C/vcs.xml:166(para)
5409
#: serverguide/C/vcs.xml:308(para)
5403
5410
msgid "svn+ssh://"
5404
5411
msgstr "svn+ssh://"
5406
#: serverguide/C/vcs.xml:167(para)
5413
#: serverguide/C/vcs.xml:309(para)
5407
5414
msgid "Same as svn://, but through an SSH tunnel"
5410
#: serverguide/C/vcs.xml:173(para)
5417
#: serverguide/C/vcs.xml:315(para)
5412
5419
"In this section, we will see how to configure Subversion for all these "
5413
5420
"access methods. Here, we cover the basics. For more advanced usage details, "
5414
5421
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5417
#: serverguide/C/vcs.xml:180(title)
5424
#: serverguide/C/vcs.xml:322(title)
5418
5425
msgid "Direct repository access (file://)"
5419
5426
msgstr "Neposreden dostop do skladišča (file://)"
5421
#: serverguide/C/vcs.xml:181(para)
5428
#: serverguide/C/vcs.xml:323(para)
5423
5430
"This is the simplest of all access methods. It does not require any "
5424
5431
"Subversion server process to be running. This access method is used to "
5426
5433
"at a terminal prompt, is as follows:"
5429
#: serverguide/C/vcs.xml:188(command)
5436
#: serverguide/C/vcs.xml:330(command)
5430
5437
msgid "svn co file:///path/to/repos/project"
5433
#: serverguide/C/vcs.xml:191(para)
5440
#: serverguide/C/vcs.xml:333(para)
5437
#: serverguide/C/vcs.xml:194(command)
5444
#: serverguide/C/vcs.xml:336(command)
5438
5445
msgid "svn co file://localhost/path/to/repos/project"
5441
#: serverguide/C/vcs.xml:198(para)
5448
#: serverguide/C/vcs.xml:340(para)
5443
5450
"If you do not specify the hostname, there are three forward slashes (///) -- "
5444
5451
"two for the protocol (file, in this case) plus the leading slash in the "
5445
5452
"path. If you specify the hostname, you must use two forward slashes (//)."
5448
#: serverguide/C/vcs.xml:200(para)
5455
#: serverguide/C/vcs.xml:342(para)
5450
5457
"The repository permissions depend on filesystem permissions. If the user has "
5451
5458
"read/write permission, he can checkout from and commit to the repository."
5454
#: serverguide/C/vcs.xml:203(title)
5461
#: serverguide/C/vcs.xml:345(title)
5455
5462
msgid "Access via WebDAV protocol (http://)"
5456
5463
msgstr "Dostop preko protokola WebDAV (http://)"
5458
#: serverguide/C/vcs.xml:332(para)
5465
#: serverguide/C/vcs.xml:346(para)
5460
5467
"To access the Subversion repository via WebDAV protocol, you must configure "
5461
5468
"your Apache 2 web server. Add the following snippet between the "
5526
5533
"the first user):"
5529
#: serverguide/C/vcs.xml:254(command)
5536
#: serverguide/C/vcs.xml:403(command)
5530
5537
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5531
5538
msgstr "sudo htpasswd -c /etc/subversion/passwd uporabniško-ime"
5533
#: serverguide/C/vcs.xml:257(para)
5540
#: serverguide/C/vcs.xml:406(para)
5535
5542
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5536
5543
"option replaces the old file. Instead use this form:"
5539
#: serverguide/C/vcs.xml:262(command)
5546
#: serverguide/C/vcs.xml:411(command)
5540
5547
msgid "sudo htpasswd /etc/subversion/passwd user_name"
5543
#: serverguide/C/vcs.xml:266(para)
5550
#: serverguide/C/vcs.xml:415(para)
5545
5552
"This command will prompt you to enter the password. Once you enter the "
5546
5553
"password, the user is added. Now, to access the repository you can run the "
5547
5554
"following command:"
5550
#: serverguide/C/vcs.xml:267(command)
5557
#: serverguide/C/vcs.xml:416(command)
5551
5558
msgid "svn co http://servername/svn"
5552
5559
msgstr "svn co http://ime-streznika/svn"
5554
#: serverguide/C/vcs.xml:269(para)
5561
#: serverguide/C/vcs.xml:418(para)
5556
5563
"The password is transmitted as plain text. If you are worried about password "
5557
5564
"snooping, you are advised to use SSL encryption. For details, please refer "
5558
5565
"next section."
5561
#: serverguide/C/vcs.xml:275(title)
5568
#: serverguide/C/vcs.xml:424(title)
5562
5569
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5563
5570
msgstr "Dostop preko protokola WebDAV s šifriranjem SSL (https://)"
5565
#: serverguide/C/vcs.xml:411(para)
5572
#: serverguide/C/vcs.xml:425(para)
5567
5574
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5568
5575
"(https://) is similar to http:// except that you must install and configure "
5600
5607
"following lines in the configuration file:"
5603
#: serverguide/C/vcs.xml:308(programlisting)
5610
#: serverguide/C/vcs.xml:457(programlisting)
5606
5613
"# [general]\n"
5607
5614
"# password-db = passwd"
5610
#: serverguide/C/vcs.xml:311(para)
5617
#: serverguide/C/vcs.xml:460(para)
5612
5619
"After uncommenting the above lines, you can maintain the user list in the "
5613
5620
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5614
5621
"directory and add the new user. The syntax is as follows:"
5617
#: serverguide/C/vcs.xml:317(programlisting)
5624
#: serverguide/C/vcs.xml:466(programlisting)
5619
5626
msgid "username = password"
5622
#: serverguide/C/vcs.xml:318(para)
5629
#: serverguide/C/vcs.xml:467(para)
5623
5630
msgid "For more details, please refer to the file."
5624
5631
msgstr "Za več podrobnosti si oglejte datoteko."
5626
#: serverguide/C/vcs.xml:322(para)
5633
#: serverguide/C/vcs.xml:471(para)
5628
5635
"Now, to access Subversion via the svn:// custom protocol, either from the "
5629
5636
"same machine or a different machine, you can run svnserver using svnserve "
5630
5637
"command. The syntax is as follows:"
5633
#: serverguide/C/vcs.xml:327(programlisting)
5640
#: serverguide/C/vcs.xml:476(programlisting)
5636
5643
"$ svnserve -d --foreground -r /path/to/repos\n"
5705
5712
"following command syntax:"
5708
#: serverguide/C/vcs.xml:515(command)
5715
#: serverguide/C/vcs.xml:529(command)
5709
5716
msgid "svn co svn+ssh://ssh_username@hostname/path/to/repos/project"
5712
#: serverguide/C/vcs.xml:384(para)
5719
#: serverguide/C/vcs.xml:533(para)
5714
5721
"You must use the full path (/path/to/repos/project) to access the Subversion "
5715
5722
"repository using this access method."
5718
#: serverguide/C/vcs.xml:387(para)
5725
#: serverguide/C/vcs.xml:536(para)
5720
5727
"Based on server configuration, it prompts for password. You must enter the "
5721
5728
"password you use to login via ssh. Once you are authenticated, it checks out "
5722
5729
"the code from the Subversion repository."
5725
#: serverguide/C/vcs.xml:539(ulink)
5732
#: serverguide/C/vcs.xml:551(ulink)
5726
5733
msgid "Bazaar Home Page"
5727
5734
msgstr "Domača stran Bazaar"
5729
#: serverguide/C/vcs.xml:540(ulink)
5736
#: serverguide/C/vcs.xml:556(ulink)
5730
5737
msgid "Launchpad"
5731
5738
msgstr "Launchpad"
5733
#: serverguide/C/vcs.xml:547(ulink)
5740
#: serverguide/C/vcs.xml:561(ulink)
5734
5741
msgid "Git homepage"
5737
#: serverguide/C/vcs.xml:552(ulink)
5744
#: serverguide/C/vcs.xml:566(ulink)
5738
5745
msgid "Gitolite"
5741
#: serverguide/C/vcs.xml:541(ulink)
5748
#: serverguide/C/vcs.xml:571(ulink)
5742
5749
msgid "Subversion Home Page"
5743
5750
msgstr "Domača stran Subversion"
5745
#: serverguide/C/vcs.xml:542(ulink)
5752
#: serverguide/C/vcs.xml:576(ulink)
5746
5753
msgid "Subversion Book"
5747
5754
msgstr "Knjiga Subversion"
5749
#: serverguide/C/vcs.xml:545(ulink)
5756
#: serverguide/C/vcs.xml:581(ulink)
5750
5757
msgid "Easy Bazaar Ubuntu Wiki page"
5753
#: serverguide/C/vcs.xml:546(ulink)
5760
#: serverguide/C/vcs.xml:586(ulink)
5754
5761
msgid "Ubuntu Wiki Subversion page"
5755
5762
msgstr "Stran Subversion na Ubuntu Wiki"
5922
5929
msgid "Configurations with root passwords are not supported."
5925
#: serverguide/C/security.xml:37(command)
5932
#: serverguide/C/security.xml:42(command)
5926
5933
msgid "sudo passwd"
5927
5934
msgstr "sudo passwd"
5929
#: serverguide/C/security.xml:39(para)
5936
#: serverguide/C/security.xml:44(para)
5931
5938
"Sudo will prompt you for your password, and then ask you to supply a new "
5932
5939
"password for root as shown below:"
5935
#: serverguide/C/security.xml:42(computeroutput)
5942
#: serverguide/C/security.xml:47(computeroutput)
5937
5944
msgid "[sudo] password for username:"
5940
#: serverguide/C/security.xml:42(userinput)
5947
#: serverguide/C/security.xml:47(userinput)
5942
5949
msgid "(enter your own password)"
5943
5950
msgstr "(vnesite svoje geslo)"
5945
#: serverguide/C/security.xml:43(computeroutput)
5952
#: serverguide/C/security.xml:48(computeroutput)
5947
5954
msgid "Enter new UNIX password:"
5950
#: serverguide/C/security.xml:43(userinput)
5957
#: serverguide/C/security.xml:48(userinput)
5952
5959
msgid "(enter a new password for root)"
5953
5960
msgstr "(vnesite novo geslo skrbnika)"
5955
#: serverguide/C/security.xml:44(computeroutput)
5962
#: serverguide/C/security.xml:49(computeroutput)
5957
5964
msgid "Retype new UNIX password:"
5960
#: serverguide/C/security.xml:44(userinput)
5967
#: serverguide/C/security.xml:49(userinput)
5962
5969
msgid "(repeat new password for root)"
5963
5970
msgstr "(ponovno vnesite novo geslo skrbnika)"
5965
#: serverguide/C/security.xml:45(computeroutput)
5972
#: serverguide/C/security.xml:50(computeroutput)
5967
5974
msgid "passwd: password updated successfully"
6005
6012
"<emphasis>sudo</emphasis> group."
6008
#: serverguide/C/security.xml:71(title)
6015
#: serverguide/C/security.xml:82(title)
6009
6016
msgid "Adding and Deleting Users"
6010
6017
msgstr "Dodajanje in odstranjevanje uporabnikov"
6012
#: serverguide/C/security.xml:72(para)
6019
#: serverguide/C/security.xml:83(para)
6014
"The process for managing local users and groups is straight forward and "
6021
"The process for managing local users and groups is straightforward and "
6015
6022
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
6016
"other Debian based distributions, encourage the use of the \"adduser\" "
6023
"other Debian based distributions encourage the use of the \"adduser\" "
6017
6024
"package for account management."
6020
#: serverguide/C/security.xml:77(para)
6027
#: serverguide/C/security.xml:88(para)
6022
6029
"To add a user account, use the following syntax, and follow the prompts to "
6023
"give the account a password and identifiable characteristics such as a full "
6030
"give the account a password and identifiable characteristics, such as a full "
6024
6031
"name, phone number, etc."
6027
#: serverguide/C/security.xml:81(command)
6034
#: serverguide/C/security.xml:92(command)
6028
6035
msgid "sudo adduser username"
6029
6036
msgstr "sudo adduser uporabniško-ime"
6031
#: serverguide/C/security.xml:85(para)
6038
#: serverguide/C/security.xml:96(para)
6033
6040
"To delete a user account and its primary group, use the following syntax:"
6036
#: serverguide/C/security.xml:89(command)
6043
#: serverguide/C/security.xml:100(command)
6037
6044
msgid "sudo deluser username"
6038
6045
msgstr "sudo deluser uporabniško-ime"
6040
#: serverguide/C/security.xml:91(para)
6047
#: serverguide/C/security.xml:102(para)
6042
6049
"Deleting an account does not remove their respective home folder. It is up "
6043
6050
"to you whether or not you wish to delete the folder manually or keep it "
6044
6051
"according to your desired retention policies."
6047
#: serverguide/C/security.xml:94(para)
6054
#: serverguide/C/security.xml:105(para)
6049
6056
"Remember, any user added later on with the same UID/GID as the previous "
6050
6057
"owner will now have access to this folder if you have not taken the "
6051
6058
"necessary precautions."
6054
#: serverguide/C/security.xml:97(para)
6061
#: serverguide/C/security.xml:108(para)
6056
6063
"You may want to change these UID/GID values to something more appropriate, "
6057
6064
"such as the root account, and perhaps even relocate the folder to avoid "
6058
6065
"future conflicts:"
6061
#: serverguide/C/security.xml:101(command)
6068
#: serverguide/C/security.xml:112(command)
6062
6069
msgid "sudo chown -R root:root /home/username/"
6063
6070
msgstr "sudo chown -R root:root /home/uporabniško-ime/"
6065
#: serverguide/C/security.xml:102(command)
6072
#: serverguide/C/security.xml:113(command)
6066
6073
msgid "sudo mkdir /home/archived_users/"
6067
6074
msgstr "sudo mkdir /home/arhivirani_uporabniki/"
6069
#: serverguide/C/security.xml:103(command)
6076
#: serverguide/C/security.xml:114(command)
6070
6077
msgid "sudo mv /home/username /home/archived_users/"
6071
6078
msgstr "sudo mv /home/uporabniško-ime /home/arhivirani_uporabniki/"
6073
#: serverguide/C/security.xml:107(para)
6080
#: serverguide/C/security.xml:118(para)
6075
6082
"To temporarily lock or unlock a user account, use the following syntax, "
6076
6083
"respectively:"
6079
#: serverguide/C/security.xml:111(command)
6086
#: serverguide/C/security.xml:122(command)
6080
6087
msgid "sudo passwd -l username"
6081
6088
msgstr "sudo passwd -l uporabniško-ime"
6083
#: serverguide/C/security.xml:112(command)
6090
#: serverguide/C/security.xml:123(command)
6084
6091
msgid "sudo passwd -u username"
6085
6092
msgstr "sudo passwd -u uporabniško-ime"
6087
#: serverguide/C/security.xml:116(para)
6094
#: serverguide/C/security.xml:127(para)
6089
6096
"To add or delete a personalized group, use the following syntax, "
6090
6097
"respectively:"
6093
#: serverguide/C/security.xml:120(command)
6100
#: serverguide/C/security.xml:131(command)
6094
6101
msgid "sudo addgroup groupname"
6095
6102
msgstr "sudo addgroup ime-skupine"
6097
#: serverguide/C/security.xml:121(command)
6104
#: serverguide/C/security.xml:132(command)
6098
6105
msgid "sudo delgroup groupname"
6099
6106
msgstr "sudo delgroup ime-skupine"
6101
#: serverguide/C/security.xml:125(para)
6108
#: serverguide/C/security.xml:136(para)
6102
6109
msgid "To add a user to a group, use the following syntax:"
6103
6110
msgstr "Če želite dodati uporabnika v skupino, uporabite sledečo skladnjo:"
6105
#: serverguide/C/security.xml:129(command)
6112
#: serverguide/C/security.xml:140(command)
6106
6113
msgid "sudo adduser username groupname"
6107
6114
msgstr "sudo adduser ime-uporabnika ime-skupine"
6109
#: serverguide/C/security.xml:136(title)
6116
#: serverguide/C/security.xml:147(title)
6110
6117
msgid "User Profile Security"
6113
#: serverguide/C/security.xml:137(para)
6120
#: serverguide/C/security.xml:148(para)
6115
6122
"When a new user is created, the adduser utility creates a brand new home "
6116
"directory named <filename class=\"directory\">/home/username</filename>, "
6117
"respectively. The default profile is modeled after the contents found in the "
6118
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6119
"includes all profile basics."
6123
"directory named <filename class=\"directory\">/home/username</filename>. The "
6124
"default profile is modeled after the contents found in the directory of "
6125
"<filename class=\"directory\">/etc/skel</filename>, which includes all "
6122
#: serverguide/C/security.xml:140(para)
6129
#: serverguide/C/security.xml:151(para)
6124
6131
"If your server will be home to multiple users, you should pay close "
6125
6132
"attention to the user home directory permissions to ensure confidentiality. "
6129
6136
"your environment."
6132
#: serverguide/C/security.xml:145(para)
6139
#: serverguide/C/security.xml:156(para)
6134
"To verify your current users home directory permissions, use the following "
6141
"To verify your current user home directory permissions, use the following "
6138
#: serverguide/C/security.xml:149(command) serverguide/C/security.xml:181(command)
6145
#: serverguide/C/security.xml:160(command) serverguide/C/security.xml:192(command)
6139
6146
msgid "ls -ld /home/username"
6140
6147
msgstr "ls -ld /home/uporabniško-ime"
6142
#: serverguide/C/security.xml:151(para)
6149
#: serverguide/C/security.xml:162(para)
6144
6151
"The following output shows that the directory <filename "
6145
"class=\"directory\">/home/username</filename> has world readable permissions:"
6152
"class=\"directory\">/home/username</filename> has world-readable permissions:"
6148
#: serverguide/C/security.xml:154(computeroutput)
6155
#: serverguide/C/security.xml:165(computeroutput)
6150
6157
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6153
#: serverguide/C/security.xml:158(para)
6160
#: serverguide/C/security.xml:169(para)
6155
"You can remove the world readable permissions using the following syntax:"
6162
"You can remove the world readable-permissions using the following syntax:"
6158
#: serverguide/C/security.xml:162(command)
6165
#: serverguide/C/security.xml:173(command)
6159
6166
msgid "sudo chmod 0750 /home/username"
6160
6167
msgstr "sudo chmod 0750 /home/uporabniško-ime"
6162
#: serverguide/C/security.xml:165(para)
6169
#: serverguide/C/security.xml:176(para)
6164
6171
"Some people tend to use the recursive option (-R) indiscriminately which "
6165
6172
"modifies all child folders and files, but this is not necessary, and may "
6251
#: serverguide/C/security.xml:212(para)
6258
#: serverguide/C/security.xml:223(para)
6253
6260
"Basic password entropy checks and minimum length rules do not apply to the "
6254
6261
"administrator using sudo level commands to setup a new user."
6257
#: serverguide/C/security.xml:218(title)
6264
#: serverguide/C/security.xml:229(title)
6258
6265
msgid "Password Expiration"
6261
#: serverguide/C/security.xml:219(para)
6268
#: serverguide/C/security.xml:230(para)
6263
6270
"When creating user accounts, you should make it a policy to have a minimum "
6264
6271
"and maximum password age forcing users to change their passwords when they "
6268
#: serverguide/C/security.xml:224(para)
6275
#: serverguide/C/security.xml:235(para)
6270
6277
"To easily view the current status of a user account, use the following "
6274
#: serverguide/C/security.xml:228(command) serverguide/C/security.xml:261(command)
6281
#: serverguide/C/security.xml:239(command) serverguide/C/security.xml:272(command)
6275
6282
msgid "sudo chage -l username"
6276
6283
msgstr "sudo chage -l uporabniško-ime"
6278
#: serverguide/C/security.xml:230(para)
6285
#: serverguide/C/security.xml:241(para)
6280
6287
"The output below shows interesting facts about the user account, namely that "
6281
6288
"there are no policies applied:"
6284
#: serverguide/C/security.xml:233(computeroutput)
6291
#: serverguide/C/security.xml:244(computeroutput)
6287
"Last password change : Jan 20, 2008\n"
6294
"Last password change : Jan 20, 2015\n"
6288
6295
"Password expires : never\n"
6289
6296
"Password inactive : never\n"
6290
6297
"Account expires : never\n"
6293
6300
"Number of days of warning before password expires : 7"
6296
#: serverguide/C/security.xml:243(para)
6303
#: serverguide/C/security.xml:254(para)
6298
6305
"To set any of these values, simply use the following syntax, and follow the "
6299
6306
"interactive prompts:"
6302
#: serverguide/C/security.xml:247(command)
6309
#: serverguide/C/security.xml:258(command)
6303
6310
msgid "sudo chage username"
6304
6311
msgstr "sudo chage uporabniško-ime"
6306
#: serverguide/C/security.xml:249(para)
6313
#: serverguide/C/security.xml:260(para)
6308
6315
"The following is also an example of how you can manually change the explicit "
6309
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6316
"expiration date (-E) to 01/31/2015, minimum password age (-m) of 5 days, "
6310
6317
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6311
6318
"password expiration, and a warning time period (-W) of 14 days before "
6312
"password expiration."
6315
#: serverguide/C/security.xml:253(command)
6316
msgid "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 username"
6317
msgstr "sudo chage -E 01/31/2011 -m 5 -M 90 -I 30 -W 14 uporabniško-ime"
6319
#: serverguide/C/security.xml:257(para)
6319
"password expiration:"
6322
#: serverguide/C/security.xml:264(command)
6323
msgid "sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username"
6326
#: serverguide/C/security.xml:268(para)
6320
6327
msgid "To verify changes, use the same syntax as mentioned previously:"
6323
#: serverguide/C/security.xml:263(para)
6330
#: serverguide/C/security.xml:274(para)
6325
6332
"The output below shows the new policies that have been established for the "
6329
#: serverguide/C/security.xml:266(computeroutput)
6336
#: serverguide/C/security.xml:277(computeroutput)
6332
"Last password change : Jan 20, 2008\n"
6333
"Password expires : Apr 19, 2008\n"
6334
"Password inactive : May 19, 2008\n"
6335
"Account expires : Jan 31, 2008\n"
6339
"Last password change : Jan 20, 2015\n"
6340
"Password expires : Apr 19, 2015\n"
6341
"Password inactive : May 19, 2015\n"
6342
"Account expires : Jan 31, 2015\n"
6336
6343
"Minimum number of days between password change : 5\n"
6337
6344
"Maximum number of days between password change : 90\n"
6338
6345
"Number of days of warning before password expires : 14"
6341
#: serverguide/C/security.xml:282(title)
6348
#: serverguide/C/security.xml:293(title)
6342
6349
msgid "Other Security Considerations"
6345
#: serverguide/C/security.xml:283(para)
6352
#: serverguide/C/security.xml:294(para)
6347
6354
"Many applications use alternate authentication mechanisms that can be easily "
6348
6355
"overlooked by even experienced system administrators. Therefore, it is "
6350
6357
"to services and applications on your server."
6353
#: serverguide/C/security.xml:288(title)
6360
#: serverguide/C/security.xml:299(title)
6354
6361
msgid "SSH Access by Disabled Users"
6357
#: serverguide/C/security.xml:289(para)
6364
#: serverguide/C/security.xml:300(para)
6359
6366
"Simply disabling/locking a user account will not prevent a user from logging "
6360
6367
"into your server remotely if they have previously set up RSA public key "
6361
6368
"authentication. They will still be able to gain shell access to the server, "
6362
6369
"without the need for any password. Remember to check the users home "
6363
6370
"directory for files that will allow for this type of authenticated SSH "
6364
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6371
"access, e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6367
#: serverguide/C/security.xml:292(para)
6374
#: serverguide/C/security.xml:303(para)
6369
6376
"Remove or rename the directory <filename "
6370
6377
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6371
6378
"further SSH authentication capabilities."
6374
#: serverguide/C/security.xml:295(para)
6381
#: serverguide/C/security.xml:306(para)
6376
6383
"Be sure to check for any established SSH connections by the disabled user, "
6377
6384
"as it is possible they may have existing inbound or outbound connections. "
6402
6409
"the file <filename>/etc/ssh/sshd_config</filename>."
6405
#: serverguide/C/security.xml:301(programlisting)
6412
#: serverguide/C/security.xml:316(programlisting)
6409
6416
"AllowGroups sshlogin\n"
6412
#: serverguide/C/security.xml:304(para)
6419
#: serverguide/C/security.xml:319(para)
6414
6421
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6418
#: serverguide/C/security.xml:308(command)
6425
#: serverguide/C/security.xml:323(command)
6419
6426
msgid "sudo adduser username sshlogin"
6420
6427
msgstr "sudo adduser uporabniško-ime sshlogin"
6422
#: serverguide/C/security.xml:309(command)
6429
#: serverguide/C/security.xml:324(command) serverguide/C/remote-administration.xml:144(command)
6423
6430
msgid "sudo service ssh restart"
6426
#: serverguide/C/security.xml:313(title)
6433
#: serverguide/C/security.xml:328(title)
6427
6434
msgid "External User Database Authentication"
6430
#: serverguide/C/security.xml:314(para)
6437
#: serverguide/C/security.xml:329(para)
6432
6439
"Most enterprise networks require centralized authentication and access "
6433
6440
"controls for all system resources. If you have configured your server to "
6434
6441
"authenticate users against external databases, be sure to disable the user "
6435
"accounts both externally and locally, this way you ensure that local "
6442
"accounts both externally and locally. This way you ensure that local "
6436
6443
"fallback authentication is not possible."
6439
#: serverguide/C/security.xml:323(title)
6446
#: serverguide/C/security.xml:338(title)
6440
6447
msgid "Console Security"
6443
#: serverguide/C/security.xml:324(para)
6450
#: serverguide/C/security.xml:339(para)
6445
6452
"As with any other security barrier you put in place to protect your server, "
6446
6453
"it is pretty tough to defend against untold damage caused by someone with "
6452
6459
"basic precautions with regard to console security."
6455
#: serverguide/C/security.xml:327(para)
6462
#: serverguide/C/security.xml:342(para)
6457
6464
"The following instructions will help defend your server against issues that "
6458
6465
"could otherwise yield very serious consequences."
6461
#: serverguide/C/security.xml:332(title)
6468
#: serverguide/C/security.xml:347(title)
6462
6469
msgid "Disable Ctrl+Alt+Delete"
6463
6470
msgstr "Onemogoči Ctrl+Alt+Delete"
6465
#: serverguide/C/security.xml:333(para)
6472
#: serverguide/C/security.xml:348(para)
6467
"First and foremost, anyone that has physical access to the keyboard can "
6474
"Anyone that has physical access to the keyboard can simply use the "
6469
6475
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6470
6476
"eycombo> key combination to reboot the server without having to log on. "
6471
"Sure, someone could simply unplug the power source, but you should still "
6472
"prevent the use of this key combination on a production server. This forces "
6473
"an attacker to take more drastic measures to reboot the server, and will "
6477
"While someone could simply unplug the power source, you should still prevent "
6478
"the use of this key combination on a production server. This forces an "
6479
"attacker to take more drastic measures to reboot the server, and will "
6474
6480
"prevent accidental reboots at the same time."
6477
#: serverguide/C/security.xml:338(para)
6483
#: serverguide/C/security.xml:353(para)
6479
6485
"To disable the reboot action taken by pressing the "
6480
6486
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6481
6487
"eycombo> key combination, comment out the following line in the file "
6482
"<filename>/etc/init/control-alt-delete.conf</filename>."
6488
"<filename>/etc/init/control-alt-delete.conf</filename>:"
6485
#: serverguide/C/security.xml:341(programlisting)
6491
#: serverguide/C/security.xml:356(programlisting)
6489
6495
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6492
#: serverguide/C/security.xml:350(title)
6498
#: serverguide/C/security.xml:365(title)
6493
6499
msgid "Firewall"
6494
6500
msgstr "Požarni zid"
6496
#: serverguide/C/security.xml:353(para)
6502
#: serverguide/C/security.xml:368(para)
6498
6504
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6499
6505
"which is used to manipulate or decide the fate of network traffic headed "
6501
6507
"system for packet filtering."
6504
#: serverguide/C/security.xml:358(para)
6510
#: serverguide/C/security.xml:373(para)
6506
6512
"The kernel's packet filtering system would be of little use to "
6507
6513
"administrators without a userspace interface to manage it. This is the "
6508
"purpose of iptables. When a packet reaches your server, it will be handed "
6514
"purpose of iptables: When a packet reaches your server, it will be handed "
6509
6515
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6510
6516
"based on the rules supplied to it from userspace via iptables. Thus, "
6511
"iptables is all you need to manage your firewall if you're familiar with it, "
6512
"but many frontends are available to simplify the task."
6517
"iptables is all you need to manage your firewall, if you're familiar with "
6518
"it, but many frontends are available to simplify the task."
6515
#: serverguide/C/security.xml:368(title)
6521
#: serverguide/C/security.xml:383(title)
6516
6522
msgid "ufw - Uncomplicated Firewall"
6519
#: serverguide/C/security.xml:369(para)
6525
#: serverguide/C/security.xml:384(para)
6521
6527
"The default firewall configuration tool for Ubuntu is "
6522
6528
"<application>ufw</application>. Developed to ease iptables firewall "
6523
"configuration, <application>ufw</application> provides a user friendly way "
6529
"configuration, <application>ufw</application> provides a user-friendly way "
6524
6530
"to create an IPv4 or IPv6 host-based firewall."
6527
#: serverguide/C/security.xml:373(para)
6533
#: serverguide/C/security.xml:388(para)
6529
6535
"<application>ufw</application> by default is initially disabled. From the "
6530
6536
"<application>ufw</application> man page:"
6533
#: serverguide/C/security.xml:377(quote)
6539
#: serverguide/C/security.xml:392(quote)
6535
6541
"ufw is not intended to provide complete firewall functionality via its "
6536
6542
"command interface, but instead provides an easy way to add or remove simple "
6537
6543
"rules. It is currently mainly used for host-based firewalls."
6540
#: serverguide/C/security.xml:381(para)
6546
#: serverguide/C/security.xml:396(para)
6542
6548
"The following are some examples of how to use <application>ufw</application>:"
6545
#: serverguide/C/security.xml:386(para)
6551
#: serverguide/C/security.xml:401(para)
6547
6553
"First, <application>ufw</application> needs to be enabled. From a terminal "
6548
6554
"prompt enter:"
6551
#: serverguide/C/security.xml:390(command)
6557
#: serverguide/C/security.xml:405(command)
6552
6558
msgid "sudo ufw enable"
6553
6559
msgstr "sudo ufw enable"
6555
#: serverguide/C/security.xml:394(para)
6556
msgid "To open a port (ssh in this example):"
6561
#: serverguide/C/security.xml:409(para)
6562
msgid "To open a port (SSH in this example):"
6559
#: serverguide/C/security.xml:398(command)
6565
#: serverguide/C/security.xml:413(command)
6560
6566
msgid "sudo ufw allow 22"
6561
6567
msgstr "sudo ufw allow 22"
6563
#: serverguide/C/security.xml:402(para)
6569
#: serverguide/C/security.xml:417(para)
6564
6570
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6567
#: serverguide/C/security.xml:406(command)
6573
#: serverguide/C/security.xml:421(command)
6568
6574
msgid "sudo ufw insert 1 allow 80"
6569
6575
msgstr "sudo ufw insert 1 allow 80"
6571
#: serverguide/C/security.xml:410(para)
6577
#: serverguide/C/security.xml:425(para)
6572
6578
msgid "Similarly, to close an opened port:"
6575
#: serverguide/C/security.xml:414(command)
6581
#: serverguide/C/security.xml:429(command)
6576
6582
msgid "sudo ufw deny 22"
6577
6583
msgstr "sudo ufw deny 22"
6579
#: serverguide/C/security.xml:418(para)
6585
#: serverguide/C/security.xml:433(para)
6580
6586
msgid "To remove a rule, use delete followed by the rule:"
6583
#: serverguide/C/security.xml:422(command)
6589
#: serverguide/C/security.xml:437(command)
6584
6590
msgid "sudo ufw delete deny 22"
6585
6591
msgstr "sudo ufw delete deny 22"
6587
#: serverguide/C/security.xml:426(para)
6593
#: serverguide/C/security.xml:441(para)
6589
6595
"It is also possible to allow access from specific hosts or networks to a "
6590
"port. The following example allows ssh access from host 192.168.0.2 to any "
6591
"ip address on this host:"
6596
"port. The following example allows SSH access from host 192.168.0.2 to any "
6597
"IP address on this host:"
6594
#: serverguide/C/security.xml:431(command)
6600
#: serverguide/C/security.xml:446(command)
6595
6601
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6598
#: serverguide/C/security.xml:433(para)
6604
#: serverguide/C/security.xml:448(para)
6600
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6606
"Replace 192.168.0.2 with 192.168.0.0/24 to allow SSH access from the entire "
6604
#: serverguide/C/security.xml:439(para)
6610
#: serverguide/C/security.xml:454(para)
6606
6612
"Adding the <emphasis>--dry-run</emphasis> option to a "
6607
6613
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6639
6645
"Rules updated"
6642
#: serverguide/C/security.xml:473(para)
6648
#: serverguide/C/security.xml:488(para)
6643
6649
msgid "<application>ufw</application> can be disabled by:"
6646
#: serverguide/C/security.xml:477(command)
6652
#: serverguide/C/security.xml:492(command)
6647
6653
msgid "sudo ufw disable"
6648
6654
msgstr "sudo ufw disable"
6650
#: serverguide/C/security.xml:481(para)
6656
#: serverguide/C/security.xml:496(para)
6651
6657
msgid "To see the firewall status, enter:"
6652
6658
msgstr "Za pregled stanja požarnega zidu vnesite:"
6654
#: serverguide/C/security.xml:485(command)
6660
#: serverguide/C/security.xml:500(command)
6655
6661
msgid "sudo ufw status"
6656
6662
msgstr "sudo ufw status"
6658
#: serverguide/C/security.xml:489(para)
6664
#: serverguide/C/security.xml:504(para)
6659
6665
msgid "And for more verbose status information use:"
6662
#: serverguide/C/security.xml:493(command)
6668
#: serverguide/C/security.xml:508(command)
6663
6669
msgid "sudo ufw status verbose"
6664
6670
msgstr "sudo ufw status verbose"
6666
#: serverguide/C/security.xml:497(para)
6672
#: serverguide/C/security.xml:512(para)
6667
6673
msgid "To view the <emphasis>numbered</emphasis> format:"
6670
#: serverguide/C/security.xml:501(command)
6676
#: serverguide/C/security.xml:516(command)
6671
6677
msgid "sudo ufw status numbered"
6672
6678
msgstr "sudo ufw status numbered"
6674
#: serverguide/C/security.xml:506(para)
6680
#: serverguide/C/security.xml:521(para)
6676
6682
"If the port you want to open or close is defined in "
6677
6683
"<filename>/etc/services</filename>, you can use the port name instead of the "
6698
6704
"the default ports have been changed."
6701
#: serverguide/C/security.xml:529(para)
6707
#: serverguide/C/security.xml:544(para)
6703
6709
"To view which applications have installed a profile, enter the following in "
6707
#: serverguide/C/security.xml:534(command)
6713
#: serverguide/C/security.xml:549(command)
6708
6714
msgid "sudo ufw app list"
6709
6715
msgstr "sudo ufw app list"
6711
#: serverguide/C/security.xml:540(para)
6717
#: serverguide/C/security.xml:555(para)
6713
6719
"Similar to allowing traffic to a port, using an application profile is "
6714
6720
"accomplished by entering:"
6717
#: serverguide/C/security.xml:545(command)
6723
#: serverguide/C/security.xml:560(command)
6718
6724
msgid "sudo ufw allow Samba"
6719
6725
msgstr "sudo ufw allow Samba"
6721
#: serverguide/C/security.xml:551(para)
6727
#: serverguide/C/security.xml:566(para)
6722
6728
msgid "An extended syntax is available as well:"
6725
#: serverguide/C/security.xml:556(command)
6731
#: serverguide/C/security.xml:571(command)
6726
6732
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6729
#: serverguide/C/security.xml:559(para)
6735
#: serverguide/C/security.xml:574(para)
6731
6737
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6732
6738
"with the application profile you are using and the IP range for your network."
6735
#: serverguide/C/security.xml:565(para)
6741
#: serverguide/C/security.xml:580(para)
6737
6743
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6738
6744
"application, because that information is detailed in the profile. Also, note "
6961
6967
"net.ipv6.conf.default.forwarding=1\n"
6963
#: serverguide/C/security.xml:726(para)
6969
#: serverguide/C/security.xml:741(para)
6965
6971
"Next, execute the <application>sysctl</application> command to enable the "
6966
6972
"new settings in the configuration file:"
6969
#: serverguide/C/security.xml:730(command)
6975
#: serverguide/C/security.xml:745(command)
6970
6976
msgid "sudo sysctl -p"
6971
6977
msgstr "sudo sysctl -p"
6973
#: serverguide/C/security.xml:734(para)
6979
#: serverguide/C/security.xml:749(para)
6975
6981
"IP Masquerading can now be accomplished with a single iptables rule, which "
6976
6982
"may differ slightly based on your network configuration:"
6979
#: serverguide/C/security.xml:737(screen)
6985
#: serverguide/C/security.xml:752(screen)
6983
6989
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6986
#: serverguide/C/security.xml:740(para)
6992
#: serverguide/C/security.xml:755(para)
6988
6994
"The above command assumes that your private address space is 192.168.0.0/16 "
6989
6995
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6993
#: serverguide/C/security.xml:745(para)
6999
#: serverguide/C/security.xml:760(para)
6994
7000
msgid "-t nat -- the rule is to go into the nat table"
6997
#: serverguide/C/security.xml:746(para)
7003
#: serverguide/C/security.xml:761(para)
6999
7005
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
7002
#: serverguide/C/security.xml:747(para)
7008
#: serverguide/C/security.xml:762(para)
7004
7010
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
7005
7011
"specified address space"
7008
#: serverguide/C/security.xml:748(para)
7014
#: serverguide/C/security.xml:763(para)
7010
7016
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
7011
7017
"specified network device"
7014
#: serverguide/C/security.xml:750(para)
7020
#: serverguide/C/security.xml:765(para)
7016
7022
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
7017
7023
"MASQUERADE target to be manipulated as described above"
7020
#: serverguide/C/security.xml:758(para)
7026
#: serverguide/C/security.xml:773(para)
7022
7028
"Also, each chain in the filter table (the default table, and where most or "
7023
7029
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7135
7141
"or <application>lire</application>."
7138
#: serverguide/C/security.xml:837(title)
7144
#: serverguide/C/security.xml:851(title)
7139
7145
msgid "Other Tools"
7140
7146
msgstr "Druga orodja"
7142
#: serverguide/C/security.xml:838(para)
7148
#: serverguide/C/security.xml:852(para)
7144
7150
"There are many tools available to help you construct a complete firewall "
7145
7151
"without intimate knowledge of iptables. For the GUI-inclined:"
7148
#: serverguide/C/security.xml:844(para)
7154
#: serverguide/C/security.xml:858(para)
7150
7156
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7151
7157
"and will look familiar to an administrator who has used a commercial "
7152
7158
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7155
#: serverguide/C/security.xml:850(para)
7161
#: serverguide/C/security.xml:864(para)
7157
7163
"If you prefer a command-line tool with plain-text configuration files:"
7160
#: serverguide/C/security.xml:855(para)
7166
#: serverguide/C/security.xml:869(para)
7162
7168
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7163
7169
"powerful solution to help you configure an advanced firewall for any network."
7166
#: serverguide/C/security.xml:866(para)
7172
#: serverguide/C/security.xml:880(para)
7168
7174
"The <ulink url=\"https://wiki.ubuntu.com/UncomplicatedFirewall\">Ubuntu "
7169
7175
"Firewall</ulink> wiki page contains information on the development of "
7170
7176
"<application>ufw</application>."
7173
#: serverguide/C/security.xml:872(para)
7179
#: serverguide/C/security.xml:886(para)
7175
7181
"Also, the <application>ufw</application> manual page contains some very "
7176
7182
"useful information: <command>man ufw</command>."
7179
#: serverguide/C/security.xml:877(para)
7185
#: serverguide/C/security.xml:891(para)
7181
7187
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7182
7188
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7183
7189
"on using <application>iptables</application>."
7186
#: serverguide/C/security.xml:883(para)
7192
#: serverguide/C/security.xml:897(para)
7188
7194
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7189
7195
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7192
#: serverguide/C/security.xml:889(para)
7198
#: serverguide/C/security.xml:903(para)
7194
7200
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
7195
7201
"HowTo</ulink> in the Ubuntu wiki is a great resource."
7198
#: serverguide/C/security.xml:897(title)
7204
#: serverguide/C/security.xml:911(title)
7199
7205
msgid "AppArmor"
7200
7206
msgstr "AppArmor"
7202
#: serverguide/C/security.xml:898(para)
7208
#: serverguide/C/security.xml:912(para)
7204
7210
"<application>AppArmor</application> is a Linux Security Module "
7205
7211
"implementation of name-based mandatory access controls. AppArmor confines "
7252
7258
"#1304134</ulink>) and instructions will not work as advertised."
7255
#: serverguide/C/security.xml:930(para)
7261
#: serverguide/C/security.xml:950(para)
7257
7263
"The <application>apparmor-utils</application> package contains command line "
7258
7264
"utilities that you can use to change the <application>AppArmor</application> "
7259
7265
"execution mode, find the status of a profile, create new profiles, etc."
7262
#: serverguide/C/security.xml:936(para)
7268
#: serverguide/C/security.xml:956(para)
7264
7270
"<application>apparmor_status</application> is used to view the current "
7265
7271
"status of AppArmor profiles."
7268
#: serverguide/C/security.xml:940(command)
7274
#: serverguide/C/security.xml:960(command)
7269
7275
msgid "sudo apparmor_status"
7270
7276
msgstr "sudo apparmor_status"
7272
#: serverguide/C/security.xml:944(para)
7278
#: serverguide/C/security.xml:964(para)
7274
7280
"<application>aa-complain</application> places a profile into "
7275
7281
"<emphasis>complain</emphasis> mode."
7278
#: serverguide/C/security.xml:948(command)
7284
#: serverguide/C/security.xml:968(command)
7279
7285
msgid "sudo aa-complain /path/to/bin"
7282
#: serverguide/C/security.xml:952(para)
7288
#: serverguide/C/security.xml:972(para)
7284
7290
"<application>aa-enforce</application> places a profile into "
7285
7291
"<emphasis>enforce</emphasis> mode."
7288
#: serverguide/C/security.xml:956(command)
7294
#: serverguide/C/security.xml:976(command)
7289
7295
msgid "sudo aa-enforce /path/to/bin"
7292
#: serverguide/C/security.xml:960(para)
7298
#: serverguide/C/security.xml:980(para)
7294
7300
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7295
7301
"profiles are located. It can be used to manipulate the "
7296
7302
"<emphasis>mode</emphasis> of all profiles."
7299
#: serverguide/C/security.xml:964(para)
7305
#: serverguide/C/security.xml:984(para)
7300
7306
msgid "Enter the following to place all profiles into complain mode:"
7303
#: serverguide/C/security.xml:968(command)
7309
#: serverguide/C/security.xml:988(command)
7304
7310
msgid "sudo aa-complain /etc/apparmor.d/*"
7305
7311
msgstr "sudo aa-complain /etc/apparmor.d/*"
7307
#: serverguide/C/security.xml:970(para)
7313
#: serverguide/C/security.xml:990(para)
7308
7314
msgid "To place all profiles in enforce mode:"
7311
#: serverguide/C/security.xml:974(command)
7317
#: serverguide/C/security.xml:994(command)
7312
7318
msgid "sudo aa-enforce /etc/apparmor.d/*"
7313
7319
msgstr "sudo aa-enforce /etc/apparmor.d/*"
7315
#: serverguide/C/security.xml:978(para)
7321
#: serverguide/C/security.xml:998(para)
7317
7323
"<application>apparmor_parser</application> is used to load a profile into "
7318
7324
"the kernel. It can also be used to reload a currently loaded profile using "
7319
7325
"the <emphasis>-r</emphasis> option. To load a profile:"
7322
#: serverguide/C/security.xml:983(command) serverguide/C/security.xml:1015(command)
7328
#: serverguide/C/security.xml:1003(command) serverguide/C/security.xml:1035(command)
7323
7329
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7324
7330
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7326
#: serverguide/C/security.xml:985(para)
7332
#: serverguide/C/security.xml:1005(para)
7327
7333
msgid "To reload a profile:"
7330
#: serverguide/C/security.xml:989(command)
7336
#: serverguide/C/security.xml:1009(command)
7331
7337
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7332
7338
msgstr "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7337
7343
"<emphasis>reload</emphasis> all profiles:"
7340
#: serverguide/C/network-auth.xml:964(command)
7346
#: serverguide/C/security.xml:1017(command) serverguide/C/network-auth.xml:971(command)
7341
7347
msgid "sudo service apparmor reload"
7344
#: serverguide/C/security.xml:1001(para)
7350
#: serverguide/C/security.xml:1021(para)
7346
7352
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7347
7353
"with the <application>apparmor_parser -R</application> option to "
7348
7354
"<emphasis>disable</emphasis> a profile."
7351
#: serverguide/C/security.xml:1006(command)
7357
#: serverguide/C/security.xml:1026(command)
7352
7358
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7353
7359
msgstr "sudo ln -s /etc/apparmor.d/ime.profila /etc/apparmor.d/disable/"
7355
#: serverguide/C/security.xml:1007(command)
7361
#: serverguide/C/security.xml:1027(command)
7356
7362
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7357
7363
msgstr "sudo apparmor_parser -R /etc/apparmor.d/ime.profila"
7359
#: serverguide/C/security.xml:1009(para)
7365
#: serverguide/C/security.xml:1029(para)
7361
7367
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7362
7368
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7363
7369
"load the profile using the <emphasis>-a</emphasis> option."
7366
#: serverguide/C/security.xml:1014(command)
7372
#: serverguide/C/security.xml:1034(command)
7367
7373
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7368
7374
msgstr "sudo rm /etc/apparmor.d/disable/ime.profila"
7370
#: serverguide/C/security.xml:1019(para)
7376
#: serverguide/C/security.xml:1039(para)
7372
7378
"<application>AppArmor</application> can be disabled, and the kernel module "
7373
7379
"unloaded by entering the following:"
7457
#: serverguide/C/security.xml:1088(para)
7463
#: serverguide/C/security.xml:1108(para)
7459
7465
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7460
7466
"from other files. This allows statements pertaining to multiple applications "
7461
7467
"to be placed in a common file."
7464
#: serverguide/C/security.xml:1094(para)
7470
#: serverguide/C/security.xml:1114(para)
7466
7472
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7467
7473
"program, also setting the mode to <emphasis>complain</emphasis>."
7470
#: serverguide/C/security.xml:1100(para)
7476
#: serverguide/C/security.xml:1120(para)
7472
7478
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7473
7479
"the CAP_NET_RAW Posix.1e capability."
7476
#: serverguide/C/security.xml:1105(para)
7482
#: serverguide/C/security.xml:1125(para)
7478
7484
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7479
7485
"execute access to the file."
7482
#: serverguide/C/security.xml:1111(para)
7488
#: serverguide/C/security.xml:1131(para)
7484
7490
"After editing a profile file the profile must be reloaded. See <xref "
7485
7491
"linkend=\"apparmor-usage\"/> for details."
7488
#: serverguide/C/security.xml:1116(title)
7494
#: serverguide/C/security.xml:1136(title)
7489
7495
msgid "Creating a Profile"
7490
7496
msgstr "Ustvarjanje profila"
7492
#: serverguide/C/security.xml:1119(para)
7498
#: serverguide/C/security.xml:1139(para)
7494
7500
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7495
7501
"application should be exercised. The test plan should be divided into small "
7497
7503
"steps to follow."
7500
#: serverguide/C/security.xml:1123(para)
7506
#: serverguide/C/security.xml:1143(para)
7501
7507
msgid "Some standard test cases are:"
7504
#: serverguide/C/security.xml:1128(para)
7510
#: serverguide/C/security.xml:1148(para)
7505
7511
msgid "Starting the program."
7506
7512
msgstr "Zaganjanje programa."
7508
#: serverguide/C/security.xml:1133(para)
7514
#: serverguide/C/security.xml:1153(para)
7509
7515
msgid "Stopping the program."
7510
7516
msgstr "Zaustavljanje programa."
7512
#: serverguide/C/security.xml:1138(para)
7518
#: serverguide/C/security.xml:1158(para)
7513
7519
msgid "Reloading the program."
7516
#: serverguide/C/security.xml:1143(para)
7522
#: serverguide/C/security.xml:1163(para)
7517
7523
msgid "Testing all the commands supported by the init script."
7520
#: serverguide/C/security.xml:1150(para)
7526
#: serverguide/C/security.xml:1170(para)
7522
7528
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7523
7529
"genprof</application> to generate a new profile. From a terminal:"
7526
#: serverguide/C/security.xml:1155(command)
7532
#: serverguide/C/security.xml:1175(command)
7527
7533
msgid "sudo aa-genprof executable"
7528
7534
msgstr "sudo aa-genprof executable"
7530
#: serverguide/C/security.xml:1157(para)
7536
#: serverguide/C/security.xml:1177(para)
7531
7537
msgid "For example:"
7532
7538
msgstr "Na primer:"
7534
#: serverguide/C/security.xml:1161(command)
7540
#: serverguide/C/security.xml:1181(command)
7535
7541
msgid "sudo aa-genprof slapd"
7536
7542
msgstr "sudo aa-genprof slapd"
7538
#: serverguide/C/security.xml:1165(para)
7544
#: serverguide/C/security.xml:1185(para)
7540
7546
"To get your new profile included in the <application>apparmor-"
7541
7547
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7612
7618
"the private key."
7615
#: serverguide/C/security.xml:1239(para)
7621
#: serverguide/C/security.xml:1259(para)
7617
7623
"A common use for public-key cryptography is encrypting application traffic "
7618
7624
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7619
"connection. For example, configuring Apache to provide "
7625
"connection. One example: configuring Apache to provide "
7620
7626
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7621
7627
"encrypt traffic using a protocol that does not itself provide encryption."
7624
#: serverguide/C/security.xml:1244(para)
7630
#: serverguide/C/security.xml:1264(para)
7626
7632
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7627
7633
"<emphasis>public key</emphasis> and other information about a server and the "
7628
7634
"organization who is responsible for it. Certificates can be digitally signed "
7629
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7635
"by a <emphasis>Certification Authority</emphasis>, or CA. A CA is a trusted "
7630
7636
"third party that has confirmed that the information contained in the "
7631
7637
"certificate is accurate."
7634
#: serverguide/C/security.xml:1251(title)
7640
#: serverguide/C/security.xml:1271(title)
7635
7641
msgid "Types of Certificates"
7636
7642
msgstr "Vrste potrdil"
7638
#: serverguide/C/security.xml:1252(para)
7644
#: serverguide/C/security.xml:1272(para)
7640
7646
"To set up a secure server using public-key cryptography, in most cases, you "
7641
7647
"send your certificate request (including your public key), proof of your "
7702
7708
"your friends or colleagues, or purely on monetary factors."
7705
#: serverguide/C/security.xml:1317(para)
7711
#: serverguide/C/security.xml:1337(para)
7707
7713
"Once you have decided upon a CA, you need to follow the instructions they "
7708
7714
"provide on how to obtain a certificate from them."
7711
#: serverguide/C/security.xml:1322(para)
7717
#: serverguide/C/security.xml:1342(para)
7713
7719
"When the CA is satisfied that you are indeed who you claim to be, they send "
7714
7720
"you a digital certificate."
7717
#: serverguide/C/security.xml:1326(para)
7723
#: serverguide/C/security.xml:1346(para)
7719
7725
"Install this certificate on your secure server, and configure the "
7720
7726
"appropriate applications to use the certificate."
7723
#: serverguide/C/security.xml:1335(title)
7729
#: serverguide/C/security.xml:1355(title)
7724
7730
msgid "Generating a Certificate Signing Request (CSR)"
7727
#: serverguide/C/security.xml:1337(para)
7733
#: serverguide/C/security.xml:1357(para)
7729
7735
"Whether you are getting a certificate from a CA or generating your own self-"
7730
7736
"signed certificate, the first step is to generate a key."
7733
#: serverguide/C/security.xml:1342(para)
7739
#: serverguide/C/security.xml:1362(para)
7735
7741
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7736
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7742
"Dovecot, etc., a key without a passphrase is often appropriate. Not having a "
7737
7743
"passphrase allows the services to start without manual intervention, usually "
7738
7744
"the preferred way to start a daemon."
7741
#: serverguide/C/security.xml:1348(para)
7747
#: serverguide/C/security.xml:1368(para)
7743
7749
"This section will cover generating a key with a passphrase, and one without. "
7744
7750
"The non-passphrase key will then be used to generate a certificate that can "
7745
7751
"be used with various service daemons."
7748
#: serverguide/C/security.xml:1354(para)
7754
#: serverguide/C/security.xml:1374(para)
7750
7756
"Running your secure service without a passphrase is convenient because you "
7751
7757
"will not need to enter the passphrase every time you start your secure "
7782
7788
"in a dictionary. Also remember that your passphrase is case-sensitive."
7785
#: serverguide/C/security.xml:1386(para)
7791
#: serverguide/C/security.xml:1406(para)
7787
7793
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7788
7794
"server key is generated and stored in the <filename>server.key</filename> "
7792
#: serverguide/C/security.xml:1392(para)
7798
#: serverguide/C/security.xml:1412(para)
7794
7800
"Now create the insecure key, the one without a passphrase, and shuffle the "
7798
#: serverguide/C/security.xml:1398(command)
7804
#: serverguide/C/security.xml:1418(command)
7799
7805
msgid "openssl rsa -in server.key -out server.key.insecure"
7800
7806
msgstr "openssl rsa -in server.key -out server.key.insecure"
7802
#: serverguide/C/security.xml:1399(command)
7808
#: serverguide/C/security.xml:1419(command)
7803
7809
msgid "mv server.key server.key.secure"
7804
7810
msgstr "mv server.key server.key.secure"
7806
#: serverguide/C/security.xml:1400(command)
7812
#: serverguide/C/security.xml:1420(command)
7807
7813
msgid "mv server.key.insecure server.key"
7808
7814
msgstr "mv server.key.insecure server.key"
7810
#: serverguide/C/security.xml:1403(para)
7816
#: serverguide/C/security.xml:1423(para)
7812
7818
"The insecure key is now named <filename>server.key</filename>, and you can "
7813
7819
"use this file to generate the CSR without passphrase."
7816
#: serverguide/C/security.xml:1408(para)
7822
#: serverguide/C/security.xml:1428(para)
7817
7823
msgid "To create the CSR, run the following command at a terminal prompt:"
7820
#: serverguide/C/security.xml:1413(command)
7826
#: serverguide/C/security.xml:1433(command)
7821
7827
msgid "openssl req -new -key server.key -out server.csr"
7822
7828
msgstr "openssl req -new -key server.key -out server.csr"
7824
#: serverguide/C/security.xml:1416(para)
7830
#: serverguide/C/security.xml:1436(para)
7826
7832
"It will prompt you enter the passphrase. If you enter the correct "
7827
7833
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
7854
7860
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7857
#: serverguide/C/security.xml:1441(para)
7863
#: serverguide/C/security.xml:1461(para)
7859
7865
"The above command will prompt you to enter the passphrase. Once you enter "
7860
7866
"the correct passphrase, your certificate will be created and it will be "
7861
7867
"stored in the <filename>server.crt</filename> file."
7864
#: serverguide/C/security.xml:1446(para)
7870
#: serverguide/C/security.xml:1466(para)
7866
7872
"If your secure server is to be used in a production environment, you "
7867
7873
"probably need a CA-signed certificate. It is not recommended to use self-"
7868
7874
"signed certificate."
7871
#: serverguide/C/security.xml:1454(title)
7877
#: serverguide/C/security.xml:1474(title)
7872
7878
msgid "Installing the Certificate"
7873
7879
msgstr "Nameščanje potrdila"
7875
#: serverguide/C/security.xml:1456(para)
7881
#: serverguide/C/security.xml:1476(para)
7877
7883
"You can install the key file <filename>server.key</filename> and certificate "
7878
7884
"file <filename>server.crt</filename>, or the certificate file issued by your "
7879
7885
"CA, by running following commands at a terminal prompt:"
7882
#: serverguide/C/security.xml:1462(command)
7888
#: serverguide/C/security.xml:1482(command)
7883
7889
msgid "sudo cp server.crt /etc/ssl/certs"
7884
7890
msgstr "sudo cp server.crt /etc/ssl/certs"
7886
#: serverguide/C/security.xml:1463(command)
7892
#: serverguide/C/security.xml:1483(command)
7887
7893
msgid "sudo cp server.key /etc/ssl/private"
7888
7894
msgstr "sudo cp server.key /etc/ssl/private"
7890
#: serverguide/C/security.xml:1465(para)
7896
#: serverguide/C/security.xml:1485(para)
7892
7898
"Now simply configure any applications, with the ability to use public-key "
7893
7899
"cryptography, to use the <emphasis>certificate</emphasis> and "
8088
8092
"filesystem, partition type, etc."
8091
#: serverguide/C/security.xml:1647(para)
8095
#: serverguide/C/security.xml:1667(para)
8093
8097
"During installation there is an option to encrypt the <filename "
8094
8098
"role=\"directory\">/home</filename> partition. This will automatically "
8095
8099
"configure everything needed to encrypt and mount the partition."
8098
#: serverguide/C/security.xml:1652(para)
8102
#: serverguide/C/security.xml:1672(para)
8100
8104
"As an example, this section will cover configuring <filename "
8101
8105
"role=\"directory\">/srv</filename> to be encrypted using "
8102
8106
"<emphasis>eCryptfs</emphasis>."
8105
#: serverguide/C/security.xml:1657(title)
8109
#: serverguide/C/security.xml:1677(title)
8106
8110
msgid "Using eCryptfs"
8107
8111
msgstr "Uporaba eCryptfs"
8109
#: serverguide/C/security.xml:1659(para)
8113
#: serverguide/C/security.xml:1679(para)
8110
8114
msgid "First, install the necessary packages. From a terminal prompt enter:"
8111
8115
msgstr "Najprej namestite potrebne pakete. V terminalu vnesite:"
8113
#: serverguide/C/security.xml:1664(command)
8117
#: serverguide/C/security.xml:1684(command)
8114
8118
msgid "sudo apt-get install ecryptfs-utils"
8115
8119
msgstr "sudo apt-get install ecryptfs-utils"
8117
#: serverguide/C/security.xml:1667(para)
8121
#: serverguide/C/security.xml:1687(para)
8118
8122
msgid "Now mount the partition to be encrypted:"
8119
8123
msgstr "Priklopite razdelek, ki bo šifriran:"
8121
#: serverguide/C/security.xml:1672(command)
8125
#: serverguide/C/security.xml:1692(command)
8122
8126
msgid "sudo mount -t ecryptfs /srv /srv"
8123
8127
msgstr "sudo mount -t ecryptfs /srv /srv"
8125
#: serverguide/C/security.xml:1675(para)
8129
#: serverguide/C/security.xml:1695(para)
8127
8131
"You will then be prompted for some details on how "
8128
8132
"<application>ecryptfs</application> should encrypt the data."
8131
#: serverguide/C/security.xml:1679(para)
8135
#: serverguide/C/security.xml:1699(para)
8133
8137
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8134
8138
"copy the <filename>/etc/default</filename> folder to "
8135
8139
"<filename>/srv</filename>:"
8138
#: serverguide/C/security.xml:1685(command) serverguide/C/clustering.xml:190(command)
8142
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:190(command)
8139
8143
msgid "sudo cp -r /etc/default /srv"
8140
8144
msgstr "sudo cp -r /etc/default /srv"
8142
#: serverguide/C/security.xml:1688(para)
8146
#: serverguide/C/security.xml:1708(para)
8143
8147
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8145
8149
"Odklopite <filename>/srv</filename> in si poskusite ogledati datoteko:"
8147
#: serverguide/C/security.xml:1693(command) serverguide/C/installation.xml:1118(command) serverguide/C/clustering.xml:198(command)
8151
#: serverguide/C/security.xml:1713(command) serverguide/C/clustering.xml:198(command)
8148
8152
msgid "sudo umount /srv"
8149
8153
msgstr "sudo umount /srv"
8151
#: serverguide/C/security.xml:1694(command)
8155
#: serverguide/C/security.xml:1714(command)
8152
8156
msgid "cat /srv/default/cron"
8153
8157
msgstr "cat /srv/default/cron"
8155
#: serverguide/C/security.xml:1697(para)
8159
#: serverguide/C/security.xml:1717(para)
8157
8161
"Remounting <filename>/srv</filename> using "
8158
8162
"<application>ecryptfs</application> will make the data viewable once again."
8161
#: serverguide/C/security.xml:1703(title)
8165
#: serverguide/C/security.xml:1723(title)
8162
8166
msgid "Automatically Mounting Encrypted Partitions"
8163
8167
msgstr "Samodejno priključevanje šifriranih razdelkov"
8165
#: serverguide/C/security.xml:1705(para)
8169
#: serverguide/C/security.xml:1725(para)
8167
8171
"There are a couple of ways to automatically mount an "
8168
8172
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8260
8264
"other users on the system."
8263
#: serverguide/C/security.xml:1772(para)
8267
#: serverguide/C/security.xml:1792(para)
8265
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8266
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8269
"<emphasis>ecryptfs-mount-private</emphasis> and <emphasis> ecryptfs-umount-"
8270
"private</emphasis> will mount and unmount a user's "
8271
"<filename>~/Private</filename> directory."
8270
#: serverguide/C/security.xml:1778(para)
8274
#: serverguide/C/security.xml:1798(para)
8272
8276
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8273
8277
"kernel keyring."
8276
#: serverguide/C/security.xml:1783(para)
8280
#: serverguide/C/security.xml:1803(para)
8278
8282
"<emphasis>ecryptfs-manager:</emphasis> manages "
8279
8283
"<application>eCryptfs</application> objects such as keys."
8282
#: serverguide/C/security.xml:1788(para)
8286
#: serverguide/C/security.xml:1808(para)
8284
8288
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8285
8289
"<application>ecryptfs</application> meta information for a file."
8288
#: serverguide/C/security.xml:1801(para)
8292
#: serverguide/C/security.xml:1821(para)
8290
8294
"For more information on <emphasis>eCryptfs</emphasis> see the <ulink "
8291
8295
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8294
#: serverguide/C/security.xml:1806(para)
8298
#: serverguide/C/security.xml:1826(para)
8296
8300
"There is also a <ulink "
8297
8301
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8547
8551
"Za konec znova zaženite storitve <application>samba</application>, da se "
8548
8552
"uveljavijo nove nastavitve:"
8550
#: serverguide/C/windows-networking.xml:214(command) serverguide/C/windows-networking.xml:336(command) serverguide/C/windows-networking.xml:474(command) serverguide/C/windows-networking.xml:574(command) serverguide/C/windows-networking.xml:925(command) serverguide/C/windows-networking.xml:1080(command) serverguide/C/windows-networking.xml:1187(command) serverguide/C/network-auth.xml:2533(command)
8554
#: serverguide/C/samba.xml:214(command) serverguide/C/samba.xml:336(command) serverguide/C/samba.xml:474(command) serverguide/C/samba.xml:574(command) serverguide/C/samba.xml:925(command) serverguide/C/samba.xml:1080(command) serverguide/C/samba.xml:1187(command) serverguide/C/network-auth.xml:2532(command) serverguide/C/network-auth.xml:4114(command)
8551
8555
msgid "sudo restart smbd"
8552
8556
msgstr "sudo restart smbd"
8554
#: serverguide/C/windows-networking.xml:215(command) serverguide/C/windows-networking.xml:337(command) serverguide/C/windows-networking.xml:475(command) serverguide/C/windows-networking.xml:575(command) serverguide/C/windows-networking.xml:926(command) serverguide/C/windows-networking.xml:1081(command) serverguide/C/windows-networking.xml:1188(command) serverguide/C/network-auth.xml:2534(command)
8558
#: serverguide/C/samba.xml:215(command) serverguide/C/samba.xml:337(command) serverguide/C/samba.xml:475(command) serverguide/C/samba.xml:575(command) serverguide/C/samba.xml:926(command) serverguide/C/samba.xml:1081(command) serverguide/C/samba.xml:1188(command) serverguide/C/network-auth.xml:2533(command) serverguide/C/network-auth.xml:4115(command)
8555
8559
msgid "sudo restart nmbd"
8556
8560
msgstr "sudo restart nmbd"
8558
#: serverguide/C/windows-networking.xml:222(para)
8562
#: serverguide/C/samba.xml:222(para)
8560
8564
"Once again, the above configuration gives all access to any client on the "
8561
8565
"local network. For a more secure configuration see <xref linkend=\"samba-"
8562
8566
"fileprint-security\"/>."
8565
#: serverguide/C/windows-networking.xml:228(para)
8569
#: serverguide/C/samba.xml:228(para)
8567
8571
"From a Windows client you should now be able to browse to the Ubuntu file "
8568
8572
"server and see the shared directory. If your client doesn't show your share "
8755
8759
"of the Samba guide for more details."
8758
#: serverguide/C/windows-networking.xml:425(para)
8762
#: serverguide/C/samba.xml:425(para)
8760
8764
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
8761
8765
"without supplying a username and password."
8764
#: serverguide/C/windows-networking.xml:432(para)
8768
#: serverguide/C/samba.xml:432(para)
8766
8770
"The security mode you choose will depend on your environment and what you "
8767
8771
"need the Samba server to accomplish."
8770
#: serverguide/C/windows-networking.xml:438(title)
8774
#: serverguide/C/samba.xml:438(title)
8771
8775
msgid "Security = User"
8772
8776
msgstr "Security = User"
8774
#: serverguide/C/windows-networking.xml:440(para)
8778
#: serverguide/C/samba.xml:440(para)
8776
8780
"This section will reconfigure the Samba file and print server, from <xref "
8777
8781
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
8778
8782
"require authentication."
8781
#: serverguide/C/windows-networking.xml:445(para)
8785
#: serverguide/C/samba.xml:445(para)
8783
8787
"First, install the <application>libpam-smbpass</application> package which "
8784
8788
"will sync the system users to the Samba user database:"
8787
#: serverguide/C/windows-networking.xml:451(command)
8791
#: serverguide/C/samba.xml:451(command)
8788
8792
msgid "sudo apt-get install libpam-smbpass"
8789
8793
msgstr "sudo apt-get install libpam-smbpass"
8791
#: serverguide/C/windows-networking.xml:455(para)
8795
#: serverguide/C/samba.xml:455(para)
8793
8797
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
8794
8798
"<application>libpam-smbpass</application> is already installed."
8797
#: serverguide/C/windows-networking.xml:461(para)
8801
#: serverguide/C/samba.xml:461(para)
8799
8803
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
8800
8804
"<emphasis>[share]</emphasis> section change:"
8812
8816
" guest ok = no\n"
8814
#: serverguide/C/windows-networking.xml:469(para)
8818
#: serverguide/C/samba.xml:469(para)
8815
8819
msgid "Finally, restart Samba for the new settings to take effect:"
8817
8821
"Za konec znova zaženite program Samba, da se uveljavijo nove nastavitve:"
8819
#: serverguide/C/windows-networking.xml:478(para)
8823
#: serverguide/C/samba.xml:478(para)
8821
8825
"Now when connecting to the shared directories or printers you should be "
8822
8826
"prompted for a username and password."
8825
#: serverguide/C/windows-networking.xml:483(para)
8829
#: serverguide/C/samba.xml:483(para)
8827
8831
"If you choose to map a network drive to the share you can check the "
8828
8832
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
8829
8833
"enter the username and password once, at least until the password changes."
8832
#: serverguide/C/windows-networking.xml:491(title)
8836
#: serverguide/C/samba.xml:491(title)
8833
8837
msgid "Share Security"
8836
#: serverguide/C/windows-networking.xml:493(para)
8840
#: serverguide/C/samba.xml:493(para)
8838
8842
"There are several options available to increase the security for each "
8839
8843
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
8840
8844
"this section will cover some common options."
8843
#: serverguide/C/windows-networking.xml:499(title)
8847
#: serverguide/C/samba.xml:499(title)
8845
8849
msgstr "Skupine"
8847
#: serverguide/C/windows-networking.xml:501(para)
8851
#: serverguide/C/samba.xml:501(para)
8849
8853
"Groups define a collection of computers or users which have a common level "
8850
8854
"of access to particular network resources and offer a level of granularity "
9225
#: serverguide/C/windows-networking.xml:827(para)
9229
#: serverguide/C/samba.xml:827(para)
9227
9231
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
9230
#: serverguide/C/windows-networking.xml:832(para)
9234
#: serverguide/C/samba.xml:832(para)
9232
9236
"<emphasis>logon home:</emphasis> specifies the home directory location."
9235
#: serverguide/C/windows-networking.xml:837(para)
9239
#: serverguide/C/samba.xml:837(para)
9237
9241
"<emphasis>logon script:</emphasis> determines the script to be run locally "
9238
9242
"once a user has logged in. The script needs to be placed in the "
9239
9243
"<emphasis>[netlogon]</emphasis> share."
9242
#: serverguide/C/windows-networking.xml:843(para)
9246
#: serverguide/C/samba.xml:843(para)
9244
9248
"<emphasis>add machine script:</emphasis> a script that will automatically "
9245
9249
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
9246
9250
"workstation to join the domain."
9249
#: serverguide/C/windows-networking.xml:847(para)
9253
#: serverguide/C/samba.xml:847(para)
9251
9255
"In this example the <emphasis>machines</emphasis> group will need to be "
9252
9256
"created using the <application>addgroup</application> utility see <xref "
9253
9257
"linkend=\"adding-deleting-users\"/> for details."
9256
#: serverguide/C/windows-networking.xml:858(para)
9260
#: serverguide/C/samba.xml:858(para)
9258
9262
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
9259
9263
"role=\"italic\">logon home</emphasis> to be mapped:"
9262
#: serverguide/C/windows-networking.xml:863(programlisting)
9266
#: serverguide/C/samba.xml:863(programlisting)
9322
9326
"Sedaj ustvarite mapo <filename role=\"directory\">netlogon</filename> in "
9323
9327
"prazno datoteko <filename>logon.cmd</filename>:"
9325
#: serverguide/C/windows-networking.xml:908(command)
9329
#: serverguide/C/samba.xml:908(command)
9326
9330
msgid "sudo mkdir -p /srv/samba/netlogon"
9327
9331
msgstr "sudo mkdir -p /srv/samba/netlogon"
9329
#: serverguide/C/windows-networking.xml:909(command)
9333
#: serverguide/C/samba.xml:909(command)
9330
9334
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
9331
9335
msgstr "sudo touch /srv/samba/netlogon/logon.cmd"
9333
#: serverguide/C/windows-networking.xml:912(para)
9337
#: serverguide/C/samba.xml:912(para)
9335
9339
"You can enter any normal Windows logon script commands in "
9336
9340
"<filename>logon.cmd</filename> to customize the client's environment."
9339
#: serverguide/C/windows-networking.xml:920(para)
9343
#: serverguide/C/samba.xml:920(para)
9340
9344
msgid "Restart Samba to enable the new domain controller:"
9343
#: serverguide/C/windows-networking.xml:932(para)
9347
#: serverguide/C/samba.xml:932(para)
9345
9349
"Lastly, there are a few additional commands needed to setup the appropriate "
9349
#: serverguide/C/windows-networking.xml:936(para)
9353
#: serverguide/C/samba.xml:936(para)
9351
9355
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
9352
9356
"workstation to the domain, a system group needs to be mapped to the Windows "
9381
#: serverguide/C/windows-networking.xml:963(para)
9385
#: serverguide/C/samba.xml:963(para)
9383
9387
"Also, rights need to be explicitly provided to the <emphasis>Domain "
9384
9388
"Admins</emphasis> group to allow the <emphasis>add machine script</emphasis> "
9385
9389
"(and other admin functions) to work. This is achieved by executing:"
9388
#: serverguide/C/windows-networking.xml:968(command)
9392
#: serverguide/C/samba.xml:968(command)
9390
9394
"net rpc rights grant -U sysadmin \"EXAMPLE\\Domain Admins\" "
9391
9395
"SeMachineAccountPrivilege \\ SePrintOperatorPrivilege SeAddUsersPrivilege "
9392
9396
"SeDiskOperatorPrivilege \\ SeRemoteShutdownPrivilege"
9395
#: serverguide/C/windows-networking.xml:976(para)
9399
#: serverguide/C/samba.xml:976(para)
9397
9401
"You should now be able to join Windows clients to the Domain in the same "
9398
9402
"manner as joining them to an NT4 domain running on a Windows server."
9401
#: serverguide/C/windows-networking.xml:986(title)
9405
#: serverguide/C/samba.xml:986(title)
9402
9406
msgid "Backup Domain Controller"
9405
#: serverguide/C/windows-networking.xml:988(para)
9409
#: serverguide/C/samba.xml:988(para)
9407
9411
"With a Primary Domain Controller (PDC) on the network it is best to have a "
9408
9412
"Backup Domain Controller (BDC) as well. This will allow clients to "
9409
9413
"authenticate in case the PDC becomes unavailable."
9412
#: serverguide/C/windows-networking.xml:993(para)
9416
#: serverguide/C/samba.xml:993(para)
9414
9418
"When configuring Samba as a BDC you need a way to sync account information "
9415
9419
"with the PDC. There are multiple ways of accomplishing this "
9461
9465
"files, enter:"
9464
#: serverguide/C/windows-networking.xml:1050(command)
9468
#: serverguide/C/samba.xml:1050(command)
9465
9469
msgid "sudo chgrp -R admin /var/lib/samba"
9466
9470
msgstr "sudo chgrp -R admin /var/lib/samba"
9468
#: serverguide/C/windows-networking.xml:1056(para)
9472
#: serverguide/C/samba.xml:1056(para)
9470
9474
"Next, sync the user accounts, using <application>scp</application> to copy "
9471
9475
"the <filename>/var/lib/samba</filename> directory from the PDC:"
9474
#: serverguide/C/windows-networking.xml:1062(command)
9478
#: serverguide/C/samba.xml:1062(command)
9475
9479
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
9476
9480
msgstr "sudo scp -r uporabniško-ime@pdc:/var/lib/samba /var/lib"
9478
#: serverguide/C/windows-networking.xml:1066(para)
9482
#: serverguide/C/samba.xml:1066(para)
9480
9484
"Replace <emphasis>username</emphasis> with a valid username and "
9481
9485
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
9484
#: serverguide/C/windows-networking.xml:1075(para)
9488
#: serverguide/C/samba.xml:1075(para)
9485
9489
msgid "Finally, restart <application>samba</application>:"
9486
9490
msgstr "Za konec znova zaženite program <application>samba</application>:"
9488
#: serverguide/C/windows-networking.xml:1087(para)
9492
#: serverguide/C/samba.xml:1087(para)
9490
9494
"You can test that your Backup Domain controller is working by stopping the "
9491
9495
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
9495
#: serverguide/C/windows-networking.xml:1092(para)
9499
#: serverguide/C/samba.xml:1092(para)
9497
9501
"Another thing to keep in mind is if you have configured the <emphasis>logon "
9498
9502
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
9592
9596
"security\"/> for more details."
9595
#: serverguide/C/windows-networking.xml:1199(title)
9599
#: serverguide/C/samba.xml:1199(title)
9596
9600
msgid "Accessing a Windows Share"
9599
#: serverguide/C/windows-networking.xml:1201(para)
9603
#: serverguide/C/samba.xml:1201(para)
9601
9605
"Now that the Samba server is part of the Active Directory domain you can "
9602
9606
"access any Windows server shares:"
9605
#: serverguide/C/windows-networking.xml:1208(para)
9609
#: serverguide/C/samba.xml:1208(para)
9607
9611
"To mount a Windows file share enter the following in a terminal prompt:"
9610
#: serverguide/C/windows-networking.xml:1212(command)
9614
#: serverguide/C/samba.xml:1212(command)
9611
9615
msgid "mount.cifs //fs01.example.com/share mount_point"
9614
#: serverguide/C/windows-networking.xml:1215(para)
9618
#: serverguide/C/samba.xml:1215(para)
9616
9620
"It is also possible to access shares on computers not part of an AD domain, "
9617
9621
"but a username and password will need to be provided."
9620
#: serverguide/C/windows-networking.xml:1223(para)
9624
#: serverguide/C/samba.xml:1223(para)
9622
9626
"To mount the share during boot place an entry in "
9623
9627
"<filename>/etc/fstab</filename>, for example:"
9626
#: serverguide/C/windows-networking.xml:1227(programlisting)
9630
#: serverguide/C/samba.xml:1227(programlisting)
9634
9638
"//192.168.0.5/share /mnt/windows cifs "
9635
9639
"auto,username=klemen,password=skrivnost,rw 0 0\n"
9637
#: serverguide/C/windows-networking.xml:1234(para)
9641
#: serverguide/C/samba.xml:1234(para)
9639
9643
"Another way to copy files from a Windows server is to use the "
9640
9644
"<application>smbclient</application> utility. To list the files in a Windows "
9644
#: serverguide/C/windows-networking.xml:1240(command)
9648
#: serverguide/C/samba.xml:1240(command)
9645
9649
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
9646
9650
msgstr "smbclient //fs01.primer.si/share -k -c \"ls\""
9648
#: serverguide/C/windows-networking.xml:1246(para)
9652
#: serverguide/C/samba.xml:1246(para)
9649
9653
msgid "To copy a file from the share, enter:"
9652
#: serverguide/C/windows-networking.xml:1251(command)
9656
#: serverguide/C/samba.xml:1251(command)
9653
9657
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
9656
#: serverguide/C/windows-networking.xml:1254(para)
9660
#: serverguide/C/samba.xml:1254(para)
9658
9662
"This will copy the <filename>file.txt</filename> into the current directory."
9661
#: serverguide/C/windows-networking.xml:1261(para)
9665
#: serverguide/C/samba.xml:1261(para)
9662
9666
msgid "And to copy a file to the share:"
9665
#: serverguide/C/windows-networking.xml:1266(command)
9669
#: serverguide/C/samba.xml:1266(command)
9666
9670
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
9667
9671
msgstr "smbclient //fs01.primer.si/share -k -c \"put /etc/hosts hosts\""
9669
#: serverguide/C/windows-networking.xml:1269(para)
9673
#: serverguide/C/samba.xml:1269(para)
9671
9675
"This will copy the <filename>/etc/hosts</filename> to "
9672
9676
"<filename>//fs01.example.com/share/hosts</filename>."
9675
#: serverguide/C/windows-networking.xml:1276(para)
9679
#: serverguide/C/samba.xml:1276(para)
9677
9681
"The <emphasis>-c</emphasis> option used above allows you to execute the "
9678
9682
"<application>smbclient</application> command all at once. This is useful for "
10649
10653
"<application>Microsoft Active Directory</application> domain."
10652
#: serverguide/C/remote-administration.xml:509(para)
10656
#: serverguide/C/remote-administration.xml:549(para)
10654
10658
"zentyal-squid: configures <application>Squid</application> and "
10655
10659
"<application>Dansguardian</application> for speeding up browsing thanks to "
10656
10660
"the caching capabilities and content filtering."
10659
#: serverguide/C/remote-administration.xml:516(para)
10663
#: serverguide/C/remote-administration.xml:556(para)
10661
10665
"zentyal-samba: allows <application>Samba</application> configuration and "
10662
10666
"integration with existing LDAP. From the same interface you can define "
10663
10667
"password policies, create shared resources and assign permissions."
10666
#: serverguide/C/remote-administration.xml:524(para)
10670
#: serverguide/C/remote-administration.xml:564(para)
10668
10672
"zentyal-printers: integrates <application>CUPS</application> with "
10669
10673
"<application>Samba</application> and allows not only to configure the "
10670
10674
"printers but also give them permissions based on LDAP users and groups."
10673
#: serverguide/C/remote-administration.xml:533(para)
10677
#: serverguide/C/remote-administration.xml:573(para)
10675
10679
"To install <application>Zentyal</application>, in a terminal on the "
10676
10680
"<emphasis>server</emphasis> enter (where <zentyal-module> is any of "
10677
10681
"the modules from the previous list):"
10680
#: serverguide/C/remote-administration.xml:540(command)
10684
#: serverguide/C/remote-administration.xml:580(command)
10681
10685
msgid "sudo apt-get install <zentyal-module>"
10684
#: serverguide/C/remote-administration.xml:544(para)
10688
#: serverguide/C/remote-administration.xml:584(para)
10686
10690
"<application>Zentyal</application> publishes one major stable release once a "
10687
10691
"year (in September) based on latest Ubuntu LTS release. Stable releases "
10701
10705
"Personal Package Archive (PPA)</ulink>."
10704
#: serverguide/C/remote-administration.xml:566(para)
10708
#: serverguide/C/remote-administration.xml:606(para)
10706
10710
"Not present on Ubuntu Universe repositories, but on <ulink "
10707
10711
"url=\"https://launchpad.net/~zentyal/\">Zentyal Team PPA</ulink> you will "
10708
10712
"find these other modules:"
10711
#: serverguide/C/remote-administration.xml:573(para)
10715
#: serverguide/C/remote-administration.xml:613(para)
10713
10717
"zentyal-antivirus: integrates <application>ClamAV</application> antivirus "
10714
10718
"with other modules like the proxy, file sharing or mailfilter."
10717
#: serverguide/C/remote-administration.xml:580(para)
10721
#: serverguide/C/remote-administration.xml:620(para)
10719
10723
"zentyal-asterisk: configures <application>Asterisk</application> to provide "
10720
10724
"a simple PBX with LDAP based authentication."
10723
#: serverguide/C/remote-administration.xml:586(para)
10727
#: serverguide/C/remote-administration.xml:626(para)
10725
10729
"zentyal-bwmonitor: allows to monitor bandwith usage of your LAN clients."
10728
#: serverguide/C/remote-administration.xml:592(para)
10732
#: serverguide/C/remote-administration.xml:632(para)
10730
10734
"zentyal-captiveportal: integrates a captive portal with the firewall and "
10731
10735
"LDAP users and groups."
10734
#: serverguide/C/remote-administration.xml:598(para)
10738
#: serverguide/C/remote-administration.xml:638(para)
10736
10740
"zentyal-ebackup: allows to make scheduled backups of your server using the "
10737
10741
"popular <application>duplicity</application> backup tool."
10740
#: serverguide/C/remote-administration.xml:604(para)
10744
#: serverguide/C/remote-administration.xml:644(para)
10741
10745
msgid "zentyal-ftp: configures a FTP server with LDAP based authentication."
10744
#: serverguide/C/remote-administration.xml:609(para)
10748
#: serverguide/C/remote-administration.xml:649(para)
10745
10749
msgid "zentyal-ids: integrates a network intrusion detection system."
10748
#: serverguide/C/remote-administration.xml:614(para)
10752
#: serverguide/C/remote-administration.xml:654(para)
10750
10754
"zentyal-ipsec: allows to configure IPsec tunnels using "
10751
10755
"<application>OpenSwan</application>."
10754
#: serverguide/C/remote-administration.xml:620(para)
10758
#: serverguide/C/remote-administration.xml:660(para)
10756
10760
"zentyal-jabber: integrates <application>ejabberd</application> XMPP server "
10757
10761
"with LDAP users and groups."
10760
#: serverguide/C/remote-administration.xml:626(para)
10764
#: serverguide/C/remote-administration.xml:666(para)
10762
10766
"zentyal-thinclients: a <application>LTSP</application> based thin clients "
10766
#: serverguide/C/remote-administration.xml:632(para)
10770
#: serverguide/C/remote-administration.xml:672(para)
10768
10772
"zentyal-mail: a full mail stack including <application>Postfix "
10769
10773
"</application> and <application>Dovecot</application> with LDAP backend."
10772
#: serverguide/C/remote-administration.xml:639(para)
10776
#: serverguide/C/remote-administration.xml:679(para)
10774
10778
"zentyal-mailfilter: configures <application>amavisd</application> with mail "
10775
10779
"stack to filter spam and attached virus."
10778
#: serverguide/C/remote-administration.xml:645(para)
10782
#: serverguide/C/remote-administration.xml:685(para)
10780
10784
"zentyal-monitor: integrates <application>collectd</application> to monitor "
10781
10785
"server performance and running services."
10784
#: serverguide/C/remote-administration.xml:651(para)
10788
#: serverguide/C/remote-administration.xml:691(para)
10786
10790
"zentyal-pptp: configures a <application>PPTP</application> VPN server."
10789
#: serverguide/C/remote-administration.xml:656(para)
10793
#: serverguide/C/remote-administration.xml:696(para)
10791
10795
"zentyal-radius: integrates <application>FreeRADIUS</application> with LDAP "
10792
10796
"users and groups."
10795
#: serverguide/C/remote-administration.xml:662(para)
10799
#: serverguide/C/remote-administration.xml:702(para)
10797
10801
"zentyal-software: simple interface to manage installed "
10798
10802
"<application>Zentyal</application> modules and system updates."
10801
#: serverguide/C/remote-administration.xml:668(para)
10805
#: serverguide/C/remote-administration.xml:708(para)
10803
10807
"zentyal-trafficshaping: configures traffic limiting rules to do bandwidth "
10804
10808
"throttling and improve latency."
10807
#: serverguide/C/remote-administration.xml:674(para)
10811
#: serverguide/C/remote-administration.xml:714(para)
10809
10813
"zentyal-usercorner: allows users to edit their own LDAP attributes using a "
10810
10814
"web browser."
10813
#: serverguide/C/remote-administration.xml:680(para)
10817
#: serverguide/C/remote-administration.xml:720(para)
10815
10819
"zentyal-virt: simple interface to create and manage virtual machines based "
10816
10820
"on <application>libvirt</application>."
10819
#: serverguide/C/remote-administration.xml:686(para)
10823
#: serverguide/C/remote-administration.xml:726(para)
10821
10825
"zentyal-webmail: allows to access your mail using the popular "
10822
10826
"<application>Roundcube</application> webmail."
10825
#: serverguide/C/remote-administration.xml:692(para)
10829
#: serverguide/C/remote-administration.xml:732(para)
10827
10831
"zentyal-webserver: configures <application>Apache</application> webserver to "
10828
10832
"host different sites on your machine."
10831
#: serverguide/C/remote-administration.xml:698(para)
10835
#: serverguide/C/remote-administration.xml:738(para)
10833
10837
"zentyal-zarafa: integrates <application>Zarafa</application> groupware suite "
10834
10838
"with <application>Zentyal</application> mail stack and LDAP."
10837
#: serverguide/C/remote-administration.xml:710(title)
10841
#: serverguide/C/remote-administration.xml:750(title)
10838
10842
msgid "First steps"
10841
#: serverguide/C/remote-administration.xml:712(para)
10845
#: serverguide/C/remote-administration.xml:752(para)
10843
10847
"Any system account belonging to the sudo group is allowed to log into "
10844
10848
"<application>Zentyal</application> web interface. If you are using the user "
10845
10849
"created during the installation, this should be in the sudo group by default."
10848
#: serverguide/C/remote-administration.xml:720(para)
10852
#: serverguide/C/remote-administration.xml:760(para)
10849
10853
msgid "If you need to add another user to the sudo group, just execute:"
10852
#: serverguide/C/remote-administration.xml:725(command)
10856
#: serverguide/C/remote-administration.xml:765(command)
10853
10857
msgid "sudo adduser username sudo"
10856
#: serverguide/C/remote-administration.xml:729(para)
10860
#: serverguide/C/remote-administration.xml:769(para)
10858
10862
"To access <application>Zentyal</application> web interface, browse into "
10859
10863
"https://localhost/ (or the IP of your remote server). As Zentyal creates its "
11270
#: serverguide/C/package-management.xml:246(para)
11274
#: serverguide/C/package-management.xml:263(para)
11271
11275
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
11272
11276
msgstr "<emphasis role=\"bold\">i</emphasis>: Nameščen paket"
11274
#: serverguide/C/package-management.xml:251(para)
11278
#: serverguide/C/package-management.xml:268(para)
11276
11280
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
11277
11281
"configuration remains on system"
11280
#: serverguide/C/package-management.xml:255(para)
11284
#: serverguide/C/package-management.xml:272(para)
11281
11285
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
11284
#: serverguide/C/package-management.xml:259(para)
11288
#: serverguide/C/package-management.xml:276(para)
11285
11289
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
11286
11290
msgstr "<emphasis role=\"bold\">v</emphasis>: Navidezen paket"
11288
#: serverguide/C/package-management.xml:263(para)
11292
#: serverguide/C/package-management.xml:280(para)
11289
11293
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
11292
#: serverguide/C/package-management.xml:267(para)
11296
#: serverguide/C/package-management.xml:284(para)
11294
11298
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
11298
#: serverguide/C/package-management.xml:271(para)
11302
#: serverguide/C/package-management.xml:288(para)
11300
11304
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
11301
11305
"and requires fix"
11304
#: serverguide/C/package-management.xml:275(para)
11308
#: serverguide/C/package-management.xml:292(para)
11306
11310
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
11307
11311
"requires fix"
11310
#: serverguide/C/package-management.xml:243(para)
11314
#: serverguide/C/package-management.xml:260(para)
11312
11316
"The first column of information displayed in the package list in the top "
11313
11317
"pane, when actually viewing packages lists the current state of the package, "
11991
11986
"changed by the user."
11994
#: serverguide/C/other-apps.xml:344(para)
11989
#: serverguide/C/other-apps.xml:338(para)
11995
11990
msgid "Invoke it simply with:"
11998
#: serverguide/C/other-apps.xml:349(command)
11993
#: serverguide/C/other-apps.xml:343(command)
11999
11994
msgid "byobu"
12002
#: serverguide/C/other-apps.xml:352(para)
11997
#: serverguide/C/other-apps.xml:346(para)
12004
11999
"Now bring up the configuration menu. By default this is done by pressing the "
12005
12000
"<emphasis>F9</emphasis> key. This will allow you to:"
12008
#: serverguide/C/other-apps.xml:279(para)
12003
#: serverguide/C/other-apps.xml:351(para)
12009
12004
msgid "View the Help menu"
12012
#: serverguide/C/other-apps.xml:280(para)
12007
#: serverguide/C/other-apps.xml:352(para)
12013
12008
msgid "Change Byobu's background color"
12016
#: serverguide/C/other-apps.xml:281(para)
12011
#: serverguide/C/other-apps.xml:353(para)
12017
12012
msgid "Change Byobu's foreground color"
12020
#: serverguide/C/other-apps.xml:282(para)
12015
#: serverguide/C/other-apps.xml:354(para)
12021
12016
msgid "Toggle status notifications"
12024
#: serverguide/C/other-apps.xml:283(para)
12019
#: serverguide/C/other-apps.xml:355(para)
12025
12020
msgid "Change the key binding set"
12028
#: serverguide/C/other-apps.xml:284(para)
12023
#: serverguide/C/other-apps.xml:356(para)
12029
12024
msgid "Change the escape sequence"
12032
#: serverguide/C/other-apps.xml:285(para)
12027
#: serverguide/C/other-apps.xml:357(para)
12033
12028
msgid "Create new windows"
12036
#: serverguide/C/other-apps.xml:286(para)
12031
#: serverguide/C/other-apps.xml:358(para)
12037
12032
msgid "Manage the default windows"
12040
#: serverguide/C/other-apps.xml:287(para)
12035
#: serverguide/C/other-apps.xml:359(para)
12041
12036
msgid "Byobu currently does not launch at login (toggle on)"
12044
#: serverguide/C/other-apps.xml:290(para)
12039
#: serverguide/C/other-apps.xml:362(para)
12046
12041
"The <emphasis>key bindings</emphasis> determine such things as the escape "
12047
12042
"sequence, new window, change window, etc. There are two key binding sets to "
12074
12069
"commands. Here is a quick list of movement commands:"
12077
#: serverguide/C/other-apps.xml:314(para)
12072
#: serverguide/C/other-apps.xml:386(para)
12078
12073
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
12081
#: serverguide/C/other-apps.xml:315(para)
12076
#: serverguide/C/other-apps.xml:387(para)
12082
12077
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
12085
#: serverguide/C/other-apps.xml:316(para)
12080
#: serverguide/C/other-apps.xml:388(para)
12086
12081
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
12089
#: serverguide/C/other-apps.xml:317(para)
12084
#: serverguide/C/other-apps.xml:389(para)
12090
12085
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
12093
#: serverguide/C/other-apps.xml:318(para)
12088
#: serverguide/C/other-apps.xml:390(para)
12094
12089
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
12097
#: serverguide/C/other-apps.xml:319(para)
12092
#: serverguide/C/other-apps.xml:391(para)
12098
12093
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
12101
#: serverguide/C/other-apps.xml:320(para)
12096
#: serverguide/C/other-apps.xml:392(para)
12103
12098
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
12104
12099
"the buffer)"
12107
#: serverguide/C/other-apps.xml:321(para)
12102
#: serverguide/C/other-apps.xml:393(para)
12108
12103
msgid "<emphasis>/</emphasis> - Search forward"
12109
12104
msgstr "<emphasis>/</emphasis> - Išči naprej"
12111
#: serverguide/C/other-apps.xml:322(para)
12106
#: serverguide/C/other-apps.xml:394(para)
12112
12107
msgid "<emphasis>?</emphasis> - Search backward"
12113
12108
msgstr "<emphasis>?</emphasis> - Išči nazaj"
12115
#: serverguide/C/other-apps.xml:401(para)
12110
#: serverguide/C/other-apps.xml:395(para)
12117
12112
"<emphasis>n</emphasis> - Moves to the next match, either forward or backward"
12120
#: serverguide/C/other-apps.xml:361(para)
12115
#: serverguide/C/other-apps.xml:403(para)
12122
12117
"For more information on <application>screen</application> see the <ulink "
12123
12118
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
12126
#: serverguide/C/other-apps.xml:366(para)
12121
#: serverguide/C/other-apps.xml:408(para)
12128
12123
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
12129
12124
"screen</ulink> page."
12493
12488
"auto eth0\n"
12494
12489
"iface eth0 inet dhcp\n"
12496
#: serverguide/C/network-config.xml:257(para)
12491
#: serverguide/C/network-config.xml:261(para)
12498
12493
"By adding an interface configuration as shown above, you can manually enable "
12499
12494
"the interface through the <application>ifup</application> command which "
12500
12495
"initiates the DHCP process via <application>dhclient</application>."
12503
#: serverguide/C/network-config.xml:263(command) serverguide/C/network-config.xml:298(command)
12498
#: serverguide/C/network-config.xml:267(command) serverguide/C/network-config.xml:302(command)
12504
12499
msgid "sudo ifup eth0"
12505
12500
msgstr "sudo ifup eth0"
12507
#: serverguide/C/network-config.xml:265(para)
12502
#: serverguide/C/network-config.xml:269(para)
12509
12504
"To manually disable the interface, you can use the "
12510
12505
"<application>ifdown</application> command, which in turn will initiate the "
12511
12506
"DHCP release process and shut down the interface."
12514
#: serverguide/C/network-config.xml:271(command) serverguide/C/network-config.xml:305(command)
12509
#: serverguide/C/network-config.xml:275(command) serverguide/C/network-config.xml:309(command)
12515
12510
msgid "sudo ifdown eth0"
12516
12511
msgstr "sudo ifdown eth0"
12518
#: serverguide/C/network-config.xml:276(title)
12513
#: serverguide/C/network-config.xml:280(title)
12519
12514
msgid "Static IP Address Assignment"
12522
#: serverguide/C/network-config.xml:277(para)
12517
#: serverguide/C/network-config.xml:281(para)
12524
12519
"To configure your system to use a static IP address assignment, add the "
12525
12520
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
12694
12689
" dns-nameservers 192.168.3.45 192.168.8.10\n"
12697
#: serverguide/C/network-config.xml:402(para)
12692
#: serverguide/C/network-config.xml:406(para)
12699
12694
"If you try to ping a host with the name of <emphasis "
12700
12695
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12701
12696
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12704
#: serverguide/C/network-config.xml:409(para)
12699
#: serverguide/C/network-config.xml:413(para)
12705
12700
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12706
12701
msgstr "streznik1<emphasis role=\"bold\">.primer.si</emphasis>"
12708
#: serverguide/C/network-config.xml:414(para)
12703
#: serverguide/C/network-config.xml:418(para)
12709
12704
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12710
12705
msgstr "streznik1<emphasis role=\"bold\">.prodaja.primer.si</emphasis>"
12712
#: serverguide/C/network-config.xml:419(para)
12707
#: serverguide/C/network-config.xml:423(para)
12713
12708
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12714
12709
msgstr "streznik1<emphasis role=\"bold\">.stranke.primer.si</emphasis>"
12716
#: serverguide/C/network-config.xml:424(para)
12711
#: serverguide/C/network-config.xml:428(para)
12718
12713
"If no matches are found, the DNS server will provide a result of <emphasis "
12719
12714
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12722
#: serverguide/C/network-config.xml:431(title)
12717
#: serverguide/C/network-config.xml:435(title)
12723
12718
msgid "Static Hostnames"
12726
#: serverguide/C/network-config.xml:432(para)
12721
#: serverguide/C/network-config.xml:436(para)
12728
12723
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12729
12724
"file <filename>/etc/hosts</filename>. Entries in the "
13247
13242
"DHCP server, and the configuration is transparent to the computer's user."
13250
#: serverguide/C/network-config.xml:880(para)
13245
#: serverguide/C/network-config.xml:876(para)
13252
13247
"The most common settings provided by a DHCP server to DHCP clients include:"
13255
#: serverguide/C/network-config.xml:885(para)
13250
#: serverguide/C/network-config.xml:881(para)
13256
13251
msgid "IP address and netmask"
13259
#: serverguide/C/network-config.xml:888(para)
13254
#: serverguide/C/network-config.xml:884(para)
13260
13255
msgid "IP address of the default-gateway to use"
13263
#: serverguide/C/network-config.xml:891(para)
13258
#: serverguide/C/network-config.xml:887(para)
13264
13259
msgid "IP adresses of the DNS servers to use"
13267
#: serverguide/C/network-config.xml:894(para)
13262
#: serverguide/C/network-config.xml:890(para)
13269
13264
"However, a DHCP server can also supply configuration properties such as:"
13272
#: serverguide/C/network-config.xml:899(para)
13267
#: serverguide/C/network-config.xml:895(para)
13273
13268
msgid "Host Name"
13276
#: serverguide/C/network-config.xml:902(para)
13271
#: serverguide/C/network-config.xml:898(para)
13277
13272
msgid "Domain Name"
13278
13273
msgstr "Ime domene"
13280
#: serverguide/C/network-config.xml:905(para)
13275
#: serverguide/C/network-config.xml:901(para)
13281
13276
msgid "Time Server"
13284
#: serverguide/C/network-config.xml:911(para)
13279
#: serverguide/C/network-config.xml:907(para)
13286
13281
"The advantage of using DHCP is that changes to the network, for example a "
13287
13282
"change in the address of the DNS server, need only be changed at the DHCP "
13354
13349
"and configure and will be automatically started at system boot."
13357
#: serverguide/C/network-config.xml:976(para)
13352
#: serverguide/C/network-config.xml:974(para)
13359
13354
"At a terminal prompt, enter the following command to install "
13360
13355
"<application>dhcpd</application>:"
13363
#: serverguide/C/network-config.xml:981(command)
13358
#: serverguide/C/network-config.xml:979(command)
13364
13359
msgid "sudo apt-get install isc-dhcp-server"
13367
#: serverguide/C/network-config.xml:983(para)
13362
#: serverguide/C/network-config.xml:981(para)
13369
13364
"You will probably need to change the default configuration by editing "
13370
13365
"/etc/dhcp/dhcpd.conf to suit your needs and particular configuration."
13373
#: serverguide/C/network-config.xml:987(para)
13368
#: serverguide/C/network-config.xml:985(para)
13375
13370
"You also may need to edit /etc/default/isc-dhcp-server to specify the "
13376
13371
"interfaces dhcpd should listen to."
13379
#: serverguide/C/network-config.xml:991(para)
13374
#: serverguide/C/network-config.xml:989(para)
13381
13376
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
13385
#: serverguide/C/network-config.xml:998(para)
13380
#: serverguide/C/network-config.xml:996(para)
13387
13382
"The error message the installation ends with might be a little confusing, "
13388
13383
"but the following steps will help you configure the service:"
13391
#: serverguide/C/network-config.xml:1002(para)
13386
#: serverguide/C/network-config.xml:1000(para)
13393
13388
"Most commonly, what you want to do is assign an IP address randomly. This "
13394
13389
"can be done with settings as follows:"
13397
#: serverguide/C/network-config.xml:1006(programlisting)
13392
#: serverguide/C/network-config.xml:1004(programlisting)
13604
13599
"The Lightweight Directory Access Protocol, or LDAP, is a protocol for "
13605
13600
"querying and modifying a X.500-based directory service running over TCP/IP. "
13606
13601
"The current LDAP version is LDAPv3, as defined in <ulink "
13607
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the its "
13608
"implementation used in Ubuntu is from OpenLDAP."
13602
"url=\"http://tools.ietf.org/html/rfc4510\">RFC4510</ulink>, and the "
13603
"implementation in Ubuntu is OpenLDAP.\""
13611
#: serverguide/C/network-auth.xml:27(para)
13606
#: serverguide/C/network-auth.xml:29(para)
13613
13608
"So the LDAP protocol accesses LDAP directories. Here are some key concepts "
13617
#: serverguide/C/network-auth.xml:34(para)
13612
#: serverguide/C/network-auth.xml:36(para)
13619
13614
"A LDAP directory is a tree of data <emphasis>entries</emphasis> that is "
13620
13615
"hierarchical in nature and is called the Directory Information Tree (DIT)."
13623
#: serverguide/C/network-auth.xml:41(para)
13618
#: serverguide/C/network-auth.xml:43(para)
13624
13619
msgid "An entry consists of a set of <emphasis>attributes</emphasis>."
13627
#: serverguide/C/network-auth.xml:47(para)
13622
#: serverguide/C/network-auth.xml:49(para)
13629
13624
"An attribute has a <emphasis>type</emphasis> (a name/description) and one or "
13630
13625
"more <emphasis>values</emphasis>."
13633
#: serverguide/C/network-auth.xml:53(para)
13628
#: serverguide/C/network-auth.xml:55(para)
13635
13630
"Every attribute must be defined in at least one "
13636
13631
"<emphasis>objectClass</emphasis>."
13639
#: serverguide/C/network-auth.xml:59(para)
13634
#: serverguide/C/network-auth.xml:61(para)
13641
13636
"Attributes and objectclasses are defined in <emphasis>schemas</emphasis> (an "
13642
13637
"objectclass is actually considered as a special kind of attribute)."
13645
#: serverguide/C/network-auth.xml:66(para)
13640
#: serverguide/C/network-auth.xml:68(para)
13647
13642
"Each entry has a unique identifier: its <emphasis>Distinguished "
13648
13643
"Name</emphasis> (DN or dn). This, in turn, consists of a <emphasis>Relative "
13649
13644
"Distinguished Name</emphasis> (RDN) followed by the parent entry's DN."
13652
#: serverguide/C/network-auth.xml:73(para)
13647
#: serverguide/C/network-auth.xml:75(para)
13654
13649
"The entry's DN is not an attribute. It is not considered part of the entry "
13658
#: serverguide/C/network-auth.xml:81(para)
13653
#: serverguide/C/network-auth.xml:83(para)
13660
13655
"The terms <emphasis>object</emphasis>, <emphasis>container</emphasis>, and "
13661
13656
"<emphasis>node</emphasis> have certain connotations but they all essentially "
13882
13877
"dn: olcDatabase={1}hdb,cn=config\n"
13885
#: serverguide/C/network-auth.xml:281(para) serverguide/C/network-auth.xml:372(para)
13880
#: serverguide/C/network-auth.xml:288(para) serverguide/C/network-auth.xml:379(para)
13886
13881
msgid "Explanation of entries:"
13889
#: serverguide/C/network-auth.xml:288(para)
13884
#: serverguide/C/network-auth.xml:295(para)
13890
13885
msgid "<emphasis>cn=config</emphasis>: global settings"
13893
#: serverguide/C/network-auth.xml:294(para)
13888
#: serverguide/C/network-auth.xml:301(para)
13895
13890
"<emphasis>cn=module{0},cn=config</emphasis>: a dynamically loaded module"
13898
#: serverguide/C/network-auth.xml:300(para)
13893
#: serverguide/C/network-auth.xml:307(para)
13900
13895
"<emphasis>cn=schema,cn=config</emphasis>: contains hard-coded system-level "
13904
#: serverguide/C/network-auth.xml:306(para)
13899
#: serverguide/C/network-auth.xml:313(para)
13906
13901
"<emphasis>cn={0}core,cn=schema,cn=config</emphasis>: the hard-coded core "
13910
#: serverguide/C/network-auth.xml:312(para)
13905
#: serverguide/C/network-auth.xml:319(para)
13912
13907
"<emphasis>cn={1}cosine,cn=schema,cn=config</emphasis>: the cosine schema"
13915
#: serverguide/C/network-auth.xml:318(para)
13910
#: serverguide/C/network-auth.xml:325(para)
13916
13911
msgid "<emphasis>cn={2}nis,cn=schema,cn=config</emphasis>: the nis schema"
13919
#: serverguide/C/network-auth.xml:324(para)
13914
#: serverguide/C/network-auth.xml:331(para)
13921
13916
"<emphasis>cn={3}inetorgperson,cn=schema,cn=config</emphasis>: the "
13922
13917
"inetorgperson schema"
13925
#: serverguide/C/network-auth.xml:330(para)
13920
#: serverguide/C/network-auth.xml:337(para)
13927
13922
"<emphasis>olcBackend={0}hdb,cn=config</emphasis>: the 'hdb' backend storage "
13931
#: serverguide/C/network-auth.xml:336(para)
13926
#: serverguide/C/network-auth.xml:343(para)
13933
13928
"<emphasis>olcDatabase={-1}frontend,cn=config</emphasis>: frontend database, "
13934
13929
"default settings for other databases"
13937
#: serverguide/C/network-auth.xml:342(para)
13932
#: serverguide/C/network-auth.xml:349(para)
13939
13934
"<emphasis>olcDatabase={0}config,cn=config</emphasis>: slapd configuration "
13940
13935
"database (cn=config)"
13943
#: serverguide/C/network-auth.xml:348(para)
13938
#: serverguide/C/network-auth.xml:355(para)
13945
13940
"<emphasis>olcDatabase={1}hdb,cn=config</emphasis>: your database instance "
13946
13941
"(dc=examle,dc=com)"
13949
#: serverguide/C/network-auth.xml:359(para)
13944
#: serverguide/C/network-auth.xml:366(para)
13950
13945
msgid "This is what the dc=example,dc=com DIT looks like:"
13953
#: serverguide/C/network-auth.xml:364(command)
13948
#: serverguide/C/network-auth.xml:371(command)
13954
13949
msgid "ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn"
13957
#: serverguide/C/network-auth.xml:365(computeroutput)
13952
#: serverguide/C/network-auth.xml:372(computeroutput)
13963
13958
"dn: cn=admin,dc=example,dc=com\n"
13966
#: serverguide/C/network-auth.xml:379(para)
13961
#: serverguide/C/network-auth.xml:386(para)
13967
13962
msgid "<emphasis>dc=example,dc=com</emphasis>: base of the DIT"
13970
#: serverguide/C/network-auth.xml:385(para)
13965
#: serverguide/C/network-auth.xml:392(para)
13972
13967
"<emphasis>cn=admin,dc=example,dc=com</emphasis>: administrator (rootDN) for "
13973
13968
"this DIT (set up during package install)"
13976
#: serverguide/C/network-auth.xml:399(title)
13971
#: serverguide/C/network-auth.xml:406(title)
13977
13972
msgid "Modifying/Populating your Database"
13980
#: serverguide/C/network-auth.xml:401(para)
13975
#: serverguide/C/network-auth.xml:408(para)
13982
13977
"Let's introduce some content to our database. We will add the following:"
13985
#: serverguide/C/network-auth.xml:408(para)
13980
#: serverguide/C/network-auth.xml:415(para)
13986
13981
msgid "a node called <emphasis>People</emphasis> (to store users)"
13989
#: serverguide/C/network-auth.xml:414(para)
13984
#: serverguide/C/network-auth.xml:421(para)
13990
13985
msgid "a node called <emphasis>Groups</emphasis> (to store groups)"
13993
#: serverguide/C/network-auth.xml:420(para)
13988
#: serverguide/C/network-auth.xml:427(para)
13994
13989
msgid "a group called <emphasis>miners</emphasis>"
13997
#: serverguide/C/network-auth.xml:426(para)
13992
#: serverguide/C/network-auth.xml:433(para)
13998
13993
msgid "a user called <emphasis>john</emphasis>"
14001
#: serverguide/C/network-auth.xml:433(para)
13996
#: serverguide/C/network-auth.xml:440(para)
14003
13998
"Create the following LDIF file and call it "
14004
13999
"<filename>add_content.ldif</filename>:"
14007
#: serverguide/C/network-auth.xml:437(programlisting)
14002
#: serverguide/C/network-auth.xml:444(programlisting)
14091
14086
"gidNumber: 5000\n"
14094
#: serverguide/C/network-auth.xml:508(para)
14089
#: serverguide/C/network-auth.xml:515(para)
14095
14090
msgid "Explanation of switches:"
14098
#: serverguide/C/network-auth.xml:515(para)
14093
#: serverguide/C/network-auth.xml:522(para)
14100
14095
"<emphasis>-x:</emphasis> \"simple\" binding; will not use the default SASL "
14104
#: serverguide/C/network-auth.xml:521(para)
14099
#: serverguide/C/network-auth.xml:528(para)
14105
14100
msgid "<emphasis>-LLL:</emphasis> disable printing extraneous information"
14108
#: serverguide/C/network-auth.xml:527(para)
14103
#: serverguide/C/network-auth.xml:534(para)
14109
14104
msgid "<emphasis>uid=john:</emphasis> a \"filter\" to find the john user"
14112
#: serverguide/C/network-auth.xml:533(para)
14107
#: serverguide/C/network-auth.xml:540(para)
14114
14109
"<emphasis>cn gidNumber:</emphasis> requests certain attributes to be "
14115
14110
"displayed (the default is to show all attributes)"
14118
#: serverguide/C/network-auth.xml:543(title)
14113
#: serverguide/C/network-auth.xml:550(title)
14119
14114
msgid "Modifying the slapd Configuration Database"
14122
#: serverguide/C/network-auth.xml:545(para)
14117
#: serverguide/C/network-auth.xml:552(para)
14124
14119
"The slapd-config DIT can also be queried and modified. Here are a few "
14128
#: serverguide/C/network-auth.xml:552(para)
14123
#: serverguide/C/network-auth.xml:559(para)
14130
14125
"Use <application>ldapmodify</application> to add an \"Index\" (DbIndex "
14131
14126
"attribute) to your <application>{1}hdb,cn=config</application> database "
14245
14240
"include /etc/ldap/schema/pmi.schema\n"
14248
#: serverguide/C/network-auth.xml:662(para)
14243
#: serverguide/C/network-auth.xml:669(para)
14249
14244
msgid "Create the output directory <filename>ldif_output</filename>."
14252
#: serverguide/C/network-auth.xml:668(para) serverguide/C/network-auth.xml:2317(para)
14247
#: serverguide/C/network-auth.xml:675(para) serverguide/C/network-auth.xml:2324(para)
14253
14248
msgid "Determine the index of the schema:"
14256
#: serverguide/C/network-auth.xml:673(command)
14251
#: serverguide/C/network-auth.xml:680(command)
14258
14253
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema"
14261
#: serverguide/C/network-auth.xml:674(computeroutput)
14256
#: serverguide/C/network-auth.xml:681(computeroutput)
14265
14260
"cn={1}corba,cn=schema,cn=config\n"
14268
#: serverguide/C/network-auth.xml:685(para)
14263
#: serverguide/C/network-auth.xml:687(para)
14270
14265
"When slapd ingests objects with the same parent DN it will create an "
14271
14266
"<emphasis>index</emphasis> for that object. An index is contained within "
14272
14267
"braces: <application>{X}</application>."
14275
#: serverguide/C/network-auth.xml:689(para)
14270
#: serverguide/C/network-auth.xml:696(para)
14276
14271
msgid "Use <application>slapcat</application> to perform the conversion:"
14279
#: serverguide/C/network-auth.xml:694(command)
14274
#: serverguide/C/network-auth.xml:701(command)
14281
14276
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
14282
14277
"ldap:///cn={1}corba,cn=schema,cn=config -l cn=corba.ldif"
14285
#: serverguide/C/network-auth.xml:698(para)
14280
#: serverguide/C/network-auth.xml:705(para)
14286
14281
msgid "The converted schema is now in <filename>cn=corba.ldif</filename>"
14289
#: serverguide/C/network-auth.xml:704(para)
14284
#: serverguide/C/network-auth.xml:711(para)
14291
14286
"Edit <filename>cn=corba.ldif</filename> to arrive at the following "
14292
14287
"attributes:"
14295
#: serverguide/C/network-auth.xml:708(programlisting)
14290
#: serverguide/C/network-auth.xml:715(programlisting)
14575
14570
"/var/lib/ldap/** rwk,\n"
14578
#: serverguide/C/network-auth.xml:957(para)
14573
#: serverguide/C/network-auth.xml:964(para)
14580
14575
"Create a directory, set up a databse config file, and reload the apparmor "
14584
#: serverguide/C/network-auth.xml:962(command)
14579
#: serverguide/C/network-auth.xml:969(command)
14585
14580
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14586
14581
msgstr "sudo -u openldap mkdir /var/lib/ldap/accesslog"
14588
#: serverguide/C/network-auth.xml:963(command)
14583
#: serverguide/C/network-auth.xml:970(command)
14589
14584
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog"
14592
#: serverguide/C/network-auth.xml:970(para)
14587
#: serverguide/C/network-auth.xml:977(para)
14594
14589
"Add the new content and, due to the apparmor change, restart the daemon:"
14597
#: serverguide/C/network-auth.xml:975(command)
14592
#: serverguide/C/network-auth.xml:982(command)
14598
14593
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
14601
#: serverguide/C/network-auth.xml:976(command) serverguide/C/network-auth.xml:1498(command) serverguide/C/network-auth.xml:1683(command) serverguide/C/network-auth.xml:3912(command)
14596
#: serverguide/C/network-auth.xml:983(command) serverguide/C/network-auth.xml:1505(command) serverguide/C/network-auth.xml:1690(command) serverguide/C/network-auth.xml:3911(command)
14602
14597
msgid "sudo service slapd restart"
14605
#: serverguide/C/network-auth.xml:983(para)
14600
#: serverguide/C/network-auth.xml:990(para)
14606
14601
msgid "The Provider is now configured."
14609
#: serverguide/C/network-auth.xml:990(title)
14604
#: serverguide/C/network-auth.xml:997(title)
14610
14605
msgid "Consumer Configuration"
14613
#: serverguide/C/network-auth.xml:992(para)
14608
#: serverguide/C/network-auth.xml:999(para)
14614
14609
msgid "And now configure the <emphasis>Consumer</emphasis>."
14617
#: serverguide/C/network-auth.xml:999(para)
14612
#: serverguide/C/network-auth.xml:1006(para)
14619
14614
"Install the software by going through <xref linkend=\"openldap-server-"
14620
14615
"installation\"/>. Make sure the slapd-config databse is identical to the "
14655
14650
"olcUpdateRef: ldap://ldap01.example.com\n"
14658
#: serverguide/C/network-auth.xml:1031(para)
14653
#: serverguide/C/network-auth.xml:1038(para)
14659
14654
msgid "Ensure the following attributes have the correct values:"
14662
#: serverguide/C/network-auth.xml:1036(para)
14657
#: serverguide/C/network-auth.xml:1043(para)
14664
14659
"<emphasis>provider</emphasis> (Provider server's hostname -- "
14665
14660
"ldap01.example.com in this example -- or IP address)"
14668
#: serverguide/C/network-auth.xml:1037(para)
14663
#: serverguide/C/network-auth.xml:1044(para)
14669
14664
msgid "<emphasis>binddn</emphasis> (the admin DN you're using)"
14672
#: serverguide/C/network-auth.xml:1038(para)
14667
#: serverguide/C/network-auth.xml:1045(para)
14673
14668
msgid "<emphasis>credentials</emphasis> (the admin DN password you're using)"
14676
#: serverguide/C/network-auth.xml:1039(para)
14671
#: serverguide/C/network-auth.xml:1046(para)
14677
14672
msgid "<emphasis>searchbase</emphasis> (the database suffix you're using)"
14680
#: serverguide/C/network-auth.xml:1040(para)
14675
#: serverguide/C/network-auth.xml:1047(para)
14682
14677
"<emphasis>olcUpdateRef</emphasis> (Provider server's hostname or IP address)"
14685
#: serverguide/C/network-auth.xml:1041(para)
14680
#: serverguide/C/network-auth.xml:1048(para)
14687
14682
"<emphasis>rid</emphasis> (Replica ID, an unique 3-digit that identifies the "
14688
14683
"replica. Each consumer should have at least one rid)"
14691
#: serverguide/C/network-auth.xml:1050(para)
14686
#: serverguide/C/network-auth.xml:1057(para)
14692
14687
msgid "Add the new content:"
14695
#: serverguide/C/network-auth.xml:1055(command)
14690
#: serverguide/C/network-auth.xml:1062(command)
14696
14691
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
14699
#: serverguide/C/network-auth.xml:1062(para)
14694
#: serverguide/C/network-auth.xml:1069(para)
14701
14696
"You're done. The two databases (suffix: dc=example,dc=com) should now be "
14702
14697
"synchronizing."
14705
#: serverguide/C/network-auth.xml:1071(para)
14700
#: serverguide/C/network-auth.xml:1078(para)
14706
14701
msgid "Once replication starts, you can monitor it by running"
14709
#: serverguide/C/network-auth.xml:1081(command)
14704
#: serverguide/C/network-auth.xml:1083(command)
14711
14706
"ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=example,dc=com "
14715
#: serverguide/C/network-auth.xml:1077(computeroutput)
14710
#: serverguide/C/network-auth.xml:1084(computeroutput)
15055
15050
"cert_signing_key\n"
15058
#: serverguide/C/network-auth.xml:1370(para)
15053
#: serverguide/C/network-auth.xml:1377(para)
15059
15054
msgid "Create the self-signed CA certificate:"
15062
#: serverguide/C/network-auth.xml:1375(command)
15057
#: serverguide/C/network-auth.xml:1382(command)
15064
15059
"sudo certtool --generate-self-signed \\ --load-privkey "
15065
15060
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info \\ --outfile "
15066
15061
"/etc/ssl/certs/cacert.pem"
15069
#: serverguide/C/network-auth.xml:1384(para)
15064
#: serverguide/C/network-auth.xml:1391(para)
15070
15065
msgid "Make a private key for the server:"
15071
15066
msgstr "Ustvarite zasebni ključ strežnika:"
15073
#: serverguide/C/network-auth.xml:1389(command)
15068
#: serverguide/C/network-auth.xml:1396(command)
15075
15070
"sudo certtool --generate-privkey \\ --bits 1024 \\ --outfile "
15076
15071
"/etc/ssl/private/ldap01_slapd_key.pem"
15079
#: serverguide/C/network-auth.xml:1395(para)
15074
#: serverguide/C/network-auth.xml:1402(para)
15081
15076
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
15082
15077
"hostname. Naming the certificate and key for the host and service that will "
15083
15078
"be using them will help keep things clear."
15086
#: serverguide/C/network-auth.xml:1404(para)
15081
#: serverguide/C/network-auth.xml:1411(para)
15088
15083
"Create the <filename>/etc/ssl/ldap01.info</filename> info file containing:"
15091
#: serverguide/C/network-auth.xml:1408(programlisting)
15086
#: serverguide/C/network-auth.xml:1415(programlisting)
15172
15167
"over TCP port 636."
15175
#: serverguide/C/network-auth.xml:1482(para)
15170
#: serverguide/C/network-auth.xml:1489(para)
15176
15171
msgid "Tighten up ownership and permissions:"
15179
#: serverguide/C/network-auth.xml:1487(command) serverguide/C/network-auth.xml:1604(command)
15174
#: serverguide/C/network-auth.xml:1494(command) serverguide/C/network-auth.xml:1611(command)
15180
15175
msgid "sudo adduser openldap ssl-cert"
15181
15176
msgstr "sudo adduser openldap ssl-cert"
15183
#: serverguide/C/network-auth.xml:1488(command)
15178
#: serverguide/C/network-auth.xml:1495(command)
15184
15179
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
15187
#: serverguide/C/network-auth.xml:1489(command)
15182
#: serverguide/C/network-auth.xml:1496(command)
15188
15183
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
15191
#: serverguide/C/network-auth.xml:1490(command)
15186
#: serverguide/C/network-auth.xml:1497(command)
15192
15187
msgid "sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem"
15195
#: serverguide/C/network-auth.xml:1493(para)
15190
#: serverguide/C/network-auth.xml:1500(para)
15196
15191
msgid "Restart OpenLDAP:"
15199
#: serverguide/C/network-auth.xml:1501(para)
15194
#: serverguide/C/network-auth.xml:1508(para)
15201
15196
"Check your host's logs (/var/log/syslog) to see if the server has started "
15205
#: serverguide/C/network-auth.xml:1508(title)
15200
#: serverguide/C/network-auth.xml:1515(title)
15206
15201
msgid "Replication and TLS"
15209
#: serverguide/C/network-auth.xml:1510(para)
15204
#: serverguide/C/network-auth.xml:1517(para)
15211
15206
"If you have set up replication between servers, it is common practice to "
15212
15207
"encrypt (StartTLS) the replication traffic to prevent evesdropping. This is "
15288
15283
"ldap02_slapd_cert.pem"
15291
#: serverguide/C/network-auth.xml:1574(para)
15286
#: serverguide/C/network-auth.xml:1581(para)
15292
15287
msgid "Get a copy of the CA certificate:"
15295
#: serverguide/C/network-auth.xml:1579(command)
15290
#: serverguide/C/network-auth.xml:1586(command)
15296
15291
msgid "cp /etc/ssl/certs/cacert.pem ."
15297
15292
msgstr "cp /etc/ssl/certs/cacert.pem ."
15299
#: serverguide/C/network-auth.xml:1582(para)
15294
#: serverguide/C/network-auth.xml:1589(para)
15301
15296
"We're done. Now transfer the <filename>ldap02-ssl</filename> directory to "
15302
15297
"the Consumer. Here we use scp (adjust accordingly):"
15305
#: serverguide/C/network-auth.xml:1587(command)
15300
#: serverguide/C/network-auth.xml:1594(command)
15306
15301
msgid "cd .."
15309
#: serverguide/C/network-auth.xml:1588(command)
15304
#: serverguide/C/network-auth.xml:1595(command)
15310
15305
msgid "scp -r ldap02-ssl user@consumer:"
15313
#: serverguide/C/network-auth.xml:1594(para) serverguide/C/network-auth.xml:1642(para)
15308
#: serverguide/C/network-auth.xml:1601(para) serverguide/C/network-auth.xml:1649(para)
15314
15309
msgid "On the Consumer,"
15317
#: serverguide/C/network-auth.xml:1598(para)
15312
#: serverguide/C/network-auth.xml:1605(para)
15318
15313
msgid "Configure TLS authentication:"
15321
#: serverguide/C/network-auth.xml:1603(command)
15316
#: serverguide/C/network-auth.xml:1610(command)
15322
15317
msgid "sudo apt-get install ssl-cert"
15325
#: serverguide/C/network-auth.xml:1605(command)
15320
#: serverguide/C/network-auth.xml:1612(command)
15326
15321
msgid "sudo cp ldap02_slapd_cert.pem cacert.pem /etc/ssl/certs"
15329
#: serverguide/C/network-auth.xml:1606(command)
15324
#: serverguide/C/network-auth.xml:1613(command)
15330
15325
msgid "sudo cp ldap02_slapd_key.pem /etc/ssl/private"
15333
#: serverguide/C/network-auth.xml:1607(command)
15328
#: serverguide/C/network-auth.xml:1614(command)
15334
15329
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap02_slapd_key.pem"
15337
#: serverguide/C/network-auth.xml:1608(command)
15332
#: serverguide/C/network-auth.xml:1615(command)
15338
15333
msgid "sudo chmod g+r /etc/ssl/private/ldap02_slapd_key.pem"
15341
#: serverguide/C/network-auth.xml:1609(command)
15336
#: serverguide/C/network-auth.xml:1616(command)
15342
15337
msgid "sudo chmod o-r /etc/ssl/private/ldap02_slapd_key.pem"
15345
#: serverguide/C/network-auth.xml:1612(para)
15340
#: serverguide/C/network-auth.xml:1619(para)
15347
15342
"Create the file <filename>/etc/ssl/certinfo.ldif</filename> with the "
15348
15343
"following contents (adjust accordingly):"
15351
#: serverguide/C/network-auth.xml:1616(programlisting)
15346
#: serverguide/C/network-auth.xml:1623(programlisting)
15463
15458
"assist you in the configuration step. Install this package now:"
15466
#: serverguide/C/network-auth.xml:1725(command)
15461
#: serverguide/C/network-auth.xml:1732(command)
15467
15462
msgid "sudo apt-get install libnss-ldap"
15468
15463
msgstr "sudo apt-get install libnss-ldap"
15470
#: serverguide/C/network-auth.xml:1728(para)
15465
#: serverguide/C/network-auth.xml:1735(para)
15472
15467
"You will be prompted for details of your LDAP server. If you make a mistake "
15473
15468
"you can try again using:"
15476
#: serverguide/C/network-auth.xml:1733(command)
15471
#: serverguide/C/network-auth.xml:1740(command)
15477
15472
msgid "sudo dpkg-reconfigure ldap-auth-config"
15478
15473
msgstr "sudo dpkg-reconfigure ldap-auth-config"
15480
#: serverguide/C/network-auth.xml:1736(para)
15475
#: serverguide/C/network-auth.xml:1743(para)
15482
15477
"The results of the dialog can be seen in "
15483
15478
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
15484
15479
"covered in the menu edit this file accordingly."
15487
#: serverguide/C/network-auth.xml:1741(para)
15482
#: serverguide/C/network-auth.xml:1748(para)
15488
15483
msgid "Now configure the LDAP profile for NSS:"
15491
#: serverguide/C/network-auth.xml:1746(command)
15486
#: serverguide/C/network-auth.xml:1753(command)
15492
15487
msgid "sudo auth-client-config -t nss -p lac_ldap"
15493
15488
msgstr "sudo auth-client-config -t nss -p lac_ldap"
15495
#: serverguide/C/network-auth.xml:1749(para)
15490
#: serverguide/C/network-auth.xml:1756(para)
15496
15491
msgid "Configure the system to use LDAP for authentication:"
15499
#: serverguide/C/network-auth.xml:1754(command)
15494
#: serverguide/C/network-auth.xml:1761(command)
15500
15495
msgid "sudo pam-auth-update"
15501
15496
msgstr "sudo pam-auth-update"
15503
#: serverguide/C/network-auth.xml:1757(para)
15498
#: serverguide/C/network-auth.xml:1764(para)
15505
15500
"From the menu, choose LDAP and any other authentication mechanisms you need."
15508
#: serverguide/C/network-auth.xml:1761(para)
15503
#: serverguide/C/network-auth.xml:1768(para)
15509
15504
msgid "You should now be able to log in using LDAP-based credentials."
15512
#: serverguide/C/network-auth.xml:1765(para)
15507
#: serverguide/C/network-auth.xml:1772(para)
15514
15509
"LDAP clients will need to refer to multiple servers if replication is in "
15515
15510
"use. In <filename>/etc/ldap.conf</filename> you would have something like:"
15518
#: serverguide/C/network-auth.xml:1770(programlisting)
15513
#: serverguide/C/network-auth.xml:1777(programlisting)
15522
15517
"uri ldap://ldap01.example.com ldap://ldap02.example.com\n"
15525
#: serverguide/C/network-auth.xml:1774(para)
15520
#: serverguide/C/network-auth.xml:1781(para)
15527
15522
"The request will time out and the Consumer (ldap02) will attempt to be "
15528
15523
"reached if the Provider (ldap01) becomes unresponsive."
15531
#: serverguide/C/network-auth.xml:1778(para)
15526
#: serverguide/C/network-auth.xml:1785(para)
15533
15528
"If you are going to use LDAP to store Samba users you will need to configure "
15534
15529
"the Samba server to authenticate using LDAP. See <xref linkend=\"samba-"
15535
15530
"ldap\"/> for details."
15538
#: serverguide/C/network-auth.xml:1784(para)
15533
#: serverguide/C/network-auth.xml:1791(para)
15540
15535
"An alternative to the <application>libnss-ldap</application> package is the "
15541
15536
"<application>libnss-ldapd</application> package. This, however, will bring "
15586
15581
"MIDSTART=10000\n"
15589
#: serverguide/C/network-auth.xml:1827(para)
15584
#: serverguide/C/network-auth.xml:1834(para)
15591
15586
"Now, create the <filename>ldapscripts.passwd</filename> file to allow rootDN "
15592
15587
"access to the directory:"
15595
#: serverguide/C/network-auth.xml:1832(command)
15590
#: serverguide/C/network-auth.xml:1839(command)
15597
15592
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
15600
#: serverguide/C/network-auth.xml:1833(command)
15595
#: serverguide/C/network-auth.xml:1840(command)
15601
15596
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15602
15597
msgstr "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
15604
#: serverguide/C/network-auth.xml:1837(para)
15599
#: serverguide/C/network-auth.xml:1844(para)
15606
15601
"Replace <quote>secret</quote> with the actual password for your database's "
15607
15602
"rootDN user."
15610
#: serverguide/C/network-auth.xml:1842(para)
15605
#: serverguide/C/network-auth.xml:1849(para)
15612
15607
"The scripts are now ready to help manage your directory. Here are some "
15613
15608
"examples of how to use them:"
15616
#: serverguide/C/network-auth.xml:1849(para)
15611
#: serverguide/C/network-auth.xml:1856(para)
15617
15612
msgid "Create a new user:"
15618
15613
msgstr "Ustvarite novega uporabnika"
15620
#: serverguide/C/network-auth.xml:1854(command)
15615
#: serverguide/C/network-auth.xml:1861(command)
15621
15616
msgid "sudo ldapadduser george example"
15622
15617
msgstr "sudo ldapadduser gregor primer"
15624
#: serverguide/C/network-auth.xml:1857(para)
15619
#: serverguide/C/network-auth.xml:1864(para)
15626
15621
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
15627
15622
"and set the user's primary group (gid) to <emphasis "
15628
15623
"role=\"italic\">example</emphasis>"
15631
#: serverguide/C/network-auth.xml:1864(para)
15626
#: serverguide/C/network-auth.xml:1871(para)
15632
15627
msgid "Change a user's password:"
15633
15628
msgstr "Spremenite geslo uporabnika:"
15635
#: serverguide/C/network-auth.xml:1869(command)
15630
#: serverguide/C/network-auth.xml:1876(command)
15636
15631
msgid "sudo ldapsetpasswd george"
15637
15632
msgstr "sudo ldapsetpasswd gregor"
15639
#: serverguide/C/network-auth.xml:1870(computeroutput)
15634
#: serverguide/C/network-auth.xml:1877(computeroutput)
15641
15636
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
15644
#: serverguide/C/network-auth.xml:1871(userinput)
15639
#: serverguide/C/network-auth.xml:1878(userinput)
15646
15641
msgid "New Password: "
15647
15642
msgstr "Novo geslo: "
15649
#: serverguide/C/network-auth.xml:1872(userinput)
15644
#: serverguide/C/network-auth.xml:1879(userinput)
15651
15646
msgid "New Password (verify): "
15654
#: serverguide/C/network-auth.xml:1878(para)
15649
#: serverguide/C/network-auth.xml:1885(para)
15655
15650
msgid "Delete a user:"
15656
15651
msgstr "Izbrišite uporabnika:"
15658
#: serverguide/C/network-auth.xml:1883(command)
15653
#: serverguide/C/network-auth.xml:1890(command)
15659
15654
msgid "sudo ldapdeleteuser george"
15660
15655
msgstr "sudo ldapdeleteuser gregor"
15662
#: serverguide/C/network-auth.xml:1889(para)
15657
#: serverguide/C/network-auth.xml:1896(para)
15663
15658
msgid "Add a group:"
15664
15659
msgstr "Dodajte skupino:"
15666
#: serverguide/C/network-auth.xml:1894(command)
15661
#: serverguide/C/network-auth.xml:1901(command)
15667
15662
msgid "sudo ldapaddgroup qa"
15668
15663
msgstr "sudo ldapaddgroup qa"
15670
#: serverguide/C/network-auth.xml:1900(para)
15665
#: serverguide/C/network-auth.xml:1907(para)
15671
15666
msgid "Delete a group:"
15672
15667
msgstr "Odstranite skupino:"
15674
#: serverguide/C/network-auth.xml:1905(command)
15669
#: serverguide/C/network-auth.xml:1912(command)
15675
15670
msgid "sudo ldapdeletegroup qa"
15676
15671
msgstr "sudo ldapdeletegroup qa"
15678
#: serverguide/C/network-auth.xml:1911(para)
15673
#: serverguide/C/network-auth.xml:1918(para)
15679
15674
msgid "Add a user to a group:"
15680
15675
msgstr "Dodajte uporabnika skupini:"
15682
#: serverguide/C/network-auth.xml:1916(command)
15677
#: serverguide/C/network-auth.xml:1923(command)
15683
15678
msgid "sudo ldapaddusertogroup george qa"
15684
15679
msgstr "sudo ldapaddusertogroup gregor qa"
15686
#: serverguide/C/network-auth.xml:1919(para)
15681
#: serverguide/C/network-auth.xml:1926(para)
15688
15683
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
15689
15684
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
15690
15685
"role=\"italic\">george</emphasis>."
15693
#: serverguide/C/network-auth.xml:1926(para)
15688
#: serverguide/C/network-auth.xml:1933(para)
15694
15689
msgid "Remove a user from a group:"
15695
15690
msgstr "Odstranite uporabnika iz skupine:"
15697
#: serverguide/C/network-auth.xml:1931(command)
15692
#: serverguide/C/network-auth.xml:1938(command)
15698
15693
msgid "sudo ldapdeleteuserfromgroup george qa"
15699
15694
msgstr "sudo ldapdeleteuserfromgroup gregor qa"
15701
#: serverguide/C/network-auth.xml:1934(para)
15696
#: serverguide/C/network-auth.xml:1941(para)
15703
15698
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
15704
15699
"<emphasis role=\"italic\">qa</emphasis> group."
15707
#: serverguide/C/network-auth.xml:1941(para)
15702
#: serverguide/C/network-auth.xml:1948(para)
15709
15704
"The <application>ldapmodifyuser</application> script allows you to add, "
15710
15705
"remove, or replace a user's attributes. The script uses the same syntax as "
15711
15706
"the <application>ldapmodify</application> utility. For example:"
15714
#: serverguide/C/network-auth.xml:1947(command)
15709
#: serverguide/C/network-auth.xml:1954(command)
15715
15710
msgid "sudo ldapmodifyuser george"
15716
15711
msgstr "sudo ldapmodifyuser gregor"
15718
#: serverguide/C/network-auth.xml:1948(computeroutput)
15713
#: serverguide/C/network-auth.xml:1955(computeroutput)
15721
15716
"# About to modify the following entry :\n"
15804
15799
"title: Employee\n"
15807
#: serverguide/C/network-auth.xml:2016(para)
15802
#: serverguide/C/network-auth.xml:2023(para)
15809
15804
"Notice the <emphasis><ask></emphasis> option used for the "
15810
15805
"<emphasis>sn</emphasis> attribute. This will make "
15811
15806
"<application>ldapadduser</application> prompt you for its value."
15814
#: serverguide/C/network-auth.xml:2024(para)
15809
#: serverguide/C/network-auth.xml:2031(para)
15816
15811
"There are utilities in the package that were not covered here. Here is a "
15817
15812
"complete list:"
15820
#: serverguide/C/network-auth.xml:2029(ulink)
15815
#: serverguide/C/network-auth.xml:2036(ulink)
15821
15816
msgid "ldaprenamemachine"
15824
#: serverguide/C/network-auth.xml:2030(ulink)
15819
#: serverguide/C/network-auth.xml:2037(ulink)
15825
15820
msgid "ldapadduser"
15828
#: serverguide/C/network-auth.xml:2031(ulink)
15823
#: serverguide/C/network-auth.xml:2038(ulink)
15829
15824
msgid "ldapdeleteuserfromgroup"
15832
#: serverguide/C/network-auth.xml:2032(ulink)
15827
#: serverguide/C/network-auth.xml:2039(ulink)
15833
15828
msgid "ldapfinger"
15836
#: serverguide/C/network-auth.xml:2033(ulink)
15831
#: serverguide/C/network-auth.xml:2040(ulink)
15837
15832
msgid "ldapid"
15840
#: serverguide/C/network-auth.xml:2034(ulink)
15835
#: serverguide/C/network-auth.xml:2041(ulink)
15841
15836
msgid "ldapgid"
15844
#: serverguide/C/network-auth.xml:2035(ulink)
15839
#: serverguide/C/network-auth.xml:2042(ulink)
15845
15840
msgid "ldapmodifyuser"
15848
#: serverguide/C/network-auth.xml:2036(ulink)
15843
#: serverguide/C/network-auth.xml:2043(ulink)
15849
15844
msgid "ldaprenameuser"
15852
#: serverguide/C/network-auth.xml:2037(ulink)
15847
#: serverguide/C/network-auth.xml:2044(ulink)
15853
15848
msgid "lsldap"
15856
#: serverguide/C/network-auth.xml:2038(ulink)
15851
#: serverguide/C/network-auth.xml:2045(ulink)
15857
15852
msgid "ldapaddusertogroup"
15860
#: serverguide/C/network-auth.xml:2039(ulink)
15855
#: serverguide/C/network-auth.xml:2046(ulink)
15861
15856
msgid "ldapsetpasswd"
15864
#: serverguide/C/network-auth.xml:2040(ulink)
15859
#: serverguide/C/network-auth.xml:2047(ulink)
15865
15860
msgid "ldapinit"
15868
#: serverguide/C/network-auth.xml:2041(ulink)
15863
#: serverguide/C/network-auth.xml:2048(ulink)
15869
15864
msgid "ldapaddgroup"
15872
#: serverguide/C/network-auth.xml:2042(ulink)
15867
#: serverguide/C/network-auth.xml:2049(ulink)
15873
15868
msgid "ldapdeletegroup"
15876
#: serverguide/C/network-auth.xml:2043(ulink)
15871
#: serverguide/C/network-auth.xml:2050(ulink)
15877
15872
msgid "ldapmodifygroup"
15880
#: serverguide/C/network-auth.xml:2044(ulink)
15875
#: serverguide/C/network-auth.xml:2051(ulink)
15881
15876
msgid "ldapdeletemachine"
15884
#: serverguide/C/network-auth.xml:2045(ulink)
15879
#: serverguide/C/network-auth.xml:2052(ulink)
15885
15880
msgid "ldaprenamegroup"
15888
#: serverguide/C/network-auth.xml:2046(ulink)
15883
#: serverguide/C/network-auth.xml:2053(ulink)
15889
15884
msgid "ldapaddmachine"
15892
#: serverguide/C/network-auth.xml:2047(ulink)
15887
#: serverguide/C/network-auth.xml:2054(ulink)
15893
15888
msgid "ldapmodifymachine"
15896
#: serverguide/C/network-auth.xml:2048(ulink)
15891
#: serverguide/C/network-auth.xml:2055(ulink)
15897
15892
msgid "ldapsetprimarygroup"
15900
#: serverguide/C/network-auth.xml:2049(ulink)
15895
#: serverguide/C/network-auth.xml:2056(ulink)
15901
15896
msgid "ldapdeleteuser"
15904
#: serverguide/C/network-auth.xml:2055(title)
15899
#: serverguide/C/network-auth.xml:2062(title)
15905
15900
msgid "Backup and Restore"
15908
#: serverguide/C/network-auth.xml:2057(para)
15903
#: serverguide/C/network-auth.xml:2064(para)
15910
15905
"Now we have ldap running just the way we want, it is time to ensure we can "
15911
15906
"save all of our work and restore it as needed."
15914
#: serverguide/C/network-auth.xml:2062(para)
15909
#: serverguide/C/network-auth.xml:2069(para)
15916
15911
"What we need is a way to backup the ldap database(s), specifically the "
15917
15912
"backend (cn=config) and frontend (dc=example,dc=com). If we are going to "
15962
15957
"45 22 * * * root /usr/local/bin/ldapbackup\n"
15965
#: serverguide/C/network-auth.xml:2109(para)
15960
#: serverguide/C/network-auth.xml:2116(para)
15966
15961
msgid "Now the files are created, they should be copied to a backup server."
15969
#: serverguide/C/network-auth.xml:2114(para)
15964
#: serverguide/C/network-auth.xml:2121(para)
15971
15966
"Assuming we did a fresh reinstall of ldap, the restore process could be "
15972
15967
"something like this:"
15975
#: serverguide/C/network-auth.xml:2120(command)
15970
#: serverguide/C/network-auth.xml:2127(command)
15976
15971
msgid "sudo service slapd stop"
15979
#: serverguide/C/network-auth.xml:2121(command)
15974
#: serverguide/C/network-auth.xml:2128(command)
15980
15975
msgid "sudo mkdir /var/lib/ldap/accesslog"
15983
#: serverguide/C/network-auth.xml:2122(command)
15978
#: serverguide/C/network-auth.xml:2129(command)
15984
15979
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 0 -l /export/backup/config.ldif"
15987
#: serverguide/C/network-auth.xml:2123(command)
15982
#: serverguide/C/network-auth.xml:2130(command)
15989
15984
"sudo slapadd -F /etc/ldap/slapd.d -n 1 -l /export/backup/domain.com.ldif"
15992
#: serverguide/C/network-auth.xml:2124(command)
15987
#: serverguide/C/network-auth.xml:2131(command)
15993
15988
msgid "sudo slapadd -F /etc/ldap/slapd.d -n 2 -l /export/backup/access.ldif"
15996
#: serverguide/C/network-auth.xml:2125(command)
15991
#: serverguide/C/network-auth.xml:2132(command)
15997
15992
msgid "sudo chown -R openldap:openldap /etc/ldap/slapd.d/"
16000
#: serverguide/C/network-auth.xml:2126(command)
15995
#: serverguide/C/network-auth.xml:2133(command)
16001
15996
msgid "sudo chown -R openldap:openldap /var/lib/ldap/"
16004
#: serverguide/C/network-auth.xml:2127(command)
15999
#: serverguide/C/network-auth.xml:2134(command)
16005
16000
msgid "sudo service slapd start"
16008
#: serverguide/C/network-auth.xml:2138(para)
16003
#: serverguide/C/network-auth.xml:2145(para)
16010
16005
"The primary resource is the upstream documentation: <ulink "
16011
16006
"url=\"http://www.openldap.org/\">www.openldap.org</ulink>"
16014
#: serverguide/C/network-auth.xml:2144(para)
16009
#: serverguide/C/network-auth.xml:2151(para)
16016
16011
"There are many man pages that come with the slapd package. Here are some "
16017
16012
"important ones, especially considering the material presented in this guide:"
16020
#: serverguide/C/network-auth.xml:2150(ulink)
16015
#: serverguide/C/network-auth.xml:2157(ulink)
16021
16016
msgid "slapd"
16024
#: serverguide/C/network-auth.xml:2151(ulink)
16019
#: serverguide/C/network-auth.xml:2158(ulink)
16025
16020
msgid "slapd-config"
16028
#: serverguide/C/network-auth.xml:2152(ulink)
16023
#: serverguide/C/network-auth.xml:2159(ulink)
16029
16024
msgid "slapd.access"
16032
#: serverguide/C/network-auth.xml:2153(ulink)
16027
#: serverguide/C/network-auth.xml:2160(ulink)
16033
16028
msgid "slapo-syncprov"
16036
#: serverguide/C/network-auth.xml:2159(para)
16031
#: serverguide/C/network-auth.xml:2166(para)
16037
16032
msgid "Other man pages:"
16040
#: serverguide/C/network-auth.xml:2164(ulink)
16035
#: serverguide/C/network-auth.xml:2171(ulink)
16041
16036
msgid "auth-client-config"
16044
#: serverguide/C/network-auth.xml:2165(ulink)
16039
#: serverguide/C/network-auth.xml:2172(ulink)
16045
16040
msgid "pam-auth-update"
16048
#: serverguide/C/network-auth.xml:2171(para)
16043
#: serverguide/C/network-auth.xml:2178(para)
16050
16045
"Zytrax's <ulink url=\"http://www.zytrax.com/books/ldap/\">LDAP for Rocket "
16051
16046
"Scientists</ulink>; a less pedantic but comprehensive treatment of LDAP"
16054
#: serverguide/C/network-auth.xml:2177(para)
16049
#: serverguide/C/network-auth.xml:2184(para)
16056
16051
"A Ubuntu community <ulink "
16057
16052
"url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
16058
16053
"wiki</ulink> page has a collection of notes"
16061
#: serverguide/C/network-auth.xml:2183(para)
16056
#: serverguide/C/network-auth.xml:2190(para)
16063
16058
"O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
16064
16059
"Administration</ulink> (textbook; 2003)"
16067
#: serverguide/C/network-auth.xml:2189(para)
16062
#: serverguide/C/network-auth.xml:2196(para)
16069
16064
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
16070
16065
"Source-Linux/book\">Mastering OpenLDAP</ulink> (textbook; 2007)"
16073
#: serverguide/C/network-auth.xml:2200(title)
16068
#: serverguide/C/network-auth.xml:2207(title)
16074
16069
msgid "Samba and LDAP"
16075
16070
msgstr "Samba in LDAP"
16077
#: serverguide/C/network-auth.xml:2202(para)
16072
#: serverguide/C/network-auth.xml:2209(para)
16079
16074
"This section covers the integration of Samba with LDAP. The Samba server's "
16080
16075
"role will be that of a \"standalone\" server and the LDAP directory will "
16106
16101
"install it."
16109
#: serverguide/C/network-auth.xml:2223(para)
16104
#: serverguide/C/network-auth.xml:2230(para)
16110
16105
msgid "Install these packages now:"
16113
#: serverguide/C/network-auth.xml:2228(command)
16108
#: serverguide/C/network-auth.xml:2235(command)
16114
16109
msgid "sudo apt-get install samba samba-doc smbldap-tools"
16115
16110
msgstr "sudo apt-get install samba samba-doc smbldap-tools"
16117
#: serverguide/C/network-auth.xml:2234(title)
16112
#: serverguide/C/network-auth.xml:2241(title)
16118
16113
msgid "LDAP Configuration"
16121
#: serverguide/C/network-auth.xml:2236(para)
16116
#: serverguide/C/network-auth.xml:2243(para)
16123
16118
"We will now configure the LDAP server so that it can accomodate Samba data. "
16124
16119
"We will perform three tasks in this section:"
16127
#: serverguide/C/network-auth.xml:2243(para)
16122
#: serverguide/C/network-auth.xml:2250(para)
16128
16123
msgid "Import a schema"
16131
#: serverguide/C/network-auth.xml:2247(para)
16126
#: serverguide/C/network-auth.xml:2254(para)
16132
16127
msgid "Index some entries"
16135
#: serverguide/C/network-auth.xml:2251(para)
16130
#: serverguide/C/network-auth.xml:2258(para)
16136
16131
msgid "Add objects"
16139
#: serverguide/C/network-auth.xml:2257(title)
16134
#: serverguide/C/network-auth.xml:2264(title)
16140
16135
msgid "Samba schema"
16143
#: serverguide/C/network-auth.xml:2259(para)
16138
#: serverguide/C/network-auth.xml:2266(para)
16145
16140
"In order for OpenLDAP to be used as a backend for Samba, logically, the DIT "
16146
16141
"will need to use attributes that can properly describe Samba data. Such "
16198
16193
"include /etc/ldap/schema/samba.schema\n"
16201
#: serverguide/C/network-auth.xml:2311(para)
16196
#: serverguide/C/network-auth.xml:2318(para)
16202
16197
msgid "Have the directory <filename>ldif_output</filename> hold output."
16205
#: serverguide/C/network-auth.xml:2322(command)
16200
#: serverguide/C/network-auth.xml:2329(command)
16207
16202
"slapcat -f schema_convert.conf -F ldif_output -n 0 | grep samba,cn=schema"
16210
#: serverguide/C/network-auth.xml:2323(computeroutput)
16205
#: serverguide/C/network-auth.xml:2330(computeroutput)
16214
16209
"dn: cn={14}samba,cn=schema,cn=config\n"
16217
#: serverguide/C/network-auth.xml:2331(para)
16212
#: serverguide/C/network-auth.xml:2338(para)
16218
16213
msgid "Convert the schema to LDIF format:"
16221
#: serverguide/C/network-auth.xml:2336(command)
16216
#: serverguide/C/network-auth.xml:2343(command)
16223
16218
"slapcat -f schema_convert.conf -F ldif_output -n0 -H \\ "
16224
16219
"ldap:///cn={14}samba,cn=schema,cn=config -l cn=samba.ldif"
16227
#: serverguide/C/network-auth.xml:2343(para)
16222
#: serverguide/C/network-auth.xml:2350(para)
16229
16224
"Edit the generated <filename>cn=samba.ldif</filename> file by removing index "
16230
16225
"information to arrive at:"
16233
#: serverguide/C/network-auth.xml:2347(programlisting)
16228
#: serverguide/C/network-auth.xml:2354(programlisting)
16256
16251
"modifyTimestamp: 20080827045234Z\n"
16259
#: serverguide/C/network-auth.xml:2373(para)
16254
#: serverguide/C/network-auth.xml:2380(para)
16260
16255
msgid "Add the new schema:"
16263
#: serverguide/C/network-auth.xml:2378(command)
16258
#: serverguide/C/network-auth.xml:2385(command)
16264
16259
msgid "sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\\=samba.ldif"
16267
#: serverguide/C/network-auth.xml:2381(para)
16262
#: serverguide/C/network-auth.xml:2388(para)
16268
16263
msgid "To query and view this new schema:"
16271
#: serverguide/C/network-auth.xml:2386(command)
16266
#: serverguide/C/network-auth.xml:2393(command)
16273
16268
"sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config "
16274
16269
"'cn=*samba*'"
16277
#: serverguide/C/network-auth.xml:2396(title)
16272
#: serverguide/C/network-auth.xml:2403(title)
16278
16273
msgid "Samba indices"
16281
#: serverguide/C/network-auth.xml:2398(para)
16276
#: serverguide/C/network-auth.xml:2405(para)
16283
16278
"Now that slapd knows about the Samba attributes, we can set up some indices "
16284
16279
"based on them. Indexing entries is a way to improve performance when a "
16285
16280
"client performs a filtered search on the DIT."
16288
#: serverguide/C/network-auth.xml:2403(para)
16283
#: serverguide/C/network-auth.xml:2410(para)
16290
16285
"Create the file <filename>samba_indices.ldif</filename> with the following "
16294
#: serverguide/C/network-auth.xml:2407(programlisting)
16289
#: serverguide/C/network-auth.xml:2414(programlisting)
16348
16343
"smbldap-tools')."
16351
#: serverguide/C/network-auth.xml:2459(para)
16346
#: serverguide/C/network-auth.xml:2461(para)
16353
16348
"To manually configure the package, you need to create and edit the files "
16354
16349
"<filename>/etc/smbldap-tools/smbldap.conf</filename> and "
16355
16350
"<filename>/etc/smbldap-tools/smbldap_bind.conf</filename>."
16358
#: serverguide/C/network-auth.xml:2464(para)
16353
#: serverguide/C/network-auth.xml:2466(para)
16360
16355
"The <application>smbldap-populate</application> script will then add the "
16361
16356
"LDAP objects required for Samba. It is a good idea to first make a backup of "
16362
16357
"your DIT using <application>slapcat</application>:"
16365
#: serverguide/C/network-auth.xml:2473(command)
16360
#: serverguide/C/network-auth.xml:2472(command)
16366
16361
msgid "sudo slapcat -l backup.ldif"
16367
16362
msgstr "sudo slapcat -l backup.ldif"
16369
#: serverguide/C/network-auth.xml:2476(para)
16364
#: serverguide/C/network-auth.xml:2475(para)
16370
16365
msgid "Once you have a backup proceed to populate your directory:"
16373
#: serverguide/C/network-auth.xml:2481(command)
16368
#: serverguide/C/network-auth.xml:2480(command)
16374
16369
msgid "sudo smbldap-populate"
16375
16370
msgstr "sudo smbldap-populate"
16377
#: serverguide/C/network-auth.xml:2484(para)
16372
#: serverguide/C/network-auth.xml:2483(para)
16379
16374
"You can create a LDIF file containing the new Samba objects by executing "
16380
16375
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
16450
16445
"<application>libnss-ldap</application>):"
16453
#: serverguide/C/network-auth.xml:2553(command)
16448
#: serverguide/C/network-auth.xml:2552(command)
16454
16449
msgid "sudo smbpasswd -a username"
16455
16450
msgstr "sudo smbpasswd -a uporabniško-ime"
16457
#: serverguide/C/network-auth.xml:2556(para)
16452
#: serverguide/C/network-auth.xml:2555(para)
16459
16454
"You will prompted to enter a password. It will be considered as the new "
16460
16455
"password for that user. Making it the same as before is reasonable."
16463
#: serverguide/C/network-auth.xml:2560(para)
16458
#: serverguide/C/network-auth.xml:2559(para)
16465
16460
"To manage user, group, and machine accounts use the utilities provided by "
16466
16461
"the <application>smbldap-tools</application> package. Here are some examples:"
16469
#: serverguide/C/network-auth.xml:2568(para)
16464
#: serverguide/C/network-auth.xml:2567(para)
16470
16465
msgid "To add a new user:"
16473
#: serverguide/C/network-auth.xml:2573(command)
16468
#: serverguide/C/network-auth.xml:2572(command)
16474
16469
msgid "sudo smbldap-useradd -a -P username"
16475
16470
msgstr "sudo smbldap-useradd -a -P uporabniško-ime"
16477
#: serverguide/C/network-auth.xml:2576(para)
16472
#: serverguide/C/network-auth.xml:2575(para)
16479
16474
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
16480
16475
"<emphasis>-P</emphasis> option calls the <application>smbldap-"
16482
16477
"a password for the user."
16485
#: serverguide/C/network-auth.xml:2583(para)
16480
#: serverguide/C/network-auth.xml:2582(para)
16486
16481
msgid "To remove a user:"
16489
#: serverguide/C/network-auth.xml:2588(command)
16484
#: serverguide/C/network-auth.xml:2587(command)
16490
16485
msgid "sudo smbldap-userdel username"
16491
16486
msgstr "sudo smbldap-userdel uporabniško-ime"
16493
#: serverguide/C/network-auth.xml:2591(para)
16488
#: serverguide/C/network-auth.xml:2590(para)
16495
16490
"In the above command, use the <emphasis>-r</emphasis> option to remove the "
16496
16491
"user's home directory."
16499
#: serverguide/C/network-auth.xml:2597(para)
16494
#: serverguide/C/network-auth.xml:2596(para)
16500
16495
msgid "To add a group:"
16503
#: serverguide/C/network-auth.xml:2602(command)
16498
#: serverguide/C/network-auth.xml:2601(command)
16504
16499
msgid "sudo smbldap-groupadd -a groupname"
16505
16500
msgstr "sudo smbldap-groupadd -a ime-skupine"
16507
#: serverguide/C/network-auth.xml:2605(para)
16502
#: serverguide/C/network-auth.xml:2604(para)
16509
16504
"As for <application>smbldap-useradd</application>, the <emphasis>-"
16510
16505
"a</emphasis> adds the Samba attributes."
16513
#: serverguide/C/network-auth.xml:2611(para)
16508
#: serverguide/C/network-auth.xml:2610(para)
16514
16509
msgid "To make an existing user a member of a group:"
16517
#: serverguide/C/network-auth.xml:2616(command)
16512
#: serverguide/C/network-auth.xml:2615(command)
16518
16513
msgid "sudo smbldap-groupmod -m username groupname"
16519
16514
msgstr "sudo smbldap-groupmod -m uporabniško-ime ime-skupine"
16521
#: serverguide/C/network-auth.xml:2619(para)
16516
#: serverguide/C/network-auth.xml:2618(para)
16523
16518
"The <emphasis>-m</emphasis> option can add more than one user at a time by "
16524
16519
"listing them in comma-separated format."
16527
#: serverguide/C/network-auth.xml:2625(para)
16522
#: serverguide/C/network-auth.xml:2624(para)
16528
16523
msgid "To remove a user from a group:"
16531
#: serverguide/C/network-auth.xml:2630(command)
16526
#: serverguide/C/network-auth.xml:2629(command)
16532
16527
msgid "sudo smbldap-groupmod -x username groupname"
16533
16528
msgstr "sudo smbldap-groupmod -x uporabniško-ime ime-skupine"
16535
#: serverguide/C/network-auth.xml:2636(para)
16530
#: serverguide/C/network-auth.xml:2635(para)
16536
16531
msgid "To add a Samba machine account:"
16539
#: serverguide/C/network-auth.xml:2641(command)
16534
#: serverguide/C/network-auth.xml:2640(command)
16540
16535
msgid "sudo smbldap-useradd -t 0 -w username"
16541
16536
msgstr "sudo smbldap-useradd -t 0 -w uporabniško-ime"
16543
#: serverguide/C/network-auth.xml:2644(para)
16538
#: serverguide/C/network-auth.xml:2643(para)
16545
16540
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
16546
16541
"<emphasis>-t 0</emphasis> option creates the machine account without a "
16550
16545
"<application>smbldap-useradd</application>."
16553
#: serverguide/C/network-auth.xml:2653(para)
16548
#: serverguide/C/network-auth.xml:2652(para)
16555
16550
"There are utilities in the <application>smbldap-tools</application> package "
16556
16551
"that were not covered here. Here is a complete list:"
16554
#: serverguide/C/network-auth.xml:2657(ulink)
16555
msgid "smbldap-groupadd"
16559
16558
#: serverguide/C/network-auth.xml:2658(ulink)
16560
msgid "smbldap-groupadd"
16559
msgid "smbldap-groupdel"
16563
16562
#: serverguide/C/network-auth.xml:2659(ulink)
16564
msgid "smbldap-groupdel"
16563
msgid "smbldap-groupmod"
16567
16566
#: serverguide/C/network-auth.xml:2660(ulink)
16568
msgid "smbldap-groupmod"
16567
msgid "smbldap-groupshow"
16571
16570
#: serverguide/C/network-auth.xml:2661(ulink)
16572
msgid "smbldap-groupshow"
16571
msgid "smbldap-passwd"
16575
16574
#: serverguide/C/network-auth.xml:2662(ulink)
16576
msgid "smbldap-passwd"
16575
msgid "smbldap-populate"
16579
16578
#: serverguide/C/network-auth.xml:2663(ulink)
16580
msgid "smbldap-populate"
16579
msgid "smbldap-useradd"
16583
16582
#: serverguide/C/network-auth.xml:2664(ulink)
16584
msgid "smbldap-useradd"
16583
msgid "smbldap-userdel"
16587
16586
#: serverguide/C/network-auth.xml:2665(ulink)
16588
msgid "smbldap-userdel"
16587
msgid "smbldap-userinfo"
16591
16590
#: serverguide/C/network-auth.xml:2666(ulink)
16592
msgid "smbldap-userinfo"
16591
msgid "smbldap-userlist"
16595
16594
#: serverguide/C/network-auth.xml:2667(ulink)
16596
msgid "smbldap-userlist"
16595
msgid "smbldap-usermod"
16599
16598
#: serverguide/C/network-auth.xml:2668(ulink)
16600
msgid "smbldap-usermod"
16603
#: serverguide/C/network-auth.xml:2669(ulink)
16604
16599
msgid "smbldap-usershow"
16607
#: serverguide/C/network-auth.xml:2677(para)
16602
#: serverguide/C/network-auth.xml:2679(para)
16609
16604
"For more information on installing and configuring Samba see <xref "
16610
16605
"linkend=\"samba\"/> of this Ubuntu Server Guide."
16613
#: serverguide/C/network-auth.xml:2686(para)
16608
#: serverguide/C/network-auth.xml:2685(para)
16615
16610
"There are multiple places where LDAP and Samba is documented in the upstream "
16616
16611
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba "
16617
16612
"HOWTO Collection</ulink>."
16620
#: serverguide/C/network-auth.xml:2693(para)
16615
#: serverguide/C/network-auth.xml:2692(para)
16622
16617
"Regarding the above, see specifically the <ulink "
16623
16618
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
16624
16619
"Collection/passdb.html\">passdb section</ulink>."
16627
#: serverguide/C/network-auth.xml:2699(para)
16622
#: serverguide/C/network-auth.xml:2698(para)
16629
16624
"Although dated (2007), the <ulink url=\"http://download.gna.org/smbldap-"
16630
16625
"tools/docs/samba-ldap-howto/\">Linux Samba-OpenLDAP HOWTO</ulink> contains "
16631
16626
"valuable notes."
16634
#: serverguide/C/network-auth.xml:2705(para)
16629
#: serverguide/C/network-auth.xml:2704(para)
16636
16631
"The main page of the <ulink "
16637
16632
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Samba Ubuntu "
16652
16647
"network environment one step closer to being Single Sign On (SSO)."
16655
#: serverguide/C/network-auth.xml:2726(para)
16650
#: serverguide/C/network-auth.xml:2725(para)
16657
16652
"This section covers installation and configuration of a Kerberos server, and "
16658
16653
"some example client configurations."
16661
#: serverguide/C/virtualization.xml:1099(title) serverguide/C/virtualization.xml:2132(title) serverguide/C/network-auth.xml:2731(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:903(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/backups.xml:545(title)
16656
#: serverguide/C/network-auth.xml:2730(title) serverguide/C/monitoring.xml:13(title) serverguide/C/lamp-applications.xml:15(title) serverguide/C/installation.xml:910(title) serverguide/C/dns.xml:62(title) serverguide/C/dm-multipath.xml:135(title) serverguide/C/chat.xml:15(title) serverguide/C/cgroups.xml:38(title) serverguide/C/backups.xml:551(title)
16662
16657
msgid "Overview"
16663
16658
msgstr "Pregled"
16665
#: serverguide/C/network-auth.xml:2733(para)
16660
#: serverguide/C/network-auth.xml:2732(para)
16667
16662
"If you are new to Kerberos there are a few terms that are good to understand "
16668
16663
"before setting up a Kerberos server. Most of the terms will relate to things "
16669
16664
"you may be familiar with in other environments:"
16672
#: serverguide/C/network-auth.xml:2740(para)
16667
#: serverguide/C/network-auth.xml:2739(para)
16674
16669
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
16675
16670
"by servers need to be defined as Kerberos Principals."
16678
#: serverguide/C/network-auth.xml:2745(para)
16673
#: serverguide/C/network-auth.xml:2744(para)
16680
16675
"<emphasis>Instances:</emphasis> are used for service principals and special "
16681
16676
"administrative principals."
16684
#: serverguide/C/network-auth.xml:2750(para)
16679
#: serverguide/C/network-auth.xml:2749(para)
16686
16681
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
16687
16682
"Kerberos installation. Think of it as the domain or group your hosts and "
16736
16731
"entering another username and password."
16739
#: serverguide/C/network-auth.xml:2798(title)
16734
#: serverguide/C/network-auth.xml:2797(title)
16740
16735
msgid "Kerberos Server"
16741
16736
msgstr "Strežnik Kerberos"
16743
#: serverguide/C/network-auth.xml:2802(para)
16738
#: serverguide/C/network-auth.xml:2801(para)
16745
16740
"For this discussion, we will create a MIT Kerberos domain with the following "
16746
16741
"features (edit them to fit your needs):"
16749
#: serverguide/C/network-auth.xml:2809(para)
16744
#: serverguide/C/network-auth.xml:2808(para)
16750
16745
msgid "<emphasis>Realm:</emphasis> EXAMPLE.COM"
16753
#: serverguide/C/network-auth.xml:2814(para)
16748
#: serverguide/C/network-auth.xml:2813(para)
16754
16749
msgid "<emphasis>Primary KDC:</emphasis> kdc01.example.com (192.168.0.1)"
16757
#: serverguide/C/network-auth.xml:2819(para)
16752
#: serverguide/C/network-auth.xml:2818(para)
16758
16753
msgid "<emphasis>Secondary KDC:</emphasis> kdc02.example.com (192.168.0.2)"
16761
#: serverguide/C/network-auth.xml:2824(para)
16756
#: serverguide/C/network-auth.xml:2823(para)
16762
16757
msgid "<emphasis>User principal:</emphasis> steve"
16765
#: serverguide/C/network-auth.xml:2829(para)
16760
#: serverguide/C/network-auth.xml:2828(para)
16766
16761
msgid "<emphasis>Admin principal:</emphasis> steve/admin"
16769
#: serverguide/C/network-auth.xml:2836(para)
16764
#: serverguide/C/network-auth.xml:2835(para)
16771
16766
"It is <emphasis>strongly</emphasis> recommended that your network-"
16772
16767
"authenticated users have their uid in a different range (say, starting at "
16773
16768
"5000) than that of your local users."
16776
#: serverguide/C/network-auth.xml:2842(para)
16771
#: serverguide/C/network-auth.xml:2841(para)
16778
16773
"Before installing the Kerberos server a properly configured DNS server is "
16779
16774
"needed for your domain. Since the Kerberos Realm by convention matches the "
16792
16787
"setting up NTP see <xref linkend=\"NTP\"/>."
16795
#: serverguide/C/network-auth.xml:2856(para)
16790
#: serverguide/C/network-auth.xml:2855(para)
16797
16792
"The first step in creating a Kerberos Realm is to install the "
16798
16793
"<application>krb5-kdc</application> and <application>krb5-admin-"
16799
16794
"server</application> packages. From a terminal enter:"
16802
#: serverguide/C/network-auth.xml:2862(command) serverguide/C/network-auth.xml:3069(command)
16797
#: serverguide/C/network-auth.xml:2861(command) serverguide/C/network-auth.xml:3068(command)
16803
16798
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
16806
#: serverguide/C/network-auth.xml:2865(para)
16801
#: serverguide/C/network-auth.xml:2864(para)
16808
16803
"You will be asked at the end of the install to supply the hostname for the "
16809
16804
"Kerberos and Admin servers, which may or may not be the same server, for the "
16813
#: serverguide/C/network-auth.xml:2872(para)
16808
#: serverguide/C/network-auth.xml:2871(para)
16814
16809
msgid "By default the realm is created from the KDC's domain name."
16817
#: serverguide/C/network-auth.xml:2877(para)
16812
#: serverguide/C/network-auth.xml:2876(para)
16819
16814
"Next, create the new realm with the <application>kdb5_newrealm</application> "
16823
#: serverguide/C/network-auth.xml:2882(command)
16818
#: serverguide/C/network-auth.xml:2881(command)
16824
16819
msgid "sudo krb5_newrealm"
16825
16820
msgstr "sudo krb5_newrealm"
16827
#: serverguide/C/network-auth.xml:2889(para)
16822
#: serverguide/C/network-auth.xml:2888(para)
16829
16824
"The questions asked during installation are used to configure the "
16830
16825
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
16919
16914
"<emphasis>kadm5.acl</emphasis> man page for details."
16922
#: serverguide/C/network-auth.xml:2959(para)
16917
#: serverguide/C/network-auth.xml:2958(para)
16924
16919
"Now restart the <application>krb5-admin-server</application> for the new ACL "
16925
16920
"to take affect:"
16928
#: serverguide/C/network-auth.xml:2961(command)
16923
#: serverguide/C/network-auth.xml:2963(command)
16929
16924
msgid "sudo service krb5-admin-server restart"
16932
#: serverguide/C/network-auth.xml:2970(para)
16927
#: serverguide/C/network-auth.xml:2969(para)
16934
16929
"The new user principal can be tested using the <application>kinit "
16935
16930
"utility</application>:"
16938
#: serverguide/C/network-auth.xml:2975(command)
16933
#: serverguide/C/network-auth.xml:2974(command)
16939
16934
msgid "kinit steve/admin"
16942
#: serverguide/C/network-auth.xml:2976(computeroutput)
16937
#: serverguide/C/network-auth.xml:2975(computeroutput)
16944
16939
msgid "steve/admin@EXAMPLE.COM's Password:"
16947
#: serverguide/C/network-auth.xml:2979(para)
16942
#: serverguide/C/network-auth.xml:2978(para)
16949
16944
"After entering the password, use the <application>klist</application> "
16950
16945
"utility to view information about the Ticket Granting Ticket (TGT):"
16953
#: serverguide/C/network-auth.xml:2985(command) serverguide/C/network-auth.xml:3362(command)
16948
#: serverguide/C/network-auth.xml:2984(command) serverguide/C/network-auth.xml:3361(command)
16954
16949
msgid "klist"
16955
16950
msgstr "klist"
16957
#: serverguide/C/network-auth.xml:2986(computeroutput)
16952
#: serverguide/C/network-auth.xml:2985(computeroutput)
16960
16955
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
17035
17030
"of those networks."
17038
#: serverguide/C/network-auth.xml:3064(para)
17033
#: serverguide/C/network-auth.xml:3063(para)
17040
17035
"First, install the packages, and when asked for the Kerberos and Admin "
17041
17036
"server names enter the name of the Primary KDC:"
17044
#: serverguide/C/network-auth.xml:3075(para)
17039
#: serverguide/C/network-auth.xml:3074(para)
17046
17041
"Once you have the packages installed, create the Secondary KDC's host "
17047
17042
"principal. From a terminal prompt, enter:"
17050
#: serverguide/C/network-auth.xml:3080(command)
17045
#: serverguide/C/network-auth.xml:3079(command)
17051
17046
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
17054
#: serverguide/C/network-auth.xml:3084(para)
17049
#: serverguide/C/network-auth.xml:3083(para)
17056
17051
"After, issuing any <application>kadmin</application> commands you will be "
17057
17052
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
17061
#: serverguide/C/network-auth.xml:3093(para)
17056
#: serverguide/C/network-auth.xml:3092(para)
17062
17057
msgid "Extract the <emphasis>keytab</emphasis> file:"
17065
#: serverguide/C/network-auth.xml:3098(command)
17060
#: serverguide/C/network-auth.xml:3097(command)
17066
17061
msgid "kadmin -q \"ktadd -norandkey -k keytab.kdc02 host/kdc02.example.com\""
17069
#: serverguide/C/network-auth.xml:3104(para)
17064
#: serverguide/C/network-auth.xml:3103(para)
17071
17066
"There should now be a <filename>keytab.kdc02</filename> in the current "
17072
17067
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
17075
#: serverguide/C/network-auth.xml:3110(command)
17070
#: serverguide/C/network-auth.xml:3109(command)
17076
17071
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
17077
17072
msgstr "sudo mv keytab.kdc02 /etc/krb5.keytab"
17079
#: serverguide/C/network-auth.xml:3114(para)
17074
#: serverguide/C/network-auth.xml:3113(para)
17081
17076
"If the path to the <filename>keytab.kdc02</filename> file is different "
17082
17077
"adjust accordingly."
17085
#: serverguide/C/network-auth.xml:3119(para)
17080
#: serverguide/C/network-auth.xml:3118(para)
17087
17082
"Also, you can list the principals in a Keytab file, which can be useful when "
17088
17083
"troubleshooting, using the <application>klist</application> utility:"
17091
#: serverguide/C/network-auth.xml:3125(command)
17086
#: serverguide/C/network-auth.xml:3124(command)
17092
17087
msgid "sudo klist -k /etc/krb5.keytab"
17093
17088
msgstr "sudo klist -k /etc/krb5.keytab"
17095
#: serverguide/C/network-auth.xml:3128(para)
17090
#: serverguide/C/network-auth.xml:3127(para)
17097
17092
"The <application>-k</application> option indicates the file is a keytab file."
17100
#: serverguide/C/network-auth.xml:3135(para)
17095
#: serverguide/C/network-auth.xml:3134(para)
17102
17097
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
17103
17098
"that lists all KDCs for the Realm. For example, on both primary and "
17104
17099
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
17107
#: serverguide/C/network-auth.xml:3140(programlisting)
17102
#: serverguide/C/network-auth.xml:3139(programlisting)
17112
17107
"host/kdc02.example.com@EXAMPLE.COM\n"
17115
#: serverguide/C/network-auth.xml:3148(para)
17110
#: serverguide/C/network-auth.xml:3147(para)
17116
17111
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
17119
#: serverguide/C/network-auth.xml:3153(command)
17114
#: serverguide/C/network-auth.xml:3152(command)
17120
17115
msgid "sudo kdb5_util -s create"
17121
17116
msgstr "sudo kdb5_util -s create"
17123
#: serverguide/C/network-auth.xml:3159(para)
17118
#: serverguide/C/network-auth.xml:3158(para)
17125
17120
"Now start the <application>kpropd</application> daemon, which listens for "
17126
17121
"connections from the <application>kprop</application> utility. "
17127
17122
"<application>kprop</application> is used to transfer dump files:"
17130
#: serverguide/C/network-auth.xml:3166(command)
17125
#: serverguide/C/network-auth.xml:3165(command)
17131
17126
msgid "sudo kpropd -S"
17132
17127
msgstr "sudo kpropd -S"
17134
#: serverguide/C/network-auth.xml:3172(para)
17129
#: serverguide/C/network-auth.xml:3171(para)
17136
17131
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
17137
17132
"of the principal database:"
17140
#: serverguide/C/network-auth.xml:3177(command)
17135
#: serverguide/C/network-auth.xml:3176(command)
17141
17136
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17142
17137
msgstr "sudo kdb5_util dump /var/lib/krb5kdc/dump"
17144
#: serverguide/C/network-auth.xml:3183(para)
17139
#: serverguide/C/network-auth.xml:3182(para)
17146
17141
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
17147
17142
"<filename>/etc/krb5.keytab</filename>:"
17145
#: serverguide/C/network-auth.xml:3187(command)
17146
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17150
17149
#: serverguide/C/network-auth.xml:3188(command)
17151
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
17154
#: serverguide/C/network-auth.xml:3189(command)
17155
17150
msgid "sudo mv keytab.kdc01 /etc/krb5.keytab"
17156
17151
msgstr "sudo mv keytab.kdc01 /etc/krb5.keytab"
17158
#: serverguide/C/network-auth.xml:3193(para)
17153
#: serverguide/C/network-auth.xml:3192(para)
17160
17155
"Make sure there is a <emphasis>host</emphasis> for "
17161
17156
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
17164
#: serverguide/C/network-auth.xml:3201(para)
17159
#: serverguide/C/network-auth.xml:3200(para)
17166
17161
"Using the <application>kprop</application> utility push the database to the "
17167
17162
"Secondary KDC:"
17170
#: serverguide/C/network-auth.xml:3206(command)
17165
#: serverguide/C/network-auth.xml:3205(command)
17171
17166
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
17174
#: serverguide/C/network-auth.xml:3210(para)
17169
#: serverguide/C/network-auth.xml:3209(para)
17176
17171
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
17177
17172
"worked. If there is an error message check "
17316
17311
"minimum_uid=5000/' \\ /etc/pam.d/$i done"
17319
#: serverguide/C/network-auth.xml:3341(para)
17314
#: serverguide/C/network-auth.xml:3340(para)
17321
17316
"This will avoid being asked for the (non-existent) Kerberos password of a "
17322
17317
"locally authenticated user when changing its password using "
17323
17318
"<command>passwd</command>."
17326
#: serverguide/C/network-auth.xml:3348(para)
17321
#: serverguide/C/network-auth.xml:3347(para)
17328
17323
"You can test the configuration by requesting a ticket using the "
17329
17324
"<application>kinit</application> utility. For example:"
17332
#: serverguide/C/network-auth.xml:3353(command)
17327
#: serverguide/C/network-auth.xml:3352(command)
17333
17328
msgid "kinit steve@EXAMPLE.COM"
17336
#: serverguide/C/network-auth.xml:3354(computeroutput)
17331
#: serverguide/C/network-auth.xml:3353(computeroutput)
17338
17333
msgid "Password for steve@EXAMPLE.COM:"
17341
#: serverguide/C/network-auth.xml:3357(para)
17336
#: serverguide/C/network-auth.xml:3356(para)
17343
17338
"When a ticket has been granted, the details can be viewed using "
17344
17339
"<application>klist</application>:"
17347
#: serverguide/C/network-auth.xml:3363(computeroutput)
17342
#: serverguide/C/network-auth.xml:3362(computeroutput)
17350
17345
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
17389
17384
"Stran <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Kerberos na "
17390
17385
"Ubuntu Wiki</ulink> vsebuje več podrobnosti."
17392
#: serverguide/C/network-auth.xml:3405(para)
17387
#: serverguide/C/network-auth.xml:3404(para)
17394
17389
"O'Reilly's <ulink "
17395
17390
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
17396
17391
"Guide</ulink> is a great reference when setting up Kerberos."
17399
#: serverguide/C/network-auth.xml:3411(para)
17394
#: serverguide/C/network-auth.xml:3410(para)
17401
17396
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> and "
17402
17397
"<emphasis>#kerberos</emphasis> IRC channels on <ulink "
17403
17398
"url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
17406
#: serverguide/C/network-auth.xml:3423(title)
17401
#: serverguide/C/network-auth.xml:3422(title)
17407
17402
msgid "Kerberos and LDAP"
17408
17403
msgstr "Kerberos in LDAP"
17410
#: serverguide/C/network-auth.xml:3425(para)
17405
#: serverguide/C/network-auth.xml:3424(para)
17412
17407
"Most people will not use Kerberos by itself; once an user is authenticated "
17413
17408
"(Kerberos), we need to figure out what this user can do (authorization). And "
17414
17409
"that would be the job of programs such as <application>LDAP</application>."
17417
#: serverguide/C/network-auth.xml:3432(para)
17412
#: serverguide/C/network-auth.xml:3431(para)
17419
17414
"Replicating a Kerberos principal database between two servers can be "
17420
17415
"complicated, and adds an additional user database to your network. "
17443
17438
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
17446
#: serverguide/C/network-auth.xml:3456(para)
17441
#: serverguide/C/network-auth.xml:3455(para)
17448
17443
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
17449
17444
"that traffic between the KDC and LDAP server is encrypted. See <xref "
17450
17445
"linkend=\"openldap-tls\"/> for details."
17453
#: serverguide/C/network-auth.xml:3462(para)
17448
#: serverguide/C/network-auth.xml:3461(para)
17455
17450
"<filename>cn=admin,cn=config</filename> is a user we created with rights to "
17456
17451
"edit the ldap database. Many times it is the RootDN. Change its value to "
17457
17452
"reflect your setup."
17460
#: serverguide/C/network-auth.xml:3471(para)
17455
#: serverguide/C/network-auth.xml:3470(para)
17462
17457
"To load the schema into LDAP, on the LDAP server install the "
17463
17458
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
17466
#: serverguide/C/network-auth.xml:3477(command)
17461
#: serverguide/C/network-auth.xml:3476(command)
17467
17462
msgid "sudo apt-get install krb5-kdc-ldap"
17468
17463
msgstr "sudo apt-get install krb5-kdc-ldap"
17470
#: serverguide/C/network-auth.xml:3482(para)
17465
#: serverguide/C/network-auth.xml:3481(para)
17471
17466
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
17474
#: serverguide/C/network-auth.xml:3487(command)
17469
#: serverguide/C/network-auth.xml:3486(command)
17475
17470
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17476
17471
msgstr "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
17478
#: serverguide/C/network-auth.xml:3488(command)
17473
#: serverguide/C/network-auth.xml:3487(command)
17480
17475
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17482
17477
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
17484
#: serverguide/C/network-auth.xml:3494(para)
17479
#: serverguide/C/network-auth.xml:3493(para)
17486
17481
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
17487
17482
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
17529
17524
"include /etc/ldap/schema/ppolicy.schema\n"
17530
17525
"include /etc/ldap/schema/kerberos.schema\n"
17532
#: serverguide/C/network-auth.xml:3527(para)
17527
#: serverguide/C/network-auth.xml:3526(para)
17533
17528
msgid "Create a temporary directory to hold the LDIF files:"
17534
17529
msgstr "Ustvarite začasno mapo, ki bo vsebovala datoteke LDIF:"
17536
#: serverguide/C/network-auth.xml:3531(command)
17531
#: serverguide/C/network-auth.xml:3530(command)
17537
17532
msgid "mkdir /tmp/ldif_output"
17538
17533
msgstr "mkdir /tmp/ldif_output"
17540
#: serverguide/C/network-auth.xml:3537(para)
17535
#: serverguide/C/network-auth.xml:3536(para)
17542
17537
"Now use <application>slapcat</application> to convert the schema files:"
17545
#: serverguide/C/network-auth.xml:3542(command)
17540
#: serverguide/C/network-auth.xml:3541(command)
17547
17542
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \\ "
17548
17543
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
17551
#: serverguide/C/network-auth.xml:3546(para)
17546
#: serverguide/C/network-auth.xml:3545(para)
17553
17548
"Change the above file and path names to match your own if they are different."
17556
#: serverguide/C/network-auth.xml:3553(para)
17551
#: serverguide/C/network-auth.xml:3552(para)
17558
17553
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
17559
17554
"changing the following attributes:"
17562
#: serverguide/C/network-auth.xml:3557(programlisting)
17557
#: serverguide/C/network-auth.xml:3556(programlisting)
17653
17648
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
17656
#: serverguide/C/network-auth.xml:3639(para)
17651
#: serverguide/C/network-auth.xml:3638(para)
17658
17653
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
17662
#: serverguide/C/network-auth.xml:3645(title)
17657
#: serverguide/C/network-auth.xml:3644(title)
17663
17658
msgid "Primary KDC Configuration"
17666
#: serverguide/C/network-auth.xml:3647(para)
17661
#: serverguide/C/network-auth.xml:3646(para)
17668
17663
"With <application>OpenLDAP</application> configured it is time to configure "
17672
#: serverguide/C/network-auth.xml:3653(para)
17667
#: serverguide/C/network-auth.xml:3652(para)
17673
17668
msgid "First, install the necessary packages, from a terminal enter:"
17676
#: serverguide/C/network-auth.xml:3658(command) serverguide/C/network-auth.xml:3817(command)
17671
#: serverguide/C/network-auth.xml:3657(command) serverguide/C/network-auth.xml:3816(command)
17677
17672
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
17680
#: serverguide/C/network-auth.xml:3664(para)
17675
#: serverguide/C/network-auth.xml:3663(para)
17682
17677
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
17683
17678
"under the appropriate sections:"
17686
#: serverguide/C/network-auth.xml:3668(programlisting)
17681
#: serverguide/C/network-auth.xml:3667(programlisting)
17762
17757
"<filename>/etc/krb5.conf</filename>:"
17765
#: serverguide/C/network-auth.xml:3740(command) serverguide/C/network-auth.xml:3879(command)
17760
#: serverguide/C/network-auth.xml:3739(command) serverguide/C/network-auth.xml:3878(command)
17767
17762
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f \\ "
17768
17763
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
17771
#: serverguide/C/network-auth.xml:3747(para)
17766
#: serverguide/C/network-auth.xml:3746(para)
17772
17767
msgid "Copy the CA certificate from the LDAP server:"
17775
#: serverguide/C/network-auth.xml:3752(command)
17770
#: serverguide/C/network-auth.xml:3751(command)
17776
17771
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
17777
17772
msgstr "scp ldap01:/etc/ssl/certs/cacert.pem ."
17779
#: serverguide/C/network-auth.xml:3753(command)
17774
#: serverguide/C/network-auth.xml:3752(command)
17780
17775
msgid "sudo cp cacert.pem /etc/ssl/certs"
17781
17776
msgstr "sudo cp cacert.pem /etc/ssl/certs"
17783
#: serverguide/C/network-auth.xml:3756(para)
17778
#: serverguide/C/network-auth.xml:3755(para)
17785
17780
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
17788
#: serverguide/C/network-auth.xml:3760(programlisting)
17783
#: serverguide/C/network-auth.xml:3759(programlisting)
17792
17787
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
17795
#: serverguide/C/network-auth.xml:3765(para)
17790
#: serverguide/C/network-auth.xml:3764(para)
17797
17792
"The certificate will also need to be copied to the Secondary KDC, to allow "
17798
17793
"the connection to the LDAP servers using LDAPS."
17801
#: serverguide/C/network-auth.xml:3774(para)
17796
#: serverguide/C/network-auth.xml:3773(para)
17803
17798
"You can now add Kerberos principals to the LDAP database, and they will be "
17804
17799
"copied to any other LDAP servers configured for replication. To add a "
17805
17800
"principal using the <application>kadmin.local</application> utility enter:"
17808
#: serverguide/C/network-auth.xml:3782(userinput)
17803
#: serverguide/C/network-auth.xml:3781(userinput)
17810
17805
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
17813
#: serverguide/C/network-auth.xml:3781(computeroutput)
17808
#: serverguide/C/network-auth.xml:3780(computeroutput)
17816
17811
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
17916
#: serverguide/C/network-auth.xml:3892(command)
17917
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17921
17920
#: serverguide/C/network-auth.xml:3893(command)
17922
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
17925
#: serverguide/C/network-auth.xml:3894(command)
17926
17921
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
17929
#: serverguide/C/network-auth.xml:3898(para)
17924
#: serverguide/C/network-auth.xml:3897(para)
17931
17926
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
17934
#: serverguide/C/network-auth.xml:3906(para)
17929
#: serverguide/C/network-auth.xml:3905(para)
17936
17931
"Back on the <emphasis>Secondary KDC</emphasis>, (re)start the ldap server "
17940
#: serverguide/C/network-auth.xml:3918(para)
17935
#: serverguide/C/network-auth.xml:3917(para)
17941
17936
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
17944
#: serverguide/C/network-auth.xml:3929(para)
17939
#: serverguide/C/network-auth.xml:3928(para)
17945
17940
msgid "Verify the two ldap servers (and kerberos by extension) are in sync."
17948
#: serverguide/C/network-auth.xml:3936(para)
17943
#: serverguide/C/network-auth.xml:3935(para)
17950
17945
"You now have redundant KDCs on your network, and with redundant LDAP servers "
17951
17946
"you should be able to continue to authenticate users if one LDAP server, one "
17952
17947
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
17955
#: serverguide/C/network-auth.xml:3948(para)
17950
#: serverguide/C/network-auth.xml:3947(para)
17957
17952
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
17958
17953
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
17959
17954
"Guide</ulink> has some additional details."
17962
#: serverguide/C/network-auth.xml:3951(para)
17957
#: serverguide/C/network-auth.xml:3953(para)
17964
17959
"For more information on <application>kdb5_ldap_util</application> see <ulink "
17965
17960
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
18001
17996
"requires no modifications to the AD structure."
18004
#: serverguide/C/network-auth.xml:3978(title)
17999
#: serverguide/C/network-auth.xml:3980(title)
18005
18000
msgid "Prerequisites, Assumptions, and Requirements"
18008
#: serverguide/C/network-auth.xml:3981(para)
18003
#: serverguide/C/network-auth.xml:3983(para)
18010
18005
"This guide does not explain Active Directory, how it works, how to set one "
18011
18006
"up, or how to maintain it. It may not provide “best practices” for your "
18012
18007
"environment."
18015
#: serverguide/C/network-auth.xml:3983(para)
18010
#: serverguide/C/network-auth.xml:3985(para)
18017
18012
"This guide assumes that a working Active Directory domain is already "
18018
18013
"configured."
18021
#: serverguide/C/network-auth.xml:3985(para)
18016
#: serverguide/C/network-auth.xml:3987(para)
18023
18018
"The domain controller is acting as an authoritative DNS server for the "
18027
#: serverguide/C/network-auth.xml:3987(para)
18022
#: serverguide/C/network-auth.xml:3989(para)
18029
18024
"The domain controller is the primary DNS resolver as specified in "
18030
18025
"<filename>/etc/resolv.conf</filename>."
18033
#: serverguide/C/network-auth.xml:3990(para)
18028
#: serverguide/C/network-auth.xml:3992(para)
18035
18030
"The appropriate <emphasis>_kerberos</emphasis>, <emphasis>_ldap</emphasis>, "
18036
18031
"<emphasis>_kpasswd</emphasis>, etc. entries are configured in the DNS zone "
18037
18032
"(see Resources section for external links)."
18040
#: serverguide/C/network-auth.xml:3992(para)
18035
#: serverguide/C/network-auth.xml:3994(para)
18042
18037
"System time is synchronized on the domain controller (necessary for "
18046
#: serverguide/C/network-auth.xml:3994(para)
18041
#: serverguide/C/network-auth.xml:3996(para)
18048
18043
"The domain used in this example is <emphasis>myubuntu.example.com</emphasis> "
18052
#: serverguide/C/network-auth.xml:3999(para)
18047
#: serverguide/C/network-auth.xml:4001(para)
18054
18049
"The following packages are needed: <emphasis>krb5-user</emphasis>, "
18055
18050
"<emphasis>samba</emphasis>, <emphasis>sssd</emphasis>, and "
18245
18240
"sudoers: files sss\n"
18248
#: serverguide/C/network-auth.xml:4101(title)
18243
#: serverguide/C/network-auth.xml:4103(title)
18249
18244
msgid "Modify /etc/hosts"
18252
#: serverguide/C/network-auth.xml:4102(para)
18247
#: serverguide/C/network-auth.xml:4104(para)
18254
18249
"Add an alias to the localhost entry in /etc/hosts specifying the FQDN. For "
18258
#: serverguide/C/network-auth.xml:4103(programlisting)
18253
#: serverguide/C/network-auth.xml:4105(programlisting)
18260
18255
msgid "192.168.1.10 myserver myserver.myubuntu.example.com"
18263
#: serverguide/C/network-auth.xml:4105(para)
18258
#: serverguide/C/network-auth.xml:4107(para)
18264
18259
msgid "This is useful in conjunction with dynamic DNS updates."
18267
#: serverguide/C/network-auth.xml:4109(title)
18262
#: serverguide/C/network-auth.xml:4111(title)
18268
18263
msgid "Join the Active Directory"
18271
#: serverguide/C/network-auth.xml:4110(para)
18266
#: serverguide/C/network-auth.xml:4112(para)
18272
18267
msgid "Now, restart ntp and samba and start sssd."
18275
#: serverguide/C/virtualization.xml:2208(command)
18270
#: serverguide/C/network-auth.xml:4113(command)
18276
18271
msgid "sudo service ntp restart"
18279
#: serverguide/C/network-auth.xml:4114(command)
18274
#: serverguide/C/network-auth.xml:4116(command)
18280
18275
msgid "sudo start sssd"
18283
#: serverguide/C/network-auth.xml:4116(para)
18278
#: serverguide/C/network-auth.xml:4118(para)
18284
18279
msgid "Test the configuration by obtaining a Kerberos ticket:"
18287
#: serverguide/C/network-auth.xml:4118(command)
18282
#: serverguide/C/network-auth.xml:4120(command)
18288
18283
msgid "sudo kinit Administrator"
18291
#: serverguide/C/network-auth.xml:4120(para)
18286
#: serverguide/C/network-auth.xml:4122(para)
18292
18287
msgid "Verify the ticket with:"
18295
#: serverguide/C/network-auth.xml:4121(command)
18290
#: serverguide/C/network-auth.xml:4123(command)
18296
18291
msgid "sudo klist"
18299
#: serverguide/C/network-auth.xml:4123(para)
18294
#: serverguide/C/network-auth.xml:4125(para)
18301
18296
"If there is a ticket with an expiration date listed, then it is time to join "
18302
18297
"the domain:"
18305
#: serverguide/C/network-auth.xml:4125(command)
18300
#: serverguide/C/network-auth.xml:4127(command)
18306
18301
msgid "sudo net ads join -k"
18309
#: serverguide/C/network-auth.xml:4127(para)
18304
#: serverguide/C/network-auth.xml:4129(para)
18311
18306
"A warning about \"No DNS domain configured. Unable to perform DNS Update.\" "
18312
18307
"probably means that there is no (correct) alias in "
20289
20284
"<filename>/var/log/mail.warn</filename> respectively."
20292
#: serverguide/C/mail.xml:382(para)
20287
#: serverguide/C/mail.xml:440(para)
20294
20289
"To see messages entered into the logs in real time you can use the "
20295
20290
"<application>tail -f</application> command:"
20298
#: serverguide/C/mail.xml:387(command)
20293
#: serverguide/C/mail.xml:445(command)
20299
20294
msgid "tail -f /var/log/mail.err"
20302
#: serverguide/C/mail.xml:389(para)
20297
#: serverguide/C/mail.xml:447(para)
20304
20299
"The amount of detail that is recorded in the logs can be increased. Below "
20305
20300
"are some configuration options for increasing the log level for some of the "
20306
20301
"areas covered above."
20309
#: serverguide/C/mail.xml:395(para)
20304
#: serverguide/C/mail.xml:453(para)
20311
20306
"To increase <emphasis>TLS</emphasis> activity logging set the "
20312
20307
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
20315
#: serverguide/C/mail.xml:399(command)
20310
#: serverguide/C/mail.xml:457(command)
20316
20311
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
20319
#: serverguide/C/mail.xml:403(para)
20314
#: serverguide/C/mail.xml:461(para)
20321
20316
"If you are having trouble sending or receiving mail from a specific domain "
20322
20317
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
20325
#: serverguide/C/mail.xml:408(command)
20320
#: serverguide/C/mail.xml:466(command)
20326
20321
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
20329
#: serverguide/C/mail.xml:412(para)
20324
#: serverguide/C/mail.xml:470(para)
20331
20326
"You can increase the verbosity of any <application>Postfix</application> "
20332
20327
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
20456
20451
"in one file you can configure accordingly in this user interface."
20459
#: serverguide/C/mail.xml:514(para)
20454
#: serverguide/C/mail.xml:572(para)
20461
20456
"All the parameters you configure in the user interface are stored in "
20462
"<filename>/etc/exim4/update-exim4.conf</filename> file. If you wish to re-"
20463
"configure, either you re-run the configuration wizard or manually edit this "
20464
"file using your favorite editor. Once you configure, you can run the "
20457
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
20458
"re-configure, either you re-run the configuration wizard or manually edit "
20459
"this file using your favorite editor. Once you configure, you can run the "
20465
20460
"following command to generate the master configuration file:"
20468
#: serverguide/C/mail.xml:525(command) serverguide/C/mail.xml:609(command)
20463
#: serverguide/C/mail.xml:583(command) serverguide/C/mail.xml:667(command)
20469
20464
msgid "sudo update-exim4.conf"
20470
20465
msgstr "sudo update-exim4.conf"
20472
#: serverguide/C/mail.xml:527(para)
20467
#: serverguide/C/mail.xml:585(para)
20474
20469
"The master configuration file, is generated and it is stored in "
20475
20470
"<filename>/var/lib/exim4/config.autogenerated</filename>."
20478
#: serverguide/C/mail.xml:533(para)
20473
#: serverguide/C/mail.xml:591(para)
20480
20475
"At any time, you should not edit the master configuration file, "
20481
20476
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
20482
20477
"updated automatically every time you run <command>update-exim4.conf</command>"
20485
#: serverguide/C/mail.xml:541(para)
20480
#: serverguide/C/mail.xml:599(para)
20487
20482
"You can run the following command to start <application>Exim4</application> "
20588
20583
msgid "sudo service exim4 restart"
20591
#: serverguide/C/mail.xml:615(para)
20586
#: serverguide/C/mail.xml:673(para)
20593
20588
"This section provides details on configuring the saslauthd to provide "
20594
20589
"authentication for <application>Exim4</application>."
20597
#: serverguide/C/mail.xml:618(para)
20592
#: serverguide/C/mail.xml:676(para)
20599
20594
"The first step is to install the sasl2-bin package. From a terminal prompt "
20600
20595
"enter the following:"
20603
#: serverguide/C/mail.xml:622(command)
20598
#: serverguide/C/mail.xml:680(command)
20604
20599
msgid "sudo apt-get install sasl2-bin"
20607
#: serverguide/C/mail.xml:624(para)
20602
#: serverguide/C/mail.xml:682(para)
20609
20604
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
20610
20605
"and set START=no to:"
20613
#: serverguide/C/mail.xml:630(para)
20608
#: serverguide/C/mail.xml:688(para)
20615
20610
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
20616
20611
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
20620
#: serverguide/C/mail.xml:635(command)
20615
#: serverguide/C/mail.xml:693(command)
20621
20616
msgid "sudo adduser Debian-exim sasl"
20622
20617
msgstr "sudo adduser Debian-exim sasl"
20624
#: serverguide/C/mail.xml:637(para)
20619
#: serverguide/C/mail.xml:695(para)
20625
20620
msgid "Now start the <application>saslauthd</application> service:"
20629
20624
msgid "sudo service saslauthd start"
20632
#: serverguide/C/mail.xml:643(para)
20627
#: serverguide/C/mail.xml:701(para)
20634
20629
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
20635
20630
"and SASL authentication."
20638
#: serverguide/C/mail.xml:652(para)
20633
#: serverguide/C/mail.xml:710(para)
20640
20635
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
20641
20636
"information."
20644
#: serverguide/C/mail.xml:657(para)
20639
#: serverguide/C/mail.xml:715(para)
20646
20641
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
20647
20642
"server\">Exim4 Book</ulink> available."
20650
#: serverguide/C/mail.xml:662(para)
20645
#: serverguide/C/mail.xml:720(para)
20652
20647
"Another resource is the <ulink "
20653
20648
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
20657
#: serverguide/C/mail.xml:671(title)
20652
#: serverguide/C/mail.xml:729(title)
20658
20653
msgid "Dovecot Server"
20661
#: serverguide/C/mail.xml:672(para)
20656
#: serverguide/C/mail.xml:730(para)
20663
20658
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
20664
20659
"security primarily in mind. It supports the major mailbox formats: mbox or "
20665
20660
"Maildir. This section explain how to set it up as an imap or pop3 server."
20668
#: serverguide/C/mail.xml:680(para)
20663
#: serverguide/C/mail.xml:738(para)
20670
20665
"To install <application>dovecot</application>, run the following command in "
20671
20666
"the command prompt:"
20674
#: serverguide/C/mail.xml:685(command)
20669
#: serverguide/C/mail.xml:743(command)
20675
20670
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
20678
#: serverguide/C/mail.xml:690(para)
20673
#: serverguide/C/mail.xml:748(para)
20680
20675
"To configure <application>dovecot</application>, you can edit the file "
20681
20676
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
20783
20778
"<filename>/etc/dovecot/conf.d/10-ssl.conf</filename> configuration file."
20786
#: serverguide/C/mail.xml:786(title)
20781
#: serverguide/C/mail.xml:845(title)
20787
20782
msgid "Firewall Configuration for an Email Server"
20790
#: serverguide/C/mail.xml:792(para)
20785
#: serverguide/C/mail.xml:851(para)
20791
20786
msgid "IMAP - 143"
20792
20787
msgstr "IMAP - 143"
20794
#: serverguide/C/mail.xml:793(para)
20789
#: serverguide/C/mail.xml:852(para)
20795
20790
msgid "IMAPS - 993"
20796
20791
msgstr "IMAPS - 993"
20798
#: serverguide/C/mail.xml:794(para)
20793
#: serverguide/C/mail.xml:853(para)
20799
20794
msgid "POP3 - 110"
20800
20795
msgstr "POP3 - 110"
20802
#: serverguide/C/mail.xml:795(para)
20797
#: serverguide/C/mail.xml:854(para)
20803
20798
msgid "POP3S - 995"
20804
20799
msgstr "POP3S - 995"
20806
#: serverguide/C/mail.xml:787(para)
20801
#: serverguide/C/mail.xml:846(para)
20808
20803
"To access your mail server from another computer, you must configure your "
20809
20804
"firewall to allow connections to the server on the necessary ports. "
20810
20805
"<placeholder-1/>"
20813
#: serverguide/C/mail.xml:804(para)
20808
#: serverguide/C/mail.xml:863(para)
20815
20810
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
20816
20811
"more information."
20819
#: serverguide/C/mail.xml:809(para)
20814
#: serverguide/C/mail.xml:868(para)
20821
20816
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
20822
20817
"Ubuntu Wiki</ulink> page has more details."
20838
20833
"and maintain."
20841
#: serverguide/C/mail.xml:829(para)
20836
#: serverguide/C/mail.xml:888(para)
20843
20838
"Mailman provides a web interface for the administrators and users, using an "
20844
20839
"external mail server to send and receive emails. It works perfectly with the "
20845
20840
"following mail servers:"
20848
#: serverguide/C/mail.xml:840(application)
20843
#: serverguide/C/mail.xml:899(application)
20852
#: serverguide/C/mail.xml:843(application)
20847
#: serverguide/C/mail.xml:902(application)
20853
20848
msgid "Sendmail"
20856
#: serverguide/C/mail.xml:846(application)
20851
#: serverguide/C/mail.xml:905(application)
20857
20852
msgid "Qmail"
20860
#: serverguide/C/mail.xml:851(para)
20855
#: serverguide/C/mail.xml:910(para)
20862
20857
"We will see how to install and configure Mailman with, the Apache web "
20863
20858
"server, and either the Postfix or Exim mail server. If you wish to install "
20864
20859
"Mailman with a different mail server, please refer to the references section."
20867
#: serverguide/C/mail.xml:858(para)
20862
#: serverguide/C/mail.xml:917(para)
20869
20864
"You only need to install one mail server and "
20870
20865
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
20873
#: serverguide/C/mail.xml:863(title) serverguide/C/mail.xml:920(title)
20868
#: serverguide/C/mail.xml:922(title) serverguide/C/mail.xml:979(title)
20874
20869
msgid "Apache2"
20875
20870
msgstr "Apache2"
20877
#: serverguide/C/mail.xml:864(para)
20872
#: serverguide/C/mail.xml:923(para)
20879
20874
"To install apache2 you refer to <xref linkend=\"http-installation\"/> for "
20883
#: serverguide/C/mail.xml:870(para)
20878
#: serverguide/C/mail.xml:929(para)
20885
20880
"For instructions on installing and configuring Postfix refer to <xref "
20886
20881
"linkend=\"postfix\"/>"
20889
#: serverguide/C/mail.xml:876(para)
20884
#: serverguide/C/mail.xml:935(para)
20890
20885
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
20893
#: serverguide/C/mail.xml:879(para)
20888
#: serverguide/C/mail.xml:938(para)
20895
20890
"Once exim4 is installed, the configuration files are stored in the "
20896
20891
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
20969
20964
"available/mailman.conf</filename> file if you wish to change this behavior."
20972
#: serverguide/C/mail.xml:948(para)
20967
#: serverguide/C/mail.xml:1007(para)
20974
20969
"For <application>Postfix</application> integration, we will associate the "
20975
20970
"domain lists.example.com with the mailing lists. Please replace "
20976
20971
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
20979
#: serverguide/C/mail.xml:952(para)
20974
#: serverguide/C/mail.xml:1011(para)
20981
20976
"You can use the postconf command to add the necessary configuration to "
20982
20977
"<filename>/etc/postfix/main.cf</filename>:"
20985
#: serverguide/C/mail.xml:956(command)
20980
#: serverguide/C/mail.xml:1015(command)
20986
20981
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
20989
#: serverguide/C/mail.xml:957(command)
20984
#: serverguide/C/mail.xml:1016(command)
20990
20985
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
20993
#: serverguide/C/mail.xml:958(command)
20988
#: serverguide/C/mail.xml:1017(command)
20994
20989
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
20997
#: serverguide/C/mail.xml:960(para)
20992
#: serverguide/C/mail.xml:1019(para)
20999
20994
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
21000
20995
"the following transport:"
21003
#: serverguide/C/mail.xml:963(programlisting)
20998
#: serverguide/C/mail.xml:1022(programlisting)
21009
21004
" ${nexthop} ${user}\n"
21012
#: serverguide/C/mail.xml:968(para)
21007
#: serverguide/C/mail.xml:1027(para)
21014
21009
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
21015
21010
"is delivered to a list."
21018
#: serverguide/C/mail.xml:971(para)
21013
#: serverguide/C/mail.xml:1030(para)
21020
21015
"Associate the domain lists.example.com to the Mailman transport with the "
21021
21016
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
21024
#: serverguide/C/mail.xml:974(programlisting)
21019
#: serverguide/C/mail.xml:1033(programlisting)
21028
21023
"lists.example.com mailman:\n"
21031
#: serverguide/C/mail.xml:977(para)
21026
#: serverguide/C/mail.xml:1036(para)
21033
21028
"Now have <application>Postfix</application> build the transport map by "
21034
21029
"entering the following from a terminal prompt:"
21037
#: serverguide/C/mail.xml:981(command)
21032
#: serverguide/C/mail.xml:1040(command)
21038
21033
msgid "sudo postmap -v /etc/postfix/transport"
21041
#: serverguide/C/mail.xml:983(para)
21036
#: serverguide/C/mail.xml:1042(para)
21042
21037
msgid "Then restart Postfix to enable the new configurations:"
21045
#: serverguide/C/mail.xml:992(para)
21040
#: serverguide/C/mail.xml:1051(para)
21047
21042
"Once Exim4 is installed, you can start the Exim server using the following "
21048
21043
"command from a terminal prompt:"
21051
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1023(title)
21046
#: serverguide/C/mail.xml:1067(para) serverguide/C/mail.xml:1082(title)
21055
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1063(title)
21050
#: serverguide/C/mail.xml:1070(para) serverguide/C/mail.xml:1122(title)
21056
21051
msgid "Transport"
21059
#: serverguide/C/mail.xml:1014(para) serverguide/C/mail.xml:1086(title)
21054
#: serverguide/C/mail.xml:1073(para) serverguide/C/mail.xml:1145(title)
21060
21055
msgid "Router"
21061
21056
msgstr "Usmerjevalnik"
21063
#: serverguide/C/mail.xml:999(para)
21058
#: serverguide/C/mail.xml:1058(para)
21065
21060
"In order to make mailman work with Exim4, you need to configure Exim4. As "
21066
21061
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
21333
21328
"spf</application>."
21336
#: serverguide/C/mail.xml:1251(para)
21331
#: serverguide/C/mail.xml:1310(para)
21338
21333
"<application>Amavisd-new</application> is a wrapper program that can call "
21339
21334
"any number of content filtering programs for spam detection, antivirus, etc."
21342
#: serverguide/C/mail.xml:1257(para)
21337
#: serverguide/C/mail.xml:1316(para)
21344
21339
"<application>Spamassassin</application> uses a variety of mechanisms to "
21345
21340
"filter email based on the message content."
21348
#: serverguide/C/mail.xml:1262(para)
21343
#: serverguide/C/mail.xml:1321(para)
21350
21345
"<application>ClamAV</application> is an open source antivirus application."
21353
#: serverguide/C/mail.xml:1267(para)
21348
#: serverguide/C/mail.xml:1326(para)
21355
21350
"<application>opendkim</application> implements a Sendmail Mail Filter "
21356
21351
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
21359
#: serverguide/C/mail.xml:1273(para)
21354
#: serverguide/C/mail.xml:1332(para)
21361
21356
"<application>python-policyd-spf</application> enables Sender Policy "
21362
21357
"Framework (SPF) checking with <application>Postfix</application>."
21365
#: serverguide/C/mail.xml:1278(para)
21360
#: serverguide/C/mail.xml:1337(para)
21366
21361
msgid "This is how the pieces fit together:"
21369
#: serverguide/C/mail.xml:1283(para)
21364
#: serverguide/C/mail.xml:1342(para)
21370
21365
msgid "An email message is accepted by <application>Postfix</application>."
21373
#: serverguide/C/mail.xml:1288(para)
21368
#: serverguide/C/mail.xml:1347(para)
21375
21370
"The message is passed through any external filters "
21376
21371
"<application>opendkim</application> and <application>python-policyd-"
21377
21372
"spf</application> in this case."
21380
#: serverguide/C/mail.xml:1294(para)
21375
#: serverguide/C/mail.xml:1353(para)
21381
21376
msgid "<application>Amavisd-new</application> then processes the message."
21384
#: serverguide/C/mail.xml:1299(para)
21379
#: serverguide/C/mail.xml:1358(para)
21386
21381
"<application>ClamAV</application> is used to scan the message. If the "
21387
21382
"message contains a virus <application>Postfix</application> will reject the "
21391
#: serverguide/C/mail.xml:1305(para)
21386
#: serverguide/C/mail.xml:1364(para)
21393
21388
"Clean messages will then be analyzed by "
21394
21389
"<application>Spamassassin</application> to find out if the message is spam. "
21409
#: serverguide/C/mail.xml:1319(para)
21404
#: serverguide/C/mail.xml:1378(para)
21411
21406
"See <xref linkend=\"postfix\"/> for instructions on installing and "
21412
21407
"configuring Postfix."
21415
#: serverguide/C/mail.xml:1322(para)
21410
#: serverguide/C/mail.xml:1381(para)
21417
21412
"To install the rest of the applications enter the following from a terminal "
21421
#: serverguide/C/mail.xml:1326(command)
21416
#: serverguide/C/mail.xml:1385(command)
21422
21417
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
21425
#: serverguide/C/mail.xml:1327(command)
21420
#: serverguide/C/mail.xml:1386(command)
21426
21421
msgid "sudo apt-get install opendkim postfix-policyd-spf-python"
21429
#: serverguide/C/mail.xml:1329(para)
21424
#: serverguide/C/mail.xml:1388(para)
21431
21426
"There are some optional packages that integrate with "
21432
21427
"<application>Spamassassin</application> for better spam detection:"
21435
#: serverguide/C/mail.xml:1333(command)
21430
#: serverguide/C/mail.xml:1392(command)
21436
21431
msgid "sudo apt-get install pyzor razor"
21439
#: serverguide/C/mail.xml:1335(para)
21434
#: serverguide/C/mail.xml:1394(para)
21441
21436
"Along with the main filtering applications compression utilities are needed "
21442
21437
"to process some email attachments:"
21445
#: serverguide/C/mail.xml:1339(command)
21440
#: serverguide/C/mail.xml:1398(command)
21447
21442
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
21450
#: serverguide/C/mail.xml:1342(para)
21445
#: serverguide/C/mail.xml:1401(para)
21452
21447
"If some packages are not found, check that the "
21453
21448
"<emphasis>multiverse</emphasis> repository is enabled in "
21454
21449
"<filename>/etc/apt/sources.list</filename>"
21457
#: serverguide/C/mail.xml:1343(para)
21452
#: serverguide/C/mail.xml:1402(para)
21459
21454
"If you make changes to the file, be sure to run <command>sudo apt-get "
21460
21455
"update</command> before trying to install again."
21463
#: serverguide/C/mail.xml:1348(para)
21458
#: serverguide/C/mail.xml:1407(para)
21464
21459
msgid "Now configure everything to work together and filter email."
21467
#: serverguide/C/mail.xml:1352(title)
21462
#: serverguide/C/mail.xml:1411(title)
21468
21463
msgid "ClamAV"
21469
21464
msgstr "ClamAV"
21471
#: serverguide/C/mail.xml:1353(para)
21466
#: serverguide/C/mail.xml:1412(para)
21473
21468
"The default behaviour of <application>ClamAV</application> will fit our "
21474
21469
"needs. For more ClamAV configuration options, check the configuration files "
21475
21470
"in <filename>/etc/clamav</filename>."
21478
#: serverguide/C/mail.xml:1358(para)
21473
#: serverguide/C/mail.xml:1417(para)
21480
21475
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
21481
21476
"group in order for <application>Amavisd-new</application> to have the "
21482
21477
"appropriate access to scan files:"
21485
#: serverguide/C/mail.xml:1363(command)
21480
#: serverguide/C/mail.xml:1422(command)
21486
21481
msgid "sudo adduser clamav amavis"
21489
#: serverguide/C/mail.xml:1364(command)
21484
#: serverguide/C/mail.xml:1423(command)
21490
21485
msgid "sudo adduser amavis clamav"
21493
#: serverguide/C/mail.xml:1368(title)
21488
#: serverguide/C/mail.xml:1427(title)
21494
21489
msgid "Spamassassin"
21495
21490
msgstr "Spamassassin"
21497
#: serverguide/C/mail.xml:1369(para)
21492
#: serverguide/C/mail.xml:1428(para)
21499
21494
"Spamassassin automatically detects optional components and will use them if "
21500
21495
"they are present. This means that there is no need to configure "
21501
21496
"<application>pyzor</application> and <application>razor</application>."
21504
#: serverguide/C/mail.xml:1373(para)
21499
#: serverguide/C/mail.xml:1432(para)
21506
21501
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
21507
21502
"<application>Spamassassin</application> daemon. Change "
21508
21503
"<emphasis>ENABLED=0</emphasis> to:"
21511
#: serverguide/C/mail.xml:1377(programlisting)
21506
#: serverguide/C/mail.xml:1436(programlisting)
21515
21510
"ENABLED=1\n"
21518
#: serverguide/C/mail.xml:1380(para)
21513
#: serverguide/C/mail.xml:1439(para)
21519
21514
msgid "Now start the daemon:"
21643
21638
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
21646
#: serverguide/C/mail.xml:1470(para)
21641
#: serverguide/C/mail.xml:1528(para)
21647
21642
msgid "There are multiple ways to configure the Whitelist for a domain:"
21650
#: serverguide/C/mail.xml:1476(para)
21645
#: serverguide/C/mail.xml:1534(para)
21652
21647
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21653
21648
"address from the \"example.com\" domain."
21656
#: serverguide/C/mail.xml:1481(para)
21651
#: serverguide/C/mail.xml:1539(para)
21658
21653
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
21659
21654
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
21660
21655
"have a valid signature."
21663
#: serverguide/C/mail.xml:1487(para)
21658
#: serverguide/C/mail.xml:1545(para)
21665
21660
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
21666
21661
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
21667
21662
"role=\"italic\">example.com</emphasis> the parent domain."
21670
#: serverguide/C/mail.xml:1493(para)
21665
#: serverguide/C/mail.xml:1551(para)
21672
21667
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
21673
21668
"that have a valid signature from \"example.com\". This is usually used for "
21674
21669
"discussion groups that sign their messages."
21677
#: serverguide/C/mail.xml:1500(para)
21672
#: serverguide/C/mail.xml:1558(para)
21679
21674
"A domain can also have multiple Whitelist configurations. After editing the "
21680
21675
"file, restart <application>amavisd-new</application>:"
21683
#: serverguide/C/mail.xml:1510(para)
21678
#: serverguide/C/mail.xml:1568(para)
21685
21680
"In this context, once a domain has been added to the Whitelist the message "
21686
21681
"will not receive any anti-virus or spam filtering. This may or may not be "
21687
21682
"the intended behavior you wish for a domain."
21690
#: serverguide/C/mail.xml:1520(para)
21685
#: serverguide/C/mail.xml:1578(para)
21692
21687
"For <application>Postfix</application> integration, enter the following from "
21693
21688
"a terminal prompt:"
21696
#: serverguide/C/mail.xml:1524(command)
21691
#: serverguide/C/mail.xml:1582(command)
21697
21692
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
21700
#: serverguide/C/mail.xml:1526(para)
21695
#: serverguide/C/mail.xml:1584(para)
21702
21697
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
21703
21698
"to the end of the file:"
21905
21900
"back to normal."
21908
#: serverguide/C/mail.xml:1689(para)
21903
#: serverguide/C/mail.xml:1747(para)
21909
21904
msgid "For more information on filtering mail see the following links:"
21912
#: serverguide/C/mail.xml:1695(ulink)
21907
#: serverguide/C/mail.xml:1753(ulink)
21913
21908
msgid "Amavisd-new Documentation"
21916
#: serverguide/C/mail.xml:1699(para)
21911
#: serverguide/C/mail.xml:1757(para)
21918
21913
"<ulink url=\"http://www.clamav.net/doc/latest/html/\">ClamAV "
21919
21914
"Documentation</ulink> and <ulink "
21920
21915
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
21923
#: serverguide/C/mail.xml:1706(ulink)
21918
#: serverguide/C/mail.xml:1764(ulink)
21924
21919
msgid "Spamassassin Wiki"
21925
21920
msgstr "Spamassassin Wiki"
21927
#: serverguide/C/mail.xml:1711(ulink)
21922
#: serverguide/C/mail.xml:1769(ulink)
21928
21923
msgid "Pyzor Homepage"
21931
#: serverguide/C/mail.xml:1716(ulink)
21926
#: serverguide/C/mail.xml:1774(ulink)
21932
21927
msgid "Razor Homepage"
21935
#: serverguide/C/mail.xml:1721(ulink)
21930
#: serverguide/C/mail.xml:1779(ulink)
21936
21931
msgid "DKIM.org"
21937
21932
msgstr "DKIM.org"
21939
#: serverguide/C/mail.xml:1726(ulink)
21934
#: serverguide/C/mail.xml:1784(ulink)
21940
21935
msgid "Postfix Amavis New"
21943
#: serverguide/C/mail.xml:1730(para)
21938
#: serverguide/C/mail.xml:1788(para)
21945
21940
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
21946
21941
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
22323
22339
"config/index.php</ulink> if your server has no GUI.)"
22326
#: serverguide/C/lamp-applications.xml:334(para)
22342
#: serverguide/C/lamp-applications.xml:350(para)
22328
22344
"Please read the <quote>Environmental checks</quote> section of the "
22329
22345
"configuration page. You should be able to fix many issues by carefully "
22330
22346
"reading this section."
22333
#: serverguide/C/lamp-applications.xml:330(para)
22349
#: serverguide/C/lamp-applications.xml:357(para)
22335
22351
"Once the configuration is complete, you should copy the "
22336
22352
"<filename>LocalSettings.php</filename> file to "
22337
22353
"<filename>/etc/mediawiki</filename> directory:"
22340
#: serverguide/C/lamp-applications.xml:337(command)
22356
#: serverguide/C/lamp-applications.xml:364(command)
22341
22357
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22342
22358
msgstr "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
22344
#: serverguide/C/lamp-applications.xml:340(para)
22360
#: serverguide/C/lamp-applications.xml:367(para)
22346
22362
"You may also want to edit "
22347
22363
"<filename>/etc/mediawiki/LocalSettings.php</filename> in order to set the "
22348
22364
"memory limit (disabled by default):"
22351
#: serverguide/C/lamp-applications.xml:345(programlisting)
22367
#: serverguide/C/lamp-applications.xml:372(programlisting)
22355
22371
"ini_set( 'memory_limit', '64M' );\n"
22358
#: serverguide/C/lamp-applications.xml:352(title)
22374
#: serverguide/C/lamp-applications.xml:379(title)
22359
22375
msgid "Extensions"
22362
#: serverguide/C/lamp-applications.xml:353(para)
22378
#: serverguide/C/lamp-applications.xml:380(para)
22364
22380
"The extensions add new features and enhancements for the MediaWiki "
22365
22381
"application. The extensions give wiki administrators and end users the "
22366
22382
"ability to customize MediaWiki to their requirements."
22369
#: serverguide/C/lamp-applications.xml:359(para)
22385
#: serverguide/C/lamp-applications.xml:386(para)
22371
22387
"You can download MediaWiki extensions as an archive file or checkout from "
22372
22388
"the Subversion repository. You should copy it to "
22482
22498
"remote database."
22485
#: serverguide/C/lamp-applications.xml:462(para)
22501
#: serverguide/C/lamp-applications.xml:489(para)
22487
22503
"Once configured, log out of <application>phpMyAdmin</application> and back "
22488
22504
"in, and you should be accessing the new server."
22491
#: serverguide/C/lamp-applications.xml:466(para)
22507
#: serverguide/C/lamp-applications.xml:493(para)
22493
22509
"The <filename>config.header.inc.php</filename> and "
22494
22510
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
22495
22511
"header and footer to <application>phpMyAdmin</application>."
22498
#: serverguide/C/lamp-applications.xml:471(para)
22514
#: serverguide/C/lamp-applications.xml:498(para)
22500
22516
"Another important configuration file is "
22501
22517
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
22502
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
22503
"configure <application>Apache2</application> to serve the "
22504
"<application>phpMyAdmin</application> site. The file contains directives for "
22505
"loading <application>PHP</application>, directory permissions, etc. For more "
22506
"information on configuring <application>Apache2</application> see <xref "
22507
"linkend=\"httpd\"/>."
22510
#: serverguide/C/lamp-applications.xml:485(para)
22518
"<filename>/etc/apache2/conf-available/phpmyadmin.conf</filename>, and, once "
22519
"enabled, is used to configure <application>Apache2</application> to serve "
22520
"the <application>phpMyAdmin</application> site. The file contains directives "
22521
"for loading <application>PHP</application>, directory permissions, etc. From "
22525
#: serverguide/C/lamp-applications.xml:506(command)
22527
"sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-"
22528
"available/phpmyadmin.conf"
22531
#: serverguide/C/lamp-applications.xml:507(command)
22532
msgid "sudo a2enconf phpmyadmin.conf"
22535
#: serverguide/C/lamp-applications.xml:511(para)
22537
"For more information on configuring <application>Apache2</application> see "
22538
"<xref linkend=\"httpd\"/>."
22541
#: serverguide/C/lamp-applications.xml:522(para)
22512
22543
"The <application>phpMyAdmin</application> documentation comes installed with "
22513
22544
"the package and can be accessed from the <emphasis>phpMyAdmin "
22516
22547
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
22519
#: serverguide/C/lamp-applications.xml:492(para)
22550
#: serverguide/C/lamp-applications.xml:529(para)
22521
22552
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
22522
22553
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
22525
#: serverguide/C/lamp-applications.xml:497(para)
22556
#: serverguide/C/lamp-applications.xml:534(para)
22527
22558
"A third resource is the <ulink "
22528
22559
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
22529
22560
"Wiki</ulink> page."
22532
#: serverguide/C/lamp-applications.xml:517(title)
22563
#: serverguide/C/lamp-applications.xml:543(title)
22533
22564
msgid "WordPress"
22536
#: serverguide/C/lamp-applications.xml:518(para)
22567
#: serverguide/C/lamp-applications.xml:544(para)
22538
22569
"Wordpress is a blog tool, publishing platform and CMS implemented in PHP and "
22539
22570
"licensed under the GNU GPLv2."
22542
#: serverguide/C/lamp-applications.xml:524(para)
22573
#: serverguide/C/lamp-applications.xml:550(para)
22544
22575
"To install <application>WordPress</application>, run the following comand in "
22545
22576
"the command prompt:"
22548
#: serverguide/C/lamp-applications.xml:529(command)
22579
#: serverguide/C/lamp-applications.xml:555(command)
22549
22580
msgid "sudo apt-get install wordpress"
22552
#: serverguide/C/lamp-applications.xml:532(para)
22583
#: serverguide/C/lamp-applications.xml:558(para)
22554
22585
"You should also install <application>apache2</application> web server and "
22555
22586
"<application>mysql</application> server. For installing "
22734
22765
#: serverguide/C/introduction.xml:31(para)
22736
22767
"There are a couple of different ways that Ubuntu Server Edition is "
22737
"supported, commercial support and community support. The main commercial "
22738
"support (and development funding) is available from Canonical Ltd. They "
22739
"supply reasonably priced support contracts on a per desktop or per server "
22768
"supported: commercial support and community support. The main commercial "
22769
"support (and development funding) is available from Canonical, Ltd. They "
22770
"supply reasonably- priced support contracts on a per desktop or per server "
22740
22771
"basis. For more information see the <ulink "
22741
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
22772
"url=\"http://www.ubuntu.com/management\">Ubuntu Advantage</ulink> page."
22745
#: serverguide/C/introduction.xml:38(para)
22775
#: serverguide/C/introduction.xml:40(para)
22747
"Community support is also provided by dedicated individuals, and companies, "
22777
"Community support is also provided by dedicated individuals and companies "
22748
22778
"that wish to make Ubuntu the best distribution possible. Support is provided "
22749
22779
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
22750
22780
"large amount of information available can be overwhelming, but a good search "
22996
23026
msgid "Next, the installer asks for the system's hostname."
22999
#: serverguide/C/installation.xml:195(para)
23029
#: serverguide/C/installation.xml:184(para)
23001
23031
"A new user is set up; this user will have <emphasis>root</emphasis> access "
23002
23032
"through the <application>sudo</application> utility."
23005
#: serverguide/C/installation.xml:201(para)
23035
#: serverguide/C/installation.xml:190(para)
23007
"After the user settings have been completed, you will be asked to encrypt "
23008
"your <filename role=\"directory\">home</filename> directory."
23037
"After the user settings have been completed, you will be asked if you want "
23038
"to encrypt your <filename role=\"directory\">home</filename> directory."
23011
23041
#: serverguide/C/installation.xml:196(para)
23012
23042
msgid "Next, the installer asks for the system's Time Zone."
23015
#: serverguide/C/installation.xml:182(para)
23045
#: serverguide/C/installation.xml:201(para)
23017
23047
"You can then choose from several options to configure the hard drive layout. "
23018
"Afterwards you are asked for which disk to install to. You may get "
23019
"confirmation prompts before rewriting the partition table or setting up LVM "
23020
"depending on disk layout. If you choose LVM, you will be asked for the size "
23021
"of the root logical volume. For advanced disk options see <xref "
23022
"linkend=\"advanced-installation\"/>."
23048
"Afterwards you are asked which disk to install to. You may get confirmation "
23049
"prompts before rewriting the partition table or setting up LVM depending on "
23050
"disk layout. If you choose LVM, you will be asked for the size of the root "
23051
"logical volume. For advanced disk options see <xref linkend=\"advanced-"
23052
"installation\"/>."
23025
#: serverguide/C/installation.xml:190(para)
23055
#: serverguide/C/installation.xml:209(para)
23026
23056
msgid "The Ubuntu base system is then installed."
23027
23057
msgstr "Nameščen bo osnovni sistem Ubuntu."
23029
#: serverguide/C/installation.xml:207(para)
23059
#: serverguide/C/installation.xml:214(para)
23031
23061
"The next step in the installation process is to decide how you want to "
23032
23062
"update the system. There are three options:"
23092
23122
"Installation Guide</ulink>."
23095
#: serverguide/C/installation.xml:265(title)
23125
#: serverguide/C/installation.xml:272(title)
23096
23126
msgid "Package Tasks"
23099
#: serverguide/C/installation.xml:266(para)
23129
#: serverguide/C/installation.xml:273(para)
23101
23131
"During the Server Edition installation you have the option of installing "
23102
23132
"additional packages from the CD. The packages are grouped by the type of "
23103
23133
"service they provide."
23106
#: serverguide/C/installation.xml:272(para)
23136
#: serverguide/C/installation.xml:279(para)
23107
23137
msgid "DNS server: Selects the BIND DNS server and its documentation."
23110
#: serverguide/C/installation.xml:277(para)
23140
#: serverguide/C/installation.xml:284(para)
23111
23141
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
23114
#: serverguide/C/installation.xml:282(para)
23144
#: serverguide/C/installation.xml:289(para)
23116
23146
"Mail server: This task selects a variety of packages useful for a general "
23117
23147
"purpose mail server system."
23120
#: serverguide/C/installation.xml:287(para)
23150
#: serverguide/C/installation.xml:294(para)
23121
23151
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
23124
#: serverguide/C/installation.xml:292(para)
23154
#: serverguide/C/installation.xml:299(para)
23126
23156
"PostgreSQL database: This task selects client and server packages for the "
23127
23157
"PostgreSQL database."
23130
#: serverguide/C/installation.xml:297(para)
23160
#: serverguide/C/installation.xml:304(para)
23131
23161
msgid "Print server: This task sets up your system to be a print server."
23134
#: serverguide/C/installation.xml:302(para)
23164
#: serverguide/C/installation.xml:309(para)
23136
23166
"Samba File server: This task sets up your system to be a Samba file server, "
23137
23167
"which is especially suitable in networks with both Windows and Linux systems."
23140
#: serverguide/C/installation.xml:308(para)
23170
#: serverguide/C/installation.xml:315(para)
23141
23171
msgid "Tomcat Java server: Installs Apache Tomcat and needed dependencies."
23144
#: serverguide/C/installation.xml:313(para)
23174
#: serverguide/C/installation.xml:320(para)
23146
23176
"Virtual Machine host: Includes packages needed to run KVM virtual machines."
23149
#: serverguide/C/installation.xml:318(para)
23179
#: serverguide/C/installation.xml:325(para)
23151
23181
"Manually select packages: Executes <application>aptitude</application> "
23152
23182
"allowing you to individually select packages."
23155
#: serverguide/C/installation.xml:323(para)
23185
#: serverguide/C/installation.xml:330(para)
23157
23187
"Installing the package groups is accomplished using the "
23158
23188
"<application>tasksel</application> utility. One of the important differences "
23258
23288
"system configuration changes sometimes needed between releases."
23261
#: serverguide/C/installation.xml:385(para)
23291
#: serverguide/C/installation.xml:392(para)
23262
23292
msgid "To upgrade to a newer release, from a terminal prompt enter:"
23263
23293
msgstr "Za nadgradnjo na novejšo izdajo, v terminal vnesite ukaz:"
23265
#: serverguide/C/installation.xml:391(para)
23295
#: serverguide/C/installation.xml:398(para)
23267
23297
"It is also possible to use <application>do-release-upgrade</application> to "
23268
23298
"upgrade to a development version of Ubuntu. To accomplish this use the "
23269
23299
"<emphasis>-d</emphasis> switch:"
23272
#: serverguide/C/installation.xml:396(command)
23302
#: serverguide/C/installation.xml:403(command)
23273
23303
msgid "do-release-upgrade -d"
23274
23304
msgstr "do-release-upgrade -d"
23276
#: serverguide/C/installation.xml:399(para)
23306
#: serverguide/C/installation.xml:406(para)
23278
23308
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
23279
23309
"for production environments."
23282
#: serverguide/C/installation.xml:406(title)
23312
#: serverguide/C/installation.xml:413(title)
23283
23313
msgid "Advanced Installation"
23284
23314
msgstr "Napredna namestitev"
23286
#: serverguide/C/installation.xml:409(title)
23316
#: serverguide/C/installation.xml:416(title)
23287
23317
msgid "Software RAID"
23290
#: serverguide/C/installation.xml:411(para)
23320
#: serverguide/C/installation.xml:418(para)
23292
23322
"Redundant Array of Independent Disks \"RAID\" is a method of using multiple "
23293
23323
"disks to provide different balances of increasing data reliability and/or "
23308
23338
"another for <emphasis>swap</emphasis>."
23311
#: serverguide/C/virtualization.xml:716(title) serverguide/C/installation.xml:427(title)
23341
#: serverguide/C/installation.xml:434(title)
23312
23342
msgid "Partitioning"
23313
23343
msgstr "Razdeljevanje"
23315
#: serverguide/C/installation.xml:429(para) serverguide/C/installation.xml:951(para)
23345
#: serverguide/C/installation.xml:436(para) serverguide/C/installation.xml:958(para)
23317
23347
"Follow the installation steps until you get to the <emphasis>Partition "
23318
23348
"disks</emphasis> step, then:"
23321
#: serverguide/C/installation.xml:436(para)
23351
#: serverguide/C/installation.xml:443(para)
23322
23352
msgid "Select <emphasis>Manual</emphasis> as the partition method."
23323
23353
msgstr "Kot način razdeljevanja izberite <emphasis>Ročno</emphasis>."
23325
#: serverguide/C/installation.xml:443(para)
23355
#: serverguide/C/installation.xml:450(para)
23327
23357
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
23328
23358
"partition table on this device?\"</emphasis>."
23331
#: serverguide/C/installation.xml:447(para)
23361
#: serverguide/C/installation.xml:454(para)
23333
23363
"Repeat this step for each drive you wish to be part of the RAID array."
23336
#: serverguide/C/installation.xml:454(para)
23366
#: serverguide/C/installation.xml:461(para)
23338
23368
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
23339
23369
"select <emphasis>\"Create a new partition\"</emphasis>."
23342
#: serverguide/C/installation.xml:461(para)
23372
#: serverguide/C/installation.xml:468(para)
23344
23374
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
23345
23375
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
23385
23415
"<emphasis>\"Done setting up partition\"</emphasis>."
23388
#: serverguide/C/installation.xml:511(para)
23418
#: serverguide/C/installation.xml:518(para)
23389
23419
msgid "Repeat steps three through eight for the other disk and partitions."
23392
#: serverguide/C/installation.xml:520(title)
23422
#: serverguide/C/installation.xml:527(title)
23393
23423
msgid "RAID Configuration"
23396
#: serverguide/C/installation.xml:522(para)
23426
#: serverguide/C/installation.xml:529(para)
23397
23427
msgid "With the partitions setup the arrays are ready to be configured:"
23400
#: serverguide/C/installation.xml:529(para)
23430
#: serverguide/C/installation.xml:536(para)
23402
23432
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
23403
23433
"Software RAID\"</emphasis> at the top."
23406
#: serverguide/C/installation.xml:536(para)
23436
#: serverguide/C/installation.xml:543(para)
23407
23437
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
23410
#: serverguide/C/installation.xml:543(para)
23440
#: serverguide/C/installation.xml:550(para)
23411
23441
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
23414
#: serverguide/C/installation.xml:550(para)
23444
#: serverguide/C/installation.xml:557(para)
23416
23446
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
23417
23447
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
23429
23459
"<emphasis>tri</emphasis> pogone. Uporaba RAID0 ali RAID1 zahteva samo "
23430
23460
"<emphasis>dva</emphasis> pogona."
23432
#: serverguide/C/installation.xml:565(para)
23462
#: serverguide/C/installation.xml:572(para)
23434
23464
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
23435
23465
"of hard drives you have, for the array. Then select "
23436
23466
"<emphasis>\"Continue\"</emphasis>."
23439
#: serverguide/C/installation.xml:573(para)
23469
#: serverguide/C/installation.xml:580(para)
23441
23471
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
23442
23472
"default, then choose <emphasis>\"Continue\"</emphasis>."
23445
#: serverguide/C/installation.xml:580(para)
23475
#: serverguide/C/installation.xml:587(para)
23447
23477
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
23448
23478
"etc. The numbers will usually match and the different letters correspond to "
23449
23479
"different hard drives."
23452
#: serverguide/C/installation.xml:585(para)
23482
#: serverguide/C/installation.xml:592(para)
23454
23484
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
23455
23485
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
23456
23486
"go to the next step."
23459
#: serverguide/C/installation.xml:593(para)
23489
#: serverguide/C/installation.xml:600(para)
23461
23491
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
23462
23492
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
23463
23493
"and <emphasis>sdb2</emphasis>."
23466
#: serverguide/C/installation.xml:601(para)
23496
#: serverguide/C/installation.xml:608(para)
23467
23497
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
23470
#: serverguide/C/installation.xml:611(title)
23500
#: serverguide/C/installation.xml:618(title)
23471
23501
msgid "Formatting"
23472
23502
msgstr "Formatiranje"
23474
#: serverguide/C/installation.xml:613(para)
23504
#: serverguide/C/installation.xml:620(para)
23476
23506
"There should now be a list of hard drives and RAID devices. The next step is "
23477
23507
"to format and set the mount point for the RAID devices. Treat the RAID "
23478
23508
"device as a local hard drive, format and mount accordingly."
23481
#: serverguide/C/installation.xml:621(para)
23511
#: serverguide/C/installation.xml:628(para)
23483
23513
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23484
23514
"#0\"</emphasis> partition."
23487
#: serverguide/C/installation.xml:628(para)
23517
#: serverguide/C/installation.xml:635(para)
23489
23519
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
23490
23520
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
23493
#: serverguide/C/installation.xml:636(para)
23523
#: serverguide/C/installation.xml:643(para)
23495
23525
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
23496
23526
"#1\"</emphasis> partition."
23499
#: serverguide/C/installation.xml:643(para)
23529
#: serverguide/C/installation.xml:650(para)
23501
23531
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
23502
23532
"journaling file system\"</emphasis>."
23505
#: serverguide/C/installation.xml:650(para)
23535
#: serverguide/C/installation.xml:657(para)
23507
23537
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
23508
23538
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
23510
23540
"partition\"</emphasis>."
23513
#: serverguide/C/installation.xml:658(para)
23543
#: serverguide/C/installation.xml:665(para)
23515
23545
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23516
23546
"disk\"</emphasis>."
23519
#: serverguide/C/installation.xml:665(para)
23549
#: serverguide/C/installation.xml:672(para)
23521
23551
"If you choose to place the root partition on a RAID array, the installer "
23522
23552
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
23523
23553
"state. See <xref linkend=\"raid-degraded\"/> for further details."
23526
#: serverguide/C/installation.xml:670(para)
23556
#: serverguide/C/installation.xml:677(para)
23527
23557
msgid "The installation process will then continue normally."
23530
#: serverguide/C/installation.xml:676(title)
23560
#: serverguide/C/installation.xml:683(title)
23531
23561
msgid "Degraded RAID"
23534
#: serverguide/C/installation.xml:678(para)
23564
#: serverguide/C/installation.xml:685(para)
23536
23566
"At some point in the life of the computer a disk failure event may occur. "
23537
23567
"When this happens, using Software RAID, the operating system will place the "
23538
23568
"array into what is known as a <emphasis>degraded</emphasis> state."
23541
#: serverguide/C/installation.xml:683(para)
23571
#: serverguide/C/installation.xml:690(para)
23543
23573
"If the array has become degraded, due to the chance of data corruption, by "
23544
23574
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
23617
23647
"Za zagon sistema pritisnite "
23618
23648
"<keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo>."
23620
#: serverguide/C/installation.xml:761(para)
23650
#: serverguide/C/installation.xml:768(para)
23622
23652
"Once the system has booted you can either repair the array see <xref "
23623
23653
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
23624
23654
"another machine due to major hardware failure."
23627
#: serverguide/C/installation.xml:768(title)
23657
#: serverguide/C/installation.xml:775(title)
23628
23658
msgid "RAID Maintenance"
23629
23659
msgstr "Vzdrževanje polja RAID"
23631
#: serverguide/C/installation.xml:770(para)
23661
#: serverguide/C/installation.xml:777(para)
23633
23663
"The <application>mdadm</application> utility can be used to view the status "
23634
23664
"of an array, add disks to an array, remove disks, etc:"
23637
#: serverguide/C/installation.xml:777(para)
23667
#: serverguide/C/installation.xml:784(para)
23638
23668
msgid "To view the status of an array, from a terminal prompt enter:"
23641
#: serverguide/C/installation.xml:781(command)
23671
#: serverguide/C/installation.xml:788(command)
23642
23672
msgid "sudo mdadm -D /dev/md0"
23643
23673
msgstr "sudo mdadm -D /dev/md0"
23645
#: serverguide/C/installation.xml:784(para)
23675
#: serverguide/C/installation.xml:791(para)
23647
23677
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
23648
23678
"display <emphasis>detailed</emphasis> information about the "
23650
23680
"with the appropriate RAID device."
23653
#: serverguide/C/installation.xml:790(para)
23683
#: serverguide/C/installation.xml:797(para)
23654
23684
msgid "To view the status of a disk in an array:"
23657
#: serverguide/C/installation.xml:794(command)
23687
#: serverguide/C/installation.xml:801(command)
23658
23688
msgid "sudo mdadm -E /dev/sda1"
23659
23689
msgstr "sudo mdadm -E /dev/sda1"
23661
#: serverguide/C/installation.xml:796(para)
23691
#: serverguide/C/installation.xml:803(para)
23663
23693
"The output if very similar to the <command>mdadm -D</command> command, "
23664
23694
"adjust <filename>/dev/sda1</filename> for each disk."
23667
#: serverguide/C/installation.xml:801(para)
23697
#: serverguide/C/installation.xml:808(para)
23668
23698
msgid "If a disk fails and needs to be removed from an array enter:"
23671
#: serverguide/C/installation.xml:805(command)
23701
#: serverguide/C/installation.xml:812(command)
23672
23702
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
23673
23703
msgstr "sudo mdadm --remove /dev/md0 /dev/sda1"
23675
#: serverguide/C/installation.xml:807(para)
23705
#: serverguide/C/installation.xml:814(para)
23677
23707
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
23678
23708
"the appropriate RAID device and disk."
23681
#: serverguide/C/installation.xml:812(para)
23711
#: serverguide/C/installation.xml:819(para)
23682
23712
msgid "Similarly, to add a new disk:"
23685
#: serverguide/C/installation.xml:816(command)
23715
#: serverguide/C/installation.xml:823(command)
23686
23716
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
23687
23717
msgstr "sudo mdadm --add /dev/md0 /dev/sda1"
23689
#: serverguide/C/installation.xml:821(para)
23719
#: serverguide/C/installation.xml:828(para)
23691
23721
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
23692
23722
"though there is nothing physically wrong with the drive. It is usually "
23742
#: serverguide/C/installation.xml:858(command)
23772
#: serverguide/C/installation.xml:865(command)
23743
23773
msgid "sudo grub-install /dev/md0"
23744
23774
msgstr "sudo grub-install /dev/md0"
23746
#: serverguide/C/installation.xml:861(para)
23776
#: serverguide/C/installation.xml:868(para)
23748
23778
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
23751
#: serverguide/C/installation.xml:869(para)
23781
#: serverguide/C/installation.xml:876(para)
23753
23783
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
23754
23784
"can be configured. Please see the following links for more information:"
23757
#: serverguide/C/installation.xml:876(para)
23787
#: serverguide/C/installation.xml:883(para)
23759
23789
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
23760
23790
"Wiki Articles on RAID</ulink>."
23763
#: serverguide/C/installation.xml:882(ulink)
23793
#: serverguide/C/installation.xml:889(ulink) serverguide/C/installation.xml:1164(ulink)
23764
23794
msgid "Software RAID HOWTO"
23767
#: serverguide/C/installation.xml:887(ulink)
23797
#: serverguide/C/installation.xml:894(ulink)
23768
23798
msgid "Managing RAID on Linux"
23771
#: serverguide/C/installation.xml:894(title)
23801
#: serverguide/C/installation.xml:901(title)
23772
23802
msgid "Logical Volume Manager (LVM)"
23775
#: serverguide/C/installation.xml:896(para)
23805
#: serverguide/C/installation.xml:903(para)
23777
23807
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
23778
23808
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
23781
23811
"giving greater flexibility to systems as requirements change."
23784
#: serverguide/C/installation.xml:905(para)
23814
#: serverguide/C/installation.xml:912(para)
23786
23816
"A side effect of LVM's power and flexibility is a greater degree of "
23787
23817
"complication. Before diving into the LVM installation process, it is best to "
23788
23818
"get familiar with some terms."
23791
#: serverguide/C/installation.xml:912(para)
23821
#: serverguide/C/installation.xml:919(para)
23793
23823
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk, disk "
23794
23824
"partition or software RAID partition formatted as LVM PV."
23797
#: serverguide/C/installation.xml:918(para)
23827
#: serverguide/C/installation.xml:925(para)
23799
23829
"<emphasis>Volume Group (VG):</emphasis> is made from one or more physical "
23800
23830
"volumes. A VG can can be extended by adding more PVs. A VG is like a virtual "
23801
23831
"disk drive, from which one or more logical volumes are carved."
23804
#: serverguide/C/installation.xml:924(para)
23834
#: serverguide/C/installation.xml:931(para)
23806
23836
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
23807
23837
"LVM system. A LV is formatted with the desired file system (EXT3, XFS, JFS, "
23808
23838
"etc), it is then available for mounting and data storage."
23811
#: serverguide/C/installation.xml:935(para)
23841
#: serverguide/C/installation.xml:942(para)
23813
23843
"As an example this section covers installing Ubuntu Server Edition with "
23814
23844
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
23890
23920
"select <emphasis>\"Done setting up the partition\"</emphasis>."
23893
#: serverguide/C/installation.xml:1024(para)
23923
#: serverguide/C/installation.xml:1031(para)
23895
23925
"Finally, select <emphasis>\"Finish partitioning and write changes to "
23896
23926
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
23897
23927
"the installation."
23900
#: serverguide/C/installation.xml:1032(para)
23930
#: serverguide/C/installation.xml:1039(para)
23901
23931
msgid "There are some useful utilities to view information about LVM:"
23904
#: serverguide/C/installation.xml:1037(para)
23934
#: serverguide/C/installation.xml:1044(para)
23906
23936
"<emphasis>pvdisplay:</emphasis> shows information about Physical Volumes."
23909
#: serverguide/C/installation.xml:1038(para)
23939
#: serverguide/C/installation.xml:1045(para)
23911
23941
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
23914
#: serverguide/C/installation.xml:1039(para)
23944
#: serverguide/C/installation.xml:1046(para)
23916
23946
"<emphasis>lvdisplay:</emphasis> shows information about Logical Volumes."
23919
#: serverguide/C/installation.xml:1044(title)
23949
#: serverguide/C/installation.xml:1051(title)
23920
23950
msgid "Extending Volume Groups"
23923
#: serverguide/C/installation.xml:1046(para)
23953
#: serverguide/C/installation.xml:1053(para)
23925
23955
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
23926
23956
"section covers adding a second hard disk, creating a Physical Volume (PV), "
23932
23962
"partitions and use them as different physical volumes)"
23935
#: serverguide/C/installation.xml:1054(para)
23965
#: serverguide/C/installation.xml:1061(para)
23937
23967
"Make sure you don't already have an existing <filename>/dev/sdb</filename> "
23938
23968
"before issuing the commands below. You could lose some data if you issue "
23939
23969
"those commands on a non-empty disk."
23942
#: serverguide/C/installation.xml:1062(para)
23972
#: serverguide/C/installation.xml:1069(para)
23943
23973
msgid "First, create the physical volume, in a terminal execute:"
23946
#: serverguide/C/installation.xml:1067(command)
23976
#: serverguide/C/installation.xml:1074(command)
23947
23977
msgid "sudo pvcreate /dev/sdb"
23948
23978
msgstr "sudo pvcreate /dev/sdb"
23950
#: serverguide/C/installation.xml:1073(para)
23980
#: serverguide/C/installation.xml:1080(para)
23951
23981
msgid "Now extend the Volume Group (VG):"
23954
#: serverguide/C/installation.xml:1078(command)
23984
#: serverguide/C/installation.xml:1085(command)
23955
23985
msgid "sudo vgextend vg01 /dev/sdb"
23956
23986
msgstr "sudo vgextend vg01 /dev/sdb"
23958
#: serverguide/C/installation.xml:1084(para)
23988
#: serverguide/C/installation.xml:1091(para)
23960
23990
"Use <application>vgdisplay</application> to find out the free physical "
23961
23991
"extents - Free PE / size (the size you can allocate). We will assume a free "
23989
24019
"first is compulsory)."
23992
#: serverguide/C/installation.xml:1112(para)
24022
#: serverguide/C/installation.xml:1119(para)
23994
24024
"The following commands are for an <emphasis>EXT3</emphasis> or "
23995
24025
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
23996
24026
"there may be other utilities available."
23999
#: serverguide/C/installation.xml:1119(command)
24000
msgid "sudo e2fsck -f /dev/vg01/srv"
24001
msgstr "sudo e2fsck -f /dev/vg01/srv"
24003
#: serverguide/C/installation.xml:1122(para)
24005
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
24006
"forces checking even if the system seems clean."
24009
#: serverguide/C/installation.xml:1129(para)
24010
msgid "Finally, resize the filesystem:"
24013
#: serverguide/C/installation.xml:1134(command)
24014
msgid "sudo resize2fs /dev/vg01/srv"
24015
msgstr "sudo resize2fs /dev/vg01/srv"
24017
#: serverguide/C/installation.xml:1140(para)
24029
#: serverguide/C/installation.xml:1127(para) serverguide/C/installation.xml:1130(para) serverguide/C/installation.xml:1133(para)
24018
24030
msgid "Now mount the partition and check its size."
24021
#: serverguide/C/installation.xml:1145(command)
24033
#: serverguide/C/installation.xml:1136(para)
24035
"asldkjf sdkja;lkjfeoi dfkjsljfe;lij sfljsefisjoij skfm;lwemf;e msdlfsadlkf;k."
24038
#: serverguide/C/installation.xml:1141(command)
24022
24039
msgid "mount /dev/vg01/srv /srv && df -h /srv"
24023
24040
msgstr "mount /dev/vg01/srv /srv && df -h /srv"
24025
#: serverguide/C/installation.xml:1157(para)
24042
#: serverguide/C/installation.xml:1153(para)
24027
24044
"See the <ulink "
24028
24045
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
24032
24049
"url=\"https://help.ubuntu.com/community/Installation#lvm\">članke LVM na "
24033
24050
"Ubuntu Wiki</ulink>."
24035
#: serverguide/C/installation.xml:1162(para)
24052
#: serverguide/C/installation.xml:1158(para)
24037
24054
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
24038
24055
"HOWTO</ulink> for more information."
24041
#: serverguide/C/installation.xml:1167(para)
24043
"Another good article is <ulink "
24044
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
24045
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
24046
"linuxdevcenter.com site."
24049
#: serverguide/C/installation.xml:1181(para)
24051
"For more information on <application>fdisk</application> see the <ulink "
24052
"url=\"http://manpages.ubuntu.com/manpages/trusty/en/man8/fdisk.8.html\">fdisk"
24053
" man page</ulink>."
24056
#: serverguide/C/installation.xml:1185(title)
24058
#: serverguide/C/installation.xml:1171(title)
24062
#: serverguide/C/installation.xml:1174(para)
24063
msgid "bla bla 4 para."
24066
#: serverguide/C/installation.xml:1179(para)
24067
msgid "bla bla 5 para."
24070
#: serverguide/C/installation.xml:1184(para)
24071
msgid "list item 1."
24074
#: serverguide/C/installation.xml:1189(para)
24075
msgid "list item 2."
24078
#: serverguide/C/installation.xml:1194(para)
24079
msgid "list item 3."
24082
#: serverguide/C/installation.xml:1199(para)
24083
msgid "bla bla para"
24086
#: serverguide/C/installation.xml:1204(para)
24087
msgid "bla bla 6 para."
24090
#: serverguide/C/installation.xml:1209(para)
24091
msgid "bla bla 7 para."
24094
#: serverguide/C/installation.xml:1214(para)
24095
msgid "bla bla 8 para."
24098
#: serverguide/C/installation.xml:1219(para)
24099
msgid "bla bla 9 para."
24102
#: serverguide/C/installation.xml:1226(title)
24106
#: serverguide/C/installation.xml:1229(title)
24110
#: serverguide/C/installation.xml:1232(title)
24114
#: serverguide/C/installation.xml:1235(title)
24118
#: serverguide/C/installation.xml:1238(title)
24122
#: serverguide/C/installation.xml:1241(title)
24126
#: serverguide/C/installation.xml:1244(title)
24130
#: serverguide/C/installation.xml:1247(title)
24134
#: serverguide/C/installation.xml:1250(title)
24138
#: serverguide/C/installation.xml:1253(title)
24142
#: serverguide/C/installation.xml:1258(title)
24057
24143
msgid "Kernel Crash Dump"
24060
#: serverguide/C/installation.xml:1192(para)
24146
#: serverguide/C/installation.xml:1265(para)
24061
24147
msgid "Kernel Panic"
24064
#: serverguide/C/installation.xml:1193(para)
24150
#: serverguide/C/installation.xml:1266(para)
24065
24151
msgid "Non Maskable Interrupts (NMI)"
24068
#: serverguide/C/installation.xml:1194(para)
24154
#: serverguide/C/installation.xml:1267(para)
24069
24155
msgid "Machine Check Exceptions (MCE)"
24072
#: serverguide/C/installation.xml:1195(para)
24158
#: serverguide/C/installation.xml:1268(para)
24073
24159
msgid "Hardware failure"
24076
#: serverguide/C/installation.xml:1196(para)
24162
#: serverguide/C/installation.xml:1269(para)
24077
24163
msgid "Manual intervention"
24080
#: serverguide/C/installation.xml:1188(para)
24166
#: serverguide/C/installation.xml:1261(para)
24082
24168
"A Kernel Crash Dump refers to a portion of the contents of volatile memory "
24083
24169
"(RAM) that is copied to disk whenever the execution of the kernel is "
24163
#: serverguide/C/installation.xml:1258(para)
24249
#: serverguide/C/installation.xml:1331(para)
24165
24251
"The <emphasis>crashkernel</emphasis> parameter has the following syntax: "
24166
24252
"<placeholder-1/>"
24169
#: serverguide/C/installation.xml:1268(programlisting)
24255
#: serverguide/C/installation.xml:1341(programlisting)
24173
24259
"crashkernel=384M-2G:64M,2G-:128M\n"
24176
#: serverguide/C/installation.xml:1266(para)
24262
#: serverguide/C/installation.xml:1339(para)
24178
24264
"So for the crashkernel parameter found in <filename>/proc/cmdline</filename> "
24179
24265
"we would have : <placeholder-1/>"
24182
#: serverguide/C/installation.xml:1273(para)
24268
#: serverguide/C/installation.xml:1346(para)
24183
24269
msgid "The above value means:"
24186
#: serverguide/C/installation.xml:1275(para)
24272
#: serverguide/C/installation.xml:1348(para)
24188
24274
"if the RAM is smaller than 384M, then don't reserve anything (this is the "
24189
24275
"\"rescue\" case)"
24192
#: serverguide/C/installation.xml:1277(para)
24278
#: serverguide/C/installation.xml:1350(para)
24193
24279
msgid "if the RAM size is between 386M and 2G (exclusive), then reserve 64M"
24196
#: serverguide/C/installation.xml:1278(para)
24282
#: serverguide/C/installation.xml:1351(para)
24197
24283
msgid "if the RAM size is larger than 2G, then reserve 128M"
24200
#: serverguide/C/installation.xml:1281(para)
24286
#: serverguide/C/installation.xml:1354(para)
24202
24288
"Second, verify that the kernel has reserved the requested memory area for "
24203
24289
"the kdump kernel by doing:"
24206
#: serverguide/C/installation.xml:1286(command)
24292
#: serverguide/C/installation.xml:1359(command)
24207
24293
msgid "dmesg | grep -i crash"
24210
#: serverguide/C/installation.xml:1287(computeroutput)
24296
#: serverguide/C/installation.xml:1360(computeroutput)
24877
24963
"your vendor documentation to configure your specific iSCSI target."
24880
#: serverguide/C/file-server.xml:471(title)
24966
#: serverguide/C/file-server.xml:470(title)
24881
24967
msgid "iSCSI Initiator Install"
24884
#: serverguide/C/file-server.xml:473(para)
24970
#: serverguide/C/file-server.xml:472(para)
24886
24972
"To configure Ubuntu Server as an iSCSI initiator install the "
24887
24973
"<application>open-iscsi</application> package. In a terminal enter:"
24890
#: serverguide/C/file-server.xml:478(command)
24976
#: serverguide/C/file-server.xml:477(command)
24891
24977
msgid "sudo apt-get install open-iscsi"
24894
#: serverguide/C/file-server.xml:483(title)
24980
#: serverguide/C/file-server.xml:482(title)
24895
24981
msgid "iSCSI Initiator Configuration"
24898
#: serverguide/C/file-server.xml:485(para)
24984
#: serverguide/C/file-server.xml:484(para)
24900
24986
"Once the <application>open-iscsi</application> package is installed, edit "
24901
24987
"<filename>/etc/iscsi/iscsid.conf</filename> changing the following:"
24904
#: serverguide/C/file-server.xml:489(programlisting)
24990
#: serverguide/C/file-server.xml:488(programlisting)
24908
24994
"node.startup = automatic\n"
24911
#: serverguide/C/file-server.xml:493(para)
24997
#: serverguide/C/file-server.xml:492(para)
24913
24999
"You can check which targets are available by using the "
24914
25000
"<application>iscsiadm</application> utility. Enter the following in a "
24918
#: serverguide/C/file-server.xml:498(command)
25004
#: serverguide/C/file-server.xml:497(command)
24919
25005
msgid "sudo iscsiadm -m discovery -t st -p 192.168.0.10"
25008
#: serverguide/C/file-server.xml:501(para)
25010
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
24922
25013
#: serverguide/C/file-server.xml:502(para)
24924
"<emphasis>-m:</emphasis> determines the mode that iscsiadm executes in."
25014
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24927
25017
#: serverguide/C/file-server.xml:503(para)
24928
msgid "<emphasis>-t:</emphasis> specifies the type of discovery."
24931
#: serverguide/C/file-server.xml:504(para)
24932
25018
msgid "<emphasis>-p:</emphasis> option indicates the target IP address."
24935
#: serverguide/C/file-server.xml:508(para)
25021
#: serverguide/C/file-server.xml:507(para)
24937
25023
"Change example <emphasis>192.168.0.10</emphasis> to the target IP address on "
24938
25024
"your network."
24941
#: serverguide/C/file-server.xml:513(para)
25027
#: serverguide/C/file-server.xml:512(para)
24943
25029
"If the target is available you should see output similar to the following:"
24946
#: serverguide/C/file-server.xml:518(computeroutput)
25032
#: serverguide/C/file-server.xml:517(computeroutput)
24950
25036
"192.168.0.10:3260,1 iqn.1992-05.com.emc:sl7b92030000520000-2\n"
24953
#: serverguide/C/file-server.xml:524(para)
25039
#: serverguide/C/file-server.xml:523(para)
24955
25041
"The <emphasis>iqn</emphasis> number and IP address above will vary depending "
24956
25042
"on your hardware."
24959
#: serverguide/C/file-server.xml:529(para)
25045
#: serverguide/C/file-server.xml:528(para)
24961
25047
"You should now be able to connect to the iSCSI target, and depending on your "
24962
25048
"target setup you may have to enter user credentials. Login to the iSCSI node:"
24965
#: serverguide/C/file-server.xml:535(command)
25051
#: serverguide/C/file-server.xml:534(command)
24966
25052
msgid "sudo iscsiadm -m node --login"
24969
#: serverguide/C/file-server.xml:538(para)
25055
#: serverguide/C/file-server.xml:537(para)
24971
25057
"Check to make sure that the new disk has been detected using "
24972
25058
"<application>dmesg</application>:"
24975
#: serverguide/C/file-server.xml:543(command)
25061
#: serverguide/C/file-server.xml:542(command)
24976
25062
msgid "dmesg | grep sd"
24979
#: serverguide/C/file-server.xml:544(computeroutput)
25065
#: serverguide/C/file-server.xml:543(computeroutput)
25048
#: serverguide/C/file-server.xml:592(para)
25134
#: serverguide/C/file-server.xml:591(para)
25050
25136
"Now format the file system and mount it to <filename>/srv</filename> as an "
25140
#: serverguide/C/file-server.xml:596(command)
25141
msgid "sudo mkfs.ext4 /dev/sdb1"
25054
25144
#: serverguide/C/file-server.xml:597(command)
25055
msgid "sudo mkfs.ext4 /dev/sdb1"
25058
#: serverguide/C/file-server.xml:598(command)
25059
25145
msgid "sudo mount /dev/sdb1 /srv"
25062
#: serverguide/C/file-server.xml:602(para)
25148
#: serverguide/C/file-server.xml:601(para)
25064
25150
"Finally, add an entry to <filename>/etc/fstab</filename> to mount the iSCSI "
25065
25151
"drive during boot:"
25068
#: serverguide/C/file-server.xml:606(programlisting)
25154
#: serverguide/C/file-server.xml:605(programlisting)
25072
25158
"/dev/sdb1 /srv ext4 defaults,auto,_netdev 0 0\n"
25075
#: serverguide/C/file-server.xml:610(para)
25161
#: serverguide/C/file-server.xml:609(para)
25077
25163
"It is a good idea to make sure everything is working as expected by "
25078
25164
"rebooting the server."
25081
#: serverguide/C/file-server.xml:619(ulink)
25167
#: serverguide/C/file-server.xml:618(ulink)
25082
25168
msgid "Open-iSCSI Website"
25085
#: serverguide/C/file-server.xml:622(ulink) serverguide/C/file-server.xml:808(ulink)
25171
#: serverguide/C/file-server.xml:621(ulink) serverguide/C/file-server.xml:807(ulink)
25086
25172
msgid "Debian Open-iSCSI page"
25089
#: serverguide/C/file-server.xml:629(title)
25175
#: serverguide/C/file-server.xml:628(title)
25090
25176
msgid "CUPS - Print Server"
25091
25177
msgstr "CUPS - tiskalniški strežnik"
25093
#: serverguide/C/file-server.xml:630(para)
25179
#: serverguide/C/file-server.xml:629(para)
25095
25181
"The primary mechanism for Ubuntu printing and print services is the "
25096
25182
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
25153
25239
"initially will be presented here."
25156
#: serverguide/C/file-server.xml:683(para)
25242
#: serverguide/C/file-server.xml:682(para)
25158
25244
"Prior to editing the configuration file, you should make a copy of the "
25159
25245
"original file and protect it from writing, so you will have the original "
25160
25246
"settings as a reference, and to reuse as necessary."
25163
#: serverguide/C/file-server.xml:687(para)
25249
#: serverguide/C/file-server.xml:686(para)
25165
25251
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
25166
25252
"writing with the following commands, issued at a terminal prompt:"
25169
#: serverguide/C/file-server.xml:693(command)
25255
#: serverguide/C/file-server.xml:692(command)
25170
25256
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25171
25257
msgstr "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
25173
#: serverguide/C/file-server.xml:694(command)
25259
#: serverguide/C/file-server.xml:693(command)
25174
25260
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
25175
25261
msgstr "sudo chmod a-w /etc/cups/cupsd.conf.original"
25177
#: serverguide/C/file-server.xml:699(para)
25263
#: serverguide/C/file-server.xml:698(para)
25179
25265
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
25180
25266
"address of the designated administrator of the CUPS server, simply edit the "
25537
25623
"ns IN A 192.168.1.10\n"
25540
#: serverguide/C/dns.xml:177(para)
25626
#: serverguide/C/dns.xml:181(para)
25542
25628
"You must increment the <emphasis>Serial Number</emphasis> every time you "
25543
25629
"make changes to the zone file. If you make multiple changes before "
25544
25630
"restarting BIND9, simply increment the Serial once."
25547
#: serverguide/C/dns.xml:181(para)
25633
#: serverguide/C/dns.xml:185(para)
25549
25635
"Now, you can add DNS records to the bottom of the zone file. See <xref "
25550
25636
"linkend=\"dns-record-types\"/> for details."
25553
#: serverguide/C/dns.xml:185(para)
25639
#: serverguide/C/dns.xml:189(para)
25555
25641
"Many admins like to use the last date edited as the serial of a zone, such "
25556
25642
"as <emphasis>2012010100</emphasis> which is yyyymmddss (where "
25557
25643
"<emphasis>ss</emphasis> is the Serial Number)"
25560
#: serverguide/C/dns.xml:190(para)
25646
#: serverguide/C/dns.xml:194(para)
25562
25648
"Once you have made changes to the zone file <application>BIND9</application> "
25563
25649
"needs to be restarted for the changes to take effect:"
25566
#: serverguide/C/dns.xml:199(title)
25652
#: serverguide/C/dns.xml:203(title)
25567
25653
msgid "Reverse Zone File"
25570
#: serverguide/C/dns.xml:200(para)
25656
#: serverguide/C/dns.xml:204(para)
25572
25658
"Now that the zone is setup and resolving names to IP Adresses a "
25573
25659
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
25574
25660
"DNS to resolve an address to a name."
25577
#: serverguide/C/dns.xml:204(para)
25663
#: serverguide/C/dns.xml:208(para)
25578
25664
msgid "Edit /etc/bind/named.conf.local and add the following:"
25581
#: serverguide/C/dns.xml:207(programlisting)
25667
#: serverguide/C/dns.xml:211(programlisting)
25870
25956
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
25873
#: serverguide/C/dns.xml:418(para)
25959
#: serverguide/C/dns.xml:427(para)
25875
25961
"If you have configured <application>BIND9</application> as a "
25876
25962
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
25877
25963
"the query time:"
25880
#: serverguide/C/dns.xml:423(command)
25966
#: serverguide/C/dns.xml:432(command)
25881
25967
msgid "dig ubuntu.com"
25882
25968
msgstr "dig ubuntu.com"
25884
#: serverguide/C/dns.xml:425(para)
25970
#: serverguide/C/dns.xml:434(para)
25885
25971
msgid "Note the query time toward the end of the command output:"
25888
#: serverguide/C/dns.xml:428(programlisting)
25974
#: serverguide/C/dns.xml:437(programlisting)
25892
25978
";; Query time: 49 msec\n"
25895
#: serverguide/C/dns.xml:431(para)
25981
#: serverguide/C/dns.xml:440(para)
25896
25982
msgid "After a second dig there should be improvement:"
25899
#: serverguide/C/dns.xml:434(programlisting)
25985
#: serverguide/C/dns.xml:443(programlisting)
25903
25989
";; Query time: 1 msec\n"
25906
#: serverguide/C/dns.xml:441(title)
25992
#: serverguide/C/dns.xml:450(title)
25908
25994
msgstr "ping"
25910
#: serverguide/C/dns.xml:443(para)
25996
#: serverguide/C/dns.xml:452(para)
25912
25998
"Now to demonstrate how applications make use of DNS to resolve a host name "
25913
25999
"use the <application>ping</application> utility to send an ICMP echo "
25914
26000
"request. From a terminal prompt enter:"
25917
#: serverguide/C/dns.xml:449(command)
26003
#: serverguide/C/dns.xml:458(command)
25918
26004
msgid "ping example.com"
25921
#: serverguide/C/dns.xml:451(para)
26007
#: serverguide/C/dns.xml:460(para)
25923
26009
"This tests if the nameserver can resolve the name "
25924
26010
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
25925
26011
"should resemble:"
25928
#: serverguide/C/dns.xml:455(programlisting)
26014
#: serverguide/C/dns.xml:464(programlisting)
26064
#: serverguide/C/dns.xml:556(para)
26150
#: serverguide/C/dns.xml:565(para)
26066
26152
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
26067
26153
"level isn't specified level 1 is the default."
26070
#: serverguide/C/dns.xml:562(para)
26156
#: serverguide/C/dns.xml:571(para)
26072
26158
"Since the <emphasis>named daemon</emphasis> runs as the "
26073
26159
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
26074
26160
"file must be created and the ownership changed:"
26077
#: serverguide/C/dns.xml:567(command)
26163
#: serverguide/C/dns.xml:576(command)
26078
26164
msgid "sudo touch /var/log/query.log"
26079
26165
msgstr "sudo touch /var/log/query.log"
26081
#: serverguide/C/dns.xml:568(command)
26167
#: serverguide/C/dns.xml:577(command)
26082
26168
msgid "sudo chown bind /var/log/query.log"
26083
26169
msgstr "sudo chown bind /var/log/query.log"
26085
#: serverguide/C/dns.xml:572(para)
26171
#: serverguide/C/dns.xml:581(para)
26087
26173
"Before <application>named</application> daemon can write to the new log file "
26088
26174
"the <application>AppArmor</application> profile must be updated. First, edit "
26089
26175
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
26092
#: serverguide/C/dns.xml:576(programlisting)
26178
#: serverguide/C/dns.xml:585(programlisting)
26125
26211
"options see <xref linkend=\"dns-more-info\"/>."
26128
#: serverguide/C/dns.xml:607(title)
26214
#: serverguide/C/dns.xml:616(title)
26129
26215
msgid "Common Record Types"
26132
#: serverguide/C/dns.xml:608(para)
26218
#: serverguide/C/dns.xml:617(para)
26133
26219
msgid "This section covers some of the most common DNS record types."
26136
#: serverguide/C/dns.xml:613(para)
26222
#: serverguide/C/dns.xml:622(para)
26138
26224
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
26141
#: serverguide/C/dns.xml:616(programlisting)
26227
#: serverguide/C/dns.xml:625(programlisting)
26145
26231
"www IN A 192.168.1.12\n"
26148
#: serverguide/C/dns.xml:621(para)
26234
#: serverguide/C/dns.xml:630(para)
26150
26236
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
26151
26237
"record. You cannot create a CNAME record pointing to another CNAME record."
26154
#: serverguide/C/dns.xml:624(programlisting)
26240
#: serverguide/C/dns.xml:633(programlisting)
26158
26244
"web IN CNAME www\n"
26161
#: serverguide/C/dns.xml:629(para)
26247
#: serverguide/C/dns.xml:638(para)
26163
26249
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
26164
26250
"to. Must point to an A record, not a CNAME."
26167
#: serverguide/C/dns.xml:632(programlisting)
26253
#: serverguide/C/dns.xml:641(programlisting)
26403
26489
"Components</link> describes the components of the DM-Multipath package."
26406
#: serverguide/C/dm-multipath.xml:184(title)
26492
#: serverguide/C/dm-multipath.xml:183(title)
26407
26493
msgid "DM-Multipath Setup Overview"
26410
#: serverguide/C/dm-multipath.xml:191(para)
26496
#: serverguide/C/dm-multipath.xml:190(para)
26412
26498
"Install the <emphasis role=\"bold\">multipath-tools</emphasis> and <emphasis "
26413
26499
"role=\"bold\">multipath-tools-boot</emphasis> packages"
26416
#: serverguide/C/dm-multipath.xml:197(para)
26502
#: serverguide/C/dm-multipath.xml:196(para)
26418
26504
"Create an empty config file, <filename>/etc/multipath.conf</filename>, that "
26419
26505
"re-defines the <link linkend=\"multipath-skel-config\">following</link>"
26422
#: serverguide/C/dm-multipath.xml:203(para)
26508
#: serverguide/C/dm-multipath.xml:202(para)
26424
26510
"If necessary, edit the <emphasis role=\"bold\">multipath.conf</emphasis> "
26425
26511
"configuration file to modify default values and save the updated file."
26428
#: serverguide/C/dm-multipath.xml:209(para)
26514
#: serverguide/C/dm-multipath.xml:208(para)
26429
26515
msgid "Start the multipath daemon"
26432
#: serverguide/C/dm-multipath.xml:213(para)
26518
#: serverguide/C/dm-multipath.xml:212(para)
26433
26519
msgid "Update initial ramdisk"
26436
#: serverguide/C/dm-multipath.xml:186(para)
26522
#: serverguide/C/dm-multipath.xml:185(para)
26438
26524
"DM-Multipath includes compiled-in default settings that are suitable for "
26439
26525
"common multipath configurations. Setting up DM-multipath is often a simple "
26543
#: serverguide/C/dm-multipath.xml:313(para)
26629
#: serverguide/C/dm-multipath.xml:312(para)
26544
26630
msgid "Set up all of the multipath devices on one machine."
26547
#: serverguide/C/dm-multipath.xml:317(para) serverguide/C/dm-multipath.xml:354(para)
26633
#: serverguide/C/dm-multipath.xml:316(para) serverguide/C/dm-multipath.xml:353(para)
26549
26635
"Disable all of your multipath devices on your other machines by running the "
26550
26636
"following commands:"
26553
#: serverguide/C/dm-multipath.xml:320(screen) serverguide/C/dm-multipath.xml:357(screen)
26639
#: serverguide/C/dm-multipath.xml:319(screen) serverguide/C/dm-multipath.xml:356(screen)
26556
26642
"# service multipath-tools stop\n"
26557
26643
"# multipath -F\n"
26560
#: serverguide/C/dm-multipath.xml:326(para)
26646
#: serverguide/C/dm-multipath.xml:325(para)
26562
26648
"Copy the <filename>/etc/multipath/bindings</filename> file from the first "
26563
26649
"machine to all the other machines in the cluster."
26566
#: serverguide/C/dm-multipath.xml:332(para) serverguide/C/dm-multipath.xml:368(para)
26652
#: serverguide/C/dm-multipath.xml:331(para) serverguide/C/dm-multipath.xml:367(para)
26568
26654
"Re-enable the multipathd daemon on all the other machines in the cluster by "
26569
26655
"running the following command:"
26572
#: serverguide/C/dm-multipath.xml:335(screen) serverguide/C/dm-multipath.xml:371(screen)
26658
#: serverguide/C/dm-multipath.xml:334(screen) serverguide/C/dm-multipath.xml:370(screen)
26574
26660
msgid "# service multipath-tools start"
26577
#: serverguide/C/dm-multipath.xml:339(para)
26663
#: serverguide/C/dm-multipath.xml:338(para)
26578
26664
msgid "If you add a new device, you will need to repeat this process."
26581
#: serverguide/C/dm-multipath.xml:342(para)
26667
#: serverguide/C/dm-multipath.xml:341(para)
26583
26669
"Similarly, if you configure an alias for a device that you would like to be "
26584
26670
"consistent across the nodes in the cluster, you should ensure that the "
26667
26753
"Perform:<screen>update-initramfs -u -k all</screen><placeholder-1/>"
26670
#: serverguide/C/dm-multipath.xml:436(title)
26756
#: serverguide/C/dm-multipath.xml:435(title)
26671
26757
msgid "Setting up DM-Multipath Overview"
26674
#: serverguide/C/dm-multipath.xml:438(para)
26760
#: serverguide/C/dm-multipath.xml:437(para)
26676
26762
"This section provides step-by-step example procedures for configuring DM-"
26677
26763
"Multipath. It includes the following procedures:"
26680
#: serverguide/C/dm-multipath.xml:443(para)
26766
#: serverguide/C/dm-multipath.xml:442(para)
26681
26767
msgid "Basic DM-Multipath setup"
26684
#: serverguide/C/dm-multipath.xml:447(para)
26770
#: serverguide/C/dm-multipath.xml:446(para)
26685
26771
msgid "Ignoring local disks"
26688
#: serverguide/C/dm-multipath.xml:451(para)
26774
#: serverguide/C/dm-multipath.xml:450(para)
26689
26775
msgid "Adding more devices to the configuration file"
26692
#: serverguide/C/dm-multipath.xml:456(title)
26778
#: serverguide/C/dm-multipath.xml:455(title)
26693
26779
msgid "Setting Up DM-Multipath"
26696
#: serverguide/C/dm-multipath.xml:458(para)
26782
#: serverguide/C/dm-multipath.xml:457(para)
26698
26784
"Before setting up DM-Multipath on your system, ensure that your system has "
26699
26785
"been updated and includes the <emphasis role=\"bold\"><application>multipath-"
26983
27069
"can leave them commented out, as they are in the initial file."
26986
#: serverguide/C/dm-multipath.xml:724(para)
27072
#: serverguide/C/dm-multipath.xml:723(para)
26987
27073
msgid "The configuration file allows regular expression description syntax."
26990
#: serverguide/C/dm-multipath.xml:727(para)
27076
#: serverguide/C/dm-multipath.xml:726(para)
26992
27078
"An annotated version of the configuration file can be found in "
26993
27079
"<filename><filename>/usr/share/doc/multipath-"
26994
27080
"tools/examples/multipath.conf.annotated.gz</filename></filename>."
26997
#: serverguide/C/dm-multipath.xml:731(title)
27083
#: serverguide/C/dm-multipath.xml:730(title)
26998
27084
msgid "Configuration File Overview"
27001
#: serverguide/C/dm-multipath.xml:733(para)
27087
#: serverguide/C/dm-multipath.xml:732(para)
27003
27089
"The multipath configuration file is divided into the following sections:"
27006
#: serverguide/C/dm-multipath.xml:738(emphasis)
27092
#: serverguide/C/dm-multipath.xml:737(emphasis)
27007
27093
msgid "blacklist"
27010
#: serverguide/C/dm-multipath.xml:741(para)
27096
#: serverguide/C/dm-multipath.xml:740(para)
27012
27098
"Listing of specific devices that will not be considered for multipath."
27015
#: serverguide/C/dm-multipath.xml:747(emphasis)
27101
#: serverguide/C/dm-multipath.xml:746(emphasis)
27016
27102
msgid "blacklist_exceptions"
27019
#: serverguide/C/dm-multipath.xml:750(para)
27105
#: serverguide/C/dm-multipath.xml:749(para)
27021
27107
"Listing of multipath candidates that would otherwise be blacklisted "
27022
27108
"according to the parameters of the blacklist section."
27025
#: serverguide/C/dm-multipath.xml:757(emphasis)
27111
#: serverguide/C/dm-multipath.xml:756(emphasis)
27026
27112
msgid "defaults"
27029
#: serverguide/C/dm-multipath.xml:760(para)
27115
#: serverguide/C/dm-multipath.xml:759(para)
27030
27116
msgid "General default settings for DM-Multipath."
27033
#: serverguide/C/dm-multipath.xml:768(para)
27119
#: serverguide/C/dm-multipath.xml:767(para)
27035
27121
"Settings for the characteristics of individual multipath devices. These "
27036
27122
"values overwrite what is specified in the <emphasis "
27054
#: serverguide/C/dm-multipath.xml:789(para)
27140
#: serverguide/C/dm-multipath.xml:788(para)
27056
27142
"When the system determines the attributes of a multipath device, first it "
27057
27143
"checks the multipath settings, then the per devices settings, then the "
27058
27144
"multipath system defaults."
27061
#: serverguide/C/dm-multipath.xml:795(title)
27147
#: serverguide/C/dm-multipath.xml:794(title)
27062
27148
msgid "Configuration File Blacklist"
27065
#: serverguide/C/dm-multipath.xml:797(para)
27151
#: serverguide/C/dm-multipath.xml:796(para)
27067
27153
"The blacklist section of the multipath configuration file specifies the "
27068
27154
"devices that will not be used when the system configures multipath devices. "
27069
27155
"Devices that are blacklisted will not be grouped into a multipath device."
27072
#: serverguide/C/dm-multipath.xml:804(para)
27158
#: serverguide/C/dm-multipath.xml:803(para)
27074
27160
"If you do need to blacklist devices, you can do so according to the "
27075
27161
"following criteria:"
27078
#: serverguide/C/dm-multipath.xml:809(para)
27164
#: serverguide/C/dm-multipath.xml:808(para)
27080
27166
"By WWID, as described <xref endterm=\"config-blacklist-by-wwid-title\" "
27081
27167
"linkend=\"multipath-config-blacklist-by-wwid\"/>"
27084
#: serverguide/C/dm-multipath.xml:815(para)
27170
#: serverguide/C/dm-multipath.xml:814(para)
27086
27172
"By device name, as described in <xref endterm=\"config-blacklist-by-device-"
27087
27173
"name-title\" linkend=\"multipath-config-blacklist-by-device-name\"/>"
27090
#: serverguide/C/dm-multipath.xml:821(para)
27176
#: serverguide/C/dm-multipath.xml:820(para)
27092
27178
"By device type, as described in <xref endterm=\"config-blacklist-by-device-"
27093
27179
"type-title\" linkend=\"multipath-config-blacklist-by-device-type\"/>"
27096
#: serverguide/C/dm-multipath.xml:827(para)
27182
#: serverguide/C/dm-multipath.xml:826(para)
27098
27184
"By default, a variety of device types are blacklisted, even after you "
27099
27185
"comment out the initial blacklist section of the configuration file. For "
27554
27640
"files found in <filename>/usr/share/doc/multipath-tools/examples:</filename>"
27557
#: serverguide/C/dm-multipath.xml:1326(screen)
27643
#: serverguide/C/dm-multipath.xml:1325(screen)
27559
27645
msgid "# echo 'show config' | multipathd -k"
27562
#: serverguide/C/dm-multipath.xml:1331(title)
27648
#: serverguide/C/dm-multipath.xml:1330(title)
27563
27649
msgid "DM-Multipath Administration and Troubleshooting"
27566
#: serverguide/C/dm-multipath.xml:1334(title)
27652
#: serverguide/C/dm-multipath.xml:1333(title)
27567
27653
msgid "Resizing an Online Multipath Device"
27570
#: serverguide/C/dm-multipath.xml:1336(para)
27656
#: serverguide/C/dm-multipath.xml:1335(para)
27572
27658
"If you need to resize an online multipath device, use the following procedure"
27575
#: serverguide/C/dm-multipath.xml:1341(para)
27661
#: serverguide/C/dm-multipath.xml:1340(para)
27576
27662
msgid "Resize your physical device. This is storage platform specific."
27579
#: serverguide/C/dm-multipath.xml:1346(para)
27665
#: serverguide/C/dm-multipath.xml:1345(para)
27580
27666
msgid "Use the following command to find the paths to the LUN:"
27583
#: serverguide/C/dm-multipath.xml:1348(screen)
27669
#: serverguide/C/dm-multipath.xml:1347(screen)
27585
27671
msgid "# multipath -l"
27588
#: serverguide/C/dm-multipath.xml:1352(para)
27674
#: serverguide/C/dm-multipath.xml:1351(para)
27590
27676
"Resize your paths. For SCSI devices, writing 1 to the "
27591
27677
"<filename>rescan</filename> file for the device causes the SCSI driver to "
27592
27678
"rescan, as in the following command:"
27595
#: serverguide/C/dm-multipath.xml:1356(screen)
27681
#: serverguide/C/dm-multipath.xml:1355(screen)
27597
27683
msgid "# echo 1 > /sys/block/device_name/device/rescan"
27600
#: serverguide/C/dm-multipath.xml:1360(para)
27686
#: serverguide/C/dm-multipath.xml:1359(para)
27602
27688
"Resize your multipath device by running the multipathd resize command:"
27605
#: serverguide/C/dm-multipath.xml:1363(screen)
27691
#: serverguide/C/dm-multipath.xml:1362(screen)
27607
27693
msgid "# multipathd -k 'resize map mpatha'"
27610
#: serverguide/C/dm-multipath.xml:1367(para)
27696
#: serverguide/C/dm-multipath.xml:1366(para)
27611
27697
msgid "Resize the file system (assuming no LVM or DOS partitions are used):"
27614
#: serverguide/C/dm-multipath.xml:1370(screen)
27700
#: serverguide/C/dm-multipath.xml:1369(screen)
27616
27702
msgid "# resize2fs /dev/mapper/mpatha"
27619
#: serverguide/C/dm-multipath.xml:1376(title)
27705
#: serverguide/C/dm-multipath.xml:1375(title)
27621
27707
"Moving root File Systems from a Single Path Device to a Multipath Device"
27624
#: serverguide/C/dm-multipath.xml:1379(para)
27710
#: serverguide/C/dm-multipath.xml:1378(para)
27626
27712
"This is dramatically simplified by the use of UUIDs to identify devices as "
27627
27713
"an intrinsic label. Simply install <emphasis role=\"bold\">multipath-tools-"
27908
#: serverguide/C/dm-multipath.xml:1614(title)
27994
#: serverguide/C/dm-multipath.xml:1613(title)
27909
27995
msgid "Useful multipath Command Options"
27912
#: serverguide/C/dm-multipath.xml:1623(entry)
27998
#: serverguide/C/dm-multipath.xml:1622(entry)
27913
27999
msgid "Option"
27916
#: serverguide/C/dm-multipath.xml:1630(emphasis)
28002
#: serverguide/C/dm-multipath.xml:1629(emphasis)
27920
#: serverguide/C/dm-multipath.xml:1632(emphasis) serverguide/C/dm-multipath.xml:1639(emphasis)
28006
#: serverguide/C/dm-multipath.xml:1631(emphasis) serverguide/C/dm-multipath.xml:1638(emphasis)
27921
28007
msgid "sysfs"
27924
#: serverguide/C/dm-multipath.xml:1631(entry)
28010
#: serverguide/C/dm-multipath.xml:1630(entry)
27926
28012
"Display the current multipath configuration gathered from <placeholder-1/> "
27927
28013
"and the device mapper."
27930
#: serverguide/C/dm-multipath.xml:1637(emphasis)
28016
#: serverguide/C/dm-multipath.xml:1636(emphasis)
27934
#: serverguide/C/dm-multipath.xml:1638(entry)
28020
#: serverguide/C/dm-multipath.xml:1637(entry)
27936
28022
"Display the current multipath configuration gathered from <placeholder-1/>, "
27937
28023
"the device mapper, and all other available components on the system."
27940
#: serverguide/C/dm-multipath.xml:1644(emphasis)
28026
#: serverguide/C/dm-multipath.xml:1643(emphasis)
27941
28027
msgid "-f device"
27944
#: serverguide/C/dm-multipath.xml:1645(entry)
28030
#: serverguide/C/dm-multipath.xml:1644(entry)
27945
28031
msgid "Remove the named multipath device."
27948
#: serverguide/C/dm-multipath.xml:1649(emphasis)
28034
#: serverguide/C/dm-multipath.xml:1648(emphasis)
27952
#: serverguide/C/dm-multipath.xml:1650(entry)
28038
#: serverguide/C/dm-multipath.xml:1649(entry)
27953
28039
msgid "Remove all unused multipath devices."
27956
#: serverguide/C/dm-multipath.xml:1658(title)
28042
#: serverguide/C/dm-multipath.xml:1657(title)
27957
28043
msgid "Determining Device Mapper Entries with dmsetup Command"
27960
#: serverguide/C/dm-multipath.xml:1660(para)
28046
#: serverguide/C/dm-multipath.xml:1659(para)
27962
28048
"You can use the <emphasis role=\"bold\">dmsetup</emphasis> command to find "
27963
28049
"out which device mapper entries match the <emphasis "
27964
28050
"role=\"bold\">multipathed</emphasis> devices."
27967
#: serverguide/C/dm-multipath.xml:1664(para)
28053
#: serverguide/C/dm-multipath.xml:1663(para)
27969
28055
"The following command displays all the device mapper devices and their major "
27970
28056
"and minor numbers. The minor numbers determine the name of the dm device. "
28097
28183
msgid "To install MySQL, run the following command from a terminal prompt:"
28100
#: serverguide/C/virtualization.xml:2215(command) serverguide/C/databases.xml:42(command)
28186
#: serverguide/C/databases.xml:42(command)
28101
28187
msgid "sudo apt-get install mysql-server"
28102
28188
msgstr "sudo apt-get install mysql-server"
28104
#: serverguide/C/databases.xml:51(para)
28190
#: serverguide/C/databases.xml:44(para)
28106
28192
"During the installation process you will be prompted to enter a password for "
28107
28193
"the MySQL root user."
28110
#: serverguide/C/databases.xml:55(para)
28196
#: serverguide/C/databases.xml:48(para)
28112
28198
"Once the installation is complete, the MySQL server should be started "
28113
28199
"automatically. You can run the following command from a terminal prompt to "
28114
28200
"check whether the MySQL server is running:"
28117
#: serverguide/C/databases.xml:62(command)
28203
#: serverguide/C/databases.xml:55(command)
28118
28204
msgid "sudo netstat -tap | grep mysql"
28119
28205
msgstr "sudo netstat -tap | grep mysql"
28121
#: serverguide/C/vcs.xml:477(para) serverguide/C/databases.xml:65(para)
28207
#: serverguide/C/databases.xml:58(para)
28123
28209
"When you run this command, you should see the following line or something "
28127
#: serverguide/C/databases.xml:69(programlisting)
28213
#: serverguide/C/databases.xml:62(programlisting)
28160
28246
"bind-address = 192.168.0.5\n"
28162
#: serverguide/C/databases.xml:91(para)
28248
#: serverguide/C/databases.xml:84(para)
28163
28249
msgid "Replace 192.168.0.5 with the appropriate address."
28164
28250
msgstr "Zamenjajte 192.168.0.5 z ustreznim naslovom."
28166
#: serverguide/C/databases.xml:95(para)
28252
#: serverguide/C/databases.xml:88(para)
28168
28254
"After making a change to <filename>/etc/mysql/my.cnf</filename> the MySQL "
28169
28255
"daemon will need to be restarted:"
28172
#: serverguide/C/databases.xml:102(para)
28258
#: serverguide/C/databases.xml:95(para)
28174
28260
"If you would like to change the MySQL <emphasis>root</emphasis> password, in "
28175
28261
"a terminal enter:"
28178
#: serverguide/C/databases.xml:107(command)
28264
#: serverguide/C/databases.xml:100(command)
28179
28265
msgid "sudo dpkg-reconfigure mysql-server-5.5"
28182
#: serverguide/C/databases.xml:109(para)
28268
#: serverguide/C/databases.xml:102(para)
28184
28270
"The MySQL daemon will be stopped, and you will be prompted to enter a new "
28188
#: serverguide/C/databases.xml:114(title)
28274
#: serverguide/C/databases.xml:107(title)
28189
28275
msgid "Database Engines"
28192
#: serverguide/C/databases.xml:115(para)
28278
#: serverguide/C/databases.xml:108(para)
28194
28280
"Whilst the default configuration of MySQL provided by the Ubuntu packages is "
28195
28281
"perfectly functional and performs well there are things you may wish to "
28196
28282
"consider before you proceed."
28199
#: serverguide/C/databases.xml:119(para)
28285
#: serverguide/C/databases.xml:112(para)
28201
28287
"MySQL is designed to allow data to be stored in different ways. These "
28202
28288
"methods are referred to as either database or storage engines. There are two "
29576
29670
"# min u dm m dt ukaz\n"
29578
#: serverguide/C/backups.xml:179(para)
29672
#: serverguide/C/backups.xml:185(para)
29580
29674
"<emphasis>m:</emphasis> minute the command executes on, between 0 and 59."
29583
#: serverguide/C/backups.xml:184(para)
29677
#: serverguide/C/backups.xml:190(para)
29585
29679
"<emphasis>h:</emphasis> hour the command executes on, between 0 and 23."
29588
#: serverguide/C/backups.xml:189(para)
29682
#: serverguide/C/backups.xml:195(para)
29589
29683
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
29590
29684
msgstr "<emphasis>dm:</emphasis> dan v mesecu, ko bo ukaz izveden."
29592
#: serverguide/C/backups.xml:194(para)
29686
#: serverguide/C/backups.xml:200(para)
29594
29688
"<emphasis>mon:</emphasis> the month the command executes on, between 1 and "
29598
#: serverguide/C/backups.xml:199(para)
29692
#: serverguide/C/backups.xml:205(para)
29600
29694
"<emphasis>dow:</emphasis> the day of the week the command executes on, "
29601
29695
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
29605
#: serverguide/C/backups.xml:204(para)
29699
#: serverguide/C/backups.xml:210(para)
29606
29700
msgid "<emphasis>command:</emphasis> the command to execute."
29607
29701
msgstr "<emphasis>ukaz:</emphasis> ukaz, ki bo izveden."
29609
#: serverguide/C/backups.xml:209(para)
29703
#: serverguide/C/backups.xml:215(para)
29611
29705
"To add or change entries in a <filename>crontab</filename> file the "
29612
29706
"<application>crontab -e</application> command should be used. Also, the "
29659
29753
"simply change the script path appropriately."
29662
#: serverguide/C/backups.xml:242(para)
29756
#: serverguide/C/backups.xml:248(para)
29664
29758
"For more in-depth <application>crontab</application> options see <xref "
29665
29759
"linkend=\"backup-shellscript-references\"/>."
29668
#: serverguide/C/backups.xml:248(title)
29762
#: serverguide/C/backups.xml:254(title)
29669
29763
msgid "Restoring from the Archive"
29670
29764
msgstr "Obnavljanje iz arhiva"
29672
#: serverguide/C/backups.xml:249(para)
29766
#: serverguide/C/backups.xml:255(para)
29674
29768
"Once an archive has been created it is important to test the archive. The "
29675
29769
"archive can be tested by listing the files it contains, but the best test is "
29676
29770
"to <emphasis>restore</emphasis> a file from the archive."
29679
#: serverguide/C/backups.xml:255(para)
29773
#: serverguide/C/backups.xml:261(para)
29681
29775
"To see a listing of the archive contents. From a terminal prompt type:"
29684
#: serverguide/C/backups.xml:259(command)
29778
#: serverguide/C/backups.xml:265(command)
29685
29779
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
29688
#: serverguide/C/backups.xml:263(para)
29782
#: serverguide/C/backups.xml:269(para)
29689
29783
msgid "To restore a file from the archive to a different directory enter:"
29692
#: serverguide/C/backups.xml:267(command)
29786
#: serverguide/C/backups.xml:273(command)
29693
29787
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
29696
#: serverguide/C/backups.xml:269(para)
29790
#: serverguide/C/backups.xml:275(para)
29698
29792
"The <emphasis>-C</emphasis> option to <application>tar</application> "
29699
29793
"redirects the extracted files to the specified directory. The above example "
29702
29796
"recreates the directory structure that it contains."
29705
#: serverguide/C/backups.xml:274(para)
29799
#: serverguide/C/backups.xml:280(para)
29707
29801
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
29708
29802
"the file to restore."
29711
#: serverguide/C/backups.xml:279(para)
29805
#: serverguide/C/backups.xml:285(para)
29712
29806
msgid "To restore all files in the archive enter the following:"
29715
#: serverguide/C/backups.xml:283(command)
29809
#: serverguide/C/backups.xml:289(command)
29717
29811
msgstr "cd /"
29719
#: serverguide/C/backups.xml:284(command)
29813
#: serverguide/C/backups.xml:290(command)
29720
29814
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
29723
#: serverguide/C/backups.xml:289(para)
29817
#: serverguide/C/backups.xml:295(para)
29724
29818
msgid "This will overwrite the files currently on the file system."
29725
29819
msgstr "To bo prepisalo datoteke, trenutno prisotne na sistemu."
29727
#: serverguide/C/backups.xml:298(para)
29821
#: serverguide/C/backups.xml:304(para)
29729
29823
"For more information on shell scripting see the <ulink "
29730
29824
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
29733
#: serverguide/C/backups.xml:303(para)
29827
#: serverguide/C/backups.xml:309(para)
29735
29829
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
29736
29830
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
29737
29831
"great resource for shell scripting."
29740
#: serverguide/C/backups.xml:309(para)
29834
#: serverguide/C/backups.xml:315(para)
29742
29836
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
29743
29837
"Wiki Page</ulink> contains details on advanced "
29744
29838
"<application>cron</application> options."
29747
#: serverguide/C/backups.xml:316(para)
29841
#: serverguide/C/backups.xml:322(para)
29749
29843
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
29750
29844
"tar Manual</ulink> for more <application>tar</application> options."
29753
#: serverguide/C/backups.xml:322(para)
29847
#: serverguide/C/backups.xml:328(para)
29755
29849
"The Wikipedia <ulink "
29756
29850
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
29757
29851
"Scheme</ulink> article contains information on other backup rotation schemes."
29760
#: serverguide/C/backups.xml:328(para)
29854
#: serverguide/C/backups.xml:334(para)
29762
29856
"The shell script uses <application>tar</application> to create the archive, "
29763
29857
"but there many other command line utilities that can be used. For example:"
29766
#: serverguide/C/backups.xml:334(para)
29860
#: serverguide/C/backups.xml:340(para)
29768
29862
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
29769
29863
"files to and from archives."
29802
29896
"rotation scheme should be used."
29805
#: serverguide/C/backups.xml:369(title)
29899
#: serverguide/C/backups.xml:375(title)
29806
29900
msgid "Rotating NFS Archives"
29809
#: serverguide/C/backups.xml:370(para)
29903
#: serverguide/C/backups.xml:376(para)
29811
29905
"In this section, the shell script will be slightly modified to implement a "
29812
29906
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
29815
#: serverguide/C/backups.xml:376(para)
29909
#: serverguide/C/backups.xml:382(para)
29817
29911
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
29821
#: serverguide/C/backups.xml:381(para)
29915
#: serverguide/C/backups.xml:387(para)
29823
29917
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
29824
29918
"weekly backups a month."
29827
#: serverguide/C/backups.xml:386(para)
29921
#: serverguide/C/backups.xml:392(para)
29829
29923
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
29830
29924
"rotating two monthly backups based on if the month is odd or even."
29833
#: serverguide/C/backups.xml:392(para)
29927
#: serverguide/C/backups.xml:398(para)
29834
29928
msgid "Here is the new script:"
29835
29929
msgstr "Tukaj je novi skript:"
29837
#: serverguide/C/backups.xml:395(programlisting)
29931
#: serverguide/C/backups.xml:401(programlisting)
30023
30117
"network wide solution."
30026
#: serverguide/C/backups.xml:546(para)
30120
#: serverguide/C/backups.xml:552(para)
30028
30122
"<application>Bacula</application> is made up of several components and "
30029
30123
"services used to manage which files to backup and backup locations:"
30032
#: serverguide/C/backups.xml:551(para)
30126
#: serverguide/C/backups.xml:557(para)
30034
30128
"<application>Bacula Director:</application> a service that controls all "
30035
30129
"backup, restore, verify, and archive operations."
30038
#: serverguide/C/backups.xml:556(para)
30132
#: serverguide/C/backups.xml:562(para)
30040
30134
"<application>Bacula Console:</application> an application allowing "
30041
30135
"communication with the Director. There are three versions of the Console:"
30044
#: serverguide/C/backups.xml:561(para)
30138
#: serverguide/C/backups.xml:567(para)
30045
30139
msgid "Text based command line version."
30048
#: serverguide/C/backups.xml:562(para)
30142
#: serverguide/C/backups.xml:568(para)
30049
30143
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
30052
#: serverguide/C/backups.xml:563(para)
30146
#: serverguide/C/backups.xml:569(para)
30053
30147
msgid "wxWidgets GUI interface."
30054
30148
msgstr "Grafični vmesnik wxWidgets"
30056
#: serverguide/C/backups.xml:567(para)
30150
#: serverguide/C/backups.xml:573(para)
30058
30152
"<application>Bacula File:</application> also known as the "
30059
30153
"<application>Bacula Client</application> program. This application is "
30075
30169
"different databases MySQL, PostgreSQL, and SQLite."
30078
#: serverguide/C/backups.xml:584(para)
30172
#: serverguide/C/backups.xml:590(para)
30080
30174
"<application>Bacula Monitor:</application> allows the monitoring of the "
30081
30175
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
30082
30176
"available as a GTK+ GUI application."
30085
#: serverguide/C/backups.xml:590(para)
30179
#: serverguide/C/backups.xml:596(para)
30087
30181
"These services and applications can be run on multiple servers and clients, "
30088
30182
"or they can be installed on one machine if backing up a single disk or "
30092
#: serverguide/C/backups.xml:598(para)
30186
#: serverguide/C/backups.xml:604(para)
30094
30188
"If using MySQL or PostgreSQL as your database, you should already have the "
30095
30189
"services available. <application>Bacula</application> will not install them "
30099
#: serverguide/C/backups.xml:603(para)
30193
#: serverguide/C/backups.xml:609(para)
30101
30195
"There are multiple packages containing the different "
30102
30196
"<application>Bacula</application> components. To install Bacula, from a "
30103
30197
"terminal prompt enter:"
30106
#: serverguide/C/backups.xml:608(command)
30200
#: serverguide/C/backups.xml:614(command)
30107
30201
msgid "sudo apt-get install bacula"
30108
30202
msgstr "sudo apt-get install bacula"
30110
#: serverguide/C/backups.xml:610(para)
30204
#: serverguide/C/backups.xml:616(para)
30112
30206
"By default installing the <application>bacula</application> package will use "
30113
30207
"a <application>MySQL</application> database for the Catalog. If you want to "