« back to all changes in this revision
Viewing changes to serverguide/po/et.po
- browse files at revision 91
- compare with another revision
- download diff
- download tarball
- view history from revision 91
- Committer: Bazaar Package Importer
- Author(s): Matthew East
- Date: 2010-04-18 21:06:41 UTC
- Revision ID: james.westby@ubuntu.com-20100418210641-ee4gokf3dfkak6j8
Tags: 10.04.3
* Import translations from Rosetta
* Replace old Ubuntu logo with new one from wiki:Brand (LP: #551058)
* Replace old Ubuntu logo with new one from wiki:Brand (LP: #551058)
- files added:
- about-ubuntu/po/om.po
- files modified:
- about-ubuntu/po/about-ubuntu.pot
added
removed
serverguide/po/et.po
7
7
msgstr ""
8
8
"Project-Id-Version: ubuntu-docs\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2009-10-04 21:24+0100\n"
11
"PO-Revision-Date: 2009-10-15 01:39+0000\n"
10
"POT-Creation-Date: 2010-03-29 08:26+0100\n"
11
"PO-Revision-Date: 2009-10-20 04:11+0000\n"
12
12
"Last-Translator: Launchpad Translations Administrators "
13
13
"<rosetta@launchpad.net>\n"
14
14
"Language-Team: Estonian <et@li.org>\n"
15
15
"MIME-Version: 1.0\n"
16
16
"Content-Type: text/plain; charset=UTF-8\n"
17
17
"Content-Transfer-Encoding: 8bit\n"
18
"X-Launchpad-Export-Date: 2009-10-16 07:28+0000\n"
18
"X-Launchpad-Export-Date: 2010-04-17 14:52+0000\n"
19
19
"X-Generator: Launchpad (build Unknown)\n"
20
20
21
21
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
22
22
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
23
msgstr ""
23
msgstr "ubuntu-doc@lists.ubuntu.com (Ubuntu Dokumentatsiooni Projekt)"
24
24
25
25
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
26
26
msgid "Ubuntu Server Guide"
46
46
"network resources with Windows computers."
47
47
msgstr ""
48
48
49
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:397(title) serverguide/C/security.xml:412(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
49
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
50
50
msgid "Introduction"
51
51
msgstr "Sissejuhatus"
52
52
118
118
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
119
119
msgstr ""
120
120
121
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:282(title) serverguide/C/windows-networking.xml:1279(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:669(title) serverguide/C/web-servers.xml:804(title) serverguide/C/web-servers.xml:925(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:1341(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:402(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:220(title) serverguide/C/network-config.xml:603(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1244(title) serverguide/C/network-auth.xml:1749(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:423(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:478(title) serverguide/C/mail.xml:651(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1284(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:282(title) serverguide/C/lamp-applications.xml:398(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:908(title) serverguide/C/file-server.xml:342(title) serverguide/C/file-server.xml:454(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:159(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:593(title)
121
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:287(title) serverguide/C/windows-networking.xml:1302(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2014(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:233(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1581(title) serverguide/C/network-auth.xml:2092(title) serverguide/C/network-auth.xml:2483(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
122
122
msgid "Installation"
123
123
msgstr ""
124
124
128
128
"From a terminal prompt enter:"
129
129
msgstr ""
130
130
131
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:294(command)
131
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:299(command)
132
132
msgid "sudo apt-get install samba"
133
133
msgstr ""
134
134
138
138
"files."
139
139
msgstr ""
140
140
141
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:299(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:720(title) serverguide/C/web-servers.xml:815(title) serverguide/C/web-servers.xml:952(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/vpn.xml:137(title) serverguide/C/virtualization.xml:1226(title) serverguide/C/virtualization.xml:1415(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:420(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:245(title) serverguide/C/package-management.xml:365(title) serverguide/C/network-config.xml:625(title) serverguide/C/network-auth.xml:88(title) serverguide/C/network-auth.xml:1788(title) serverguide/C/network-auth.xml:2161(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:449(title) serverguide/C/mail.xml:487(title) serverguide/C/mail.xml:661(title) serverguide/C/mail.xml:880(title) serverguide/C/mail.xml:1309(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:309(title) serverguide/C/lamp-applications.xml:428(title) serverguide/C/file-server.xml:355(title) serverguide/C/file-server.xml:480(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:178(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:616(title)
141
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:304(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/virtualization.xml:2088(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:258(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2131(title) serverguide/C/network-auth.xml:2504(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
142
142
msgid "Configuration"
143
143
msgstr ""
144
144
165
165
"<filename>/etc/samba/smb.conf</filename>:"
166
166
msgstr ""
167
167
168
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:306(programlisting) serverguide/C/windows-networking.xml:761(programlisting) serverguide/C/windows-networking.xml:975(programlisting)
168
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:311(programlisting) serverguide/C/windows-networking.xml:776(programlisting) serverguide/C/windows-networking.xml:990(programlisting)
169
169
#, no-wrap
170
170
msgid ""
171
171
"\n"
274
274
"new configuration:"
275
275
msgstr ""
276
276
277
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:326(command) serverguide/C/windows-networking.xml:458(command) serverguide/C/windows-networking.xml:557(command) serverguide/C/windows-networking.xml:922(command) serverguide/C/windows-networking.xml:1032(command) serverguide/C/windows-networking.xml:1142(command) serverguide/C/network-auth.xml:1523(command)
277
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:331(command) serverguide/C/windows-networking.xml:468(command) serverguide/C/windows-networking.xml:567(command) serverguide/C/windows-networking.xml:937(command) serverguide/C/windows-networking.xml:1047(command) serverguide/C/windows-networking.xml:1162(command) serverguide/C/network-auth.xml:1860(command)
278
278
msgid "sudo /etc/init.d/samba restart"
279
279
msgstr ""
280
280
300
300
"share actually exists and the permissions are correct."
301
301
msgstr ""
302
302
303
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:336(title) serverguide/C/windows-networking.xml:686(title) serverguide/C/windows-networking.xml:1051(title) serverguide/C/windows-networking.xml:1253(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1163(title) serverguide/C/remote-administration.xml:478(title) serverguide/C/network-config.xml:247(title) serverguide/C/network-config.xml:490(title) serverguide/C/network-auth.xml:1199(title) serverguide/C/network-auth.xml:1638(title) serverguide/C/network-auth.xml:2236(title) serverguide/C/network-auth.xml:2739(title) serverguide/C/installation.xml:848(title) serverguide/C/installation.xml:1124(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:268(title) serverguide/C/backups.xml:855(title)
303
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:341(title) serverguide/C/windows-networking.xml:696(title) serverguide/C/windows-networking.xml:1066(title) serverguide/C/windows-networking.xml:1273(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:491(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1531(title) serverguide/C/network-auth.xml:1975(title) serverguide/C/network-auth.xml:2579(title) serverguide/C/network-auth.xml:3087(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
304
304
msgid "Resources"
305
305
msgstr ""
306
306
307
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:340(para) serverguide/C/windows-networking.xml:690(para) serverguide/C/windows-networking.xml:1055(para)
307
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:345(para) serverguide/C/windows-networking.xml:700(para) serverguide/C/windows-networking.xml:1070(para)
308
308
msgid ""
309
309
"For in depth Samba configurations see the <ulink "
310
310
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
311
311
"Collection</ulink>"
312
312
msgstr ""
313
313
314
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:346(para) serverguide/C/windows-networking.xml:696(para) serverguide/C/windows-networking.xml:1061(para)
314
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:706(para) serverguide/C/windows-networking.xml:1076(para)
315
315
msgid ""
316
316
"The guide is also available in <ulink "
317
317
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
318
318
"format</ulink>."
319
319
msgstr ""
320
320
321
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:352(para)
321
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:357(para)
322
322
msgid ""
323
323
"O'Reilly's <ulink "
324
324
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
325
325
"another good reference."
326
326
msgstr ""
327
327
328
#: serverguide/C/windows-networking.xml:269(title)
328
#: serverguide/C/windows-networking.xml:265(para) serverguide/C/windows-networking.xml:368(para) serverguide/C/windows-networking.xml:731(para) serverguide/C/windows-networking.xml:1100(para) serverguide/C/windows-networking.xml:1286(para)
329
msgid ""
330
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
331
"</ulink> page."
332
msgstr ""
333
334
#: serverguide/C/windows-networking.xml:274(title)
329
335
msgid "Samba Print Server"
330
336
msgstr ""
331
337
332
#: serverguide/C/windows-networking.xml:271(para)
338
#: serverguide/C/windows-networking.xml:276(para)
333
339
msgid ""
334
340
"Another common use of Samba is to configure it to share printers installed, "
335
341
"either locally or over the network, on an Ubuntu server. Similar to <xref "
338
344
"prompting for a username and password."
339
345
msgstr ""
340
346
341
#: serverguide/C/windows-networking.xml:277(para)
347
#: serverguide/C/windows-networking.xml:282(para)
342
348
msgid ""
343
349
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
344
350
"security\"/>."
345
351
msgstr ""
346
352
347
#: serverguide/C/windows-networking.xml:284(para)
353
#: serverguide/C/windows-networking.xml:289(para)
348
354
msgid ""
349
355
"Before installing and configuring Samba it is best to already have a working "
350
356
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
351
357
"for details."
352
358
msgstr ""
353
359
354
#: serverguide/C/windows-networking.xml:289(para)
360
#: serverguide/C/windows-networking.xml:294(para)
355
361
msgid ""
356
362
"To install the <application>samba</application> package, from a terminal "
357
363
"enter:"
358
364
msgstr ""
359
365
360
#: serverguide/C/windows-networking.xml:300(para)
366
#: serverguide/C/windows-networking.xml:305(para)
361
367
msgid ""
362
368
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
363
369
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
365
371
"role=\"italic\">share</emphasis>:"
366
372
msgstr ""
367
373
368
#: serverguide/C/windows-networking.xml:312(para)
374
#: serverguide/C/windows-networking.xml:317(para)
369
375
msgid ""
370
376
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
371
377
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
372
378
msgstr ""
373
379
374
#: serverguide/C/windows-networking.xml:316(programlisting)
380
#: serverguide/C/windows-networking.xml:321(programlisting)
375
381
#, no-wrap
376
382
msgid ""
377
383
"\n"
379
385
" guest ok = yes\n"
380
386
msgstr ""
381
387
382
#: serverguide/C/windows-networking.xml:321(para)
388
#: serverguide/C/windows-networking.xml:326(para)
383
389
msgid "After editing <filename>smb.conf</filename> restart Samba:"
384
390
msgstr ""
385
391
386
#: serverguide/C/windows-networking.xml:329(para)
392
#: serverguide/C/windows-networking.xml:334(para)
387
393
msgid ""
388
394
"The default Samba configuration will automatically share any printers "
389
395
"installed. Simply install the printer locally on your Windows clients."
390
396
msgstr ""
391
397
392
#: serverguide/C/windows-networking.xml:358(para)
398
#: serverguide/C/windows-networking.xml:363(para)
393
399
msgid ""
394
400
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
395
401
"more information on configuring CUPS."
396
402
msgstr ""
397
403
398
#: serverguide/C/windows-networking.xml:367(title)
404
#: serverguide/C/windows-networking.xml:377(title)
399
405
msgid "Securing a Samba File and Print Server"
400
406
msgstr ""
401
407
402
#: serverguide/C/windows-networking.xml:370(title)
408
#: serverguide/C/windows-networking.xml:380(title)
403
409
msgid "Samba Security Modes"
404
410
msgstr ""
405
411
406
#: serverguide/C/windows-networking.xml:372(para)
412
#: serverguide/C/windows-networking.xml:382(para)
407
413
msgid ""
408
414
"There are two security levels available to the Common Internet Filesystem "
409
415
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
412
418
"security and one way to implement share-level:"
413
419
msgstr ""
414
420
415
#: serverguide/C/windows-networking.xml:381(para)
421
#: serverguide/C/windows-networking.xml:391(para)
416
422
msgid ""
417
423
"<emphasis>security = user:</emphasis> requires clients to supply a username "
418
424
"and password to connect to shares. Samba user accounts are separate from "
420
426
"will sync system users and passwords with the Samba user database."
421
427
msgstr ""
422
428
423
#: serverguide/C/windows-networking.xml:388(para)
429
#: serverguide/C/windows-networking.xml:398(para)
424
430
msgid ""
425
431
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
426
432
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
428
434
"linkend=\"samba-dc\"/> for further information."
429
435
msgstr ""
430
436
431
#: serverguide/C/windows-networking.xml:395(para)
437
#: serverguide/C/windows-networking.xml:405(para)
432
438
msgid ""
433
439
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
434
440
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
435
441
"integration\"/> for details."
436
442
msgstr ""
437
443
438
#: serverguide/C/windows-networking.xml:401(para)
444
#: serverguide/C/windows-networking.xml:411(para)
439
445
msgid ""
440
446
"<emphasis>security = server:</emphasis> this mode is left over from before "
441
447
"Samba could become a member server, and due to some security issues should "
444
450
"of the Samba guide for more details."
445
451
msgstr ""
446
452
447
#: serverguide/C/windows-networking.xml:409(para)
453
#: serverguide/C/windows-networking.xml:419(para)
448
454
msgid ""
449
455
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
450
456
"without supplying a username and password."
451
457
msgstr ""
452
458
453
#: serverguide/C/windows-networking.xml:416(para)
459
#: serverguide/C/windows-networking.xml:426(para)
454
460
msgid ""
455
461
"The security mode you choose will depend on your environment and what you "
456
462
"need the Samba server to accomplish."
457
463
msgstr ""
458
464
459
#: serverguide/C/windows-networking.xml:422(title)
465
#: serverguide/C/windows-networking.xml:432(title)
460
466
msgid "Security = User"
461
467
msgstr ""
462
468
463
#: serverguide/C/windows-networking.xml:424(para)
469
#: serverguide/C/windows-networking.xml:434(para)
464
470
msgid ""
465
471
"This section will reconfigure the Samba file and print server, from <xref "
466
472
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
467
473
"require authentication."
468
474
msgstr ""
469
475
470
#: serverguide/C/windows-networking.xml:429(para)
476
#: serverguide/C/windows-networking.xml:439(para)
471
477
msgid ""
472
478
"First, install the <application>libpam-smbpass</application> package which "
473
479
"will sync the system users to the Samba user database:"
474
480
msgstr ""
475
481
476
#: serverguide/C/windows-networking.xml:435(command)
482
#: serverguide/C/windows-networking.xml:445(command)
477
483
msgid "sudo apt-get install libpam-smbpass"
478
484
msgstr ""
479
485
480
#: serverguide/C/windows-networking.xml:439(para)
486
#: serverguide/C/windows-networking.xml:449(para)
481
487
msgid ""
482
488
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
483
489
"<application>libpam-smbpass</application> is already installed."
484
490
msgstr ""
485
491
486
#: serverguide/C/windows-networking.xml:445(para)
492
#: serverguide/C/windows-networking.xml:455(para)
487
493
msgid ""
488
494
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
489
495
"<emphasis>[share]</emphasis> section change:"
490
496
msgstr ""
491
497
492
#: serverguide/C/windows-networking.xml:449(programlisting)
498
#: serverguide/C/windows-networking.xml:459(programlisting)
493
499
#, no-wrap
494
500
msgid ""
495
501
"\n"
496
502
" guest ok = no\n"
497
503
msgstr ""
498
504
499
#: serverguide/C/windows-networking.xml:453(para)
505
#: serverguide/C/windows-networking.xml:463(para)
500
506
msgid "Finally, restart Samba for the new settings to take effect:"
501
507
msgstr ""
502
508
503
#: serverguide/C/windows-networking.xml:461(para)
509
#: serverguide/C/windows-networking.xml:471(para)
504
510
msgid ""
505
511
"Now when connecting to the shared directories or printers you should be "
506
512
"prompted for a username and password."
507
513
msgstr ""
508
514
509
#: serverguide/C/windows-networking.xml:466(para)
515
#: serverguide/C/windows-networking.xml:476(para)
510
516
msgid ""
511
517
"If you choose to map a network drive to the share you can check the "
512
518
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
513
519
"enter the username and password once, at least until the password changes."
514
520
msgstr ""
515
521
516
#: serverguide/C/windows-networking.xml:474(title)
522
#: serverguide/C/windows-networking.xml:484(title)
517
523
msgid "Share Security"
518
524
msgstr ""
519
525
520
#: serverguide/C/windows-networking.xml:476(para)
526
#: serverguide/C/windows-networking.xml:486(para)
521
527
msgid ""
522
528
"There are several options available to increase the security for each "
523
529
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
524
530
"this section will cover some common options."
525
531
msgstr ""
526
532
527
#: serverguide/C/windows-networking.xml:482(title)
533
#: serverguide/C/windows-networking.xml:492(title)
528
534
msgid "Groups"
529
535
msgstr ""
530
536
531
#: serverguide/C/windows-networking.xml:484(para)
537
#: serverguide/C/windows-networking.xml:494(para)
532
538
msgid ""
533
539
"Groups define a collection of computers or users which have a common level "
534
540
"of access to particular network resources and offer a level of granularity "
550
556
"have only access to resources explicitly allowing the group they are part of."
551
557
msgstr ""
552
558
553
#: serverguide/C/windows-networking.xml:498(para)
559
#: serverguide/C/windows-networking.xml:508(para)
554
560
msgid ""
555
561
"By default Samba looks for the local system groups defined in "
556
562
"<filename>/etc/group</filename> to determine which users belong to which "
558
564
"<xref linkend=\"adding-deleting-users\"/>."
559
565
msgstr ""
560
566
561
#: serverguide/C/windows-networking.xml:504(para)
567
#: serverguide/C/windows-networking.xml:514(para)
562
568
msgid ""
563
569
"When defining groups in the Samba configuration file, "
564
570
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
569
575
"role=\"bold\">@sysadmin</emphasis>."
570
576
msgstr ""
571
577
572
#: serverguide/C/windows-networking.xml:513(title)
578
#: serverguide/C/windows-networking.xml:523(title)
573
579
msgid "File Permissions"
574
580
msgstr ""
575
581
576
#: serverguide/C/windows-networking.xml:515(para)
582
#: serverguide/C/windows-networking.xml:525(para)
577
583
msgid ""
578
584
"File Permissions define the explicit rights a computer or user has to a "
579
585
"particular directory, file, or set of files. Such permissions may be defined "
581
587
"the explicit permissions of a defined file share."
582
588
msgstr ""
583
589
584
#: serverguide/C/windows-networking.xml:521(para)
590
#: serverguide/C/windows-networking.xml:531(para)
585
591
msgid ""
586
592
"For example, if you have defined a Samba share called "
587
593
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
593
599
"under the <emphasis>[share]</emphasis> entry:"
594
600
msgstr ""
595
601
596
#: serverguide/C/windows-networking.xml:530(programlisting)
602
#: serverguide/C/windows-networking.xml:540(programlisting)
597
603
#, no-wrap
598
604
msgid ""
599
605
"\n"
601
607
" write list = @sysadmin, vincent\n"
602
608
msgstr ""
603
609
604
#: serverguide/C/windows-networking.xml:535(para)
610
#: serverguide/C/windows-networking.xml:545(para)
605
611
msgid ""
606
612
"Another possible Samba permission is to declare "
607
613
"<emphasis>administrative</emphasis> permissions to a particular shared "
610
616
"administrative permissions to."
611
617
msgstr ""
612
618
613
#: serverguide/C/windows-networking.xml:541(para)
619
#: serverguide/C/windows-networking.xml:551(para)
614
620
msgid ""
615
621
"For example, if you wanted to give the user <emphasis "
616
622
"role=\"italic\">melissa</emphasis> administrative permissions to the "
619
625
"under the <emphasis>[share]</emphasis> entry:"
620
626
msgstr ""
621
627
622
#: serverguide/C/windows-networking.xml:548(programlisting)
628
#: serverguide/C/windows-networking.xml:558(programlisting)
623
629
#, no-wrap
624
630
msgid ""
625
631
"\n"
626
632
" admin users = melissa\n"
627
633
msgstr ""
628
634
629
#: serverguide/C/windows-networking.xml:552(para)
635
#: serverguide/C/windows-networking.xml:562(para)
630
636
msgid ""
631
637
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
632
638
"the changes to take effect:"
633
639
msgstr ""
634
640
635
#: serverguide/C/windows-networking.xml:561(para)
641
#: serverguide/C/windows-networking.xml:571(para)
636
642
msgid ""
637
643
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
638
644
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
639
645
"<emphasis role=\"italic\">security = share</emphasis>"
640
646
msgstr ""
641
647
642
#: serverguide/C/windows-networking.xml:567(para)
648
#: serverguide/C/windows-networking.xml:577(para)
643
649
msgid ""
644
650
"Now that Samba has been configured to limit which groups have access to the "
645
651
"shared directory, the filesystem permissions need to be updated."
646
652
msgstr ""
647
653
648
#: serverguide/C/windows-networking.xml:572(para)
654
#: serverguide/C/windows-networking.xml:582(para)
649
655
msgid ""
650
656
"Traditional Linux file permissions do not map well to Windows NT Access "
651
657
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
654
660
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
655
661
msgstr ""
656
662
657
#: serverguide/C/windows-networking.xml:579(programlisting)
663
#: serverguide/C/windows-networking.xml:589(programlisting)
658
664
#, no-wrap
659
665
msgid ""
660
666
"\n"
662
668
"0 1\n"
663
669
msgstr ""
664
670
665
#: serverguide/C/windows-networking.xml:583(para)
671
#: serverguide/C/windows-networking.xml:593(para)
666
672
msgid "Then remount the partition:"
667
673
msgstr ""
668
674
669
#: serverguide/C/windows-networking.xml:588(command)
675
#: serverguide/C/windows-networking.xml:598(command)
670
676
msgid "sudo mount -v -o remount /srv"
671
677
msgstr ""
672
678
673
#: serverguide/C/windows-networking.xml:592(para)
679
#: serverguide/C/windows-networking.xml:602(para)
674
680
msgid ""
675
681
"The above example assumes <filename>/srv</filename> on a separate partition. "
676
682
"If <filename>/srv</filename>, or wherever you have configured your share "
678
684
"required."
679
685
msgstr ""
680
686
681
#: serverguide/C/windows-networking.xml:599(para)
687
#: serverguide/C/windows-networking.xml:609(para)
682
688
msgid ""
683
689
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
684
690
"group will be given read, write, and execute permissions to "
687
693
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
688
694
msgstr ""
689
695
690
#: serverguide/C/windows-networking.xml:607(command)
696
#: serverguide/C/windows-networking.xml:617(command)
691
697
msgid "sudo chown -R melissa /srv/samba/share/"
692
698
msgstr ""
693
699
694
#: serverguide/C/windows-networking.xml:608(command)
700
#: serverguide/C/windows-networking.xml:618(command)
695
701
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
696
702
msgstr ""
697
703
698
#: serverguide/C/windows-networking.xml:609(command)
704
#: serverguide/C/windows-networking.xml:619(command)
699
705
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
700
706
msgstr ""
701
707
702
#: serverguide/C/windows-networking.xml:613(para)
708
#: serverguide/C/windows-networking.xml:623(para)
703
709
msgid ""
704
710
"The <application>setfacl</application> command above gives "
705
711
"<emphasis>execute</emphasis> permissions to all files in the "
707
713
"want."
708
714
msgstr ""
709
715
710
#: serverguide/C/windows-networking.xml:619(para)
716
#: serverguide/C/windows-networking.xml:629(para)
711
717
msgid ""
712
718
"Now from a Windows client you should notice the new file permissions are "
713
719
"implemented. See the <application>acl</application> and "
715
721
"ACLs."
716
722
msgstr ""
717
723
718
#: serverguide/C/windows-networking.xml:627(title)
724
#: serverguide/C/windows-networking.xml:637(title)
719
725
msgid "Samba AppArmor Profile"
720
726
msgstr ""
721
727
722
#: serverguide/C/windows-networking.xml:629(para)
728
#: serverguide/C/windows-networking.xml:639(para)
723
729
msgid ""
724
730
"Ubuntu comes with the <application>AppArmor</application> security module, "
725
731
"which provides mandatory access controls. The default AppArmor profile for "
727
733
"using AppArmor see <xref linkend=\"apparmor\"/>."
728
734
msgstr ""
729
735
730
#: serverguide/C/windows-networking.xml:635(para)
736
#: serverguide/C/windows-networking.xml:645(para)
731
737
msgid ""
732
738
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
733
739
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
735
741
"package, from a terminal prompt enter:"
736
742
msgstr ""
737
743
738
#: serverguide/C/windows-networking.xml:642(command) serverguide/C/security.xml:978(command)
744
#: serverguide/C/windows-networking.xml:652(command) serverguide/C/security.xml:925(command)
739
745
msgid "sudo apt-get install apparmor-profiles"
740
746
msgstr ""
741
747
742
#: serverguide/C/windows-networking.xml:646(para)
748
#: serverguide/C/windows-networking.xml:656(para)
743
749
msgid "This package contains profiles for several other binaries."
744
750
msgstr ""
745
751
746
#: serverguide/C/windows-networking.xml:651(para)
752
#: serverguide/C/windows-networking.xml:661(para)
747
753
msgid ""
748
754
"By default the profiles for <application>smbd</application> and "
749
755
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
753
759
"profile will need to be modified to reflect any directories that are shared."
754
760
msgstr ""
755
761
756
#: serverguide/C/windows-networking.xml:658(para)
762
#: serverguide/C/windows-networking.xml:668(para)
757
763
msgid ""
758
764
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
759
765
"for <emphasis>[share]</emphasis> from the file server example:"
760
766
msgstr ""
761
767
762
#: serverguide/C/windows-networking.xml:663(programlisting)
768
#: serverguide/C/windows-networking.xml:673(programlisting)
763
769
#, no-wrap
764
770
msgid ""
765
771
"\n"
767
773
" /srv/samba/share/** rwkix,\n"
768
774
msgstr ""
769
775
770
#: serverguide/C/windows-networking.xml:668(para)
776
#: serverguide/C/windows-networking.xml:678(para)
771
777
msgid ""
772
778
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
773
779
msgstr ""
774
780
775
#: serverguide/C/windows-networking.xml:673(command)
781
#: serverguide/C/windows-networking.xml:683(command)
776
782
msgid "sudo aa-enforce /usr/sbin/smbd"
777
783
msgstr ""
778
784
779
#: serverguide/C/windows-networking.xml:674(command)
785
#: serverguide/C/windows-networking.xml:684(command)
780
786
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
781
787
msgstr ""
782
788
783
#: serverguide/C/windows-networking.xml:677(para)
789
#: serverguide/C/windows-networking.xml:687(para)
784
790
msgid ""
785
791
"You should now be able to read, write, and execute files in the shared "
786
792
"directory as normal, and the <application>smbd</application> binary will "
789
795
"will be logged to <filename>/var/log/syslog</filename>."
790
796
msgstr ""
791
797
792
#: serverguide/C/windows-networking.xml:702(para) serverguide/C/windows-networking.xml:1067(para)
798
#: serverguide/C/windows-networking.xml:712(para) serverguide/C/windows-networking.xml:1082(para)
793
799
msgid ""
794
800
"O'Reilly's <ulink "
795
801
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
796
802
"also a good reference."
797
803
msgstr ""
798
804
799
#: serverguide/C/windows-networking.xml:708(para)
805
#: serverguide/C/windows-networking.xml:718(para)
800
806
msgid ""
801
807
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
802
808
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
803
809
"security."
804
810
msgstr ""
805
811
806
#: serverguide/C/windows-networking.xml:714(para)
812
#: serverguide/C/windows-networking.xml:724(para)
807
813
msgid ""
808
814
"For more information on Samba and ACLs see the <ulink "
809
815
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
810
816
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
811
817
msgstr ""
812
818
813
#: serverguide/C/windows-networking.xml:725(title)
819
#: serverguide/C/windows-networking.xml:740(title)
814
820
msgid "Samba as a Domain Controller"
815
821
msgstr ""
816
822
817
#: serverguide/C/windows-networking.xml:727(para)
823
#: serverguide/C/windows-networking.xml:742(para)
818
824
msgid ""
819
825
"Although it cannot act as an Active Directory Primary Domain Controller "
820
826
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
823
829
"backends to store the user information."
824
830
msgstr ""
825
831
826
#: serverguide/C/windows-networking.xml:734(title)
832
#: serverguide/C/windows-networking.xml:749(title)
827
833
msgid "Primary Domain Controller"
828
834
msgstr ""
829
835
830
#: serverguide/C/windows-networking.xml:736(para)
836
#: serverguide/C/windows-networking.xml:751(para)
831
837
msgid ""
832
838
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
833
839
"using the default smbpasswd backend."
834
840
msgstr ""
835
841
836
#: serverguide/C/windows-networking.xml:743(para)
842
#: serverguide/C/windows-networking.xml:758(para)
837
843
msgid ""
838
844
"First, install Samba, and <application>libpam-smbpass</application> to sync "
839
845
"the user accounts, by entering the following in a terminal prompt:"
840
846
msgstr ""
841
847
842
#: serverguide/C/windows-networking.xml:749(command) serverguide/C/windows-networking.xml:965(command)
848
#: serverguide/C/windows-networking.xml:764(command) serverguide/C/windows-networking.xml:980(command)
843
849
msgid "sudo apt-get install samba libpam-smbpass"
844
850
msgstr ""
845
851
846
#: serverguide/C/windows-networking.xml:755(para)
852
#: serverguide/C/windows-networking.xml:770(para)
847
853
msgid ""
848
854
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
849
855
"The <emphasis>security</emphasis> mode should be set to <emphasis "
851
857
"should relate to your organization:"
852
858
msgstr ""
853
859
854
#: serverguide/C/windows-networking.xml:770(para)
860
#: serverguide/C/windows-networking.xml:785(para)
855
861
msgid ""
856
862
"In the commented <quote>Domains</quote> section add or uncomment the "
857
863
"following:"
858
864
msgstr ""
859
865
860
#: serverguide/C/windows-networking.xml:774(programlisting)
866
#: serverguide/C/windows-networking.xml:789(programlisting)
861
867
#, no-wrap
862
868
msgid ""
863
869
"\n"
870
876
"/var/lib/samba -s /bin/false %u\n"
871
877
msgstr ""
872
878
873
#: serverguide/C/windows-networking.xml:785(para)
879
#: serverguide/C/windows-networking.xml:800(para)
874
880
msgid ""
875
881
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
876
882
"Samba to act as a domain controller."
877
883
msgstr ""
878
884
879
#: serverguide/C/windows-networking.xml:790(para)
885
#: serverguide/C/windows-networking.xml:805(para)
880
886
msgid ""
881
887
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
882
888
"their home directory. It is also possible to configure a "
884
890
"directory."
885
891
msgstr ""
886
892
887
#: serverguide/C/windows-networking.xml:796(para)
893
#: serverguide/C/windows-networking.xml:811(para)
888
894
msgid ""
889
895
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
890
896
msgstr ""
891
897
892
#: serverguide/C/windows-networking.xml:801(para)
898
#: serverguide/C/windows-networking.xml:816(para)
893
899
msgid ""
894
900
"<emphasis>logon home:</emphasis> specifies the home directory location."
895
901
msgstr ""
896
902
897
#: serverguide/C/windows-networking.xml:806(para)
903
#: serverguide/C/windows-networking.xml:821(para)
898
904
msgid ""
899
905
"<emphasis>logon script:</emphasis> determines the script to be run locally "
900
906
"once a user has logged in. The script needs to be placed in the "
901
907
"<emphasis>[netlogon]</emphasis> share."
902
908
msgstr ""
903
909
904
#: serverguide/C/windows-networking.xml:812(para)
910
#: serverguide/C/windows-networking.xml:827(para)
905
911
msgid ""
906
912
"<emphasis>add machine script:</emphasis> a script that will automatically "
907
913
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
908
914
"workstation to join the domain."
909
915
msgstr ""
910
916
911
#: serverguide/C/windows-networking.xml:816(para)
917
#: serverguide/C/windows-networking.xml:831(para)
912
918
msgid ""
913
919
"In this example the <emphasis>machines</emphasis> group will need to be "
914
920
"created using the <application>addgroup</application> utility see <xref "
915
921
"linkend=\"adding-deleting-users\"/> for details."
916
922
msgstr ""
917
923
918
#: serverguide/C/windows-networking.xml:824(para)
924
#: serverguide/C/windows-networking.xml:839(para)
919
925
msgid ""
920
926
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
921
927
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
922
928
"commented."
923
929
msgstr ""
924
930
925
#: serverguide/C/windows-networking.xml:833(para)
931
#: serverguide/C/windows-networking.xml:848(para)
926
932
msgid ""
927
933
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
928
934
"role=\"italic\">logon home</emphasis> to be mapped:"
929
935
msgstr ""
930
936
931
#: serverguide/C/windows-networking.xml:838(programlisting)
937
#: serverguide/C/windows-networking.xml:853(programlisting)
932
938
#, no-wrap
933
939
msgid ""
934
940
"\n"
941
947
" valid users = %S\n"
942
948
msgstr ""
943
949
944
#: serverguide/C/windows-networking.xml:851(para)
950
#: serverguide/C/windows-networking.xml:866(para)
945
951
msgid ""
946
952
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
947
953
"share needs to be configured. To enable the share, uncomment:"
948
954
msgstr ""
949
955
950
#: serverguide/C/windows-networking.xml:856(programlisting)
956
#: serverguide/C/windows-networking.xml:871(programlisting)
951
957
#, no-wrap
952
958
msgid ""
953
959
"\n"
959
965
" share modes = no\n"
960
966
msgstr ""
961
967
962
#: serverguide/C/windows-networking.xml:866(para)
968
#: serverguide/C/windows-networking.xml:881(para)
963
969
msgid ""
964
970
"The original <emphasis>netlogon</emphasis> share path is "
965
971
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
968
974
"location for site-specific data provided by the system."
969
975
msgstr ""
970
976
971
#: serverguide/C/windows-networking.xml:877(para)
977
#: serverguide/C/windows-networking.xml:892(para)
972
978
msgid ""
973
979
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
974
980
"and an empty (for now) <filename>logon.cmd</filename> script file:"
975
981
msgstr ""
976
982
977
#: serverguide/C/windows-networking.xml:883(command)
983
#: serverguide/C/windows-networking.xml:898(command)
978
984
msgid "sudo mkdir -p /srv/samba/netlogon"
979
985
msgstr ""
980
986
981
#: serverguide/C/windows-networking.xml:884(command)
987
#: serverguide/C/windows-networking.xml:899(command)
982
988
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
983
989
msgstr ""
984
990
985
#: serverguide/C/windows-networking.xml:887(para)
991
#: serverguide/C/windows-networking.xml:902(para)
986
992
msgid ""
987
993
"You can enter any normal Windows logon script commands in "
988
994
"<filename>logon.cmd</filename> to customize the client's environment."
989
995
msgstr ""
990
996
991
#: serverguide/C/windows-networking.xml:895(para)
997
#: serverguide/C/windows-networking.xml:910(para)
992
998
msgid ""
993
999
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
994
1000
"workstation to the domain, a system group needs to be mapped to the Windows "
996
1002
"<application>net</application> utility, from a terminal enter:"
997
1003
msgstr ""
998
1004
999
#: serverguide/C/windows-networking.xml:902(command)
1005
#: serverguide/C/windows-networking.xml:917(command)
1000
1006
msgid ""
1001
1007
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1002
1008
"type=d"
1003
1009
msgstr ""
1004
1010
1005
#: serverguide/C/windows-networking.xml:906(para)
1011
#: serverguide/C/windows-networking.xml:921(para)
1006
1012
msgid ""
1007
1013
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1008
1014
"prefer. Also, the user used to join the domain needs to be a member of the "
1011
1017
"allows <application>sudo</application> use."
1012
1018
msgstr ""
1013
1019
1014
#: serverguide/C/windows-networking.xml:917(para)
1020
#: serverguide/C/windows-networking.xml:932(para)
1015
1021
msgid "Finally, restart Samba to enable the new domain controller:"
1016
1022
msgstr ""
1017
1023
1018
#: serverguide/C/windows-networking.xml:928(para)
1024
#: serverguide/C/windows-networking.xml:943(para)
1019
1025
msgid ""
1020
1026
"You should now be able to join Windows clients to the Domain in the same "
1021
1027
"manner as joining them to an NT4 domain running on a Windows server."
1022
1028
msgstr ""
1023
1029
1024
#: serverguide/C/windows-networking.xml:938(title)
1030
#: serverguide/C/windows-networking.xml:953(title)
1025
1031
msgid "Backup Domain Controller"
1026
1032
msgstr ""
1027
1033
1028
#: serverguide/C/windows-networking.xml:940(para)
1034
#: serverguide/C/windows-networking.xml:955(para)
1029
1035
msgid ""
1030
1036
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1031
1037
"Backup Domain Controller (BDC) as well. This will allow clients to "
1032
1038
"authenticate in case the PDC becomes unavailable."
1033
1039
msgstr ""
1034
1040
1035
#: serverguide/C/windows-networking.xml:945(para)
1041
#: serverguide/C/windows-networking.xml:960(para)
1036
1042
msgid ""
1037
1043
"When configuring Samba as a BDC you need a way to sync account information "
1038
1044
"with the PDC. There are multiple ways of accomplishing this "
1041
1047
"backend</emphasis>."
1042
1048
msgstr ""
1043
1049
1044
#: serverguide/C/windows-networking.xml:951(para)
1050
#: serverguide/C/windows-networking.xml:966(para)
1045
1051
msgid ""
1046
1052
"Using LDAP is the most robust way to sync account information, because both "
1047
1053
"domain controllers can use the same information in real time. However, "
1049
1055
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1050
1056
msgstr ""
1051
1057
1052
#: serverguide/C/windows-networking.xml:960(para)
1058
#: serverguide/C/windows-networking.xml:975(para)
1053
1059
msgid ""
1054
1060
"First, install <application>samba</application> and <application>libpam-"
1055
1061
"smbpass</application>. From a terminal enter:"
1056
1062
msgstr ""
1057
1063
1058
#: serverguide/C/windows-networking.xml:971(para)
1064
#: serverguide/C/windows-networking.xml:986(para)
1059
1065
msgid ""
1060
1066
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1061
1067
"following in the <emphasis>[global]</emphasis>:"
1062
1068
msgstr ""
1063
1069
1064
#: serverguide/C/windows-networking.xml:984(para)
1070
#: serverguide/C/windows-networking.xml:999(para)
1065
1071
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1066
1072
msgstr ""
1067
1073
1068
#: serverguide/C/windows-networking.xml:988(programlisting)
1074
#: serverguide/C/windows-networking.xml:1003(programlisting)
1069
1075
#, no-wrap
1070
1076
msgid ""
1071
1077
"\n"
1073
1079
" domain master = no\n"
1074
1080
msgstr ""
1075
1081
1076
#: serverguide/C/windows-networking.xml:996(para)
1082
#: serverguide/C/windows-networking.xml:1011(para)
1077
1083
msgid ""
1078
1084
"Make sure a user has rights to read the files in "
1079
1085
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1081
1087
"files, enter:"
1082
1088
msgstr ""
1083
1089
1084
#: serverguide/C/windows-networking.xml:1002(command)
1090
#: serverguide/C/windows-networking.xml:1017(command)
1085
1091
msgid "sudo chgrp -R admin /var/lib/samba"
1086
1092
msgstr ""
1087
1093
1088
#: serverguide/C/windows-networking.xml:1008(para)
1094
#: serverguide/C/windows-networking.xml:1023(para)
1089
1095
msgid ""
1090
1096
"Next, sync the user accounts, using <application>scp</application> to copy "
1091
1097
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1092
1098
msgstr ""
1093
1099
1094
#: serverguide/C/windows-networking.xml:1014(command)
1100
#: serverguide/C/windows-networking.xml:1029(command)
1095
1101
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1096
1102
msgstr ""
1097
1103
1098
#: serverguide/C/windows-networking.xml:1018(para)
1104
#: serverguide/C/windows-networking.xml:1033(para)
1099
1105
msgid ""
1100
1106
"Replace <emphasis>username</emphasis> with a valid username and "
1101
1107
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1102
1108
msgstr ""
1103
1109
1104
#: serverguide/C/windows-networking.xml:1027(para)
1110
#: serverguide/C/windows-networking.xml:1042(para)
1105
1111
msgid "Finally, restart <application>samba</application>:"
1106
1112
msgstr ""
1107
1113
1108
#: serverguide/C/windows-networking.xml:1038(para)
1114
#: serverguide/C/windows-networking.xml:1053(para)
1109
1115
msgid ""
1110
1116
"You can test that your Backup Domain controller is working by stopping the "
1111
1117
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1112
1118
"the domain."
1113
1119
msgstr ""
1114
1120
1115
#: serverguide/C/windows-networking.xml:1043(para)
1121
#: serverguide/C/windows-networking.xml:1058(para)
1116
1122
msgid ""
1117
1123
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1118
1124
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1121
1127
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1122
1128
msgstr ""
1123
1129
1124
#: serverguide/C/windows-networking.xml:1073(para)
1130
#: serverguide/C/windows-networking.xml:1088(para)
1125
1131
msgid ""
1126
1132
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1127
1133
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1128
1134
"up a Primary Domain Controller."
1129
1135
msgstr ""
1130
1136
1131
#: serverguide/C/windows-networking.xml:1079(para)
1137
#: serverguide/C/windows-networking.xml:1094(para)
1132
1138
msgid ""
1133
1139
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1134
1140
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1135
1141
"explains setting up a Backup Domain Controller."
1136
1142
msgstr ""
1137
1143
1138
#: serverguide/C/windows-networking.xml:1089(title)
1144
#: serverguide/C/windows-networking.xml:1109(title)
1139
1145
msgid "Samba Active Directory Integration"
1140
1146
msgstr ""
1141
1147
1142
#: serverguide/C/windows-networking.xml:1092(title)
1148
#: serverguide/C/windows-networking.xml:1112(title)
1143
1149
msgid "Accessing a Samba Share"
1144
1150
msgstr ""
1145
1151
1146
#: serverguide/C/windows-networking.xml:1094(para)
1152
#: serverguide/C/windows-networking.xml:1114(para)
1147
1153
msgid ""
1148
1154
"Another, use for Samba is to integrate into an existing Windows network. "
1149
1155
"Once part of an Active Directory domain, Samba can provide file and print "
1150
1156
"services to AD users."
1151
1157
msgstr ""
1152
1158
1153
#: serverguide/C/windows-networking.xml:1099(para)
1159
#: serverguide/C/windows-networking.xml:1119(para)
1154
1160
msgid ""
1155
1161
"The simplest way to join an AD domain is to use <application>Likewise-"
1156
1162
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1157
1163
"open\"/>."
1158
1164
msgstr ""
1159
1165
1160
#: serverguide/C/windows-networking.xml:1104(para)
1161
msgid "Once part of the domain, install the following packages:"
1166
#: serverguide/C/windows-networking.xml:1124(para)
1167
msgid ""
1168
"Once part of the domain, enter the following command in the terminal prompt:"
1162
1169
msgstr ""
1163
1170
1164
#: serverguide/C/windows-networking.xml:1109(command)
1171
#: serverguide/C/windows-networking.xml:1129(command)
1165
1172
msgid "sudo apt-get install samba smbfs smbclient"
1166
1173
msgstr ""
1167
1174
1168
#: serverguide/C/windows-networking.xml:1112(para)
1175
#: serverguide/C/windows-networking.xml:1132(para)
1169
1176
msgid ""
1170
1177
"Since the <application>likewise-open</application> and "
1171
1178
"<application>samba</application> packages use separate "
1173
1180
"<filename role=\"directory\">/var/lib/samba</filename>:"
1174
1181
msgstr ""
1175
1182
1176
#: serverguide/C/windows-networking.xml:1118(command)
1183
#: serverguide/C/windows-networking.xml:1138(command)
1177
1184
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1178
1185
msgstr ""
1179
1186
1180
#: serverguide/C/windows-networking.xml:1119(command)
1187
#: serverguide/C/windows-networking.xml:1139(command)
1181
1188
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1182
1189
msgstr ""
1183
1190
1184
#: serverguide/C/windows-networking.xml:1122(para)
1191
#: serverguide/C/windows-networking.xml:1142(para)
1185
1192
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1186
1193
msgstr ""
1187
1194
1188
#: serverguide/C/windows-networking.xml:1126(programlisting)
1195
#: serverguide/C/windows-networking.xml:1146(programlisting)
1189
1196
#, no-wrap
1190
1197
msgid ""
1191
1198
"\n"
1199
1206
" idmap gid = 50-9999999999\n"
1200
1207
msgstr ""
1201
1208
1202
#: serverguide/C/windows-networking.xml:1137(para)
1209
#: serverguide/C/windows-networking.xml:1157(para)
1203
1210
msgid ""
1204
1211
"Restart <application>samba</application> for the new settings to take effect:"
1205
1212
msgstr ""
1206
1213
1207
#: serverguide/C/windows-networking.xml:1145(para)
1214
#: serverguide/C/windows-networking.xml:1165(para)
1208
1215
msgid ""
1209
1216
"You should now be able to access any <application>Samba</application> shares "
1210
1217
"from a Windows client. However, be sure to give the appropriate AD users or "
1212
1219
"security\"/> for more details."
1213
1220
msgstr ""
1214
1221
1215
#: serverguide/C/windows-networking.xml:1153(title)
1222
#: serverguide/C/windows-networking.xml:1173(title)
1216
1223
msgid "Accessing a Windows Share"
1217
1224
msgstr ""
1218
1225
1219
#: serverguide/C/windows-networking.xml:1155(para)
1226
#: serverguide/C/windows-networking.xml:1175(para)
1220
1227
msgid ""
1221
1228
"Now that the Samba server is part of the Active Directory domain you can "
1222
1229
"access any Windows server shares:"
1223
1230
msgstr ""
1224
1231
1225
#: serverguide/C/windows-networking.xml:1162(para)
1232
#: serverguide/C/windows-networking.xml:1182(para)
1226
1233
msgid ""
1227
1234
"To mount a Windows file share enter the following in a terminal prompt:"
1228
1235
msgstr ""
1229
1236
1230
#: serverguide/C/windows-networking.xml:1166(command)
1237
#: serverguide/C/windows-networking.xml:1186(command)
1231
1238
msgid "mount.cifs //fs01.example.com/share mount_point"
1232
1239
msgstr ""
1233
1240
1234
#: serverguide/C/windows-networking.xml:1169(para)
1241
#: serverguide/C/windows-networking.xml:1189(para)
1235
1242
msgid ""
1236
1243
"It is also possible to access shares on computers not part of an AD domain, "
1237
1244
"but a username and password will need to be provided."
1238
1245
msgstr ""
1239
1246
1240
#: serverguide/C/windows-networking.xml:1177(para)
1247
#: serverguide/C/windows-networking.xml:1197(para)
1241
1248
msgid ""
1242
1249
"To mount the share during boot place an entry in "
1243
1250
"<filename>/etc/fstab</filename>, for example:"
1244
1251
msgstr ""
1245
1252
1246
#: serverguide/C/windows-networking.xml:1181(programlisting)
1253
#: serverguide/C/windows-networking.xml:1201(programlisting)
1247
1254
#, no-wrap
1248
1255
msgid ""
1249
1256
"\n"
1251
1258
"0 0\n"
1252
1259
msgstr ""
1253
1260
1254
#: serverguide/C/windows-networking.xml:1188(para)
1261
#: serverguide/C/windows-networking.xml:1208(para)
1255
1262
msgid ""
1256
1263
"Another way to copy files from a Windows server is to use the "
1257
1264
"<application>smbclient</application> utility. To list the files in a Windows "
1258
1265
"share:"
1259
1266
msgstr ""
1260
1267
1261
#: serverguide/C/windows-networking.xml:1194(command)
1268
#: serverguide/C/windows-networking.xml:1214(command)
1262
1269
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1263
1270
msgstr ""
1264
1271
1265
#: serverguide/C/windows-networking.xml:1200(para)
1272
#: serverguide/C/windows-networking.xml:1220(para)
1266
1273
msgid "To copy a file from the share, enter:"
1267
1274
msgstr ""
1268
1275
1269
#: serverguide/C/windows-networking.xml:1205(command)
1276
#: serverguide/C/windows-networking.xml:1225(command)
1270
1277
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1271
1278
msgstr ""
1272
1279
1273
#: serverguide/C/windows-networking.xml:1208(para)
1280
#: serverguide/C/windows-networking.xml:1228(para)
1274
1281
msgid ""
1275
1282
"This will copy the <filename>file.txt</filename> into the current directory."
1276
1283
msgstr ""
1277
1284
1278
#: serverguide/C/windows-networking.xml:1215(para)
1285
#: serverguide/C/windows-networking.xml:1235(para)
1279
1286
msgid "And to copy a file to the share:"
1280
1287
msgstr ""
1281
1288
1282
#: serverguide/C/windows-networking.xml:1220(command)
1289
#: serverguide/C/windows-networking.xml:1240(command)
1283
1290
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1284
1291
msgstr ""
1285
1292
1286
#: serverguide/C/windows-networking.xml:1223(para)
1293
#: serverguide/C/windows-networking.xml:1243(para)
1287
1294
msgid ""
1288
1295
"This will copy the <filename>/etc/hosts</filename> to "
1289
1296
"<filename>//fs01.example.com/share/hosts</filename>."
1290
1297
msgstr ""
1291
1298
1292
#: serverguide/C/windows-networking.xml:1230(para)
1299
#: serverguide/C/windows-networking.xml:1250(para)
1293
1300
msgid ""
1294
1301
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1295
1302
"<application>smbclient</application> command all at once. This is useful for "
1298
1305
"and directory commands, simply execute:"
1299
1306
msgstr ""
1300
1307
1301
#: serverguide/C/windows-networking.xml:1237(command)
1308
#: serverguide/C/windows-networking.xml:1257(command)
1302
1309
msgid "smbclient //fs01.example.com/share -k"
1303
1310
msgstr ""
1304
1311
1305
#: serverguide/C/windows-networking.xml:1244(para)
1312
#: serverguide/C/windows-networking.xml:1264(para)
1306
1313
msgid ""
1307
1314
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1308
1315
"<emphasis>//192.168.0.5/share</emphasis>, "
1311
1318
"file name, and an actual username and password with rights to the share."
1312
1319
msgstr ""
1313
1320
1314
#: serverguide/C/windows-networking.xml:1255(para)
1321
#: serverguide/C/windows-networking.xml:1275(para)
1315
1322
msgid ""
1316
1323
"For more <application>smbclient</application> options see the man page: "
1317
1324
"<command>man smbclient</command>, also available <ulink "
1318
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1319
"nline</ulink>."
1325
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
1326
"line</ulink>."
1320
1327
msgstr ""
1321
1328
1322
#: serverguide/C/windows-networking.xml:1260(para)
1329
#: serverguide/C/windows-networking.xml:1280(para)
1323
1330
msgid ""
1324
1331
"The <application>mount.cifs</application><ulink "
1325
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1326
"man page</ulink> is also useful for more detailed information."
1332
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
1333
"an page</ulink> is also useful for more detailed information."
1327
1334
msgstr ""
1328
1335
1329
#: serverguide/C/windows-networking.xml:1270(title)
1336
#: serverguide/C/windows-networking.xml:1293(title)
1330
1337
msgid "Likewise Open"
1331
1338
msgstr ""
1332
1339
1333
#: serverguide/C/windows-networking.xml:1272(para)
1340
#: serverguide/C/windows-networking.xml:1295(para)
1334
1341
msgid ""
1335
1342
"<application>Likewise Open</application> simplifies the necessary "
1336
1343
"configuration needed to authenticate a Linux machine to an Active Directory "
1339
1346
"integrating Ubuntu authentication into an existing Windows network."
1340
1347
msgstr ""
1341
1348
1342
#: serverguide/C/windows-networking.xml:1281(para)
1349
#: serverguide/C/windows-networking.xml:1304(para)
1343
1350
msgid ""
1344
1351
"There are two ways to use Likewise Open, <application>likewise-"
1345
1352
"open</application> the command line utility and <application>likewise-open-"
1346
1353
"gui</application>. This section focuses on the command line utility."
1347
1354
msgstr ""
1348
1355
1349
#: serverguide/C/windows-networking.xml:1286(para)
1356
#: serverguide/C/windows-networking.xml:1309(para)
1350
1357
msgid ""
1351
1358
"To install the <application>likewise-open</application> package, open a "
1352
1359
"terminal prompt and enter:"
1353
1360
msgstr ""
1354
1361
1355
#: serverguide/C/windows-networking.xml:1291(command)
1362
#: serverguide/C/windows-networking.xml:1314(command)
1356
1363
msgid "sudo apt-get install likewise-open"
1357
1364
msgstr ""
1358
1365
1359
#: serverguide/C/windows-networking.xml:1294(para)
1360
msgid ""
1361
"With Ubuntu 9.04 <application>Likewise Open 5.0</application> is available "
1362
"in the <emphasis>Universe</emphasis> repository. However, since upgrading "
1363
"from <application>Likewise Open 4.1</application> currently requires the "
1364
"system to leave the domain and re-join, a separate package for version five "
1365
"was created."
1366
msgstr ""
1367
1368
#: serverguide/C/windows-networking.xml:1300(para)
1369
msgid "To install <application>Likewise Open 5.0</application> enter:"
1370
msgstr ""
1371
1372
#: serverguide/C/windows-networking.xml:1305(command)
1373
msgid "sudo apt-get install likewise-open5"
1374
msgstr ""
1375
1376
#: serverguide/C/windows-networking.xml:1309(para)
1377
msgid ""
1378
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1379
"will replace it. You will have to rejoin the domain after install."
1380
msgstr ""
1381
1382
#: serverguide/C/windows-networking.xml:1317(title)
1366
#: serverguide/C/windows-networking.xml:1319(title)
1383
1367
msgid "Joining a Domain"
1384
1368
msgstr ""
1385
1369
1386
#: serverguide/C/windows-networking.xml:1319(para)
1370
#: serverguide/C/windows-networking.xml:1321(para)
1387
1371
msgid ""
1388
1372
"The main executable file of the <application>likewise-open</application> "
1389
1373
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1391
1375
"make sure you have:"
1392
1376
msgstr ""
1393
1377
1394
#: serverguide/C/windows-networking.xml:1327(para)
1378
#: serverguide/C/windows-networking.xml:1329(para)
1395
1379
msgid ""
1396
1380
"Access to an Active Directory user with appropriate rights to join the "
1397
1381
"domain."
1398
1382
msgstr ""
1399
1383
1400
#: serverguide/C/windows-networking.xml:1332(para)
1384
#: serverguide/C/windows-networking.xml:1334(para)
1401
1385
msgid ""
1402
1386
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1403
1387
"you want to join. If your AD domain does not match a valid domain such as "
1405
1389
"the form of <emphasis>domainname.local</emphasis>."
1406
1390
msgstr ""
1407
1391
1408
#: serverguide/C/windows-networking.xml:1339(para)
1392
#: serverguide/C/windows-networking.xml:1341(para)
1409
1393
msgid ""
1410
1394
"DNS for the domain setup properly. In a production AD environment this "
1411
1395
"should be the case. Proper Microsoft DNS is needed so that client "
1412
1396
"workstations can determine the Active Directory domain is available."
1413
1397
msgstr ""
1414
1398
1415
#: serverguide/C/windows-networking.xml:1343(para)
1399
#: serverguide/C/windows-networking.xml:1345(para)
1416
1400
msgid ""
1417
1401
"If you don't have a Windows DNS server on your network, see <xref "
1418
1402
"linkend=\"likewise-open-ms-dns\"/> for details."
1419
1403
msgstr ""
1420
1404
1421
#: serverguide/C/windows-networking.xml:1350(para)
1405
#: serverguide/C/windows-networking.xml:1352(para)
1422
1406
msgid "To join a domain, from a terminal prompt enter:"
1423
1407
msgstr ""
1424
1408
1425
#: serverguide/C/windows-networking.xml:1355(command)
1409
#: serverguide/C/windows-networking.xml:1357(command)
1426
1410
msgid "sudo domainjoin-cli join example.com Administrator"
1427
1411
msgstr ""
1428
1412
1429
#: serverguide/C/windows-networking.xml:1359(para)
1413
#: serverguide/C/windows-networking.xml:1361(para)
1430
1414
msgid ""
1431
1415
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1432
1416
"<emphasis>Administrator</emphasis> with the appropriate user name."
1433
1417
msgstr ""
1434
1418
1435
#: serverguide/C/windows-networking.xml:1365(para)
1419
#: serverguide/C/windows-networking.xml:1367(para)
1436
1420
msgid ""
1437
1421
"You will then be prompted for the user's password. If all goes well a "
1438
1422
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1439
1423
msgstr ""
1440
1424
1441
#: serverguide/C/windows-networking.xml:1371(para)
1425
#: serverguide/C/windows-networking.xml:1373(para)
1442
1426
msgid ""
1443
1427
"After joining the domain, it is necessary to reboot before attempting to "
1444
1428
"authenticate against the domain."
1445
1429
msgstr ""
1446
1430
1447
#: serverguide/C/windows-networking.xml:1377(para)
1431
#: serverguide/C/windows-networking.xml:1379(para)
1448
1432
msgid ""
1449
1433
"After successfully joining an Ubuntu machine to an Active Directory domain "
1450
1434
"you can authenticate using any valid AD user. To login you will need to "
1452
1436
"joined to the domain enter:"
1453
1437
msgstr ""
1454
1438
1455
#: serverguide/C/windows-networking.xml:1384(command)
1439
#: serverguide/C/windows-networking.xml:1386(command)
1456
1440
msgid "ssh 'example\\steve'@hostname"
1457
1441
msgstr ""
1458
1442
1459
#: serverguide/C/windows-networking.xml:1388(para)
1443
#: serverguide/C/windows-networking.xml:1390(para)
1460
1444
msgid ""
1461
1445
"If configuring a Desktop the user name will need to be prefixed with "
1462
1446
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1463
1447
msgstr ""
1464
1448
1465
#: serverguide/C/windows-networking.xml:1394(para)
1449
#: serverguide/C/windows-networking.xml:1396(para)
1466
1450
msgid ""
1467
1451
"To make likewise-open use a default domain, you can add the following "
1468
1452
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1469
1453
msgstr ""
1470
1454
1471
#: serverguide/C/windows-networking.xml:1398(programlisting)
1455
#: serverguide/C/windows-networking.xml:1400(programlisting)
1472
1456
#, no-wrap
1473
1457
msgid ""
1474
1458
"\n"
1475
1459
"winbind use default domain = yes\n"
1476
1460
msgstr ""
1477
1461
1478
#: serverguide/C/windows-networking.xml:1402(para)
1462
#: serverguide/C/windows-networking.xml:1404(para)
1479
1463
msgid "Then restart the <application>likewise-open</application> daemons:"
1480
1464
msgstr ""
1481
1465
1482
#: serverguide/C/windows-networking.xml:1407(command)
1466
#: serverguide/C/windows-networking.xml:1409(command)
1483
1467
msgid "sudo /etc/init.d/likewise-open restart"
1484
1468
msgstr ""
1485
1469
1486
#: serverguide/C/windows-networking.xml:1411(para)
1470
#: serverguide/C/windows-networking.xml:1413(para)
1487
1471
msgid ""
1488
1472
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1489
1473
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1490
1474
"using only their username."
1491
1475
msgstr ""
1492
1476
1493
#: serverguide/C/windows-networking.xml:1417(para)
1477
#: serverguide/C/windows-networking.xml:1419(para)
1494
1478
msgid ""
1495
1479
"The <application>domainjoin-cli</application> utility can also be used to "
1496
1480
"leave the domain. From a terminal:"
1497
1481
msgstr ""
1498
1482
1499
#: serverguide/C/windows-networking.xml:1422(command)
1483
#: serverguide/C/windows-networking.xml:1424(command)
1500
1484
msgid "sudo domainjoin-cli leave"
1501
1485
msgstr ""
1502
1486
1503
#: serverguide/C/windows-networking.xml:1427(title) serverguide/C/security.xml:1830(title)
1487
#: serverguide/C/windows-networking.xml:1429(title) serverguide/C/security.xml:1777(title)
1504
1488
msgid "Other Utilities"
1505
1489
msgstr ""
1506
1490
1507
#: serverguide/C/windows-networking.xml:1429(para)
1491
#: serverguide/C/windows-networking.xml:1431(para)
1508
1492
msgid ""
1509
1493
"The <application>likewise-open</application> package comes with a few other "
1510
1494
"utilities that may be useful for gathering information about the Active "
1513
1497
"common</application> and <application>winbind</application> packages:"
1514
1498
msgstr ""
1515
1499
1516
#: serverguide/C/windows-networking.xml:1438(para)
1500
#: serverguide/C/windows-networking.xml:1440(para)
1517
1501
msgid ""
1518
1502
"<application>lwinet</application>: Returns information about the network and "
1519
1503
"the domain."
1520
1504
msgstr ""
1521
1505
1522
#: serverguide/C/windows-networking.xml:1443(para)
1506
#: serverguide/C/windows-networking.xml:1445(para)
1523
1507
msgid ""
1524
1508
"<application>lwimsg</application>: Allows interaction with the "
1525
1509
"<application>likewise-winbindd</application> daemon."
1526
1510
msgstr ""
1527
1511
1528
#: serverguide/C/windows-networking.xml:1448(para)
1512
#: serverguide/C/windows-networking.xml:1450(para)
1529
1513
msgid ""
1530
1514
"<application>lwiinfo</application>: Displays information about various parts "
1531
1515
"of the Domain."
1532
1516
msgstr ""
1533
1517
1534
#: serverguide/C/windows-networking.xml:1454(para)
1518
#: serverguide/C/windows-networking.xml:1456(para)
1535
1519
msgid "Please refer to each utility's man page specific for details."
1536
1520
msgstr ""
1537
1521
1538
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:336(title) serverguide/C/mail.xml:1563(title) serverguide/C/dns.xml:338(title)
1522
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1539
1523
msgid "Troubleshooting"
1540
1524
msgstr ""
1541
1525
1542
#: serverguide/C/windows-networking.xml:1464(para)
1526
#: serverguide/C/windows-networking.xml:1466(para)
1543
1527
msgid ""
1544
1528
"If the client has trouble joining the domain, double check that the "
1545
1529
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1546
1530
"example:"
1547
1531
msgstr ""
1548
1532
1549
#: serverguide/C/windows-networking.xml:1469(programlisting)
1533
#: serverguide/C/windows-networking.xml:1471(programlisting)
1550
1534
#, no-wrap
1551
1535
msgid ""
1552
1536
"\n"
1553
1537
"nameserver 192.168.0.1\n"
1554
1538
msgstr ""
1555
1539
1556
#: serverguide/C/windows-networking.xml:1474(para)
1540
#: serverguide/C/windows-networking.xml:1476(para)
1557
1541
msgid ""
1558
1542
"For more information when joining a domain, use the <emphasis>--loglevel "
1559
1543
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1560
1544
"<application>domainjoin-cli</application> utility:"
1561
1545
msgstr ""
1562
1546
1563
#: serverguide/C/windows-networking.xml:1480(command)
1547
#: serverguide/C/windows-networking.xml:1482(command)
1564
1548
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1565
1549
msgstr ""
1566
1550
1567
#: serverguide/C/windows-networking.xml:1484(para)
1551
#: serverguide/C/windows-networking.xml:1486(para)
1568
1552
msgid ""
1569
1553
"If an Active Directory user has trouble logging in, check the "
1570
1554
"<filename>/var/log/auth.log</filename> for details."
1571
1555
msgstr ""
1572
1556
1573
#: serverguide/C/windows-networking.xml:1489(para)
1557
#: serverguide/C/windows-networking.xml:1491(para)
1574
1558
msgid ""
1575
1559
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1576
1560
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1577
1561
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1578
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1579
"option. For example:"
1562
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1563
"<emphasis>hosts</emphasis> option. For example:"
1580
1564
msgstr ""
1581
1565
1582
#: serverguide/C/windows-networking.xml:1495(programlisting)
1566
#: serverguide/C/windows-networking.xml:1497(programlisting)
1583
1567
#, no-wrap
1584
1568
msgid ""
1585
1569
"\n"
1586
1570
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1587
1571
msgstr ""
1588
1572
1589
#: serverguide/C/windows-networking.xml:1499(para)
1573
#: serverguide/C/windows-networking.xml:1501(para)
1590
1574
msgid "Change the above to:"
1591
1575
msgstr ""
1592
1576
1593
#: serverguide/C/windows-networking.xml:1503(programlisting)
1577
#: serverguide/C/windows-networking.xml:1505(programlisting)
1594
1578
#, no-wrap
1595
1579
msgid ""
1596
1580
"\n"
1597
1581
"hosts: files dns [NOTFOUND=return]\n"
1598
1582
msgstr ""
1599
1583
1600
#: serverguide/C/windows-networking.xml:1507(para)
1584
#: serverguide/C/windows-networking.xml:1509(para)
1601
1585
msgid "Then restart networking by entering:"
1602
1586
msgstr ""
1603
1587
1604
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1588
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1605
1589
msgid "sudo /etc/init.d/networking restart"
1606
1590
msgstr ""
1607
1591
1608
#: serverguide/C/windows-networking.xml:1515(para)
1592
#: serverguide/C/windows-networking.xml:1517(para)
1609
1593
msgid "You should now be able to join the Active Directory domain."
1610
1594
msgstr ""
1611
1595
1612
#: serverguide/C/windows-networking.xml:1523(title)
1596
#: serverguide/C/windows-networking.xml:1525(title)
1613
1597
msgid "Microsoft DNS"
1614
1598
msgstr ""
1615
1599
1616
#: serverguide/C/windows-networking.xml:1525(para)
1600
#: serverguide/C/windows-networking.xml:1527(para)
1617
1601
msgid ""
1618
1602
"The following are instructions for installing DNS on an Active Directory "
1619
1603
"domain controller running Windows Server 2003, but the instructions should "
1620
1604
"be similar for other versions:"
1621
1605
msgstr ""
1622
1606
1623
#: serverguide/C/windows-networking.xml:1532(para)
1607
#: serverguide/C/windows-networking.xml:1536(para)
1624
1608
msgid ""
1625
1609
"Click "
1626
1610
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1627
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1611
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1628
1612
"This will open the <application>Server Role Mangement</application> utility."
1629
1613
msgstr ""
1630
1614
1631
#: serverguide/C/windows-networking.xml:1540(para)
1632
msgid "Click Add or remove a role"
1615
#: serverguide/C/windows-networking.xml:1544(para)
1616
msgid "Click <guilabel>Add or remove a role</guilabel>"
1633
1617
msgstr ""
1634
1618
1635
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1619
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1636
1620
msgid "Click Next"
1637
1621
msgstr ""
1638
1622
1639
#: serverguide/C/windows-networking.xml:1542(para)
1623
#: serverguide/C/windows-networking.xml:1546(para)
1640
1624
msgid "Select \"DNS Server\""
1641
1625
msgstr ""
1642
1626
1643
#: serverguide/C/windows-networking.xml:1544(para)
1644
msgid "Next"
1627
#: serverguide/C/windows-networking.xml:1548(para)
1628
msgid "Click Next again to proceed"
1645
1629
msgstr ""
1646
1630
1647
#: serverguide/C/windows-networking.xml:1545(para)
1631
#: serverguide/C/windows-networking.xml:1549(para)
1648
1632
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1649
1633
msgstr ""
1650
1634
1651
#: serverguide/C/windows-networking.xml:1547(para)
1635
#: serverguide/C/windows-networking.xml:1551(para)
1652
1636
msgid ""
1653
1637
"Make sure \"This server maintains the zone\" is selected and click Next."
1654
1638
msgstr ""
1655
1639
1656
#: serverguide/C/windows-networking.xml:1548(para)
1640
#: serverguide/C/windows-networking.xml:1552(para)
1657
1641
msgid "Enter your domain name and click Next"
1658
1642
msgstr ""
1659
1643
1660
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1644
#: serverguide/C/windows-networking.xml:1553(para)
1661
1645
msgid "Click Next to \"Allow only secure dynamic updates\""
1662
1646
msgstr ""
1663
1647
1664
#: serverguide/C/windows-networking.xml:1552(para)
1648
#: serverguide/C/windows-networking.xml:1555(para)
1665
1649
msgid ""
1666
1650
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1667
1651
"should not forward queries\" and click Next."
1668
1652
msgstr ""
1669
1653
1670
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1654
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1671
1655
msgid "Click Finish"
1672
1656
msgstr ""
1673
1657
1674
#: serverguide/C/windows-networking.xml:1559(para)
1658
#: serverguide/C/windows-networking.xml:1562(para)
1675
1659
msgid ""
1676
1660
"DNS is now installed and can be further configured using the "
1677
1661
"<application>Microsoft Management Console</application> DNS snap-in."
1678
1662
msgstr ""
1679
1663
1680
#: serverguide/C/windows-networking.xml:1567(para)
1664
#: serverguide/C/windows-networking.xml:1570(para)
1681
1665
msgid "Click Start"
1682
1666
msgstr ""
1683
1667
1684
#: serverguide/C/windows-networking.xml:1568(para)
1668
#: serverguide/C/windows-networking.xml:1571(para)
1685
1669
msgid "Control Panel"
1686
1670
msgstr ""
1687
1671
1688
#: serverguide/C/windows-networking.xml:1569(para)
1672
#: serverguide/C/windows-networking.xml:1572(para)
1689
1673
msgid "Network Connections"
1690
1674
msgstr ""
1691
1675
1692
#: serverguide/C/windows-networking.xml:1570(para)
1676
#: serverguide/C/windows-networking.xml:1573(para)
1693
1677
msgid "Right Click \"Local Area Connection\""
1694
1678
msgstr ""
1695
1679
1696
#: serverguide/C/windows-networking.xml:1571(para)
1680
#: serverguide/C/windows-networking.xml:1574(para)
1697
1681
msgid "Click Properties"
1698
1682
msgstr ""
1699
1683
1700
#: serverguide/C/windows-networking.xml:1572(para)
1684
#: serverguide/C/windows-networking.xml:1575(para)
1701
1685
msgid "Double click \"Internet Protocol (TCP/IP)\""
1702
1686
msgstr ""
1703
1687
1704
#: serverguide/C/windows-networking.xml:1573(para)
1688
#: serverguide/C/windows-networking.xml:1576(para)
1705
1689
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1706
1690
msgstr ""
1707
1691
1708
#: serverguide/C/windows-networking.xml:1574(para)
1692
#: serverguide/C/windows-networking.xml:1577(para)
1709
1693
msgid "Click Ok"
1710
1694
msgstr ""
1711
1695
1712
#: serverguide/C/windows-networking.xml:1575(para)
1696
#: serverguide/C/windows-networking.xml:1578(para)
1713
1697
msgid "Click Ok again to save the settings"
1714
1698
msgstr ""
1715
1699
1716
#: serverguide/C/windows-networking.xml:1564(para)
1700
#: serverguide/C/windows-networking.xml:1567(para)
1717
1701
msgid ""
1718
1702
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1719
1703
msgstr ""
1720
1704
1721
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1705
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1722
1706
msgid "References"
1723
1707
msgstr ""
1724
1708
1725
#: serverguide/C/windows-networking.xml:1584(para)
1709
#: serverguide/C/windows-networking.xml:1587(para)
1726
1710
msgid ""
1727
1711
"Please refer to the <ulink "
1728
1712
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1729
1713
"further information."
1730
1714
msgstr ""
1731
1715
1732
#: serverguide/C/windows-networking.xml:1588(para)
1716
#: serverguide/C/windows-networking.xml:1591(para)
1733
1717
msgid ""
1734
1718
"For more <application>domainjoin-cli</application> options see the man page: "
1735
1719
"<command>man domainjoin-cli</command>."
1736
1720
msgstr ""
1737
1721
1722
#: serverguide/C/windows-networking.xml:1595(para)
1723
msgid ""
1724
"Also, see the <ulink "
1725
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1726
"LikewiseOpen</ulink> page."
1727
msgstr ""
1728
1738
1729
#: serverguide/C/web-servers.xml:13(title)
1739
1730
msgid "Web Servers"
1740
1731
msgstr ""
1792
1783
1793
1784
#: serverguide/C/web-servers.xml:42(para)
1794
1785
msgid ""
1795
"The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
1786
"The <application>Apache2</application> web server is available in Ubuntu "
1787
"Linux. To install Apache2:"
1796
1788
msgstr ""
1797
1789
1798
1790
#: serverguide/C/web-servers.xml:48(para)
1806
1798
#: serverguide/C/web-servers.xml:63(para)
1807
1799
msgid ""
1808
1800
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1809
"text configuration files. The configuration files are separated between the "
1810
"following files and directories:"
1801
"text configuration files. These <emphasis>directives</emphasis> are "
1802
"separated between the following files and directories:"
1811
1803
msgstr ""
1812
1804
1813
1805
#: serverguide/C/web-servers.xml:71(para)
1819
1811
#: serverguide/C/web-servers.xml:77(para)
1820
1812
msgid ""
1821
1813
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1822
"<emphasis>globally</emphasis> to Apache. Other packages that use Apache2 to "
1814
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1823
1815
"serve content may add files, or symlinks, to this directory."
1824
1816
msgstr ""
1825
1817
1861
1853
#: serverguide/C/web-servers.xml:113(para)
1862
1854
msgid ""
1863
1855
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1864
"for Apache <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1856
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1865
1857
"to be configured for multiple sites that have separate configurations."
1866
1858
msgstr ""
1867
1859
1870
1862
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1871
1863
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1872
1864
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1873
"a configuration file in sites-available is symlinked it will be active once "
1874
"Apache is restarted."
1865
"a configuration file in sites-available is symlinked, the site configured by "
1866
"it will be active once Apache2 is restarted."
1875
1867
msgstr ""
1876
1868
1877
1869
#: serverguide/C/web-servers.xml:127(para)
2001
1993
2002
1994
#: serverguide/C/web-servers.xml:242(para)
2003
1995
msgid ""
2004
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache "
1996
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2005
1997
"should look for the files that make up the site. The default value is "
2006
1998
"/var/www. No site is configured there, but if you uncomment the "
2007
1999
"<emphasis>RedirectMatch</emphasis> directive in "
2021
2013
#: serverguide/C/web-servers.xml:260(para)
2022
2014
msgid ""
2023
2015
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2024
"<application>a2ensite</application> utility and restart Apache:"
2016
"<application>a2ensite</application> utility and restart Apache2:"
2025
2017
msgstr ""
2026
2018
2027
2019
#: serverguide/C/web-servers.xml:266(command)
2028
2020
msgid "sudo a2ensite mynewsite"
2029
2021
msgstr ""
2030
2022
2031
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:904(command) serverguide/C/lamp-applications.xml:228(command)
2023
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2032
2024
msgid "sudo /etc/init.d/apache2 restart"
2033
2025
msgstr ""
2034
2026
2077
2069
"does not and the Indexes option is specified, or a Permission Denied page if "
2078
2070
"neither is true. The server will try to find one of the files listed in the "
2079
2071
"DirectoryIndex directive and will return the first one it finds. If it does "
2080
"not find any of these files and if Options Indexes is set for that "
2081
"directory, the server will generate and return a list, in HTML format, of "
2082
"the subdirectories and files in the directory. The default value, found in "
2083
"<filename>/etc/apache2/apache2.conf</filename> is \" index.html index.cgi "
2084
"index.pl index.php index.xhtml\". Thus, if Apache2 finds a file in a "
2085
"requested directory matching any of these names, the first will be displayed."
2072
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2073
"set for that directory, the server will generate and return a list, in HTML "
2074
"format, of the subdirectories and files in the directory. The default value, "
2075
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2076
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2077
"Apache2 finds a file in a requested directory matching any of these names, "
2078
"the first will be displayed."
2086
2079
msgstr ""
2087
2080
2088
2081
#: serverguide/C/web-servers.xml:332(para)
2089
2082
msgid ""
2090
2083
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2091
"file for Apache to use for specific error events. For example, if a user "
2084
"file for Apache2 to use for specific error events. For example, if a user "
2092
2085
"requests a resource that does not exist, a 404 error will occur, and per "
2093
2086
"Apache2's default configuration, the file "
2094
2087
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2258
2251
msgstr ""
2259
2252
2260
2253
#: serverguide/C/web-servers.xml:496(title)
2261
msgid "Apache Modules"
2254
msgid "Apache2 Modules"
2262
2255
msgstr ""
2263
2256
2264
2257
#: serverguide/C/web-servers.xml:498(para)
2265
2258
msgid ""
2266
"Apache is a modular server. This implies that only the most basic "
2259
"Apache2 is a modular server. This implies that only the most basic "
2267
2260
"functionality is included in the core server. Extended features are "
2268
"available through modules which can be loaded into Apache. By default, a "
2261
"available through modules which can be loaded into Apache2. By default, a "
2269
2262
"base set of modules is included in the server at compile-time. If the server "
2270
2263
"is compiled to use dynamically loaded modules, then modules can be compiled "
2271
2264
"separately, and added at any time using the LoadModule directive. Otherwise, "
2272
"Apache must be recompiled to add or remove modules."
2265
"Apache2 must be recompiled to add or remove modules."
2273
2266
msgstr ""
2274
2267
2275
2268
#: serverguide/C/web-servers.xml:510(para)
2343
2336
msgid ""
2344
2337
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2345
2338
"available/default-ssl</filename>. In order for "
2346
"<application>Apache</application> to provide HTTPS, a "
2339
"<application>Apache2</application> to provide HTTPS, a "
2347
2340
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2348
2341
"needed. The default HTTPS configuration will use a certificate and key "
2349
2342
"generated by the <application>ssl-cert</application> package. They are good "
2355
2348
2356
2349
#: serverguide/C/web-servers.xml:584(para)
2357
2350
msgid ""
2358
"To configure <application>Apache</application> for HTTPS, enter the "
2351
"To configure <application>Apache2</application> for HTTPS, enter the "
2359
2352
"following:"
2360
2353
msgstr ""
2361
2354
2374
2367
2375
2368
#: serverguide/C/web-servers.xml:600(para)
2376
2369
msgid ""
2377
"With Apache now configured for HTTPS, restart the service to enable the new "
2370
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2378
2371
"settings:"
2379
2372
msgstr ""
2380
2373
2381
2374
#: serverguide/C/web-servers.xml:611(para)
2382
2375
msgid ""
2383
2376
"Depending on how you obtained your certificate you may need to enter a "
2384
"passphrase when <application>Apache</application> starts."
2377
"passphrase when <application>Apache2</application> starts."
2385
2378
msgstr ""
2386
2379
2387
2380
#: serverguide/C/web-servers.xml:617(para)
2418
2411
"url=\"http://freenode.net/\">freenode.net</ulink>."
2419
2412
msgstr ""
2420
2413
2421
#: serverguide/C/web-servers.xml:658(title)
2414
#: serverguide/C/web-servers.xml:653(para)
2415
msgid ""
2416
"Usually integrated with PHP and MySQL the <ulink "
2417
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2418
"Ubuntu Wiki </ulink> page is a good resource."
2419
msgstr ""
2420
2421
#: serverguide/C/web-servers.xml:664(title)
2422
2422
msgid "PHP5 - Scripting Language"
2423
2423
msgstr ""
2424
2424
2425
#: serverguide/C/web-servers.xml:659(para)
2425
#: serverguide/C/web-servers.xml:665(para)
2426
2426
msgid ""
2427
2427
"PHP is a general-purpose scripting language suited for Web development. The "
2428
2428
"PHP script can be embedded into HTML. This section explains how to install "
2429
2429
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2430
2430
msgstr ""
2431
2431
2432
#: serverguide/C/web-servers.xml:663(para)
2432
#: serverguide/C/web-servers.xml:669(para)
2433
2433
msgid ""
2434
"This section assumes you have installed and configured Apache 2 Web Server "
2435
"and MySQL Database Server. You can refer to Apache 2 section and MySQL "
2436
"sections in this document to install and configure Apache 2 and MySQL "
2434
"This section assumes you have installed and configured Apache2 Web Server "
2435
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2436
"sections in this document to install and configure Apache2 and MySQL "
2437
2437
"respectively."
2438
2438
msgstr ""
2439
2439
2440
#: serverguide/C/web-servers.xml:670(para)
2440
#: serverguide/C/web-servers.xml:676(para)
2441
2441
msgid "The PHP5 is available in Ubuntu Linux."
2442
2442
msgstr ""
2443
2443
2444
#: serverguide/C/web-servers.xml:672(para)
2444
#: serverguide/C/web-servers.xml:678(para)
2445
2445
msgid ""
2446
2446
"To install PHP5 you can enter the following command in the terminal prompt: "
2447
2447
"<screen>\n"
2449
2449
"</screen>"
2450
2450
msgstr ""
2451
2451
2452
#: serverguide/C/web-servers.xml:681(para)
2452
#: serverguide/C/web-servers.xml:687(para)
2453
2453
msgid ""
2454
2454
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2455
2455
"line you should install <application>php5-cli</application> package. To "
2459
2459
"</screen>"
2460
2460
msgstr ""
2461
2461
2462
#: serverguide/C/web-servers.xml:690(para)
2462
#: serverguide/C/web-servers.xml:696(para)
2463
2463
msgid ""
2464
2464
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2465
2465
"accomplish this, you should install <application>php5-cgi</application> "
2469
2469
"</screen>"
2470
2470
msgstr ""
2471
2471
2472
#: serverguide/C/web-servers.xml:700(para)
2472
#: serverguide/C/web-servers.xml:706(para)
2473
2473
msgid ""
2474
2474
"To use <application>MySQL</application> with PHP5 you should install "
2475
2475
"<application>php5-mysql</application> package. To install <application>php5-"
2479
2479
"</screen>"
2480
2480
msgstr ""
2481
2481
2482
#: serverguide/C/web-servers.xml:708(para)
2482
#: serverguide/C/web-servers.xml:714(para)
2483
2483
msgid ""
2484
2484
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2485
2485
"install <application>php5-pgsql</application> package. To install "
2489
2489
"</screen>"
2490
2490
msgstr ""
2491
2491
2492
#: serverguide/C/web-servers.xml:721(para)
2492
#: serverguide/C/web-servers.xml:727(para)
2493
2493
msgid ""
2494
2494
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2495
2495
"you have installed <application>php5-cli</application> package, you can run "
2496
2496
"PHP5 scripts from your command prompt."
2497
2497
msgstr ""
2498
2498
2499
#: serverguide/C/web-servers.xml:728(para)
2499
#: serverguide/C/web-servers.xml:734(para)
2500
2500
msgid ""
2501
2501
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2502
2502
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2507
2507
"command."
2508
2508
msgstr ""
2509
2509
2510
#: serverguide/C/web-servers.xml:739(para)
2510
#: serverguide/C/web-servers.xml:745(para)
2511
2511
msgid ""
2512
2512
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2513
2513
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2515
2515
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2516
2516
msgstr ""
2517
2517
2518
#: serverguide/C/web-servers.xml:747(title) serverguide/C/mail.xml:305(title) serverguide/C/mail.xml:1534(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2518
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1569(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2519
2519
msgid "Testing"
2520
2520
msgstr ""
2521
2521
2522
#: serverguide/C/web-servers.xml:748(para)
2522
#: serverguide/C/web-servers.xml:754(para)
2523
2523
msgid ""
2524
2524
"To verify your installation, you can run following PHP5 phpinfo script:"
2525
2525
msgstr ""
2526
2526
2527
#: serverguide/C/web-servers.xml:751(programlisting)
2527
#: serverguide/C/web-servers.xml:757(programlisting)
2528
2528
#, no-wrap
2529
2529
msgid ""
2530
2530
"\n"
2533
2533
"?>\n"
2534
2534
msgstr ""
2535
2535
2536
#: serverguide/C/web-servers.xml:756(para)
2536
#: serverguide/C/web-servers.xml:762(para)
2537
2537
msgid ""
2538
2538
"You can save the content in a file <filename>phpinfo.php</filename> and "
2539
2539
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2542
2542
"various PHP5 configuration parameters."
2543
2543
msgstr ""
2544
2544
2545
#: serverguide/C/web-servers.xml:770(para)
2545
#: serverguide/C/web-servers.xml:776(para)
2546
2546
msgid ""
2547
2547
"For more in depth information see <ulink "
2548
2548
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2549
2549
msgstr ""
2550
2550
2551
#: serverguide/C/web-servers.xml:775(para)
2551
#: serverguide/C/web-servers.xml:781(para)
2552
2552
msgid ""
2553
2553
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2554
2554
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2556
2556
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2557
2557
msgstr ""
2558
2558
2559
#: serverguide/C/web-servers.xml:787(title)
2559
#: serverguide/C/web-servers.xml:788(para)
2560
msgid ""
2561
"Also, see the <ulink "
2562
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2563
"Ubuntu Wiki</ulink> page for more information."
2564
msgstr ""
2565
2566
#: serverguide/C/web-servers.xml:799(title)
2560
2567
msgid "Squid - Proxy Server"
2561
2568
msgstr ""
2562
2569
2563
#: serverguide/C/web-servers.xml:788(para)
2570
#: serverguide/C/web-servers.xml:800(para)
2564
2571
msgid ""
2565
2572
"Squid is a full-featured web proxy cache server application which provides "
2566
2573
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2573
2580
"Protocol. (WCCP)"
2574
2581
msgstr ""
2575
2582
2576
#: serverguide/C/web-servers.xml:796(para)
2583
#: serverguide/C/web-servers.xml:808(para)
2577
2584
msgid ""
2578
2585
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2579
2586
"and caching server needs, and scales from the branch office to enterprise "
2585
2592
"increased performance."
2586
2593
msgstr ""
2587
2594
2588
#: serverguide/C/web-servers.xml:805(para)
2595
#: serverguide/C/web-servers.xml:817(para)
2589
2596
msgid ""
2590
2597
"At a terminal prompt, enter the following command to install the Squid "
2591
2598
"server:"
2592
2599
msgstr ""
2593
2600
2594
#: serverguide/C/web-servers.xml:810(command)
2601
#: serverguide/C/web-servers.xml:822(command)
2595
2602
msgid "sudo apt-get install squid"
2596
2603
msgstr ""
2597
2604
2598
#: serverguide/C/web-servers.xml:816(para)
2605
#: serverguide/C/web-servers.xml:828(para)
2599
2606
msgid ""
2600
2607
"Squid is configured by editing the directives contained within the "
2601
2608
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2604
2611
"see the References section."
2605
2612
msgstr ""
2606
2613
2607
#: serverguide/C/web-servers.xml:822(para)
2614
#: serverguide/C/web-servers.xml:834(para)
2608
2615
msgid ""
2609
2616
"Prior to editing the configuration file, you should make a copy of the "
2610
2617
"original file and protect it from writing so you will have the original "
2611
2618
"settings as a reference, and to re-use as necessary."
2612
2619
msgstr ""
2613
2620
2614
#: serverguide/C/web-servers.xml:825(para)
2621
#: serverguide/C/web-servers.xml:837(para)
2615
2622
msgid ""
2616
2623
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2617
2624
"writing with the following commands entered at a terminal prompt:"
2618
2625
msgstr ""
2619
2626
2620
#: serverguide/C/web-servers.xml:830(command)
2627
#: serverguide/C/web-servers.xml:842(command)
2621
2628
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2622
2629
msgstr ""
2623
2630
2624
#: serverguide/C/web-servers.xml:831(command)
2631
#: serverguide/C/web-servers.xml:843(command)
2625
2632
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2626
2633
msgstr ""
2627
2634
2628
#: serverguide/C/web-servers.xml:837(para)
2635
#: serverguide/C/web-servers.xml:849(para)
2629
2636
msgid ""
2630
2637
"To set your Squid server to listen on TCP port 8888 instead of the default "
2631
2638
"TCP port 3128, change the http_port directive as such:"
2632
2639
msgstr ""
2633
2640
2634
#: serverguide/C/web-servers.xml:841(programlisting)
2641
#: serverguide/C/web-servers.xml:853(programlisting)
2635
2642
#, no-wrap
2636
2643
msgid ""
2637
2644
"\n"
2638
2645
"http_port 8888\n"
2639
2646
msgstr ""
2640
2647
2641
#: serverguide/C/web-servers.xml:846(para)
2648
#: serverguide/C/web-servers.xml:858(para)
2642
2649
msgid ""
2643
2650
"Change the visible_hostname directive in order to give the Squid server a "
2644
2651
"specific hostname. This hostname does not necessarily need to be the "
2645
2652
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2646
2653
msgstr ""
2647
2654
2648
#: serverguide/C/web-servers.xml:850(programlisting)
2655
#: serverguide/C/web-servers.xml:862(programlisting)
2649
2656
#, no-wrap
2650
2657
msgid ""
2651
2658
"\n"
2652
2659
"visible_hostname weezie\n"
2653
2660
msgstr ""
2654
2661
2655
#: serverguide/C/web-servers.xml:855(para)
2662
#: serverguide/C/web-servers.xml:867(para)
2656
2663
msgid ""
2657
"Again, Using Squid's access control, you may configure use of Internet "
2658
"services proxied by Squid to be available only users with certain Internet "
2659
"Protocol (IP) addresses. For example, we will illustrate access by users of "
2660
"the 192.168.42.0/24 subnetwork only:"
2664
"Using Squid's access control, you may configure use of Internet services "
2665
"proxied by Squid to be available only users with certain Internet Protocol "
2666
"(IP) addresses. For example, we will illustrate access by users of the "
2667
"192.168.42.0/24 subnetwork only:"
2661
2668
msgstr ""
2662
2669
2663
#: serverguide/C/web-servers.xml:860(para) serverguide/C/web-servers.xml:880(para)
2670
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2664
2671
msgid ""
2665
2672
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2666
2673
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2667
2674
msgstr ""
2668
2675
2669
#: serverguide/C/web-servers.xml:863(programlisting)
2676
#: serverguide/C/web-servers.xml:875(programlisting)
2670
2677
#, no-wrap
2671
2678
msgid ""
2672
2679
"\n"
2673
2680
"acl fortytwo_network src 192.168.42.0/24\n"
2674
2681
msgstr ""
2675
2682
2676
#: serverguide/C/web-servers.xml:866(para) serverguide/C/web-servers.xml:887(para)
2683
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2677
2684
msgid ""
2678
2685
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2679
2686
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2680
2687
msgstr ""
2681
2688
2682
#: serverguide/C/web-servers.xml:870(programlisting)
2689
#: serverguide/C/web-servers.xml:882(programlisting)
2683
2690
#, no-wrap
2684
2691
msgid ""
2685
2692
"\n"
2686
2693
"http_access allow fortytwo_network\n"
2687
2694
msgstr ""
2688
2695
2689
#: serverguide/C/web-servers.xml:875(para)
2696
#: serverguide/C/web-servers.xml:887(para)
2690
2697
msgid ""
2691
2698
"Using the excellent access control features of Squid, you may configure use "
2692
2699
"of Internet services proxied by Squid to be available only during normal "
2695
2702
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2696
2703
msgstr ""
2697
2704
2698
#: serverguide/C/web-servers.xml:883(programlisting)
2705
#: serverguide/C/web-servers.xml:895(programlisting)
2699
2706
#, no-wrap
2700
2707
msgid ""
2701
2708
"\n"
2703
2710
"acl biz_hours time M T W T F 9:00-17:00\n"
2704
2711
msgstr ""
2705
2712
2706
#: serverguide/C/web-servers.xml:891(programlisting)
2713
#: serverguide/C/web-servers.xml:903(programlisting)
2707
2714
#, no-wrap
2708
2715
msgid ""
2709
2716
"\n"
2710
2717
"http_access allow biz_network biz_hours\n"
2711
2718
msgstr ""
2712
2719
2713
#: serverguide/C/web-servers.xml:898(para)
2720
#: serverguide/C/web-servers.xml:910(para)
2714
2721
msgid ""
2715
2722
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2716
2723
"save the file and restart the <application>squid</application> server "
2718
2725
"terminal prompt:"
2719
2726
msgstr ""
2720
2727
2721
#: serverguide/C/web-servers.xml:905(command)
2728
#: serverguide/C/web-servers.xml:917(command)
2722
2729
msgid "sudo /etc/init.d/squid restart"
2723
2730
msgstr ""
2724
2731
2725
#: serverguide/C/web-servers.xml:912(ulink)
2732
#: serverguide/C/web-servers.xml:924(ulink)
2726
2733
msgid "Squid Website"
2727
2734
msgstr ""
2728
2735
2729
#: serverguide/C/web-servers.xml:918(title)
2736
#: serverguide/C/web-servers.xml:926(para)
2737
msgid ""
2738
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2739
"Squid</ulink> page."
2740
msgstr ""
2741
2742
#: serverguide/C/web-servers.xml:933(title)
2730
2743
msgid "Ruby on Rails"
2731
2744
msgstr ""
2732
2745
2733
#: serverguide/C/web-servers.xml:919(para)
2746
#: serverguide/C/web-servers.xml:934(para)
2734
2747
msgid ""
2735
2748
"Ruby on Rails is an open source web framework for developing database backed "
2736
2749
"web applications. It is optimized for sustainable productivity of the "
2738
2751
"convention over configuration."
2739
2752
msgstr ""
2740
2753
2741
#: serverguide/C/web-servers.xml:926(para)
2754
#: serverguide/C/web-servers.xml:941(para)
2742
2755
msgid ""
2743
2756
"Before installing <application>Rails</application> you should install "
2744
2757
"<application>Apache</application> and <application>MySQL</application>. To "
2747
2760
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2748
2761
msgstr ""
2749
2762
2750
#: serverguide/C/web-servers.xml:934(para)
2763
#: serverguide/C/web-servers.xml:949(para)
2751
2764
msgid ""
2752
2765
"Once you have <application>Apache</application> and "
2753
2766
"<application>MySQL</application> packages installed, you are ready to "
2754
2767
"install <application>Ruby on Rails</application> package."
2755
2768
msgstr ""
2756
2769
2757
#: serverguide/C/web-servers.xml:941(para)
2770
#: serverguide/C/web-servers.xml:956(para)
2758
2771
msgid ""
2759
2772
"To install the <application>Ruby</application> base packages and "
2760
2773
"<application>Ruby on Rails</application>, you can enter the following "
2761
2774
"command in the terminal prompt:"
2762
2775
msgstr ""
2763
2776
2764
#: serverguide/C/web-servers.xml:947(command)
2777
#: serverguide/C/web-servers.xml:962(command)
2765
2778
msgid "sudo apt-get install rails"
2766
2779
msgstr ""
2767
2780
2768
#: serverguide/C/web-servers.xml:953(para)
2781
#: serverguide/C/web-servers.xml:968(para)
2769
2782
msgid ""
2770
2783
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2771
2784
"configuration file to setup your domains."
2772
2785
msgstr ""
2773
2786
2774
#: serverguide/C/web-servers.xml:957(para)
2787
#: serverguide/C/web-servers.xml:972(para)
2775
2788
msgid ""
2776
2789
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2777
2790
msgstr ""
2778
2791
2779
#: serverguide/C/web-servers.xml:961(programlisting)
2792
#: serverguide/C/web-servers.xml:976(programlisting)
2780
2793
#, no-wrap
2781
2794
msgid ""
2782
2795
"\n"
2783
2796
"DocumentRoot /path/to/rails/application/public\n"
2784
2797
msgstr ""
2785
2798
2786
#: serverguide/C/web-servers.xml:964(para)
2799
#: serverguide/C/web-servers.xml:979(para)
2787
2800
msgid ""
2788
2801
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2789
2802
"directive:"
2790
2803
msgstr ""
2791
2804
2792
#: serverguide/C/web-servers.xml:968(programlisting)
2805
#: serverguide/C/web-servers.xml:983(programlisting)
2793
2806
#, no-wrap
2794
2807
msgid ""
2795
2808
"\n"
2802
2815
"</Directory>\n"
2803
2816
msgstr ""
2804
2817
2805
#: serverguide/C/web-servers.xml:978(para)
2818
#: serverguide/C/web-servers.xml:993(para)
2806
2819
msgid ""
2807
2820
"You should also enable the <application>mod_rewrite</application> module for "
2808
2821
"Apache. To enable <application>mod_rewrite</application> module, please "
2809
2822
"enter the following command in a terminal prompt:"
2810
2823
msgstr ""
2811
2824
2812
#: serverguide/C/web-servers.xml:984(command)
2825
#: serverguide/C/web-servers.xml:999(command)
2813
2826
msgid "sudo a2enmod rewrite"
2814
2827
msgstr ""
2815
2828
2816
#: serverguide/C/web-servers.xml:987(para)
2829
#: serverguide/C/web-servers.xml:1002(para)
2817
2830
msgid ""
2818
2831
"Finally you will need to change the ownership of the "
2819
2832
"<filename>/path/to/rails/application/public</filename> and "
2821
2834
"used to run the <application>Apache</application> process:"
2822
2835
msgstr ""
2823
2836
2824
#: serverguide/C/web-servers.xml:993(command)
2837
#: serverguide/C/web-servers.xml:1008(command)
2825
2838
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2826
2839
msgstr ""
2827
2840
2828
#: serverguide/C/web-servers.xml:994(command)
2841
#: serverguide/C/web-servers.xml:1009(command)
2829
2842
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2830
2843
msgstr ""
2831
2844
2832
#: serverguide/C/web-servers.xml:997(para)
2845
#: serverguide/C/web-servers.xml:1012(para)
2833
2846
msgid ""
2834
2847
"That's it! Now you have your Server ready for your <application>Ruby on "
2835
2848
"Rails</application> applications."
2836
2849
msgstr ""
2837
2850
2838
#: serverguide/C/web-servers.xml:1006(para)
2851
#: serverguide/C/web-servers.xml:1021(para)
2839
2852
msgid ""
2840
2853
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2841
2854
"for more information."
2842
2855
msgstr ""
2843
2856
2844
#: serverguide/C/web-servers.xml:1011(para)
2857
#: serverguide/C/web-servers.xml:1026(para)
2845
2858
msgid ""
2846
2859
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2847
2860
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2848
2861
"resource."
2849
2862
msgstr ""
2850
2863
2851
#: serverguide/C/web-servers.xml:1022(title)
2864
#: serverguide/C/web-servers.xml:1032(para)
2865
msgid ""
2866
"Another place for more information is the <ulink "
2867
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2868
"Wiki</ulink> page."
2869
msgstr ""
2870
2871
#: serverguide/C/web-servers.xml:1043(title)
2852
2872
msgid "Apache Tomcat"
2853
2873
msgstr ""
2854
2874
2855
#: serverguide/C/web-servers.xml:1023(para)
2875
#: serverguide/C/web-servers.xml:1044(para)
2856
2876
msgid ""
2857
2877
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2858
2878
"JSP (Java Server Pages) web applications."
2859
2879
msgstr ""
2860
2880
2861
#: serverguide/C/web-servers.xml:1025(para)
2881
#: serverguide/C/web-servers.xml:1046(para)
2862
2882
msgid ""
2863
2883
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2864
2884
"different ways of running Tomcat. You can install them as a classic unique "
2870
2890
"instances."
2871
2891
msgstr ""
2872
2892
2873
#: serverguide/C/web-servers.xml:1035(title)
2893
#: serverguide/C/web-servers.xml:1056(title)
2874
2894
msgid "System-wide installation"
2875
2895
msgstr ""
2876
2896
2877
#: serverguide/C/web-servers.xml:1036(para)
2897
#: serverguide/C/web-servers.xml:1057(para)
2878
2898
msgid ""
2879
2899
"To install the <application>Tomcat</application> server, you can enter the "
2880
2900
"following command in the terminal prompt:"
2881
2901
msgstr ""
2882
2902
2883
#: serverguide/C/web-servers.xml:1039(command)
2903
#: serverguide/C/web-servers.xml:1060(command)
2884
2904
msgid "sudo apt-get install tomcat6"
2885
2905
msgstr ""
2886
2906
2887
#: serverguide/C/web-servers.xml:1041(para)
2907
#: serverguide/C/web-servers.xml:1062(para)
2888
2908
msgid ""
2889
2909
"This will install a Tomcat server with just a default ROOT webapp that "
2890
2910
"displays a minimal \"It works\" page by default."
2891
2911
msgstr ""
2892
2912
2893
#: serverguide/C/web-servers.xml:1047(para)
2913
#: serverguide/C/web-servers.xml:1068(para)
2894
2914
msgid ""
2895
2915
"Tomcat configuration files can be found in "
2896
2916
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2899
2919
"documentation</ulink> for more."
2900
2920
msgstr ""
2901
2921
2902
#: serverguide/C/web-servers.xml:1053(title)
2922
#: serverguide/C/web-servers.xml:1074(title)
2903
2923
msgid "Changing default ports"
2904
2924
msgstr ""
2905
2925
2906
#: serverguide/C/web-servers.xml:1054(para)
2926
#: serverguide/C/web-servers.xml:1075(para)
2907
2927
msgid ""
2908
2928
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2909
2929
"connector on port 8009. You might want to change those default ports to "
2911
2931
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2912
2932
msgstr ""
2913
2933
2914
#: serverguide/C/web-servers.xml:1059(programlisting)
2934
#: serverguide/C/web-servers.xml:1080(programlisting)
2915
2935
#, no-wrap
2916
2936
msgid ""
2917
2937
"\n"
2923
2943
"/>\n"
2924
2944
msgstr ""
2925
2945
2926
#: serverguide/C/web-servers.xml:1068(title)
2946
#: serverguide/C/web-servers.xml:1089(title)
2927
2947
msgid "Changing JVM used"
2928
2948
msgstr ""
2929
2949
2930
#: serverguide/C/web-servers.xml:1069(para)
2950
#: serverguide/C/web-servers.xml:1090(para)
2931
2951
msgid ""
2932
2952
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2933
2953
"then try some other JVMs. If you have various JVMs installed, you can set "
2935
2955
"<filename>/etc/default/tomcat6</filename>:"
2936
2956
msgstr ""
2937
2957
2938
#: serverguide/C/web-servers.xml:1073(programlisting)
2958
#: serverguide/C/web-servers.xml:1094(programlisting)
2939
2959
#, no-wrap
2940
2960
msgid ""
2941
2961
"\n"
2942
2962
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2943
2963
msgstr ""
2944
2964
2945
#: serverguide/C/web-servers.xml:1078(title)
2965
#: serverguide/C/web-servers.xml:1099(title)
2946
2966
msgid "Declaring users and roles"
2947
2967
msgstr ""
2948
2968
2949
#: serverguide/C/web-servers.xml:1079(para)
2969
#: serverguide/C/web-servers.xml:1100(para)
2950
2970
msgid ""
2951
2971
"Usernames, passwords and roles (groups) can be defined centrally in a "
2952
2972
"Servlet container. In Tomcat 6.0 this is done in the "
2953
2973
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2954
2974
msgstr ""
2955
2975
2956
#: serverguide/C/web-servers.xml:1082(programlisting)
2976
#: serverguide/C/web-servers.xml:1103(programlisting)
2957
2977
#, no-wrap
2958
2978
msgid ""
2959
2979
"\n"
2961
2981
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2962
2982
msgstr ""
2963
2983
2964
#: serverguide/C/web-servers.xml:1090(title)
2984
#: serverguide/C/web-servers.xml:1111(title)
2965
2985
msgid "Using Tomcat standard webapps"
2966
2986
msgstr ""
2967
2987
2968
#: serverguide/C/web-servers.xml:1091(para)
2988
#: serverguide/C/web-servers.xml:1112(para)
2969
2989
msgid ""
2970
2990
"Tomcat is shipped with webapps that you can install for documentation, "
2971
2991
"administration or demo purposes."
2972
2992
msgstr ""
2973
2993
2974
#: serverguide/C/web-servers.xml:1094(title)
2994
#: serverguide/C/web-servers.xml:1115(title)
2975
2995
msgid "Tomcat documentation"
2976
2996
msgstr ""
2977
2997
2978
#: serverguide/C/web-servers.xml:1095(para)
2998
#: serverguide/C/web-servers.xml:1116(para)
2979
2999
msgid ""
2980
3000
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
2981
3001
"documentation, packaged as a webapp that you can access by default at "
2983
3003
"command in the terminal prompt:"
2984
3004
msgstr ""
2985
3005
2986
#: serverguide/C/web-servers.xml:1100(command)
3006
#: serverguide/C/web-servers.xml:1121(command)
2987
3007
msgid "sudo apt-get install tomcat6-docs"
2988
3008
msgstr ""
2989
3009
2990
#: serverguide/C/web-servers.xml:1104(title)
3010
#: serverguide/C/web-servers.xml:1125(title)
2991
3011
msgid "Tomcat administration webapps"
2992
3012
msgstr ""
2993
3013
2994
#: serverguide/C/web-servers.xml:1105(para)
3014
#: serverguide/C/web-servers.xml:1126(para)
2995
3015
msgid ""
2996
3016
"The <application>tomcat6-admin</application> package contains two webapps "
2997
3017
"that can be used to administer the Tomcat server using a web interface. You "
2998
3018
"can install them by entering the following command in the terminal prompt:"
2999
3019
msgstr ""
3000
3020
3001
#: serverguide/C/web-servers.xml:1110(command)
3021
#: serverguide/C/web-servers.xml:1131(command)
3002
3022
msgid "sudo apt-get install tomcat6-admin"
3003
3023
msgstr ""
3004
3024
3005
#: serverguide/C/web-servers.xml:1112(para)
3025
#: serverguide/C/web-servers.xml:1133(para)
3006
3026
msgid ""
3007
3027
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3008
3028
"access by default at http://yourserver:8080/manager/html. It is primarily "
3009
3029
"used to get server status and restart webapps."
3010
3030
msgstr ""
3011
3031
3012
#: serverguide/C/web-servers.xml:1115(para)
3032
#: serverguide/C/web-servers.xml:1136(para)
3013
3033
msgid ""
3014
3034
"Access to the <emphasis>manager</emphasis> application is protected by "
3015
3035
"default: you need to define a user with the role \"manager\" in "
3016
3036
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3017
3037
msgstr ""
3018
3038
3019
#: serverguide/C/web-servers.xml:1119(para)
3039
#: serverguide/C/web-servers.xml:1140(para)
3020
3040
msgid ""
3021
3041
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3022
3042
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3023
3043
"used to create virtual hosts dynamically."
3024
3044
msgstr ""
3025
3045
3026
#: serverguide/C/web-servers.xml:1123(para)
3046
#: serverguide/C/web-servers.xml:1144(para)
3027
3047
msgid ""
3028
3048
"Access to the <emphasis>host-manager</emphasis> application is also "
3029
3049
"protected by default: you need to define a user with the role \"admin\" in "
3030
3050
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3031
3051
msgstr ""
3032
3052
3033
#: serverguide/C/web-servers.xml:1128(para)
3053
#: serverguide/C/web-servers.xml:1149(para)
3034
3054
msgid ""
3035
3055
"For security reasons, the tomcat6 user cannot write to the "
3036
3056
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3039
3059
"the following, to give users in the tomcat6 group the necessary rights:"
3040
3060
msgstr ""
3041
3061
3042
#: serverguide/C/web-servers.xml:1135(command)
3062
#: serverguide/C/web-servers.xml:1156(command)
3043
3063
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3044
3064
msgstr ""
3045
3065
3046
#: serverguide/C/web-servers.xml:1136(command)
3066
#: serverguide/C/web-servers.xml:1157(command)
3047
3067
msgid "sudo chmod -R g+w /etc/tomcat6"
3048
3068
msgstr ""
3049
3069
3050
#: serverguide/C/web-servers.xml:1141(title)
3070
#: serverguide/C/web-servers.xml:1162(title)
3051
3071
msgid "Tomcat examples webapps"
3052
3072
msgstr ""
3053
3073
3054
#: serverguide/C/web-servers.xml:1142(para)
3074
#: serverguide/C/web-servers.xml:1163(para)
3055
3075
msgid ""
3056
3076
"The <application>tomcat6-examples</application> package contains two webapps "
3057
3077
"that can be used to test or demonstrate Servlets and JSP features, which you "
3059
3079
"install them by entering the following command in the terminal prompt:"
3060
3080
msgstr ""
3061
3081
3062
#: serverguide/C/web-servers.xml:1148(command)
3082
#: serverguide/C/web-servers.xml:1169(command)
3063
3083
msgid "sudo apt-get install tomcat6-examples"
3064
3084
msgstr ""
3065
3085
3066
#: serverguide/C/web-servers.xml:1154(title)
3086
#: serverguide/C/web-servers.xml:1175(title)
3067
3087
msgid "Using private instances"
3068
3088
msgstr ""
3069
3089
3070
#: serverguide/C/web-servers.xml:1155(para)
3090
#: serverguide/C/web-servers.xml:1176(para)
3071
3091
msgid ""
3072
3092
"Tomcat is heavily used in development and testing scenarios where using a "
3073
3093
"single system-wide instance doesn't meet the requirements of multiple users "
3077
3097
"using the system-installed libraries."
3078
3098
msgstr ""
3079
3099
3080
#: serverguide/C/web-servers.xml:1162(para)
3100
#: serverguide/C/web-servers.xml:1183(para)
3081
3101
msgid ""
3082
3102
"It is possible to run the system-wide instance and the private instances in "
3083
3103
"parallel, as long as they do not use the same TCP ports."
3084
3104
msgstr ""
3085
3105
3086
#: serverguide/C/web-servers.xml:1166(title)
3106
#: serverguide/C/web-servers.xml:1187(title)
3087
3107
msgid "Installing private instance support"
3088
3108
msgstr ""
3089
3109
3090
#: serverguide/C/web-servers.xml:1167(para)
3110
#: serverguide/C/web-servers.xml:1188(para)
3091
3111
msgid ""
3092
3112
"You can install everything necessary to run private instances by entering "
3093
3113
"the following command in the terminal prompt:"
3094
3114
msgstr ""
3095
3115
3096
#: serverguide/C/web-servers.xml:1170(command)
3116
#: serverguide/C/web-servers.xml:1191(command)
3097
3117
msgid "sudo apt-get install tomcat6-user"
3098
3118
msgstr ""
3099
3119
3100
#: serverguide/C/web-servers.xml:1174(title)
3120
#: serverguide/C/web-servers.xml:1195(title)
3101
3121
msgid "Creating a private instance"
3102
3122
msgstr ""
3103
3123
3104
#: serverguide/C/web-servers.xml:1175(para)
3124
#: serverguide/C/web-servers.xml:1196(para)
3105
3125
msgid ""
3106
3126
"You can create a private instance directory by entering the following "
3107
3127
"command in the terminal prompt:"
3108
3128
msgstr ""
3109
3129
3110
#: serverguide/C/web-servers.xml:1178(command)
3130
#: serverguide/C/web-servers.xml:1199(command)
3111
3131
msgid "tomcat6-instance-create my-instance"
3112
3132
msgstr ""
3113
3133
3114
#: serverguide/C/web-servers.xml:1180(para)
3134
#: serverguide/C/web-servers.xml:1201(para)
3115
3135
msgid ""
3116
3136
"This will create a new <filename>my-instance</filename> directory with all "
3117
3137
"the necessary subdirectories and scripts. You can for example install your "
3120
3140
"are deployed by default."
3121
3141
msgstr ""
3122
3142
3123
#: serverguide/C/web-servers.xml:1188(title)
3143
#: serverguide/C/web-servers.xml:1209(title)
3124
3144
msgid "Configuring your private instance"
3125
3145
msgstr ""
3126
3146
3127
#: serverguide/C/web-servers.xml:1189(para)
3147
#: serverguide/C/web-servers.xml:1210(para)
3128
3148
msgid ""
3129
3149
"You will find the classic Tomcat configuration files for your private "
3130
3150
"instance in the <filename>conf/</filename> subdirectory. You should for "
3133
3153
"conflict with other instances that might be running."
3134
3154
msgstr ""
3135
3155
3136
#: serverguide/C/web-servers.xml:1197(title)
3156
#: serverguide/C/web-servers.xml:1218(title)
3137
3157
msgid "Starting/stopping your private instance"
3138
3158
msgstr ""
3139
3159
3140
#: serverguide/C/web-servers.xml:1198(para)
3160
#: serverguide/C/web-servers.xml:1219(para)
3141
3161
msgid ""
3142
3162
"You can start your private instance by entering the following command in the "
3143
3163
"terminal prompt (supposing your instance is located in the <filename>my-"
3144
3164
"instance</filename> directory):"
3145
3165
msgstr ""
3146
3166
3147
#: serverguide/C/web-servers.xml:1202(command)
3167
#: serverguide/C/web-servers.xml:1223(command)
3148
3168
msgid "my-instance/bin/startup.sh"
3149
3169
msgstr ""
3150
3170
3151
#: serverguide/C/web-servers.xml:1204(para)
3171
#: serverguide/C/web-servers.xml:1225(para)
3152
3172
msgid ""
3153
3173
"You should check the <filename>logs/</filename> subdirectory for any error. "
3154
3174
"If you have a <emphasis>java.net.BindException: Address already in "
3156
3176
"is already taken and that you should change it."
3157
3177
msgstr ""
3158
3178
3159
#: serverguide/C/web-servers.xml:1209(para)
3179
#: serverguide/C/web-servers.xml:1230(para)
3160
3180
msgid ""
3161
3181
"You can stop your instance by entering the following command in the terminal "
3162
3182
"prompt (supposing your instance is located in the <filename>my-"
3163
3183
"instance</filename> directory):"
3164
3184
msgstr ""
3165
3185
3166
#: serverguide/C/web-servers.xml:1213(command)
3186
#: serverguide/C/web-servers.xml:1234(command)
3167
3187
msgid "my-instance/bin/shutdown.sh"
3168
3188
msgstr ""
3169
3189
3170
#: serverguide/C/web-servers.xml:1222(para)
3190
#: serverguide/C/web-servers.xml:1243(para)
3171
3191
msgid ""
3172
3192
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3173
3193
"website for more information."
3174
3194
msgstr ""
3175
3195
3176
#: serverguide/C/web-servers.xml:1227(para)
3196
#: serverguide/C/web-servers.xml:1248(para)
3177
3197
msgid ""
3178
3198
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3179
3199
"Definitive Guide</ulink> is a good resource for building web applications "
3180
3200
"with Tomcat."
3181
3201
msgstr ""
3182
3202
3183
#: serverguide/C/web-servers.xml:1233(para)
3203
#: serverguide/C/web-servers.xml:1254(para)
3184
3204
msgid ""
3185
3205
"For additional books see the <ulink "
3186
3206
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3187
3207
"page."
3188
3208
msgstr ""
3189
3209
3210
#: serverguide/C/web-servers.xml:1259(para)
3211
msgid ""
3212
"Also, see the<ulink "
3213
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3214
"Tomcat</ulink> page."
3215
msgstr ""
3216
3190
3217
#: serverguide/C/vpn.xml:13(title)
3191
3218
msgid "VPN"
3192
3219
msgstr ""
3218
3245
msgid "To install <application>openvpn</application> in a terminal enter:"
3219
3246
msgstr ""
3220
3247
3221
#: serverguide/C/vpn.xml:41(command)
3248
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3222
3249
msgid "sudo apt-get install openvpn"
3223
3250
msgstr ""
3224
3251
3236
3263
msgid ""
3237
3264
"First, copy the <filename>easy-rsa</filename> directory to "
3238
3265
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3239
"scripts will not be lost when the package is updated. From a terminal enter:"
3266
"scripts will not be lost when the package is updated. You will also need to "
3267
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3268
"the current user permission to create files. From a terminal enter:"
3240
3269
msgstr ""
3241
3270
3242
#: serverguide/C/vpn.xml:58(command)
3271
#: serverguide/C/vpn.xml:59(command)
3243
3272
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3244
3273
msgstr ""
3245
3274
3246
#: serverguide/C/vpn.xml:59(command)
3275
#: serverguide/C/vpn.xml:60(command)
3247
3276
msgid ""
3248
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/"
3249
msgstr ""
3250
3251
#: serverguide/C/vpn.xml:62(para)
3277
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3278
"rsa/"
3279
msgstr ""
3280
3281
#: serverguide/C/vpn.xml:61(command)
3282
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3283
msgstr ""
3284
3285
#: serverguide/C/vpn.xml:64(para)
3252
3286
msgid ""
3253
3287
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3254
3288
"following to your environment:"
3255
3289
msgstr ""
3256
3290
3257
#: serverguide/C/vpn.xml:66(programlisting)
3291
#: serverguide/C/vpn.xml:68(programlisting)
3258
3292
#, no-wrap
3259
3293
msgid ""
3260
3294
"\n"
3265
3299
"export KEY_EMAIL=\"steve@example.com\"\n"
3266
3300
msgstr ""
3267
3301
3268
#: serverguide/C/vpn.xml:74(para)
3302
#: serverguide/C/vpn.xml:76(para)
3269
3303
msgid "Enter the following to create the server certificates:"
3270
3304
msgstr ""
3271
3305
3272
#: serverguide/C/vpn.xml:79(command)
3273
msgid "cd /etc/openvpn/easy-rsa/easy-rsa"
3306
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3307
msgid "cd /etc/openvpn/easy-rsa/"
3274
3308
msgstr ""
3275
3309
3276
#: serverguide/C/vpn.xml:80(command) serverguide/C/vpn.xml:101(command)
3310
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3277
3311
msgid "source vars"
3278
3312
msgstr ""
3279
3313
3280
#: serverguide/C/vpn.xml:81(command)
3314
#: serverguide/C/vpn.xml:83(command)
3281
3315
msgid "./clean-all"
3282
3316
msgstr ""
3283
3317
3284
#: serverguide/C/vpn.xml:82(command)
3318
#: serverguide/C/vpn.xml:84(command)
3285
3319
msgid "./build-dh"
3286
3320
msgstr ""
3287
3321
3288
#: serverguide/C/vpn.xml:83(command)
3322
#: serverguide/C/vpn.xml:85(command)
3289
3323
msgid "./pkitool --initca"
3290
3324
msgstr ""
3291
3325
3292
#: serverguide/C/vpn.xml:84(command)
3326
#: serverguide/C/vpn.xml:86(command)
3293
3327
msgid "./pkitool --server server"
3294
3328
msgstr ""
3295
3329
3296
#: serverguide/C/vpn.xml:85(command)
3330
#: serverguide/C/vpn.xml:87(command)
3297
3331
msgid "cd keys"
3298
3332
msgstr ""
3299
3333
3300
#: serverguide/C/vpn.xml:86(command)
3334
#: serverguide/C/vpn.xml:88(command)
3301
3335
msgid "openvpn --genkey --secret ta.key"
3302
3336
msgstr ""
3303
3337
3304
#: serverguide/C/vpn.xml:87(command)
3338
#: serverguide/C/vpn.xml:89(command)
3305
3339
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3306
3340
msgstr ""
3307
3341
3308
#: serverguide/C/vpn.xml:92(title)
3342
#: serverguide/C/vpn.xml:94(title)
3309
3343
msgid "Client Certificates"
3310
3344
msgstr ""
3311
3345
3312
#: serverguide/C/vpn.xml:94(para)
3346
#: serverguide/C/vpn.xml:96(para)
3313
3347
msgid ""
3314
3348
"The VPN client will also need a certificate to authenticate itself to the "
3315
3349
"server. To create the certificate, enter the following in a terminal:"
3316
3350
msgstr ""
3317
3351
3318
#: serverguide/C/vpn.xml:100(command)
3319
msgid "cd /etc/openvpn/easy-rsa/"
3320
msgstr ""
3321
3322
#: serverguide/C/vpn.xml:102(command)
3352
#: serverguide/C/vpn.xml:104(command)
3323
3353
msgid "./pkitool hostname"
3324
3354
msgstr ""
3325
3355
3326
#: serverguide/C/vpn.xml:106(para)
3356
#: serverguide/C/vpn.xml:108(para)
3327
3357
msgid ""
3328
3358
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3329
3359
"machine connecting to the VPN."
3330
3360
msgstr ""
3331
3361
3332
#: serverguide/C/vpn.xml:111(para)
3362
#: serverguide/C/vpn.xml:113(para)
3333
3363
msgid "Copy the following files to the client:"
3334
3364
msgstr ""
3335
3365
3336
#: serverguide/C/vpn.xml:116(para)
3337
msgid "/etc/openvpn/easy-rsa/hostname.ovpn"
3338
msgstr ""
3339
3340
#: serverguide/C/vpn.xml:117(para)
3341
msgid "/etc/openvpn/easy-rsa/ca.crt"
3342
msgstr ""
3343
3344
3366
#: serverguide/C/vpn.xml:118(para)
3345
msgid "/etc/openvpn/easy-rsa/hostname.crt"
3367
msgid "/etc/openvpn/ca.crt"
3346
3368
msgstr ""
3347
3369
3348
3370
#: serverguide/C/vpn.xml:119(para)
3349
msgid "/etc/openvpn/easy-rsa/hostname.key"
3371
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3350
3372
msgstr ""
3351
3373
3352
3374
#: serverguide/C/vpn.xml:120(para)
3353
msgid "/etc/openvpn/easy-rsa/ta.key"
3354
msgstr ""
3355
3356
#: serverguide/C/vpn.xml:124(para)
3375
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3376
msgstr ""
3377
3378
#: serverguide/C/vpn.xml:121(para)
3379
msgid "/etc/openvpn/ta.key"
3380
msgstr ""
3381
3382
#: serverguide/C/vpn.xml:125(para)
3357
3383
msgid ""
3358
3384
"Remember to adjust the above file names for your client machine's "
3359
3385
"<emphasis>hostname</emphasis>."
3360
3386
msgstr ""
3361
3387
3362
#: serverguide/C/vpn.xml:129(para)
3388
#: serverguide/C/vpn.xml:130(para)
3363
3389
msgid ""
3364
3390
"It is best to use a secure method to copy the certificate and key files. The "
3365
3391
"<application>scp</application> utility is a good choice, but copying the "
3366
3392
"files to removable media then to the client, also works well."
3367
3393
msgstr ""
3368
3394
3369
#: serverguide/C/vpn.xml:140(title) serverguide/C/vcs.xml:107(title)
3395
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3370
3396
msgid "Server Configuration"
3371
3397
msgstr ""
3372
3398
3373
#: serverguide/C/vpn.xml:142(para)
3399
#: serverguide/C/vpn.xml:143(para)
3374
3400
msgid ""
3375
3401
"Now configure the <application>openvpn</application> server by creating "
3376
3402
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3377
3403
"terminal enter:"
3378
3404
msgstr ""
3379
3405
3380
#: serverguide/C/vpn.xml:148(command)
3406
#: serverguide/C/vpn.xml:149(command)
3381
3407
msgid ""
3382
3408
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3383
3409
"/etc/openvpn/"
3384
3410
msgstr ""
3385
3411
3386
#: serverguide/C/vpn.xml:149(command)
3412
#: serverguide/C/vpn.xml:150(command)
3387
3413
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3388
3414
msgstr ""
3389
3415
3390
#: serverguide/C/vpn.xml:152(para)
3416
#: serverguide/C/vpn.xml:153(para)
3391
3417
msgid ""
3392
"Edit <filename>etc/openvpn/server.conf</filename> changing the following "
3418
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3393
3419
"options to:"
3394
3420
msgstr ""
3395
3421
3396
#: serverguide/C/vpn.xml:156(programlisting)
3422
#: serverguide/C/vpn.xml:157(programlisting)
3397
3423
#, no-wrap
3398
3424
msgid ""
3399
3425
"\n"
3400
3426
"local 172.18.100.101\n"
3401
3427
"dev tap0\n"
3428
"up \"/etc/openvpn/up.sh br0\"\n"
3429
"down \"/etc/openvpn/down.sh br0\"\n"
3430
";server 10.8.0.0 255.255.255.0\n"
3402
3431
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3403
3432
"push \"route 172.18.100.1 255.255.255.0\"\n"
3404
3433
"push \"dhcp-option DNS 172.18.100.20\"\n"
3408
3437
"group nogroup\n"
3409
3438
msgstr ""
3410
3439
3411
#: serverguide/C/vpn.xml:170(para)
3440
#: serverguide/C/vpn.xml:174(para)
3412
3441
msgid ""
3413
3442
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3414
3443
msgstr ""
3415
3444
3416
#: serverguide/C/vpn.xml:175(para)
3445
#: serverguide/C/vpn.xml:179(para)
3417
3446
msgid ""
3418
3447
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3419
3448
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3422
3451
"to clients."
3423
3452
msgstr ""
3424
3453
3425
#: serverguide/C/vpn.xml:182(para)
3454
#: serverguide/C/vpn.xml:186(para)
3426
3455
msgid ""
3427
3456
"<emphasis>push</emphasis>: are directives to add networking options for "
3428
3457
"clients."
3429
3458
msgstr ""
3430
3459
3431
#: serverguide/C/vpn.xml:187(para)
3460
#: serverguide/C/vpn.xml:191(para)
3432
3461
msgid ""
3433
3462
"<emphasis>user and group</emphasis>: configure which user and group the "
3434
3463
"<application>openvpn</application> daemon executes as."
3435
3464
msgstr ""
3436
3465
3437
#: serverguide/C/vpn.xml:194(para)
3466
#: serverguide/C/vpn.xml:198(para)
3438
3467
msgid ""
3439
3468
"Replace all IP addresses and domain names above with those of your network."
3440
3469
msgstr ""
3441
3470
3442
#: serverguide/C/vpn.xml:199(para)
3471
#: serverguide/C/vpn.xml:203(para)
3443
3472
msgid ""
3444
3473
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3445
3474
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3446
3475
msgstr ""
3447
3476
3448
#: serverguide/C/vpn.xml:203(programlisting)
3477
#: serverguide/C/vpn.xml:207(programlisting)
3449
3478
#, no-wrap
3450
3479
msgid ""
3451
3480
"\n"
3458
3487
"/usr/sbin/brctl addif $BR $DEV\n"
3459
3488
msgstr ""
3460
3489
3461
#: serverguide/C/vpn.xml:213(para)
3490
#: serverguide/C/vpn.xml:217(para)
3462
3491
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3463
3492
msgstr ""
3464
3493
3465
#: serverguide/C/vpn.xml:217(programlisting)
3494
#: serverguide/C/vpn.xml:221(programlisting)
3466
3495
#, no-wrap
3467
3496
msgid ""
3468
3497
"\n"
3475
3504
"/sbin/ifconfig $DEV down\n"
3476
3505
msgstr ""
3477
3506
3478
#: serverguide/C/vpn.xml:227(para)
3507
#: serverguide/C/vpn.xml:231(para)
3479
3508
msgid "Then make them executable:"
3480
3509
msgstr ""
3481
3510
3482
#: serverguide/C/vpn.xml:232(command)
3511
#: serverguide/C/vpn.xml:236(command)
3483
3512
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3484
3513
msgstr ""
3485
3514
3486
#: serverguide/C/vpn.xml:233(command)
3515
#: serverguide/C/vpn.xml:237(command)
3487
3516
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3488
3517
msgstr ""
3489
3518
3490
#: serverguide/C/vpn.xml:236(para)
3519
#: serverguide/C/vpn.xml:240(para)
3491
3520
msgid ""
3492
3521
"After configuring the server, restart <application>openvpn</application> by "
3493
3522
"entering:"
3494
3523
msgstr ""
3495
3524
3496
#: serverguide/C/vpn.xml:241(command) serverguide/C/vpn.xml:281(command)
3525
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3497
3526
msgid "sudo /etc/init.d/openvpn restart"
3498
3527
msgstr ""
3499
3528
3500
#: serverguide/C/vpn.xml:246(title)
3529
#: serverguide/C/vpn.xml:250(title)
3501
3530
msgid "Client Configuration"
3502
3531
msgstr ""
3503
3532
3504
#: serverguide/C/vpn.xml:248(para)
3533
#: serverguide/C/vpn.xml:252(para)
3534
msgid "First, install <application>openvpn</application> on the client:"
3535
msgstr ""
3536
3537
#: serverguide/C/vpn.xml:260(para)
3505
3538
msgid ""
3506
"With the server configured and the client certificates copied over, create a "
3507
"client configuration file by copying the example. In a terminal on the "
3508
"client machine enter:"
3539
"Then with the server configured and the client certificates copied to the "
3540
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3541
"file by copying the example. In a terminal on the client machine enter:"
3509
3542
msgstr ""
3510
3543
3511
#: serverguide/C/vpn.xml:254(command)
3544
#: serverguide/C/vpn.xml:266(command)
3512
3545
msgid ""
3513
3546
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3514
3547
"/etc/openvpn"
3515
3548
msgstr ""
3516
3549
3517
#: serverguide/C/vpn.xml:257(para)
3550
#: serverguide/C/vpn.xml:269(para)
3518
3551
msgid ""
3519
3552
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3520
3553
"following options:"
3521
3554
msgstr ""
3522
3555
3523
#: serverguide/C/vpn.xml:261(programlisting)
3556
#: serverguide/C/vpn.xml:273(programlisting)
3524
3557
#, no-wrap
3525
3558
msgid ""
3526
3559
"\n"
3531
3564
"tls-auth ta.key 1\n"
3532
3565
msgstr ""
3533
3566
3534
#: serverguide/C/vpn.xml:270(para)
3567
#: serverguide/C/vpn.xml:282(para)
3535
3568
msgid ""
3536
3569
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3537
3570
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3538
3571
"key filenames."
3539
3572
msgstr ""
3540
3573
3541
#: serverguide/C/vpn.xml:276(para)
3574
#: serverguide/C/vpn.xml:288(para)
3542
3575
msgid "Finally, restart <application>openvpn</application>:"
3543
3576
msgstr ""
3544
3577
3545
#: serverguide/C/vpn.xml:284(para)
3578
#: serverguide/C/vpn.xml:296(para)
3546
3579
msgid "You should now be able to connect to the remote LAN through the VPN."
3547
3580
msgstr ""
3548
3581
3549
#: serverguide/C/vpn.xml:295(para)
3582
#: serverguide/C/vpn.xml:307(para)
3550
3583
msgid ""
3551
3584
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3552
3585
"additional information."
3553
3586
msgstr ""
3554
3587
3555
#: serverguide/C/vpn.xml:300(para)
3588
#: serverguide/C/vpn.xml:312(para)
3556
3589
msgid ""
3557
3590
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3558
3591
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3559
3592
msgstr ""
3560
3593
3594
#: serverguide/C/vpn.xml:318(para)
3595
msgid ""
3596
"Another source of further information is the <ulink "
3597
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3598
"OpenVPN</ulink> page."
3599
msgstr ""
3600
3561
3601
#: serverguide/C/virtualization.xml:13(title)
3562
3602
msgid "Virtualization"
3563
3603
msgstr ""
3594
3634
"<application>KVM</application>. Enter the following from a terminal prompt:"
3595
3635
msgstr ""
3596
3636
3597
#: serverguide/C/virtualization.xml:34(command)
3598
msgid "egrep '(vmx|svm)' /proc/cpuinfo"
3637
#: serverguide/C/virtualization.xml:35(command)
3638
msgid "kvm-ok"
3599
3639
msgstr ""
3600
3640
3601
#: serverguide/C/virtualization.xml:36(para)
3641
#: serverguide/C/virtualization.xml:37(para)
3602
3642
msgid ""
3603
"If nothing is printed, it means that your cpu does <emphasis>not</emphasis> "
3604
"support hardware virtualization."
3643
"A message will be printed informing you if your CPU "
3644
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3645
"virtualization."
3605
3646
msgstr ""
3606
3647
3607
#: serverguide/C/virtualization.xml:40(para)
3648
#: serverguide/C/virtualization.xml:41(para)
3608
3649
msgid ""
3609
3650
"On most computer whose processor supports virtualization, it is necessary to "
3610
"activate an option in the bios to enable it. The method described above does "
3611
"not show the status of it's activation."
3651
"activate an option in the BIOS to enable it."
3612
3652
msgstr ""
3613
3653
3614
3654
#: serverguide/C/virtualization.xml:47(title)
3684
3724
msgid ""
3685
3725
"There are several ways to automate the Ubuntu installation process, for "
3686
3726
"example using preseeds, kickstart, etc. Refer to the <ulink "
3687
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
3688
"Guide</ulink> for details."
3727
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
3728
"Installation Guide</ulink> for details."
3689
3729
msgstr ""
3690
3730
3691
3731
#: serverguide/C/virtualization.xml:98(para)
4050
4090
"technology in Ubuntu."
4051
4091
msgstr ""
4052
4092
4053
#: serverguide/C/virtualization.xml:394(title)
4093
#: serverguide/C/virtualization.xml:391(para)
4094
msgid ""
4095
"Another good resource is the <ulink "
4096
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4097
msgstr ""
4098
4099
#: serverguide/C/virtualization.xml:399(title)
4054
4100
msgid "JeOS and vmbuilder"
4055
4101
msgstr ""
4056
4102
4057
#: serverguide/C/virtualization.xml:400(title)
4103
#: serverguide/C/virtualization.xml:405(title)
4058
4104
msgid "What is JeOS"
4059
4105
msgstr ""
4060
4106
4061
#: serverguide/C/virtualization.xml:402(para)
4107
#: serverguide/C/virtualization.xml:407(para)
4062
4108
msgid ""
4063
4109
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4064
4110
"variant of the Ubuntu Server operating system, configured specifically for "
4066
4112
"only as an option either:"
4067
4113
msgstr ""
4068
4114
4069
#: serverguide/C/virtualization.xml:409(para)
4115
#: serverguide/C/virtualization.xml:414(para)
4070
4116
msgid ""
4071
4117
"While installing from the Server Edition ISO (pressing "
4072
4118
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4073
4119
"installation\", which is the package selection equivalent to JeOS)."
4074
4120
msgstr ""
4075
4121
4076
#: serverguide/C/virtualization.xml:415(para)
4122
#: serverguide/C/virtualization.xml:420(para)
4077
4123
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4078
4124
msgstr ""
4079
4125
4080
#: serverguide/C/virtualization.xml:421(para)
4126
#: serverguide/C/virtualization.xml:426(para)
4081
4127
msgid ""
4082
4128
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4083
4129
"kernel that only contains the base elements needed to run within a "
4084
4130
"virtualized environment."
4085
4131
msgstr ""
4086
4132
4087
#: serverguide/C/virtualization.xml:426(para)
4133
#: serverguide/C/virtualization.xml:431(para)
4088
4134
msgid ""
4089
4135
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4090
4136
"in the latest virtualization products from VMware. This combination of "
4093
4139
"deployments."
4094
4140
msgstr ""
4095
4141
4096
#: serverguide/C/virtualization.xml:432(para)
4142
#: serverguide/C/virtualization.xml:437(para)
4097
4143
msgid ""
4098
4144
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4099
4145
"can configure their supporting OS exactly as they require. They have the "
4104
4150
"than they would have had to with a standard full installation of a server."
4105
4151
msgstr ""
4106
4152
4107
#: serverguide/C/virtualization.xml:441(title)
4153
#: serverguide/C/virtualization.xml:446(title)
4108
4154
msgid "What is vmbuilder"
4109
4155
msgstr ""
4110
4156
4111
#: serverguide/C/virtualization.xml:443(para)
4157
#: serverguide/C/virtualization.xml:448(para)
4112
4158
msgid ""
4113
4159
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4114
"will fetch the various package and build a virtual machine tailored for our "
4115
"need in about a minute for us. Vmbuilder is a Script that automates the "
4116
"process of creating a ready to use Linux based VM. The currently supported "
4117
"hypervisors are KVM and Xen."
4160
"will fetch the various package and build a virtual machine tailored for your "
4161
"needs in about a minute. vmbuilder is a script that automates the process of "
4162
"creating a ready to use Linux based VM. The currently supported hypervisors "
4163
"are KVM and Xen."
4118
4164
msgstr ""
4119
4165
4120
#: serverguide/C/virtualization.xml:449(para)
4166
#: serverguide/C/virtualization.xml:454(para)
4121
4167
msgid ""
4122
4168
"You can pass command line options to add extra packages, remove packages, "
4123
4169
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4125
4171
"a local mirror, you can bootstrap a VM in less than a minute."
4126
4172
msgstr ""
4127
4173
4128
#: serverguide/C/virtualization.xml:455(para)
4174
#: serverguide/C/virtualization.xml:460(para)
4129
4175
msgid ""
4130
"First introduced as a shell script in Ubuntu 8.04LTS, <application>ubuntu-vm-"
4131
"builder</application> started with little emphasis as a hack to help "
4176
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4177
"vm-builder</application> started with little emphasis as a hack to help "
4132
4178
"developers test their new code in a virtual machine without having to "
4133
4179
"restart from scratch each time. As a few Ubuntu administrators started to "
4134
4180
"notice this script, a few of them went on improving it and adapting it for "
4137
4183
"scratch for Intrepid as a python script with a few new design goals:"
4138
4184
msgstr ""
4139
4185
4140
#: serverguide/C/virtualization.xml:465(para)
4186
#: serverguide/C/virtualization.xml:470(para)
4141
4187
msgid "Develop it so that it can be reused by other distributions."
4142
4188
msgstr ""
4143
4189
4144
#: serverguide/C/virtualization.xml:470(para)
4190
#: serverguide/C/virtualization.xml:475(para)
4145
4191
msgid ""
4146
4192
"Use a plugin mechanisms for all virtualization interactions so that others "
4147
4193
"can easily add logic for other virtualization environments."
4148
4194
msgstr ""
4149
4195
4150
#: serverguide/C/virtualization.xml:475(para)
4196
#: serverguide/C/virtualization.xml:480(para)
4151
4197
msgid ""
4152
4198
"Provide an easy to maintain web interface as an option to the command line "
4153
4199
"interface."
4154
4200
msgstr ""
4155
4201
4156
#: serverguide/C/virtualization.xml:481(para)
4202
#: serverguide/C/virtualization.xml:486(para)
4157
4203
msgid "But the general principles and commands remain the same."
4158
4204
msgstr ""
4159
4205
4160
#: serverguide/C/virtualization.xml:488(title)
4206
#: serverguide/C/virtualization.xml:493(title)
4161
4207
msgid "Initial Setup"
4162
4208
msgstr ""
4163
4209
4164
#: serverguide/C/virtualization.xml:490(para)
4210
#: serverguide/C/virtualization.xml:495(para)
4165
4211
msgid ""
4166
4212
"It is assumed that you have installed and configured "
4167
4213
"<application>libvirt</application> and <application>KVM</application> "
4169
4215
"please refer to:"
4170
4216
msgstr ""
4171
4217
4172
#: serverguide/C/virtualization.xml:502(para)
4218
#: serverguide/C/virtualization.xml:507(para)
4173
4219
msgid ""
4174
4220
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4175
4221
"page."
4176
4222
msgstr ""
4177
4223
4178
#: serverguide/C/virtualization.xml:508(para)
4224
#: serverguide/C/virtualization.xml:513(para)
4179
4225
msgid ""
4180
4226
"We also assume that you know how to use a text based text editor such as "
4181
4227
"nano or vi. If you have not used any of them before, you can get an overview "
4185
4231
"principle should remain on other virtualization technologies."
4186
4232
msgstr ""
4187
4233
4188
#: serverguide/C/virtualization.xml:516(title)
4234
#: serverguide/C/virtualization.xml:521(title)
4189
4235
msgid "Install vmbuilder"
4190
4236
msgstr ""
4191
4237
4192
#: serverguide/C/virtualization.xml:518(para)
4238
#: serverguide/C/virtualization.xml:523(para)
4193
4239
msgid ""
4194
4240
"The name of the package that we need to install is <application>python-vm-"
4195
4241
"builder</application>. In a terminal prompt enter:"
4196
4242
msgstr ""
4197
4243
4198
#: serverguide/C/virtualization.xml:523(command)
4244
#: serverguide/C/virtualization.xml:528(command)
4199
4245
msgid "sudo apt-get install python-vm-builder"
4200
4246
msgstr ""
4201
4247
4202
#: serverguide/C/virtualization.xml:527(para)
4248
#: serverguide/C/virtualization.xml:532(para)
4203
4249
msgid ""
4204
4250
"If you are running Hardy, you can still perform most of this using the older "
4205
4251
"version of the package named <application>ubuntu-vm-builder</application>, "
4206
4252
"there are only a few changes to the syntax of the tool."
4207
4253
msgstr ""
4208
4254
4209
#: serverguide/C/virtualization.xml:536(title)
4255
#: serverguide/C/virtualization.xml:541(title)
4210
4256
msgid "Defining Your Virtual Machine"
4211
4257
msgstr ""
4212
4258
4213
#: serverguide/C/virtualization.xml:538(para)
4259
#: serverguide/C/virtualization.xml:543(para)
4214
4260
msgid ""
4215
4261
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4216
4262
"are a few thing to consider:"
4217
4263
msgstr ""
4218
4264
4219
#: serverguide/C/virtualization.xml:544(para)
4265
#: serverguide/C/virtualization.xml:549(para)
4220
4266
msgid ""
4221
4267
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4222
4268
"will know how to extend disk size to fit their need, so either plan for a "
4225
4271
"a good idea to store data on some separate external storage."
4226
4272
msgstr ""
4227
4273
4228
#: serverguide/C/virtualization.xml:551(para)
4274
#: serverguide/C/virtualization.xml:556(para)
4229
4275
msgid ""
4230
4276
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4231
4277
"whatever you think is a safe minimum for your appliance."
4232
4278
msgstr ""
4233
4279
4234
#: serverguide/C/virtualization.xml:557(para)
4280
#: serverguide/C/virtualization.xml:562(para)
4235
4281
msgid ""
4236
4282
"The <application>vmbuilder</application> command has 2 main parameters: the "
4237
4283
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4239
4285
"and can be found using the following command:"
4240
4286
msgstr ""
4241
4287
4242
#: serverguide/C/virtualization.xml:563(command)
4288
#: serverguide/C/virtualization.xml:568(command)
4243
4289
msgid "vmbuilder --help"
4244
4290
msgstr ""
4245
4291
4246
#: serverguide/C/virtualization.xml:567(title)
4292
#: serverguide/C/virtualization.xml:572(title)
4247
4293
msgid "Base Parameters"
4248
4294
msgstr ""
4249
4295
4250
#: serverguide/C/virtualization.xml:569(para)
4296
#: serverguide/C/virtualization.xml:574(para)
4251
4297
msgid ""
4252
"As this example is based on <application>KVM</application> and Ubuntu 9.10 "
4253
"(Karmic Koala), and we are likely to rebuild the same virtual machine "
4298
"As this example is based on <application>KVM</application> and Ubuntu 10.04 "
4299
"LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
4254
4300
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4255
4301
msgstr ""
4256
4302
4257
#: serverguide/C/virtualization.xml:575(command)
4303
#: serverguide/C/virtualization.xml:580(command)
4258
4304
msgid ""
4259
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4305
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4260
4306
"libvirt qemu:///system"
4261
4307
msgstr ""
4262
4308
4263
#: serverguide/C/virtualization.xml:578(para)
4309
#: serverguide/C/virtualization.xml:583(para)
4264
4310
msgid ""
4265
4311
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4266
4312
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4271
4317
"add the resulting VM to the list of available machines."
4272
4318
msgstr ""
4273
4319
4274
#: serverguide/C/virtualization.xml:586(para)
4320
#: serverguide/C/virtualization.xml:591(para)
4275
4321
msgid "Notes:"
4276
4322
msgstr ""
4277
4323
4278
#: serverguide/C/virtualization.xml:592(para)
4324
#: serverguide/C/virtualization.xml:597(para)
4279
4325
msgid ""
4280
4326
"Because of the nature of operations performed by vmbuilder, it needs to have "
4281
4327
"root privilege, hence the use of sudo."
4282
4328
msgstr ""
4283
4329
4284
#: serverguide/C/virtualization.xml:597(para)
4330
#: serverguide/C/virtualization.xml:602(para)
4285
4331
msgid ""
4286
4332
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4287
4333
"a 64 bit machine (--arch amd64)."
4288
4334
msgstr ""
4289
4335
4290
#: serverguide/C/virtualization.xml:602(para)
4336
#: serverguide/C/virtualization.xml:607(para)
4291
4337
msgid ""
4292
4338
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4293
4339
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4294
4340
"use <emphasis>--flavour</emphasis> server instead."
4295
4341
msgstr ""
4296
4342
4297
#: serverguide/C/virtualization.xml:610(title)
4343
#: serverguide/C/virtualization.xml:615(title)
4298
4344
msgid "JeOS Installation Parameters"
4299
4345
msgstr ""
4300
4346
4301
#: serverguide/C/virtualization.xml:613(title)
4347
#: serverguide/C/virtualization.xml:618(title)
4302
4348
msgid "JeOS Networking"
4303
4349
msgstr ""
4304
4350
4305
#: serverguide/C/virtualization.xml:616(title)
4351
#: serverguide/C/virtualization.xml:621(title)
4306
4352
msgid "Assigning a fixed IP address"
4307
4353
msgstr ""
4308
4354
4309
#: serverguide/C/virtualization.xml:618(para)
4355
#: serverguide/C/virtualization.xml:623(para)
4310
4356
msgid ""
4311
4357
"As a virtual appliance that may be deployed on various very different "
4312
4358
"networks, it is very difficult to know what the actual network will look "
4317
4363
"192.168.0.0/255 is usually a good choice."
4318
4364
msgstr ""
4319
4365
4320
#: serverguide/C/virtualization.xml:625(para)
4366
#: serverguide/C/virtualization.xml:630(para)
4321
4367
msgid "To do this we'll use the following parameters:"
4322
4368
msgstr ""
4323
4369
4324
#: serverguide/C/virtualization.xml:631(para)
4370
#: serverguide/C/virtualization.xml:636(para)
4325
4371
msgid ""
4326
4372
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4327
4373
"dhcp if not specified)"
4328
4374
msgstr ""
4329
4375
4330
#: serverguide/C/virtualization.xml:636(para)
4376
#: serverguide/C/virtualization.xml:641(para)
4331
4377
msgid ""
4332
4378
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4333
4379
"255.255.255.0)"
4334
4380
msgstr ""
4335
4381
4336
#: serverguide/C/virtualization.xml:641(para)
4382
#: serverguide/C/virtualization.xml:646(para)
4337
4383
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4338
4384
msgstr ""
4339
4385
4340
#: serverguide/C/virtualization.xml:646(para)
4386
#: serverguide/C/virtualization.xml:651(para)
4341
4387
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4342
4388
msgstr ""
4343
4389
4344
#: serverguide/C/virtualization.xml:651(para)
4390
#: serverguide/C/virtualization.xml:656(para)
4345
4391
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4346
4392
msgstr ""
4347
4393
4348
#: serverguide/C/virtualization.xml:656(para)
4394
#: serverguide/C/virtualization.xml:661(para)
4349
4395
msgid ""
4350
4396
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4351
4397
msgstr ""
4352
4398
4353
#: serverguide/C/virtualization.xml:662(para)
4399
#: serverguide/C/virtualization.xml:667(para)
4354
4400
msgid ""
4355
4401
"We assume for now that default values are good enough, so the resulting "
4356
4402
"invocation becomes:"
4357
4403
msgstr ""
4358
4404
4359
#: serverguide/C/virtualization.xml:667(command)
4405
#: serverguide/C/virtualization.xml:672(command)
4360
4406
msgid ""
4361
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4407
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4362
4408
"libvirt qemu:///system --ip 192.168.0.100"
4363
4409
msgstr ""
4364
4410
4365
#: serverguide/C/virtualization.xml:672(title)
4411
#: serverguide/C/virtualization.xml:677(title)
4366
4412
msgid "Modifying the libvirt Template to use Bridging"
4367
4413
msgstr ""
4368
4414
4369
#: serverguide/C/virtualization.xml:674(para)
4415
#: serverguide/C/virtualization.xml:679(para)
4370
4416
msgid ""
4371
4417
"Because our appliance will be likely to need to be accessed by remote hosts, "
4372
4418
"we need to configure libvirt so that the appliance uses bridge networking. "
4373
4419
"To do this we use vmbuilder template mechanism to modify the default one."
4374
4420
msgstr ""
4375
4421
4376
#: serverguide/C/virtualization.xml:679(para)
4422
#: serverguide/C/virtualization.xml:684(para)
4377
4423
msgid ""
4378
4424
"In our working directory we create the template hierarchy and copy the "
4379
4425
"default template:"
4380
4426
msgstr ""
4381
4427
4382
#: serverguide/C/virtualization.xml:684(command)
4428
#: serverguide/C/virtualization.xml:689(command)
4383
4429
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4384
4430
msgstr ""
4385
4431
4386
#: serverguide/C/virtualization.xml:685(command)
4432
#: serverguide/C/virtualization.xml:690(command)
4387
4433
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4388
4434
msgstr ""
4389
4435
4390
#: serverguide/C/virtualization.xml:688(para)
4436
#: serverguide/C/virtualization.xml:693(para)
4391
4437
msgid ""
4392
4438
"We can then edit "
4393
4439
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4394
4440
"change:"
4395
4441
msgstr ""
4396
4442
4397
#: serverguide/C/virtualization.xml:692(programlisting)
4443
#: serverguide/C/virtualization.xml:697(programlisting)
4398
4444
#, no-wrap
4399
4445
msgid ""
4400
4446
"\n"
4403
4449
" </interface>\n"
4404
4450
msgstr ""
4405
4451
4406
#: serverguide/C/virtualization.xml:698(para)
4452
#: serverguide/C/virtualization.xml:703(para)
4407
4453
msgid "To:"
4408
4454
msgstr ""
4409
4455
4410
#: serverguide/C/virtualization.xml:702(programlisting)
4456
#: serverguide/C/virtualization.xml:707(programlisting)
4411
4457
#, no-wrap
4412
4458
msgid ""
4413
4459
"\n"
4416
4462
" </interface>\n"
4417
4463
msgstr ""
4418
4464
4419
#: serverguide/C/virtualization.xml:712(title) serverguide/C/installation.xml:407(title)
4465
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4420
4466
msgid "Partitioning"
4421
4467
msgstr ""
4422
4468
4423
#: serverguide/C/virtualization.xml:714(para)
4469
#: serverguide/C/virtualization.xml:719(para)
4424
4470
msgid ""
4425
4471
"Partitioning of the virtual appliance will have to take into consideration "
4426
4472
"what you are planning to do with is. Because most appliances want to have a "
4428
4474
"make sense."
4429
4475
msgstr ""
4430
4476
4431
#: serverguide/C/virtualization.xml:719(para)
4477
#: serverguide/C/virtualization.xml:724(para)
4432
4478
msgid ""
4433
4479
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4434
4480
msgstr ""
4435
4481
4436
#: serverguide/C/virtualization.xml:723(programlisting)
4482
#: serverguide/C/virtualization.xml:728(programlisting)
4437
4483
#, no-wrap
4438
4484
msgid ""
4439
4485
"\n"
4440
4486
"--part PATH\n"
4441
" Allows to specify a partition table in partfile each line of partfile "
4442
"should specify\n"
4487
" Allows you to specify a partition table in a partition file, located at "
4488
"PATH. Each line of the partition file should specify\n"
4443
4489
" (root first):\n"
4444
4490
" mountpoint size\n"
4445
4491
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4453
4499
" /log 1500\n"
4454
4500
msgstr ""
4455
4501
4456
#: serverguide/C/virtualization.xml:738(para)
4502
#: serverguide/C/virtualization.xml:743(para)
4457
4503
msgid ""
4458
4504
"In our case we will define a text file name "
4459
4505
"<filename>vmbuilder.partition</filename> which will contain the following:"
4460
4506
msgstr ""
4461
4507
4462
#: serverguide/C/virtualization.xml:742(programlisting)
4508
#: serverguide/C/virtualization.xml:747(programlisting)
4463
4509
#, no-wrap
4464
4510
msgid ""
4465
4511
"\n"
4469
4515
"/var 20000\n"
4470
4516
msgstr ""
4471
4517
4472
#: serverguide/C/virtualization.xml:750(para)
4518
#: serverguide/C/virtualization.xml:755(para)
4473
4519
msgid ""
4474
4520
"Note that as we are using virtual disk images, the actual sizes that we put "
4475
4521
"here are maximum sizes for these volumes."
4476
4522
msgstr ""
4477
4523
4478
#: serverguide/C/virtualization.xml:755(para)
4524
#: serverguide/C/virtualization.xml:760(para)
4479
4525
msgid "Our command line now looks like:"
4480
4526
msgstr ""
4481
4527
4482
#: serverguide/C/virtualization.xml:760(command)
4528
#: serverguide/C/virtualization.xml:765(command)
4483
4529
msgid ""
4484
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 \\ -o "
4485
"--libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4530
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4531
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4486
4532
msgstr ""
4487
4533
4488
#: serverguide/C/virtualization.xml:765(para)
4534
#: serverguide/C/virtualization.xml:770(para)
4489
4535
msgid ""
4490
4536
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4491
4537
"next line."
4492
4538
msgstr ""
4493
4539
4494
#: serverguide/C/virtualization.xml:772(title)
4540
#: serverguide/C/virtualization.xml:777(title)
4495
4541
msgid "User and Password"
4496
4542
msgstr ""
4497
4543
4498
#: serverguide/C/virtualization.xml:774(para)
4544
#: serverguide/C/virtualization.xml:779(para)
4499
4545
msgid ""
4500
4546
"Again setting up a virtual appliance, you will need to provide a default "
4501
4547
"user and password that is generic so that you can include it in your "
4506
4552
"as my user name, and <emphasis>'default'</emphasis> as the password."
4507
4553
msgstr ""
4508
4554
4509
#: serverguide/C/virtualization.xml:782(para)
4555
#: serverguide/C/virtualization.xml:787(para)
4510
4556
msgid "To do this we use the following optional parameters:"
4511
4557
msgstr ""
4512
4558
4513
#: serverguide/C/virtualization.xml:788(para)
4559
#: serverguide/C/virtualization.xml:793(para)
4514
4560
msgid ""
4515
4561
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4516
4562
"Default: ubuntu."
4517
4563
msgstr ""
4518
4564
4519
#: serverguide/C/virtualization.xml:793(para)
4565
#: serverguide/C/virtualization.xml:798(para)
4520
4566
msgid ""
4521
4567
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4522
4568
"added. Default: Ubuntu."
4523
4569
msgstr ""
4524
4570
4525
#: serverguide/C/virtualization.xml:798(para)
4571
#: serverguide/C/virtualization.xml:803(para)
4526
4572
msgid ""
4527
4573
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4528
4574
"Default: ubuntu."
4529
4575
msgstr ""
4530
4576
4531
#: serverguide/C/virtualization.xml:804(para)
4577
#: serverguide/C/virtualization.xml:809(para)
4532
4578
msgid "Our resulting command line becomes:"
4533
4579
msgstr ""
4534
4580
4535
#: serverguide/C/virtualization.xml:809(command)
4581
#: serverguide/C/virtualization.xml:814(command)
4536
4582
msgid ""
4537
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
4538
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4539
"-user user --name user --pass default"
4583
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4584
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
4585
"user user --name user --pass default"
4540
4586
msgstr ""
4541
4587
4542
#: serverguide/C/virtualization.xml:817(title)
4588
#: serverguide/C/virtualization.xml:822(title)
4543
4589
msgid "Installing Required Packages"
4544
4590
msgstr ""
4545
4591
4546
#: serverguide/C/virtualization.xml:819(para)
4592
#: serverguide/C/virtualization.xml:824(para)
4547
4593
msgid ""
4548
4594
"In this example we will be installing a package "
4549
4595
"<application>(Limesurvey)</application> that accesses a "
4551
4597
"therefore require our OS to provide us with:"
4552
4598
msgstr ""
4553
4599
4554
#: serverguide/C/virtualization.xml:826(para)
4600
#: serverguide/C/virtualization.xml:831(para)
4555
4601
msgid "Apache"
4556
4602
msgstr ""
4557
4603
4558
#: serverguide/C/virtualization.xml:827(para)
4604
#: serverguide/C/virtualization.xml:832(para)
4559
4605
msgid "PHP"
4560
4606
msgstr ""
4561
4607
4562
#: serverguide/C/virtualization.xml:828(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4608
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4563
4609
msgid "MySQL"
4564
4610
msgstr ""
4565
4611
4566
#: serverguide/C/virtualization.xml:829(para) serverguide/C/remote-administration.xml:20(title)
4612
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:20(title)
4567
4613
msgid "OpenSSH Server"
4568
4614
msgstr ""
4569
4615
4570
#: serverguide/C/virtualization.xml:830(para)
4616
#: serverguide/C/virtualization.xml:835(para)
4571
4617
msgid "Limesurvey (as an example application that we have packaged)"
4572
4618
msgstr ""
4573
4619
4574
#: serverguide/C/virtualization.xml:833(para)
4620
#: serverguide/C/virtualization.xml:838(para)
4575
4621
msgid ""
4576
"This is done using vmbuilder by specifying the --addpkg command multiple "
4622
"This is done using vmbuilder by specifying the --addpkg option multiple "
4577
4623
"times:"
4578
4624
msgstr ""
4579
4625
4580
#: serverguide/C/virtualization.xml:837(programlisting)
4626
#: serverguide/C/virtualization.xml:842(programlisting)
4581
4627
#, no-wrap
4582
4628
msgid ""
4583
4629
"\n"
4585
4631
" Install PKG into the guest (can be specfied multiple times)\n"
4586
4632
msgstr ""
4587
4633
4588
#: serverguide/C/virtualization.xml:842(para)
4634
#: serverguide/C/virtualization.xml:847(para)
4589
4635
msgid ""
4590
4636
"However, due to the way vmbuilder operates, packages that have to ask "
4591
4637
"questions to the user during the post install phase are not supported and "
4593
4639
"of Limesurvey, which we will have to install later, once the user logs in."
4594
4640
msgstr ""
4595
4641
4596
#: serverguide/C/virtualization.xml:848(para)
4642
#: serverguide/C/virtualization.xml:853(para)
4597
4643
msgid ""
4598
4644
"Other packages that ask simple debconf question, such as <application>mysql-"
4599
4645
"server</application> asking to set a password, the package can be installed "
4601
4647
"in."
4602
4648
msgstr ""
4603
4649
4604
#: serverguide/C/virtualization.xml:854(para)
4650
#: serverguide/C/virtualization.xml:859(para)
4605
4651
msgid ""
4606
4652
"If some packages that we need to install are not in main, we need to enable "
4607
4653
"the additional repositories using --comp and --ppa:"
4608
4654
msgstr ""
4609
4655
4610
#: serverguide/C/virtualization.xml:858(programlisting)
4656
#: serverguide/C/virtualization.xml:863(programlisting)
4611
4657
#, no-wrap
4612
4658
msgid ""
4613
4659
"\n"
4618
4664
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4619
4665
msgstr ""
4620
4666
4621
#: serverguide/C/virtualization.xml:865(para)
4667
#: serverguide/C/virtualization.xml:870(para)
4622
4668
msgid ""
4623
4669
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4624
4670
"PPA (personal package archive) address so that it is added to the VM "
4626
4672
"to the command line:"
4627
4673
msgstr ""
4628
4674
4629
#: serverguide/C/virtualization.xml:871(command)
4675
#: serverguide/C/virtualization.xml:876(command)
4630
4676
msgid ""
4631
4677
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4632
4678
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4635
4681
"server --ppa nijaba"
4636
4682
msgstr ""
4637
4683
4638
#: serverguide/C/virtualization.xml:878(title)
4684
#: serverguide/C/virtualization.xml:883(title)
4639
4685
msgid "OpenSSH"
4640
4686
msgstr ""
4641
4687
4642
#: serverguide/C/virtualization.xml:880(para)
4688
#: serverguide/C/virtualization.xml:885(para)
4643
4689
msgid ""
4644
4690
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4645
4691
"it will allow our admins to access the appliance remotely. However, pushing "
4653
4699
"interaction."
4654
4700
msgstr ""
4655
4701
4656
#: serverguide/C/virtualization.xml:892(title)
4702
#: serverguide/C/virtualization.xml:897(title)
4657
4703
msgid "Speed Considerations"
4658
4704
msgstr ""
4659
4705
4660
#: serverguide/C/virtualization.xml:895(title)
4706
#: serverguide/C/virtualization.xml:900(title)
4661
4707
msgid "Package Caching"
4662
4708
msgstr ""
4663
4709
4664
#: serverguide/C/virtualization.xml:897(para)
4710
#: serverguide/C/virtualization.xml:902(para)
4665
4711
msgid ""
4666
4712
"When vmbuilder creates builds your system, it has to go fetch each one of "
4667
4713
"the packages that composes it over the network to one of the official "
4669
4715
"load of the mirror, can have a big impact on the actual build time. In order "
4670
4716
"to reduce this, it is recommended to either have a local repository (which "
4671
4717
"can be created using <application>apt-mirror</application>) or using a "
4672
"caching proxy such as <application>apt-cache</application>. The later option "
4718
"caching proxy such as <application>apt-proxy</application>. The later option "
4673
4719
"being much simpler to implement and requiring less disk space, it is the one "
4674
4720
"we will pick in this tutorial. To install it, simply type:"
4675
4721
msgstr ""
4676
4722
4677
#: serverguide/C/virtualization.xml:907(command)
4723
#: serverguide/C/virtualization.xml:912(command)
4678
4724
msgid "sudo apt-get install apt-proxy"
4679
4725
msgstr ""
4680
4726
4681
#: serverguide/C/virtualization.xml:910(para)
4727
#: serverguide/C/virtualization.xml:915(para)
4682
4728
msgid ""
4683
4729
"Once this is complete, your (empty) proxy is ready for use on "
4684
4730
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4686
4732
"option:"
4687
4733
msgstr ""
4688
4734
4689
#: serverguide/C/virtualization.xml:915(programlisting)
4735
#: serverguide/C/virtualization.xml:920(programlisting)
4690
4736
#, no-wrap
4691
4737
msgid ""
4692
4738
"\n"
4696
4742
" otherwise\n"
4697
4743
msgstr ""
4698
4744
4699
#: serverguide/C/virtualization.xml:922(para)
4745
#: serverguide/C/virtualization.xml:927(para)
4700
4746
msgid "So we add to the command line:"
4701
4747
msgstr ""
4702
4748
4703
#: serverguide/C/virtualization.xml:927(command)
4749
#: serverguide/C/virtualization.xml:932(command)
4704
4750
msgid "--mirror http://mirroraddress:9999/ubuntu"
4705
4751
msgstr ""
4706
4752
4707
#: serverguide/C/virtualization.xml:931(para)
4753
#: serverguide/C/virtualization.xml:936(para)
4708
4754
msgid ""
4709
4755
"The mirror address specified here will also be used in the "
4710
"<filename>/etc/apt/source.list</filename> of the newly created guest, so it "
4711
"is usefull to specify here an address that can be resolved by the guest or "
4712
"to plan on reseting this address later on, such as in a <emphasis>--"
4756
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4757
"is useful to specify here an address that can be resolved by the guest or to "
4758
"plan on reseting this address later on, such as in a <emphasis>--"
4713
4759
"firstboot</emphasis> script."
4714
4760
msgstr ""
4715
4761
4716
#: serverguide/C/virtualization.xml:940(title)
4762
#: serverguide/C/virtualization.xml:945(title)
4717
4763
msgid "Install a Local Mirror"
4718
4764
msgstr ""
4719
4765
4720
#: serverguide/C/virtualization.xml:942(para)
4766
#: serverguide/C/virtualization.xml:947(para)
4721
4767
msgid ""
4722
4768
"If we are in a larger environment, it may make sense to setup a local mirror "
4723
4769
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4725
4771
"about 20 gigabyte of free space per supported release and architecture."
4726
4772
msgstr ""
4727
4773
4728
#: serverguide/C/virtualization.xml:948(para)
4774
#: serverguide/C/virtualization.xml:953(para)
4729
4775
msgid ""
4730
4776
"By default, <application>apt-mirror</application> uses the configuration "
4731
4777
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4736
4782
"archives as well, you will have:"
4737
4783
msgstr ""
4738
4784
4739
#: serverguide/C/virtualization.xml:955(programlisting)
4785
#: serverguide/C/virtualization.xml:960(programlisting)
4740
4786
#, no-wrap
4741
4787
msgid ""
4742
4788
"\n"
4743
"deb http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4789
"deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4744
4790
"multiverse \n"
4745
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4791
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4746
4792
"multiverse\n"
4747
4793
"\n"
4748
"deb http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4749
"universe multiverse \n"
4750
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4751
"universe multiverse \n"
4752
"\n"
4753
"deb http://archive.ubuntu.com/ubuntu/ karmic-backports main restricted "
4754
"universe multiverse \n"
4755
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-backports main restricted "
4756
"universe multiverse \n"
4757
"\n"
4758
"deb http://security.ubuntu.com/ubuntu karmic-security main restricted "
4759
"universe multiverse \n"
4760
"/deb-i386 http://security.ubuntu.com/ubuntu karmic-security main restricted "
4761
"universe multiverse \n"
4762
"\n"
4763
"deb http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4794
"deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
4795
"multiverse \n"
4796
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
4797
"universe multiverse \n"
4798
"\n"
4799
"deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
4800
"universe multiverse \n"
4801
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
4802
"universe multiverse \n"
4803
"\n"
4804
"deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
4805
"universe multiverse \n"
4806
"/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
4807
"universe multiverse \n"
4808
"\n"
4809
"deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4764
4810
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4765
4811
"installer \n"
4766
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4812
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4767
4813
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4768
4814
"installer \n"
4769
4815
msgstr ""
4770
4816
4771
#: serverguide/C/virtualization.xml:972(para)
4817
#: serverguide/C/virtualization.xml:977(para)
4772
4818
msgid ""
4773
4819
"Notice that the source packages are not mirrored as they are seldom used "
4774
4820
"compared to the binaries and they do take a lot more space, but they can be "
4775
4821
"easily added to the list."
4776
4822
msgstr ""
4777
4823
4778
#: serverguide/C/virtualization.xml:977(para)
4824
#: serverguide/C/virtualization.xml:982(para)
4779
4825
msgid ""
4780
4826
"Once the mirror has finished replicating (and this can be quite long), you "
4781
4827
"need to configure Apache so that your mirror files (in "
4784
4830
"Apache see <xref linkend=\"httpd\"/>."
4785
4831
msgstr ""
4786
4832
4787
#: serverguide/C/virtualization.xml:986(title)
4833
#: serverguide/C/virtualization.xml:991(title)
4788
4834
msgid "Installing in a RAM Disk"
4789
4835
msgstr ""
4790
4836
4791
#: serverguide/C/virtualization.xml:988(para)
4837
#: serverguide/C/virtualization.xml:993(para)
4792
4838
msgid ""
4793
4839
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4794
4840
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4796
4842
"-tmpfs</emphasis> will help you do just that:"
4797
4843
msgstr ""
4798
4844
4799
#: serverguide/C/virtualization.xml:994(programlisting)
4845
#: serverguide/C/virtualization.xml:999(programlisting)
4800
4846
#, no-wrap
4801
4847
msgid ""
4802
4848
"\n"
4804
4850
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4805
4851
msgstr ""
4806
4852
4807
#: serverguide/C/virtualization.xml:999(para)
4853
#: serverguide/C/virtualization.xml:1004(para)
4808
4854
msgid ""
4809
4855
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4810
4856
"have 1G of free ram."
4811
4857
msgstr ""
4812
4858
4813
#: serverguide/C/virtualization.xml:1006(title)
4859
#: serverguide/C/virtualization.xml:1011(title)
4814
4860
msgid "Package the Application"
4815
4861
msgstr ""
4816
4862
4817
#: serverguide/C/virtualization.xml:1008(para)
4863
#: serverguide/C/virtualization.xml:1013(para)
4818
4864
msgid "Two option are available to us:"
4819
4865
msgstr ""
4820
4866
4821
#: serverguide/C/virtualization.xml:1014(para)
4867
#: serverguide/C/virtualization.xml:1019(para)
4822
4868
msgid ""
4823
4869
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4824
4870
"package. Since this is outside of the scope of this tutorial, we will not "
4831
4877
"a tutorial on this."
4832
4878
msgstr ""
4833
4879
4834
#: serverguide/C/virtualization.xml:1023(para)
4880
#: serverguide/C/virtualization.xml:1028(para)
4835
4881
msgid ""
4836
4882
"Manually install the application under <filename>/opt</filename> as "
4837
4883
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4838
4884
"guidelines</ulink>."
4839
4885
msgstr ""
4840
4886
4841
#: serverguide/C/virtualization.xml:1030(para)
4887
#: serverguide/C/virtualization.xml:1035(para)
4842
4888
msgid ""
4843
4889
"In our case we'll use <application>Limesurvey</application> as example web "
4844
4890
"application for which we wish to provide a virtual appliance. As noted "
4846
4892
"Package Archive)."
4847
4893
msgstr ""
4848
4894
4849
#: serverguide/C/virtualization.xml:1037(title)
4895
#: serverguide/C/virtualization.xml:1042(title)
4850
4896
msgid "Finishing Install"
4851
4897
msgstr ""
4852
4898
4853
#: serverguide/C/virtualization.xml:1040(title)
4899
#: serverguide/C/virtualization.xml:1045(title)
4854
4900
msgid "First Boot"
4855
4901
msgstr ""
4856
4902
4857
#: serverguide/C/virtualization.xml:1042(para)
4903
#: serverguide/C/virtualization.xml:1047(para)
4858
4904
msgid ""
4859
4905
"As we mentioned earlier, the first time the machine boots we'll need to "
4860
4906
"install <application>openssh-server</application> so that the key generated "
4862
4908
"<filename>boot.sh</filename> as follows:"
4863
4909
msgstr ""
4864
4910
4865
#: serverguide/C/virtualization.xml:1048(programlisting)
4911
#: serverguide/C/virtualization.xml:1053(programlisting)
4866
4912
#, no-wrap
4867
4913
msgid ""
4868
4914
"\n"
4873
4919
"apt-get install -qqy --force-yes openssh-server\n"
4874
4920
msgstr ""
4875
4921
4876
#: serverguide/C/virtualization.xml:1056(para)
4922
#: serverguide/C/virtualization.xml:1061(para)
4877
4923
msgid ""
4878
4924
"And we add the <command>--firstboot boot.sh</command> option to our command "
4879
4925
"line."
4880
4926
msgstr ""
4881
4927
4882
#: serverguide/C/virtualization.xml:1062(title)
4928
#: serverguide/C/virtualization.xml:1067(title)
4883
4929
msgid "First Login"
4884
4930
msgstr ""
4885
4931
4886
#: serverguide/C/virtualization.xml:1064(para)
4932
#: serverguide/C/virtualization.xml:1069(para)
4887
4933
msgid ""
4888
4934
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4889
4935
"set them up the first time a user logs in using a script named login.sh. "
4890
4936
"We'll also use this script to let the user specify:"
4891
4937
msgstr ""
4892
4938
4893
#: serverguide/C/virtualization.xml:1070(para)
4939
#: serverguide/C/virtualization.xml:1075(para)
4894
4940
msgid "His own password"
4895
4941
msgstr ""
4896
4942
4897
#: serverguide/C/virtualization.xml:1071(para)
4943
#: serverguide/C/virtualization.xml:1076(para)
4898
4944
msgid "Define the keyboard and other locale info he wants to use"
4899
4945
msgstr ""
4900
4946
4901
#: serverguide/C/virtualization.xml:1074(para)
4947
#: serverguide/C/virtualization.xml:1079(para)
4902
4948
msgid "So we'll define <filename>login.sh</filename> as follows:"
4903
4949
msgstr ""
4904
4950
4905
#: serverguide/C/virtualization.xml:1078(programlisting)
4951
#: serverguide/C/virtualization.xml:1083(programlisting)
4906
4952
#, no-wrap
4907
4953
msgid ""
4908
4954
"\n"
4927
4973
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4928
4974
msgstr ""
4929
4975
4930
#: serverguide/C/virtualization.xml:1100(para)
4976
#: serverguide/C/virtualization.xml:1105(para)
4931
4977
msgid ""
4932
4978
"And we add the <command>--firstlogin login.sh</command> option to our "
4933
4979
"command line."
4934
4980
msgstr ""
4935
4981
4936
#: serverguide/C/virtualization.xml:1107(title)
4982
#: serverguide/C/virtualization.xml:1112(title)
4937
4983
msgid "Useful Additions"
4938
4984
msgstr ""
4939
4985
4940
#: serverguide/C/virtualization.xml:1110(title)
4986
#: serverguide/C/virtualization.xml:1115(title)
4941
4987
msgid "Configuring Automatic Updates"
4942
4988
msgstr ""
4943
4989
4944
#: serverguide/C/virtualization.xml:1112(para)
4990
#: serverguide/C/virtualization.xml:1117(para)
4945
4991
msgid ""
4946
4992
"To have your system be configured to update itself on a regular basis, we "
4947
4993
"will just install <application>unattended-upgrades</application>, so we add "
4948
4994
"the following option to our command line:"
4949
4995
msgstr ""
4950
4996
4951
#: serverguide/C/virtualization.xml:1118(command)
4997
#: serverguide/C/virtualization.xml:1123(command)
4952
4998
msgid "--addpkg unattended-upgrades"
4953
4999
msgstr ""
4954
5000
4955
#: serverguide/C/virtualization.xml:1121(para)
5001
#: serverguide/C/virtualization.xml:1126(para)
4956
5002
msgid ""
4957
5003
"As we have put our application package in a PPA, the process will update not "
4958
5004
"only the system, but also the application each time we update the version in "
4959
5005
"the PPA."
4960
5006
msgstr ""
4961
5007
4962
#: serverguide/C/virtualization.xml:1128(title)
5008
#: serverguide/C/virtualization.xml:1133(title)
4963
5009
msgid "ACPI Event Handling"
4964
5010
msgstr ""
4965
5011
4966
#: serverguide/C/virtualization.xml:1130(para)
5012
#: serverguide/C/virtualization.xml:1135(para)
4967
5013
msgid ""
4968
5014
"For your virtual machine to be able to handle restart and shutdown events it "
4969
5015
"is being sent, it is a good idea to install the acpid package as well. To do "
4970
5016
"this we just add the following option:"
4971
5017
msgstr ""
4972
5018
4973
#: serverguide/C/virtualization.xml:1136(command)
5019
#: serverguide/C/virtualization.xml:1141(command)
4974
5020
msgid "--addpkg acpid"
4975
5021
msgstr ""
4976
5022
4977
#: serverguide/C/virtualization.xml:1142(title)
5023
#: serverguide/C/virtualization.xml:1147(title)
4978
5024
msgid "Final Command"
4979
5025
msgstr ""
4980
5026
4981
#: serverguide/C/virtualization.xml:1144(para)
5027
#: serverguide/C/virtualization.xml:1149(para)
4982
5028
msgid "Here is the command with all the options discussed above:"
4983
5029
msgstr ""
4984
5030
4985
#: serverguide/C/virtualization.xml:1149(command)
5031
#: serverguide/C/virtualization.xml:1154(command)
4986
5032
msgid ""
4987
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
4988
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
4989
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
4990
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5033
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
5034
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
5035
"user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
5036
"prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
4991
5037
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
4992
5038
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
4993
5039
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
4996
5042
"firstlogin login.sh es"
4997
5043
msgstr ""
4998
5044
4999
#: serverguide/C/virtualization.xml:1164(para)
5045
#: serverguide/C/virtualization.xml:1169(para)
5000
5046
msgid ""
5001
5047
"If you are interested in learning more, have questions or suggestions, "
5002
5048
"please contact the Ubuntu Server Team at:"
5003
5049
msgstr ""
5004
5050
5005
#: serverguide/C/virtualization.xml:1169(para)
5051
#: serverguide/C/virtualization.xml:1174(para)
5006
5052
msgid "IRC: #ubuntu-server on freenode"
5007
5053
msgstr ""
5008
5054
5009
#: serverguide/C/virtualization.xml:1174(para)
5055
#: serverguide/C/virtualization.xml:1179(para)
5010
5056
msgid ""
5011
5057
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5012
5058
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5013
5059
msgstr ""
5014
5060
5015
#: serverguide/C/virtualization.xml:1182(title)
5016
msgid "Eucalyptus"
5017
msgstr ""
5018
5019
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5061
#: serverguide/C/virtualization.xml:1184(para)
5062
msgid ""
5063
"Also, see the <ulink "
5064
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5065
"Wiki</ulink> page."
5066
msgstr ""
5067
5068
#: serverguide/C/virtualization.xml:1192(title)
5069
msgid "UEC"
5070
msgstr ""
5071
5072
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5020
5073
msgid "Overview"
5021
5074
msgstr ""
5022
5075
5023
#: serverguide/C/virtualization.xml:1187(para)
5024
msgid ""
5025
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5026
"for implementing \"cloud computing\" on your own clusters. "
5027
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5028
"computing environment in order to maximize computing resources and provide a "
5029
"cloud computing environment to your users."
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:1193(para)
5033
msgid ""
5034
"This section will cover setting up a Cloud Computing environment using "
5035
"<application>Eucalyptus</application> with <application>KVM</application>. "
5036
"For more information on KVM see <xref linkend=\"libvirt\"/>."
5037
msgstr ""
5038
5039
#: serverguide/C/virtualization.xml:1198(para)
5040
msgid ""
5041
"The Cloud Computing environment will consist of three components, typically "
5042
"installed on at least two separate machines (termed the 'front-end' and "
5043
"'node(s)' for the rest of this document):"
5044
msgstr ""
5045
5046
#: serverguide/C/virtualization.xml:1205(para)
5047
msgid ""
5048
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5049
"Web configuration interface, and a Cluster Controller, which determines "
5050
"where virtual machines (VMs) will be housed and manages cluster level VM "
5051
"networking."
5052
msgstr ""
5053
5054
#: serverguide/C/virtualization.xml:1211(para)
5055
msgid ""
5056
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5057
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5058
"a host for VMs."
5076
#: serverguide/C/virtualization.xml:1197(para)
5077
msgid ""
5078
"This tutorial covers <application>UEC</application> installation from the "
5079
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5080
"with a single system serving as the <emphasis>\"all-in-one "
5081
"controller\"</emphasis>, and one or more nodes attached."
5082
msgstr ""
5083
5084
#: serverguide/C/virtualization.xml:1202(para)
5085
msgid ""
5086
"From this Tutorial you will learn how to install, configure, register and "
5087
"perform several operations on a basic <application>UEC</application> setup "
5088
"that results in a cloud with a one controller <emphasis>\"front-"
5089
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5090
"instances. You will also use examples to help get you started using your own "
5091
"private compute cloud."
5092
msgstr ""
5093
5094
#: serverguide/C/virtualization.xml:1210(title)
5095
msgid "Prerequisites"
5096
msgstr ""
5097
5098
#: serverguide/C/virtualization.xml:1212(para)
5099
msgid ""
5100
"To deploy a minimal cloud infrastructure, you’ll need at least "
5101
"<emphasis>two</emphasis> dedicated systems:"
5059
5102
msgstr ""
5060
5103
5061
5104
#: serverguide/C/virtualization.xml:1218(para)
5062
msgid ""
5063
"The simple <emphasis>System</emphasis> networking option will be used by "
5064
"default. This network method allows virtual machine instances, to obtain IP "
5065
"addresses from the local LAN, assuming that a DHCP server is properly "
5066
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5067
"Each node will be configured for bridge networking. For more details see "
5068
"<xref linkend=\"bridging\"/>."
5069
msgstr ""
5070
5071
#: serverguide/C/virtualization.xml:1228(para)
5072
msgid ""
5073
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5074
"packages. In a terminal prompt on the Front-End enter:"
5075
msgstr ""
5076
5077
#: serverguide/C/virtualization.xml:1233(command)
5078
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
5105
msgid "A front end."
5106
msgstr ""
5107
5108
#: serverguide/C/virtualization.xml:1223(para)
5109
msgid "One or more node(s)."
5110
msgstr ""
5111
5112
#: serverguide/C/virtualization.xml:1229(para)
5113
msgid ""
5114
"The following are recommendations, rather than fixed requirements. However, "
5115
"our experience in developing this documentation indicated the following "
5116
"suggestions."
5117
msgstr ""
5118
5119
#: serverguide/C/virtualization.xml:1234(title)
5120
msgid "Front End Requirements"
5079
5121
msgstr ""
5080
5122
5081
5123
#: serverguide/C/virtualization.xml:1236(para)
5082
msgid ""
5083
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5084
"controller package. In a terminal prompt on each Compute Node enter:"
5085
msgstr ""
5086
5087
#: serverguide/C/virtualization.xml:1241(command)
5088
msgid "sudo apt-get install eucalyptus-nc"
5124
msgid "Use the following table for a system that will run one or more of:"
5125
msgstr ""
5126
5127
#: serverguide/C/virtualization.xml:1241(para)
5128
msgid "Cloud Controller (CLC)"
5129
msgstr ""
5130
5131
#: serverguide/C/virtualization.xml:1242(para)
5132
msgid "Cluster Controller (CC)"
5133
msgstr ""
5134
5135
#: serverguide/C/virtualization.xml:1243(para)
5136
msgid "Walrus (the S3-like storage service)"
5089
5137
msgstr ""
5090
5138
5091
5139
#: serverguide/C/virtualization.xml:1244(para)
5092
msgid ""
5093
"Once the installation is complete, and it may take a while, in a browser go "
5094
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5095
"administration interface using the default username and password of "
5096
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5097
"password, configure an email address for the admin user, and set the storage "
5098
"URL."
5099
msgstr ""
5100
5101
#: serverguide/C/virtualization.xml:1250(para)
5102
msgid ""
5103
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5104
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5105
"configuration, the cluster controller is on the same system as the cloud "
5106
"controller, so entering 'localhost' as the cluster hostname is correct). "
5107
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5108
"button."
5109
msgstr ""
5110
5111
#: serverguide/C/virtualization.xml:1256(para)
5112
msgid ""
5113
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5114
"cluster:"
5115
msgstr ""
5116
5117
#: serverguide/C/virtualization.xml:1261(command)
5118
msgid "sudo euca_conf -addnode hostname_of_node"
5119
msgstr ""
5120
5121
#: serverguide/C/virtualization.xml:1264(para)
5122
msgid ""
5123
"You will then be prompted to log into your Node, install the "
5124
"<application>eucalyptus-nc</application> package, and add the "
5125
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5126
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5127
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5128
"synchronizing the eucalyptus component keys and node registration is "
5129
"complete."
5130
msgstr ""
5131
5132
#: serverguide/C/virtualization.xml:1270(para)
5133
msgid ""
5134
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5135
"configuration file will need editing to use your node's bridge interface "
5136
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5137
msgstr ""
5138
5139
#: serverguide/C/virtualization.xml:1275(programlisting)
5140
#, no-wrap
5141
msgid ""
5142
"\n"
5143
"VNET_INTERFACE=\"br0\"\n"
5144
"...\n"
5145
"VNET_BRIDGE=\"br0\"\n"
5146
msgstr ""
5147
5148
#: serverguide/C/virtualization.xml:1281(para)
5149
msgid "Finally, restart <application>eucalyptus-nc</application>:"
5150
msgstr ""
5151
5152
#: serverguide/C/virtualization.xml:1286(command)
5153
msgid "sudo /etc/init.d/eucalyptus-nc restart"
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:1291(para)
5157
msgid ""
5158
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5159
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5160
"hostnames."
5161
msgstr ""
5162
5163
#: serverguide/C/virtualization.xml:1297(para)
5164
msgid ""
5165
"<application>Eucalyptus</application> is now ready to host images on the "
5166
"cloud."
5167
msgstr ""
5168
5169
#: serverguide/C/virtualization.xml:1307(para)
5170
msgid ""
5171
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5172
"website</ulink> for more information."
5173
msgstr ""
5174
5175
#: serverguide/C/virtualization.xml:1312(para)
5140
msgid "Storage Controller (SC)"
5141
msgstr ""
5142
5143
#: serverguide/C/virtualization.xml:1248(title)
5144
msgid "UEC Front End Requirements"
5145
msgstr ""
5146
5147
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5148
msgid "Hardware"
5149
msgstr ""
5150
5151
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5152
msgid "Minimum"
5153
msgstr ""
5154
5155
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5156
msgid "Suggested"
5157
msgstr ""
5158
5159
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5160
msgid "Notes"
5161
msgstr ""
5162
5163
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5164
msgid "CPU"
5165
msgstr ""
5166
5167
#: serverguide/C/virtualization.xml:1265(para)
5168
msgid "1 GHz"
5169
msgstr ""
5170
5171
#: serverguide/C/virtualization.xml:1266(para)
5172
msgid "2 x 2 GHz"
5173
msgstr ""
5174
5175
#: serverguide/C/virtualization.xml:1267(para)
5176
msgid ""
5177
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5178
"a dual core processor."
5179
msgstr ""
5180
5181
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5182
msgid "Memory"
5183
msgstr ""
5184
5185
#: serverguide/C/virtualization.xml:1271(para)
5186
msgid "512 MB"
5187
msgstr ""
5188
5189
#: serverguide/C/virtualization.xml:1272(para)
5190
msgid "2 GB"
5191
msgstr ""
5192
5193
#: serverguide/C/virtualization.xml:1273(para)
5194
msgid "The Java web front end benefits from lots of available memory."
5195
msgstr ""
5196
5197
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5198
msgid "Disk"
5199
msgstr ""
5200
5201
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5202
msgid "5400 RPM IDE"
5203
msgstr ""
5204
5205
#: serverguide/C/virtualization.xml:1278(para)
5206
msgid "7200 RPM SATA"
5207
msgstr ""
5208
5209
#: serverguide/C/virtualization.xml:1279(para)
5210
msgid ""
5211
"Slower disks will work, but will yield much longer instance startup times."
5212
msgstr ""
5213
5214
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5215
msgid "Disk Space"
5216
msgstr ""
5217
5218
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5219
msgid "40 GB"
5220
msgstr ""
5221
5222
#: serverguide/C/virtualization.xml:1284(para)
5223
msgid "200 GB"
5224
msgstr ""
5225
5226
#: serverguide/C/virtualization.xml:1285(para)
5227
msgid ""
5228
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5229
"does not like to run out of disk space."
5230
msgstr ""
5231
5232
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5233
msgid "Networking"
5234
msgstr ""
5235
5236
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5237
msgid "100 Mbps"
5238
msgstr ""
5239
5240
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5241
msgid "1000 Mbps"
5242
msgstr ""
5243
5244
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5245
msgid ""
5246
"Machine images are hundreds of MB, and need to be copied over the network to "
5247
"nodes."
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1299(title)
5251
msgid "Node Requirements"
5252
msgstr ""
5253
5254
#: serverguide/C/virtualization.xml:1301(para)
5255
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5256
msgstr ""
5257
5258
#: serverguide/C/virtualization.xml:1306(para)
5259
msgid "the Node Controller (NC)"
5260
msgstr ""
5261
5262
#: serverguide/C/virtualization.xml:1310(title)
5263
msgid "UEC Node Requirements"
5264
msgstr ""
5265
5266
#: serverguide/C/virtualization.xml:1327(para)
5267
msgid "VT Extensions"
5268
msgstr ""
5269
5270
#: serverguide/C/virtualization.xml:1328(para)
5271
msgid "VT, 64-bit, Multicore"
5272
msgstr ""
5273
5274
#: serverguide/C/virtualization.xml:1329(para)
5275
msgid ""
5276
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5277
"only run 1 VM per CPU core on a Node."
5278
msgstr ""
5279
5280
#: serverguide/C/virtualization.xml:1333(para)
5281
msgid "1 GB"
5282
msgstr ""
5283
5284
#: serverguide/C/virtualization.xml:1334(para)
5285
msgid "4 GB"
5286
msgstr ""
5287
5288
#: serverguide/C/virtualization.xml:1335(para)
5289
msgid "Additional memory means more, and larger guests."
5290
msgstr ""
5291
5292
#: serverguide/C/virtualization.xml:1340(para)
5293
msgid "7200 RPM SATA or SCSI"
5294
msgstr ""
5295
5296
#: serverguide/C/virtualization.xml:1341(para)
5297
msgid ""
5298
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5299
"bottleneck."
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1346(para)
5303
msgid "100 GB"
5304
msgstr ""
5305
5306
#: serverguide/C/virtualization.xml:1347(para)
5307
msgid ""
5308
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5309
"space."
5310
msgstr ""
5311
5312
#: serverguide/C/virtualization.xml:1363(title)
5313
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5314
msgstr ""
5315
5316
#: serverguide/C/virtualization.xml:1367(para)
5317
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5318
msgstr ""
5319
5320
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5321
msgid ""
5322
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5323
msgstr ""
5324
5325
#: serverguide/C/virtualization.xml:1377(para)
5326
msgid ""
5327
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5328
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5329
msgstr ""
5330
5331
#: serverguide/C/virtualization.xml:1383(para)
5332
msgid ""
5333
"It will ask two other cloud-specific questions during the course of the "
5334
"install:"
5335
msgstr ""
5336
5337
#: serverguide/C/virtualization.xml:1388(para)
5338
msgid "Name of your cluster."
5339
msgstr ""
5340
5341
#: serverguide/C/virtualization.xml:1391(para)
5342
msgid "e.g. <emphasis>cluster1</emphasis>."
5343
msgstr ""
5344
5345
#: serverguide/C/virtualization.xml:1394(para)
5346
msgid ""
5347
"A range of public IP addresses on the LAN that the cloud can allocate to "
5348
"instances."
5349
msgstr ""
5350
5351
#: serverguide/C/virtualization.xml:1397(para)
5352
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5353
msgstr ""
5354
5355
#: serverguide/C/virtualization.xml:1405(title)
5356
msgid "Installing the Node Controller(s)"
5357
msgstr ""
5358
5359
#: serverguide/C/virtualization.xml:1407(para)
5360
msgid ""
5361
"The node controller install is even simpler. Just make sure that you are "
5362
"connected to the network on which the cloud/cluster controller is already "
5363
"running."
5364
msgstr ""
5365
5366
#: serverguide/C/virtualization.xml:1413(para)
5367
msgid "Boot from the same ISO on the node(s)."
5368
msgstr ""
5369
5370
#: serverguide/C/virtualization.xml:1423(para)
5371
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5372
msgstr ""
5373
5374
#: serverguide/C/virtualization.xml:1428(para)
5375
msgid ""
5376
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5377
"install for you."
5378
msgstr ""
5379
5380
#: serverguide/C/virtualization.xml:1433(para)
5381
msgid "Confirm the partitioning scheme."
5382
msgstr ""
5383
5384
#: serverguide/C/virtualization.xml:1438(para)
5385
msgid ""
5386
"The rest of the installation should proceed uninterrupted; complete the "
5387
"installation and reboot the node."
5388
msgstr ""
5389
5390
#: serverguide/C/virtualization.xml:1446(title)
5391
msgid "Register the Node(s)"
5392
msgstr ""
5393
5394
#: serverguide/C/virtualization.xml:1448(para)
5395
msgid ""
5396
"Nodes are the physical systems within <application>UEC</application> that "
5397
"actually run the virtual machine instances of the cloud."
5398
msgstr ""
5399
5400
#: serverguide/C/virtualization.xml:1452(para)
5401
msgid ""
5402
"Once one or more Ubuntu Server node(s) are installed and running the "
5403
"<application>eucalyptus-nc</application> service, log onto the "
5404
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5405
msgstr ""
5406
5407
#: serverguide/C/virtualization.xml:1458(command)
5408
msgid "sudo euca_conf --no-rsync --discover-nodes"
5409
msgstr ""
5410
5411
#: serverguide/C/virtualization.xml:1461(para)
5412
msgid ""
5413
"This will discover the systems on the network running the "
5414
"<application>eucalyptus-nc</application> service, and the administrator can "
5415
"confirm the registration of each node by its IP address."
5416
msgstr ""
5417
5418
#: serverguide/C/virtualization.xml:1467(para)
5419
msgid ""
5420
"If you get prompted for passwords, or receive errors from scp, you may need "
5421
"to revisit the key synchronization instructions at <ulink "
5422
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5423
"lation</ulink>."
5424
msgstr ""
5425
5426
#: serverguide/C/virtualization.xml:1475(title)
5427
msgid "Obtain Credentials"
5428
msgstr ""
5429
5430
#: serverguide/C/virtualization.xml:1477(para)
5431
msgid ""
5432
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5433
"users of the cloud will need to retrieve their credentials. This can be done "
5434
"either through a web browser, or at the command line."
5435
msgstr ""
5436
5437
#: serverguide/C/virtualization.xml:1483(title)
5438
msgid "From a Web Browser"
5439
msgstr ""
5440
5441
#: serverguide/C/virtualization.xml:1487(para)
5442
msgid ""
5443
"From your web browser (either remotely or on your Ubuntu server) access the "
5444
"following URL:"
5445
msgstr ""
5446
5447
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5448
#, no-wrap
5449
msgid ""
5450
"\n"
5451
"https://<cloud-controller-ip-address>:8443/\n"
5452
msgstr ""
5453
5454
#: serverguide/C/virtualization.xml:1495(para)
5455
msgid ""
5456
"You must use a secure connection, so make sure you use \"https\" not "
5457
"\"http\" in your URL. You will get a security certificate warning. You will "
5458
"have to add an exception to view the page. If you do not accept it you will "
5459
"not be able to view the Eucalyptus configuration page."
5460
msgstr ""
5461
5462
#: serverguide/C/virtualization.xml:1503(para)
5463
msgid ""
5464
"Use username <emphasis>'admin'</emphasis> and password "
5465
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5466
"to change your password)."
5467
msgstr ""
5468
5469
#: serverguide/C/virtualization.xml:1509(para)
5470
msgid ""
5471
"Then follow the on-screen instructions to update the admin password and "
5472
"email address."
5473
msgstr ""
5474
5475
#: serverguide/C/virtualization.xml:1514(para)
5476
msgid ""
5477
"Once the first time configuration process is completed, click the "
5478
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5479
"the screen."
5480
msgstr ""
5481
5482
#: serverguide/C/virtualization.xml:1520(para)
5483
msgid ""
5484
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5485
"certificates."
5486
msgstr ""
5487
5488
#: serverguide/C/virtualization.xml:1525(para)
5489
msgid "Save them to <filename>~/.euca</filename>."
5490
msgstr ""
5491
5492
#: serverguide/C/virtualization.xml:1530(para)
5493
msgid ""
5494
"Unzip the downloaded zip file into a safe location "
5495
"(<filename>~/.euca</filename>)."
5496
msgstr ""
5497
5498
#: serverguide/C/virtualization.xml:1534(command)
5499
msgid "unzip -d ~/.euca mycreds.zip"
5500
msgstr ""
5501
5502
#: serverguide/C/virtualization.xml:1541(title)
5503
msgid "From a Command Line"
5504
msgstr ""
5505
5506
#: serverguide/C/virtualization.xml:1545(para)
5507
msgid ""
5508
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5509
"Controller</emphasis>, you can run:"
5510
msgstr ""
5511
5512
#: serverguide/C/virtualization.xml:1549(command)
5513
msgid "mkdir -p ~/.euca"
5514
msgstr ""
5515
5516
#: serverguide/C/virtualization.xml:1550(command)
5517
msgid "chmod 700 ~/.euca"
5518
msgstr ""
5519
5520
#: serverguide/C/virtualization.xml:1551(command)
5521
msgid "cd ~/.euca"
5522
msgstr ""
5523
5524
#: serverguide/C/virtualization.xml:1552(command)
5525
msgid "sudo euca_conf --get-credentials mycreds.zip"
5526
msgstr ""
5527
5528
#: serverguide/C/virtualization.xml:1553(command)
5529
msgid "unzip mycreds.zip"
5530
msgstr ""
5531
5532
#: serverguide/C/virtualization.xml:1554(command)
5533
msgid "cd -"
5534
msgstr ""
5535
5536
#: serverguide/C/virtualization.xml:1561(title)
5537
msgid "Extracting and Using Your Credentials"
5538
msgstr ""
5539
5540
#: serverguide/C/virtualization.xml:1563(para)
5541
msgid ""
5542
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5543
"certificates."
5544
msgstr ""
5545
5546
#: serverguide/C/virtualization.xml:1569(para)
5547
msgid ""
5548
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5549
"Eucalyptus environment:"
5550
msgstr ""
5551
5552
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5553
msgid ". ~/.euca/eucarc"
5554
msgstr ""
5555
5556
#: serverguide/C/virtualization.xml:1577(para)
5557
msgid ""
5558
"You may additionally wish to add this command to your "
5559
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5560
"set up automatically when you log in. Eucalyptus treats this set of "
5561
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5562
"the holder global privileges across the cloud. As such, they should be "
5563
"protected in the same way that other elevated-priority access is protected "
5564
"(e.g. should not be made visible to the general user population)."
5565
msgstr ""
5566
5567
#: serverguide/C/virtualization.xml:1584(command)
5568
msgid ""
5569
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5570
msgstr ""
5571
5572
#: serverguide/C/virtualization.xml:1588(para)
5573
msgid "Install the required cloud user tools:"
5574
msgstr ""
5575
5576
#: serverguide/C/virtualization.xml:1592(command)
5577
msgid "sudo apt-get install euca2ools"
5578
msgstr ""
5579
5580
#: serverguide/C/virtualization.xml:1596(para)
5581
msgid ""
5582
"To validate that everything is working correctly, get the local cluster "
5583
"availability details:"
5584
msgstr ""
5585
5586
#: serverguide/C/virtualization.xml:1601(command)
5587
msgid "euca-describe-availability-zones verbose"
5588
msgstr ""
5589
5590
#: serverguide/C/virtualization.xml:1602(computeroutput)
5591
#, no-wrap
5592
msgid ""
5593
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5594
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5595
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5596
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5597
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5598
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5599
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5600
msgstr ""
5601
5602
#: serverguide/C/virtualization.xml:1612(para)
5603
msgid "Your output from the above command will vary."
5604
msgstr ""
5605
5606
#: serverguide/C/virtualization.xml:1622(title)
5607
msgid "Running an Image"
5608
msgstr ""
5609
5610
#: serverguide/C/virtualization.xml:1624(para)
5611
msgid "There are multiple ways to instantiate an image in UEC:"
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:1629(para)
5615
msgid "Use the command line."
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:1630(para)
5619
msgid ""
5620
"Use one of the UEC compatible management tools such as "
5621
"<emphasis>Landscape</emphasis>."
5622
msgstr ""
5623
5624
#: serverguide/C/virtualization.xml:1632(para)
5625
msgid ""
5626
"Use the <ulink "
5627
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5628
"extension to Firefox."
5629
msgstr ""
5630
5631
#: serverguide/C/virtualization.xml:1638(para)
5632
msgid "Here we will describe the process from the command line:"
5633
msgstr ""
5634
5635
#: serverguide/C/virtualization.xml:1644(para)
5636
msgid ""
5637
"Before running an instance of your image, you should first create a "
5638
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5639
"instance as root, once it boots. The key is stored, so you will only have to "
5640
"do this once."
5641
msgstr ""
5642
5643
#: serverguide/C/virtualization.xml:1648(para)
5644
msgid "Run the following command:"
5645
msgstr ""
5646
5647
#: serverguide/C/virtualization.xml:1651(programlisting)
5648
#, no-wrap
5649
msgid ""
5650
"\n"
5651
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5652
" touch ~/.euca/mykey.priv\n"
5653
" chmod 0600 ~/.euca/mykey.priv\n"
5654
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5655
"fi\n"
5656
msgstr ""
5657
5658
#: serverguide/C/virtualization.xml:1659(para)
5659
msgid ""
5660
"You can call your key whatever you like (in this example, the key is called "
5661
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5662
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5663
"a list of created keys stored in the system."
5664
msgstr ""
5665
5666
#: serverguide/C/virtualization.xml:1666(para)
5667
msgid "You must also allow access to port 22 in your instances:"
5668
msgstr ""
5669
5670
#: serverguide/C/virtualization.xml:1670(command)
5671
msgid "euca-describe-groups"
5672
msgstr ""
5673
5674
#: serverguide/C/virtualization.xml:1671(command)
5675
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5676
msgstr ""
5677
5678
#: serverguide/C/virtualization.xml:1675(para)
5679
msgid "Next, you can create instances of your registered image:"
5680
msgstr ""
5681
5682
#: serverguide/C/virtualization.xml:1679(command)
5683
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
5684
msgstr ""
5685
5686
#: serverguide/C/virtualization.xml:1682(para)
5687
msgid ""
5688
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5689
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5690
"on the <emphasis>Store</emphasis> page to see the sample command."
5691
msgstr ""
5692
5693
#: serverguide/C/virtualization.xml:1689(para)
5694
msgid ""
5695
"The first time you run an instance, the system will be setting up caches for "
5696
"the image from which it will be created. This can often take some time the "
5697
"first time an instance is run given that VM images are usually quite large."
5698
msgstr ""
5699
5700
#: serverguide/C/virtualization.xml:1693(para)
5701
msgid "To monitor the state of your instance, run:"
5702
msgstr ""
5703
5704
#: serverguide/C/virtualization.xml:1697(command)
5705
msgid "watch -n5 euca-describe-instances"
5706
msgstr ""
5707
5708
#: serverguide/C/virtualization.xml:1699(para)
5709
msgid ""
5710
"In the output, you should see information about the instance, including its "
5711
"state. While first-time caching is being performed, the instance's state "
5712
"will be <emphasis>'pending'</emphasis>."
5713
msgstr ""
5714
5715
#: serverguide/C/virtualization.xml:1705(para)
5716
msgid ""
5717
"When the instance is fully started, the above state will become "
5718
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5719
"instance in the output, then connect to it:"
5720
msgstr ""
5721
5722
#: serverguide/C/virtualization.xml:1710(command)
5723
msgid ""
5724
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5725
"'{print $4}')"
5726
msgstr ""
5727
5728
#: serverguide/C/virtualization.xml:1711(command)
5729
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5730
msgstr ""
5731
5732
#: serverguide/C/virtualization.xml:1715(para)
5733
msgid ""
5734
"And when you are done with this instance, exit your SSH connection, then "
5735
"terminate your instance:"
5736
msgstr ""
5737
5738
#: serverguide/C/virtualization.xml:1719(command)
5739
msgid ""
5740
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5741
"awk '{print $2}')"
5742
msgstr ""
5743
5744
#: serverguide/C/virtualization.xml:1720(command)
5745
msgid "euca-terminate-instances $INSTANCEID"
5746
msgstr ""
5747
5748
#: serverguide/C/virtualization.xml:1727(title)
5749
msgid "Install an Image from the Store"
5750
msgstr ""
5751
5752
#: serverguide/C/virtualization.xml:1729(para)
5753
msgid ""
5754
"The following is by far the simplest way to install an image. However, "
5755
"advanced users may be interested in learning how to <ulink "
5756
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5757
"own image</ulink>."
5758
msgstr ""
5759
5760
#: serverguide/C/virtualization.xml:1734(para)
5761
msgid ""
5762
"The simplest way to add an image to <application>UEC</application> is to "
5763
"install it from the Image Store on the UEC web interface."
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1740(para)
5767
msgid ""
5768
"Access the web interface at the following URL (Make sure you specify https):"
5769
msgstr ""
5770
5771
#: serverguide/C/virtualization.xml:1748(para)
5772
msgid ""
5773
"Enter your login and password (if requested, as you may still be logged in "
5774
"from earlier)."
5775
msgstr ""
5776
5777
#: serverguide/C/virtualization.xml:1753(para)
5778
msgid "Click on the <emphasis>Store</emphasis> tab."
5779
msgstr ""
5780
5781
#: serverguide/C/virtualization.xml:1758(para)
5782
msgid "Browse available images."
5783
msgstr ""
5784
5785
#: serverguide/C/virtualization.xml:1763(para)
5786
msgid "Click on <emphasis>install</emphasis> for the image you want."
5787
msgstr ""
5788
5789
#: serverguide/C/virtualization.xml:1769(para)
5790
msgid ""
5791
"Once the image has been downloaded and installed, you can click on "
5792
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5793
"button to view the command to execute to instantiate (start) this image. The "
5794
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5795
"tab."
5796
msgstr ""
5797
5798
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
5799
msgid "More Information"
5800
msgstr ""
5801
5802
#: serverguide/C/virtualization.xml:1779(para)
5803
msgid ""
5804
"How to use the <ulink "
5805
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
5806
"Controller</ulink>"
5807
msgstr ""
5808
5809
#: serverguide/C/virtualization.xml:1783(para)
5810
msgid "Controlling eucalyptus services:"
5811
msgstr ""
5812
5813
#: serverguide/C/virtualization.xml:1788(para)
5814
msgid ""
5815
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
5816
msgstr ""
5817
5818
#: serverguide/C/virtualization.xml:1789(para)
5819
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
5820
msgstr ""
5821
5822
#: serverguide/C/virtualization.xml:1792(para)
5823
msgid "Locations of some important files:"
5824
msgstr ""
5825
5826
#: serverguide/C/virtualization.xml:1799(emphasis)
5827
msgid "Log files:"
5828
msgstr ""
5829
5830
#: serverguide/C/virtualization.xml:1802(para)
5831
msgid "/var/log/eucalyptus"
5832
msgstr ""
5833
5834
#: serverguide/C/virtualization.xml:1807(emphasis)
5835
msgid "Configuration files:"
5836
msgstr ""
5837
5838
#: serverguide/C/virtualization.xml:1810(para)
5839
msgid "/etc/eucalyptus"
5840
msgstr ""
5841
5842
#: serverguide/C/virtualization.xml:1815(emphasis)
5843
msgid "Database:"
5844
msgstr ""
5845
5846
#: serverguide/C/virtualization.xml:1818(para)
5847
msgid "/var/lib/eucalyptus/db"
5848
msgstr ""
5849
5850
#: serverguide/C/virtualization.xml:1823(emphasis)
5851
msgid "Keys:"
5852
msgstr ""
5853
5854
#: serverguide/C/virtualization.xml:1826(para)
5855
msgid "/var/lib/eucalyptus"
5856
msgstr ""
5857
5858
#: serverguide/C/virtualization.xml:1827(para)
5859
msgid "/var/lib/eucalyptus/.ssh"
5860
msgstr ""
5861
5862
#: serverguide/C/virtualization.xml:1833(para)
5863
msgid ""
5864
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
5865
"running the client tools."
5866
msgstr ""
5867
5868
#: serverguide/C/virtualization.xml:1844(para)
5176
5869
msgid ""
5177
5870
"For information on loading instances see the <ulink "
5178
5871
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5179
5872
"page."
5180
5873
msgstr ""
5181
5874
5182
#: serverguide/C/virtualization.xml:1317(para)
5875
#: serverguide/C/virtualization.xml:1849(para)
5876
msgid ""
5877
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
5878
"documentation, downloads)</ulink>."
5879
msgstr ""
5880
5881
#: serverguide/C/virtualization.xml:1854(para)
5882
msgid ""
5883
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
5884
"(bugs, code)</ulink>."
5885
msgstr ""
5886
5887
#: serverguide/C/virtualization.xml:1859(para)
5888
msgid ""
5889
"<ulink "
5890
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
5891
"ptus Troubleshooting (1.5)</ulink>."
5892
msgstr ""
5893
5894
#: serverguide/C/virtualization.xml:1864(para)
5895
msgid ""
5896
"<ulink url=\"http://support.rightscale.com/2._References/02-"
5897
"Cloud_Infrastructures/Eucalyptus/03-"
5898
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
5899
"RightScale</ulink>."
5900
msgstr ""
5901
5902
#: serverguide/C/virtualization.xml:1870(para)
5183
5903
msgid ""
5184
5904
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5185
5905
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5186
5906
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5187
5907
msgstr ""
5188
5908
5189
#: serverguide/C/virtualization.xml:1327(title)
5909
#: serverguide/C/virtualization.xml:1879(title)
5910
msgid "Glossary"
5911
msgstr ""
5912
5913
#: serverguide/C/virtualization.xml:1881(para)
5914
msgid ""
5915
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
5916
"unfamiliar to some readers. This page is intended to provide a glossary of "
5917
"such terms and acronyms."
5918
msgstr ""
5919
5920
#: serverguide/C/virtualization.xml:1888(para)
5921
msgid ""
5922
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
5923
"computing resources through virtual machines, provisioned and recollected "
5924
"dynamically."
5925
msgstr ""
5926
5927
#: serverguide/C/virtualization.xml:1894(para)
5928
msgid ""
5929
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
5930
"provides the web UI (an https server on port 8443), and implements the "
5931
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
5932
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
5933
"cloud</application> package."
5934
msgstr ""
5935
5936
#: serverguide/C/virtualization.xml:1901(para)
5937
msgid ""
5938
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
5939
"Cluster Controller. There can be more than one Cluster in an installation of "
5940
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
5941
"floor2, floor2)."
5942
msgstr ""
5943
5944
#: serverguide/C/virtualization.xml:1907(para)
5945
msgid ""
5946
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
5947
"manages collections of node resources. This service is provided by the "
5948
"Ubuntu <application>eucalyptus-cc</application> package."
5949
msgstr ""
5950
5951
#: serverguide/C/virtualization.xml:1913(para)
5952
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
5953
msgstr ""
5954
5955
#: serverguide/C/virtualization.xml:1918(para)
5956
msgid ""
5957
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
5958
"pay-by-the-gigabyte public cloud computing offering."
5959
msgstr ""
5960
5961
#: serverguide/C/virtualization.xml:1923(para)
5962
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
5963
msgstr ""
5964
5965
#: serverguide/C/virtualization.xml:1928(para)
5966
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
5967
msgstr ""
5968
5969
#: serverguide/C/virtualization.xml:1933(para)
5970
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
5971
msgstr ""
5972
5973
#: serverguide/C/virtualization.xml:1938(para)
5974
msgid ""
5975
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
5976
"Linking Your Programs To Useful Systems. An open source project originally "
5977
"from the University of California at Santa Barbara, now supported by "
5978
"Eucalyptus Systems, a Canonical Partner."
5979
msgstr ""
5980
5981
#: serverguide/C/virtualization.xml:1945(para)
5982
msgid ""
5983
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
5984
"the high level Eucalyptus components (cloud, walrus, storage controller, "
5985
"cluster controller)."
5986
msgstr ""
5987
5988
#: serverguide/C/virtualization.xml:1951(para)
5989
msgid ""
5990
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
5991
"running virtual machines, running a node controller. Within Ubuntu, this "
5992
"generally means that the CPU has VT extensions, and can run the KVM "
5993
"hypervisor."
5994
msgstr ""
5995
5996
#: serverguide/C/virtualization.xml:1957(para)
5997
msgid ""
5998
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
5999
"on nodes which host the virtual machines that comprise the cloud. This "
6000
"service is provided by the Ubuntu package <application>eucalyptus-"
6001
"nc</application>."
6002
msgstr ""
6003
6004
#: serverguide/C/virtualization.xml:1963(para)
6005
msgid ""
6006
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6007
"gigabyte persistent storage solution for EC2."
6008
msgstr ""
6009
6010
#: serverguide/C/virtualization.xml:1968(para)
6011
msgid ""
6012
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6013
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6014
"installation can have its own Storage Controller. This component is provided "
6015
"by the <application>eucalyptus-sc</application> package."
6016
msgstr ""
6017
6018
#: serverguide/C/virtualization.xml:1975(para)
6019
msgid ""
6020
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6021
"solution, based on Eucalyptus."
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1980(para)
6025
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6026
msgstr ""
6027
6028
#: serverguide/C/virtualization.xml:1985(para)
6029
msgid ""
6030
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6031
"some modern CPUs, allowing for accelerated virtual machine hosting."
6032
msgstr ""
6033
6034
#: serverguide/C/virtualization.xml:1990(para)
6035
msgid ""
6036
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6037
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6038
"put/get abstractions."
6039
msgstr ""
6040
6041
#: serverguide/C/virtualization.xml:2000(title)
5190
6042
msgid "OpenNebula"
5191
6043
msgstr ""
5192
6044
5193
#: serverguide/C/virtualization.xml:1329(para)
6045
#: serverguide/C/virtualization.xml:2002(para)
5194
6046
msgid ""
5195
6047
"<application>OpenNebula</application> allows virtual machines to be placed "
5196
6048
"and re-placed dynamically on a pool of physical resources. This allows a "
5197
6049
"virtual machine to be hosted from any location available."
5198
6050
msgstr ""
5199
6051
5200
#: serverguide/C/virtualization.xml:1334(para)
6052
#: serverguide/C/virtualization.xml:2007(para)
5201
6053
msgid ""
5202
6054
"This section will detail configuring an OpenNebula cluster using three "
5203
6055
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
5206
6058
"local network. For details see <xref linkend=\"bridging\"/>."
5207
6059
msgstr ""
5208
6060
5209
#: serverguide/C/virtualization.xml:1343(para)
6061
#: serverguide/C/virtualization.xml:2016(para)
5210
6062
msgid "First, from a terminal on the Front-End enter:"
5211
6063
msgstr ""
5212
6064
5213
#: serverguide/C/virtualization.xml:1348(command)
6065
#: serverguide/C/virtualization.xml:2021(command)
5214
6066
msgid "sudo apt-get install opennebula"
5215
6067
msgstr ""
5216
6068
5217
#: serverguide/C/virtualization.xml:1351(para)
6069
#: serverguide/C/virtualization.xml:2024(para)
5218
6070
msgid "On each Compute Node install:"
5219
6071
msgstr ""
5220
6072
5221
#: serverguide/C/virtualization.xml:1356(command)
6073
#: serverguide/C/virtualization.xml:2029(command)
5222
6074
msgid "sudo apt-get install opennebula-node"
5223
6075
msgstr ""
5224
6076
5225
#: serverguide/C/virtualization.xml:1359(para)
6077
#: serverguide/C/virtualization.xml:2032(para)
5226
6078
msgid ""
5227
6079
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
5228
6080
"to have a password. On each machine execute:"
5229
6081
msgstr ""
5230
6082
5231
#: serverguide/C/virtualization.xml:1364(command)
6083
#: serverguide/C/virtualization.xml:2037(command)
5232
6084
msgid "sudo passwd oneadmin"
5233
6085
msgstr ""
5234
6086
5235
#: serverguide/C/virtualization.xml:1367(para)
6087
#: serverguide/C/virtualization.xml:2040(para)
5236
6088
msgid ""
5237
6089
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
5238
6090
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
5239
6091
msgstr ""
5240
6092
5241
#: serverguide/C/virtualization.xml:1372(command)
6093
#: serverguide/C/virtualization.xml:2045(command)
5242
6094
msgid ""
5243
6095
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5244
6096
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
5245
6097
msgstr ""
5246
6098
5247
#: serverguide/C/virtualization.xml:1373(command)
6099
#: serverguide/C/virtualization.xml:2046(command)
5248
6100
msgid ""
5249
6101
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5250
6102
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
5251
6103
msgstr ""
5252
6104
5253
#: serverguide/C/virtualization.xml:1374(command)
6105
#: serverguide/C/virtualization.xml:2047(command)
5254
6106
msgid ""
5255
6107
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
5256
6108
"/var/lib/one/.ssh/authorized_keys\""
5257
6109
msgstr ""
5258
6110
5259
#: serverguide/C/virtualization.xml:1377(para)
6111
#: serverguide/C/virtualization.xml:2050(para)
5260
6112
msgid ""
5261
6113
"The SSH key for the Compute Nodes needs to be added to the "
5262
6114
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
5267
6119
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
5268
6120
msgstr ""
5269
6121
5270
#: serverguide/C/virtualization.xml:1384(command)
6122
#: serverguide/C/virtualization.xml:2057(command)
5271
6123
msgid ""
5272
6124
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
5273
6125
"/etc/ssh/ssh_known_hosts\""
5274
6126
msgstr ""
5275
6127
5276
#: serverguide/C/virtualization.xml:1385(command)
6128
#: serverguide/C/virtualization.xml:2058(command)
5277
6129
msgid ""
5278
6130
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
5279
6131
"/etc/ssh/ssh_known_hosts\""
5280
6132
msgstr ""
5281
6133
5282
#: serverguide/C/virtualization.xml:1389(para)
6134
#: serverguide/C/virtualization.xml:2062(para)
5283
6135
msgid ""
5284
6136
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
5285
6137
"appropriate host names."
5286
6138
msgstr ""
5287
6139
5288
#: serverguide/C/virtualization.xml:1394(para)
6140
#: serverguide/C/virtualization.xml:2067(para)
5289
6141
msgid ""
5290
6142
"This allows the <emphasis>oneadmin</emphasis> to use "
5291
6143
"<application>scp</application>, without a password or manual intervention, "
5292
6144
"to deploy an image to the Compute Nodes."
5293
6145
msgstr ""
5294
6146
5295
#: serverguide/C/virtualization.xml:1399(para)
6147
#: serverguide/C/virtualization.xml:2072(para)
5296
6148
msgid ""
5297
6149
"On the Front-End create a directory to store the VM images, giving the "
5298
6150
"<emphasis>oneadmin</emphasis> user access to the directory:"
5299
6151
msgstr ""
5300
6152
5301
#: serverguide/C/virtualization.xml:1404(command)
6153
#: serverguide/C/virtualization.xml:2077(command)
5302
6154
msgid "sudo mkdir /var/lib/one/images"
5303
6155
msgstr ""
5304
6156
5305
#: serverguide/C/virtualization.xml:1405(command)
6157
#: serverguide/C/virtualization.xml:2078(command)
5306
6158
msgid "sudo chown oneadmin /var/lib/one/images/"
5307
6159
msgstr ""
5308
6160
5309
#: serverguide/C/virtualization.xml:1408(para)
6161
#: serverguide/C/virtualization.xml:2081(para)
5310
6162
msgid ""
5311
6163
"Finally, copy a virtual machine disk file into "
5312
6164
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
5314
6166
"and-vmbuilder\"/> for details."
5315
6167
msgstr ""
5316
6168
5317
#: serverguide/C/virtualization.xml:1417(para)
6169
#: serverguide/C/virtualization.xml:2090(para)
5318
6170
msgid ""
5319
6171
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
5320
6172
"and virtual machines added to the cluster."
5321
6173
msgstr ""
5322
6174
5323
#: serverguide/C/virtualization.xml:1421(para)
6175
#: serverguide/C/virtualization.xml:2094(para)
5324
6176
msgid "From a terminal prompt enter:"
5325
6177
msgstr ""
5326
6178
5327
#: serverguide/C/virtualization.xml:1426(command)
6179
#: serverguide/C/virtualization.xml:2099(command)
5328
6180
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
5329
6181
msgstr ""
5330
6182
5331
#: serverguide/C/virtualization.xml:1427(command)
6183
#: serverguide/C/virtualization.xml:2100(command)
5332
6184
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
5333
6185
msgstr ""
5334
6186
5335
#: serverguide/C/virtualization.xml:1430(para)
6187
#: serverguide/C/virtualization.xml:2103(para)
5336
6188
msgid ""
5337
6189
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
5338
6190
"<filename>vnet01.template</filename>:"
5339
6191
msgstr ""
5340
6192
5341
#: serverguide/C/virtualization.xml:1434(programlisting)
6193
#: serverguide/C/virtualization.xml:2107(programlisting)
5342
6194
#, no-wrap
5343
6195
msgid ""
5344
6196
"\n"
5349
6201
"NETWORK_ADDRESS = 192.168.0.0\n"
5350
6202
msgstr ""
5351
6203
5352
#: serverguide/C/virtualization.xml:1443(para)
6204
#: serverguide/C/virtualization.xml:2116(para)
5353
6205
msgid ""
5354
6206
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
5355
6207
msgstr ""
5356
6208
5357
#: serverguide/C/virtualization.xml:1448(para)
6209
#: serverguide/C/virtualization.xml:2121(para)
5358
6210
msgid ""
5359
6211
"Using the <application>onevnet</application> utility, add the virtual "
5360
6212
"network to OpenNebula:"
5361
6213
msgstr ""
5362
6214
5363
#: serverguide/C/virtualization.xml:1453(command)
6215
#: serverguide/C/virtualization.xml:2126(command)
5364
6216
msgid "onevnet create vnet01.template"
5365
6217
msgstr ""
5366
6218
5367
#: serverguide/C/virtualization.xml:1456(para)
6219
#: serverguide/C/virtualization.xml:2129(para)
5368
6220
msgid ""
5369
6221
"Now create a <emphasis>VM Template</emphasis> file named "
5370
6222
"<filename>vm01.template</filename>:"
5371
6223
msgstr ""
5372
6224
5373
#: serverguide/C/virtualization.xml:1460(programlisting)
6225
#: serverguide/C/virtualization.xml:2133(programlisting)
5374
6226
#, no-wrap
5375
6227
msgid ""
5376
6228
"\n"
5390
6242
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
5391
6243
msgstr ""
5392
6244
5393
#: serverguide/C/virtualization.xml:1477(para)
6245
#: serverguide/C/virtualization.xml:2150(para)
5394
6246
msgid "Start the virtual machine using <application>onevm</application>:"
5395
6247
msgstr ""
5396
6248
5397
#: serverguide/C/virtualization.xml:1482(command)
6249
#: serverguide/C/virtualization.xml:2155(command)
5398
6250
msgid "onevm submit vm01.template"
5399
6251
msgstr ""
5400
6252
5401
#: serverguide/C/virtualization.xml:1485(para)
6253
#: serverguide/C/virtualization.xml:2158(para)
5402
6254
msgid ""
5403
6255
"Use the <application>onevm list</application> option to view information "
5404
6256
"about virtual machines. Also, the <application>onevm show vm01</application> "
5405
6257
"option will display more details about a specific virtual machine."
5406
6258
msgstr ""
5407
6259
5408
#: serverguide/C/virtualization.xml:1496(para)
6260
#: serverguide/C/virtualization.xml:2169(para)
5409
6261
msgid ""
5410
6262
"See the <ulink "
5411
6263
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
5412
6264
"> for more information."
5413
6265
msgstr ""
5414
6266
5415
#: serverguide/C/virtualization.xml:1501(para)
6267
#: serverguide/C/virtualization.xml:2174(para)
5416
6268
msgid ""
5417
6269
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
5418
6270
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
5419
6271
"url=\"http://freenode.net\">Freenode</ulink>."
5420
6272
msgstr ""
5421
6273
6274
#: serverguide/C/virtualization.xml:2180(para)
6275
msgid ""
6276
"Also, the <ulink "
6277
"url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
6278
"Wiki</ulink> page has more details."
6279
msgstr ""
6280
5422
6281
#: serverguide/C/vcs.xml:13(title)
5423
6282
msgid "Version Control System"
5424
6283
msgstr ""
5678
6537
#: serverguide/C/vcs.xml:206(para)
5679
6538
msgid ""
5680
6539
"To access the Subversion repository via WebDAV protocol, you must configure "
5681
"your Apache 2 web server. You must add the following snippet in your "
5682
"<filename>/etc/apache2/apache2.conf</filename> file:"
6540
"your Apache 2 web server. Add the following snippet between the "
6541
"<emphasis><VirtualHost></emphasis> and "
6542
"<emphasis></VirtualHost></emphasis> elements in "
6543
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6544
"VirtualHost file:"
5683
6545
msgstr ""
5684
6546
5685
#: serverguide/C/vcs.xml:208(programlisting)
6547
#: serverguide/C/vcs.xml:212(programlisting)
5686
6548
#, no-wrap
5687
6549
msgid ""
5688
6550
"\n"
5689
6551
" <Location /svn>\n"
5690
6552
" DAV svn\n"
5691
" SVNParentPath /home/svn\n"
6553
" SVNPath /home/svn\n"
5692
6554
" AuthType Basic\n"
5693
6555
" AuthName \"Your repository name\"\n"
5694
6556
" AuthUserFile /etc/subversion/passwd\n"
5696
6558
" </Location> \n"
5697
6559
msgstr ""
5698
6560
5699
#: serverguide/C/vcs.xml:219(para)
6561
#: serverguide/C/vcs.xml:223(para)
5700
6562
msgid ""
5701
6563
"The above configuration snippet assumes that Subversion repositories are "
5702
6564
"created under <filename>/home/svn/</filename> directory using "
5703
6565
"<command>svnadmin</command> command. They can be accessible using "
5704
"<command>htpp://hostname/svn/repos_name</command> url."
6566
"<command>http://hostname/svn/repos_name</command> url."
5705
6567
msgstr ""
5706
6568
5707
#: serverguide/C/vcs.xml:225(para)
6569
#: serverguide/C/vcs.xml:229(para)
5708
6570
msgid ""
5709
6571
"To import or commit files to your Subversion repository over HTTP, the "
5710
6572
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
5712
6574
"repository files enter the following command from terminal prompt:"
5713
6575
msgstr ""
5714
6576
5715
#: serverguide/C/vcs.xml:234(command)
6577
#: serverguide/C/vcs.xml:238(command)
5716
6578
msgid "sudo chown -R www-data:www-data /path/to/repos"
5717
6579
msgstr ""
5718
6580
5719
#: serverguide/C/vcs.xml:237(para)
6581
#: serverguide/C/vcs.xml:241(para)
5720
6582
msgid ""
5721
6583
"By changing the ownership of repository as <command>www-data</command> you "
5722
6584
"will not be able to import or commit files into the repository by running "
5724
6586
"<command>www-data</command>."
5725
6587
msgstr ""
5726
6588
5727
#: serverguide/C/vcs.xml:246(para)
6589
#: serverguide/C/vcs.xml:250(para)
5728
6590
msgid ""
5729
6591
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5730
6592
"that will contain user authentication details. To create a file issue the "
5732
6594
"the first user):"
5733
6595
msgstr ""
5734
6596
5735
#: serverguide/C/vcs.xml:252(command)
6597
#: serverguide/C/vcs.xml:256(command)
5736
6598
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5737
6599
msgstr ""
5738
6600
5739
#: serverguide/C/vcs.xml:255(para)
6601
#: serverguide/C/vcs.xml:259(para)
5740
6602
msgid ""
5741
6603
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5742
6604
"option replaces the old file. Instead use this form:"
5743
6605
msgstr ""
5744
6606
5745
#: serverguide/C/vcs.xml:260(command)
6607
#: serverguide/C/vcs.xml:264(command)
5746
6608
msgid "sudo htpasswd /etc/subversion/password user_name"
5747
6609
msgstr ""
5748
6610
5749
#: serverguide/C/vcs.xml:264(para)
6611
#: serverguide/C/vcs.xml:268(para)
5750
6612
msgid ""
5751
6613
"This command will prompt you to enter the password. Once you enter the "
5752
6614
"password, the user is added. Now, to access the repository you can run the "
5753
6615
"following command:"
5754
6616
msgstr ""
5755
6617
5756
#: serverguide/C/vcs.xml:265(command)
6618
#: serverguide/C/vcs.xml:269(command)
5757
6619
msgid "svn co http://servername/svn"
5758
6620
msgstr ""
5759
6621
5760
#: serverguide/C/vcs.xml:267(para)
6622
#: serverguide/C/vcs.xml:271(para)
5761
6623
msgid ""
5762
6624
"The password is transmitted as plain text. If you are worried about password "
5763
6625
"snooping, you are advised to use SSL encryption. For details, please refer "
5764
6626
"next section."
5765
6627
msgstr ""
5766
6628
5767
#: serverguide/C/vcs.xml:273(title)
6629
#: serverguide/C/vcs.xml:277(title)
5768
6630
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5769
6631
msgstr ""
5770
6632
5771
#: serverguide/C/vcs.xml:274(para)
6633
#: serverguide/C/vcs.xml:278(para)
5772
6634
msgid ""
5773
6635
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5774
6636
"(https://) is similar to http:// except that you must install and configure "
5779
6641
"configuration\"/>."
5780
6642
msgstr ""
5781
6643
5782
#: serverguide/C/vcs.xml:283(para)
6644
#: serverguide/C/vcs.xml:287(para)
5783
6645
msgid ""
5784
6646
"You can install a digital certificate issued by a signing authority. "
5785
6647
"Alternatively, you can install your own self-signed certificate."
5786
6648
msgstr ""
5787
6649
5788
#: serverguide/C/vcs.xml:288(para)
6650
#: serverguide/C/vcs.xml:292(para)
5789
6651
msgid ""
5790
6652
"This step assumes you have installed and configured a digital certificate in "
5791
6653
"your Apache 2 web server. Now, to access the Subversion repository, please "
5793
6655
"the protocol. You must use https:// to access the Subversion repository."
5794
6656
msgstr ""
5795
6657
5796
#: serverguide/C/vcs.xml:298(title)
6658
#: serverguide/C/vcs.xml:302(title)
5797
6659
msgid "Access via custom protocol (svn://)"
5798
6660
msgstr ""
5799
6661
5800
#: serverguide/C/vcs.xml:299(para)
6662
#: serverguide/C/vcs.xml:303(para)
5801
6663
msgid ""
5802
6664
"Once the Subversion repository is created, you can configure the access "
5803
6665
"control. You can edit the <filename> "
5806
6668
"following lines in the configuration file:"
5807
6669
msgstr ""
5808
6670
5809
#: serverguide/C/vcs.xml:306(programlisting)
6671
#: serverguide/C/vcs.xml:310(programlisting)
5810
6672
#, no-wrap
5811
6673
msgid ""
5812
6674
"# [general]\n"
5813
6675
"# password-db = passwd"
5814
6676
msgstr ""
5815
6677
5816
#: serverguide/C/vcs.xml:309(para)
6678
#: serverguide/C/vcs.xml:313(para)
5817
6679
msgid ""
5818
6680
"After uncommenting the above lines, you can maintain the user list in the "
5819
6681
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5820
6682
"directory and add the new user. The syntax is as follows:"
5821
6683
msgstr ""
5822
6684
5823
#: serverguide/C/vcs.xml:315(programlisting)
6685
#: serverguide/C/vcs.xml:319(programlisting)
5824
6686
#, no-wrap
5825
6687
msgid "username = password"
5826
6688
msgstr ""
5827
6689
5828
#: serverguide/C/vcs.xml:316(para)
6690
#: serverguide/C/vcs.xml:320(para)
5829
6691
msgid "For more details, please refer to the file."
5830
6692
msgstr ""
5831
6693
5832
#: serverguide/C/vcs.xml:320(para)
6694
#: serverguide/C/vcs.xml:324(para)
5833
6695
msgid ""
5834
6696
"Now, to access Subversion via the svn:// custom protocol, either from the "
5835
6697
"same machine or a different machine, you can run svnserver using svnserve "
5836
6698
"command. The syntax is as follows:"
5837
6699
msgstr ""
5838
6700
5839
#: serverguide/C/vcs.xml:325(programlisting)
6701
#: serverguide/C/vcs.xml:329(programlisting)
5840
6702
#, no-wrap
5841
6703
msgid ""
5842
6704
"$ svnserve -d --foreground -r /path/to/repos\n"
5848
6710
"$ svnserve --help"
5849
6711
msgstr ""
5850
6712
5851
#: serverguide/C/vcs.xml:333(para)
6713
#: serverguide/C/vcs.xml:337(para)
5852
6714
msgid ""
5853
6715
"Once you run this command, Subversion starts listening on default port "
5854
6716
"(3690). To access the project repository, you must run the following command "
5855
6717
"from a terminal prompt:"
5856
6718
msgstr ""
5857
6719
5858
#: serverguide/C/vcs.xml:336(command)
6720
#: serverguide/C/vcs.xml:340(command)
5859
6721
msgid "svn co svn://hostname/project project --username user_name"
5860
6722
msgstr ""
5861
6723
5862
#: serverguide/C/vcs.xml:339(para)
6724
#: serverguide/C/vcs.xml:343(para)
5863
6725
msgid ""
5864
6726
"Based on server configuration, it prompts for password. Once you are "
5865
6727
"authenticated, it checks out the code from Subversion repository. To "
5868
6730
"a terminal prompt, is as follows:"
5869
6731
msgstr ""
5870
6732
5871
#: serverguide/C/vcs.xml:347(command)
6733
#: serverguide/C/vcs.xml:351(command)
5872
6734
msgid "cd project_dir ; svn update"
5873
6735
msgstr ""
5874
6736
5875
#: serverguide/C/vcs.xml:350(para)
6737
#: serverguide/C/vcs.xml:354(para)
5876
6738
msgid ""
5877
6739
"For more details about using each Subversion sub-command, you can refer to "
5878
6740
"the manual. For example, to learn more about the co (checkout) command, "
5879
6741
"please run the following command from a terminal prompt:"
5880
6742
msgstr ""
5881
6743
5882
#: serverguide/C/vcs.xml:354(command)
6744
#: serverguide/C/vcs.xml:358(command)
5883
6745
msgid "svn co help"
5884
6746
msgstr ""
5885
6747
5886
#: serverguide/C/vcs.xml:358(title)
6748
#: serverguide/C/vcs.xml:362(title)
5887
6749
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
5888
6750
msgstr ""
5889
6751
5890
#: serverguide/C/vcs.xml:359(para)
6752
#: serverguide/C/vcs.xml:363(para)
5891
6753
msgid ""
5892
6754
"The configuration and server process is same as in the svn:// method. For "
5893
6755
"details, please refer to the above section. This step assumes you have "
5895
6757
"<application>svnserve</application> command."
5896
6758
msgstr ""
5897
6759
5898
#: serverguide/C/vcs.xml:365(para)
6760
#: serverguide/C/vcs.xml:369(para)
5899
6761
msgid ""
5900
6762
"It is also assumed that the ssh server is running on that machine and that "
5901
6763
"it is allowing incoming connections. To confirm, please try to login to that "
5903
6765
"login, please address it before continuing further."
5904
6766
msgstr ""
5905
6767
5906
#: serverguide/C/vcs.xml:371(para)
6768
#: serverguide/C/vcs.xml:375(para)
5907
6769
msgid ""
5908
6770
"The svn+ssh:// protocol is used to access the Subversion repository using "
5909
6771
"SSL encryption. The data transfer is encrypted using this method. To access "
5911
6773
"following command syntax:"
5912
6774
msgstr ""
5913
6775
5914
#: serverguide/C/vcs.xml:378(command)
6776
#: serverguide/C/vcs.xml:382(command)
5915
6777
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
5916
6778
msgstr ""
5917
6779
5918
#: serverguide/C/vcs.xml:382(para)
6780
#: serverguide/C/vcs.xml:386(para)
5919
6781
msgid ""
5920
6782
"You must use the full path (/path/to/repos/project) to access the Subversion "
5921
6783
"repository using this access method."
5922
6784
msgstr ""
5923
6785
5924
#: serverguide/C/vcs.xml:385(para)
6786
#: serverguide/C/vcs.xml:389(para)
5925
6787
msgid ""
5926
6788
"Based on server configuration, it prompts for password. You must enter the "
5927
6789
"password you use to login via ssh. Once you are authenticated, it checks out "
5928
6790
"the code from the Subversion repository."
5929
6791
msgstr ""
5930
6792
5931
#: serverguide/C/vcs.xml:396(title)
6793
#: serverguide/C/vcs.xml:399(title)
5932
6794
msgid "CVS Server"
5933
6795
msgstr ""
5934
6796
5935
#: serverguide/C/vcs.xml:397(para)
6797
#: serverguide/C/vcs.xml:400(para)
5936
6798
msgid ""
5937
6799
"CVS is a version control system. You can use it to record the history of "
5938
6800
"source files."
5939
6801
msgstr ""
5940
6802
5941
#: serverguide/C/vcs.xml:403(para)
6803
#: serverguide/C/vcs.xml:406(para)
5942
6804
msgid ""
5943
6805
"To install <application>CVS</application>, run the following command from a "
5944
6806
"terminal prompt: <screen>\n"
5951
6813
"</screen>"
5952
6814
msgstr ""
5953
6815
5954
#: serverguide/C/vcs.xml:436(programlisting)
6816
#: serverguide/C/vcs.xml:439(programlisting)
5955
6817
#, no-wrap
5956
6818
msgid ""
5957
6819
"\n"
5969
6831
"}\n"
5970
6832
msgstr ""
5971
6833
5972
#: serverguide/C/vcs.xml:452(para)
6834
#: serverguide/C/vcs.xml:455(para)
5973
6835
msgid ""
5974
6836
"Be sure to edit the repository if you have changed the default repository "
5975
6837
"(<application>/var/lib/cvs</application>) directory."
5976
6838
msgstr ""
5977
6839
5978
#: serverguide/C/vcs.xml:421(para)
6840
#: serverguide/C/vcs.xml:424(para)
5979
6841
msgid ""
5980
6842
"Once you install cvs, the repository will be automatically initialized. By "
5981
6843
"default, the repository resides under the "
5992
6854
"</screen>"
5993
6855
msgstr ""
5994
6856
5995
#: serverguide/C/vcs.xml:465(para)
6857
#: serverguide/C/vcs.xml:468(para)
5996
6858
msgid ""
5997
6859
"You can confirm that the CVS server is running by issuing the following "
5998
6860
"command:"
5999
6861
msgstr ""
6000
6862
6001
#: serverguide/C/vcs.xml:472(command)
6863
#: serverguide/C/vcs.xml:475(command)
6002
6864
msgid "sudo netstat -tap | grep cvs"
6003
6865
msgstr ""
6004
6866
6005
#: serverguide/C/vcs.xml:476(para) serverguide/C/databases.xml:65(para)
6867
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
6006
6868
msgid ""
6007
6869
"When you run this command, you should see the following line or something "
6008
6870
"similar:"
6009
6871
msgstr ""
6010
6872
6011
#: serverguide/C/vcs.xml:481(programlisting)
6873
#: serverguide/C/vcs.xml:484(programlisting)
6012
6874
#, no-wrap
6013
6875
msgid ""
6014
6876
"\n"
6015
6877
"tcp 0 0 *:cvspserver *:* LISTEN \n"
6016
6878
msgstr ""
6017
6879
6018
#: serverguide/C/vcs.xml:485(para)
6880
#: serverguide/C/vcs.xml:488(para)
6019
6881
msgid ""
6020
6882
"From here you can continue to add users, add new projects, and manage the "
6021
6883
"CVS server."
6022
6884
msgstr ""
6023
6885
6024
#: serverguide/C/vcs.xml:490(para)
6886
#: serverguide/C/vcs.xml:493(para)
6025
6887
msgid ""
6026
6888
"CVS allows the user to add users independently of the underlying OS "
6027
6889
"installation. Probably the easiest way is to use the Linux Users for CVS, "
6029
6891
"for details."
6030
6892
msgstr ""
6031
6893
6032
#: serverguide/C/vcs.xml:500(title)
6894
#: serverguide/C/vcs.xml:503(title)
6033
6895
msgid "Add Projects"
6034
6896
msgstr ""
6035
6897
6036
#: serverguide/C/vcs.xml:512(para)
6898
#: serverguide/C/vcs.xml:515(para)
6037
6899
msgid ""
6038
6900
"You can use the CVSROOT environment variable to store the CVS root "
6039
6901
"directory. Once you export the CVSROOT environment variable, you can avoid "
6040
6902
"using -d option in the above cvs command."
6041
6903
msgstr ""
6042
6904
6043
#: serverguide/C/vcs.xml:524(para)
6905
#: serverguide/C/vcs.xml:527(para)
6044
6906
msgid ""
6045
6907
"When you add a new project, the CVS user you use must have write access to "
6046
6908
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
6049
6911
"manage projects in the CVS repository."
6050
6912
msgstr ""
6051
6913
6052
#: serverguide/C/vcs.xml:501(para)
6914
#: serverguide/C/vcs.xml:504(para)
6053
6915
msgid ""
6054
6916
"This section explains how to add new project to the CVS repository. Create "
6055
6917
"the directory and add necessary document and source files to the directory. "
6064
6926
"<placeholder-2/>"
6065
6927
msgstr ""
6066
6928
6067
#: serverguide/C/vcs.xml:537(ulink)
6929
#: serverguide/C/vcs.xml:540(ulink)
6068
6930
msgid "Bazaar Home Page"
6069
6931
msgstr ""
6070
6932
6071
#: serverguide/C/vcs.xml:538(ulink)
6933
#: serverguide/C/vcs.xml:541(ulink)
6072
6934
msgid "Launchpad"
6073
6935
msgstr ""
6074
6936
6075
#: serverguide/C/vcs.xml:539(ulink)
6937
#: serverguide/C/vcs.xml:542(ulink)
6076
6938
msgid "Subversion Home Page"
6077
6939
msgstr ""
6078
6940
6079
#: serverguide/C/vcs.xml:540(ulink)
6941
#: serverguide/C/vcs.xml:543(ulink)
6080
6942
msgid "Subversion Book"
6081
6943
msgstr ""
6082
6944
6083
#: serverguide/C/vcs.xml:542(ulink)
6945
#: serverguide/C/vcs.xml:545(ulink)
6084
6946
msgid "CVS Manual"
6085
6947
msgstr ""
6086
6948
6949
#: serverguide/C/vcs.xml:546(ulink)
6950
msgid "Easy Bazaar Ubuntu Wiki page"
6951
msgstr ""
6952
6953
#: serverguide/C/vcs.xml:547(ulink)
6954
msgid "Ubuntu Wiki Subversion page"
6955
msgstr ""
6956
6087
6957
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
6088
6958
msgid "Credits and License"
6089
6959
msgstr ""
6161
7031
#: serverguide/C/security.xml:17(para)
6162
7032
msgid ""
6163
7033
"This chapter provides an overview of security related topics as they pertain "
6164
"to Ubuntu 9.10 Server Edition, and outlines simple measures you may use to "
6165
"protect your server and network from any number of potential security "
7034
"to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
7035
"to protect your server and network from any number of potential security "
6166
7036
"threats."
6167
7037
msgstr ""
6168
7038
6729
7599
"To disable the reboot action taken by pressing the "
6730
7600
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6731
7601
"eycombo> key combination, comment out the following line in the file "
6732
"<filename>/etc/event.d/control-alt-delete</filename>."
7602
"<filename>/etc/init/control-alt-delete.conf</filename>."
6733
7603
msgstr ""
6734
7604
6735
7605
#: serverguide/C/security.xml:343(programlisting)
6736
7606
#, no-wrap
6737
7607
msgid ""
6738
7608
"\n"
6739
"#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
6740
msgstr ""
6741
6742
#: serverguide/C/security.xml:350(title)
6743
msgid "GRUB Password Security"
6744
msgstr ""
6745
6746
#: serverguide/C/security.xml:351(para)
6747
msgid ""
6748
"Ubuntu installs GNU GRUB as its default boot loader, which allows for great "
6749
"flexibility and recovery options. For example, when you install additional "
6750
"kernel images, these are automatically added as available boot options in "
6751
"the <application>grub</application> menu. Also, by default, alternate boot "
6752
"options are available for each kernel entry that may be used for system "
6753
"recovery, aptly labeled (recovery mode). Recovery mode simply boots the "
6754
"corresponding kernel image into single user mode (init 1), which lands the "
6755
"administrator at a root prompt without the need for any password."
6756
msgstr ""
6757
6758
#: serverguide/C/security.xml:354(para)
6759
msgid ""
6760
"Therefore, it is important to control who may edit the "
6761
"<application>grub</application> menu items which, would otherwise allow for "
6762
"someone to perform the following dangerous actions:"
6763
msgstr ""
6764
6765
#: serverguide/C/security.xml:359(para)
6766
msgid "Pass kernel options at boot up."
6767
msgstr ""
6768
6769
#: serverguide/C/security.xml:364(para)
6770
msgid "Boot the server into single user mode."
6771
msgstr ""
6772
6773
#: serverguide/C/security.xml:369(para)
6774
msgid ""
6775
"You can prevent these actions by adding a password to GRUB's configuration "
6776
"file of <filename>/boot/grub/menu.lst</filename>, which will be required to "
6777
"unlock GRUB's more advanced features prior to use."
6778
msgstr ""
6779
6780
#: serverguide/C/security.xml:374(para)
6781
msgid ""
6782
"To add a password for use with <application>grub</application>, first you "
6783
"must generate an md5 password hash using the <application>grub-md5-"
6784
"crypt</application> utility:"
6785
msgstr ""
6786
6787
#: serverguide/C/security.xml:378(command)
6788
msgid "grub-md5-crypt"
6789
msgstr ""
6790
6791
#: serverguide/C/security.xml:380(para)
6792
msgid ""
6793
"The command will ask you to enter a password and offer a resulting hash "
6794
"value as shown below:"
6795
msgstr ""
6796
6797
#: serverguide/C/security.xml:383(userinput)
6798
#, no-wrap
6799
msgid "(enter new password)"
6800
msgstr ""
6801
6802
#: serverguide/C/security.xml:384(userinput)
6803
#, no-wrap
6804
msgid "(repeat password)"
6805
msgstr ""
6806
6807
#: serverguide/C/security.xml:383(computeroutput)
6808
#, no-wrap
6809
msgid ""
6810
"Password: <placeholder-1/>\n"
6811
"Retype password: <placeholder-2/>\n"
6812
"$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6813
msgstr ""
6814
6815
#: serverguide/C/security.xml:389(para)
6816
msgid ""
6817
"Add the resulting hash value to the file "
6818
"<filename>/boot/grub/menu.lst</filename> in the following format:"
6819
msgstr ""
6820
6821
#: serverguide/C/security.xml:392(programlisting)
6822
#, no-wrap
6823
msgid "password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6824
msgstr ""
6825
6826
#: serverguide/C/security.xml:395(para)
6827
msgid ""
6828
"To require use of the password for entering single user mode, change the "
6829
"value of the <varname>lockalternative</varname> variable in the file "
6830
"<filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as "
6831
"shown in the following example."
6832
msgstr ""
6833
6834
#: serverguide/C/security.xml:398(programlisting)
6835
#, no-wrap
6836
msgid "# lockalternative=true"
6837
msgstr ""
6838
6839
#: serverguide/C/security.xml:402(para)
6840
msgid ""
6841
"This does not prevent someone from booting the server from alternate media. "
6842
"A determined attacker would simply boot into an alternate environment, "
6843
"overwrite your master boot record, mount or copy your physical volumes, "
6844
"destroy your data, or anything else they can imagine. Please explore other "
6845
"countermeasures that may help you with these types of attacks."
6846
msgstr ""
6847
6848
#: serverguide/C/security.xml:410(title)
7609
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7610
msgstr ""
7611
7612
#: serverguide/C/security.xml:352(title)
6849
7613
msgid "Firewall"
6850
7614
msgstr ""
6851
7615
6852
#: serverguide/C/security.xml:413(para)
7616
#: serverguide/C/security.xml:355(para)
6853
7617
msgid ""
6854
7618
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6855
7619
"which is used to manipulate or decide the fate of network traffic headed "
6857
7621
"system for packet filtering."
6858
7622
msgstr ""
6859
7623
6860
#: serverguide/C/security.xml:418(para)
7624
#: serverguide/C/security.xml:360(para)
6861
7625
msgid ""
6862
7626
"The kernel's packet filtering system would be of little use to "
6863
7627
"administrators without a userspace interface to manage it. This is the "
6868
7632
"but many frontends are available to simplify the task."
6869
7633
msgstr ""
6870
7634
6871
#: serverguide/C/security.xml:428(title)
7635
#: serverguide/C/security.xml:370(title)
6872
7636
msgid "ufw - Uncomplicated Firewall"
6873
7637
msgstr ""
6874
7638
6875
#: serverguide/C/security.xml:429(para)
7639
#: serverguide/C/security.xml:371(para)
6876
7640
msgid ""
6877
7641
"The default firewall configuration tool for Ubuntu is "
6878
7642
"<application>ufw</application>. Developed to ease iptables firewall "
6880
7644
"to create an IPv4 or IPv6 host-based firewall."
6881
7645
msgstr ""
6882
7646
6883
#: serverguide/C/security.xml:433(para)
7647
#: serverguide/C/security.xml:375(para)
6884
7648
msgid ""
6885
7649
"<application>ufw</application> by default is initially disabled. From the "
6886
7650
"<application>ufw</application> man page:"
6887
7651
msgstr ""
6888
7652
6889
#: serverguide/C/security.xml:437(quote)
7653
#: serverguide/C/security.xml:379(quote)
6890
7654
msgid ""
6891
7655
"ufw is not intended to provide complete firewall functionality via its "
6892
7656
"command interface, but instead provides an easy way to add or remove simple "
6893
7657
"rules. It is currently mainly used for host-based firewalls."
6894
7658
msgstr ""
6895
7659
6896
#: serverguide/C/security.xml:441(para)
7660
#: serverguide/C/security.xml:383(para)
6897
7661
msgid ""
6898
7662
"The following are some examples of how to use <application>ufw</application>:"
6899
7663
msgstr ""
6900
7664
6901
#: serverguide/C/security.xml:446(para)
7665
#: serverguide/C/security.xml:388(para)
6902
7666
msgid ""
6903
7667
"First, <application>ufw</application> needs to be enabled. From a terminal "
6904
7668
"prompt enter:"
6905
7669
msgstr ""
6906
7670
6907
#: serverguide/C/security.xml:450(command)
7671
#: serverguide/C/security.xml:392(command)
6908
7672
msgid "sudo ufw enable"
6909
7673
msgstr ""
6910
7674
6911
#: serverguide/C/security.xml:454(para)
7675
#: serverguide/C/security.xml:396(para)
6912
7676
msgid "To open a port (ssh in this example):"
6913
7677
msgstr ""
6914
7678
6915
#: serverguide/C/security.xml:458(command)
7679
#: serverguide/C/security.xml:400(command)
6916
7680
msgid "sudo ufw allow 22"
6917
7681
msgstr ""
6918
7682
6919
#: serverguide/C/security.xml:462(para)
7683
#: serverguide/C/security.xml:404(para)
6920
7684
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6921
7685
msgstr ""
6922
7686
6923
#: serverguide/C/security.xml:466(command)
7687
#: serverguide/C/security.xml:408(command)
6924
7688
msgid "sudo ufw insert 1 allow 80"
6925
7689
msgstr ""
6926
7690
6927
#: serverguide/C/security.xml:470(para)
7691
#: serverguide/C/security.xml:412(para)
6928
7692
msgid "Similarly, to close an opened port:"
6929
7693
msgstr ""
6930
7694
6931
#: serverguide/C/security.xml:474(command)
7695
#: serverguide/C/security.xml:416(command)
6932
7696
msgid "sudo ufw deny 22"
6933
7697
msgstr ""
6934
7698
6935
#: serverguide/C/security.xml:478(para)
7699
#: serverguide/C/security.xml:420(para)
6936
7700
msgid "To remove a rule, use delete followed by the rule:"
6937
7701
msgstr ""
6938
7702
6939
#: serverguide/C/security.xml:482(command)
7703
#: serverguide/C/security.xml:424(command)
6940
7704
msgid "sudo ufw delete deny 22"
6941
7705
msgstr ""
6942
7706
6943
#: serverguide/C/security.xml:486(para)
7707
#: serverguide/C/security.xml:428(para)
6944
7708
msgid ""
6945
7709
"It is also possible to allow access from specific hosts or networks to a "
6946
7710
"port. The following example allows ssh access from host 192.168.0.2 to any "
6947
7711
"ip address on this host:"
6948
7712
msgstr ""
6949
7713
6950
#: serverguide/C/security.xml:491(command)
7714
#: serverguide/C/security.xml:433(command)
6951
7715
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6952
7716
msgstr ""
6953
7717
6954
#: serverguide/C/security.xml:493(para)
7718
#: serverguide/C/security.xml:435(para)
6955
7719
msgid ""
6956
7720
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6957
7721
"subnet."
6958
7722
msgstr ""
6959
7723
6960
#: serverguide/C/security.xml:499(para)
7724
#: serverguide/C/security.xml:441(para)
6961
7725
msgid ""
6962
7726
"Adding the <emphasis>--dry-run</emphasis> option to a "
6963
7727
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6965
7729
"the HTTP port:"
6966
7730
msgstr ""
6967
7731
6968
#: serverguide/C/security.xml:505(command)
7732
#: serverguide/C/security.xml:447(command)
6969
7733
msgid "sudo ufw --dry-run allow http"
6970
7734
msgstr ""
6971
7735
6972
#: serverguide/C/security.xml:509(computeroutput)
7736
#: serverguide/C/security.xml:451(computeroutput)
6973
7737
#, no-wrap
6974
7738
msgid ""
6975
7739
"*filter\n"
6995
7759
"Rules updated"
6996
7760
msgstr ""
6997
7761
6998
#: serverguide/C/security.xml:533(para)
7762
#: serverguide/C/security.xml:475(para)
6999
7763
msgid "<application>ufw</application> can be disabled by:"
7000
7764
msgstr ""
7001
7765
7002
#: serverguide/C/security.xml:537(command)
7766
#: serverguide/C/security.xml:479(command)
7003
7767
msgid "sudo ufw disable"
7004
7768
msgstr ""
7005
7769
7006
#: serverguide/C/security.xml:541(para)
7770
#: serverguide/C/security.xml:483(para)
7007
7771
msgid "To see the firewall status, enter:"
7008
7772
msgstr ""
7009
7773
7010
#: serverguide/C/security.xml:545(command)
7774
#: serverguide/C/security.xml:487(command)
7011
7775
msgid "sudo ufw status"
7012
7776
msgstr ""
7013
7777
7014
#: serverguide/C/security.xml:549(para)
7778
#: serverguide/C/security.xml:491(para)
7015
7779
msgid "And for more verbose status information use:"
7016
7780
msgstr ""
7017
7781
7018
#: serverguide/C/security.xml:553(command)
7782
#: serverguide/C/security.xml:495(command)
7019
7783
msgid "sudo ufw status verbose"
7020
7784
msgstr ""
7021
7785
7022
#: serverguide/C/security.xml:557(para)
7786
#: serverguide/C/security.xml:499(para)
7023
7787
msgid "To view the <emphasis>numbered</emphasis> format:"
7024
7788
msgstr ""
7025
7789
7026
#: serverguide/C/security.xml:561(command)
7790
#: serverguide/C/security.xml:503(command)
7027
7791
msgid "sudo ufw status numbered"
7028
7792
msgstr ""
7029
7793
7030
#: serverguide/C/security.xml:566(para)
7794
#: serverguide/C/security.xml:508(para)
7031
7795
msgid ""
7032
7796
"If the port you want to open or close is defined in "
7033
7797
"<filename>/etc/services</filename>, you can use the port name instead of the "
7035
7799
"<emphasis>ssh</emphasis>."
7036
7800
msgstr ""
7037
7801
7038
#: serverguide/C/security.xml:572(para)
7802
#: serverguide/C/security.xml:514(para)
7039
7803
msgid ""
7040
7804
"This is a quick introduction to using <application>ufw</application>. Please "
7041
7805
"refer to the <application>ufw</application> man page for more information."
7042
7806
msgstr ""
7043
7807
7044
#: serverguide/C/security.xml:578(title)
7808
#: serverguide/C/security.xml:520(title)
7045
7809
msgid "ufw Application Integration"
7046
7810
msgstr ""
7047
7811
7048
#: serverguide/C/security.xml:580(para)
7812
#: serverguide/C/security.xml:522(para)
7049
7813
msgid ""
7050
7814
"Applications that open ports can include an <application>ufw</application> "
7051
7815
"profile, which details the ports needed for the application to function "
7054
7818
"the default ports have been changed."
7055
7819
msgstr ""
7056
7820
7057
#: serverguide/C/security.xml:589(para)
7821
#: serverguide/C/security.xml:531(para)
7058
7822
msgid ""
7059
7823
"To view which applications have installed a profile, enter the following in "
7060
7824
"a terminal:"
7061
7825
msgstr ""
7062
7826
7063
#: serverguide/C/security.xml:594(command)
7827
#: serverguide/C/security.xml:536(command)
7064
7828
msgid "sudo ufw app list"
7065
7829
msgstr ""
7066
7830
7067
#: serverguide/C/security.xml:600(para)
7831
#: serverguide/C/security.xml:542(para)
7068
7832
msgid ""
7069
7833
"Similar to allowing traffic to a port, using an application profile is "
7070
7834
"accomplished by entering:"
7071
7835
msgstr ""
7072
7836
7073
#: serverguide/C/security.xml:605(command)
7837
#: serverguide/C/security.xml:547(command)
7074
7838
msgid "sudo ufw allow Samba"
7075
7839
msgstr ""
7076
7840
7077
#: serverguide/C/security.xml:611(para)
7841
#: serverguide/C/security.xml:553(para)
7078
7842
msgid "An extended syntax is available as well:"
7079
7843
msgstr ""
7080
7844
7081
#: serverguide/C/security.xml:616(command)
7845
#: serverguide/C/security.xml:558(command)
7082
7846
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7083
7847
msgstr ""
7084
7848
7085
#: serverguide/C/security.xml:619(para)
7849
#: serverguide/C/security.xml:561(para)
7086
7850
msgid ""
7087
7851
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7088
7852
"with the application profile you are using and the IP range for your network."
7089
7853
msgstr ""
7090
7854
7091
#: serverguide/C/security.xml:625(para)
7855
#: serverguide/C/security.xml:567(para)
7092
7856
msgid ""
7093
7857
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7094
7858
"application, because that information is detailed in the profile. Also, note "
7096
7860
"<emphasis>port</emphasis> number."
7097
7861
msgstr ""
7098
7862
7099
#: serverguide/C/security.xml:634(para)
7863
#: serverguide/C/security.xml:576(para)
7100
7864
msgid ""
7101
7865
"To view details about which ports, protocols, etc are defined for an "
7102
7866
"application, enter:"
7103
7867
msgstr ""
7104
7868
7105
#: serverguide/C/security.xml:639(command)
7869
#: serverguide/C/security.xml:581(command)
7106
7870
msgid "sudo ufw app info Samba"
7107
7871
msgstr ""
7108
7872
7109
#: serverguide/C/security.xml:645(para)
7873
#: serverguide/C/security.xml:587(para)
7110
7874
msgid ""
7111
7875
"Not all applications that require opening a network port come with "
7112
7876
"<application>ufw</application> profiles, but if you have profiled an "
7115
7879
"url=\"https://launchpad.net/\">Launchpad</ulink>."
7116
7880
msgstr ""
7117
7881
7118
#: serverguide/C/security.xml:654(title)
7882
#: serverguide/C/security.xml:596(title)
7119
7883
msgid "IP Masquerading"
7120
7884
msgstr ""
7121
7885
7122
#: serverguide/C/security.xml:655(para)
7886
#: serverguide/C/security.xml:597(para)
7123
7887
msgid ""
7124
7888
"The purpose of IP Masquerading is to allow machines with private, non-"
7125
7889
"routable IP addresses on your network to access the Internet through the "
7136
7900
"to in Microsoft documentation as Internet Connection Sharing."
7137
7901
msgstr ""
7138
7902
7139
#: serverguide/C/security.xml:671(title)
7903
#: serverguide/C/security.xml:613(title)
7140
7904
msgid "ufw Masquerading"
7141
7905
msgstr ""
7142
7906
7143
#: serverguide/C/security.xml:672(para)
7907
#: serverguide/C/security.xml:614(para)
7144
7908
msgid ""
7145
7909
"IP Masquerading can be achieved using custom <application>ufw</application> "
7146
7910
"rules. This is possible because the current back-end for "
7151
7915
"that are more network gateway or bridge related."
7152
7916
msgstr ""
7153
7917
7154
#: serverguide/C/security.xml:678(para)
7918
#: serverguide/C/security.xml:620(para)
7155
7919
msgid ""
7156
7920
"The rules are split into two different files, rules that should be executed "
7157
7921
"before <application>ufw</application> command line rules, and rules that are "
7158
7922
"executed after <application>ufw</application> command line rules."
7159
7923
msgstr ""
7160
7924
7161
#: serverguide/C/security.xml:684(para)
7925
#: serverguide/C/security.xml:626(para)
7162
7926
msgid ""
7163
7927
"First, packet forwarding needs to be enabled in "
7164
7928
"<application>ufw</application>. Two configuration files will need to be "
7166
7930
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
7167
7931
msgstr ""
7168
7932
7169
#: serverguide/C/security.xml:688(programlisting)
7933
#: serverguide/C/security.xml:630(programlisting)
7170
7934
#, no-wrap
7171
7935
msgid ""
7172
7936
"\n"
7173
7937
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
7174
7938
msgstr ""
7175
7939
7176
#: serverguide/C/security.xml:691(para)
7940
#: serverguide/C/security.xml:633(para)
7177
7941
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
7178
7942
msgstr ""
7179
7943
7180
#: serverguide/C/security.xml:694(programlisting)
7944
#: serverguide/C/security.xml:636(programlisting)
7181
7945
#, no-wrap
7182
7946
msgid ""
7183
7947
"\n"
7184
7948
"net/ipv4/ip_forward=1\n"
7185
7949
msgstr ""
7186
7950
7187
#: serverguide/C/security.xml:697(para)
7951
#: serverguide/C/security.xml:639(para)
7188
7952
msgid "Similarly, for IPv6 forwarding uncomment:"
7189
7953
msgstr ""
7190
7954
7191
#: serverguide/C/security.xml:700(programlisting)
7955
#: serverguide/C/security.xml:642(programlisting)
7192
7956
#, no-wrap
7193
7957
msgid ""
7194
7958
"\n"
7195
7959
"net/ipv6/conf/default/forwarding=1\n"
7196
7960
msgstr ""
7197
7961
7198
#: serverguide/C/security.xml:705(para)
7962
#: serverguide/C/security.xml:647(para)
7199
7963
msgid ""
7200
7964
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
7201
7965
"file. The default rules only configure the <emphasis>filter</emphasis> "
7204
7968
"the header comments:"
7205
7969
msgstr ""
7206
7970
7207
#: serverguide/C/security.xml:710(programlisting)
7971
#: serverguide/C/security.xml:652(programlisting)
7208
7972
#, no-wrap
7209
7973
msgid ""
7210
7974
"\n"
7220
7984
"COMMIT\n"
7221
7985
msgstr ""
7222
7986
7223
#: serverguide/C/security.xml:721(para)
7987
#: serverguide/C/security.xml:663(para)
7224
7988
msgid ""
7225
7989
"The comments are not strictly necessary, but it is considered good practice "
7226
7990
"to document your configuration. Also, when modifying any of the "
7229
7993
"line for each table modified:"
7230
7994
msgstr ""
7231
7995
7232
#: serverguide/C/security.xml:727(programlisting)
7996
#: serverguide/C/security.xml:669(programlisting)
7233
7997
#, no-wrap
7234
7998
msgid ""
7235
7999
"\n"
7237
8001
"COMMIT\n"
7238
8002
msgstr ""
7239
8003
7240
#: serverguide/C/security.xml:732(para)
8004
#: serverguide/C/security.xml:674(para)
7241
8005
msgid ""
7242
8006
"For each <emphasis>Table</emphasis> a corresponding "
7243
8007
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
7246
8010
"<emphasis>mangle</emphasis> tables."
7247
8011
msgstr ""
7248
8012
7249
#: serverguide/C/security.xml:739(para)
8013
#: serverguide/C/security.xml:681(para)
7250
8014
msgid ""
7251
8015
"In the above example replace <emphasis>eth0</emphasis>, "
7252
8016
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
7253
8017
"appropriate interfaces and IP range for your network."
7254
8018
msgstr ""
7255
8019
7256
#: serverguide/C/security.xml:747(para)
8020
#: serverguide/C/security.xml:689(para)
7257
8021
msgid ""
7258
8022
"Finally, disable and re-enable <application>ufw</application> to apply the "
7259
8023
"changes:"
7260
8024
msgstr ""
7261
8025
7262
#: serverguide/C/security.xml:751(command)
8026
#: serverguide/C/security.xml:693(command)
7263
8027
msgid "sudo ufw disable && sudo ufw enable"
7264
8028
msgstr ""
7265
8029
7266
#: serverguide/C/security.xml:755(para)
8030
#: serverguide/C/security.xml:697(para)
7267
8031
msgid ""
7268
8032
"IP Masquerading should now be enabled. You can also add any additional "
7269
8033
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
7271
8035
"forward</emphasis> chain."
7272
8036
msgstr ""
7273
8037
7274
#: serverguide/C/security.xml:762(title)
8038
#: serverguide/C/security.xml:704(title)
7275
8039
msgid "iptables Masquerading"
7276
8040
msgstr ""
7277
8041
7278
#: serverguide/C/security.xml:763(para)
8042
#: serverguide/C/security.xml:705(para)
7279
8043
msgid ""
7280
8044
"<application>iptables</application> can also be used to enable masquerading."
7281
8045
msgstr ""
7282
8046
7283
#: serverguide/C/security.xml:768(para)
8047
#: serverguide/C/security.xml:710(para)
7284
8048
msgid ""
7285
8049
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
7286
8050
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
7287
8051
"uncomment the following line"
7288
8052
msgstr ""
7289
8053
7290
#: serverguide/C/security.xml:772(programlisting)
8054
#: serverguide/C/security.xml:714(programlisting)
7291
8055
#, no-wrap
7292
8056
msgid ""
7293
8057
"\n"
7294
8058
"net.ipv4.ip_forward=1\n"
7295
8059
msgstr ""
7296
8060
7297
#: serverguide/C/security.xml:775(para)
8061
#: serverguide/C/security.xml:717(para)
7298
8062
msgid "If you wish to enable IPv6 forwarding also uncomment:"
7299
8063
msgstr ""
7300
8064
7301
#: serverguide/C/security.xml:778(programlisting)
8065
#: serverguide/C/security.xml:720(programlisting)
7302
8066
#, no-wrap
7303
8067
msgid ""
7304
8068
"\n"
7305
8069
"net.ipv6.conf.default.forwarding=1\n"
7306
8070
msgstr ""
7307
8071
7308
#: serverguide/C/security.xml:783(para)
8072
#: serverguide/C/security.xml:725(para)
7309
8073
msgid ""
7310
8074
"Next, execute the <application>sysctl</application> command to enable the "
7311
8075
"new settings in the configuration file:"
7312
8076
msgstr ""
7313
8077
7314
#: serverguide/C/security.xml:787(command)
8078
#: serverguide/C/security.xml:729(command)
7315
8079
msgid "sudo sysctl -p"
7316
8080
msgstr ""
7317
8081
7318
#: serverguide/C/security.xml:791(para)
8082
#: serverguide/C/security.xml:733(para)
7319
8083
msgid ""
7320
8084
"IP Masquerading can now be accomplished with a single iptables rule, which "
7321
8085
"may differ slightly based on your network configuration:"
7322
8086
msgstr ""
7323
8087
7324
#: serverguide/C/security.xml:794(screen)
8088
#: serverguide/C/security.xml:736(screen)
7325
8089
#, no-wrap
7326
8090
msgid ""
7327
8091
"\n"
7328
8092
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7329
8093
msgstr ""
7330
8094
7331
#: serverguide/C/security.xml:797(para)
8095
#: serverguide/C/security.xml:739(para)
7332
8096
msgid ""
7333
8097
"The above command assumes that your private address space is 192.168.0.0/16 "
7334
8098
"and that your Internet-facing device is ppp0. The syntax is broken down as "
7335
8099
"follows:"
7336
8100
msgstr ""
7337
8101
7338
#: serverguide/C/security.xml:802(para)
8102
#: serverguide/C/security.xml:744(para)
7339
8103
msgid "-t nat -- the rule is to go into the nat table"
7340
8104
msgstr ""
7341
8105
7342
#: serverguide/C/security.xml:803(para)
8106
#: serverguide/C/security.xml:745(para)
7343
8107
msgid ""
7344
8108
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
7345
8109
msgstr ""
7346
8110
7347
#: serverguide/C/security.xml:804(para)
8111
#: serverguide/C/security.xml:746(para)
7348
8112
msgid ""
7349
8113
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
7350
8114
"specified address space"
7351
8115
msgstr ""
7352
8116
7353
#: serverguide/C/security.xml:805(para)
8117
#: serverguide/C/security.xml:747(para)
7354
8118
msgid ""
7355
8119
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
7356
8120
"specified network device"
7357
8121
msgstr ""
7358
8122
7359
#: serverguide/C/security.xml:807(para)
8123
#: serverguide/C/security.xml:749(para)
7360
8124
msgid ""
7361
8125
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
7362
8126
"MASQUERADE target to be manipulated as described above"
7363
8127
msgstr ""
7364
8128
7365
#: serverguide/C/security.xml:815(para)
8129
#: serverguide/C/security.xml:757(para)
7366
8130
msgid ""
7367
8131
"Also, each chain in the filter table (the default table, and where most or "
7368
8132
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7372
8136
"above rule to work:"
7373
8137
msgstr ""
7374
8138
7375
#: serverguide/C/security.xml:822(screen)
8139
#: serverguide/C/security.xml:764(screen)
7376
8140
#, no-wrap
7377
8141
msgid ""
7378
8142
"\n"
7381
8145
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
7382
8146
msgstr ""
7383
8147
7384
#: serverguide/C/security.xml:826(para)
8148
#: serverguide/C/security.xml:768(para)
7385
8149
msgid ""
7386
8150
"The above commands will allow all connections from your local network to the "
7387
8151
"Internet and all traffic related to those connections to return to the "
7388
8152
"machine that initiated them."
7389
8153
msgstr ""
7390
8154
7391
#: serverguide/C/security.xml:833(para)
8155
#: serverguide/C/security.xml:775(para)
7392
8156
msgid ""
7393
8157
"If you want masquerading to be enabled on reboot, which you probably do, "
7394
8158
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
7395
8159
"example add the first command with no filtering:"
7396
8160
msgstr ""
7397
8161
7398
#: serverguide/C/security.xml:837(screen)
8162
#: serverguide/C/security.xml:779(screen)
7399
8163
#, no-wrap
7400
8164
msgid ""
7401
8165
"\n"
7402
8166
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7403
8167
msgstr ""
7404
8168
7405
#: serverguide/C/security.xml:845(title)
8169
#: serverguide/C/security.xml:787(title)
7406
8170
msgid "Logs"
7407
8171
msgstr ""
7408
8172
7409
#: serverguide/C/security.xml:846(para)
8173
#: serverguide/C/security.xml:788(para)
7410
8174
msgid ""
7411
8175
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7412
8176
"firewall rules, and noticing unusual activity on your network. You must "
7416
8180
"REJECT)."
7417
8181
msgstr ""
7418
8182
7419
#: serverguide/C/security.xml:853(para)
8183
#: serverguide/C/security.xml:795(para)
7420
8184
msgid ""
7421
8185
"If you are using <application>ufw</application>, you can turn on logging by "
7422
8186
"entering the following in a terminal:"
7423
8187
msgstr ""
7424
8188
7425
#: serverguide/C/security.xml:857(command)
8189
#: serverguide/C/security.xml:799(command)
7426
8190
msgid "sudo ufw logging on"
7427
8191
msgstr ""
7428
8192
7429
#: serverguide/C/security.xml:859(para)
8193
#: serverguide/C/security.xml:801(para)
7430
8194
msgid ""
7431
8195
"To turn logging off in <application>ufw</application>, simply replace "
7432
8196
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7433
8197
"role=\"italic\">off</emphasis> in the above command."
7434
8198
msgstr ""
7435
8199
7436
#: serverguide/C/security.xml:862(para)
8200
#: serverguide/C/security.xml:804(para)
7437
8201
msgid ""
7438
8202
"If using <application>iptables</application> instead of "
7439
8203
"<application>ufw</application>, enter:"
7440
8204
msgstr ""
7441
8205
7442
#: serverguide/C/security.xml:865(screen)
8206
#: serverguide/C/security.xml:807(screen)
7443
8207
#, no-wrap
7444
8208
msgid ""
7445
8209
"\n"
7447
8211
"prefix \"NEW_HTTP_CONN: \"\n"
7448
8212
msgstr ""
7449
8213
7450
#: serverguide/C/security.xml:868(para)
8214
#: serverguide/C/security.xml:810(para)
7451
8215
msgid ""
7452
8216
"A request on port 80 from the local machine, then, would generate a log in "
7453
8217
"dmesg that looks like this:"
7454
8218
msgstr ""
7455
8219
7456
#: serverguide/C/security.xml:873(programlisting)
8220
#: serverguide/C/security.xml:815(programlisting)
7457
8221
#, no-wrap
7458
8222
msgid ""
7459
8223
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
7462
8226
"WINDOW=32767 RES=0x00 SYN URGP=0"
7463
8227
msgstr ""
7464
8228
7465
#: serverguide/C/security.xml:875(para)
8229
#: serverguide/C/security.xml:817(para)
7466
8230
msgid ""
7467
8231
"The above log will also appear in <filename>/var/log/messages</filename>, "
7468
8232
"<filename>/var/log/syslog</filename>, and "
7478
8242
"<application> fwlogwatch</application>, or <application>lire</application>."
7479
8243
msgstr ""
7480
8244
7481
#: serverguide/C/security.xml:890(title)
8245
#: serverguide/C/security.xml:832(title)
7482
8246
msgid "Other Tools"
7483
8247
msgstr ""
7484
8248
7485
#: serverguide/C/security.xml:891(para)
8249
#: serverguide/C/security.xml:833(para)
7486
8250
msgid ""
7487
8251
"There are many tools available to help you construct a complete firewall "
7488
8252
"without intimate knowledge of iptables. For the GUI-inclined:"
7489
8253
msgstr ""
7490
8254
7491
#: serverguide/C/security.xml:897(para)
8255
#: serverguide/C/security.xml:839(para)
7492
8256
msgid ""
7493
8257
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
7494
8258
"popular and easy to use."
7495
8259
msgstr ""
7496
8260
7497
#: serverguide/C/security.xml:902(para)
8261
#: serverguide/C/security.xml:844(para)
7498
8262
msgid ""
7499
8263
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7500
8264
"and will look familiar to an administrator who has used a commercial "
7501
8265
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7502
8266
msgstr ""
7503
8267
7504
#: serverguide/C/security.xml:908(para)
8268
#: serverguide/C/security.xml:850(para)
7505
8269
msgid ""
7506
8270
"If you prefer a command-line tool with plain-text configuration files:"
7507
8271
msgstr ""
7508
8272
7509
#: serverguide/C/security.xml:913(para)
8273
#: serverguide/C/security.xml:855(para)
7510
8274
msgid ""
7511
8275
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7512
8276
"powerful solution to help you configure an advanced firewall for any network."
7513
8277
msgstr ""
7514
8278
7515
#: serverguide/C/security.xml:919(para)
8279
#: serverguide/C/security.xml:861(para)
7516
8280
msgid ""
7517
8281
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
7518
8282
"a working firewall \"out of the box\" with zero configuration, and will "
7520
8284
"documented configuration files."
7521
8285
msgstr ""
7522
8286
7523
#: serverguide/C/security.xml:926(para)
8287
#: serverguide/C/security.xml:868(para)
7524
8288
msgid ""
7525
8289
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
7526
8290
"designed to be a desktop firewall application. It is made up of a server "
7528
8292
"like many popular interactive firewall applications for Windows."
7529
8293
msgstr ""
7530
8294
7531
#: serverguide/C/security.xml:938(para)
8295
#: serverguide/C/security.xml:880(para)
7532
8296
msgid ""
7533
8297
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
7534
8298
"Firewall</ulink> wiki page contains information on the development of "
7535
8299
"<application>ufw</application>."
7536
8300
msgstr ""
7537
8301
7538
#: serverguide/C/security.xml:944(para)
8302
#: serverguide/C/security.xml:886(para)
7539
8303
msgid ""
7540
8304
"Also, the <application>ufw</application> manual page contains some very "
7541
8305
"useful information: <command>man ufw</command>."
7542
8306
msgstr ""
7543
8307
7544
#: serverguide/C/security.xml:949(para)
8308
#: serverguide/C/security.xml:891(para)
7545
8309
msgid ""
7546
8310
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7547
8311
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7548
8312
"on using <application>iptables</application>."
7549
8313
msgstr ""
7550
8314
7551
#: serverguide/C/security.xml:955(para)
8315
#: serverguide/C/security.xml:897(para)
7552
8316
msgid ""
7553
8317
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7554
8318
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7555
8319
msgstr ""
7556
8320
7557
#: serverguide/C/security.xml:964(title)
8321
#: serverguide/C/security.xml:903(para)
8322
msgid ""
8323
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8324
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8325
msgstr ""
8326
8327
#: serverguide/C/security.xml:911(title)
7558
8328
msgid "AppArmor"
7559
8329
msgstr ""
7560
8330
7561
#: serverguide/C/security.xml:965(para)
8331
#: serverguide/C/security.xml:912(para)
7562
8332
msgid ""
7563
8333
"<application>AppArmor</application> is a Linux Security Module "
7564
8334
"implementation of name-based mandatory access controls. AppArmor confines "
7566
8336
"capabilities."
7567
8337
msgstr ""
7568
8338
7569
#: serverguide/C/security.xml:969(para)
8339
#: serverguide/C/security.xml:916(para)
7570
8340
msgid ""
7571
8341
"<application>AppArmor</application> is installed and loaded by default. It "
7572
8342
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7575
8345
"<application>apparmor-profiles</application> package."
7576
8346
msgstr ""
7577
8347
7578
#: serverguide/C/security.xml:974(para)
8348
#: serverguide/C/security.xml:921(para)
7579
8349
msgid ""
7580
8350
"To install the <application>apparmor-profiles</application> package from a "
7581
8351
"terminal prompt:"
7582
8352
msgstr ""
7583
8353
7584
#: serverguide/C/security.xml:980(para)
8354
#: serverguide/C/security.xml:927(para)
7585
8355
msgid "AppArmor profiles have two modes of execution:"
7586
8356
msgstr ""
7587
8357
7588
#: serverguide/C/security.xml:985(para)
8358
#: serverguide/C/security.xml:932(para)
7589
8359
msgid ""
7590
8360
"Complaining/Learning: profile violations are permitted and logged. Useful "
7591
8361
"for testing and developing new profiles."
7592
8362
msgstr ""
7593
8363
7594
#: serverguide/C/security.xml:990(para)
8364
#: serverguide/C/security.xml:937(para)
7595
8365
msgid ""
7596
8366
"Enforced/Confined: enforces profile policy as well as logging the violation."
7597
8367
msgstr ""
7598
8368
7599
#: serverguide/C/security.xml:996(title)
8369
#: serverguide/C/security.xml:943(title)
7600
8370
msgid "Using AppArmor"
7601
8371
msgstr ""
7602
8372
7603
#: serverguide/C/security.xml:997(para)
8373
#: serverguide/C/security.xml:944(para)
7604
8374
msgid ""
7605
8375
"The <application>apparmor-utils</application> package contains command line "
7606
8376
"utilities that you can use to change the <application>AppArmor</application> "
7607
8377
"execution mode, find the status of a profile, create new profiles, etc."
7608
8378
msgstr ""
7609
8379
7610
#: serverguide/C/security.xml:1003(para)
8380
#: serverguide/C/security.xml:950(para)
7611
8381
msgid ""
7612
8382
"<application>apparmor_status</application> is used to view the current "
7613
8383
"status of AppArmor profiles."
7614
8384
msgstr ""
7615
8385
7616
#: serverguide/C/security.xml:1007(command)
8386
#: serverguide/C/security.xml:954(command)
7617
8387
msgid "sudo apparmor_status"
7618
8388
msgstr ""
7619
8389
7620
#: serverguide/C/security.xml:1011(para)
8390
#: serverguide/C/security.xml:958(para)
7621
8391
msgid ""
7622
8392
"<application>aa-complain</application> places a profile into "
7623
8393
"<emphasis>complain</emphasis> mode."
7624
8394
msgstr ""
7625
8395
7626
#: serverguide/C/security.xml:1015(command)
8396
#: serverguide/C/security.xml:962(command)
7627
8397
msgid "sudo aa-complain /path/to/bin"
7628
8398
msgstr ""
7629
8399
7630
#: serverguide/C/security.xml:1019(para)
8400
#: serverguide/C/security.xml:966(para)
7631
8401
msgid ""
7632
8402
"<application>aa-enforce</application> places a profile into "
7633
8403
"<emphasis>enforce</emphasis> mode."
7634
8404
msgstr ""
7635
8405
7636
#: serverguide/C/security.xml:1023(command)
8406
#: serverguide/C/security.xml:970(command)
7637
8407
msgid "sudo aa-enforce /path/to/bin"
7638
8408
msgstr ""
7639
8409
7640
#: serverguide/C/security.xml:1027(para)
8410
#: serverguide/C/security.xml:974(para)
7641
8411
msgid ""
7642
8412
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7643
8413
"profiles are located. It can be used to manipulate the "
7644
8414
"<emphasis>mode</emphasis> of all profiles."
7645
8415
msgstr ""
7646
8416
7647
#: serverguide/C/security.xml:1031(para)
8417
#: serverguide/C/security.xml:978(para)
7648
8418
msgid "Enter the following to place all profiles into complain mode:"
7649
8419
msgstr ""
7650
8420
7651
#: serverguide/C/security.xml:1035(command)
8421
#: serverguide/C/security.xml:982(command)
7652
8422
msgid "sudo aa-complain /etc/apparmor.d/*"
7653
8423
msgstr ""
7654
8424
7655
#: serverguide/C/security.xml:1037(para)
8425
#: serverguide/C/security.xml:984(para)
7656
8426
msgid "To place all profiles in enforce mode:"
7657
8427
msgstr ""
7658
8428
7659
#: serverguide/C/security.xml:1041(command)
8429
#: serverguide/C/security.xml:988(command)
7660
8430
msgid "sudo aa-enforce /etc/apparmor.d/*"
7661
8431
msgstr ""
7662
8432
7663
#: serverguide/C/security.xml:1045(para)
8433
#: serverguide/C/security.xml:992(para)
7664
8434
msgid ""
7665
8435
"<application>apparmor_parser</application> is used to load a profile into "
7666
8436
"the kernel. It can also be used to reload a currently loaded profile using "
7667
8437
"the <emphasis>-r</emphasis> option. To load a profile:"
7668
8438
msgstr ""
7669
8439
7670
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
8440
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7671
8441
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7672
8442
msgstr ""
7673
8443
7674
#: serverguide/C/security.xml:1052(para)
8444
#: serverguide/C/security.xml:999(para)
7675
8445
msgid "To reload a profile:"
7676
8446
msgstr ""
7677
8447
7678
#: serverguide/C/security.xml:1056(command)
8448
#: serverguide/C/security.xml:1003(command)
7679
8449
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7680
8450
msgstr ""
7681
8451
7682
#: serverguide/C/security.xml:1060(para)
8452
#: serverguide/C/security.xml:1007(para)
7683
8453
msgid ""
7684
8454
"<filename>/etc/init.d/apparmor</filename> can be used to "
7685
8455
"<emphasis>reload</emphasis> all profiles:"
7686
8456
msgstr ""
7687
8457
7688
#: serverguide/C/security.xml:1064(command)
8458
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
7689
8459
msgid "sudo /etc/init.d/apparmor reload"
7690
8460
msgstr ""
7691
8461
7692
#: serverguide/C/security.xml:1068(para)
8462
#: serverguide/C/security.xml:1015(para)
7693
8463
msgid ""
7694
8464
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7695
8465
"with the <application>apparmor_parser -R</application> option to "
7696
8466
"<emphasis>disable</emphasis> a profile."
7697
8467
msgstr ""
7698
8468
7699
#: serverguide/C/security.xml:1073(command)
8469
#: serverguide/C/security.xml:1020(command)
7700
8470
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7701
8471
msgstr ""
7702
8472
7703
#: serverguide/C/security.xml:1074(command)
8473
#: serverguide/C/security.xml:1021(command)
7704
8474
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7705
8475
msgstr ""
7706
8476
7707
#: serverguide/C/security.xml:1076(para)
8477
#: serverguide/C/security.xml:1023(para)
7708
8478
msgid ""
7709
8479
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7710
8480
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7711
8481
"load the profile using the <emphasis>-a</emphasis> option."
7712
8482
msgstr ""
7713
8483
7714
#: serverguide/C/security.xml:1081(command)
8484
#: serverguide/C/security.xml:1028(command)
7715
8485
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7716
8486
msgstr ""
7717
8487
7718
#: serverguide/C/security.xml:1086(para)
8488
#: serverguide/C/security.xml:1033(para)
7719
8489
msgid ""
7720
8490
"<application>AppArmor</application> can be disabled, and the kernel module "
7721
8491
"unloaded by entering the following:"
7722
8492
msgstr ""
7723
8493
7724
#: serverguide/C/security.xml:1090(command)
8494
#: serverguide/C/security.xml:1037(command)
7725
8495
msgid "sudo /etc/init.d/apparmor stop"
7726
8496
msgstr ""
7727
8497
7728
#: serverguide/C/security.xml:1091(command)
8498
#: serverguide/C/security.xml:1038(command)
7729
8499
msgid "sudo update-rc.d -f apparmor remove"
7730
8500
msgstr ""
7731
8501
7732
#: serverguide/C/security.xml:1095(para)
8502
#: serverguide/C/security.xml:1042(para)
7733
8503
msgid "To re-enable <application>AppArmor</application> enter:"
7734
8504
msgstr ""
7735
8505
7736
#: serverguide/C/security.xml:1099(command)
8506
#: serverguide/C/security.xml:1046(command)
7737
8507
msgid "sudo /etc/init.d/apparmor start"
7738
8508
msgstr ""
7739
8509
7740
#: serverguide/C/security.xml:1100(command)
8510
#: serverguide/C/security.xml:1047(command)
7741
8511
msgid "sudo update-rc.d apparmor defaults"
7742
8512
msgstr ""
7743
8513
7744
#: serverguide/C/security.xml:1105(para)
8514
#: serverguide/C/security.xml:1052(para)
7745
8515
msgid ""
7746
8516
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7747
8517
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7749
8519
"<application>ping</application> command use <filename>/bin/ping</filename>"
7750
8520
msgstr ""
7751
8521
7752
#: serverguide/C/security.xml:1113(title)
8522
#: serverguide/C/security.xml:1060(title)
7753
8523
msgid "Profiles"
7754
8524
msgstr ""
7755
8525
7756
#: serverguide/C/security.xml:1114(para)
8526
#: serverguide/C/security.xml:1061(para)
7757
8527
msgid ""
7758
8528
"<application>AppArmor</application> profiles are simple text files located "
7759
8529
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7762
8532
"profile for the <filename>/bin/ping</filename> command."
7763
8533
msgstr ""
7764
8534
7765
#: serverguide/C/security.xml:1120(para)
8535
#: serverguide/C/security.xml:1067(para)
7766
8536
msgid "There are two main type of rules used in profiles:"
7767
8537
msgstr ""
7768
8538
7769
#: serverguide/C/security.xml:1125(para)
8539
#: serverguide/C/security.xml:1072(para)
7770
8540
msgid ""
7771
8541
"<emphasis>Path entries:</emphasis> which detail which files an application "
7772
8542
"can access in the file system."
7773
8543
msgstr ""
7774
8544
7775
#: serverguide/C/security.xml:1130(para)
8545
#: serverguide/C/security.xml:1077(para)
7776
8546
msgid ""
7777
8547
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7778
8548
"confined process is allowed to use."
7779
8549
msgstr ""
7780
8550
7781
#: serverguide/C/security.xml:1135(para)
8551
#: serverguide/C/security.xml:1082(para)
7782
8552
msgid ""
7783
8553
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7784
8554
msgstr ""
7785
8555
7786
#: serverguide/C/security.xml:1138(programlisting)
8556
#: serverguide/C/security.xml:1085(programlisting)
7787
8557
#, no-wrap
7788
8558
msgid ""
7789
8559
"\n"
7802
8572
"}\n"
7803
8573
msgstr ""
7804
8574
7805
#: serverguide/C/security.xml:1155(para)
8575
#: serverguide/C/security.xml:1102(para)
7806
8576
msgid ""
7807
8577
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7808
8578
"from other files. This allows statements pertaining to multiple applications "
7809
8579
"to be placed in a common file."
7810
8580
msgstr ""
7811
8581
7812
#: serverguide/C/security.xml:1161(para)
8582
#: serverguide/C/security.xml:1108(para)
7813
8583
msgid ""
7814
8584
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7815
8585
"program, also setting the mode to <emphasis>complain</emphasis>."
7816
8586
msgstr ""
7817
8587
7818
#: serverguide/C/security.xml:1167(para)
8588
#: serverguide/C/security.xml:1114(para)
7819
8589
msgid ""
7820
8590
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7821
8591
"the CAP_NET_RAW Posix.1e capability."
7822
8592
msgstr ""
7823
8593
7824
#: serverguide/C/security.xml:1172(para)
8594
#: serverguide/C/security.xml:1119(para)
7825
8595
msgid ""
7826
8596
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7827
8597
"execute access to the file."
7828
8598
msgstr ""
7829
8599
7830
#: serverguide/C/security.xml:1178(para)
8600
#: serverguide/C/security.xml:1125(para)
7831
8601
msgid ""
7832
8602
"After editing a profile file the profile must be reloaded. See <xref "
7833
8603
"linkend=\"apparmor-usage\"/> for details."
7834
8604
msgstr ""
7835
8605
7836
#: serverguide/C/security.xml:1183(title)
8606
#: serverguide/C/security.xml:1130(title)
7837
8607
msgid "Creating a Profile"
7838
8608
msgstr ""
7839
8609
7840
#: serverguide/C/security.xml:1186(para)
8610
#: serverguide/C/security.xml:1133(para)
7841
8611
msgid ""
7842
8612
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7843
8613
"application should be exercised. The test plan should be divided into small "
7845
8615
"steps to follow."
7846
8616
msgstr ""
7847
8617
7848
#: serverguide/C/security.xml:1190(para)
8618
#: serverguide/C/security.xml:1137(para)
7849
8619
msgid "Some standard test cases are:"
7850
8620
msgstr ""
7851
8621
7852
#: serverguide/C/security.xml:1195(para)
8622
#: serverguide/C/security.xml:1142(para)
7853
8623
msgid "Starting the program."
7854
8624
msgstr ""
7855
8625
7856
#: serverguide/C/security.xml:1200(para)
8626
#: serverguide/C/security.xml:1147(para)
7857
8627
msgid "Stopping the program."
7858
8628
msgstr ""
7859
8629
7860
#: serverguide/C/security.xml:1205(para)
8630
#: serverguide/C/security.xml:1152(para)
7861
8631
msgid "Reloading the program."
7862
8632
msgstr ""
7863
8633
7864
#: serverguide/C/security.xml:1210(para)
8634
#: serverguide/C/security.xml:1157(para)
7865
8635
msgid "Testing all the commands supported by the init script."
7866
8636
msgstr ""
7867
8637
7868
#: serverguide/C/security.xml:1217(para)
8638
#: serverguide/C/security.xml:1164(para)
7869
8639
msgid ""
7870
8640
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7871
8641
"genprof</application> to generate a new profile. From a terminal:"
7872
8642
msgstr ""
7873
8643
7874
#: serverguide/C/security.xml:1222(command)
8644
#: serverguide/C/security.xml:1169(command)
7875
8645
msgid "sudo aa-genprof executable"
7876
8646
msgstr ""
7877
8647
7878
#: serverguide/C/security.xml:1224(para)
8648
#: serverguide/C/security.xml:1171(para)
7879
8649
msgid "For example:"
7880
8650
msgstr ""
7881
8651
7882
#: serverguide/C/security.xml:1228(command)
8652
#: serverguide/C/security.xml:1175(command)
7883
8653
msgid "sudo aa-genprof slapd"
7884
8654
msgstr ""
7885
8655
7886
#: serverguide/C/security.xml:1232(para)
8656
#: serverguide/C/security.xml:1179(para)
7887
8657
msgid ""
7888
8658
"To get your new profile included in the <application>apparmor-"
7889
8659
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7892
8662
"/ulink> package:"
7893
8663
msgstr ""
7894
8664
7895
#: serverguide/C/security.xml:1239(para)
8665
#: serverguide/C/security.xml:1186(para)
7896
8666
msgid "Include your test plan and test cases."
7897
8667
msgstr ""
7898
8668
7899
#: serverguide/C/security.xml:1244(para)
8669
#: serverguide/C/security.xml:1191(para)
7900
8670
msgid "Attach your new profile to the bug."
7901
8671
msgstr ""
7902
8672
7903
#: serverguide/C/security.xml:1253(title)
8673
#: serverguide/C/security.xml:1200(title)
7904
8674
msgid "Updating Profiles"
7905
8675
msgstr ""
7906
8676
7907
#: serverguide/C/security.xml:1254(para)
8677
#: serverguide/C/security.xml:1201(para)
7908
8678
msgid ""
7909
8679
"When the program is misbehaving, audit messages are sent to the log files. "
7910
8680
"The program <application>aa-logprof</application> can be used to scan log "
7912
8682
"and update the profiles. From a terminal:"
7913
8683
msgstr ""
7914
8684
7915
#: serverguide/C/security.xml:1259(command)
8685
#: serverguide/C/security.xml:1206(command)
7916
8686
msgid "sudo aa-logprof"
7917
8687
msgstr ""
7918
8688
7919
#: serverguide/C/security.xml:1267(para)
8689
#: serverguide/C/security.xml:1214(para)
7920
8690
msgid ""
7921
8691
"See the <ulink "
7922
8692
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7925
8695
"configuration options."
7926
8696
msgstr ""
7927
8697
7928
#: serverguide/C/security.xml:1274(para)
8698
#: serverguide/C/security.xml:1221(para)
7929
8699
msgid ""
7930
8700
"For details using AppArmor with other Ubuntu releases see the <ulink "
7931
8701
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7932
8702
"Wiki</ulink> page."
7933
8703
msgstr ""
7934
8704
7935
#: serverguide/C/security.xml:1282(para)
8705
#: serverguide/C/security.xml:1229(para)
7936
8706
msgid ""
7937
8707
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
7938
8708
"page is another introduction to AppArmor."
7939
8709
msgstr ""
7940
8710
7941
#: serverguide/C/security.xml:1289(para)
8711
#: serverguide/C/security.xml:1236(para)
7942
8712
msgid ""
7943
8713
"A great place to ask for <application>AppArmor</application> assistance, and "
7944
8714
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7946
8716
"url=\"http://freenode.net\">freenode</ulink>."
7947
8717
msgstr ""
7948
8718
7949
#: serverguide/C/security.xml:1299(title)
8719
#: serverguide/C/security.xml:1246(title)
7950
8720
msgid "Certificates"
7951
8721
msgstr ""
7952
8722
7953
#: serverguide/C/security.xml:1300(para)
8723
#: serverguide/C/security.xml:1247(para)
7954
8724
msgid ""
7955
8725
"One of the most common forms of cryptography today is <emphasis>public-"
7956
8726
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7960
8730
"the private key."
7961
8731
msgstr ""
7962
8732
7963
#: serverguide/C/security.xml:1306(para)
8733
#: serverguide/C/security.xml:1253(para)
7964
8734
msgid ""
7965
8735
"A common use for public-key cryptography is encrypting application traffic "
7966
8736
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7969
8739
"encrypt traffic using a protocol that does not itself provide encryption."
7970
8740
msgstr ""
7971
8741
7972
#: serverguide/C/security.xml:1311(para)
8742
#: serverguide/C/security.xml:1258(para)
7973
8743
msgid ""
7974
8744
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7975
8745
"<emphasis>public key</emphasis> and other information about a server and the "
7979
8749
"certificate is accurate."
7980
8750
msgstr ""
7981
8751
7982
#: serverguide/C/security.xml:1318(title)
8752
#: serverguide/C/security.xml:1265(title)
7983
8753
msgid "Types of Certificates"
7984
8754
msgstr ""
7985
8755
7986
#: serverguide/C/security.xml:1319(para)
8756
#: serverguide/C/security.xml:1266(para)
7987
8757
msgid ""
7988
8758
"To set up a secure server using public-key cryptography, in most cases, you "
7989
8759
"send your certificate request (including your public key), proof of your "
7993
8763
"signed</emphasis> certificate."
7994
8764
msgstr ""
7995
8765
7996
#: serverguide/C/security.xml:1329(para)
8766
#: serverguide/C/security.xml:1276(para)
7997
8767
msgid ""
7998
8768
"Note, that self-signed certificates should not be used in most production "
7999
8769
"environments."
8000
8770
msgstr ""
8001
8771
8002
#: serverguide/C/security.xml:1333(para)
8772
#: serverguide/C/security.xml:1280(para)
8003
8773
msgid ""
8004
8774
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8005
8775
"capabilities that a self-signed certificate does not:"
8006
8776
msgstr ""
8007
8777
8008
#: serverguide/C/security.xml:1340(para)
8778
#: serverguide/C/security.xml:1287(para)
8009
8779
msgid ""
8010
8780
"Browsers (usually) automatically recognize the certificate and allow a "
8011
8781
"secure connection to be made without prompting the user."
8012
8782
msgstr ""
8013
8783
8014
#: serverguide/C/security.xml:1347(para)
8784
#: serverguide/C/security.xml:1294(para)
8015
8785
msgid ""
8016
8786
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8017
8787
"the organization that is providing the web pages to the browser."
8018
8788
msgstr ""
8019
8789
8020
#: serverguide/C/security.xml:1355(para)
8790
#: serverguide/C/security.xml:1302(para)
8021
8791
msgid ""
8022
8792
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8023
8793
"certificates they automatically accept. If a browser encounters a "
8026
8796
"may generate an error message when using a self-singed certificate."
8027
8797
msgstr ""
8028
8798
8029
#: serverguide/C/security.xml:1363(para)
8799
#: serverguide/C/security.xml:1310(para)
8030
8800
msgid ""
8031
8801
"The process of getting a certificate from a CA is fairly easy. A quick "
8032
8802
"overview is as follows:"
8033
8803
msgstr ""
8034
8804
8035
#: serverguide/C/security.xml:1370(para)
8805
#: serverguide/C/security.xml:1317(para)
8036
8806
msgid "Create a private and public encryption key pair."
8037
8807
msgstr ""
8038
8808
8039
#: serverguide/C/security.xml:1373(para)
8809
#: serverguide/C/security.xml:1320(para)
8040
8810
msgid ""
8041
8811
"Create a certificate request based on the public key. The certificate "
8042
8812
"request contains information about your server and the company hosting it."
8043
8813
msgstr ""
8044
8814
8045
#: serverguide/C/security.xml:1378(para)
8815
#: serverguide/C/security.xml:1325(para)
8046
8816
msgid ""
8047
8817
"Send the certificate request, along with documents proving your identity, to "
8048
8818
"a CA. We cannot tell you which certificate authority to choose. Your "
8050
8820
"your friends or colleagues, or purely on monetary factors."
8051
8821
msgstr ""
8052
8822
8053
#: serverguide/C/security.xml:1384(para)
8823
#: serverguide/C/security.xml:1331(para)
8054
8824
msgid ""
8055
8825
"Once you have decided upon a CA, you need to follow the instructions they "
8056
8826
"provide on how to obtain a certificate from them."
8057
8827
msgstr ""
8058
8828
8059
#: serverguide/C/security.xml:1389(para)
8829
#: serverguide/C/security.xml:1336(para)
8060
8830
msgid ""
8061
8831
"When the CA is satisfied that you are indeed who you claim to be, they send "
8062
8832
"you a digital certificate."
8063
8833
msgstr ""
8064
8834
8065
#: serverguide/C/security.xml:1393(para)
8835
#: serverguide/C/security.xml:1340(para)
8066
8836
msgid ""
8067
8837
"Install this certificate on your secure server, and configure the "
8068
8838
"appropriate applications to use the certificate."
8069
8839
msgstr ""
8070
8840
8071
#: serverguide/C/security.xml:1402(title)
8841
#: serverguide/C/security.xml:1349(title)
8072
8842
msgid "Generating a Certificate Signing Request (CSR)"
8073
8843
msgstr ""
8074
8844
8075
#: serverguide/C/security.xml:1404(para)
8845
#: serverguide/C/security.xml:1351(para)
8076
8846
msgid ""
8077
8847
"Whether you are getting a certificate from a CA or generating your own self-"
8078
8848
"signed certificate, the first step is to generate a key."
8079
8849
msgstr ""
8080
8850
8081
#: serverguide/C/security.xml:1409(para)
8851
#: serverguide/C/security.xml:1356(para)
8082
8852
msgid ""
8083
8853
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8084
8854
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8086
8856
"the preferred way to start a daemon."
8087
8857
msgstr ""
8088
8858
8089
#: serverguide/C/security.xml:1415(para)
8859
#: serverguide/C/security.xml:1362(para)
8090
8860
msgid ""
8091
8861
"This section will cover generating a key with a passphrase, and one without. "
8092
8862
"The non-passphrase key will then be used to generate a certificate that can "
8093
8863
"be used with various service daemons."
8094
8864
msgstr ""
8095
8865
8096
#: serverguide/C/security.xml:1421(para)
8866
#: serverguide/C/security.xml:1368(para)
8097
8867
msgid ""
8098
8868
"Running your secure service without a passphrase is convenient because you "
8099
8869
"will not need to enter the passphrase every time you start your secure "
8101
8871
"of the server as well."
8102
8872
msgstr ""
8103
8873
8104
#: serverguide/C/security.xml:1428(para)
8874
#: serverguide/C/security.xml:1375(para)
8105
8875
msgid ""
8106
8876
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
8107
8877
"Request (CSR) run the following command from a terminal prompt:"
8108
8878
msgstr ""
8109
8879
8110
#: serverguide/C/security.xml:1434(command)
8880
#: serverguide/C/security.xml:1381(command)
8111
8881
msgid "openssl genrsa -des3 -out server.key 1024"
8112
8882
msgstr ""
8113
8883
8114
#: serverguide/C/security.xml:1437(programlisting)
8884
#: serverguide/C/security.xml:1384(programlisting)
8115
8885
#, no-wrap
8116
8886
msgid ""
8117
8887
"\n"
8123
8893
"Enter pass phrase for server.key:\n"
8124
8894
msgstr ""
8125
8895
8126
#: serverguide/C/security.xml:1446(para)
8896
#: serverguide/C/security.xml:1393(para)
8127
8897
msgid ""
8128
8898
"You can now enter your passphrase. For best security, it should at least "
8129
8899
"contain eight characters. The minimum length when specifying -des3 is four "
8131
8901
"in a dictionary. Also remember that your passphrase is case-sensitive."
8132
8902
msgstr ""
8133
8903
8134
#: serverguide/C/security.xml:1454(para)
8904
#: serverguide/C/security.xml:1401(para)
8135
8905
msgid ""
8136
8906
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
8137
8907
"server key is generated and stored in the <filename>server.key</filename> "
8138
8908
"file."
8139
8909
msgstr ""
8140
8910
8141
#: serverguide/C/security.xml:1460(para)
8911
#: serverguide/C/security.xml:1407(para)
8142
8912
msgid ""
8143
8913
"Now create the insecure key, the one without a passphrase, and shuffle the "
8144
8914
"key names:"
8145
8915
msgstr ""
8146
8916
8147
#: serverguide/C/security.xml:1466(command)
8917
#: serverguide/C/security.xml:1413(command)
8148
8918
msgid "openssl rsa -in server.key -out server.key.insecure"
8149
8919
msgstr ""
8150
8920
8151
#: serverguide/C/security.xml:1467(command)
8921
#: serverguide/C/security.xml:1414(command)
8152
8922
msgid "mv server.key server.key.secure"
8153
8923
msgstr ""
8154
8924
8155
#: serverguide/C/security.xml:1468(command)
8925
#: serverguide/C/security.xml:1415(command)
8156
8926
msgid "mv server.key.insecure server.key"
8157
8927
msgstr ""
8158
8928
8159
#: serverguide/C/security.xml:1471(para)
8929
#: serverguide/C/security.xml:1418(para)
8160
8930
msgid ""
8161
8931
"The insecure key is now named <filename>server.key</filename>, and you can "
8162
8932
"use this file to generate the CSR without passphrase."
8163
8933
msgstr ""
8164
8934
8165
#: serverguide/C/security.xml:1476(para)
8935
#: serverguide/C/security.xml:1423(para)
8166
8936
msgid "To create the CSR, run the following command at a terminal prompt:"
8167
8937
msgstr ""
8168
8938
8169
#: serverguide/C/security.xml:1481(command)
8939
#: serverguide/C/security.xml:1428(command)
8170
8940
msgid "openssl req -new -key server.key -out server.csr"
8171
8941
msgstr ""
8172
8942
8173
#: serverguide/C/security.xml:1484(para)
8943
#: serverguide/C/security.xml:1431(para)
8174
8944
msgid ""
8175
8945
"It will prompt you enter the passphrase. If you enter the correct "
8176
"passphrase, it will prompt you to enter Company Name, Once you enter all "
8177
"these details, your CSR will be created and it will be stored in the "
8178
"<filename>server.csr</filename> file. Site Name, Email Id, etc."
8946
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
8947
"etc. Once you enter all these details, your CSR will be created and it will "
8948
"be stored in the <filename>server.csr</filename> file."
8179
8949
msgstr ""
8180
8950
8181
#: serverguide/C/security.xml:1492(para)
8951
#: serverguide/C/security.xml:1439(para)
8182
8952
msgid ""
8183
8953
"You can now submit this CSR file to a CA for processing. The CA will use "
8184
8954
"this CSR file and issue the certificate. On the other hand, you can create "
8185
8955
"self-signed certificate using this CSR."
8186
8956
msgstr ""
8187
8957
8188
#: serverguide/C/security.xml:1500(title)
8958
#: serverguide/C/security.xml:1447(title)
8189
8959
msgid "Creating a Self-Signed Certificate"
8190
8960
msgstr ""
8191
8961
8192
#: serverguide/C/security.xml:1501(para)
8962
#: serverguide/C/security.xml:1448(para)
8193
8963
msgid ""
8194
8964
"To create the self-signed certificate, run the following command at a "
8195
8965
"terminal prompt:"
8196
8966
msgstr ""
8197
8967
8198
#: serverguide/C/security.xml:1506(command)
8968
#: serverguide/C/security.xml:1453(command)
8199
8969
msgid ""
8200
8970
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8201
8971
"server.crt"
8202
8972
msgstr ""
8203
8973
8204
#: serverguide/C/security.xml:1509(para)
8974
#: serverguide/C/security.xml:1456(para)
8205
8975
msgid ""
8206
8976
"The above command will prompt you to enter the passphrase. Once you enter "
8207
8977
"the correct passphrase, your certificate will be created and it will be "
8208
8978
"stored in the <filename>server.crt</filename> file."
8209
8979
msgstr ""
8210
8980
8211
#: serverguide/C/security.xml:1514(para)
8981
#: serverguide/C/security.xml:1461(para)
8212
8982
msgid ""
8213
8983
"If your secure server is to be used in a production environment, you "
8214
8984
"probably need a CA-signed certificate. It is not recommended to use self-"
8215
8985
"signed certificate."
8216
8986
msgstr ""
8217
8987
8218
#: serverguide/C/security.xml:1522(title)
8988
#: serverguide/C/security.xml:1469(title)
8219
8989
msgid "Installing the Certificate"
8220
8990
msgstr ""
8221
8991
8222
#: serverguide/C/security.xml:1524(para)
8992
#: serverguide/C/security.xml:1471(para)
8223
8993
msgid ""
8224
8994
"You can install the key file <filename>server.key</filename> and certificate "
8225
8995
"file <filename>server.crt</filename>, or the certificate file issued by your "
8226
8996
"CA, by running following commands at a terminal prompt:"
8227
8997
msgstr ""
8228
8998
8229
#: serverguide/C/security.xml:1530(command)
8999
#: serverguide/C/security.xml:1477(command)
8230
9000
msgid "sudo cp server.crt /etc/ssl/certs"
8231
9001
msgstr ""
8232
9002
8233
#: serverguide/C/security.xml:1531(command)
9003
#: serverguide/C/security.xml:1478(command)
8234
9004
msgid "sudo cp server.key /etc/ssl/private"
8235
9005
msgstr ""
8236
9006
8237
#: serverguide/C/security.xml:1533(para)
9007
#: serverguide/C/security.xml:1480(para)
8238
9008
msgid ""
8239
9009
"Now simply configure any applications, with the ability to use public-key "
8240
9010
"cryptography, to use the <emphasis>certificate</emphasis> and "
8243
9013
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
8244
9014
msgstr ""
8245
9015
8246
#: serverguide/C/security.xml:1540(title)
9016
#: serverguide/C/security.xml:1487(title)
8247
9017
msgid "Certification Authority"
8248
9018
msgstr ""
8249
9019
8250
#: serverguide/C/security.xml:1542(para)
9020
#: serverguide/C/security.xml:1489(para)
8251
9021
msgid ""
8252
9022
"If the services on your network require more than a few self-signed "
8253
9023
"certificates it may be worth the additional effort to setup your own "
8257
9027
"the same CA."
8258
9028
msgstr ""
8259
9029
8260
#: serverguide/C/security.xml:1552(para)
9030
#: serverguide/C/security.xml:1499(para)
8261
9031
msgid ""
8262
9032
"First, create the directories to hold the CA certificate and related files:"
8263
9033
msgstr ""
8264
9034
8265
#: serverguide/C/security.xml:1557(command)
9035
#: serverguide/C/security.xml:1504(command)
8266
9036
msgid "sudo mkdir /etc/ssl/CA"
8267
9037
msgstr ""
8268
9038
8269
#: serverguide/C/security.xml:1558(command)
9039
#: serverguide/C/security.xml:1505(command)
8270
9040
msgid "sudo mkdir /etc/ssl/newcerts"
8271
9041
msgstr ""
8272
9042
8273
#: serverguide/C/security.xml:1564(para)
9043
#: serverguide/C/security.xml:1511(para)
8274
9044
msgid ""
8275
9045
"The CA needs a few additional files to operate, one to keep track of the "
8276
9046
"last serial number used by the CA, each certificate must have a unique "
8278
9048
"issued:"
8279
9049
msgstr ""
8280
9050
8281
#: serverguide/C/security.xml:1571(command)
9051
#: serverguide/C/security.xml:1518(command)
8282
9052
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
8283
9053
msgstr ""
8284
9054
8285
#: serverguide/C/security.xml:1572(command)
9055
#: serverguide/C/security.xml:1519(command)
8286
9056
msgid "sudo touch /etc/ssl/CA/index.txt"
8287
9057
msgstr ""
8288
9058
8289
#: serverguide/C/security.xml:1578(para)
9059
#: serverguide/C/security.xml:1525(para)
8290
9060
msgid ""
8291
9061
"The third file is a CA configuration file. Though not strictly necessary, it "
8292
9062
"is very convenient when issuing multiple certificates. Edit "
8294
9064
"]</emphasis> change:"
8295
9065
msgstr ""
8296
9066
8297
#: serverguide/C/security.xml:1584(programlisting)
9067
#: serverguide/C/security.xml:1531(programlisting)
8298
9068
#, no-wrap
8299
9069
msgid ""
8300
9070
"\n"
8305
9075
"private_key = $dir/private/cakey.pem# The private key\n"
8306
9076
msgstr ""
8307
9077
8308
#: serverguide/C/security.xml:1595(para)
9078
#: serverguide/C/security.xml:1542(para)
8309
9079
msgid "Next, create the self-singed root certificate:"
8310
9080
msgstr ""
8311
9081
8312
#: serverguide/C/security.xml:1600(command)
9082
#: serverguide/C/security.xml:1547(command)
8313
9083
msgid ""
8314
9084
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
8315
9085
"days 3650"
8316
9086
msgstr ""
8317
9087
8318
#: serverguide/C/security.xml:1603(para)
9088
#: serverguide/C/security.xml:1550(para)
8319
9089
msgid "You will then be asked to enter the details about the certificate."
8320
9090
msgstr ""
8321
9091
8322
#: serverguide/C/security.xml:1610(para)
9092
#: serverguide/C/security.xml:1557(para)
8323
9093
msgid "Now install the root certificate and key:"
8324
9094
msgstr ""
8325
9095
8326
#: serverguide/C/security.xml:1615(command)
9096
#: serverguide/C/security.xml:1562(command)
8327
9097
msgid "sudo mv cakey.pem /etc/ssl/private/"
8328
9098
msgstr ""
8329
9099
8330
#: serverguide/C/security.xml:1616(command)
9100
#: serverguide/C/security.xml:1563(command)
8331
9101
msgid "sudo mv cacert.pem /etc/ssl/certs/"
8332
9102
msgstr ""
8333
9103
8334
#: serverguide/C/security.xml:1622(para)
9104
#: serverguide/C/security.xml:1569(para)
8335
9105
msgid ""
8336
9106
"You are now ready to start signing certificates. The first item needed is a "
8337
9107
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
8339
9109
"certificate signed by the CA:"
8340
9110
msgstr ""
8341
9111
8342
#: serverguide/C/security.xml:1629(command)
9112
#: serverguide/C/security.xml:1576(command)
8343
9113
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
8344
9114
msgstr ""
8345
9115
8346
#: serverguide/C/security.xml:1632(para)
9116
#: serverguide/C/security.xml:1579(para)
8347
9117
msgid ""
8348
9118
"After entering the password for the CA key, you will be prompted to sign the "
8349
9119
"certificate, and again to commit the new certificate. You should then see a "
8350
9120
"somewhat large amount of output related to the certificate creation."
8351
9121
msgstr ""
8352
9122
8353
#: serverguide/C/security.xml:1641(para)
9123
#: serverguide/C/security.xml:1588(para)
8354
9124
msgid ""
8355
9125
"There should now be a new file, "
8356
9126
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
8361
9131
"descriptive name."
8362
9132
msgstr ""
8363
9133
8364
#: serverguide/C/security.xml:1649(para)
9134
#: serverguide/C/security.xml:1596(para)
8365
9135
msgid ""
8366
9136
"Subsequent certificates will be named <filename>02.pem</filename>, "
8367
9137
"<filename>03.pem</filename>, etc."
8368
9138
msgstr ""
8369
9139
8370
#: serverguide/C/security.xml:1654(para)
9140
#: serverguide/C/security.xml:1601(para)
8371
9141
msgid ""
8372
9142
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
8373
9143
"name."
8374
9144
msgstr ""
8375
9145
8376
#: serverguide/C/security.xml:1662(para)
9146
#: serverguide/C/security.xml:1609(para)
8377
9147
msgid ""
8378
9148
"Finally, copy the new certificate to the host that needs it, and configure "
8379
9149
"the appropriate applications to use it. The default location to install "
8382
9152
"complicated file permissions."
8383
9153
msgstr ""
8384
9154
8385
#: serverguide/C/security.xml:1668(para)
9155
#: serverguide/C/security.xml:1615(para)
8386
9156
msgid ""
8387
9157
"For applications that can be configured to use a CA certificate, you should "
8388
9158
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
8390
9160
"server."
8391
9161
msgstr ""
8392
9162
8393
#: serverguide/C/security.xml:1682(para)
9163
#: serverguide/C/security.xml:1629(para)
8394
9164
msgid ""
8395
9165
"For more detailed instructions on using cryptography see the <ulink "
8396
9166
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
8397
9167
"Certificates HOWTO</ulink> by tlpd.org"
8398
9168
msgstr ""
8399
9169
8400
#: serverguide/C/security.xml:1688(para)
9170
#: serverguide/C/security.xml:1635(para)
8401
9171
msgid ""
8402
9172
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
8403
9173
"of Certificate Authorities."
8404
9174
msgstr ""
8405
9175
8406
#: serverguide/C/security.xml:1693(para)
9176
#: serverguide/C/security.xml:1640(para)
8407
9177
msgid ""
8408
9178
"The Wikipedia <ulink "
8409
9179
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8410
9180
"information regarding HTTPS."
8411
9181
msgstr ""
8412
9182
8413
#: serverguide/C/security.xml:1698(para)
9183
#: serverguide/C/security.xml:1645(para)
8414
9184
msgid ""
8415
9185
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8416
9186
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8417
9187
msgstr ""
8418
9188
8419
#: serverguide/C/security.xml:1703(para)
9189
#: serverguide/C/security.xml:1650(para)
8420
9190
msgid ""
8421
9191
"Also, O'Reilly's <ulink "
8422
9192
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8423
9193
"OpenSSL</ulink> is a good in depth reference."
8424
9194
msgstr ""
8425
9195
8426
#: serverguide/C/security.xml:1712(title)
9196
#: serverguide/C/security.xml:1659(title)
8427
9197
msgid "eCryptfs"
8428
9198
msgstr ""
8429
9199
8430
#: serverguide/C/security.xml:1714(para)
9200
#: serverguide/C/security.xml:1661(para)
8431
9201
msgid ""
8432
9202
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
8433
9203
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
8435
9205
"filesystem, partition type, etc."
8436
9206
msgstr ""
8437
9207
8438
#: serverguide/C/security.xml:1720(para)
9208
#: serverguide/C/security.xml:1667(para)
8439
9209
msgid ""
8440
9210
"During installation there is an option to encrypt the <filename "
8441
9211
"role=\"directory\">/home</filename> partition. This will automatically "
8442
9212
"configure everything needed to encrypt and mount the partition."
8443
9213
msgstr ""
8444
9214
8445
#: serverguide/C/security.xml:1725(para)
9215
#: serverguide/C/security.xml:1672(para)
8446
9216
msgid ""
8447
9217
"As an example, this section will cover configuring <filename "
8448
9218
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
8449
9219
msgstr ""
8450
9220
8451
#: serverguide/C/security.xml:1730(title)
9221
#: serverguide/C/security.xml:1677(title)
8452
9222
msgid "Using eCryptfs"
8453
9223
msgstr ""
8454
9224
8455
#: serverguide/C/security.xml:1732(para)
9225
#: serverguide/C/security.xml:1679(para)
8456
9226
msgid "First, install the necessary packages. From a terminal prompt enter:"
8457
9227
msgstr ""
8458
9228
8459
#: serverguide/C/security.xml:1737(command)
9229
#: serverguide/C/security.xml:1684(command)
8460
9230
msgid "sudo apt-get install ecryptfs-utils"
8461
9231
msgstr ""
8462
9232
8463
#: serverguide/C/security.xml:1740(para)
9233
#: serverguide/C/security.xml:1687(para)
8464
9234
msgid "Now mount the partition to be encrypted:"
8465
9235
msgstr ""
8466
9236
8467
#: serverguide/C/security.xml:1745(command)
9237
#: serverguide/C/security.xml:1692(command)
8468
9238
msgid "sudo mount -t ecryptfs /srv /srv"
8469
9239
msgstr ""
8470
9240
8471
#: serverguide/C/security.xml:1748(para)
9241
#: serverguide/C/security.xml:1695(para)
8472
9242
msgid ""
8473
9243
"You will then be prompted for some details on how "
8474
9244
"<application>ecryptfs</application> should encrypt the data."
8475
9245
msgstr ""
8476
9246
8477
#: serverguide/C/security.xml:1752(para)
9247
#: serverguide/C/security.xml:1699(para)
8478
9248
msgid ""
8479
9249
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8480
9250
"copy the <filename>/etc/default</filename> folder to "
8481
9251
"<filename>/srv</filename>:"
8482
9252
msgstr ""
8483
9253
8484
#: serverguide/C/security.xml:1758(command) serverguide/C/clustering.xml:192(command)
9254
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:192(command)
8485
9255
msgid "sudo cp -r /etc/default /srv"
8486
9256
msgstr ""
8487
9257
8488
#: serverguide/C/security.xml:1761(para)
9258
#: serverguide/C/security.xml:1708(para)
8489
9259
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8490
9260
msgstr ""
8491
9261
8492
#: serverguide/C/security.xml:1766(command) serverguide/C/installation.xml:1089(command) serverguide/C/clustering.xml:200(command)
9262
#: serverguide/C/security.xml:1713(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
8493
9263
msgid "sudo umount /srv"
8494
9264
msgstr ""
8495
9265
8496
#: serverguide/C/security.xml:1767(command)
9266
#: serverguide/C/security.xml:1714(command)
8497
9267
msgid "cat /srv/default/cron"
8498
9268
msgstr ""
8499
9269
8500
#: serverguide/C/security.xml:1770(para)
9270
#: serverguide/C/security.xml:1717(para)
8501
9271
msgid ""
8502
9272
"Remounting <filename>/srv</filename> using "
8503
9273
"<application>ecryptfs</application> will make the data viewable once again."
8504
9274
msgstr ""
8505
9275
8506
#: serverguide/C/security.xml:1776(title)
9276
#: serverguide/C/security.xml:1723(title)
8507
9277
msgid "Automatically Mounting Encrypted Partitions"
8508
9278
msgstr ""
8509
9279
8510
#: serverguide/C/security.xml:1778(para)
9280
#: serverguide/C/security.xml:1725(para)
8511
9281
msgid ""
8512
9282
"There are a couple of ways to automatically mount an "
8513
9283
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8515
9285
"mount options, along with a passphrase file residing on a USB key."
8516
9286
msgstr ""
8517
9287
8518
#: serverguide/C/security.xml:1784(para)
9288
#: serverguide/C/security.xml:1731(para)
8519
9289
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8520
9290
msgstr ""
8521
9291
8522
#: serverguide/C/security.xml:1788(programlisting)
9292
#: serverguide/C/security.xml:1735(programlisting)
8523
9293
#, no-wrap
8524
9294
msgid ""
8525
9295
"\n"
8531
9301
"ecryptfs_enable_filename_crypto=n\n"
8532
9302
msgstr ""
8533
9303
8534
#: serverguide/C/security.xml:1798(para)
9304
#: serverguide/C/security.xml:1745(para)
8535
9305
msgid ""
8536
9306
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8537
9307
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8538
9308
msgstr ""
8539
9309
8540
#: serverguide/C/security.xml:1803(para)
9310
#: serverguide/C/security.xml:1750(para)
8541
9311
msgid ""
8542
9312
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8543
9313
"file:"
8544
9314
msgstr ""
8545
9315
8546
#: serverguide/C/security.xml:1807(programlisting)
9316
#: serverguide/C/security.xml:1754(programlisting)
8547
9317
#, no-wrap
8548
9318
msgid ""
8549
9319
"\n"
8550
9320
"passphrase_passwd=[secrets]\n"
8551
9321
msgstr ""
8552
9322
8553
#: serverguide/C/security.xml:1811(para)
9323
#: serverguide/C/security.xml:1758(para)
8554
9324
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8555
9325
msgstr ""
8556
9326
8557
#: serverguide/C/security.xml:1815(programlisting)
9327
#: serverguide/C/security.xml:1762(programlisting)
8558
9328
#, no-wrap
8559
9329
msgid ""
8560
9330
"\n"
8562
9332
"/srv /srv ecryptfs defaults 0 0\n"
8563
9333
msgstr ""
8564
9334
8565
#: serverguide/C/security.xml:1820(para)
9335
#: serverguide/C/security.xml:1767(para)
8566
9336
msgid "Make sure the USB drive is mounted before the encrypted partition."
8567
9337
msgstr ""
8568
9338
8569
#: serverguide/C/security.xml:1824(para)
9339
#: serverguide/C/security.xml:1771(para)
8570
9340
msgid ""
8571
9341
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8572
9342
"ecryptfs."
8573
9343
msgstr ""
8574
9344
8575
#: serverguide/C/security.xml:1832(para)
9345
#: serverguide/C/security.xml:1779(para)
8576
9346
msgid ""
8577
9347
"The <application>ecryptfs-utils</application> package includes several other "
8578
9348
"useful utilities:"
8579
9349
msgstr ""
8580
9350
8581
#: serverguide/C/security.xml:1838(para)
9351
#: serverguide/C/security.xml:1785(para)
8582
9352
msgid ""
8583
9353
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8584
9354
"<filename>~/Private</filename> directory to contain encrypted information. "
8586
9356
"other users on the system."
8587
9357
msgstr ""
8588
9358
8589
#: serverguide/C/security.xml:1845(para)
9359
#: serverguide/C/security.xml:1792(para)
8590
9360
msgid ""
8591
9361
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8592
9362
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8593
9363
"directory."
8594
9364
msgstr ""
8595
9365
8596
#: serverguide/C/security.xml:1851(para)
9366
#: serverguide/C/security.xml:1798(para)
8597
9367
msgid ""
8598
9368
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8599
9369
"kernel keyring."
8600
9370
msgstr ""
8601
9371
8602
#: serverguide/C/security.xml:1856(para)
9372
#: serverguide/C/security.xml:1803(para)
8603
9373
msgid ""
8604
9374
"<emphasis>ecryptfs-manager:</emphasis> manages "
8605
9375
"<application>eCryptfs</application> objects such as keys."
8606
9376
msgstr ""
8607
9377
8608
#: serverguide/C/security.xml:1861(para)
9378
#: serverguide/C/security.xml:1808(para)
8609
9379
msgid ""
8610
9380
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8611
9381
"<application>ecryptfs</application> meta information for a file."
8612
9382
msgstr ""
8613
9383
8614
#: serverguide/C/security.xml:1874(para)
9384
#: serverguide/C/security.xml:1821(para)
8615
9385
msgid ""
8616
9386
"For more information on eCryptfs see the <ulink "
8617
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
9387
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8618
9388
msgstr ""
8619
9389
8620
#: serverguide/C/security.xml:1879(para)
9390
#: serverguide/C/security.xml:1826(para)
8621
9391
msgid ""
8622
9392
"There is also a <ulink "
8623
9393
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8624
9394
"article covering eCryptfs."
8625
9395
msgstr ""
8626
9396
8627
#: serverguide/C/security.xml:1884(para)
9397
#: serverguide/C/security.xml:1831(para)
8628
9398
msgid ""
8629
9399
"Also, for more <application>ecryptfs</application> options see the <ulink "
8630
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8631
"ryptfs man page</ulink>."
9400
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9401
"yptfs man page</ulink>."
9402
msgstr ""
9403
9404
#: serverguide/C/security.xml:1837(para)
9405
msgid ""
9406
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9407
"Ubuntu Wiki</ulink> page also has more details."
9408
msgstr ""
9409
9410
#: serverguide/C/reporting-bugs.xml:13(title)
9411
msgid "Appendix"
9412
msgstr ""
9413
9414
#: serverguide/C/reporting-bugs.xml:16(title)
9415
msgid "Reporting Bugs in Ubuntu Server Edition"
9416
msgstr ""
9417
9418
#: serverguide/C/reporting-bugs.xml:18(para)
9419
msgid ""
9420
"While the Ubuntu Project attempts to release software with as few bugs as "
9421
"possible, they do occur. You can help fix these bugs by reporting ones that "
9422
"you find to the project. The Ubuntu Project uses <ulink "
9423
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9424
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9425
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9426
"account</ulink>."
9427
msgstr ""
9428
9429
#: serverguide/C/reporting-bugs.xml:30(title)
9430
msgid "Reporting Bugs With ubuntu-bug"
9431
msgstr ""
9432
9433
#: serverguide/C/reporting-bugs.xml:32(para)
9434
msgid ""
9435
"The preferred way to report a bug is with the <application>ubuntu-"
9436
"bug</application> command. The ubuntu-bug tool gathers information about the "
9437
"system useful to developers in diagnosing the reported problem that will "
9438
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9439
"need to be filed against a specific software package, thus the name of the "
9440
"package that the bug occurs in needs to be given to ubuntu-bug:"
9441
msgstr ""
9442
9443
#: serverguide/C/reporting-bugs.xml:43(command)
9444
msgid "ubuntu-bug PACKAGENAME"
9445
msgstr ""
9446
9447
#: serverguide/C/reporting-bugs.xml:46(para)
9448
msgid ""
9449
"For example, to file a bug against the openssh-server package, you would do:"
9450
msgstr ""
9451
9452
#: serverguide/C/reporting-bugs.xml:51(command)
9453
msgid "ubuntu-bug openssh-server"
9454
msgstr ""
9455
9456
#: serverguide/C/reporting-bugs.xml:54(para)
9457
msgid ""
9458
"You can specify either a binary package or the source package for ubuntu-"
9459
"bug. Again using openssh-server as an example, you could also generate the "
9460
"report against the source package for openssh-server, openssh:"
9461
msgstr ""
9462
9463
#: serverguide/C/reporting-bugs.xml:62(command)
9464
msgid "ubuntu-bug openssh"
9465
msgstr ""
9466
9467
#: serverguide/C/reporting-bugs.xml:66(para)
9468
msgid ""
9469
"See <xref linkend=\"package-management\"/> for more information about "
9470
"packages in Ubuntu."
9471
msgstr ""
9472
9473
#: serverguide/C/reporting-bugs.xml:72(para)
9474
msgid ""
9475
"The ubuntu-bug command will gather information about the system in question, "
9476
"possibly including information specific to the specified package, and then "
9477
"ask you what you would like to do with collected information:"
9478
msgstr ""
9479
9480
#: serverguide/C/reporting-bugs.xml:80(command)
9481
msgid "ubuntu-bug postgresql"
9482
msgstr ""
9483
9484
#: serverguide/C/reporting-bugs.xml:79(screen)
9485
#, no-wrap
9486
msgid ""
9487
"\n"
9488
"<placeholder-1/>\n"
9489
"\n"
9490
"*** Collecting problem information\n"
9491
"\n"
9492
"The collected information can be sent to the developers to improve the\n"
9493
"application. This might take a few minutes.\n"
9494
"..........\n"
9495
"\n"
9496
"*** Send problem report to the developers?\n"
9497
"\n"
9498
"After the problem report has been sent, please fill out the form in the\n"
9499
"automatically opened web browser.\n"
9500
"\n"
9501
"What would you like to do? Your options are:\n"
9502
" S: Send report (1.7 KiB)\n"
9503
" V: View report\n"
9504
" K: Keep report file for sending later or copying to somewhere else\n"
9505
" C: Cancel\n"
9506
"Please choose (S/V/K/C):\n"
9507
msgstr ""
9508
9509
#: serverguide/C/reporting-bugs.xml:101(para)
9510
msgid "The options available are:"
9511
msgstr ""
9512
9513
#: serverguide/C/reporting-bugs.xml:108(para)
9514
msgid ""
9515
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9516
"the collected information to Launchpad as part of the the process of filing "
9517
"a bug report. You will be given the opportunity to describe the situation "
9518
"that led up to the occurrance of the bug."
9519
msgstr ""
9520
9521
#: serverguide/C/reporting-bugs.xml:115(screen)
9522
#, no-wrap
9523
msgid ""
9524
"\n"
9525
"*** Uploading problem information\n"
9526
"\n"
9527
"The collected information is being sent to the bug tracking system.\n"
9528
"This might take a few minutes.\n"
9529
"91%\n"
9530
"\n"
9531
"*** To continue, you must visit the following URL:\n"
9532
"\n"
9533
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9534
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9535
"\n"
9536
"You can launch a browser now, or copy this URL into a browser on another\n"
9537
"computer.\n"
9538
"\n"
9539
"Choices:\n"
9540
" 1: Launch a browser now\n"
9541
" C: Cancel\n"
9542
"Please choose (1/C):\n"
9543
msgstr ""
9544
9545
#: serverguide/C/reporting-bugs.xml:135(para)
9546
msgid ""
9547
"If you choose to start a browser, by default the text based web browser "
9548
"<application>w3m</application> will be used to finish filing the bug report. "
9549
"Alternately, you can copy the given URL to a currently running web browser."
9550
msgstr ""
9551
9552
#: serverguide/C/reporting-bugs.xml:144(para)
9553
msgid ""
9554
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9555
"the collected information to be displayed to the terminal for review."
9556
msgstr ""
9557
9558
#: serverguide/C/reporting-bugs.xml:150(screen)
9559
#, no-wrap
9560
msgid ""
9561
"\n"
9562
"Package: postgresql 8.4.2-2\n"
9563
"PackageArchitecture: all\n"
9564
"Tags: lucid\n"
9565
"ProblemType: Bug\n"
9566
"ProcEnviron:\n"
9567
" LANG=en_US.UTF-8\n"
9568
" SHELL=/bin/bash\n"
9569
"Uname: Linux 2.6.32-16-server x86_64\n"
9570
"Dependencies:\n"
9571
" adduser 3.112ubuntu1\n"
9572
" base-files 5.0.0ubuntu10\n"
9573
" base-passwd 3.5.22\n"
9574
" coreutils 7.4-2ubuntu2\n"
9575
"...\n"
9576
msgstr ""
9577
9578
#: serverguide/C/reporting-bugs.xml:167(para)
9579
msgid ""
9580
"After viewing the report, you will be brought back to the same menu asking "
9581
"what you would like to do with the report."
9582
msgstr ""
9583
9584
#: serverguide/C/reporting-bugs.xml:174(para)
9585
msgid ""
9586
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9587
"File causes the gathered information to be written to a file. This file can "
9588
"then be used to later file a bug report or transferred to a different Ubuntu "
9589
"system for reporting. To submit the report file, simply give it as an "
9590
"argument to the ubuntu-bug command:"
9591
msgstr ""
9592
9593
#: serverguide/C/reporting-bugs.xml:189(userinput)
9594
#, no-wrap
9595
msgid "k"
9596
msgstr ""
9597
9598
#: serverguide/C/reporting-bugs.xml:192(command)
9599
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9600
msgstr ""
9601
9602
#: serverguide/C/reporting-bugs.xml:183(screen)
9603
#, no-wrap
9604
msgid ""
9605
"\n"
9606
"What would you like to do? Your options are:\n"
9607
" S: Send report (1.7 KiB)\n"
9608
" V: View report\n"
9609
" K: Keep report file for sending later or copying to somewhere else\n"
9610
" C: Cancel\n"
9611
"Please choose (S/V/K/C): <placeholder-1/>\n"
9612
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9613
"\n"
9614
"<placeholder-2/>\n"
9615
"\n"
9616
"*** Send problem report to the developers?\n"
9617
"...\n"
9618
msgstr ""
9619
9620
#: serverguide/C/reporting-bugs.xml:200(para)
9621
msgid ""
9622
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9623
"collected information to be discarded."
9624
msgstr ""
9625
9626
#: serverguide/C/reporting-bugs.xml:210(title)
9627
msgid "Reporting Application Crashes"
9628
msgstr ""
9629
9630
#: serverguide/C/reporting-bugs.xml:212(para)
9631
msgid ""
9632
"The software package that provides the ubuntu-bug utility, "
9633
"<application>apport</application>, can be configured to trigger when "
9634
"applications crash. This is disabled by default, as capturing a crash can be "
9635
"resource intensive depending on how much memory the application that crashed "
9636
"was using as apport captures and processes the core dump."
9637
msgstr ""
9638
9639
#: serverguide/C/reporting-bugs.xml:221(para)
9640
msgid ""
9641
"Configuring apport to capture information about crashing applications "
9642
"requires a couple of steps. First, <application>gdb</application> needs to "
9643
"be installed; it is not installed by default in Ubuntu Server Edition."
9644
msgstr ""
9645
9646
#: serverguide/C/reporting-bugs.xml:229(command)
9647
msgid "sudo apt-get install gdb"
9648
msgstr ""
9649
9650
#: serverguide/C/reporting-bugs.xml:232(para)
9651
msgid ""
9652
"See <xref linkend=\"package-management\"/> for more information about "
9653
"managing packages in Ubuntu."
9654
msgstr ""
9655
9656
#: serverguide/C/reporting-bugs.xml:237(para)
9657
msgid ""
9658
"Once you have ensured that gdb is installed, open the file "
9659
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9660
"<emphasis>enabled</emphasis> setting to be <emphasis "
9661
"role=\"bold\">1</emphasis> like so:"
9662
msgstr ""
9663
9664
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9665
#, no-wrap
9666
msgid ""
9667
"\n"
9668
"# set this to 0 to disable apport, or to 1 to enable it\n"
9669
"# you can temporarily override this with\n"
9670
"# sudo service apport start force_start=1\n"
9671
"enabled=<userinput>1</userinput>\n"
9672
"\n"
9673
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9674
"maxsize=209715200\n"
9675
msgstr ""
9676
9677
#: serverguide/C/reporting-bugs.xml:254(para)
9678
msgid ""
9679
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9680
"start the apport service:"
9681
msgstr ""
9682
9683
#: serverguide/C/reporting-bugs.xml:261(command)
9684
msgid "sudo start apport"
9685
msgstr ""
9686
9687
#: serverguide/C/reporting-bugs.xml:264(para)
9688
msgid ""
9689
"After an application crashes, use the <application>apport-cli</application> "
9690
"command to search for the existing saved crash report information:"
9691
msgstr ""
9692
9693
#: serverguide/C/reporting-bugs.xml:271(command)
9694
msgid "apport-cli"
9695
msgstr ""
9696
9697
#: serverguide/C/reporting-bugs.xml:270(screen)
9698
#, no-wrap
9699
msgid ""
9700
"\n"
9701
"<placeholder-1/>\n"
9702
"\n"
9703
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9704
"\n"
9705
"If you were not doing anything confidential (entering passwords or other\n"
9706
"private information), you can help to improve the application by\n"
9707
"reporting\n"
9708
"the problem.\n"
9709
"\n"
9710
"What would you like to do? Your options are:\n"
9711
" R: Report Problem...\n"
9712
" I: Cancel and ignore future crashes of this program version\n"
9713
" C: Cancel\n"
9714
"Please choose (R/I/C):\n"
9715
msgstr ""
9716
9717
#: serverguide/C/reporting-bugs.xml:287(para)
9718
msgid ""
9719
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9720
"steps as when using ubuntu-bug. One important difference is that a crash "
9721
"report will be marked as private when filed on Launchpad, meaning that it "
9722
"will be visible to only a limited set of bug triagers. These triagers will "
9723
"review the gathered data for private information before making the bug "
9724
"report publicly visible."
9725
msgstr ""
9726
9727
#: serverguide/C/reporting-bugs.xml:307(para)
9728
msgid ""
9729
"See the <ulink "
9730
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9731
"Bugs</ulink> Ubuntu wiki page."
9732
msgstr ""
9733
9734
#: serverguide/C/reporting-bugs.xml:313(para)
9735
msgid ""
9736
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9737
"has some useful information. Though some of it pertains to using a GUI."
8632
9738
msgstr ""
8633
9739
8634
9740
#: serverguide/C/remote-administration.xml:13(title)
8865
9971
msgstr ""
8866
9972
8867
9973
#: serverguide/C/remote-administration.xml:196(command)
8868
msgid "chmod 644 .ssh/authorized_keys"
9974
msgid "chmod 600 .ssh/authorized_keys"
8869
9975
msgstr ""
8870
9976
8871
9977
#: serverguide/C/remote-administration.xml:198(para)
8874
9980
"password."
8875
9981
msgstr ""
8876
9982
8877
#: serverguide/C/remote-administration.xml:205(ulink)
9983
#: serverguide/C/remote-administration.xml:207(para)
9984
msgid ""
9985
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
9986
"page."
9987
msgstr ""
9988
9989
#: serverguide/C/remote-administration.xml:213(ulink)
8878
9990
msgid "OpenSSH Website"
8879
9991
msgstr ""
8880
9992
8881
#: serverguide/C/remote-administration.xml:208(ulink)
9993
#: serverguide/C/remote-administration.xml:218(ulink)
8882
9994
msgid "Advanced OpenSSH Wiki Page"
8883
9995
msgstr ""
8884
9996
8885
#: serverguide/C/remote-administration.xml:213(title)
9997
#: serverguide/C/remote-administration.xml:226(title)
8886
9998
msgid "eBox"
8887
9999
msgstr ""
8888
10000
8889
#: serverguide/C/remote-administration.xml:214(para)
10001
#: serverguide/C/remote-administration.xml:227(para)
8890
10002
msgid ""
8891
10003
"<application>eBox</application> is a web framework used to manage server "
8892
10004
"application configuration. The modular design of eBox allows you to pick and "
8893
10005
"choose which services you want to configure using eBox."
8894
10006
msgstr ""
8895
10007
8896
#: serverguide/C/remote-administration.xml:221(para)
10008
#: serverguide/C/remote-administration.xml:234(para)
8897
10009
msgid ""
8898
10010
"The different <application>eBox</application> modules are split into "
8899
10011
"different packages, allowing you to only install those necessary. One way to "
8900
10012
"view the available packages is to enter the following from a terminal:"
8901
10013
msgstr ""
8902
10014
8903
#: serverguide/C/remote-administration.xml:227(command)
10015
#: serverguide/C/remote-administration.xml:240(command)
8904
10016
msgid "apt-cache rdepends ebox | uniq"
8905
10017
msgstr ""
8906
10018
8907
#: serverguide/C/remote-administration.xml:229(para)
10019
#: serverguide/C/remote-administration.xml:242(para)
8908
10020
msgid ""
8909
10021
"To install the <application>ebox</application> package, which contains the "
8910
10022
"default modules, enter the following:"
8911
10023
msgstr ""
8912
10024
8913
#: serverguide/C/remote-administration.xml:234(command)
10025
#: serverguide/C/remote-administration.xml:247(command)
8914
10026
msgid "sudo apt-get install ebox"
8915
10027
msgstr ""
8916
10028
8917
#: serverguide/C/remote-administration.xml:237(para)
10029
#: serverguide/C/remote-administration.xml:250(para)
8918
10030
msgid ""
8919
10031
"During the installation you will be asked to supply a password for the ebox "
8920
10032
"user. After installing eBox the web interface can be accessed from: "
8921
10033
"<emphasis>https://yourserver/ebox</emphasis>."
8922
10034
msgstr ""
8923
10035
8924
#: serverguide/C/remote-administration.xml:246(para)
10036
#: serverguide/C/remote-administration.xml:259(para)
8925
10037
msgid ""
8926
10038
"An important thing to remember when using <application>eBox</application> is "
8927
10039
"that when configuring most modules there is a <emphasis>Change</emphasis> "
8931
10043
"<quote>Save changes</quote> link in the top right hand corner."
8932
10044
msgstr ""
8933
10045
8934
#: serverguide/C/remote-administration.xml:254(para)
10046
#: serverguide/C/remote-administration.xml:267(para)
8935
10047
msgid ""
8936
10048
"Once you make a change that requires a Save, the link will change from green "
8937
10049
"to red."
8938
10050
msgstr ""
8939
10051
8940
#: serverguide/C/remote-administration.xml:260(title)
10052
#: serverguide/C/remote-administration.xml:273(title)
8941
10053
msgid "eBox Modules"
8942
10054
msgstr ""
8943
10055
8944
#: serverguide/C/remote-administration.xml:261(para)
10056
#: serverguide/C/remote-administration.xml:274(para)
8945
10057
msgid ""
8946
10058
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
8947
10059
"new module is installed it will not be automatically enabled."
8948
10060
msgstr ""
8949
10061
8950
#: serverguide/C/remote-administration.xml:265(para)
10062
#: serverguide/C/remote-administration.xml:278(para)
8951
10063
msgid ""
8952
10064
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
8953
10065
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
8955
10067
"link."
8956
10068
msgstr ""
8957
10069
8958
#: serverguide/C/remote-administration.xml:271(title)
10070
#: serverguide/C/remote-administration.xml:284(title)
8959
10071
msgid "Default Modules"
8960
10072
msgstr ""
8961
10073
8962
#: serverguide/C/remote-administration.xml:272(para)
10074
#: serverguide/C/remote-administration.xml:285(para)
8963
10075
msgid ""
8964
10076
"This section provides a quick summary of the default "
8965
10077
"<application>eBox</application> modules."
8966
10078
msgstr ""
8967
10079
8968
#: serverguide/C/remote-administration.xml:278(para)
10080
#: serverguide/C/remote-administration.xml:291(para)
8969
10081
msgid ""
8970
10082
"<emphasis>System:</emphasis> contains options allowing configuration of "
8971
10083
"general eBox items."
8972
10084
msgstr ""
8973
10085
8974
#: serverguide/C/remote-administration.xml:284(para)
10086
#: serverguide/C/remote-administration.xml:297(para)
8975
10087
msgid ""
8976
10088
"<emphasis>General:</emphasis> allows you to set the language, port number, "
8977
10089
"and contains a change password form."
8978
10090
msgstr ""
8979
10091
8980
#: serverguide/C/remote-administration.xml:290(para)
10092
#: serverguide/C/remote-administration.xml:303(para)
8981
10093
msgid ""
8982
10094
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
8983
10095
"about disk usage."
8984
10096
msgstr ""
8985
10097
8986
#: serverguide/C/remote-administration.xml:296(para)
10098
#: serverguide/C/remote-administration.xml:309(para)
8987
10099
msgid ""
8988
10100
"<emphasis>Backup:</emphasis> is used to backup "
8989
10101
"<application>eBox</application> configuration information, and the "
8992
10104
"such as log files."
8993
10105
msgstr ""
8994
10106
8995
#: serverguide/C/remote-administration.xml:304(para)
10107
#: serverguide/C/remote-administration.xml:317(para)
8996
10108
msgid ""
8997
10109
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
8998
10110
msgstr ""
8999
10111
9000
#: serverguide/C/remote-administration.xml:309(para)
10112
#: serverguide/C/remote-administration.xml:322(para)
9001
10113
msgid ""
9002
10114
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
9003
10115
"when reporting bugs to the eBox developers."
9004
10116
msgstr ""
9005
10117
9006
#: serverguide/C/remote-administration.xml:317(para)
10118
#: serverguide/C/remote-administration.xml:330(para)
9007
10119
msgid ""
9008
10120
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9009
10121
"queried depending on the purge time configured."
9010
10122
msgstr ""
9011
10123
9012
#: serverguide/C/remote-administration.xml:323(para)
10124
#: serverguide/C/remote-administration.xml:336(para)
9013
10125
msgid ""
9014
10126
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9015
10127
"through rss, jabber, and log file."
9016
10128
msgstr ""
9017
10129
9018
#: serverguide/C/remote-administration.xml:330(emphasis)
10130
#: serverguide/C/remote-administration.xml:343(emphasis)
9019
10131
msgid "Available Events:"
9020
10132
msgstr ""
9021
10133
9022
#: serverguide/C/remote-administration.xml:334(para)
10134
#: serverguide/C/remote-administration.xml:347(para)
9023
10135
msgid ""
9024
10136
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9025
10137
"drops below a configured percentage, 10% by default."
9026
10138
msgstr ""
9027
10139
9028
#: serverguide/C/remote-administration.xml:340(para)
10140
#: serverguide/C/remote-administration.xml:353(para)
9029
10141
msgid ""
9030
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9031
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
10142
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10143
"has logged something."
9032
10144
msgstr ""
9033
10145
9034
#: serverguide/C/remote-administration.xml:346(para)
10146
#: serverguide/C/remote-administration.xml:359(para)
9035
10147
msgid ""
9036
10148
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9037
10149
"any issues arise."
9038
10150
msgstr ""
9039
10151
9040
#: serverguide/C/remote-administration.xml:352(para)
10152
#: serverguide/C/remote-administration.xml:365(para)
9041
10153
msgid ""
9042
10154
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9043
10155
"times in a short time period."
9044
10156
msgstr ""
9045
10157
9046
#: serverguide/C/remote-administration.xml:358(para)
10158
#: serverguide/C/remote-administration.xml:371(para)
9047
10159
msgid ""
9048
10160
"<emphasis>State:</emphasis> alerts on the state of "
9049
10161
"<application>eBox</application>, either up or down."
9050
10162
msgstr ""
9051
10163
9052
#: serverguide/C/remote-administration.xml:367(emphasis)
10164
#: serverguide/C/remote-administration.xml:380(emphasis)
9053
10165
msgid "Dispatchers:"
9054
10166
msgstr ""
9055
10167
9056
#: serverguide/C/remote-administration.xml:371(para)
10168
#: serverguide/C/remote-administration.xml:384(para)
9057
10169
msgid ""
9058
10170
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9059
10171
"<application>eBox</application> log file "
9060
10172
"<filename>/var/log/ebox/ebox.log</filename>."
9061
10173
msgstr ""
9062
10174
9063
#: serverguide/C/remote-administration.xml:378(para)
10175
#: serverguide/C/remote-administration.xml:391(para)
9064
10176
msgid ""
9065
10177
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9066
10178
"configure it by clicking on the <quote>Configure</quote> icon."
9067
10179
msgstr ""
9068
10180
9069
#: serverguide/C/remote-administration.xml:384(para)
10181
#: serverguide/C/remote-administration.xml:397(para)
9070
10182
msgid ""
9071
10183
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9072
10184
"subscribe to the link in order to view event alerts."
9073
10185
msgstr ""
9074
10186
9075
#: serverguide/C/remote-administration.xml:397(title)
10187
#: serverguide/C/remote-administration.xml:410(title)
9076
10188
msgid "Additional Modules"
9077
10189
msgstr ""
9078
10190
9079
#: serverguide/C/remote-administration.xml:398(para)
10191
#: serverguide/C/remote-administration.xml:411(para)
9080
10192
msgid ""
9081
10193
"Here is a quick description of other available "
9082
10194
"<application>eBox</application> modules:"
9083
10195
msgstr ""
9084
10196
9085
#: serverguide/C/remote-administration.xml:403(para)
10197
#: serverguide/C/remote-administration.xml:416(para)
9086
10198
msgid ""
9087
10199
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9088
10200
"options through eBox."
9089
10201
msgstr ""
9090
10202
9091
#: serverguide/C/remote-administration.xml:409(para)
10203
#: serverguide/C/remote-administration.xml:422(para)
9092
10204
msgid ""
9093
10205
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9094
10206
msgstr ""
9095
10207
9096
#: serverguide/C/remote-administration.xml:414(para)
10208
#: serverguide/C/remote-administration.xml:427(para)
9097
10209
msgid ""
9098
10210
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9099
10211
"groups contained in an <application>OpenLDAP</application> LDAP directory."
9100
10212
msgstr ""
9101
10213
9102
#: serverguide/C/remote-administration.xml:420(para)
10214
#: serverguide/C/remote-administration.xml:433(para)
9103
10215
msgid ""
9104
10216
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9105
10217
"server."
9106
10218
msgstr ""
9107
10219
9108
#: serverguide/C/remote-administration.xml:425(para)
10220
#: serverguide/C/remote-administration.xml:438(para)
9109
10221
msgid ""
9110
10222
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9111
10223
"server configuration options."
9112
10224
msgstr ""
9113
10225
9114
#: serverguide/C/remote-administration.xml:431(para)
10226
#: serverguide/C/remote-administration.xml:444(para)
9115
10227
msgid ""
9116
10228
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9117
10229
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9118
10230
"group of IPs."
9119
10231
msgstr ""
9120
10232
9121
#: serverguide/C/remote-administration.xml:438(para)
10233
#: serverguide/C/remote-administration.xml:451(para)
9122
10234
msgid ""
9123
10235
"<emphasis>Services:</emphasis> displays configuration information for "
9124
10236
"services that are available to the network."
9125
10237
msgstr ""
9126
10238
9127
#: serverguide/C/remote-administration.xml:444(para)
10239
#: serverguide/C/remote-administration.xml:457(para)
9128
10240
msgid ""
9129
10241
"<emphasis>Squid:</emphasis> configuration options for the "
9130
10242
"<application>Squid</application> proxy server."
9131
10243
msgstr ""
9132
10244
9133
#: serverguide/C/remote-administration.xml:450(para)
10245
#: serverguide/C/remote-administration.xml:463(para)
9134
10246
msgid ""
9135
10247
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9136
10248
msgstr ""
9137
10249
9138
#: serverguide/C/remote-administration.xml:455(para)
10250
#: serverguide/C/remote-administration.xml:468(para)
9139
10251
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
9140
10252
msgstr ""
9141
10253
9142
#: serverguide/C/remote-administration.xml:460(para)
10254
#: serverguide/C/remote-administration.xml:473(para)
9143
10255
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
9144
10256
msgstr ""
9145
10257
9146
#: serverguide/C/remote-administration.xml:465(para)
10258
#: serverguide/C/remote-administration.xml:478(para)
9147
10259
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
9148
10260
msgstr ""
9149
10261
9150
#: serverguide/C/remote-administration.xml:470(para)
10262
#: serverguide/C/remote-administration.xml:483(para)
9151
10263
msgid ""
9152
10264
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9153
10265
"Network application."
9154
10266
msgstr ""
9155
10267
9156
#: serverguide/C/remote-administration.xml:481(para)
9157
msgid ""
9158
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9159
"Home Page</ulink>."
10268
#: serverguide/C/remote-administration.xml:494(para)
10269
msgid ""
10270
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10271
"Wiki</ulink> page has more details."
10272
msgstr ""
10273
10274
#: serverguide/C/remote-administration.xml:499(para)
10275
msgid ""
10276
"For more information also see the <ulink url=\"http://ebox-"
10277
"platform.com/\">eBox Home Page</ulink>."
9160
10278
msgstr ""
9161
10279
9162
10280
#: serverguide/C/package-management.xml:13(title)
9617
10735
msgid ""
9618
10736
"\n"
9619
10737
"Unattended-Upgrade::Allowed-Origins {\n"
9620
" \"Ubuntu karmic-security\";\n"
9621
"// \"Ubuntu karmic-updates\";\n"
10738
" \"Ubuntu lucid-security\";\n"
10739
"// \"Ubuntu lucid-updates\";\n"
9622
10740
"};\n"
9623
10741
msgstr ""
9624
10742
9649
10767
9650
10768
#: serverguide/C/package-management.xml:328(para)
9651
10769
msgid ""
10770
"To enable automatic updates, edit "
10771
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10772
"<application>apt</application> configuration options:"
10773
msgstr ""
10774
10775
#: serverguide/C/package-management.xml:332(programlisting)
10776
#, no-wrap
10777
msgid ""
10778
"\n"
10779
"APT::Periodic::Update-Package-Lists \"1\";\n"
10780
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10781
"APT::Periodic::AutocleanInterval \"7\";\n"
10782
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10783
msgstr ""
10784
10785
#: serverguide/C/package-management.xml:339(para)
10786
msgid ""
10787
"The above configuration updates the package list, downloads, and installs "
10788
"available upgrades every day. The local download archive is cleaned every "
10789
"week."
10790
msgstr ""
10791
10792
#: serverguide/C/package-management.xml:345(para)
10793
msgid ""
10794
"You can read more about <application>apt</application> Periodic "
10795
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10796
"header."
10797
msgstr ""
10798
10799
#: serverguide/C/package-management.xml:350(para)
10800
msgid ""
9652
10801
"The results of <application>unattended-upgrades</application> will be logged "
9653
10802
"to <filename>/var/log/unattended-upgrades</filename>."
9654
10803
msgstr ""
9655
10804
9656
#: serverguide/C/package-management.xml:333(title)
10805
#: serverguide/C/package-management.xml:355(title)
9657
10806
msgid "Notifications"
9658
10807
msgstr ""
9659
10808
9660
#: serverguide/C/package-management.xml:335(para)
10809
#: serverguide/C/package-management.xml:357(para)
9661
10810
msgid ""
9662
10811
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
9663
10812
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
9665
10814
"detailing any packages that need upgrading or have problems."
9666
10815
msgstr ""
9667
10816
9668
#: serverguide/C/package-management.xml:340(para)
10817
#: serverguide/C/package-management.xml:362(para)
9669
10818
msgid ""
9670
10819
"Another useful package is <application>apticron</application>. "
9671
10820
"<application>apticron</application> will configure a "
9672
10821
"<application>cron</application> job to email an administrator information "
9673
"about any packages on the system that need updated as well as a summary of "
9674
"changes in each package."
10822
"about any packages on the system that have updates available, as well as a "
10823
"summary of changes in each package."
9675
10824
msgstr ""
9676
10825
9677
#: serverguide/C/package-management.xml:346(para)
10826
#: serverguide/C/package-management.xml:368(para)
9678
10827
msgid ""
9679
10828
"To install the <application>apticron</application> package, in a terminal "
9680
10829
"enter:"
9681
10830
msgstr ""
9682
10831
9683
#: serverguide/C/package-management.xml:351(command)
10832
#: serverguide/C/package-management.xml:373(command)
9684
10833
msgid "sudo apt-get install apticron"
9685
10834
msgstr ""
9686
10835
9687
#: serverguide/C/package-management.xml:354(para)
10836
#: serverguide/C/package-management.xml:376(para)
9688
10837
msgid ""
9689
10838
"Once the package is installed edit "
9690
10839
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
9691
10840
"and other options:"
9692
10841
msgstr ""
9693
10842
9694
#: serverguide/C/package-management.xml:358(programlisting)
10843
#: serverguide/C/package-management.xml:380(programlisting)
9695
10844
#, no-wrap
9696
10845
msgid ""
9697
10846
"\n"
9698
10847
"EMAIL=\"root@example.com\"\n"
9699
10848
msgstr ""
9700
10849
9701
#: serverguide/C/package-management.xml:367(para)
10850
#: serverguide/C/package-management.xml:389(para)
9702
10851
msgid ""
9703
10852
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
9704
10853
"system repositories is stored in the /etc/apt/sources.list configuration "
9706
10855
"adding or removing repository references from the file."
9707
10856
msgstr ""
9708
10857
9709
#: serverguide/C/package-management.xml:373(para)
10858
#: serverguide/C/package-management.xml:395(para)
9710
10859
msgid ""
9711
10860
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
9712
10861
"typical <filename>/etc/apt/sources.list</filename> file."
9713
10862
msgstr ""
9714
10863
9715
#: serverguide/C/package-management.xml:377(para)
10864
#: serverguide/C/package-management.xml:399(para)
9716
10865
msgid ""
9717
10866
"You may edit the file to enable repositories or disable them. For example, "
9718
10867
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
9720
10869
"which appears at the top of the file:"
9721
10870
msgstr ""
9722
10871
9723
#: serverguide/C/package-management.xml:382(screen)
10872
#: serverguide/C/package-management.xml:404(screen)
9724
10873
#, no-wrap
9725
10874
msgid ""
9726
10875
"\n"
9727
10876
"# no more prompting for CD-ROM please\n"
9728
"# deb cdrom:[Ubuntu 9.10_Karmic_Koala - Release i386 (20070419.1)]/ karmic "
10877
"# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
9729
10878
"main restricted\n"
9730
10879
msgstr ""
9731
10880
9732
#: serverguide/C/package-management.xml:388(title)
10881
#: serverguide/C/package-management.xml:410(title)
9733
10882
msgid "Extra Repositories"
9734
10883
msgstr ""
9735
10884
9736
#: serverguide/C/package-management.xml:389(para)
10885
#: serverguide/C/package-management.xml:411(para)
9737
10886
msgid ""
9738
10887
"In addition to the officially supported package repositories available for "
9739
10888
"Ubuntu, there exist additional community-maintained repositories which add "
9744
10893
"which are safe for use with your Ubuntu computer."
9745
10894
msgstr ""
9746
10895
9747
#: serverguide/C/package-management.xml:392(para)
10896
#: serverguide/C/package-management.xml:414(para)
9748
10897
msgid ""
9749
10898
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
9750
10899
"licensing issues that prevent them from being distributed with a free "
9751
10900
"operating system, and they may be illegal in your locality."
9752
10901
msgstr ""
9753
10902
9754
#: serverguide/C/package-management.xml:394(para)
10903
#: serverguide/C/package-management.xml:416(para)
9755
10904
msgid ""
9756
10905
"Be advised that neither the <emphasis>Universe</emphasis> or "
9757
10906
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
9759
10908
"packages."
9760
10909
msgstr ""
9761
10910
9762
#: serverguide/C/package-management.xml:398(para)
10911
#: serverguide/C/package-management.xml:420(para)
9763
10912
msgid ""
9764
10913
"Many other package sources are available, sometimes even offering only one "
9765
10914
"package, as in the case of package sources provided by the developer of a "
9770
10919
"functional in some respects."
9771
10920
msgstr ""
9772
10921
9773
#: serverguide/C/package-management.xml:401(para)
10922
#: serverguide/C/package-management.xml:423(para)
9774
10923
msgid ""
9775
10924
"By default, the <emphasis>Universe</emphasis> and "
9776
10925
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
9778
10927
"comment the following lines:"
9779
10928
msgstr ""
9780
10929
9781
#: serverguide/C/package-management.xml:408(programlisting)
10930
#: serverguide/C/package-management.xml:430(programlisting)
9782
10931
#, no-wrap
9783
10932
msgid ""
9784
10933
"\n"
9785
"deb http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9786
"deb-src http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9787
"\n"
9788
"deb http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9789
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9790
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9791
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9792
"\n"
9793
"deb http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9794
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9795
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9796
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9797
"\n"
9798
"deb http://security.ubuntu.com/ubuntu karmic-security universe\n"
9799
"deb-src http://security.ubuntu.com/ubuntu karmic-security universe\n"
9800
"deb http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
9801
"deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
10934
"deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
10935
"deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
10936
"\n"
10937
"deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
10938
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
10939
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
10940
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
10941
"\n"
10942
"deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
10943
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
10944
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
10945
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
10946
"\n"
10947
"deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
10948
"deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
10949
"deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
10950
"deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
9802
10951
msgstr ""
9803
10952
9804
#: serverguide/C/package-management.xml:434(para)
10953
#: serverguide/C/package-management.xml:456(para)
9805
10954
msgid ""
9806
10955
"Most of the material covered in this chapter is available in "
9807
10956
"<application>man</application> pages, many of which are available online."
9808
10957
msgstr ""
9809
10958
9810
#: serverguide/C/package-management.xml:441(para)
10959
#: serverguide/C/package-management.xml:463(para)
10960
msgid ""
10961
"The <ulink "
10962
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10963
"re</ulink> Ubuntu wiki page has more information."
10964
msgstr ""
10965
10966
#: serverguide/C/package-management.xml:468(para)
9811
10967
msgid ""
9812
10968
"For more <application>dpkg</application> details see the <ulink "
9813
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/dpkg.1.html\">dpkg "
10969
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
9814
10970
"man page</ulink>."
9815
10971
msgstr ""
9816
10972
9817
#: serverguide/C/package-management.xml:447(para)
10973
#: serverguide/C/package-management.xml:474(para)
9818
10974
msgid ""
9819
10975
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
9820
10976
"HOWTO</ulink> and <ulink "
9821
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/apt-"
9822
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
9823
"<application>apt-get</application> usage."
10977
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
10978
"get man page</ulink> contain useful information regarding <application>apt-"
10979
"get</application> usage."
9824
10980
msgstr ""
9825
10981
9826
#: serverguide/C/package-management.xml:454(para)
10982
#: serverguide/C/package-management.xml:481(para)
9827
10983
msgid ""
9828
10984
"See the <ulink "
9829
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man8/aptitude.8.html\">aptit"
9830
"ude man page</ulink> for more <application>aptitude</application> options."
10985
"url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
10986
"de man page</ulink> for more <application>aptitude</application> options."
9831
10987
msgstr ""
9832
10988
9833
#: serverguide/C/package-management.xml:460(para)
10989
#: serverguide/C/package-management.xml:487(para)
9834
10990
msgid ""
9835
10991
"The <ulink "
9836
10992
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
9852
11008
msgstr ""
9853
11009
9854
11010
#: serverguide/C/other-apps.xml:23(title)
9855
msgid "Update MOTD"
11011
msgid "pam_motd"
9856
11012
msgstr ""
9857
11013
9858
11014
#: serverguide/C/other-apps.xml:25(para)
9873
11029
9874
11030
#: serverguide/C/other-apps.xml:40(para)
9875
11031
msgid ""
9876
"<emphasis>update-motd:</emphasis> is used to automatically update the MOTD "
9877
"via <application>cron</application>."
11032
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11033
"the MOTD via <application>pam_motd</application> module."
9878
11034
msgstr ""
9879
11035
9880
11036
#: serverguide/C/other-apps.xml:46(para)
9881
11037
msgid ""
9882
"The <application>update-motd</application> utility has several options to "
9883
"further customize the MOTD:"
11038
"<application>pam_motd</application> executes the scripts in "
11039
"<filename>/etc/update-motd.d</filename> in order based on the number "
11040
"prepended to the script. The output of the scripts is written to "
11041
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11042
"concatenated with <filename>/etc/motd.tail</filename>."
9884
11043
msgstr ""
9885
11044
9886
11045
#: serverguide/C/other-apps.xml:52(para)
9887
11046
msgid ""
9888
"<emphasis>--disable:</emphasis> prevents automatic updates of the MOTD. "
9889
"Using this option creates the <filename>/var/lib/update-"
9890
"motd/disabled</filename> file, which if present stops <application>update-"
9891
"motd</application> from modifying <filename>/etc/motd</filename>."
9892
msgstr ""
9893
9894
#: serverguide/C/other-apps.xml:59(para)
9895
msgid ""
9896
"<emphasis>--enable:</emphasis> enables the automatic MOTD updates. If "
9897
"<filename>/var/lib/update-motd</filename> is present it will be removed."
9898
msgstr ""
9899
9900
#: serverguide/C/other-apps.xml:65(para)
9901
msgid ""
9902
"<emphasis>--force:</emphasis> does a one time update of "
9903
"<filename>/etc/motd</filename>, overriding <application>update-"
9904
"motd</application> if it has been disabled."
9905
msgstr ""
9906
9907
#: serverguide/C/other-apps.xml:71(para)
9908
msgid ""
9909
"<emphasis>d, hourly, weekly, monthly:</emphasis> option will run the scripts "
9910
"in <filename>/etc/update-motd.d/</filename> (default), <filename>/etc/update-"
9911
"motd.d/hourly</filename>, <filename>/etc/update-motd.d/weekly</filename>, or "
9912
"<filename>/etc/update-motd.d/monthly</filename> respectively."
9913
msgstr ""
9914
9915
#: serverguide/C/other-apps.xml:79(para)
9916
msgid ""
9917
"<application>update-motd</application> executes the scripts in "
9918
"<filename>/etc/update-motd.d</filename> in order based on the number "
9919
"prepended to the script. Separate <application>cron</application> scripts "
9920
"execute every ten minutes, hourly, weekly, and monthly running the "
9921
"corresponding scripts in <filename>/etc/update-motd.d</filename>. The output "
9922
"of the scripts is written to <filename>/var/run/update-motd/</filename>, "
9923
"keeping the numerical order, then concatenated with "
9924
"<filename>/etc/motd.tail</filename> and written to "
9925
"<filename>/etc/motd</filename>."
9926
msgstr ""
9927
9928
#: serverguide/C/other-apps.xml:87(para)
9929
msgid ""
9930
11047
"You can add your own dynamic information to the MOTD. For example, to add "
9931
11048
"local weather information:"
9932
11049
msgstr ""
9933
11050
9934
#: serverguide/C/other-apps.xml:93(para)
11051
#: serverguide/C/other-apps.xml:58(para)
9935
11052
msgid "First, install the <application>weather-util</application> package:"
9936
11053
msgstr ""
9937
11054
9938
#: serverguide/C/other-apps.xml:98(command)
11055
#: serverguide/C/other-apps.xml:63(command)
9939
11056
msgid "sudo apt-get install weather-util"
9940
11057
msgstr ""
9941
11058
9942
#: serverguide/C/other-apps.xml:103(para)
11059
#: serverguide/C/other-apps.xml:68(para)
9943
11060
msgid ""
9944
11061
"The <application>weather</application> utility uses METAR data from the "
9945
11062
"National Oceanic and Atmospheric Administration and forecasts from the "
9949
11066
"Weather Service</ulink> site."
9950
11067
msgstr ""
9951
11068
9952
#: serverguide/C/other-apps.xml:110(para)
11069
#: serverguide/C/other-apps.xml:75(para)
9953
11070
msgid ""
9954
11071
"Although the National Weather Service is a United States government agency "
9955
11072
"there are weather stations available world wide. However, local weather "
9956
11073
"information for all locations outside the U.S. may not be available."
9957
11074
msgstr ""
9958
11075
9959
#: serverguide/C/other-apps.xml:116(para)
11076
#: serverguide/C/other-apps.xml:81(para)
9960
11077
msgid ""
9961
11078
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
9962
11079
"script to use <application>weather</application> with your local ICAO "
9963
11080
"indicator:"
9964
11081
msgstr ""
9965
11082
9966
#: serverguide/C/other-apps.xml:121(programlisting)
11083
#: serverguide/C/other-apps.xml:86(programlisting)
9967
11084
#, no-wrap
9968
11085
msgid ""
9969
11086
"\n"
9970
11087
"#!/bin/sh\n"
9971
"##########################################################################\n"
9972
"#\n"
9973
"# Prints the local weather to /var/run/update-motd/60-local-weather \n"
9974
"# for update-motd.\n"
9975
"#\n"
9976
"##########################################################################\n"
11088
"#\n"
11089
"#\n"
11090
"# Prints the local weather information for the MOTD.\n"
11091
"#\n"
11092
"#\n"
9977
11093
"\n"
9978
11094
"# Replace KINT with your local weather station.\n"
9979
11095
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
9980
11096
"\n"
9981
"echo \"\" > /var/run/update-motd/60-local-weather\n"
9982
"weather -i KINT >> /var/run/update-motd/60-local-weather\n"
11097
"echo\n"
11098
"weather -i KINT\n"
11099
"echo\n"
9983
11100
"\n"
9984
11101
msgstr ""
9985
11102
9986
#: serverguide/C/other-apps.xml:139(para)
11103
#: serverguide/C/other-apps.xml:104(para)
9987
11104
msgid "Make the script executable:"
9988
11105
msgstr ""
9989
11106
9990
#: serverguide/C/other-apps.xml:144(command)
11107
#: serverguide/C/other-apps.xml:109(command)
9991
11108
msgid "sudo chmod 755 /usr/local/bin/local-weather"
9992
11109
msgstr ""
9993
11110
9994
#: serverguide/C/other-apps.xml:148(para)
11111
#: serverguide/C/other-apps.xml:113(para)
9995
11112
msgid ""
9996
"Next, create a symlink to <filename>/etc/update-motd.d/60-local-"
11113
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
9997
11114
"weather</filename>:"
9998
11115
msgstr ""
9999
11116
10000
#: serverguide/C/other-apps.xml:153(command)
11117
#: serverguide/C/other-apps.xml:118(command)
10001
11118
msgid ""
10002
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
10003
msgstr ""
10004
10005
#: serverguide/C/other-apps.xml:157(para)
10006
msgid "Finally, update the MOTD:"
10007
msgstr ""
10008
10009
#: serverguide/C/other-apps.xml:162(command)
10010
msgid "sudo update-motd"
10011
msgstr ""
10012
10013
#: serverguide/C/other-apps.xml:167(para)
11119
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11120
msgstr ""
11121
11122
#: serverguide/C/other-apps.xml:122(para)
11123
msgid "Finally, exit the server and re-login to view the new MOTD."
11124
msgstr ""
11125
11126
#: serverguide/C/other-apps.xml:128(para)
10014
11127
msgid ""
10015
11128
"You should now be greeted with some useful information, and some information "
10016
11129
"about the local weather that may not be quite so useful. Hopefully the "
10017
11130
"<application>local-weather</application> example demonstrates the "
10018
"flexibility of <application>update-motd</application>."
11131
"flexibility of <application>pam_motd</application>."
10019
11132
msgstr ""
10020
11133
10021
#: serverguide/C/other-apps.xml:175(title)
11134
#: serverguide/C/other-apps.xml:136(title)
10022
11135
msgid "etckeeper"
10023
11136
msgstr ""
10024
11137
10025
#: serverguide/C/other-apps.xml:177(para)
11138
#: serverguide/C/other-apps.xml:138(para)
10026
11139
msgid ""
10027
11140
"<application>etckeeper</application> allows the contents of <filename "
10028
11141
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10034
11147
"possible."
10035
11148
msgstr ""
10036
11149
10037
#: serverguide/C/other-apps.xml:185(para)
11150
#: serverguide/C/other-apps.xml:146(para)
10038
11151
msgid ""
10039
11152
"Install <application>etckeeper</application> by entering the following in a "
10040
11153
"terminal:"
10041
11154
msgstr ""
10042
11155
10043
#: serverguide/C/other-apps.xml:190(command)
11156
#: serverguide/C/other-apps.xml:151(command)
10044
11157
msgid "sudo apt-get install etckeeper"
10045
11158
msgstr ""
10046
11159
10047
#: serverguide/C/other-apps.xml:193(para)
11160
#: serverguide/C/other-apps.xml:154(para)
10048
11161
msgid ""
10049
11162
"The main configuration file, "
10050
11163
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
10055
11168
"installation. It is possible to undo this by entering the following command:"
10056
11169
msgstr ""
10057
11170
10058
#: serverguide/C/other-apps.xml:203(command)
11171
#: serverguide/C/other-apps.xml:164(command)
10059
11172
msgid "sudo etckeeper uninit"
10060
11173
msgstr ""
10061
11174
10062
#: serverguide/C/other-apps.xml:206(para)
11175
#: serverguide/C/other-apps.xml:167(para)
10063
11176
msgid ""
10064
11177
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
10065
11178
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
10068
11181
"commit your changes manually, together with a commit message, using:"
10069
11182
msgstr ""
10070
11183
10071
#: serverguide/C/other-apps.xml:215(command)
11184
#: serverguide/C/other-apps.xml:176(command)
10072
11185
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
10073
11186
msgstr ""
10074
11187
10075
#: serverguide/C/other-apps.xml:218(para)
11188
#: serverguide/C/other-apps.xml:179(para)
10076
11189
msgid ""
10077
11190
"Using the VCS commands you can view log information about files in "
10078
11191
"<filename>/etc</filename>:"
10079
11192
msgstr ""
10080
11193
10081
#: serverguide/C/other-apps.xml:223(command)
11194
#: serverguide/C/other-apps.xml:184(command)
10082
11195
msgid "sudo bzr log /etc/passwd"
10083
11196
msgstr ""
10084
11197
10085
#: serverguide/C/other-apps.xml:226(para)
11198
#: serverguide/C/other-apps.xml:187(para)
10086
11199
msgid ""
10087
11200
"To demonstrate the integration with the package management system, install "
10088
11201
"<application>postfix</application>:"
10089
11202
msgstr ""
10090
11203
10091
#: serverguide/C/other-apps.xml:231(command) serverguide/C/mail.xml:45(command)
11204
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
10092
11205
msgid "sudo apt-get install postfix"
10093
11206
msgstr ""
10094
11207
10095
#: serverguide/C/other-apps.xml:234(para)
11208
#: serverguide/C/other-apps.xml:195(para)
10096
11209
msgid ""
10097
11210
"When the installation is finished, all the "
10098
11211
"<application>postfix</application> configuration files should be committed "
10099
11212
"to the repository:"
10100
11213
msgstr ""
10101
11214
10102
#: serverguide/C/other-apps.xml:240(computeroutput)
11215
#: serverguide/C/other-apps.xml:201(computeroutput)
10103
11216
#, no-wrap
10104
11217
msgid ""
10105
11218
"Committing to: /etc/\n"
10142
11255
"Committed revision 2."
10143
11256
msgstr ""
10144
11257
10145
#: serverguide/C/other-apps.xml:280(para)
11258
#: serverguide/C/other-apps.xml:241(para)
10146
11259
msgid ""
10147
11260
"For an example of how <application>etckeeper</application> tracks manual "
10148
11261
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10149
11262
"<application>bzr</application> you can see which files have been modified:"
10150
11263
msgstr ""
10151
11264
10152
#: serverguide/C/other-apps.xml:286(command)
11265
#: serverguide/C/other-apps.xml:247(command)
10153
11266
msgid "sudo bzr status /etc/"
10154
11267
msgstr ""
10155
11268
10156
#: serverguide/C/other-apps.xml:287(computeroutput)
11269
#: serverguide/C/other-apps.xml:248(computeroutput)
10157
11270
#, no-wrap
10158
11271
msgid ""
10159
11272
"modified:\n"
10160
11273
" hosts"
10161
11274
msgstr ""
10162
11275
10163
#: serverguide/C/other-apps.xml:291(para)
11276
#: serverguide/C/other-apps.xml:252(para)
10164
11277
msgid "Now commit the changes:"
10165
11278
msgstr ""
10166
11279
10167
#: serverguide/C/other-apps.xml:296(command)
11280
#: serverguide/C/other-apps.xml:257(command)
10168
11281
msgid "sudo etckeeper commit \"new host\""
10169
11282
msgstr ""
10170
11283
10171
#: serverguide/C/other-apps.xml:299(para)
11284
#: serverguide/C/other-apps.xml:260(para)
10172
11285
msgid ""
10173
11286
"For more information on <application>bzr</application> see <xref "
10174
11287
"linkend=\"bazaar\"/>."
10175
11288
msgstr ""
10176
11289
10177
#: serverguide/C/other-apps.xml:305(title)
10178
msgid "Screen Profiles"
11290
#: serverguide/C/other-apps.xml:266(title)
11291
msgid "Byobu"
10179
11292
msgstr ""
10180
11293
10181
#: serverguide/C/other-apps.xml:307(para)
11294
#: serverguide/C/other-apps.xml:268(para)
10182
11295
msgid ""
10183
11296
"One of the most useful applications for any system administrator is "
10184
11297
"<application>screen</application>. It allows the execution of multiple "
10185
11298
"shells in one terminal. To make some of the advanced "
10186
11299
"<application>screen</application> features more user friendly, and provide "
10187
"some useful information about the system, the <application>screen-"
10188
"profiles</application> package was created."
11300
"some useful information about the system, the "
11301
"<application>byobu</application> package was created."
10189
11302
msgstr ""
10190
11303
10191
#: serverguide/C/other-apps.xml:314(para)
11304
#: serverguide/C/other-apps.xml:275(para)
10192
11305
msgid ""
10193
"When executing <application>screen</application> for the first time you will "
10194
"be presented with the <application>screen-profiles-helper</application> "
10195
"menu. This menu will allow you to:"
11306
"When executing <application>byobu</application> pressing the "
11307
"<emphasis>F9</emphasis> key will bring up the "
11308
"<application>Configuration</application> menu. This menu will allow you to:"
10196
11309
msgstr ""
10197
11310
10198
#: serverguide/C/other-apps.xml:320(para)
11311
#: serverguide/C/other-apps.xml:281(para)
10199
11312
msgid "View the Help menu"
10200
11313
msgstr ""
10201
11314
10202
#: serverguide/C/other-apps.xml:321(para)
11315
#: serverguide/C/other-apps.xml:282(para)
11316
msgid "Change Byobu's background color"
11317
msgstr ""
11318
11319
#: serverguide/C/other-apps.xml:283(para)
11320
msgid "Change Byobu's foreground color"
11321
msgstr ""
11322
11323
#: serverguide/C/other-apps.xml:284(para)
11324
msgid "Toggle status notifications"
11325
msgstr ""
11326
11327
#: serverguide/C/other-apps.xml:285(para)
10203
11328
msgid "Change the key binding set"
10204
11329
msgstr ""
10205
11330
10206
#: serverguide/C/other-apps.xml:322(para)
10207
msgid "Change screen profiles"
10208
msgstr ""
10209
10210
#: serverguide/C/other-apps.xml:323(para)
11331
#: serverguide/C/other-apps.xml:286(para)
10211
11332
msgid "Change the escape sequence"
10212
11333
msgstr ""
10213
11334
10214
#: serverguide/C/other-apps.xml:324(para)
10215
msgid "Create new screen windows"
11335
#: serverguide/C/other-apps.xml:287(para)
11336
msgid "Create new windows"
10216
11337
msgstr ""
10217
11338
10218
#: serverguide/C/other-apps.xml:325(para)
11339
#: serverguide/C/other-apps.xml:288(para)
10219
11340
msgid "Manage the default windows"
10220
11341
msgstr ""
10221
11342
10222
#: serverguide/C/other-apps.xml:326(para)
10223
msgid "Install screen by default at login"
11343
#: serverguide/C/other-apps.xml:289(para)
11344
msgid "Byobu currently does not launch at login (toggle on)"
10224
11345
msgstr ""
10225
11346
10226
#: serverguide/C/other-apps.xml:329(para)
11347
#: serverguide/C/other-apps.xml:292(para)
10227
11348
msgid ""
10228
11349
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10229
11350
"sequence, new window, change window, etc. There are two key binding sets to "
10230
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10231
"you wish to use the original key bindings choose the "
11351
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11352
"keys</emphasis>. If you wish to use the original key bindings choose the "
10232
11353
"<emphasis>none</emphasis> set."
10233
11354
msgstr ""
10234
11355
10235
#: serverguide/C/other-apps.xml:335(para)
10236
msgid ""
10237
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10238
"displays the Ubuntu release, processor information, memory information, and "
10239
"the time and date. The effect is similar to a desktop menu. When a profile "
10240
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10241
"<application>select-screen-profile</application> utility can also be used to "
10242
"change profiles, in a terminal enter:"
10243
msgstr ""
10244
10245
#: serverguide/C/other-apps.xml:343(command)
10246
msgid "select-screen-profile -s ubuntu-light"
10247
msgstr ""
10248
10249
#: serverguide/C/other-apps.xml:346(para)
10250
msgid ""
10251
"The <emphasis>plain</emphasis> profile will change "
10252
"<application>screen</application> back to the defaults, which does not "
10253
"include the information menu at the bottom."
10254
msgstr ""
10255
10256
#: serverguide/C/other-apps.xml:351(para)
10257
msgid ""
10258
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10259
"will cause screen to be executed any time a terminal is opened. Changes made "
10260
"to <application>screen</application> are on a per user basis, and will not "
11356
#: serverguide/C/other-apps.xml:298(para)
11357
msgid ""
11358
"<application>byobu</application> provides a menu which displays the Ubuntu "
11359
"release, processor information, memory information, and the time and date. "
11360
"The effect is similar to a desktop menu."
11361
msgstr ""
11362
11363
#: serverguide/C/other-apps.xml:303(para)
11364
msgid ""
11365
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11366
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11367
"executed any time a terminal is opened. Changes made to "
11368
"<application>byobu</application> are on a per user basis, and will not "
10261
11369
"affect other users on the system."
10262
11370
msgstr ""
10263
11371
10264
#: serverguide/C/other-apps.xml:356(para)
11372
#: serverguide/C/other-apps.xml:309(para)
10265
11373
msgid ""
10266
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10267
"mode. If you are using one of the Ubuntu profiles press the "
10268
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10269
"scrollback mode. Scrollback mode allows you to navigate past output using "
10270
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
10271
"commands:"
11374
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11375
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11376
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11377
"commands. Here is a quick list of movement commands:"
10272
11378
msgstr ""
10273
11379
10274
#: serverguide/C/other-apps.xml:363(para)
11380
#: serverguide/C/other-apps.xml:316(para)
10275
11381
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
10276
11382
msgstr ""
10277
11383
10278
#: serverguide/C/other-apps.xml:364(para)
11384
#: serverguide/C/other-apps.xml:317(para)
10279
11385
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
10280
11386
msgstr ""
10281
11387
10282
#: serverguide/C/other-apps.xml:365(para)
11388
#: serverguide/C/other-apps.xml:318(para)
10283
11389
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
10284
11390
msgstr ""
10285
11391
10286
#: serverguide/C/other-apps.xml:366(para)
11392
#: serverguide/C/other-apps.xml:319(para)
10287
11393
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
10288
11394
msgstr ""
10289
11395
10290
#: serverguide/C/other-apps.xml:367(para)
11396
#: serverguide/C/other-apps.xml:320(para)
10291
11397
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
10292
11398
msgstr ""
10293
11399
10294
#: serverguide/C/other-apps.xml:368(para)
11400
#: serverguide/C/other-apps.xml:321(para)
10295
11401
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
10296
11402
msgstr ""
10297
11403
10298
#: serverguide/C/other-apps.xml:369(para)
11404
#: serverguide/C/other-apps.xml:322(para)
10299
11405
msgid ""
10300
11406
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10301
11407
"the buffer)"
10302
11408
msgstr ""
10303
11409
10304
#: serverguide/C/other-apps.xml:370(para)
10305
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
10306
msgstr ""
10307
10308
#: serverguide/C/other-apps.xml:371(para)
10309
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
10310
msgstr ""
10311
10312
#: serverguide/C/other-apps.xml:372(para)
10313
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
10314
msgstr ""
10315
10316
#: serverguide/C/other-apps.xml:373(para)
10317
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
10318
msgstr ""
10319
10320
#: serverguide/C/other-apps.xml:374(para)
11410
#: serverguide/C/other-apps.xml:323(para)
10321
11411
msgid "<emphasis>/</emphasis> - Search forward"
10322
11412
msgstr ""
10323
11413
10324
#: serverguide/C/other-apps.xml:375(para)
11414
#: serverguide/C/other-apps.xml:324(para)
10325
11415
msgid "<emphasis>?</emphasis> - Search backward"
10326
11416
msgstr ""
10327
11417
10328
#: serverguide/C/other-apps.xml:376(para)
11418
#: serverguide/C/other-apps.xml:325(para)
10329
11419
msgid ""
10330
11420
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10331
11421
msgstr ""
10332
11422
10333
#: serverguide/C/other-apps.xml:385(para)
11423
#: serverguide/C/other-apps.xml:334(para)
10334
11424
msgid ""
10335
11425
"See the <ulink "
10336
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10337
"motd.1.html\">update-motd man page</ulink> for more options available to "
11426
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11427
"update-motd man page</ulink> for more options available to "
10338
11428
"<application>update-motd</application>."
10339
11429
msgstr ""
10340
11430
10341
#: serverguide/C/other-apps.xml:391(para)
11431
#: serverguide/C/other-apps.xml:340(para)
10342
11432
msgid ""
10343
11433
"The Debian Package of the Day <ulink "
10344
11434
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10346
11436
"details about using the <application>weather</application>utility."
10347
11437
msgstr ""
10348
11438
10349
#: serverguide/C/other-apps.xml:398(para)
11439
#: serverguide/C/other-apps.xml:347(para)
10350
11440
msgid ""
10351
11441
"See the <ulink "
10352
11442
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
10353
11443
"more details on using <application>etckeeper</application>."
10354
11444
msgstr ""
10355
11445
10356
#: serverguide/C/other-apps.xml:404(para)
11446
#: serverguide/C/other-apps.xml:353(para)
11447
msgid ""
11448
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11449
"Ubuntu Wiki</ulink> page."
11450
msgstr ""
11451
11452
#: serverguide/C/other-apps.xml:358(para)
10357
11453
msgid ""
10358
11454
"For the latest news and information about <application>bzr</application> see "
10359
11455
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
10360
11456
msgstr ""
10361
11457
10362
#: serverguide/C/other-apps.xml:409(para)
11458
#: serverguide/C/other-apps.xml:363(para)
10363
11459
msgid ""
10364
11460
"For more information on <application>screen</application> see the <ulink "
10365
11461
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
10366
11462
msgstr ""
10367
11463
10368
#: serverguide/C/other-apps.xml:414(para)
10369
msgid ""
10370
"Also, see the <application>screen-profiles</application><ulink "
10371
"url=\"https://launchpad.net/screen-profiles\">project page</ulink> for more "
11464
#: serverguide/C/other-apps.xml:368(para)
11465
msgid ""
11466
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11467
"screen</ulink> page."
11468
msgstr ""
11469
11470
#: serverguide/C/other-apps.xml:373(para)
11471
msgid ""
11472
"Also, see the <application>byobu</application><ulink "
11473
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
10372
11474
"information."
10373
11475
msgstr ""
10374
11476
10375
#: serverguide/C/network-config.xml:13(title)
10376
msgid "Networking"
10377
msgstr ""
10378
10379
11477
#: serverguide/C/network-config.xml:14(para)
10380
11478
msgid ""
10381
11479
"Networks consist of two or more devices, such as computer systems, printers, "
10391
11489
"discussion of popular network protocols."
10392
11490
msgstr ""
10393
11491
10394
#: serverguide/C/network-config.xml:26(title)
11492
#: serverguide/C/network-config.xml:27(title)
10395
11493
msgid "Network Configuration"
10396
11494
msgstr ""
10397
11495
10398
#: serverguide/C/network-config.xml:27(para)
11496
#: serverguide/C/network-config.xml:28(para)
10399
11497
msgid ""
10400
11498
"Ubuntu ships with a number of graphical utilities to configure your network "
10401
11499
"devices. This document is geared toward server administrators and will focus "
10402
11500
"on managing your network on the command line."
10403
11501
msgstr ""
10404
11502
10405
#: serverguide/C/network-config.xml:33(title)
10406
msgid "Ethernet"
10407
msgstr ""
10408
10409
#: serverguide/C/network-config.xml:34(para)
10410
msgid ""
10411
"Most Ethernet configuration is centralized in a single file, "
10412
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10413
"devices, only the loopback interface will appear in this file, and it will "
10414
"look something like this:"
10415
msgstr ""
10416
10417
#: serverguide/C/network-config.xml:40(programlisting)
10418
#, no-wrap
10419
msgid ""
10420
"\n"
10421
"# This file describes the network interfaces available on your system\n"
10422
"# and how to activate them. For more information, see interfaces(5).\n"
10423
"\n"
10424
"# The loopback network interface\n"
10425
"auto lo\n"
10426
"iface lo inet loopback\n"
10427
"address 127.0.0.1\n"
10428
"netmask 255.0.0.0\n"
10429
msgstr ""
10430
10431
#: serverguide/C/network-config.xml:50(para)
10432
msgid ""
10433
"If you have only one Ethernet device, eth0, and it gets its configuration "
10434
"from a DHCP server, and it should come up automatically at boot, only two "
10435
"additional lines are required:"
10436
msgstr ""
10437
10438
#: serverguide/C/network-config.xml:55(programlisting)
11503
#: serverguide/C/network-config.xml:35(title)
11504
msgid "Ethernet Interfaces"
11505
msgstr ""
11506
11507
#: serverguide/C/network-config.xml:36(para)
11508
msgid ""
11509
"Ethernet interfaces are identified by the system using the naming convention "
11510
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11511
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11512
"interface is typically identified as <emphasis "
11513
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11514
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11515
"order."
11516
msgstr ""
11517
11518
#: serverguide/C/network-config.xml:46(title)
11519
msgid "Identify Ethernet Interfaces"
11520
msgstr ""
11521
11522
#: serverguide/C/network-config.xml:47(para)
11523
msgid ""
11524
"To quickly identify all available Ethernet interfaces, you can use the "
11525
"<application>ifconfig</application> command as shown below."
11526
msgstr ""
11527
11528
#: serverguide/C/network-config.xml:52(userinput)
11529
#, no-wrap
11530
msgid "ifconfig -a | grep eth"
11531
msgstr ""
11532
11533
#: serverguide/C/network-config.xml:51(screen)
11534
#, no-wrap
11535
msgid ""
11536
"\n"
11537
"<placeholder-1/>\n"
11538
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11539
msgstr ""
11540
11541
#: serverguide/C/network-config.xml:55(para)
11542
msgid ""
11543
"Another application that can help identify all network interfaces available "
11544
"to your system is the <application>lshw</application> command. In the "
11545
"example below, <application>lshw</application> shows a single Ethernet "
11546
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11547
"along with bus information, driver details and all supported capabilities."
11548
msgstr ""
11549
11550
#: serverguide/C/network-config.xml:62(userinput)
11551
#, no-wrap
11552
msgid "sudo lshw -class network"
11553
msgstr ""
11554
11555
#: serverguide/C/network-config.xml:61(screen)
11556
#, no-wrap
11557
msgid ""
11558
"\n"
11559
"<placeholder-1/>\n"
11560
" *-network\n"
11561
" description: Ethernet interface\n"
11562
" product: BCM4401-B0 100Base-TX\n"
11563
" vendor: Broadcom Corporation\n"
11564
" physical id: 0\n"
11565
" bus info: pci@0000:03:00.0\n"
11566
" logical name: eth0\n"
11567
" version: 02\n"
11568
" serial: 00:15:c5:4a:16:5a\n"
11569
" size: 10MB/s\n"
11570
" capacity: 100MB/s\n"
11571
" width: 32 bits\n"
11572
" clock: 33MHz\n"
11573
" capabilities: (snipped for brevity)\n"
11574
" configuration: (snipped for brevity)\n"
11575
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11576
msgstr ""
11577
11578
#: serverguide/C/network-config.xml:83(title)
11579
msgid "Ethernet Interface Logical Names"
11580
msgstr ""
11581
11582
#: serverguide/C/network-config.xml:84(para)
11583
msgid ""
11584
"Interface logical names are configured in the file "
11585
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11586
"like control which interface receives a particular logical name, find the "
11587
"line matching the interfaces physical MAC address and modify the value of "
11588
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11589
"Reboot the system to commit your changes."
11590
msgstr ""
11591
11592
#: serverguide/C/network-config.xml:92(programlisting)
11593
#, no-wrap
11594
msgid ""
11595
"\n"
11596
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11597
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11598
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11599
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11600
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11601
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11602
msgstr ""
11603
11604
#: serverguide/C/network-config.xml:99(title)
11605
msgid "Ethernet Interface Settings"
11606
msgstr ""
11607
11608
#: serverguide/C/network-config.xml:100(para)
11609
msgid ""
11610
"<application>ethtool</application> is a program that displays and changes "
11611
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11612
"and Wake-on-LAN. It is not installed by default, but is available for "
11613
"installation in the repositories."
11614
msgstr ""
11615
11616
#: serverguide/C/network-config.xml:106(userinput)
11617
#, no-wrap
11618
msgid "sudo apt-get install ethtool"
11619
msgstr ""
11620
11621
#: serverguide/C/network-config.xml:108(para)
11622
msgid ""
11623
"The following is an example of how to view supported features and configured "
11624
"settings of an Ethernet interface."
11625
msgstr ""
11626
11627
#: serverguide/C/network-config.xml:113(userinput)
11628
#, no-wrap
11629
msgid "sudo ethtool eth0"
11630
msgstr ""
11631
11632
#: serverguide/C/network-config.xml:112(screen)
11633
#, no-wrap
11634
msgid ""
11635
"\n"
11636
"<placeholder-1/>\n"
11637
"Settings for eth0:\n"
11638
" Supported ports: [ TP ]\n"
11639
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11640
" 100baseT/Half 100baseT/Full \n"
11641
" 1000baseT/Half 1000baseT/Full \n"
11642
" Supports auto-negotiation: Yes\n"
11643
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11644
" 100baseT/Half 100baseT/Full \n"
11645
" 1000baseT/Half 1000baseT/Full \n"
11646
" Advertised auto-negotiation: Yes\n"
11647
" Speed: 1000Mb/s\n"
11648
" Duplex: Full\n"
11649
" Port: Twisted Pair\n"
11650
" PHYAD: 1\n"
11651
" Transceiver: internal\n"
11652
" Auto-negotiation: on\n"
11653
" Supports Wake-on: g\n"
11654
" Wake-on: d\n"
11655
" Current message level: 0x000000ff (255)\n"
11656
" Link detected: yes\n"
11657
msgstr ""
11658
11659
#: serverguide/C/network-config.xml:135(para)
11660
msgid ""
11661
"Changes made with the <application>ethtool</application> command are "
11662
"temporary and will be lost after a reboot. If you would like to retain "
11663
"settings, simply add the desired <application>ethtool</application> command "
11664
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11665
"configuration file <filename>/etc/network/interfaces</filename>."
11666
msgstr ""
11667
11668
#: serverguide/C/network-config.xml:141(para)
11669
msgid ""
11670
"The following is an example of how the interface identified as <emphasis "
11671
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11672
"speed of 1000Mb/s running in full duplex mode."
11673
msgstr ""
11674
11675
#: serverguide/C/network-config.xml:145(programlisting)
11676
#, no-wrap
11677
msgid ""
11678
"\n"
11679
"auto eth0\n"
11680
"iface eth0 inet static\n"
11681
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11682
msgstr ""
11683
11684
#: serverguide/C/network-config.xml:151(para)
11685
msgid ""
11686
"Although the example above shows the interface configured to use the "
11687
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11688
"other methods as well, such as DHCP. The example is meant to demonstrate "
11689
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11690
"statement in relation to the rest of the interface configuration."
11691
msgstr ""
11692
11693
#: serverguide/C/network-config.xml:163(title)
11694
msgid "IP Addressing"
11695
msgstr ""
11696
11697
#: serverguide/C/network-config.xml:164(para)
11698
msgid ""
11699
"The following section describes the process of configuring your systems IP "
11700
"address and default gateway needed for communicating on a local area network "
11701
"and the Internet."
11702
msgstr ""
11703
11704
#: serverguide/C/network-config.xml:171(title)
11705
msgid "Temporary IP Address Assignment"
11706
msgstr ""
11707
11708
#: serverguide/C/network-config.xml:172(para)
11709
msgid ""
11710
"For temporary network configurations, you can use standard commands such as "
11711
"<application>ip</application>, <application>ifconfig</application> and "
11712
"<application>route</application>, which are also found on most other "
11713
"GNU/Linux operating systems. These commands allow you to configure settings "
11714
"which take effect immediately, however they are not persistent and will be "
11715
"lost after a reboot."
11716
msgstr ""
11717
11718
#: serverguide/C/network-config.xml:180(para)
11719
msgid ""
11720
"To temporarily configure an IP address, you can use the "
11721
"<application>ifconfig</application> command in the following manner. Just "
11722
"modify the IP address and subnet mask to match your network requirements."
11723
msgstr ""
11724
11725
#: serverguide/C/network-config.xml:186(userinput)
11726
#, no-wrap
11727
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11728
msgstr ""
11729
11730
#: serverguide/C/network-config.xml:188(para)
11731
msgid ""
11732
"To verify the IP address configuration of <application>eth0</application>, "
11733
"you can use the <application>ifconfig</application> command in the following "
11734
"manner."
11735
msgstr ""
11736
11737
#: serverguide/C/network-config.xml:193(userinput)
11738
#, no-wrap
11739
msgid "ifconfig eth0"
11740
msgstr ""
11741
11742
#: serverguide/C/network-config.xml:192(screen)
11743
#, no-wrap
11744
msgid ""
11745
"\n"
11746
"<placeholder-1/>\n"
11747
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11748
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11749
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11750
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11751
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11752
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11753
" collisions:0 txqueuelen:1000 \n"
11754
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11755
" Interrupt:16 \n"
11756
msgstr ""
11757
11758
#: serverguide/C/network-config.xml:204(para)
11759
msgid ""
11760
"To configure a default gateway, you can use the "
11761
"<application>route</application> command in the following manner. Modify the "
11762
"default gateway address to match your network requirements."
11763
msgstr ""
11764
11765
#: serverguide/C/network-config.xml:210(userinput)
11766
#, no-wrap
11767
msgid "sudo route add default gw 10.0.0.1 eth0"
11768
msgstr ""
11769
11770
#: serverguide/C/network-config.xml:212(para)
11771
msgid ""
11772
"To verify your default gateway configuration, you can use the "
11773
"<application>route</application> command in the following manner."
11774
msgstr ""
11775
11776
#: serverguide/C/network-config.xml:217(userinput)
11777
#, no-wrap
11778
msgid "route -n"
11779
msgstr ""
11780
11781
#: serverguide/C/network-config.xml:216(screen)
11782
#, no-wrap
11783
msgid ""
11784
"\n"
11785
"<placeholder-1/>\n"
11786
"Kernel IP routing table\n"
11787
"Destination Gateway Genmask Flags Metric Ref Use "
11788
"Iface\n"
11789
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11790
"eth0\n"
11791
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11792
"eth0\n"
11793
msgstr ""
11794
11795
#: serverguide/C/network-config.xml:223(para)
11796
msgid ""
11797
"If you require DNS for your temporary network configuration, you can add DNS "
11798
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11799
"example below shows how to enter two DNS servers to "
11800
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11801
"appropriate for your network. A more lengthy description of DNS client "
11802
"configuration is in a following section."
11803
msgstr ""
11804
11805
#: serverguide/C/network-config.xml:230(programlisting)
11806
#, no-wrap
11807
msgid ""
11808
"\n"
11809
"nameserver 8.8.8.8\n"
11810
"nameserver 8.8.4.4\n"
11811
msgstr ""
11812
11813
#: serverguide/C/network-config.xml:234(para)
11814
msgid ""
11815
"If you no longer need this configuration and wish to purge all IP "
11816
"configuration from an interface, you can use the "
11817
"<application>ip</application> command with the flush option as shown below."
11818
msgstr ""
11819
11820
#: serverguide/C/network-config.xml:240(userinput)
11821
#, no-wrap
11822
msgid "ip addr flush eth0"
11823
msgstr ""
11824
11825
#: serverguide/C/network-config.xml:243(para)
11826
msgid ""
11827
"Flushing the IP configuration using the <application>ip</application> "
11828
"command does not clear the contents of "
11829
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11830
"entries manually."
11831
msgstr ""
11832
11833
#: serverguide/C/network-config.xml:251(title)
11834
msgid "Dynamic IP Address Assignment (DHCP Client)"
11835
msgstr ""
11836
11837
#: serverguide/C/network-config.xml:252(para)
11838
msgid ""
11839
"To configure your server to use DHCP for dynamic address assignment, add the "
11840
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11841
"statement for the appropriate interface in the file "
11842
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11843
"are configuring your first Ethernet interface identified as <emphasis "
11844
"role=\"italic\">eth0</emphasis>."
11845
msgstr ""
11846
11847
#: serverguide/C/network-config.xml:259(programlisting)
10439
11848
#, no-wrap
10440
11849
msgid ""
10441
11850
"\n"
10443
11852
"iface eth0 inet dhcp\n"
10444
11853
msgstr ""
10445
11854
10446
#: serverguide/C/network-config.xml:59(para)
10447
msgid ""
10448
"The first line specifies that the eth0 device should come up automatically "
10449
"when you boot. The second line means that interface (<quote>iface</quote>) "
10450
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10451
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10452
"configuration automatically from DHCP. Assuming your network and DHCP server "
10453
"are properly configured, this machine's network should need no further "
10454
"configuration to operate properly. The DHCP server will provide the default "
10455
"gateway (implemented via the <application>route</application> command), the "
10456
"device's IP address (implemented via the <application>ifconfig</application> "
10457
"command), and DNS servers used on the network (implemented in the "
10458
"<filename>/etc/resolv.conf</filename> file.)"
10459
msgstr ""
10460
10461
#: serverguide/C/network-config.xml:72(para)
10462
msgid ""
10463
"To configure your Ethernet device with a static IP address and custom "
10464
"configuration, some more information will be required. Suppose you want to "
10465
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10466
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10467
"You would enter something like this into "
10468
"<filename>/etc/network/interfaces</filename>:"
10469
msgstr ""
10470
10471
#: serverguide/C/network-config.xml:79(programlisting)
10472
#, no-wrap
10473
msgid ""
10474
"\n"
10475
"iface eth1 inet static\n"
10476
"\taddress 192.168.0.2\n"
10477
"\tnetmask 255.255.255.0\n"
10478
"\tgateway 192.168.0.1\n"
10479
msgstr ""
10480
10481
#: serverguide/C/network-config.xml:85(para)
10482
msgid ""
10483
"In this case, you will need to specify your DNS servers manually in "
10484
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10485
msgstr ""
10486
10487
#: serverguide/C/network-config.xml:89(programlisting)
10488
#, no-wrap
10489
msgid ""
10490
"\n"
10491
"search mydomain.example\n"
10492
"nameserver 192.168.0.1\n"
10493
"nameserver 4.2.2.2\n"
10494
msgstr ""
10495
10496
#: serverguide/C/network-config.xml:94(para)
10497
msgid ""
10498
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10499
"mydomain.example to hostname queries in an attempt to resolve names to your "
10500
"network. For example, if your network's domain is mydomain.example and you "
10501
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10502
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10503
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10504
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10505
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10506
"and secondary DNS servers to use, and enter them into "
10507
"<filename>/etc/resolv.conf</filename> as shown above."
10508
msgstr ""
10509
10510
#: serverguide/C/network-config.xml:106(para)
10511
msgid ""
10512
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10513
"networking, VPN devices, etc. Refer to <application>man 5 "
10514
"interfaces</application> for more information and supported options. "
10515
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10516
"<application>ifup</application>/<application>ifdown</application> scripts as "
10517
"a higher level configuration scheme than may be used in some other Linux "
10518
"distributions, and that the traditional, lower level utilities such as "
10519
"<application>ifconfig</application>, <application>route</application>, and "
10520
"<application>dhclient</application> are still available to you for ad hoc "
10521
"configurations."
10522
msgstr ""
10523
10524
#: serverguide/C/network-config.xml:120(title)
10525
msgid "Managing DNS Entries"
10526
msgstr ""
10527
10528
#: serverguide/C/network-config.xml:121(para)
10529
msgid ""
10530
"This section explains how to configure which nameserver to use when "
10531
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10532
"to configure the system as a name server."
10533
msgstr ""
10534
10535
#: serverguide/C/network-config.xml:126(para)
10536
msgid ""
10537
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10538
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10539
msgstr ""
10540
10541
#: serverguide/C/network-config.xml:130(programlisting)
10542
#, no-wrap
10543
msgid ""
10544
"\n"
10545
"search com\n"
10546
"nameserver 204.11.126.131\n"
10547
"nameserver 64.125.134.133\n"
10548
"nameserver 64.125.134.132\n"
10549
"nameserver 208.185.179.218\n"
10550
msgstr ""
10551
10552
#: serverguide/C/network-config.xml:138(para)
10553
msgid ""
10554
"The <application>search</application> key specifies the string which will be "
10555
"appended to an incomplete hostname. Here, we have configured it to "
10556
"<application>com</application>. So, when we run: <command>ping "
10557
"ubuntu</command> it would be interpreted as <command>ping "
10558
"ubuntu.com</command>."
10559
msgstr ""
10560
10561
#: serverguide/C/network-config.xml:146(para)
10562
msgid ""
10563
"The <application>nameserver</application> key specifies the nameserver IP "
10564
"address. It will be used to resolve a given IP address or hostname. This "
10565
"file can have multiple nameserver entries. The nameservers will be used by "
10566
"the network query in the same order."
10567
msgstr ""
10568
10569
#: serverguide/C/network-config.xml:155(para)
10570
msgid ""
10571
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10572
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10573
"will be overwritten."
10574
msgstr ""
10575
10576
#: serverguide/C/network-config.xml:164(title)
10577
msgid "Managing Hosts"
10578
msgstr ""
10579
10580
#: serverguide/C/network-config.xml:165(para)
10581
msgid ""
10582
"To manage hosts, you can add, edit, or remove hosts from "
10583
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10584
"their corresponding hostnames. When your system tries to resolve a hostname "
10585
"to an IP address or determine the hostname for an IP address, it refers to "
10586
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10587
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10588
"name servers are not used. This behavior can be modified by editing "
10589
"<filename>/etc/nsswitch.conf</filename> at your peril."
10590
msgstr ""
10591
10592
#: serverguide/C/network-config.xml:178(para)
10593
msgid ""
10594
"If your network contains computers whose IP addresses are not listed in DNS, "
10595
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10596
"file."
10597
msgstr ""
10598
10599
#: serverguide/C/network-config.xml:186(title)
11855
#: serverguide/C/network-config.xml:263(para)
11856
msgid ""
11857
"By adding an interface configuration as shown above, you can manually enable "
11858
"the interface through the <application>ifup</application> command which "
11859
"initiates the DHCP process via <application>dhclient</application>."
11860
msgstr ""
11861
11862
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11863
#, no-wrap
11864
msgid "sudo ifup eth0"
11865
msgstr ""
11866
11867
#: serverguide/C/network-config.xml:271(para)
11868
msgid ""
11869
"To manually disable the interface, you can use the "
11870
"<application>ifdown</application> command, which in turn will initiate the "
11871
"DHCP release process and shut down the interface."
11872
msgstr ""
11873
11874
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11875
#, no-wrap
11876
msgid "sudo ifdown eth0"
11877
msgstr ""
11878
11879
#: serverguide/C/network-config.xml:282(title)
11880
msgid "Static IP Address Assignment"
11881
msgstr ""
11882
11883
#: serverguide/C/network-config.xml:283(para)
11884
msgid ""
11885
"To configure your system to use a static IP address assignment, add the "
11886
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11887
"family statement for the appropriate interface in the file "
11888
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11889
"are configuring your first Ethernet interface identified as <emphasis "
11890
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11891
"role=\"italic\">address</emphasis>, <emphasis "
11892
"role=\"italic\">netmask</emphasis>, and <emphasis "
11893
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11894
"network."
11895
msgstr ""
11896
11897
#: serverguide/C/network-config.xml:292(programlisting)
11898
#, no-wrap
11899
msgid ""
11900
"\n"
11901
"auto eth0\n"
11902
"iface eth0 inet static\n"
11903
"address 10.0.0.100\n"
11904
"netmask 255.255.255.0\n"
11905
"gateway 10.0.0.1\n"
11906
msgstr ""
11907
11908
#: serverguide/C/network-config.xml:299(para)
11909
msgid ""
11910
"By adding an interface configuration as shown above, you can manually enable "
11911
"the interface through the <application>ifup</application> command."
11912
msgstr ""
11913
11914
#: serverguide/C/network-config.xml:306(para)
11915
msgid ""
11916
"To manually disable the interface, you can use the "
11917
"<application>ifdown</application> command."
11918
msgstr ""
11919
11920
#: serverguide/C/network-config.xml:316(title)
11921
msgid "Loopback Interface"
11922
msgstr ""
11923
11924
#: serverguide/C/network-config.xml:317(para)
11925
msgid ""
11926
"The loopback interface is identified by the system as <emphasis "
11927
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11928
"can be viewed using the ifconfig command."
11929
msgstr ""
11930
11931
#: serverguide/C/network-config.xml:322(userinput)
11932
#, no-wrap
11933
msgid "ifconfig lo"
11934
msgstr ""
11935
11936
#: serverguide/C/network-config.xml:321(screen)
11937
#, no-wrap
11938
msgid ""
11939
"\n"
11940
"<placeholder-1/>\n"
11941
"lo Link encap:Local Loopback \n"
11942
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11943
" inet6 addr: ::1/128 Scope:Host\n"
11944
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11945
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11946
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11947
" collisions:0 txqueuelen:0 \n"
11948
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11949
msgstr ""
11950
11951
#: serverguide/C/network-config.xml:332(para)
11952
msgid ""
11953
"By default, there should be two lines in "
11954
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11955
"configuring your loopback interface. It is recommended that you keep the "
11956
"default settings unless you have a specific purpose for changing them. An "
11957
"example of the two default lines are shown below."
11958
msgstr ""
11959
11960
#: serverguide/C/network-config.xml:338(programlisting)
11961
#, no-wrap
11962
msgid ""
11963
"\n"
11964
"auto lo\n"
11965
"iface lo inet loopback\n"
11966
msgstr ""
11967
11968
#: serverguide/C/network-config.xml:347(title)
11969
msgid "Name Resolution"
11970
msgstr ""
11971
11972
#: serverguide/C/network-config.xml:348(para)
11973
msgid ""
11974
"Name resolution as it relates to IP networking is the process of mapping IP "
11975
"addresses to hostnames, making it easier to identify resources on a network. "
11976
"The following section will explain how to properly configure your system for "
11977
"name resolution using DNS and static hostname records."
11978
msgstr ""
11979
11980
#: serverguide/C/network-config.xml:356(title)
11981
msgid "DNS Client Configuration"
11982
msgstr ""
11983
11984
#: serverguide/C/network-config.xml:357(para)
11985
msgid ""
11986
"To configure your system to use DNS for name resolution, add the IP "
11987
"addresses of the DNS servers that are appropriate for your network in the "
11988
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11989
"suffix search-lists to match your network domain names."
11990
msgstr ""
11991
11992
#: serverguide/C/network-config.xml:362(para)
11993
msgid ""
11994
"Below is an example of a typical configuration of "
11995
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
11996
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
11997
msgstr ""
11998
11999
#: serverguide/C/network-config.xml:367(programlisting)
12000
#, no-wrap
12001
msgid ""
12002
"\n"
12003
"search example.com\n"
12004
"nameserver 8.8.8.8\n"
12005
"nameserver 8.8.4.4\n"
12006
msgstr ""
12007
12008
#: serverguide/C/network-config.xml:372(para)
12009
msgid ""
12010
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12011
"multiple domain names so that DNS queries will be appended in the order in "
12012
"which they are entered. For example, your network may have multiple sub-"
12013
"domains to search; a parent domain of <emphasis "
12014
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12015
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12016
"role=\"italic\">dev.example.com</emphasis>."
12017
msgstr ""
12018
12019
#: serverguide/C/network-config.xml:380(para)
12020
msgid ""
12021
"If you have multiple domains you wish to search, your configuration might "
12022
"look like the following."
12023
msgstr ""
12024
12025
#: serverguide/C/network-config.xml:383(programlisting)
12026
#, no-wrap
12027
msgid ""
12028
"\n"
12029
"search example.com sales.example.com dev.example.com\n"
12030
"nameserver 8.8.8.8\n"
12031
"nameserver 8.8.4.4\n"
12032
msgstr ""
12033
12034
#: serverguide/C/network-config.xml:388(para)
12035
msgid ""
12036
"If you try to ping a host with the name of <emphasis "
12037
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12038
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12039
msgstr ""
12040
12041
#: serverguide/C/network-config.xml:394(para)
12042
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12043
msgstr ""
12044
12045
#: serverguide/C/network-config.xml:399(para)
12046
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12047
msgstr ""
12048
12049
#: serverguide/C/network-config.xml:404(para)
12050
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12051
msgstr ""
12052
12053
#: serverguide/C/network-config.xml:409(para)
12054
msgid ""
12055
"If no matches are found, the DNS server will provide a result of <emphasis "
12056
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12057
msgstr ""
12058
12059
#: serverguide/C/network-config.xml:416(title)
12060
msgid "Static Hostnames"
12061
msgstr ""
12062
12063
#: serverguide/C/network-config.xml:417(para)
12064
msgid ""
12065
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12066
"file <filename>/etc/hosts</filename>. Entries in the "
12067
"<filename>hosts</filename> file will have precedence over DNS by default. "
12068
"This means that if your system tries to resolve a hostname and it matches an "
12069
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12070
"some configurations, especially when Internet access is not required, "
12071
"servers that communicate with a limited number of resources can be "
12072
"conveniently set to use static hostnames instead of DNS."
12073
msgstr ""
12074
12075
#: serverguide/C/network-config.xml:424(para)
12076
msgid ""
12077
"The following is an example of a <filename>hosts</filename> file where a "
12078
"number of local servers have been identified by simple hostnames, aliases "
12079
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12080
msgstr ""
12081
12082
#: serverguide/C/network-config.xml:428(programlisting)
12083
#, no-wrap
12084
msgid ""
12085
"\n"
12086
"127.0.0.1\tlocalhost\n"
12087
"127.0.1.1\tubuntu-server\n"
12088
"10.0.0.11\tserver1 vpn server1.example.com\n"
12089
"10.0.0.12\tserver2 mail server2.example.com\n"
12090
"10.0.0.13\tserver3 www server3.example.com\n"
12091
"10.0.0.14\tserver4 file server4.example.com\n"
12092
msgstr ""
12093
12094
#: serverguide/C/network-config.xml:437(para)
12095
msgid ""
12096
"In the above example, notice that each of the servers have been given "
12097
"aliases in addition to their proper names and FQDN's. <emphasis "
12098
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12099
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12100
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12101
"role=\"italic\">server3</emphasis> as <emphasis "
12102
"role=\"italic\">www</emphasis>, and <emphasis "
12103
"role=\"italic\">server4</emphasis> as <emphasis "
12104
"role=\"italic\">file</emphasis>."
12105
msgstr ""
12106
12107
#: serverguide/C/network-config.xml:449(title)
12108
msgid "Name Service Switch Configuration"
12109
msgstr ""
12110
12111
#: serverguide/C/network-config.xml:450(para)
12112
msgid ""
12113
"The order in which your system selects a method of resolving hostnames to IP "
12114
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12115
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12116
"section, typically static hostnames defined in the systems "
12117
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12118
"from DNS. The following is an example of the line responsible for this order "
12119
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12120
msgstr ""
12121
12122
#: serverguide/C/network-config.xml:458(programlisting)
12123
#, no-wrap
12124
msgid ""
12125
"\n"
12126
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12127
msgstr ""
12128
12129
#: serverguide/C/network-config.xml:464(para)
12130
msgid ""
12131
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12132
"hostnames located in <filename>/etc/hosts</filename>."
12133
msgstr ""
12134
12135
#: serverguide/C/network-config.xml:470(para)
12136
msgid ""
12137
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12138
"name using Multicast DNS."
12139
msgstr ""
12140
12141
#: serverguide/C/network-config.xml:475(para)
12142
msgid ""
12143
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12144
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12145
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12146
"authoritative and that the system should not try to continue hunting for an "
12147
"answer."
12148
msgstr ""
12149
12150
#: serverguide/C/network-config.xml:483(para)
12151
msgid ""
12152
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12153
msgstr ""
12154
12155
#: serverguide/C/network-config.xml:488(para)
12156
msgid ""
12157
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12158
msgstr ""
12159
12160
#: serverguide/C/network-config.xml:494(para)
12161
msgid ""
12162
"To modify the order of the above mentioned name resolution methods, you can "
12163
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12164
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12165
"versus Multicast DNS, you can change the string in "
12166
"<filename>/etc/nsswitch.conf</filename> as shown below."
12167
msgstr ""
12168
12169
#: serverguide/C/network-config.xml:501(programlisting)
12170
#, no-wrap
12171
msgid ""
12172
"\n"
12173
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12174
msgstr ""
12175
12176
#: serverguide/C/network-config.xml:508(title)
10600
12177
msgid "Bridging"
10601
12178
msgstr ""
10602
12179
10603
#: serverguide/C/network-config.xml:188(para)
12180
#: serverguide/C/network-config.xml:510(para)
10604
12181
msgid ""
10605
12182
"Bridging multiple interfaces is a more advanced configuration, but is very "
10606
12183
"useful in multiple scenarios. One scenario is setting up a bridge with "
10610
12187
"The following example covers the latter scenario."
10611
12188
msgstr ""
10612
12189
10613
#: serverguide/C/network-config.xml:195(para)
12190
#: serverguide/C/network-config.xml:517(para)
10614
12191
msgid ""
10615
12192
"Before configuring a bridge you will need to install the <application>bridge-"
10616
12193
"utils</application> package. To install the package, in a terminal enter:"
10617
12194
msgstr ""
10618
12195
10619
#: serverguide/C/network-config.xml:201(command)
12196
#: serverguide/C/network-config.xml:523(command)
10620
12197
msgid "sudo apt-get install bridge-utils"
10621
12198
msgstr ""
10622
12199
10623
#: serverguide/C/network-config.xml:204(para)
12200
#: serverguide/C/network-config.xml:526(para)
10624
12201
msgid ""
10625
12202
"Next, configure the bridge by editing "
10626
12203
"<filename>/etc/network/interfaces</filename>:"
10627
12204
msgstr ""
10628
12205
10629
#: serverguide/C/network-config.xml:208(programlisting)
12206
#: serverguide/C/network-config.xml:530(programlisting)
10630
12207
#, no-wrap
10631
12208
msgid ""
10632
12209
"\n"
10647
12224
" bridge_stp off\n"
10648
12225
msgstr ""
10649
12226
10650
#: serverguide/C/network-config.xml:227(para)
12227
#: serverguide/C/network-config.xml:549(para)
10651
12228
msgid "Enter the appropriate values for your physical interface and network."
10652
12229
msgstr ""
10653
12230
10654
#: serverguide/C/network-config.xml:232(para)
12231
#: serverguide/C/network-config.xml:554(para)
10655
12232
msgid "Now restart networking to enable the bridge interface:"
10656
12233
msgstr ""
10657
12234
10658
#: serverguide/C/network-config.xml:239(para)
12235
#: serverguide/C/network-config.xml:561(para)
10659
12236
msgid ""
10660
12237
"The new bridge interface should now be up and running. The "
10661
12238
"<application>brctl</application> provides useful information about the state "
10663
12240
"<command>man brctl</command> for more information."
10664
12241
msgstr ""
10665
12242
10666
#: serverguide/C/network-config.xml:255(para)
12243
#: serverguide/C/network-config.xml:577(para)
12244
msgid ""
12245
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12246
"Network page</ulink> has links to articles covering more advanced network "
12247
"configuration."
12248
msgstr ""
12249
12250
#: serverguide/C/network-config.xml:583(para)
10667
12251
msgid ""
10668
12252
"The <ulink "
10669
"url=\"http://manpages.ubuntu.com/manpages/karmic/en/man5/interfaces.5.html\">"
10670
"interfaces man page</ulink> has details on more options for "
12253
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
12254
"nterfaces man page</ulink> has details on more options for "
10671
12255
"<filename>/etc/network/interfaces</filename>."
10672
12256
msgstr ""
10673
12257
10674
#: serverguide/C/network-config.xml:261(para)
12258
#: serverguide/C/network-config.xml:589(para)
12259
msgid ""
12260
"The <ulink "
12261
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
12262
"lient man page</ulink> has details on more options for configuring DHCP "
12263
"client settings."
12264
msgstr ""
12265
12266
#: serverguide/C/network-config.xml:595(para)
10675
12267
msgid ""
10676
12268
"For more information on DNS client configuration see the <ulink "
10677
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/resolver.5.html\">re"
10678
"solver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12269
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
12270
"olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
10679
12271
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
10680
12272
"Administrator's Guide</ulink> is a good source of resolver and name service "
10681
12273
"configuration information."
10682
12274
msgstr ""
10683
12275
10684
#: serverguide/C/network-config.xml:269(para)
12276
#: serverguide/C/network-config.xml:603(para)
10685
12277
msgid ""
10686
12278
"For more information on <emphasis>bridging</emphasis> see the <ulink "
10687
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/brctl.8.html\">brctl"
10688
" man page</ulink> and the Linux Foundation's <ulink "
12279
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
12280
"man page</ulink> and the Linux Foundation's <ulink "
10689
12281
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
10690
12282
msgstr ""
10691
12283
10692
#: serverguide/C/network-config.xml:280(title)
12284
#: serverguide/C/network-config.xml:614(title)
10693
12285
msgid "TCP/IP"
10694
12286
msgstr ""
10695
12287
10696
#: serverguide/C/network-config.xml:281(para)
12288
#: serverguide/C/network-config.xml:615(para)
10697
12289
msgid ""
10698
12290
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
10699
12291
"standard set of protocols developed in the late 1970s by the Defense "
10703
12295
"network protocols on Earth."
10704
12296
msgstr ""
10705
12297
10706
#: serverguide/C/network-config.xml:289(title)
12298
#: serverguide/C/network-config.xml:623(title)
10707
12299
msgid "TCP/IP Introduction"
10708
12300
msgstr ""
10709
12301
10710
#: serverguide/C/network-config.xml:290(para)
12302
#: serverguide/C/network-config.xml:624(para)
10711
12303
msgid ""
10712
12304
"The two protocol components of TCP/IP deal with different aspects of "
10713
12305
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
10722
12314
"host."
10723
12315
msgstr ""
10724
12316
10725
#: serverguide/C/network-config.xml:303(title)
12317
#: serverguide/C/network-config.xml:637(title)
10726
12318
msgid "TCP/IP Configuration"
10727
12319
msgstr ""
10728
12320
10729
#: serverguide/C/network-config.xml:304(para)
12321
#: serverguide/C/network-config.xml:638(para)
10730
12322
msgid ""
10731
12323
"The TCP/IP protocol configuration consists of several elements which must be "
10732
12324
"set by editing the appropriate configuration files, or deploying solutions "
10737
12329
"system."
10738
12330
msgstr ""
10739
12331
10740
#: serverguide/C/network-config.xml:316(para)
12332
#: serverguide/C/network-config.xml:650(para)
10741
12333
msgid ""
10742
12334
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
10743
12335
"identifying string expressed as four decimal numbers ranging from zero (0) "
10747
12339
"<emphasis>dotted quad notation</emphasis>."
10748
12340
msgstr ""
10749
12341
10750
#: serverguide/C/network-config.xml:326(para)
12342
#: serverguide/C/network-config.xml:660(para)
10751
12343
msgid ""
10752
12344
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
10753
12345
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
10758
12350
"remain available for specifying hosts on the subnetwork."
10759
12351
msgstr ""
10760
12352
10761
#: serverguide/C/network-config.xml:337(para)
12353
#: serverguide/C/network-config.xml:671(para)
10762
12354
msgid ""
10763
12355
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
10764
12356
"represents the bytes comprising the network portion of an IP address. For "
10771
12363
"network and a zero (0) for all the possible hosts on the network."
10772
12364
msgstr ""
10773
12365
10774
#: serverguide/C/network-config.xml:350(para)
12366
#: serverguide/C/network-config.xml:684(para)
10775
12367
msgid ""
10776
12368
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
10777
12369
"is an IP address which allows network data to be sent simultaneously to all "
10785
12377
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
10786
12378
msgstr ""
10787
12379
10788
#: serverguide/C/network-config.xml:363(para)
12380
#: serverguide/C/network-config.xml:697(para)
10789
12381
msgid ""
10790
12382
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
10791
12383
"IP address through which a particular network, or host on a network, may be "
10798
12390
"not be able to reach any hosts beyond those on the same network."
10799
12391
msgstr ""
10800
12392
10801
#: serverguide/C/network-config.xml:374(para)
12393
#: serverguide/C/network-config.xml:708(para)
10802
12394
msgid ""
10803
12395
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
10804
12396
"represent the IP addresses of Domain Name Service (DNS) systems, which "
10814
12406
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
10815
12407
msgstr ""
10816
12408
10817
#: serverguide/C/network-config.xml:388(para)
12409
#: serverguide/C/network-config.xml:722(para)
10818
12410
msgid ""
10819
12411
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
10820
12412
"Address are typically specified via the appropriate directives in the file "
10826
12418
"typed at a terminal prompt:"
10827
12419
msgstr ""
10828
12420
10829
#: serverguide/C/network-config.xml:395(para)
12421
#: serverguide/C/network-config.xml:729(para)
10830
12422
msgid ""
10831
12423
"Access the system manual page for <filename>interfaces</filename> with the "
10832
12424
"following command:"
10833
12425
msgstr ""
10834
12426
10835
#: serverguide/C/network-config.xml:400(command)
12427
#: serverguide/C/network-config.xml:734(command)
10836
12428
msgid "man interfaces"
10837
12429
msgstr ""
10838
12430
10839
#: serverguide/C/network-config.xml:403(para)
12431
#: serverguide/C/network-config.xml:737(para)
10840
12432
msgid ""
10841
12433
"Access the system manual page for <filename>resolv.conf</filename> with the "
10842
12434
"following command:"
10843
12435
msgstr ""
10844
12436
10845
#: serverguide/C/network-config.xml:407(command)
12437
#: serverguide/C/network-config.xml:741(command)
10846
12438
msgid "man resolv.conf"
10847
12439
msgstr ""
10848
12440
10849
#: serverguide/C/network-config.xml:312(para)
12441
#: serverguide/C/network-config.xml:646(para)
10850
12442
msgid ""
10851
12443
"The common configuration elements of TCP/IP and their purposes are as "
10852
12444
"follows: <placeholder-1/>"
10853
12445
msgstr ""
10854
12446
10855
#: serverguide/C/network-config.xml:414(title)
12447
#: serverguide/C/network-config.xml:748(title)
10856
12448
msgid "IP Routing"
10857
12449
msgstr ""
10858
12450
10859
#: serverguide/C/network-config.xml:415(para)
12451
#: serverguide/C/network-config.xml:749(para)
10860
12452
msgid ""
10861
12453
"IP routing is a means of specifying and discovering paths in a TCP/IP "
10862
12454
"network along which network data may be sent. Routing uses a set of "
10867
12459
"<emphasis>Dynamic Routing.</emphasis>"
10868
12460
msgstr ""
10869
12461
10870
#: serverguide/C/network-config.xml:424(para)
12462
#: serverguide/C/network-config.xml:758(para)
10871
12463
msgid ""
10872
12464
"Static routing involves manually adding IP routes to the system's routing "
10873
12465
"table, and this is usually done by manipulating the routing table with the "
10882
12474
"and failures along the route due to the fixed nature of the route."
10883
12475
msgstr ""
10884
12476
10885
#: serverguide/C/network-config.xml:434(para)
12477
#: serverguide/C/network-config.xml:768(para)
10886
12478
msgid ""
10887
12479
"Dynamic routing depends on large networks with multiple possible IP routes "
10888
12480
"from a source to a destination and makes use of special routing protocols, "
10899
12491
"immediately benefit the end users, but still consumes network bandwidth."
10900
12492
msgstr ""
10901
12493
10902
#: serverguide/C/network-config.xml:448(title)
12494
#: serverguide/C/network-config.xml:782(title)
10903
12495
msgid "TCP and UDP"
10904
12496
msgstr ""
10905
12497
10906
#: serverguide/C/network-config.xml:449(para)
12498
#: serverguide/C/network-config.xml:783(para)
10907
12499
msgid ""
10908
12500
"TCP is a connection-based protocol, offering error correction and guaranteed "
10909
12501
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
10914
12506
"important information such as database transactions."
10915
12507
msgstr ""
10916
12508
10917
#: serverguide/C/network-config.xml:457(para)
12509
#: serverguide/C/network-config.xml:791(para)
10918
12510
msgid ""
10919
12511
"The User Datagram Protocol (UDP), on the other hand, is a "
10920
12512
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
10925
12517
"loss of a few packets is not generally catastrophic."
10926
12518
msgstr ""
10927
12519
10928
#: serverguide/C/network-config.xml:467(title)
12520
#: serverguide/C/network-config.xml:801(title)
10929
12521
msgid "ICMP"
10930
12522
msgstr ""
10931
12523
10932
#: serverguide/C/network-config.xml:468(para)
12524
#: serverguide/C/network-config.xml:802(para)
10933
12525
msgid ""
10934
12526
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
10935
12527
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
10942
12534
"<emphasis>Time Exceeded</emphasis>."
10943
12535
msgstr ""
10944
12536
10945
#: serverguide/C/network-config.xml:478(title)
12537
#: serverguide/C/network-config.xml:812(title)
10946
12538
msgid "Daemons"
10947
12539
msgstr ""
10948
12540
10949
#: serverguide/C/network-config.xml:479(para)
12541
#: serverguide/C/network-config.xml:813(para)
10950
12542
msgid ""
10951
12543
"Daemons are special system applications which typically execute continuously "
10952
12544
"in the background and await requests for the functions they provide from "
10960
12552
"Daemon</emphasis> (imapd), which provides E-Mail services."
10961
12553
msgstr ""
10962
12554
10963
#: serverguide/C/network-config.xml:494(para)
12555
#: serverguide/C/network-config.xml:828(para)
10964
12556
msgid ""
10965
12557
"There are man pages for <ulink "
10966
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/tcp.7.html\">TCP</ul"
10967
"ink> and <ulink "
10968
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man7/ip.7.html\">IP</ulink> "
12558
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
12559
"nk> and <ulink "
12560
"url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
10969
12561
"that contain more useful information."
10970
12562
msgstr ""
10971
12563
10972
#: serverguide/C/network-config.xml:500(para)
12564
#: serverguide/C/network-config.xml:834(para)
10973
12565
msgid ""
10974
12566
"Also, see the <ulink "
10975
12567
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
10976
12568
"and Technical Overview</ulink> IBM Redbook."
10977
12569
msgstr ""
10978
12570
10979
#: serverguide/C/network-config.xml:506(para)
12571
#: serverguide/C/network-config.xml:840(para)
10980
12572
msgid ""
10981
12573
"Another resource is O'Reilly's <ulink "
10982
12574
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
10983
12575
"Administration</ulink>."
10984
12576
msgstr ""
10985
12577
10986
#: serverguide/C/network-config.xml:515(title)
12578
#: serverguide/C/network-config.xml:849(title)
10987
12579
msgid "Dynamic Host Configuration Protocol (DHCP)"
10988
12580
msgstr ""
10989
12581
10990
#: serverguide/C/network-config.xml:516(para)
12582
#: serverguide/C/network-config.xml:850(para)
10991
12583
msgid ""
10992
12584
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
10993
12585
"enables host computers to be automatically assigned settings from a server "
10996
12588
"DHCP server, and the configuration is transparent to the computer's user."
10997
12589
msgstr ""
10998
12590
10999
#: serverguide/C/network-config.xml:523(para)
12591
#: serverguide/C/network-config.xml:857(para)
11000
12592
msgid ""
11001
12593
"The most common settings provided by a DHCP server to DHCP clients include:"
11002
12594
msgstr ""
11003
12595
11004
#: serverguide/C/network-config.xml:528(para)
12596
#: serverguide/C/network-config.xml:862(para)
11005
12597
msgid "IP-Address and Netmask"
11006
12598
msgstr ""
11007
12599
11008
#: serverguide/C/network-config.xml:531(para)
12600
#: serverguide/C/network-config.xml:865(para)
11009
12601
msgid "DNS"
11010
12602
msgstr ""
11011
12603
11012
#: serverguide/C/network-config.xml:534(para)
12604
#: serverguide/C/network-config.xml:868(para)
11013
12605
msgid "WINS"
11014
12606
msgstr ""
11015
12607
11016
#: serverguide/C/network-config.xml:537(para)
12608
#: serverguide/C/network-config.xml:871(para)
11017
12609
msgid ""
11018
12610
"However, a DHCP server can also supply configuration properties such as:"
11019
12611
msgstr ""
11020
12612
11021
#: serverguide/C/network-config.xml:542(para)
12613
#: serverguide/C/network-config.xml:876(para)
11022
12614
msgid "Host Name"
11023
12615
msgstr ""
11024
12616
11025
#: serverguide/C/network-config.xml:545(para)
12617
#: serverguide/C/network-config.xml:879(para)
11026
12618
msgid "Domain Name"
11027
12619
msgstr ""
11028
12620
11029
#: serverguide/C/network-config.xml:548(para)
12621
#: serverguide/C/network-config.xml:882(para)
11030
12622
msgid "Default Gateway"
11031
12623
msgstr ""
11032
12624
11033
#: serverguide/C/network-config.xml:551(para)
12625
#: serverguide/C/network-config.xml:885(para)
11034
12626
msgid "Time Server"
11035
12627
msgstr ""
11036
12628
11037
#: serverguide/C/network-config.xml:554(para)
12629
#: serverguide/C/network-config.xml:888(para)
11038
12630
msgid "Print Server"
11039
12631
msgstr ""
11040
12632
11041
#: serverguide/C/network-config.xml:557(para)
12633
#: serverguide/C/network-config.xml:891(para)
11042
12634
msgid ""
11043
12635
"The advantage of using DHCP is that changes to the network, for example a "
11044
12636
"change in the address of the DNS server, need only be changed at the DHCP "
11049
12641
"also reduced."
11050
12642
msgstr ""
11051
12643
11052
#: serverguide/C/network-config.xml:565(para)
12644
#: serverguide/C/network-config.xml:899(para)
11053
12645
msgid "A DHCP server can provide configuration settings using two methods:"
11054
12646
msgstr ""
11055
12647
11056
#: serverguide/C/network-config.xml:570(term)
12648
#: serverguide/C/network-config.xml:904(term)
11057
12649
msgid "MAC Address"
11058
12650
msgstr ""
11059
12651
11060
#: serverguide/C/network-config.xml:572(para)
12652
#: serverguide/C/network-config.xml:906(para)
11061
12653
msgid ""
11062
12654
"This method entails using DHCP to identify the unique hardware address of "
11063
12655
"each network card connected to the network and then continually supplying a "
11065
12657
"server using that network device."
11066
12658
msgstr ""
11067
12659
11068
#: serverguide/C/network-config.xml:581(term)
12660
#: serverguide/C/network-config.xml:915(term)
11069
12661
msgid "Address Pool"
11070
12662
msgstr ""
11071
12663
11072
#: serverguide/C/network-config.xml:583(para)
12664
#: serverguide/C/network-config.xml:917(para)
11073
12665
msgid ""
11074
12666
"This method entails defining a pool (sometimes also called a range or scope) "
11075
12667
"of IP addresses from which DHCP clients are supplied their configuration "
11079
12671
"other DHCP Clients."
11080
12672
msgstr ""
11081
12673
11082
#: serverguide/C/network-config.xml:594(para)
12674
#: serverguide/C/network-config.xml:928(para)
11083
12675
msgid ""
11084
12676
"Ubuntu is shipped with both DHCP server and client. The server is "
11085
12677
"<application>dhcpd</application> (dynamic host configuration protocol "
11089
12681
"and configure and will be automatically started at system boot."
11090
12682
msgstr ""
11091
12683
11092
#: serverguide/C/network-config.xml:604(para)
12684
#: serverguide/C/network-config.xml:938(para)
11093
12685
msgid ""
11094
12686
"At a terminal prompt, enter the following command to install "
11095
12687
"<application>dhcpd</application>:"
11096
12688
msgstr ""
11097
12689
11098
#: serverguide/C/network-config.xml:609(command)
12690
#: serverguide/C/network-config.xml:943(command)
11099
12691
msgid "sudo apt-get install dhcp3-server"
11100
12692
msgstr ""
11101
12693
11102
#: serverguide/C/network-config.xml:611(para)
12694
#: serverguide/C/network-config.xml:945(para)
11103
12695
msgid ""
11104
12696
"You will probably need to change the default configuration by editing "
11105
12697
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
11106
12698
msgstr ""
11107
12699
11108
#: serverguide/C/network-config.xml:615(para)
12700
#: serverguide/C/network-config.xml:949(para)
11109
12701
msgid ""
11110
12702
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
11111
12703
"dhcpd should listen to. By default it listens to eth0."
11112
12704
msgstr ""
11113
12705
11114
#: serverguide/C/network-config.xml:619(para)
12706
#: serverguide/C/network-config.xml:953(para)
11115
12707
msgid ""
11116
12708
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
11117
12709
"messages."
11118
12710
msgstr ""
11119
12711
11120
#: serverguide/C/network-config.xml:626(para)
12712
#: serverguide/C/network-config.xml:960(para)
11121
12713
msgid ""
11122
12714
"The error message the installation ends with might be a little confusing, "
11123
12715
"but the following steps will help you configure the service:"
11124
12716
msgstr ""
11125
12717
11126
#: serverguide/C/network-config.xml:630(para)
12718
#: serverguide/C/network-config.xml:964(para)
11127
12719
msgid ""
11128
12720
"Most commonly, what you want to do is assign an IP address randomly. This "
11129
12721
"can be done with settings as follows:"
11130
12722
msgstr ""
11131
12723
11132
#: serverguide/C/network-config.xml:634(programlisting)
12724
#: serverguide/C/network-config.xml:968(programlisting)
11133
12725
#, no-wrap
11134
12726
msgid ""
11135
12727
"\n"
11149
12741
"} \n"
11150
12742
msgstr ""
11151
12743
11152
#: serverguide/C/network-config.xml:650(para)
12744
#: serverguide/C/network-config.xml:984(para)
11153
12745
msgid ""
11154
12746
"This will result in the DHCP server giving a client an IP address from the "
11155
12747
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
11160
12752
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
11161
12753
msgstr ""
11162
12754
11163
#: serverguide/C/network-config.xml:659(para)
12755
#: serverguide/C/network-config.xml:993(para)
11164
12756
msgid ""
11165
12757
"If you need to specify a WINS server for your Windows clients, you will need "
11166
12758
"to include the netbios-name-servers option, e.g."
11167
12759
msgstr ""
11168
12760
11169
#: serverguide/C/network-config.xml:663(programlisting)
12761
#: serverguide/C/network-config.xml:997(programlisting)
11170
12762
#, no-wrap
11171
12763
msgid ""
11172
12764
"\n"
11173
12765
"option netbios-name-servers 192.168.1.1; \n"
11174
12766
msgstr ""
11175
12767
11176
#: serverguide/C/network-config.xml:666(para)
12768
#: serverguide/C/network-config.xml:1000(para)
11177
12769
msgid ""
11178
12770
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
11179
12771
"be found <ulink "
11180
12772
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
11181
12773
msgstr ""
11182
12774
11183
#: serverguide/C/network-config.xml:676(para)
12775
#: serverguide/C/network-config.xml:1010(para)
12776
msgid ""
12777
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12778
"server Ubuntu Wiki</ulink> page has more information."
12779
msgstr ""
12780
12781
#: serverguide/C/network-config.xml:1015(para)
11184
12782
msgid ""
11185
12783
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
11186
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/dhcpd.conf.5.html\">"
11187
"dhcpd.conf man page</ulink>."
12784
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
12785
"hcpd.conf man page</ulink>."
11188
12786
msgstr ""
11189
12787
11190
#: serverguide/C/network-config.xml:682(para)
12788
#: serverguide/C/network-config.xml:1021(para)
11191
12789
msgid ""
11192
12790
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
11193
12791
"FAQ</ulink>"
11194
12792
msgstr ""
11195
12793
11196
#: serverguide/C/network-config.xml:692(title)
12794
#: serverguide/C/network-config.xml:1031(title)
11197
12795
msgid "Time Synchronisation with NTP"
11198
12796
msgstr ""
11199
12797
11200
#: serverguide/C/network-config.xml:693(para)
12798
#: serverguide/C/network-config.xml:1032(para)
11201
12799
msgid ""
11202
12800
"This page describes methods for keeping your computer's time accurate. This "
11203
12801
"is useful for servers, but is not necessary (or desirable) for desktop "
11204
12802
"machines."
11205
12803
msgstr ""
11206
12804
11207
#: serverguide/C/network-config.xml:696(para)
12805
#: serverguide/C/network-config.xml:1035(para)
11208
12806
msgid ""
11209
12807
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
11210
12808
"client requests the current time from a server, and uses it to set its own "
11211
12809
"clock."
11212
12810
msgstr ""
11213
12811
11214
#: serverguide/C/network-config.xml:699(para)
12812
#: serverguide/C/network-config.xml:1038(para)
11215
12813
msgid ""
11216
12814
"Behind this simple description, there is a lot of complexity - there are "
11217
12815
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
11223
12821
"from you!"
11224
12822
msgstr ""
11225
12823
11226
#: serverguide/C/network-config.xml:702(para)
12824
#: serverguide/C/network-config.xml:1041(para)
11227
12825
msgid ""
11228
12826
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
11229
12827
msgstr ""
11230
12828
11231
#: serverguide/C/network-config.xml:707(title)
12829
#: serverguide/C/network-config.xml:1046(title)
11232
12830
msgid "ntpdate"
11233
12831
msgstr ""
11234
12832
11235
#: serverguide/C/network-config.xml:708(para)
12833
#: serverguide/C/network-config.xml:1047(para)
11236
12834
msgid ""
11237
12835
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
11238
12836
"set up your time according to Ubuntu's NTP server. However, a server's clock "
11242
12840
"<code>/etc/cron.daily/ntpdate</code> containing:"
11243
12841
msgstr ""
11244
12842
11245
#: serverguide/C/network-config.xml:713(screen)
12843
#: serverguide/C/network-config.xml:1052(screen)
11246
12844
#, no-wrap
11247
12845
msgid "ntpdate ntp.ubuntu.com\n"
11248
12846
msgstr ""
11249
12847
11250
#: serverguide/C/network-config.xml:715(para)
12848
#: serverguide/C/network-config.xml:1054(para)
11251
12849
msgid ""
11252
12850
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
11253
12851
msgstr ""
11254
12852
11255
#: serverguide/C/network-config.xml:718(screen)
12853
#: serverguide/C/network-config.xml:1057(screen)
11256
12854
#, no-wrap
11257
12855
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
11258
12856
msgstr ""
11259
12857
11260
#: serverguide/C/network-config.xml:722(title)
12858
#: serverguide/C/network-config.xml:1061(title)
11261
12859
msgid "ntpd"
11262
12860
msgstr ""
11263
12861
11264
#: serverguide/C/network-config.xml:723(para)
12862
#: serverguide/C/network-config.xml:1062(para)
11265
12863
msgid ""
11266
12864
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
11267
12865
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
11271
12869
"server this is negligible."
11272
12870
msgstr ""
11273
12871
11274
#: serverguide/C/network-config.xml:726(para)
12872
#: serverguide/C/network-config.xml:1065(para)
11275
12873
msgid "To set up ntpd:"
11276
12874
msgstr ""
11277
12875
11278
#: serverguide/C/network-config.xml:727(screen)
12876
#: serverguide/C/network-config.xml:1066(screen)
11279
12877
#, no-wrap
11280
12878
msgid "sudo apt-get install ntp\n"
11281
12879
msgstr ""
11282
12880
11283
#: serverguide/C/network-config.xml:732(title)
12881
#: serverguide/C/network-config.xml:1071(title)
11284
12882
msgid "Changing Time Servers"
11285
12883
msgstr ""
11286
12884
11287
#: serverguide/C/network-config.xml:733(para)
12885
#: serverguide/C/network-config.xml:1072(para)
11288
12886
msgid ""
11289
12887
"In both cases above, your system will use Ubuntu's NTP server at "
11290
12888
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
11293
12891
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
11294
12892
msgstr ""
11295
12893
11296
#: serverguide/C/network-config.xml:740(screen)
12894
#: serverguide/C/network-config.xml:1079(screen)
11297
12895
#, no-wrap
11298
12896
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
11299
12897
msgstr ""
11300
12898
11301
#: serverguide/C/network-config.xml:742(para)
12899
#: serverguide/C/network-config.xml:1081(para)
11302
12900
msgid ""
11303
12901
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
11304
12902
"lines:"
11305
12903
msgstr ""
11306
12904
11307
#: serverguide/C/network-config.xml:747(screen)
12905
#: serverguide/C/network-config.xml:1086(screen)
11308
12906
#, no-wrap
11309
12907
msgid ""
11310
12908
"server ntp.ubuntu.com\n"
11311
12909
"server pool.ntp.org\n"
11312
12910
msgstr ""
11313
12911
11314
#: serverguide/C/network-config.xml:750(para)
12912
#: serverguide/C/network-config.xml:1089(para)
11315
12913
msgid ""
11316
12914
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
11317
12915
"really good idea which uses round-robin DNS to return an NTP server from a "
11323
12921
"details."
11324
12922
msgstr ""
11325
12923
11326
#: serverguide/C/network-config.xml:761(para)
12924
#: serverguide/C/network-config.xml:1100(para)
11327
12925
msgid ""
11328
12926
"You can also Google for NTP servers in your region, and add these to your "
11329
12927
"configuration. To test that a server works, just type <code>sudo ntpdate "
11330
12928
"ntp.server.name</code> and see what happens."
11331
12929
msgstr ""
11332
12930
11333
#: serverguide/C/network-config.xml:769(title)
11334
msgid "Related Pages"
12931
#: serverguide/C/network-config.xml:1111(para)
12932
msgid ""
12933
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12934
"Time</ulink> wiki page for more information."
11335
12935
msgstr ""
11336
12936
11337
#: serverguide/C/network-config.xml:773(ulink)
12937
#: serverguide/C/network-config.xml:1117(ulink)
11338
12938
msgid "NTP Support"
11339
12939
msgstr ""
11340
12940
11341
#: serverguide/C/network-config.xml:778(ulink)
12941
#: serverguide/C/network-config.xml:1122(ulink)
11342
12942
msgid "The NTP FAQ and HOWTO"
11343
12943
msgstr ""
11344
12944
11400
13000
11401
13001
#: serverguide/C/network-auth.xml:63(para)
11402
13002
msgid ""
11403
"The installation process will prompt you for the LDAP directory admin "
11404
"password and confirmation."
13003
"By default <application>slapd</application> is configured with minimal "
13004
"options needed to run the <application>slapd</application> daemon."
11405
13005
msgstr ""
11406
13006
11407
13007
#: serverguide/C/network-auth.xml:68(para)
11408
13008
msgid ""
11409
"By default the directory suffix will match the domain name of the server. "
11410
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11411
"ldap.example.com, the default suffix will be "
11412
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11413
"the directory can be reconfigured using <application>dpkg-"
11414
"reconfigure</application>. Enter the following in a terminal prompt:"
11415
msgstr ""
11416
11417
#: serverguide/C/network-auth.xml:78(command)
11418
msgid "sudo dpkg-reconfigure slapd"
11419
msgstr ""
11420
11421
#: serverguide/C/network-auth.xml:81(para)
11422
msgid ""
11423
"You will then be taken through a menu based configuration dialog, allowing "
11424
"you to configure various <application>slapd</application> options."
11425
msgstr ""
11426
11427
#: serverguide/C/network-auth.xml:90(para)
11428
msgid ""
11429
"<application>OpenLDAP</application> uses a separate database which contains "
13009
"The configuration example in the following sections will match the domain "
13010
"name of the server. For example, if the machine's Fully Qualified Domain "
13011
"Name (FQDN) is ldap.example.com, the default suffix will be "
13012
"<emphasis>dc=example,dc=com</emphasis>."
13013
msgstr ""
13014
13015
#: serverguide/C/network-auth.xml:76(title)
13016
msgid "Populating LDAP"
13017
msgstr ""
13018
13019
#: serverguide/C/network-auth.xml:78(para)
13020
msgid ""
13021
"<application>OpenLDAP</application> uses a separate directory which contains "
11430
13022
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11431
13023
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11432
13024
"<application>slapd</application> daemon, allowing the modification of schema "
11433
13025
"definitions, indexes, ACLs, etc without stopping the service."
11434
13026
msgstr ""
11435
13027
11436
#: serverguide/C/network-auth.xml:98(para)
11437
msgid ""
11438
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11439
"utilities in the <application>ldap-utils</application> package. For example:"
11440
msgstr ""
11441
11442
#: serverguide/C/network-auth.xml:106(para)
11443
msgid ""
11444
"Use <application>ldapsearch</application> to view the tree, entering the "
11445
"admin password set during installation or reconfiguration:"
11446
msgstr ""
11447
11448
#: serverguide/C/network-auth.xml:112(command)
11449
msgid ""
11450
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11451
msgstr ""
11452
11453
#: serverguide/C/network-auth.xml:116(computeroutput)
11454
#, no-wrap
11455
msgid ""
11456
"Enter LDAP Password: \n"
11457
"dn: olcDatabase={1}hdb,cn=config\n"
11458
"objectClass: olcDatabaseConfig\n"
11459
"objectClass: olcHdbConfig\n"
11460
"olcDatabase: {1}hdb\n"
11461
"olcDbDirectory: /var/lib/ldap\n"
11462
"olcSuffix: dc=example,dc=com\n"
11463
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11464
"dn=\"cn=admin,dc=exampl\n"
11465
" e,dc=com\" write by anonymous auth by self write by * none\n"
11466
"olcAccess: {1}to dn.base=\"\" by * read\n"
11467
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11468
"olcLastMod: TRUE\n"
11469
"olcDbCheckpoint: 512 30\n"
11470
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11471
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11472
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11473
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11474
"olcDbIndex: objectClass eq\n"
11475
msgstr ""
11476
11477
#: serverguide/C/network-auth.xml:137(para)
11478
msgid ""
11479
"The output above is the current configuration options for the "
11480
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11481
"<emphasis>dc=example,dc=com</emphasis> suffix."
11482
msgstr ""
11483
11484
#: serverguide/C/network-auth.xml:146(para)
11485
msgid ""
11486
"Refine the search by supplying a <emphasis "
11487
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11488
"are indexed:"
11489
msgstr ""
11490
11491
#: serverguide/C/network-auth.xml:152(command)
11492
msgid ""
11493
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11494
"olcDbIndex"
11495
msgstr ""
11496
11497
#: serverguide/C/network-auth.xml:156(computeroutput)
11498
#, no-wrap
11499
msgid ""
11500
"Enter LDAP Password: \n"
11501
"dn: olcDatabase={1}hdb,cn=config\n"
11502
"olcDbIndex: objectClass eq\n"
11503
msgstr ""
11504
11505
#: serverguide/C/network-auth.xml:165(para)
11506
msgid ""
11507
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11508
"another attribute to the index list using "
11509
"<application>ldapmodify</application>:"
11510
msgstr ""
11511
11512
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11513
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11514
msgstr ""
11515
11516
#: serverguide/C/network-auth.xml:175(userinput)
11517
#, no-wrap
11518
msgid ""
11519
"\n"
11520
"dn: olcDatabase={1}hdb,cn=config\n"
11521
"add: olcDbIndex\n"
11522
"olcDbIndex: entryUUID eq"
11523
msgstr ""
11524
11525
#: serverguide/C/network-auth.xml:175(computeroutput)
11526
#, no-wrap
11527
msgid ""
11528
"Enter LDAP Password:<placeholder-1/>\n"
11529
"\n"
11530
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11531
msgstr ""
11532
11533
#: serverguide/C/network-auth.xml:184(para)
11534
msgid ""
11535
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11536
"exit the utility."
11537
msgstr ""
11538
11539
#: serverguide/C/network-auth.xml:191(para)
11540
msgid ""
11541
"<application>ldapmodify</application> can also read the changes from a file. "
11542
"Copy and paste the following into a file named "
11543
"<filename>uid_index.ldif</filename>:"
11544
msgstr ""
11545
11546
#: serverguide/C/network-auth.xml:196(programlisting)
11547
#, no-wrap
11548
msgid ""
11549
"\n"
11550
"dn: olcDatabase={1}hdb,cn=config\n"
11551
"add: olcDbIndex\n"
11552
"olcDbIndex: uid eq,pres,sub\n"
11553
msgstr ""
11554
11555
#: serverguide/C/network-auth.xml:202(para)
11556
msgid "Then execute <application>ldapmodify</application>:"
11557
msgstr ""
11558
11559
#: serverguide/C/network-auth.xml:207(command)
11560
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11561
msgstr ""
11562
11563
#: serverguide/C/network-auth.xml:211(computeroutput)
11564
#, no-wrap
11565
msgid ""
11566
"Enter LDAP Password: \n"
11567
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11568
msgstr ""
11569
11570
#: serverguide/C/network-auth.xml:216(para)
11571
msgid "The file method is very useful for large changes."
11572
msgstr ""
11573
11574
#: serverguide/C/network-auth.xml:223(para)
11575
msgid ""
11576
"Adding additional <emphasis>schemas</emphasis> to "
11577
"<application>slapd</application> requires the schema to be converted to LDIF "
11578
"format. Fortunately, the <application>slapd</application> program can be "
11579
"used to automate the conversion. The following example will add the "
11580
"<emphasis>misc.schema</emphasis>:"
11581
msgstr ""
11582
11583
#: serverguide/C/network-auth.xml:231(para)
11584
msgid ""
11585
"First, create a conversion <filename>schema_convert.conf</filename> file "
11586
"containing the following lines:"
11587
msgstr ""
11588
11589
#: serverguide/C/network-auth.xml:236(programlisting)
11590
#, no-wrap
11591
msgid ""
11592
"\n"
11593
"include /etc/ldap/schema/core.schema\n"
11594
"include /etc/ldap/schema/collective.schema\n"
11595
"include /etc/ldap/schema/corba.schema\n"
11596
"include /etc/ldap/schema/cosine.schema\n"
11597
"include /etc/ldap/schema/duaconf.schema\n"
11598
"include /etc/ldap/schema/dyngroup.schema\n"
11599
"include /etc/ldap/schema/inetorgperson.schema\n"
11600
"include /etc/ldap/schema/java.schema\n"
11601
"include /etc/ldap/schema/misc.schema\n"
11602
"include /etc/ldap/schema/nis.schema\n"
11603
"include /etc/ldap/schema/openldap.schema\n"
11604
"include /etc/ldap/schema/ppolicy.schema\n"
11605
msgstr ""
11606
11607
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
11608
msgid "Next, create a temporary directory to hold the output:"
11609
msgstr ""
11610
11611
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
11612
msgid "mkdir /tmp/ldif_output"
11613
msgstr ""
11614
11615
#: serverguide/C/network-auth.xml:265(para)
11616
msgid ""
11617
"Now using <application>slapcat</application> convert the schema files to "
11618
"LDIF:"
11619
msgstr ""
11620
11621
#: serverguide/C/network-auth.xml:270(command)
11622
msgid ""
11623
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11624
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11625
msgstr ""
11626
11627
#: serverguide/C/network-auth.xml:273(para)
11628
msgid ""
11629
"Adjust the configuration file name and temporary directory names if yours "
11630
"are different. Also, it may be worthwhile to keep the "
11631
"<filename>ldif_output</filename> directory around in case you want to add "
11632
"additional schemas in the future."
11633
msgstr ""
11634
11635
#: serverguide/C/network-auth.xml:282(para)
11636
msgid ""
11637
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11638
"following attributes:"
11639
msgstr ""
11640
11641
#: serverguide/C/network-auth.xml:286(programlisting)
11642
#, no-wrap
11643
msgid ""
11644
"\n"
11645
"dn: cn=misc,cn=schema,cn=config\n"
11646
"...\n"
11647
"cn: misc\n"
11648
msgstr ""
11649
11650
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
11651
msgid "And remove the following lines from the bottom of the file:"
11652
msgstr ""
11653
11654
#: serverguide/C/network-auth.xml:296(programlisting)
11655
#, no-wrap
11656
msgid ""
11657
"\n"
11658
"structuralObjectClass: olcSchemaConfig\n"
11659
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11660
"creatorsName: cn=config\n"
11661
"createTimestamp: 20080826021140Z\n"
11662
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11663
"modifiersName: cn=config\n"
11664
"modifyTimestamp: 20080826021140Z\n"
11665
msgstr ""
11666
11667
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11668
msgid ""
11669
"The attribute values will vary, just be sure the attributes are removed."
11670
msgstr ""
11671
11672
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11673
msgid ""
11674
"Finally, using the <application>ldapadd</application> utility, add the new "
11675
"schema to the directory:"
11676
msgstr ""
11677
11678
#: serverguide/C/network-auth.xml:321(command)
11679
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11680
msgstr ""
11681
11682
#: serverguide/C/network-auth.xml:327(para)
11683
msgid ""
11684
"There should now be a <emphasis>dn: "
11685
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11686
msgstr ""
11687
11688
#: serverguide/C/network-auth.xml:336(title)
11689
msgid "Populating LDAP"
11690
msgstr ""
11691
11692
#: serverguide/C/network-auth.xml:338(para)
11693
msgid ""
11694
"The directory has been created during installation and reconfiguration, and "
11695
"now it is time to populate it. It will be populated with a \"classical\" "
11696
"scheme that will be compatible with address book applications and with Unix "
11697
"Posix accounts. Posix accounts will allow authentication to various "
11698
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11699
"applications, etc."
11700
msgstr ""
11701
11702
#: serverguide/C/network-auth.xml:347(para)
13028
#: serverguide/C/network-auth.xml:86(para)
13029
msgid ""
13030
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13031
"configuration and will need additional configuration options in order to "
13032
"populate the frontend directory. The frontend will be populated with a "
13033
"\"classical\" scheme that will be compatible with address book applications "
13034
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13035
"various applications, such as web applications, email Mail Transfer Agent "
13036
"(MTA) applications, etc."
13037
msgstr ""
13038
13039
#: serverguide/C/network-auth.xml:95(para)
11703
13040
msgid ""
11704
13041
"For external applications to authenticate using LDAP they will each need to "
11705
13042
"be specifically configured to do so. Refer to the individual application "
11706
13043
"documentation for details."
11707
13044
msgstr ""
11708
13045
11709
#: serverguide/C/network-auth.xml:354(para)
11710
msgid ""
11711
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11712
"Format) files. Copy the following example LDIF file, naming it "
11713
"<filename>example.com.ldif</filename>, somewhere on your system:"
11714
msgstr ""
11715
11716
#: serverguide/C/network-auth.xml:360(programlisting)
11717
#, no-wrap
11718
msgid ""
13046
#: serverguide/C/network-auth.xml:103(para)
13047
msgid ""
13048
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13049
"examples to match your LDAP configuration."
13050
msgstr ""
13051
13052
#: serverguide/C/network-auth.xml:108(para)
13053
msgid ""
13054
"First, some additional schema files need to be loaded. In a terminal enter:"
13055
msgstr ""
13056
13057
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13058
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13059
msgstr ""
13060
13061
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13062
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13063
msgstr ""
13064
13065
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13066
msgid ""
13067
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13068
msgstr ""
13069
13070
#: serverguide/C/network-auth.xml:118(para)
13071
msgid ""
13072
"Next, copy the following example LDIF file, naming it "
13073
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13074
msgstr ""
13075
13076
#: serverguide/C/network-auth.xml:123(programlisting)
13077
#, no-wrap
13078
msgid ""
13079
"\n"
13080
"# Load dynamic backend modules\n"
13081
"dn: cn=module,cn=config\n"
13082
"objectClass: olcModuleList\n"
13083
"cn: module\n"
13084
"olcModulepath: /usr/lib/ldap\n"
13085
"olcModuleload: back_hdb\n"
13086
"\n"
13087
"# Database settings\n"
13088
"dn: olcDatabase=hdb,cn=config\n"
13089
"objectClass: olcDatabaseConfig\n"
13090
"objectClass: olcHdbConfig\n"
13091
"olcDatabase: {1}hdb\n"
13092
"olcSuffix: dc=example,dc=com\n"
13093
"olcDbDirectory: /var/lib/ldap\n"
13094
"olcRootDN: cn=admin,dc=example,dc=com\n"
13095
"olcRootPW: secret\n"
13096
"olcDbConfig: set_cachesize 0 2097152 0\n"
13097
"olcDbConfig: set_lk_max_objects 1500\n"
13098
"olcDbConfig: set_lk_max_locks 1500\n"
13099
"olcDbConfig: set_lk_max_lockers 1500\n"
13100
"olcDbIndex: objectClass eq\n"
13101
"olcLastMod: TRUE\n"
13102
"olcDbCheckpoint: 512 30\n"
13103
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13104
"by anonymous auth by self write by * none\n"
13105
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13106
"olcAccess: to dn.base=\"\" by * read\n"
13107
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13108
"\n"
13109
msgstr ""
13110
13111
#: serverguide/C/network-auth.xml:155(para)
13112
msgid ""
13113
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13114
msgstr ""
13115
13116
#: serverguide/C/network-auth.xml:160(para)
13117
msgid "Now add the LDIF to the directory:"
13118
msgstr ""
13119
13120
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13121
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13122
msgstr ""
13123
13124
#: serverguide/C/network-auth.xml:168(para)
13125
msgid ""
13126
"The frontend directory is now ready to be populated. Create a "
13127
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13128
msgstr ""
13129
13130
#: serverguide/C/network-auth.xml:173(programlisting)
13131
#, no-wrap
13132
msgid ""
13133
"\n"
13134
"# Create top-level object in domain\n"
13135
"dn: dc=example,dc=com\n"
13136
"objectClass: top\n"
13137
"objectClass: dcObject\n"
13138
"objectclass: organization\n"
13139
"o: Example Organization\n"
13140
"dc: Example\n"
13141
"description: LDAP Example \n"
13142
"\n"
13143
"# Admin user.\n"
13144
"dn: cn=admin,dc=example,dc=com\n"
13145
"objectClass: simpleSecurityObject\n"
13146
"objectClass: organizationalRole\n"
13147
"cn: admin\n"
13148
"description: LDAP administrator\n"
13149
"userPassword: secret\n"
11719
13150
"\n"
11720
13151
"dn: ou=people,dc=example,dc=com\n"
11721
13152
"objectClass: organizationalUnit\n"
11762
13193
"gidNumber: 10000\n"
11763
13194
msgstr ""
11764
13195
11765
#: serverguide/C/network-auth.xml:406(para)
13196
#: serverguide/C/network-auth.xml:236(para)
11766
13197
msgid ""
11767
13198
"In this example the directory structure, a user, and a group have been "
11768
13199
"setup. In other examples you might see the <emphasis>objectClass: "
11770
13201
"you do not have to add it explicitly."
11771
13202
msgstr ""
11772
13203
11773
#: serverguide/C/network-auth.xml:413(para)
11774
msgid ""
11775
"To add the entries to the LDAP directory use the "
11776
"<application>ldapadd</application> utility:"
11777
msgstr ""
11778
11779
#: serverguide/C/network-auth.xml:419(command)
11780
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
11781
msgstr ""
11782
11783
#: serverguide/C/network-auth.xml:422(para)
11784
msgid ""
11785
"We can check that the content has been correctly added with the tools from "
11786
"the <application>ldap-utils</application> package. In order to execute a "
11787
"search of the LDAP directory:"
11788
msgstr ""
11789
11790
#: serverguide/C/network-auth.xml:429(command)
13204
#: serverguide/C/network-auth.xml:243(para)
13205
msgid "Add the entries to the LDAP directory:"
13206
msgstr ""
13207
13208
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13209
msgid ""
13210
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13211
msgstr ""
13212
13213
#: serverguide/C/network-auth.xml:252(para)
13214
msgid ""
13215
"We can check that the content has been correctly added with the "
13216
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13217
"directory:"
13218
msgstr ""
13219
13220
#: serverguide/C/network-auth.xml:258(command)
11791
13221
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
11792
13222
msgstr ""
11793
13223
11794
#: serverguide/C/network-auth.xml:430(computeroutput)
13224
#: serverguide/C/network-auth.xml:259(computeroutput)
11795
13225
#, no-wrap
11796
13226
msgid ""
11797
13227
"\n"
11801
13231
"givenName: John\n"
11802
13232
msgstr ""
11803
13233
11804
#: serverguide/C/network-auth.xml:438(para)
13234
#: serverguide/C/network-auth.xml:267(para)
11805
13235
msgid "Just a quick explanation:"
11806
13236
msgstr ""
11807
13237
11808
#: serverguide/C/network-auth.xml:444(para)
13238
#: serverguide/C/network-auth.xml:273(para)
11809
13239
msgid ""
11810
13240
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11811
13241
"the default."
11812
13242
msgstr ""
11813
13243
13244
#: serverguide/C/network-auth.xml:279(para)
13245
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13246
msgstr ""
13247
13248
#: serverguide/C/network-auth.xml:287(title)
13249
msgid "Further Configuration"
13250
msgstr ""
13251
13252
#: serverguide/C/network-auth.xml:290(para)
13253
msgid ""
13254
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13255
"utilities in the <application>ldap-utils</application> package. For example:"
13256
msgstr ""
13257
13258
#: serverguide/C/network-auth.xml:298(para)
13259
msgid ""
13260
"Use <application>ldapsearch</application> to view the tree, entering the "
13261
"admin password set during installation or reconfiguration:"
13262
msgstr ""
13263
13264
#: serverguide/C/network-auth.xml:304(command)
13265
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13266
msgstr ""
13267
13268
#: serverguide/C/network-auth.xml:308(computeroutput)
13269
#, no-wrap
13270
msgid ""
13271
"\n"
13272
"SASL/EXTERNAL authentication started\n"
13273
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13274
"SASL SSF: 0\n"
13275
"dn: cn=config\n"
13276
"\n"
13277
"dn: cn=module{0},cn=config\n"
13278
"\n"
13279
"dn: cn=schema,cn=config\n"
13280
"\n"
13281
"dn: cn={0}core,cn=schema,cn=config\n"
13282
"\n"
13283
"dn: cn={1}cosine,cn=schema,cn=config\n"
13284
"\n"
13285
"dn: cn={2}nis,cn=schema,cn=config\n"
13286
"\n"
13287
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13288
"\n"
13289
"dn: olcDatabase={-1}frontend,cn=config\n"
13290
"\n"
13291
"dn: olcDatabase={0}config,cn=config\n"
13292
"\n"
13293
"dn: olcDatabase={1}hdb,cn=config\n"
13294
msgstr ""
13295
13296
#: serverguide/C/network-auth.xml:334(para)
13297
msgid ""
13298
"The output above is the current configuration options for the "
13299
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13300
msgstr ""
13301
13302
#: serverguide/C/network-auth.xml:342(para)
13303
msgid ""
13304
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13305
"another attribute to the index list using "
13306
"<application>ldapmodify</application>:"
13307
msgstr ""
13308
13309
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13310
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13311
msgstr ""
13312
13313
#: serverguide/C/network-auth.xml:356(userinput)
13314
#, no-wrap
13315
msgid ""
13316
"dn: olcDatabase={1}hdb,cn=config\n"
13317
"add: olcDbIndex\n"
13318
"olcDbIndex: uidNumber eq"
13319
msgstr ""
13320
13321
#: serverguide/C/network-auth.xml:352(computeroutput)
13322
#, no-wrap
13323
msgid ""
13324
"\n"
13325
"SASL/EXTERNAL authentication started\n"
13326
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13327
"SASL SSF: 0\n"
13328
"<placeholder-1/>\n"
13329
"\n"
13330
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13331
msgstr ""
13332
13333
#: serverguide/C/network-auth.xml:364(para)
13334
msgid ""
13335
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13336
"exit the utility."
13337
msgstr ""
13338
13339
#: serverguide/C/network-auth.xml:371(para)
13340
msgid ""
13341
"<application>ldapmodify</application> can also read the changes from a file. "
13342
"Copy and paste the following into a file named "
13343
"<filename>uid_index.ldif</filename>:"
13344
msgstr ""
13345
13346
#: serverguide/C/network-auth.xml:376(programlisting)
13347
#, no-wrap
13348
msgid ""
13349
"\n"
13350
"dn: olcDatabase={1}hdb,cn=config\n"
13351
"add: olcDbIndex\n"
13352
"olcDbIndex: uid eq,pres,sub\n"
13353
msgstr ""
13354
13355
#: serverguide/C/network-auth.xml:382(para)
13356
msgid "Then execute <application>ldapmodify</application>:"
13357
msgstr ""
13358
13359
#: serverguide/C/network-auth.xml:387(command)
13360
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13361
msgstr ""
13362
13363
#: serverguide/C/network-auth.xml:391(computeroutput)
13364
#, no-wrap
13365
msgid ""
13366
"\n"
13367
"SASL/EXTERNAL authentication started\n"
13368
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13369
"SASL SSF: 0\n"
13370
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13371
msgstr ""
13372
13373
#: serverguide/C/network-auth.xml:399(para)
13374
msgid "The file method is very useful for large changes."
13375
msgstr ""
13376
13377
#: serverguide/C/network-auth.xml:406(para)
13378
msgid ""
13379
"Adding additional <emphasis>schemas</emphasis> to "
13380
"<application>slapd</application> requires the schema to be converted to LDIF "
13381
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13382
"directory contains some schema files already converted to LDIF format as "
13383
"demonstrated in the previous section. Fortunately, the "
13384
"<application>slapd</application> program can be used to automate the "
13385
"conversion. The following example will add the "
13386
"<emphasis>dyngoup.schema</emphasis>:"
13387
msgstr ""
13388
13389
#: serverguide/C/network-auth.xml:416(para)
13390
msgid ""
13391
"First, create a conversion <filename>schema_convert.conf</filename> file "
13392
"containing the following lines:"
13393
msgstr ""
13394
13395
#: serverguide/C/network-auth.xml:421(programlisting)
13396
#, no-wrap
13397
msgid ""
13398
"\n"
13399
"include /etc/ldap/schema/core.schema\n"
13400
"include /etc/ldap/schema/collective.schema\n"
13401
"include /etc/ldap/schema/corba.schema\n"
13402
"include /etc/ldap/schema/cosine.schema\n"
13403
"include /etc/ldap/schema/duaconf.schema\n"
13404
"include /etc/ldap/schema/dyngroup.schema\n"
13405
"include /etc/ldap/schema/inetorgperson.schema\n"
13406
"include /etc/ldap/schema/java.schema\n"
13407
"include /etc/ldap/schema/misc.schema\n"
13408
"include /etc/ldap/schema/nis.schema\n"
13409
"include /etc/ldap/schema/openldap.schema\n"
13410
"include /etc/ldap/schema/ppolicy.schema\n"
13411
msgstr ""
13412
13413
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13414
msgid "Next, create a temporary directory to hold the output:"
13415
msgstr ""
13416
13417
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13418
msgid "mkdir /tmp/ldif_output"
13419
msgstr ""
13420
11814
13421
#: serverguide/C/network-auth.xml:450(para)
11815
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11816
msgstr ""
11817
11818
#: serverguide/C/network-auth.xml:459(title)
11819
msgid "LDAP replication"
11820
msgstr ""
11821
11822
#: serverguide/C/network-auth.xml:461(para)
13422
msgid ""
13423
"Now using <application>slapcat</application> convert the schema files to "
13424
"LDIF:"
13425
msgstr ""
13426
13427
#: serverguide/C/network-auth.xml:455(command)
13428
msgid ""
13429
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13430
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13431
msgstr ""
13432
13433
#: serverguide/C/network-auth.xml:458(para)
13434
msgid ""
13435
"Adjust the configuration file name and temporary directory names if yours "
13436
"are different. Also, it may be worthwhile to keep the "
13437
"<filename>ldif_output</filename> directory around in case you want to add "
13438
"additional schemas in the future."
13439
msgstr ""
13440
13441
#: serverguide/C/network-auth.xml:467(para)
13442
msgid ""
13443
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13444
"following attributes:"
13445
msgstr ""
13446
13447
#: serverguide/C/network-auth.xml:471(programlisting)
13448
#, no-wrap
13449
msgid ""
13450
"\n"
13451
"dn: cn=dyngroup,cn=schema,cn=config\n"
13452
"...\n"
13453
"cn: dyngroup\n"
13454
msgstr ""
13455
13456
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13457
msgid "And remove the following lines from the bottom of the file:"
13458
msgstr ""
13459
13460
#: serverguide/C/network-auth.xml:481(programlisting)
13461
#, no-wrap
13462
msgid ""
13463
"\n"
13464
"structuralObjectClass: olcSchemaConfig\n"
13465
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13466
"creatorsName: cn=config\n"
13467
"createTimestamp: 20080826021140Z\n"
13468
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13469
"modifiersName: cn=config\n"
13470
"modifyTimestamp: 20080826021140Z\n"
13471
msgstr ""
13472
13473
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13474
msgid ""
13475
"The attribute values will vary, just be sure the attributes are removed."
13476
msgstr ""
13477
13478
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13479
msgid ""
13480
"Finally, using the <application>ldapadd</application> utility, add the new "
13481
"schema to the directory:"
13482
msgstr ""
13483
13484
#: serverguide/C/network-auth.xml:506(command)
13485
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13486
msgstr ""
13487
13488
#: serverguide/C/network-auth.xml:512(para)
13489
msgid ""
13490
"There should now be a <emphasis>dn: "
13491
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13492
msgstr ""
13493
13494
#: serverguide/C/network-auth.xml:522(title)
13495
msgid "LDAP Replication"
13496
msgstr ""
13497
13498
#: serverguide/C/network-auth.xml:524(para)
11823
13499
msgid ""
11824
13500
"LDAP often quickly becomes a highly critical service to the network. "
11825
13501
"Multiple systems will come to depend on LDAP for authentication, "
11827
13503
"system through replication."
11828
13504
msgstr ""
11829
13505
11830
#: serverguide/C/network-auth.xml:467(para)
13506
#: serverguide/C/network-auth.xml:530(para)
11831
13507
msgid ""
11832
13508
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11833
"Syncrepl allows the directory to be synced using either a "
11834
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11835
"push based configuration a <quote>primary</quote> server will push directory "
11836
"updates to <quote>secondary</quote> servers, while a pull based approach "
11837
"allows replication servers to sync on a time based interval."
11838
msgstr ""
11839
11840
#: serverguide/C/network-auth.xml:475(para)
11841
msgid ""
11842
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11843
"configuration. In this configuration each OpenLDAP server is configured for "
11844
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11845
msgstr ""
11846
11847
#: serverguide/C/network-auth.xml:483(para)
11848
msgid ""
11849
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11850
"database. Copy the following to a file named <filename>syncrepl_cn-"
11851
"config.ldif</filename>:"
11852
msgstr ""
11853
11854
#: serverguide/C/network-auth.xml:488(programlisting)
13509
"Syncrepl allows the changes to be synced using a "
13510
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13511
"provider sends directory changes to consumers."
13512
msgstr ""
13513
13514
#: serverguide/C/network-auth.xml:537(title)
13515
msgid "Provider Configuration"
13516
msgstr ""
13517
13518
#: serverguide/C/network-auth.xml:539(para)
13519
msgid ""
13520
"The following is an example of a <emphasis>Single-Master</emphasis> "
13521
"configuration. In this configuration one OpenLDAP server is configured as a "
13522
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13523
msgstr ""
13524
13525
#: serverguide/C/network-auth.xml:547(para)
13526
msgid ""
13527
"First, configure the provider server. Copy the following to a file named "
13528
"<filename>provider_sync.ldif</filename>:"
13529
msgstr ""
13530
13531
#: serverguide/C/network-auth.xml:552(programlisting)
11855
13532
#, no-wrap
11856
13533
msgid ""
11857
13534
"\n"
13535
"# Add indexes to the frontend db.\n"
13536
"dn: olcDatabase={1}hdb,cn=config\n"
13537
"changetype: modify\n"
13538
"add: olcDbIndex\n"
13539
"olcDbIndex: entryCSN eq\n"
13540
"-\n"
13541
"add: olcDbIndex\n"
13542
"olcDbIndex: entryUUID eq\n"
13543
"\n"
13544
"#Load the syncprov and accesslog modules.\n"
11858
13545
"dn: cn=module{0},cn=config\n"
11859
13546
"changetype: modify\n"
11860
13547
"add: olcModuleLoad\n"
11861
13548
"olcModuleLoad: syncprov\n"
11862
"\n"
11863
"dn: cn=config\n"
11864
"changetype: modify\n"
11865
"replace: olcServerID\n"
11866
"olcServerID: 1 ldap://ldap01.example.com\n"
11867
"olcServerID: 2 ldap://ldap02.example.com\n"
11868
"\n"
11869
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
13549
"-\n"
13550
"add: olcModuleLoad\n"
13551
"olcModuleLoad: accesslog\n"
13552
"\n"
13553
"# Accesslog database definitions\n"
13554
"dn: olcDatabase={2}hdb,cn=config\n"
13555
"objectClass: olcDatabaseConfig\n"
13556
"objectClass: olcHdbConfig\n"
13557
"olcDatabase: {2}hdb\n"
13558
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13559
"olcSuffix: cn=accesslog\n"
13560
"olcRootDN: cn=admin,dc=example,dc=com\n"
13561
"olcDbIndex: default eq\n"
13562
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13563
"\n"
13564
"# Accesslog db syncprov.\n"
13565
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
11870
13566
"changetype: add\n"
11871
13567
"objectClass: olcOverlayConfig\n"
11872
13568
"objectClass: olcSyncProvConfig\n"
11873
13569
"olcOverlay: syncprov\n"
11874
"\n"
11875
"dn: olcDatabase={0}config,cn=config\n"
11876
"changetype: modify\n"
11877
"add: olcSyncRepl\n"
11878
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11879
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11880
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11881
" retry=\"5 5 300 5\" timeout=1\n"
11882
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11883
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11884
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11885
" retry=\"5 5 300 5\" timeout=1\n"
11886
"-\n"
11887
"add: olcMirrorMode\n"
11888
"olcMirrorMode: TRUE\n"
11889
msgstr ""
11890
11891
#: serverguide/C/network-auth.xml:523(para)
11892
msgid "Edit the file changing:"
11893
msgstr ""
11894
11895
#: serverguide/C/network-auth.xml:529(para)
11896
msgid ""
11897
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11898
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11899
"servers."
11900
msgstr ""
11901
11902
#: serverguide/C/network-auth.xml:534(para)
11903
msgid ""
11904
"You can have more than two LDAP servers, and when a change is made to one of "
11905
"them it will by synced to the rest. Be sure to increment the "
11906
"<emphasis>olcServerID</emphasis> for each server, and the "
11907
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11908
msgstr ""
11909
11910
#: serverguide/C/network-auth.xml:542(para)
11911
msgid ""
11912
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11913
"password."
11914
msgstr ""
11915
11916
#: serverguide/C/network-auth.xml:552(para)
11917
msgid ""
11918
"Next, add the LDIF file using the <application>ldapmodify</application> "
11919
"utility:"
11920
msgstr ""
11921
11922
#: serverguide/C/network-auth.xml:557(command)
11923
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11924
msgstr ""
11925
11926
#: serverguide/C/network-auth.xml:563(para)
11927
msgid ""
11928
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11929
"server and repeat the <application>ldapmodify</application> command above."
11930
msgstr ""
11931
11932
#: serverguide/C/network-auth.xml:571(para)
11933
msgid ""
11934
"Because a new module has been added, the <application>slapd</application> "
11935
"daemon, on all replicated servers, needs to be restarted:"
11936
msgstr ""
11937
11938
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
11939
msgid "sudo /etc/init.d/slapd restart"
11940
msgstr ""
11941
11942
#: serverguide/C/network-auth.xml:583(para)
11943
msgid ""
11944
"Now that the configuration database is synced between servers, the "
11945
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11946
"paste the following into another LDIF file named "
11947
"<filename>syncrepl_backend.ldif</filename>:"
11948
msgstr ""
11949
11950
#: serverguide/C/network-auth.xml:589(programlisting)
11951
#, no-wrap
11952
msgid ""
11953
"\n"
11954
"dn: olcDatabase={1}hdb,cn=config\n"
11955
"changetype: modify\n"
11956
"add: olcRootDN\n"
11957
"olcRootDN: cn=admin,dc=example,dc=com\n"
11958
"-\n"
11959
"add: olcSyncRepl\n"
11960
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11961
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11962
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11963
"type=refreshOnly \n"
11964
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11965
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11966
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11967
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11968
"type=refreshOnly \n"
11969
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11970
"-\n"
11971
"add: olcMirrorMode\n"
11972
"olcMirrorMode: TRUE\n"
11973
"\n"
13570
"olcSpNoPresent: TRUE\n"
13571
"olcSpReloadHint: TRUE\n"
13572
"\n"
13573
"# syncrepl Provider for primary db\n"
11974
13574
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11975
13575
"changetype: add\n"
11976
13576
"objectClass: olcOverlayConfig\n"
11977
13577
"objectClass: olcSyncProvConfig\n"
11978
13578
"olcOverlay: syncprov\n"
11979
msgstr ""
11980
11981
#: serverguide/C/network-auth.xml:616(para)
11982
msgid "Like the previous LDIF file, edit this one changing:"
11983
msgstr ""
11984
11985
#: serverguide/C/network-auth.xml:622(para)
11986
msgid ""
11987
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
11988
"searchbase."
11989
msgstr ""
11990
11991
#: serverguide/C/network-auth.xml:627(para)
11992
msgid ""
11993
"If you use a different admin user, change "
11994
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
11995
msgstr ""
11996
11997
#: serverguide/C/network-auth.xml:632(para)
11998
msgid ""
11999
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
12000
"password."
12001
msgstr ""
12002
12003
#: serverguide/C/network-auth.xml:641(para)
12004
msgid "Add the LDIF file:"
12005
msgstr ""
12006
12007
#: serverguide/C/network-auth.xml:646(command)
12008
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12009
msgstr ""
12010
12011
#: serverguide/C/network-auth.xml:649(para)
12012
msgid ""
12013
"Because the servers' configuration is already synced there is no need to "
12014
"copy this LDIF file to the other servers."
13579
"olcSpNoPresent: TRUE\n"
13580
"\n"
13581
"# accesslog overlay definitions for primary db\n"
13582
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13583
"objectClass: olcOverlayConfig\n"
13584
"objectClass: olcAccessLogConfig\n"
13585
"olcOverlay: accesslog\n"
13586
"olcAccessLogDB: cn=accesslog\n"
13587
"olcAccessLogOps: writes\n"
13588
"olcAccessLogSuccess: TRUE\n"
13589
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13590
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13591
msgstr ""
13592
13593
#: serverguide/C/network-auth.xml:614(para)
13594
msgid ""
13595
"The <application>AppArmor</application> profile for "
13596
"<application>slapd</application> will need to be adjusted for the accesslog "
13597
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13598
"adding:"
13599
msgstr ""
13600
13601
#: serverguide/C/network-auth.xml:619(programlisting)
13602
#, no-wrap
13603
msgid ""
13604
"\n"
13605
" /var/lib/ldap/accesslog/ r,\n"
13606
" /var/lib/ldap/accesslog/** rwk,\n"
13607
msgstr ""
13608
13609
#: serverguide/C/network-auth.xml:624(para)
13610
msgid ""
13611
"Then create the directory, reload the <application>apparmor</application> "
13612
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13613
msgstr ""
13614
13615
#: serverguide/C/network-auth.xml:630(command)
13616
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13617
msgstr ""
13618
13619
#: serverguide/C/network-auth.xml:631(command)
13620
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13621
msgstr ""
13622
13623
#: serverguide/C/network-auth.xml:636(para)
13624
msgid ""
13625
"Using the <emphasis>-u openldap</emphasis> option with the "
13626
"<application>sudo</application> commands above removes the need to adjust "
13627
"permissions for the new directory later."
13628
msgstr ""
13629
13630
#: serverguide/C/network-auth.xml:645(para)
13631
msgid ""
13632
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13633
"directory:"
13634
msgstr ""
13635
13636
#: serverguide/C/network-auth.xml:649(programlisting)
13637
#, no-wrap
13638
msgid ""
13639
"\n"
13640
"olcRootDN: cn=admin,dc=example,dc=com\n"
12015
13641
msgstr ""
12016
13642
12017
13643
#: serverguide/C/network-auth.xml:657(para)
12018
13644
msgid ""
12019
"The configuration and backend databases should now sycnc to the other "
12020
"servers. You can add additional servers using the "
12021
"<application>ldapmodify</application> utility as the need arises. See <xref "
12022
"linkend=\"openldap-configuration\"/> for details."
12023
msgstr ""
12024
12025
#: serverguide/C/network-auth.xml:667(programlisting)
13645
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13646
msgstr ""
13647
13648
#: serverguide/C/network-auth.xml:662(command)
13649
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13650
msgstr ""
13651
13652
#: serverguide/C/network-auth.xml:669(para)
13653
msgid "Restart <application>slapd</application>:"
13654
msgstr ""
13655
13656
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
13657
msgid "sudo /etc/init.d/slapd restart"
13658
msgstr ""
13659
13660
#: serverguide/C/network-auth.xml:680(para)
13661
msgid ""
13662
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13663
"to configure a <emphasis>Consumer</emphasis> server."
13664
msgstr ""
13665
13666
#: serverguide/C/network-auth.xml:687(title)
13667
msgid "Consumer Configuration"
13668
msgstr ""
13669
13670
#: serverguide/C/network-auth.xml:692(para)
13671
msgid ""
13672
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13673
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13674
"configuration steps."
13675
msgstr ""
13676
13677
#: serverguide/C/network-auth.xml:697(para)
13678
msgid "Add the additional schema files:"
13679
msgstr ""
13680
13681
#: serverguide/C/network-auth.xml:707(para)
13682
msgid ""
13683
"Also, create, or copy from the provider server, the "
13684
"<filename>backend.example.com.ldif</filename>"
13685
msgstr ""
13686
13687
#: serverguide/C/network-auth.xml:711(programlisting)
13688
#, no-wrap
13689
msgid ""
13690
"\n"
13691
"# Load dynamic backend modules\n"
13692
"dn: cn=module,cn=config\n"
13693
"objectClass: olcModuleList\n"
13694
"cn: module\n"
13695
"olcModulepath: /usr/lib/ldap\n"
13696
"olcModuleload: back_hdb\n"
13697
"\n"
13698
"# Database settings\n"
13699
"dn: olcDatabase=hdb,cn=config\n"
13700
"objectClass: olcDatabaseConfig\n"
13701
"objectClass: olcHdbConfig\n"
13702
"olcDatabase: {1}hdb\n"
13703
"olcSuffix: dc=example,dc=com\n"
13704
"olcDbDirectory: /var/lib/ldap\n"
13705
"olcRootDN: cn=admin,dc=example,dc=com\n"
13706
"olcRootPW: secret\n"
13707
"olcDbConfig: set_cachesize 0 2097152 0\n"
13708
"olcDbConfig: set_lk_max_objects 1500\n"
13709
"olcDbConfig: set_lk_max_locks 1500\n"
13710
"olcDbConfig: set_lk_max_lockers 1500\n"
13711
"olcDbIndex: objectClass eq\n"
13712
"olcLastMod: TRUE\n"
13713
"olcDbCheckpoint: 512 30\n"
13714
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13715
"by anonymous auth by self write by * none\n"
13716
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13717
"olcAccess: to dn.base=\"\" by * read\n"
13718
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13719
msgstr ""
13720
13721
#: serverguide/C/network-auth.xml:741(para)
13722
msgid "And add the LDIF by entering:"
13723
msgstr ""
13724
13725
#: serverguide/C/network-auth.xml:752(para)
13726
msgid ""
13727
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13728
"listed above, and add it:"
13729
msgstr ""
13730
13731
#: serverguide/C/network-auth.xml:760(para)
13732
msgid ""
13733
"The two severs should now have the same configuration except for the "
13734
"<emphasis>Syncrepl</emphasis> options."
13735
msgstr ""
13736
13737
#: serverguide/C/network-auth.xml:768(para)
13738
msgid ""
13739
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13740
msgstr ""
13741
13742
#: serverguide/C/network-auth.xml:772(programlisting)
13743
#, no-wrap
13744
msgid ""
13745
"\n"
13746
"#Load the syncprov module.\n"
13747
"dn: cn=module{0},cn=config\n"
13748
"changetype: modify\n"
13749
"add: olcModuleLoad\n"
13750
"olcModuleLoad: syncprov\n"
13751
"\n"
13752
"# syncrepl specific indices\n"
13753
"dn: olcDatabase={1}hdb,cn=config\n"
13754
"changetype: modify\n"
13755
"add: olcDbIndex\n"
13756
"olcDbIndex: entryUUID eq\n"
13757
"-\n"
13758
"add: olcSyncRepl\n"
13759
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13760
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13761
" credentials=secret searchbase=\"dc=example,dc=com\" "
13762
"logbase=\"cn=accesslog\" \n"
13763
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13764
"schemachecking=on \n"
13765
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13766
"-\n"
13767
"add: olcUpdateRef\n"
13768
"olcUpdateRef: ldap://ldap01.example.com\n"
13769
msgstr ""
13770
13771
#: serverguide/C/network-auth.xml:795(para)
13772
msgid "You will probably want to change the following attributes:"
13773
msgstr ""
13774
13775
#: serverguide/C/network-auth.xml:800(para)
13776
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13777
msgstr ""
13778
13779
#: serverguide/C/network-auth.xml:801(emphasis)
13780
msgid "binddn"
13781
msgstr ""
13782
13783
#: serverguide/C/network-auth.xml:802(emphasis)
13784
msgid "credentials"
13785
msgstr ""
13786
13787
#: serverguide/C/network-auth.xml:803(emphasis)
13788
msgid "searchbase"
13789
msgstr ""
13790
13791
#: serverguide/C/network-auth.xml:804(emphasis)
13792
msgid "olcUpdateRef:"
13793
msgstr ""
13794
13795
#: serverguide/C/network-auth.xml:810(para)
13796
msgid "Add the LDIF file to the configuration tree:"
13797
msgstr ""
13798
13799
#: serverguide/C/network-auth.xml:815(command)
13800
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13801
msgstr ""
13802
13803
#: serverguide/C/network-auth.xml:821(para)
13804
msgid ""
13805
"The frontend database should now sync between servers. You can add "
13806
"additional servers using the steps above as the need arises."
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:831(programlisting)
12026
13810
#, no-wrap
12027
13811
msgid "127.0.0.1\tldap01.example.com ldap01"
12028
13812
msgstr ""
12029
13813
12030
#: serverguide/C/network-auth.xml:663(para)
13814
#: serverguide/C/network-auth.xml:827(para)
12031
13815
msgid ""
12032
13816
"The <application>slapd</application> daemon will send log information to "
12033
13817
"<filename>/var/log/syslog</filename> by default. So if all does "
12037
13821
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
12038
13822
msgstr ""
12039
13823
12040
#: serverguide/C/network-auth.xml:674(title)
13824
#: serverguide/C/network-auth.xml:839(title)
12041
13825
msgid "Setting up ACL"
12042
13826
msgstr ""
12043
13827
12044
#: serverguide/C/network-auth.xml:676(para)
13828
#: serverguide/C/network-auth.xml:841(para)
12045
13829
msgid ""
12046
13830
"Authentication requires access to the password field, that should be not "
12047
13831
"accessible by default. Also, in order for users to change their own "
12050
13834
"authenticated."
12051
13835
msgstr ""
12052
13836
12053
#: serverguide/C/network-auth.xml:683(para)
13837
#: serverguide/C/network-auth.xml:848(para)
12054
13838
msgid ""
12055
13839
"To view the Access Control List (ACL), use the "
12056
13840
"<application>ldapsearch</application> utility:"
12057
13841
msgstr ""
12058
13842
12059
#: serverguide/C/network-auth.xml:688(command)
13843
#: serverguide/C/network-auth.xml:853(command)
12060
13844
msgid ""
12061
13845
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
12062
13846
"olcAccess"
12063
13847
msgstr ""
12064
13848
12065
#: serverguide/C/network-auth.xml:692(computeroutput)
13849
#: serverguide/C/network-auth.xml:857(computeroutput)
12066
13850
#, no-wrap
12067
13851
msgid ""
12068
13852
"Enter LDAP Password: \n"
12074
13858
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12075
13859
msgstr ""
12076
13860
12077
#: serverguide/C/network-auth.xml:704(title)
13861
#: serverguide/C/network-auth.xml:869(title)
12078
13862
msgid "TLS and SSL"
12079
13863
msgstr ""
12080
13864
12081
#: serverguide/C/network-auth.xml:706(para)
13865
#: serverguide/C/network-auth.xml:871(para)
12082
13866
msgid ""
12083
13867
"When authenticating to an OpenLDAP server it is best to do so using an "
12084
13868
"encrypted session. This can be accomplished using Transport Layer Security "
12085
13869
"(TLS) and/or Secure Sockets Layer (SSL)."
12086
13870
msgstr ""
12087
13871
12088
#: serverguide/C/network-auth.xml:711(para)
13872
#: serverguide/C/network-auth.xml:876(para)
12089
13873
msgid ""
12090
13874
"The first step in the process is to obtain or create a "
12091
"<emphasis>certificate</emphasis>. See <xref linkend=\"certificates-and-"
12092
"security\"/> and <xref linkend=\"certificate-authority\"/> for details."
12093
msgstr ""
12094
12095
#: serverguide/C/network-auth.xml:716(para)
13875
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13876
"is compiled using the <application>gnutls</application> library, the "
13877
"<application>certtool</application> utility will be used to create "
13878
"certificates."
13879
msgstr ""
13880
13881
#: serverguide/C/network-auth.xml:885(para)
13882
msgid ""
13883
"First, install <application>gnutls-bin</application> by entering the "
13884
"following in a terminal:"
13885
msgstr ""
13886
13887
#: serverguide/C/network-auth.xml:890(command)
13888
msgid "sudo apt-get install gnutls-bin"
13889
msgstr ""
13890
13891
#: serverguide/C/network-auth.xml:896(para)
13892
msgid ""
13893
"Next, create a private key for the <emphasis>Certificate "
13894
"Authority</emphasis> (CA):"
13895
msgstr ""
13896
13897
#: serverguide/C/network-auth.xml:901(command)
13898
msgid ""
13899
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13900
msgstr ""
13901
13902
#: serverguide/C/network-auth.xml:907(para)
13903
msgid ""
13904
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13905
"CA certificate containing:"
13906
msgstr ""
13907
13908
#: serverguide/C/network-auth.xml:911(programlisting)
13909
#, no-wrap
13910
msgid ""
13911
"\n"
13912
"cn = Example Company\n"
13913
"ca\n"
13914
"cert_signing_key\n"
13915
msgstr ""
13916
13917
#: serverguide/C/network-auth.xml:920(para)
13918
msgid "Now create the self-signed CA certificate:"
13919
msgstr ""
13920
13921
#: serverguide/C/network-auth.xml:925(command)
13922
msgid ""
13923
"sudo certtool --generate-self-signed --load-privkey "
13924
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13925
"/etc/ssl/certs/cacert.pem"
13926
msgstr ""
13927
13928
#: serverguide/C/network-auth.xml:932(para)
13929
msgid "Make a private key for the server:"
13930
msgstr ""
13931
13932
#: serverguide/C/network-auth.xml:937(command)
13933
msgid ""
13934
"sudo sh -c \"certtool --generate-privkey > "
13935
"/etc/ssl/private/ldap01_slapd_key.pem\""
13936
msgstr ""
13937
13938
#: serverguide/C/network-auth.xml:941(para)
13939
msgid ""
13940
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13941
"hostname. Naming the certificate and key for the host and service that will "
13942
"be using them will help keep filenames and paths straight."
13943
msgstr ""
13944
13945
#: serverguide/C/network-auth.xml:950(para)
13946
msgid ""
13947
"To sign the server's certificate with the CA, create the "
13948
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:954(programlisting)
13952
#, no-wrap
13953
msgid ""
13954
"\n"
13955
"organization = Example Company\n"
13956
"cn = ldap01.example.com\n"
13957
"tls_www_server\n"
13958
"encryption_key\n"
13959
"signing_key\n"
13960
msgstr ""
13961
13962
#: serverguide/C/network-auth.xml:965(para)
13963
msgid "Create the server's certificate:"
13964
msgstr ""
13965
13966
#: serverguide/C/network-auth.xml:970(command)
13967
msgid ""
13968
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13969
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13970
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13971
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13972
msgstr ""
13973
13974
#: serverguide/C/network-auth.xml:978(para)
12096
13975
msgid ""
12097
13976
"Once you have a certificate, key, and CA cert installed, use "
12098
13977
"<application>ldapmodify</application> to add the new configuration options:"
12099
13978
msgstr ""
12100
13979
12101
#: serverguide/C/network-auth.xml:727(userinput)
13980
#: serverguide/C/network-auth.xml:989(userinput)
12102
13981
#, no-wrap
12103
13982
msgid ""
12104
13983
"dn: cn=config\n"
12106
13985
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
12107
13986
"-\n"
12108
13987
"add: olcTLSCertificateFile\n"
12109
"olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
13988
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
12110
13989
"-\n"
12111
13990
"add: olcTLSCertificateKeyFile\n"
12112
"olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
13991
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
12113
13992
msgstr ""
12114
13993
12115
#: serverguide/C/network-auth.xml:726(computeroutput)
13994
#: serverguide/C/network-auth.xml:988(computeroutput) serverguide/C/network-auth.xml:1159(computeroutput)
12116
13995
#, no-wrap
12117
13996
msgid ""
12118
13997
"Enter LDAP Password:\n"
12121
14000
"modifying entry \"cn=config\"\n"
12122
14001
msgstr ""
12123
14002
12124
#: serverguide/C/network-auth.xml:742(para)
14003
#: serverguide/C/network-auth.xml:1004(para)
12125
14004
msgid ""
12126
"Adjust the <filename>server.crt</filename>, <filename>server.key</filename>, "
12127
"and <filename>cacert.pem</filename> names if yours are different. If you "
12128
"have a self-signed certificate, do <emphasis>NOT</emphasis> add the "
12129
"olcTLSCACertificateFile property, as it will cause GnuTLS to fail.."
14005
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14006
"<filename>ldap01_slapd_key.pem</filename>, and "
14007
"<filename>cacert.pem</filename> names if yours are different."
12130
14008
msgstr ""
12131
14009
12132
#: serverguide/C/network-auth.xml:749(para)
14010
#: serverguide/C/network-auth.xml:1010(para)
12133
14011
msgid ""
12134
14012
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
12135
14013
"<emphasis>SLAPD_SERVICES</emphasis> option:"
12136
14014
msgstr ""
12137
14015
12138
#: serverguide/C/network-auth.xml:753(programlisting)
14016
#: serverguide/C/network-auth.xml:1014(programlisting)
12139
14017
#, no-wrap
12140
14018
msgid ""
12141
14019
"\n"
12142
14020
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
12143
14021
msgstr ""
12144
14022
12145
#: serverguide/C/network-auth.xml:757(para)
14023
#: serverguide/C/network-auth.xml:1018(para)
12146
14024
msgid ""
12147
14025
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
12148
14026
msgstr ""
12149
14027
12150
#: serverguide/C/network-auth.xml:762(command)
14028
#: serverguide/C/network-auth.xml:1023(command)
12151
14029
msgid "sudo adduser openldap ssl-cert"
12152
14030
msgstr ""
12153
14031
12154
#: serverguide/C/network-auth.xml:763(command)
12155
msgid "sudo chgrp ssl-cert /etc/ssl/private/server.key"
12156
msgstr ""
12157
12158
#: serverguide/C/network-auth.xml:764(command)
12159
msgid "sudo chmod g+r /etc/ssl/private/server.key"
12160
msgstr ""
12161
12162
#: serverguide/C/network-auth.xml:768(para)
14032
#: serverguide/C/network-auth.xml:1024(command)
14033
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14034
msgstr ""
14035
14036
#: serverguide/C/network-auth.xml:1025(command)
14037
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14038
msgstr ""
14039
14040
#: serverguide/C/network-auth.xml:1029(para)
12163
14041
msgid ""
12164
14042
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
12165
14043
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
12166
14044
"adjust the commands appropriately."
12167
14045
msgstr ""
12168
14046
12169
#: serverguide/C/network-auth.xml:774(para)
14047
#: serverguide/C/network-auth.xml:1035(para)
12170
14048
msgid "Finally, restart <application>slapd</application>:"
12171
14049
msgstr ""
12172
14050
12173
#: serverguide/C/network-auth.xml:782(para)
14051
#: serverguide/C/network-auth.xml:1043(para)
12174
14052
msgid ""
12175
14053
"The <application>slapd</application> daemon should now be listening for "
12176
14054
"LDAPS connections and be able to use STARTTLS during authentication."
12177
14055
msgstr ""
12178
14056
12179
#: serverguide/C/network-auth.xml:788(para)
14057
#: serverguide/C/network-auth.xml:1049(para)
12180
14058
msgid ""
12181
14059
"If you run into troubles with the server not starting, check the "
12182
14060
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
12185
14063
"group has read permissions on the private key."
12186
14064
msgstr ""
12187
14065
12188
#: serverguide/C/network-auth.xml:800(title)
14066
#: serverguide/C/network-auth.xml:1061(title)
12189
14067
msgid "TLS Replication"
12190
14068
msgstr ""
12191
14069
12192
#: serverguide/C/network-auth.xml:802(para)
14070
#: serverguide/C/network-auth.xml:1063(para)
12193
14071
msgid ""
12194
14072
"If you have setup <application>Syncrepl</application> between servers, it is "
12195
14073
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
12197
14075
"linkend=\"openldap-server-replication\"/>."
12198
14076
msgstr ""
12199
14077
12200
#: serverguide/C/network-auth.xml:808(para)
12201
msgid ""
12202
"After setting up replication, and following the instructions in <xref "
12203
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12204
"be kept in mind:"
12205
msgstr ""
12206
12207
#: serverguide/C/network-auth.xml:815(para)
12208
msgid ""
12209
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12210
"server."
12211
msgstr ""
12212
12213
#: serverguide/C/network-auth.xml:820(para)
12214
msgid ""
12215
"The path names for the <emphasis>certificate</emphasis> and "
12216
"<emphasis>key</emphasis> must be the same on all servers."
12217
msgstr ""
12218
12219
#: serverguide/C/network-auth.xml:827(para)
12220
msgid ""
12221
"So on each replicated server: install a certificate, edit "
12222
"<filename>/etc/default/slapd</filename>, and restart "
12223
"<application>slapd</application>."
12224
msgstr ""
12225
12226
#: serverguide/C/network-auth.xml:832(para)
12227
msgid ""
12228
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12229
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12230
"terminal:"
12231
msgstr ""
12232
12233
#: serverguide/C/network-auth.xml:843(userinput)
12234
#, no-wrap
12235
msgid ""
12236
"dn: olcDatabase={0}config,cn=config\n"
12237
"replace: olcSyncrepl\n"
12238
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12239
"binddn=\"cn=admin,cn\n"
12240
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12241
"type=refre\n"
12242
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12243
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12244
"binddn=\"cn=admin,cn\n"
12245
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12246
"type=refre\n"
12247
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12248
msgstr ""
12249
12250
#: serverguide/C/network-auth.xml:842(computeroutput)
12251
#, no-wrap
12252
msgid ""
12253
"Enter LDAP Password: \n"
12254
"<placeholder-1/>\n"
12255
"\n"
12256
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12257
msgstr ""
12258
12259
#: serverguide/C/network-auth.xml:856(para)
12260
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12261
msgstr ""
12262
12263
#: serverguide/C/network-auth.xml:866(userinput)
12264
#, no-wrap
12265
msgid ""
14078
#: serverguide/C/network-auth.xml:1069(para)
14079
msgid ""
14080
"Assuming you have followed the above instructions and created a CA "
14081
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14082
"server. Follow the following instructions to create a certificate and key "
14083
"for the <emphasis>Consumer</emphasis> server."
14084
msgstr ""
14085
14086
#: serverguide/C/network-auth.xml:1078(para)
14087
msgid "Create a new key for the Consumer server:"
14088
msgstr ""
14089
14090
#: serverguide/C/network-auth.xml:1083(command)
14091
msgid "mkdir ldap02-ssl"
14092
msgstr ""
14093
14094
#: serverguide/C/network-auth.xml:1084(command)
14095
msgid "cd ldap02-ssl"
14096
msgstr ""
14097
14098
#: serverguide/C/network-auth.xml:1085(command)
14099
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14100
msgstr ""
14101
14102
#: serverguide/C/network-auth.xml:1089(para)
14103
msgid ""
14104
"Creating a new directory is not strictly necessary, but it will help keep "
14105
"things organized and make it easier to copy the files to the Consumer server."
14106
msgstr ""
14107
14108
#: serverguide/C/network-auth.xml:1098(para)
14109
msgid ""
14110
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14111
"server, changing the attributes to match your locality and server:"
14112
msgstr ""
14113
14114
#: serverguide/C/network-auth.xml:1103(programlisting)
14115
#, no-wrap
14116
msgid ""
14117
"\n"
14118
"country = US\n"
14119
"state = North Carolina\n"
14120
"locality = Winston-Salem\n"
14121
"organization = Example Company\n"
14122
"cn = ldap02.salem.edu\n"
14123
"tls_www_client\n"
14124
"encryption_key\n"
14125
"signing_key\n"
14126
msgstr ""
14127
14128
#: serverguide/C/network-auth.xml:1117(para)
14129
msgid "Create the certificate:"
14130
msgstr ""
14131
14132
#: serverguide/C/network-auth.xml:1122(command)
14133
msgid ""
14134
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14135
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14136
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14137
"ldap02_slapd_cert.pem"
14138
msgstr ""
14139
14140
#: serverguide/C/network-auth.xml:1130(para)
14141
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14142
msgstr ""
14143
14144
#: serverguide/C/network-auth.xml:1135(command)
14145
msgid "cp /etc/ssl/certs/cacert.pem ."
14146
msgstr ""
14147
14148
#: serverguide/C/network-auth.xml:1141(para)
14149
msgid ""
14150
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14151
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14152
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14153
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14154
"<filename>/etc/ssl/private</filename>."
14155
msgstr ""
14156
14157
#: serverguide/C/network-auth.xml:1150(para)
14158
msgid ""
14159
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14160
"by entering:"
14161
msgstr ""
14162
14163
#: serverguide/C/network-auth.xml:1160(userinput)
14164
#, no-wrap
14165
msgid ""
14166
"dn: cn=config\n"
14167
"add: olcTLSCACertificateFile\n"
14168
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14169
"-\n"
14170
"add: olcTLSCertificateFile\n"
14171
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14172
"-\n"
14173
"add: olcTLSCertificateKeyFile\n"
14174
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14175
msgstr ""
14176
14177
#: serverguide/C/network-auth.xml:1177(para)
14178
msgid ""
14179
"As with the Provider you can now edit "
14180
"<filename>/etc/default/slapd</filename> and add the "
14181
"<emphasis>ldaps:///</emphasis> parameter to the "
14182
"<emphasis>SLAPD_SERVICES</emphasis> option."
14183
msgstr ""
14184
14185
#: serverguide/C/network-auth.xml:1185(para)
14186
msgid ""
14187
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14188
"modify the <emphasis>Consumer</emphasis> server's "
14189
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14190
msgstr ""
14191
14192
#: serverguide/C/network-auth.xml:1198(userinput)
14193
#, no-wrap
14194
msgid ""
14195
"\n"
12266
14196
"dn: olcDatabase={1}hdb,cn=config\n"
12267
14197
"replace: olcSyncrepl\n"
12268
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12269
"binddn=\"cn=admin,dc=example,dc=\n"
12270
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12271
"type=r\n"
12272
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12273
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12274
"binddn=\"cn=admin,dc=example,dc=\n"
12275
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12276
"type=r\n"
12277
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
14198
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14199
"binddn=\"cn=ad\n"
14200
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14201
"logbas\n"
14202
" e=\"cn=accesslog\" "
14203
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14204
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14205
"starttls=yes"
12278
14206
msgstr ""
12279
14207
12280
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
14208
#: serverguide/C/network-auth.xml:1195(computeroutput)
12281
14209
#, no-wrap
12282
14210
msgid ""
12283
"Enter LDAP Password:\n"
14211
"SASL/EXTERNAL authentication started\n"
14212
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14213
"SASL SSF: 0\n"
12284
14214
"<placeholder-1/>\n"
12285
14215
"\n"
12286
"modifying entry \"olcDatabase={1}hdb,cn=config\""
14216
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
12287
14217
msgstr ""
12288
14218
12289
#: serverguide/C/network-auth.xml:878(para)
14219
#: serverguide/C/network-auth.xml:1210(para)
12290
14220
msgid ""
12291
14221
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12292
14222
"(FQDN) in the certificate, you may have to edit "
12293
14223
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12294
14224
msgstr ""
12295
14225
12296
#: serverguide/C/network-auth.xml:883(programlisting)
14226
#: serverguide/C/network-auth.xml:1215(programlisting)
12297
14227
#, no-wrap
12298
14228
msgid ""
12299
14229
"\n"
12300
"TLS_CERT /etc/ssl/certs/server.crt\n"
12301
"TLS_KEY /etc/ssl/private/server.key\n"
14230
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14231
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
12302
14232
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12303
14233
msgstr ""
12304
14234
12305
#: serverguide/C/network-auth.xml:890(para)
14235
#: serverguide/C/network-auth.xml:1222(para)
12306
14236
msgid ""
12307
14237
"Finally, restart <application>slapd</application> on each of the servers:"
12308
14238
msgstr ""
12309
14239
12310
#: serverguide/C/network-auth.xml:903(title)
14240
#: serverguide/C/network-auth.xml:1235(title)
12311
14241
msgid "LDAP Authentication"
12312
14242
msgstr ""
12313
14243
12314
#: serverguide/C/network-auth.xml:905(para)
14244
#: serverguide/C/network-auth.xml:1237(para)
12315
14245
msgid ""
12316
14246
"Once you have a working LDAP server, the <application>auth-client-"
12317
14247
"config</application> and <application>libnss-ldap</application> packages "
12319
14249
"LDAP. To install the packages from, a terminal prompt enter:"
12320
14250
msgstr ""
12321
14251
12322
#: serverguide/C/network-auth.xml:912(command)
14252
#: serverguide/C/network-auth.xml:1244(command)
12323
14253
msgid "sudo apt-get install libnss-ldap"
12324
14254
msgstr ""
12325
14255
12326
#: serverguide/C/network-auth.xml:915(para)
14256
#: serverguide/C/network-auth.xml:1247(para)
12327
14257
msgid ""
12328
14258
"During the install a menu dialog will ask you connection details about your "
12329
14259
"LDAP server."
12330
14260
msgstr ""
12331
14261
12332
#: serverguide/C/network-auth.xml:919(para)
14262
#: serverguide/C/network-auth.xml:1251(para)
12333
14263
msgid ""
12334
14264
"If you make a mistake when entering your information you can execute the "
12335
14265
"dialog again using:"
12336
14266
msgstr ""
12337
14267
12338
#: serverguide/C/network-auth.xml:924(command)
14268
#: serverguide/C/network-auth.xml:1256(command)
12339
14269
msgid "sudo dpkg-reconfigure ldap-auth-config"
12340
14270
msgstr ""
12341
14271
12342
#: serverguide/C/network-auth.xml:927(para)
14272
#: serverguide/C/network-auth.xml:1259(para)
12343
14273
msgid ""
12344
14274
"The results of the dialog can be seen in "
12345
14275
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
12346
14276
"covered in the menu edit this file accordingly."
12347
14277
msgstr ""
12348
14278
12349
#: serverguide/C/network-auth.xml:932(para)
14279
#: serverguide/C/network-auth.xml:1264(para)
12350
14280
msgid ""
12351
14281
"Now that <application>libnss-ldap</application> is configured enable the "
12352
14282
"<application>auth-client-config</application> LDAP profile by entering:"
12353
14283
msgstr ""
12354
14284
12355
#: serverguide/C/network-auth.xml:938(command)
14285
#: serverguide/C/network-auth.xml:1270(command)
12356
14286
msgid "sudo auth-client-config -t nss -p lac_ldap"
12357
14287
msgstr ""
12358
14288
12359
#: serverguide/C/network-auth.xml:943(para)
14289
#: serverguide/C/network-auth.xml:1275(para)
12360
14290
msgid ""
12361
14291
"<emphasis>-t:</emphasis> only modifies "
12362
14292
"<filename>/etc/nsswitch.conf</filename>."
12363
14293
msgstr ""
12364
14294
12365
#: serverguide/C/network-auth.xml:948(para)
14295
#: serverguide/C/network-auth.xml:1280(para)
12366
14296
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
12367
14297
msgstr ""
12368
14298
12369
#: serverguide/C/network-auth.xml:953(para)
14299
#: serverguide/C/network-auth.xml:1285(para)
12370
14300
msgid ""
12371
14301
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
12372
14302
"config</application> profile that is part of the <application>ldap-auth-"
12373
14303
"config</application> package."
12374
14304
msgstr ""
12375
14305
12376
#: serverguide/C/network-auth.xml:960(para)
14306
#: serverguide/C/network-auth.xml:1292(para)
12377
14307
msgid ""
12378
14308
"Using the <application>pam-auth-update</application> utility, configure the "
12379
14309
"system to use LDAP for authentication:"
12380
14310
msgstr ""
12381
14311
12382
#: serverguide/C/network-auth.xml:965(command)
14312
#: serverguide/C/network-auth.xml:1297(command)
12383
14313
msgid "sudo pam-auth-update"
12384
14314
msgstr ""
12385
14315
12386
#: serverguide/C/network-auth.xml:968(para)
14316
#: serverguide/C/network-auth.xml:1300(para)
12387
14317
msgid ""
12388
14318
"From the <application>pam-auth-update</application> menu, choose LDAP and "
12389
14319
"any other authentication mechanisms you need."
12390
14320
msgstr ""
12391
14321
12392
#: serverguide/C/network-auth.xml:972(para)
14322
#: serverguide/C/network-auth.xml:1304(para)
12393
14323
msgid ""
12394
14324
"You should now be able to login using user credentials stored in the LDAP "
12395
14325
"directory."
12396
14326
msgstr ""
12397
14327
12398
#: serverguide/C/network-auth.xml:977(para)
14328
#: serverguide/C/network-auth.xml:1309(para)
12399
14329
msgid ""
12400
14330
"If you are going to use LDAP to store Samba users you will need to configure "
12401
14331
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
12402
14332
"for details."
12403
14333
msgstr ""
12404
14334
12405
#: serverguide/C/network-auth.xml:985(title)
14335
#: serverguide/C/network-auth.xml:1317(title)
12406
14336
msgid "User and Group Management"
12407
14337
msgstr ""
12408
14338
12409
#: serverguide/C/network-auth.xml:987(para)
14339
#: serverguide/C/network-auth.xml:1319(para)
12410
14340
msgid ""
12411
14341
"The <application>ldap-utils</application> package comes with multiple "
12412
14342
"utilities to manage the directory, but the long string of options needed, "
12414
14344
"package contains configurable scripts to easily manage LDAP users and groups."
12415
14345
msgstr ""
12416
14346
12417
#: serverguide/C/network-auth.xml:993(para)
14347
#: serverguide/C/network-auth.xml:1325(para)
12418
14348
msgid "To install the package, from a terminal enter:"
12419
14349
msgstr ""
12420
14350
12421
#: serverguide/C/network-auth.xml:998(command)
14351
#: serverguide/C/network-auth.xml:1330(command)
12422
14352
msgid "sudo apt-get install ldapscripts"
12423
14353
msgstr ""
12424
14354
12425
#: serverguide/C/network-auth.xml:1001(para)
14355
#: serverguide/C/network-auth.xml:1333(para)
12426
14356
msgid ""
12427
14357
"Next, edit the config file "
12428
14358
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
12429
14359
"changing the following to match your environment:"
12430
14360
msgstr ""
12431
14361
12432
#: serverguide/C/network-auth.xml:1006(programlisting)
14362
#: serverguide/C/network-auth.xml:1338(programlisting)
12433
14363
#, no-wrap
12434
14364
msgid ""
12435
14365
"\n"
12445
14375
"MIDSTART=10000\n"
12446
14376
msgstr ""
12447
14377
12448
#: serverguide/C/network-auth.xml:1019(para)
14378
#: serverguide/C/network-auth.xml:1351(para)
12449
14379
msgid ""
12450
14380
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
12451
14381
"authenticated access to the directory:"
12452
14382
msgstr ""
12453
14383
12454
#: serverguide/C/network-auth.xml:1024(command)
14384
#: serverguide/C/network-auth.xml:1356(command)
12455
14385
msgid ""
12456
14386
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
12457
14387
msgstr ""
12458
14388
12459
#: serverguide/C/network-auth.xml:1025(command)
14389
#: serverguide/C/network-auth.xml:1357(command)
12460
14390
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
12461
14391
msgstr ""
12462
14392
12463
#: serverguide/C/network-auth.xml:1029(para)
14393
#: serverguide/C/network-auth.xml:1361(para)
12464
14394
msgid ""
12465
14395
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
12466
14396
"user."
12467
14397
msgstr ""
12468
14398
12469
#: serverguide/C/network-auth.xml:1034(para)
14399
#: serverguide/C/network-auth.xml:1366(para)
12470
14400
msgid ""
12471
14401
"The <application>ldapscripts</application> are now ready to help manage your "
12472
14402
"directory. The following are some examples of how to use the scripts:"
12473
14403
msgstr ""
12474
14404
12475
#: serverguide/C/network-auth.xml:1041(para)
14405
#: serverguide/C/network-auth.xml:1373(para)
12476
14406
msgid "Create a new user:"
12477
14407
msgstr ""
12478
14408
12479
#: serverguide/C/network-auth.xml:1045(command)
14409
#: serverguide/C/network-auth.xml:1377(command)
12480
14410
msgid "sudo ldapadduser george example"
12481
14411
msgstr ""
12482
14412
12483
#: serverguide/C/network-auth.xml:1047(para)
14413
#: serverguide/C/network-auth.xml:1379(para)
12484
14414
msgid ""
12485
14415
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
12486
14416
"and set the user's primary group (gid) to <emphasis "
12487
14417
"role=\"italic\">example</emphasis>"
12488
14418
msgstr ""
12489
14419
12490
#: serverguide/C/network-auth.xml:1053(para)
14420
#: serverguide/C/network-auth.xml:1385(para)
12491
14421
msgid "Change a user's password:"
12492
14422
msgstr ""
12493
14423
12494
#: serverguide/C/network-auth.xml:1057(command)
14424
#: serverguide/C/network-auth.xml:1389(command)
12495
14425
msgid "sudo ldapsetpasswd george"
12496
14426
msgstr ""
12497
14427
12498
#: serverguide/C/network-auth.xml:1058(computeroutput)
14428
#: serverguide/C/network-auth.xml:1390(computeroutput)
12499
14429
#, no-wrap
12500
14430
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
12501
14431
msgstr ""
12502
14432
12503
#: serverguide/C/network-auth.xml:1059(userinput)
14433
#: serverguide/C/network-auth.xml:1391(userinput)
12504
14434
#, no-wrap
12505
14435
msgid "New Password: "
12506
14436
msgstr ""
12507
14437
12508
#: serverguide/C/network-auth.xml:1060(userinput)
14438
#: serverguide/C/network-auth.xml:1392(userinput)
12509
14439
#, no-wrap
12510
14440
msgid "New Password (verify): "
12511
14441
msgstr ""
12512
14442
12513
#: serverguide/C/network-auth.xml:1064(para)
14443
#: serverguide/C/network-auth.xml:1396(para)
12514
14444
msgid "Delete a user:"
12515
14445
msgstr ""
12516
14446
12517
#: serverguide/C/network-auth.xml:1068(command)
14447
#: serverguide/C/network-auth.xml:1400(command)
12518
14448
msgid "sudo ldapdeleteuser george"
12519
14449
msgstr ""
12520
14450
12521
#: serverguide/C/network-auth.xml:1073(para)
14451
#: serverguide/C/network-auth.xml:1405(para)
12522
14452
msgid "Add a group:"
12523
14453
msgstr ""
12524
14454
12525
#: serverguide/C/network-auth.xml:1077(command)
14455
#: serverguide/C/network-auth.xml:1409(command)
12526
14456
msgid "sudo ldapaddgroup qa"
12527
14457
msgstr ""
12528
14458
12529
#: serverguide/C/network-auth.xml:1081(para)
14459
#: serverguide/C/network-auth.xml:1413(para)
12530
14460
msgid "Delete a group:"
12531
14461
msgstr ""
12532
14462
12533
#: serverguide/C/network-auth.xml:1085(command)
14463
#: serverguide/C/network-auth.xml:1417(command)
12534
14464
msgid "sudo ldapdeletegroup qa"
12535
14465
msgstr ""
12536
14466
12537
#: serverguide/C/network-auth.xml:1089(para)
14467
#: serverguide/C/network-auth.xml:1421(para)
12538
14468
msgid "Add a user to a group:"
12539
14469
msgstr ""
12540
14470
12541
#: serverguide/C/network-auth.xml:1093(command)
14471
#: serverguide/C/network-auth.xml:1425(command)
12542
14472
msgid "sudo ldapaddusertogroup george qa"
12543
14473
msgstr ""
12544
14474
12545
#: serverguide/C/network-auth.xml:1095(para)
14475
#: serverguide/C/network-auth.xml:1427(para)
12546
14476
msgid ""
12547
14477
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
12548
14478
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
12549
14479
"role=\"italic\">george</emphasis>."
12550
14480
msgstr ""
12551
14481
12552
#: serverguide/C/network-auth.xml:1101(para)
14482
#: serverguide/C/network-auth.xml:1433(para)
12553
14483
msgid "Remove a user from a group:"
12554
14484
msgstr ""
12555
14485
12556
#: serverguide/C/network-auth.xml:1105(command)
14486
#: serverguide/C/network-auth.xml:1437(command)
12557
14487
msgid "sudo ldapdeleteuserfromgroup george qa"
12558
14488
msgstr ""
12559
14489
12560
#: serverguide/C/network-auth.xml:1107(para)
14490
#: serverguide/C/network-auth.xml:1439(para)
12561
14491
msgid ""
12562
14492
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
12563
14493
"<emphasis role=\"italic\">qa</emphasis> group."
12564
14494
msgstr ""
12565
14495
12566
#: serverguide/C/network-auth.xml:1113(para)
14496
#: serverguide/C/network-auth.xml:1445(para)
12567
14497
msgid ""
12568
14498
"The <application>ldapmodifyuser</application> script allows you to add, "
12569
14499
"remove, or replace a user's attributes. The script uses the same syntax as "
12570
14500
"the <application>ldapmodify</application> utility. For example:"
12571
14501
msgstr ""
12572
14502
12573
#: serverguide/C/network-auth.xml:1118(command)
14503
#: serverguide/C/network-auth.xml:1450(command)
12574
14504
msgid "sudo ldapmodifyuser george"
12575
14505
msgstr ""
12576
14506
12577
#: serverguide/C/network-auth.xml:1119(computeroutput)
14507
#: serverguide/C/network-auth.xml:1451(computeroutput)
12578
14508
#, no-wrap
12579
14509
msgid ""
12580
14510
"# About to modify the following entry :\n"
12595
14525
"dn: uid=george,ou=People,dc=example,dc=com"
12596
14526
msgstr ""
12597
14527
12598
#: serverguide/C/network-auth.xml:1135(userinput)
14528
#: serverguide/C/network-auth.xml:1467(userinput)
12599
14529
#, no-wrap
12600
14530
msgid ""
12601
14531
"replace: gecos\n"
12602
14532
"gecos: George Carlin"
12603
14533
msgstr ""
12604
14534
12605
#: serverguide/C/network-auth.xml:1138(para)
14535
#: serverguide/C/network-auth.xml:1470(para)
12606
14536
msgid ""
12607
14537
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
12608
14538
"Carlin</quote>."
12609
14539
msgstr ""
12610
14540
12611
#: serverguide/C/network-auth.xml:1143(para)
14541
#: serverguide/C/network-auth.xml:1475(para)
12612
14542
msgid ""
12613
14543
"Another great feature of <application>ldapscripts</application>, is the "
12614
14544
"template system. Templates allow you to customize the attributes of user, "
12617
14547
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
12618
14548
msgstr ""
12619
14549
12620
#: serverguide/C/network-auth.xml:1150(programlisting)
14550
#: serverguide/C/network-auth.xml:1482(programlisting)
12621
14551
#, no-wrap
12622
14552
msgid ""
12623
14553
"\n"
12624
14554
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
12625
14555
msgstr ""
12626
14556
12627
#: serverguide/C/network-auth.xml:1154(para)
14557
#: serverguide/C/network-auth.xml:1486(para)
12628
14558
msgid ""
12629
14559
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
12630
14560
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
12632
14562
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
12633
14563
msgstr ""
12634
14564
12635
#: serverguide/C/network-auth.xml:1161(command)
14565
#: serverguide/C/network-auth.xml:1493(command)
12636
14566
msgid ""
12637
14567
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
12638
14568
"/etc/ldapscripts/ldapadduser.template"
12639
14569
msgstr ""
12640
14570
12641
#: serverguide/C/network-auth.xml:1164(para)
14571
#: serverguide/C/network-auth.xml:1496(para)
12642
14572
msgid ""
12643
14573
"Edit the new template to add the desired attributes. The following will "
12644
14574
"create new user's as with an <emphasis>objectClass</emphasis> of "
12645
14575
"<emphasis>inetOrgPerson</emphasis>:"
12646
14576
msgstr ""
12647
14577
12648
#: serverguide/C/network-auth.xml:1169(programlisting)
14578
#: serverguide/C/network-auth.xml:1501(programlisting)
12649
14579
#, no-wrap
12650
14580
msgid ""
12651
14581
"\n"
12664
14594
"title: Employee\n"
12665
14595
msgstr ""
12666
14596
12667
#: serverguide/C/network-auth.xml:1185(para)
14597
#: serverguide/C/network-auth.xml:1517(para)
12668
14598
msgid ""
12669
14599
"Notice the <emphasis><ask></emphasis> option used for the "
12670
14600
"<emphasis>cn</emphasis> value. Using <ask> will configure "
12672
14602
"during user creation."
12673
14603
msgstr ""
12674
14604
12675
#: serverguide/C/network-auth.xml:1193(para)
14605
#: serverguide/C/network-auth.xml:1525(para)
12676
14606
msgid ""
12677
14607
"There are more useful scripts in the package, to see a full list enter: "
12678
14608
"<command>dpkg -L ldapscripts | grep bin</command>"
12679
14609
msgstr ""
12680
14610
12681
#: serverguide/C/network-auth.xml:1202(para)
14611
#: serverguide/C/network-auth.xml:1534(para)
14612
msgid ""
14613
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14614
"Ubuntu Wiki</ulink> page has more details."
14615
msgstr ""
14616
14617
#: serverguide/C/network-auth.xml:1539(para)
12682
14618
msgid ""
12683
14619
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
12684
14620
"Home Page</ulink>"
12685
14621
msgstr ""
12686
14622
12687
#: serverguide/C/network-auth.xml:1207(para)
14623
#: serverguide/C/network-auth.xml:1544(para)
12688
14624
msgid ""
12689
14625
"Though starting to show it's age, a great source for in depth LDAP "
12690
14626
"information is O'Reilly's <ulink "
12692
14628
"Administration</ulink>"
12693
14629
msgstr ""
12694
14630
12695
#: serverguide/C/network-auth.xml:1213(para)
14631
#: serverguide/C/network-auth.xml:1550(para)
12696
14632
msgid ""
12697
14633
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
12698
14634
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
12699
14635
"newer versions of OpenLDAP."
12700
14636
msgstr ""
12701
14637
12702
#: serverguide/C/network-auth.xml:1219(para)
14638
#: serverguide/C/network-auth.xml:1556(para)
12703
14639
msgid ""
12704
14640
"For more information on <application>auth-client-config</application> see "
12705
14641
"the man page: <command>man auth-client-config</command>."
12706
14642
msgstr ""
12707
14643
12708
#: serverguide/C/network-auth.xml:1224(para)
14644
#: serverguide/C/network-auth.xml:1561(para)
12709
14645
msgid ""
12710
14646
"For more details regarding the <application>ldapscripts</application> "
12711
14647
"package see the man pages: <command>man ldapscripts</command>, <command>man "
12712
14648
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
12713
14649
msgstr ""
12714
14650
12715
#: serverguide/C/network-auth.xml:1234(title)
14651
#: serverguide/C/network-auth.xml:1571(title)
12716
14652
msgid "Samba and LDAP"
12717
14653
msgstr ""
12718
14654
12719
#: serverguide/C/network-auth.xml:1236(para)
14655
#: serverguide/C/network-auth.xml:1573(para)
12720
14656
msgid ""
12721
14657
"This section covers configuring Samba to use LDAP for user, group, and "
12722
14658
"machine account information and authentication. The assumption is, you "
12727
14663
"Samba see <xref linkend=\"windows-networking\"/>."
12728
14664
msgstr ""
12729
14665
12730
#: serverguide/C/network-auth.xml:1246(para)
14666
#: serverguide/C/network-auth.xml:1583(para)
12731
14667
msgid ""
12732
14668
"There are three packages needed when integrating Samba with LDAP. "
12733
14669
"<application>samba</application>, <application>samba-doc</application>, and "
12735
14671
"from a terminal enter:"
12736
14672
msgstr ""
12737
14673
12738
#: serverguide/C/network-auth.xml:1252(command)
14674
#: serverguide/C/network-auth.xml:1589(command)
12739
14675
msgid "sudo apt-get install samba samba-doc smbldap-tools"
12740
14676
msgstr ""
12741
14677
12742
#: serverguide/C/network-auth.xml:1255(para)
14678
#: serverguide/C/network-auth.xml:1592(para)
12743
14679
msgid ""
12744
14680
"Strictly speaking the <application>smbldap-tools</application> package isn't "
12745
14681
"needed, but unless you have another package or custom scripts, a method of "
12746
14682
"managing users, groups, and computer accounts is needed."
12747
14683
msgstr ""
12748
14684
12749
#: serverguide/C/network-auth.xml:1262(title)
14685
#: serverguide/C/network-auth.xml:1599(title)
12750
14686
msgid "OpenLDAP Configuration"
12751
14687
msgstr ""
12752
14688
12753
#: serverguide/C/network-auth.xml:1264(para)
14689
#: serverguide/C/network-auth.xml:1601(para)
12754
14690
msgid ""
12755
14691
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
12756
14692
"the user objects in the directory will need additional attributes. This "
12758
14694
"controller, and will add the necessary LDAP objects and attributes."
12759
14695
msgstr ""
12760
14696
12761
#: serverguide/C/network-auth.xml:1272(para)
14697
#: serverguide/C/network-auth.xml:1609(para)
12762
14698
msgid ""
12763
14699
"The Samba attributes are defined in the <filename>samba.schema</filename> "
12764
14700
"file which is part of the <application>samba-doc</application> package. The "
12766
14702
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
12767
14703
msgstr ""
12768
14704
12769
#: serverguide/C/network-auth.xml:1279(command)
14705
#: serverguide/C/network-auth.xml:1616(command)
12770
14706
msgid ""
12771
14707
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
12772
14708
"/etc/ldap/schema/"
12773
14709
msgstr ""
12774
14710
12775
#: serverguide/C/network-auth.xml:1280(command)
14711
#: serverguide/C/network-auth.xml:1617(command)
12776
14712
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
12777
14713
msgstr ""
12778
14714
12779
#: serverguide/C/network-auth.xml:1286(para)
14715
#: serverguide/C/network-auth.xml:1623(para)
12780
14716
msgid ""
12781
14717
"The <emphasis>samba</emphasis> schema needs to be added to the "
12782
14718
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
12784
14720
"linkend=\"openldap-configuration\"/>."
12785
14721
msgstr ""
12786
14722
12787
#: serverguide/C/network-auth.xml:1294(para) serverguide/C/network-auth.xml:2318(para)
14723
#: serverguide/C/network-auth.xml:1631(para) serverguide/C/network-auth.xml:2666(para)
12788
14724
msgid ""
12789
14725
"First, create a configuration file named "
12790
14726
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
12791
14727
"containing the following lines:"
12792
14728
msgstr ""
12793
14729
12794
#: serverguide/C/network-auth.xml:1299(programlisting)
14730
#: serverguide/C/network-auth.xml:1636(programlisting)
12795
14731
#, no-wrap
12796
14732
msgid ""
12797
14733
"\n"
12810
14746
"include /etc/ldap/schema/samba.schema\n"
12811
14747
msgstr ""
12812
14748
12813
#: serverguide/C/network-auth.xml:1329(para) serverguide/C/network-auth.xml:2353(para)
14749
#: serverguide/C/network-auth.xml:1666(para) serverguide/C/network-auth.xml:2701(para)
12814
14750
msgid ""
12815
14751
"Now use <application>slapcat</application> to convert the schema files:"
12816
14752
msgstr ""
12817
14753
12818
#: serverguide/C/network-auth.xml:1334(command)
14754
#: serverguide/C/network-auth.xml:1671(command)
12819
14755
msgid ""
12820
14756
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
12821
14757
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
12822
14758
msgstr ""
12823
14759
12824
#: serverguide/C/network-auth.xml:1337(para) serverguide/C/network-auth.xml:2361(para)
14760
#: serverguide/C/network-auth.xml:1674(para) serverguide/C/network-auth.xml:2709(para)
12825
14761
msgid ""
12826
14762
"Change the above file and path names to match your own if they are different."
12827
14763
msgstr ""
12828
14764
12829
#: serverguide/C/network-auth.xml:1344(para)
14765
#: serverguide/C/network-auth.xml:1681(para)
12830
14766
msgid ""
12831
14767
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
12832
14768
"the following attributes:"
12833
14769
msgstr ""
12834
14770
12835
#: serverguide/C/network-auth.xml:1348(programlisting)
14771
#: serverguide/C/network-auth.xml:1685(programlisting)
12836
14772
#, no-wrap
12837
14773
msgid ""
12838
14774
"\n"
12841
14777
"cn: samba\n"
12842
14778
msgstr ""
12843
14779
12844
#: serverguide/C/network-auth.xml:1358(programlisting)
14780
#: serverguide/C/network-auth.xml:1695(programlisting)
12845
14781
#, no-wrap
12846
14782
msgid ""
12847
14783
"\n"
12854
14790
"modifyTimestamp: 20080827045234Z\n"
12855
14791
msgstr ""
12856
14792
12857
#: serverguide/C/network-auth.xml:1383(command)
14793
#: serverguide/C/network-auth.xml:1720(command)
12858
14794
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
12859
14795
msgstr ""
12860
14796
12861
#: serverguide/C/network-auth.xml:1389(para)
14797
#: serverguide/C/network-auth.xml:1726(para)
12862
14798
msgid ""
12863
14799
"There should now be a <emphasis>dn: "
12864
14800
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
12865
14801
"sequential schema, entry in the cn=config tree."
12866
14802
msgstr ""
12867
14803
12868
#: serverguide/C/network-auth.xml:1397(para)
14804
#: serverguide/C/network-auth.xml:1734(para)
12869
14805
msgid ""
12870
14806
"Copy and paste the following into a file named "
12871
14807
"<filename>samba_indexes.ldif</filename>:"
12872
14808
msgstr ""
12873
14809
12874
#: serverguide/C/network-auth.xml:1401(programlisting)
14810
#: serverguide/C/network-auth.xml:1738(programlisting)
12875
14811
#, no-wrap
12876
14812
msgid ""
12877
14813
"\n"
12892
14828
"olcDbIndex: default sub\n"
12893
14829
msgstr ""
12894
14830
12895
#: serverguide/C/network-auth.xml:1419(para)
14831
#: serverguide/C/network-auth.xml:1756(para)
12896
14832
msgid ""
12897
14833
"Using the <application>ldapmodify</application> utility load the new indexes:"
12898
14834
msgstr ""
12899
14835
12900
#: serverguide/C/network-auth.xml:1424(command)
14836
#: serverguide/C/network-auth.xml:1761(command)
12901
14837
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
12902
14838
msgstr ""
12903
14839
12904
#: serverguide/C/network-auth.xml:1426(para)
14840
#: serverguide/C/network-auth.xml:1763(para)
12905
14841
msgid ""
12906
14842
"If all went well you should see the new indexes using "
12907
14843
"<application>ldapsearch</application>:"
12908
14844
msgstr ""
12909
14845
12910
#: serverguide/C/network-auth.xml:1431(command)
14846
#: serverguide/C/network-auth.xml:1768(command)
12911
14847
msgid ""
12912
14848
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
12913
14849
msgstr ""
12914
14850
12915
#: serverguide/C/network-auth.xml:1437(para)
14851
#: serverguide/C/network-auth.xml:1774(para)
12916
14852
msgid ""
12917
14853
"Next, configure the <application>smbldap-tools</application> package to "
12918
14854
"match your environment. The package comes with a configuration script that "
12919
14855
"will ask questions about the needed options. To run the script enter:"
12920
14856
msgstr ""
12921
14857
12922
#: serverguide/C/network-auth.xml:1443(command)
14858
#: serverguide/C/network-auth.xml:1780(command)
12923
14859
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
12924
14860
msgstr ""
12925
14861
12926
#: serverguide/C/network-auth.xml:1444(command)
14862
#: serverguide/C/network-auth.xml:1781(command)
12927
14863
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
12928
14864
msgstr ""
12929
14865
12930
#: serverguide/C/network-auth.xml:1447(para)
14866
#: serverguide/C/network-auth.xml:1784(para)
12931
14867
msgid ""
12932
14868
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
12933
14869
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
12936
14872
"may be simpler to edit the file appropriately."
12937
14873
msgstr ""
12938
14874
12939
#: serverguide/C/network-auth.xml:1457(para)
14875
#: serverguide/C/network-auth.xml:1794(para)
12940
14876
msgid ""
12941
14877
"The <application>smbldap-populate</application> script will add the "
12942
14878
"necessary users, groups, and LDAP objects required for Samba. It is a good "
12944
14880
"<application>slapcat</application> before executing the command:"
12945
14881
msgstr ""
12946
14882
12947
#: serverguide/C/network-auth.xml:1464(command)
14883
#: serverguide/C/network-auth.xml:1801(command)
12948
14884
msgid "sudo slapcat -l backup.ldif"
12949
14885
msgstr ""
12950
14886
12951
#: serverguide/C/network-auth.xml:1470(para)
14887
#: serverguide/C/network-auth.xml:1807(para)
12952
14888
msgid ""
12953
14889
"Once you have a current backup execute <application>smbldap-"
12954
14890
"populate</application> by entering:"
12955
14891
msgstr ""
12956
14892
12957
#: serverguide/C/network-auth.xml:1475(command)
14893
#: serverguide/C/network-auth.xml:1812(command)
12958
14894
msgid "sudo smbldap-populate"
12959
14895
msgstr ""
12960
14896
12961
#: serverguide/C/network-auth.xml:1479(para)
14897
#: serverguide/C/network-auth.xml:1816(para)
12962
14898
msgid ""
12963
14899
"You can create an LDIF file containing the new Samba objects by executing "
12964
14900
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
12965
14901
"look over the changes making sure everything is correct."
12966
14902
msgstr ""
12967
14903
12968
#: serverguide/C/network-auth.xml:1487(para)
14904
#: serverguide/C/network-auth.xml:1824(para)
12969
14905
msgid ""
12970
14906
"Your LDAP directory now has the necessary domain information to authenticate "
12971
14907
"Samba users."
12972
14908
msgstr ""
12973
14909
12974
#: serverguide/C/network-auth.xml:1493(title)
14910
#: serverguide/C/network-auth.xml:1830(title)
12975
14911
msgid "Samba Configuration"
12976
14912
msgstr ""
12977
14913
12978
#: serverguide/C/network-auth.xml:1495(para)
14914
#: serverguide/C/network-auth.xml:1832(para)
12979
14915
msgid ""
12980
14916
"There a multiple ways to configure Samba for details on some common "
12981
14917
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
12984
14920
"backend</emphasis> option and adding the following:"
12985
14921
msgstr ""
12986
14922
12987
#: serverguide/C/network-auth.xml:1501(programlisting)
14923
#: serverguide/C/network-auth.xml:1838(programlisting)
12988
14924
#, no-wrap
12989
14925
msgid ""
12990
14926
"\n"
13004
14940
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
13005
14941
msgstr ""
13006
14942
13007
#: serverguide/C/network-auth.xml:1518(para)
14943
#: serverguide/C/network-auth.xml:1855(para)
13008
14944
msgid "Restart <application>samba</application> to enable the new settings:"
13009
14945
msgstr ""
13010
14946
13011
#: serverguide/C/network-auth.xml:1526(para)
14947
#: serverguide/C/network-auth.xml:1863(para)
13012
14948
msgid ""
13013
14949
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
13014
14950
"enter:"
13015
14951
msgstr ""
13016
14952
13017
#: serverguide/C/network-auth.xml:1531(command)
14953
#: serverguide/C/network-auth.xml:1868(command)
13018
14954
msgid "sudo smbpasswd -w secret"
13019
14955
msgstr ""
13020
14956
13021
#: serverguide/C/network-auth.xml:1535(para)
14957
#: serverguide/C/network-auth.xml:1872(para)
13022
14958
msgid ""
13023
14959
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
13024
14960
"password."
13025
14961
msgstr ""
13026
14962
13027
#: serverguide/C/network-auth.xml:1540(para)
14963
#: serverguide/C/network-auth.xml:1877(para)
13028
14964
msgid ""
13029
14965
"If you currently have users in LDAP, and you want them to authenticate using "
13030
14966
"Samba, they will need some Samba attributes defined in the "
13033
14969
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
13034
14970
msgstr ""
13035
14971
13036
#: serverguide/C/network-auth.xml:1548(command)
14972
#: serverguide/C/network-auth.xml:1885(command)
13037
14973
msgid "sudo smbpasswd -a username"
13038
14974
msgstr ""
13039
14975
13040
#: serverguide/C/network-auth.xml:1551(para)
14976
#: serverguide/C/network-auth.xml:1888(para)
13041
14977
msgid "You will then be asked to enter the user's password."
13042
14978
msgstr ""
13043
14979
13044
#: serverguide/C/network-auth.xml:1555(para)
14980
#: serverguide/C/network-auth.xml:1892(para)
13045
14981
msgid ""
13046
14982
"To add new user, group, and machine accounts use the utilities from the "
13047
14983
"<application>smbldap-tools</application> package. Here are some examples:"
13048
14984
msgstr ""
13049
14985
13050
#: serverguide/C/network-auth.xml:1562(para)
14986
#: serverguide/C/network-auth.xml:1899(para)
13051
14987
msgid ""
13052
14988
"To add a new user to LDAP with Samba attributes enter the following, "
13053
14989
"replacing username with an actual username:"
13054
14990
msgstr ""
13055
14991
13056
#: serverguide/C/network-auth.xml:1566(command)
14992
#: serverguide/C/network-auth.xml:1903(command)
13057
14993
msgid "sudo smbldap-useradd -a -P username"
13058
14994
msgstr ""
13059
14995
13060
#: serverguide/C/network-auth.xml:1568(para)
14996
#: serverguide/C/network-auth.xml:1905(para)
13061
14997
msgid ""
13062
14998
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
13063
14999
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
13065
15001
"a password for the user."
13066
15002
msgstr ""
13067
15003
13068
#: serverguide/C/network-auth.xml:1574(para)
15004
#: serverguide/C/network-auth.xml:1911(para)
13069
15005
msgid "To remove a user from the directory enter:"
13070
15006
msgstr ""
13071
15007
13072
#: serverguide/C/network-auth.xml:1578(command)
15008
#: serverguide/C/network-auth.xml:1915(command)
13073
15009
msgid "sudo smbldap-userdel username"
13074
15010
msgstr ""
13075
15011
13076
#: serverguide/C/network-auth.xml:1580(para)
15012
#: serverguide/C/network-auth.xml:1917(para)
13077
15013
msgid ""
13078
15014
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
13079
15015
"r</emphasis> option to remove the user's home directory."
13080
15016
msgstr ""
13081
15017
13082
#: serverguide/C/network-auth.xml:1585(para)
15018
#: serverguide/C/network-auth.xml:1922(para)
13083
15019
msgid ""
13084
15020
"Use <application>smbldap-groupadd</application> to add a group, replacing "
13085
15021
"groupname with an appropriate group:"
13086
15022
msgstr ""
13087
15023
13088
#: serverguide/C/network-auth.xml:1589(command)
15024
#: serverguide/C/network-auth.xml:1926(command)
13089
15025
msgid "sudo smbldap-groupadd -a groupname"
13090
15026
msgstr ""
13091
15027
13092
#: serverguide/C/network-auth.xml:1591(para)
15028
#: serverguide/C/network-auth.xml:1928(para)
13093
15029
msgid ""
13094
15030
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
13095
15031
"a</emphasis> adds the Samba attributes."
13096
15032
msgstr ""
13097
15033
13098
#: serverguide/C/network-auth.xml:1596(para)
15034
#: serverguide/C/network-auth.xml:1933(para)
13099
15035
msgid ""
13100
15036
"To add a user to a group use <application>smbldap-groupmod</application>:"
13101
15037
msgstr ""
13102
15038
13103
#: serverguide/C/network-auth.xml:1600(command)
15039
#: serverguide/C/network-auth.xml:1937(command)
13104
15040
msgid "sudo smbldap-groupmod -m username groupname"
13105
15041
msgstr ""
13106
15042
13107
#: serverguide/C/network-auth.xml:1602(para)
15043
#: serverguide/C/network-auth.xml:1939(para)
13108
15044
msgid ""
13109
15045
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
13110
15046
"<emphasis>-m</emphasis> option can add more than one user at a time by "
13111
15047
"listing them in <emphasis>comma separated</emphasis> format."
13112
15048
msgstr ""
13113
15049
13114
#: serverguide/C/network-auth.xml:1608(para)
15050
#: serverguide/C/network-auth.xml:1945(para)
13115
15051
msgid ""
13116
15052
"<application>smbldap-groupmod</application> can also be used to remove a "
13117
15053
"user from a group:"
13118
15054
msgstr ""
13119
15055
13120
#: serverguide/C/network-auth.xml:1612(command)
15056
#: serverguide/C/network-auth.xml:1949(command)
13121
15057
msgid "sudo smbldap-groupmod -x username groupname"
13122
15058
msgstr ""
13123
15059
13124
#: serverguide/C/network-auth.xml:1616(para)
15060
#: serverguide/C/network-auth.xml:1953(para)
13125
15061
msgid ""
13126
15062
"Additionally, the <application>smbldap-useradd</application> utility can add "
13127
15063
"Samba machine accounts:"
13128
15064
msgstr ""
13129
15065
13130
#: serverguide/C/network-auth.xml:1620(command)
15066
#: serverguide/C/network-auth.xml:1957(command)
13131
15067
msgid "sudo smbldap-useradd -t 0 -w username"
13132
15068
msgstr ""
13133
15069
13134
#: serverguide/C/network-auth.xml:1622(para)
15070
#: serverguide/C/network-auth.xml:1959(para)
13135
15071
msgid ""
13136
15072
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
13137
15073
"<emphasis>-t 0</emphasis> option creates the machine account without a "
13141
15077
"<application>smbldap-useradd</application>."
13142
15078
msgstr ""
13143
15079
13144
#: serverguide/C/network-auth.xml:1631(para)
15080
#: serverguide/C/network-auth.xml:1968(para)
13145
15081
msgid ""
13146
15082
"There are more useful utilities and options in the <application>smbldap-"
13147
15083
"tools</application> package. The man page for each utility provides more "
13148
15084
"details."
13149
15085
msgstr ""
13150
15086
13151
#: serverguide/C/network-auth.xml:1642(para)
15087
#: serverguide/C/network-auth.xml:1979(para)
13152
15088
msgid ""
13153
15089
"There are multiple places where LDAP and Samba is documented in the <ulink "
13154
15090
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
13155
15091
"Collection</ulink>."
13156
15092
msgstr ""
13157
15093
13158
#: serverguide/C/network-auth.xml:1648(para)
15094
#: serverguide/C/network-auth.xml:1985(para)
13159
15095
msgid ""
13160
15096
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
13161
15097
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
13162
15098
msgstr ""
13163
15099
13164
#: serverguide/C/network-auth.xml:1654(para)
15100
#: serverguide/C/network-auth.xml:1991(para)
13165
15101
msgid ""
13166
15102
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
13167
15103
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
13168
15104
msgstr ""
13169
15105
13170
#: serverguide/C/network-auth.xml:1660(para)
15106
#: serverguide/C/network-auth.xml:1997(para)
13171
15107
msgid ""
13172
15108
"Again, for more information on <application>smbldap-tools</application> see "
13173
15109
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
13174
15110
"groupadd</command>, <command>man smbldap-populate</command>, etc."
13175
15111
msgstr ""
13176
15112
13177
#: serverguide/C/network-auth.xml:1670(title)
15113
#: serverguide/C/network-auth.xml:2004(para)
15114
msgid ""
15115
"Also, there is a list of <ulink "
15116
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15117
"wiki</ulink> articles with more information."
15118
msgstr ""
15119
15120
#: serverguide/C/network-auth.xml:2013(title)
13178
15121
msgid "Kerberos"
13179
15122
msgstr ""
13180
15123
13181
#: serverguide/C/network-auth.xml:1672(para)
15124
#: serverguide/C/network-auth.xml:2015(para)
13182
15125
msgid ""
13183
15126
"<application>Kerberos</application> is a network authentication system based "
13184
15127
"on the principal of a trusted third party. The other two parties being the "
13187
15130
"network environment one step closer to being Single Sign On (SSO)."
13188
15131
msgstr ""
13189
15132
13190
#: serverguide/C/network-auth.xml:1678(para)
15133
#: serverguide/C/network-auth.xml:2021(para)
13191
15134
msgid ""
13192
15135
"This section covers installation and configuration of a Kerberos server, and "
13193
15136
"some example client configurations."
13194
15137
msgstr ""
13195
15138
13196
#: serverguide/C/network-auth.xml:1685(para)
15139
#: serverguide/C/network-auth.xml:2028(para)
13197
15140
msgid ""
13198
15141
"If you are new to Kerberos there are a few terms that are good to understand "
13199
15142
"before setting up a Kerberos server. Most of the terms will relate to things "
13200
15143
"you may be familiar with in other environments:"
13201
15144
msgstr ""
13202
15145
13203
#: serverguide/C/network-auth.xml:1692(para)
15146
#: serverguide/C/network-auth.xml:2035(para)
13204
15147
msgid ""
13205
15148
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
13206
15149
"by servers need to be defined as Kerberos Principals."
13207
15150
msgstr ""
13208
15151
13209
#: serverguide/C/network-auth.xml:1697(para)
15152
#: serverguide/C/network-auth.xml:2040(para)
13210
15153
msgid ""
13211
15154
"<emphasis>Instances:</emphasis> are used for service principals and special "
13212
15155
"administrative principals."
13213
15156
msgstr ""
13214
15157
13215
#: serverguide/C/network-auth.xml:1702(para)
15158
#: serverguide/C/network-auth.xml:2045(para)
13216
15159
msgid ""
13217
15160
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
13218
15161
"Kerberos installation. Usually the DNS domain converted to uppercase "
13219
15162
"(EXAMPLE.COM)."
13220
15163
msgstr ""
13221
15164
13222
#: serverguide/C/network-auth.xml:1708(para)
15165
#: serverguide/C/network-auth.xml:2051(para)
13223
15166
msgid ""
13224
15167
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
13225
15168
"a database of all principals, the authentication server, and the ticket "
13226
15169
"granting server. For each realm there must be at least one KDC."
13227
15170
msgstr ""
13228
15171
13229
#: serverguide/C/network-auth.xml:1714(para)
15172
#: serverguide/C/network-auth.xml:2057(para)
13230
15173
msgid ""
13231
15174
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
13232
15175
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
13233
15176
"password which is known only to the user and the KDC."
13234
15177
msgstr ""
13235
15178
13236
#: serverguide/C/network-auth.xml:1720(para)
15179
#: serverguide/C/network-auth.xml:2063(para)
13237
15180
msgid ""
13238
15181
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
13239
15182
"clients upon request."
13240
15183
msgstr ""
13241
15184
13242
#: serverguide/C/network-auth.xml:1725(para)
15185
#: serverguide/C/network-auth.xml:2068(para)
13243
15186
msgid ""
13244
15187
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
13245
15188
"One principal being a user and the other a service requested by the user. "
13247
15190
"authenticated session."
13248
15191
msgstr ""
13249
15192
13250
#: serverguide/C/network-auth.xml:1731(para)
15193
#: serverguide/C/network-auth.xml:2074(para)
13251
15194
msgid ""
13252
15195
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
13253
15196
"principal database and contain the encryption key for a service or host."
13254
15197
msgstr ""
13255
15198
13256
#: serverguide/C/network-auth.xml:1738(para)
15199
#: serverguide/C/network-auth.xml:2081(para)
13257
15200
msgid ""
13258
15201
"To put the pieces together, a Realm has at least one KDC, preferably two for "
13259
15202
"redundancy, which contains a database of Principals. When a user principal "
13265
15208
"and password."
13266
15209
msgstr ""
13267
15210
13268
#: serverguide/C/network-auth.xml:1747(title)
15211
#: serverguide/C/network-auth.xml:2090(title)
13269
15212
msgid "Kerberos Server"
13270
15213
msgstr ""
13271
15214
13272
#: serverguide/C/network-auth.xml:1751(para)
15215
#: serverguide/C/network-auth.xml:2094(para)
13273
15216
msgid ""
13274
15217
"Before installing the Kerberos server a properly configured DNS server is "
13275
15218
"needed for your domain. Since the Kerberos Realm by convention matches the "
13277
15220
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
13278
15221
msgstr ""
13279
15222
13280
#: serverguide/C/network-auth.xml:1757(para)
15223
#: serverguide/C/network-auth.xml:2100(para)
13281
15224
msgid ""
13282
15225
"Also, Kerberos is a time sensitive protocol. So if the local system time "
13283
15226
"between a client machine and the server differs by more than five minutes "
13287
15230
"NTP see <xref linkend=\"NTP\"/>."
13288
15231
msgstr ""
13289
15232
13290
#: serverguide/C/network-auth.xml:1764(para)
15233
#: serverguide/C/network-auth.xml:2107(para)
13291
15234
msgid ""
13292
15235
"The first step in installing a Kerberos Realm is to install the "
13293
15236
"<application>krb5-kdc</application> and <application>krb5-admin-"
13294
15237
"server</application> packages. From a terminal enter:"
13295
15238
msgstr ""
13296
15239
13297
#: serverguide/C/network-auth.xml:1770(command) serverguide/C/network-auth.xml:1945(command)
15240
#: serverguide/C/network-auth.xml:2113(command) serverguide/C/network-auth.xml:2288(command)
13298
15241
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
13299
15242
msgstr ""
13300
15243
13301
#: serverguide/C/network-auth.xml:1773(para)
15244
#: serverguide/C/network-auth.xml:2116(para)
13302
15245
msgid ""
13303
15246
"You will be asked at the end of the install to supply a name for the "
13304
15247
"Kerberos and Admin servers, which may or may not be the same server, for the "
13305
15248
"realm."
13306
15249
msgstr ""
13307
15250
13308
#: serverguide/C/network-auth.xml:1778(para)
15251
#: serverguide/C/network-auth.xml:2121(para)
13309
15252
msgid ""
13310
15253
"Next, create the new realm with the <application>kdb5_newrealm</application> "
13311
15254
"utility:"
13312
15255
msgstr ""
13313
15256
13314
#: serverguide/C/network-auth.xml:1783(command)
15257
#: serverguide/C/network-auth.xml:2126(command)
13315
15258
msgid "sudo krb5_newrealm"
13316
15259
msgstr ""
13317
15260
13318
#: serverguide/C/network-auth.xml:1790(para)
15261
#: serverguide/C/network-auth.xml:2133(para)
13319
15262
msgid ""
13320
15263
"The questions asked during installation are used to configure the "
13321
15264
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
13323
15266
"<application>krb5-kdc</application> daemon."
13324
15267
msgstr ""
13325
15268
13326
#: serverguide/C/network-auth.xml:1798(para)
15269
#: serverguide/C/network-auth.xml:2141(para)
13327
15270
msgid ""
13328
15271
"Now that the KDC running an admin user is needed. It is recommended to use a "
13329
15272
"different username from your everyday username. Using the "
13330
15273
"<application>kadmin.local</application> utility in a terminal prompt enter:"
13331
15274
msgstr ""
13332
15275
13333
#: serverguide/C/network-auth.xml:1804(command) serverguide/C/network-auth.xml:2595(command)
15276
#: serverguide/C/network-auth.xml:2147(command) serverguide/C/network-auth.xml:2943(command)
13334
15277
msgid "sudo kadmin.local"
13335
15278
msgstr ""
13336
15279
13337
#: serverguide/C/network-auth.xml:1805(computeroutput)
15280
#: serverguide/C/network-auth.xml:2148(computeroutput)
13338
15281
#, no-wrap
13339
15282
msgid ""
13340
15283
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
13341
15284
"kadmin.local:"
13342
15285
msgstr ""
13343
15286
13344
#: serverguide/C/network-auth.xml:1806(userinput)
15287
#: serverguide/C/network-auth.xml:2149(userinput)
13345
15288
#, no-wrap
13346
15289
msgid " addprinc steve/admin"
13347
15290
msgstr ""
13348
15291
13349
#: serverguide/C/network-auth.xml:1807(computeroutput)
15292
#: serverguide/C/network-auth.xml:2150(computeroutput)
13350
15293
#, no-wrap
13351
15294
msgid ""
13352
15295
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
13357
15300
"kadmin.local:"
13358
15301
msgstr ""
13359
15302
13360
#: serverguide/C/network-auth.xml:1811(userinput)
15303
#: serverguide/C/network-auth.xml:2154(userinput)
13361
15304
#, no-wrap
13362
15305
msgid " quit"
13363
15306
msgstr ""
13364
15307
13365
#: serverguide/C/network-auth.xml:1814(para)
15308
#: serverguide/C/network-auth.xml:2157(para)
13366
15309
msgid ""
13367
15310
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
13368
15311
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
13373
15316
"rights."
13374
15317
msgstr ""
13375
15318
13376
#: serverguide/C/network-auth.xml:1822(para)
15319
#: serverguide/C/network-auth.xml:2165(para)
13377
15320
msgid ""
13378
15321
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
13379
15322
"your Realm and admin username."
13380
15323
msgstr ""
13381
15324
13382
#: serverguide/C/network-auth.xml:1830(para)
15325
#: serverguide/C/network-auth.xml:2173(para)
13383
15326
msgid ""
13384
15327
"Next, the new admin user needs to have the appropriate Access Control List "
13385
15328
"(ACL) permissions. The permissions are configured in the "
13386
15329
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
13387
15330
msgstr ""
13388
15331
13389
#: serverguide/C/network-auth.xml:1835(programlisting)
15332
#: serverguide/C/network-auth.xml:2178(programlisting)
13390
15333
#, no-wrap
13391
15334
msgid ""
13392
15335
"\n"
13393
15336
"steve/admin@EXAMPLE.COM *\n"
13394
15337
msgstr ""
13395
15338
13396
#: serverguide/C/network-auth.xml:1839(para)
15339
#: serverguide/C/network-auth.xml:2182(para)
13397
15340
msgid ""
13398
15341
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
13399
15342
"any operation on all principals in the realm."
13400
15343
msgstr ""
13401
15344
13402
#: serverguide/C/network-auth.xml:1846(para)
15345
#: serverguide/C/network-auth.xml:2189(para)
13403
15346
msgid ""
13404
15347
"Now restart the <application>krb5-admin-server</application> for the new ACL "
13405
15348
"to take affect:"
13406
15349
msgstr ""
13407
15350
13408
#: serverguide/C/network-auth.xml:1851(command)
15351
#: serverguide/C/network-auth.xml:2194(command)
13409
15352
msgid "sudo /etc/init.d/krb5-admin-server restart"
13410
15353
msgstr ""
13411
15354
13412
#: serverguide/C/network-auth.xml:1857(para)
15355
#: serverguide/C/network-auth.xml:2200(para)
13413
15356
msgid ""
13414
15357
"The new user principal can be tested using the <application>kinit "
13415
15358
"utility</application>:"
13416
15359
msgstr ""
13417
15360
13418
#: serverguide/C/network-auth.xml:1862(command)
15361
#: serverguide/C/network-auth.xml:2205(command)
13419
15362
msgid "kinit steve/admin"
13420
15363
msgstr ""
13421
15364
13422
#: serverguide/C/network-auth.xml:1863(computeroutput)
15365
#: serverguide/C/network-auth.xml:2206(computeroutput)
13423
15366
#, no-wrap
13424
15367
msgid "steve/admin@EXAMPLE.COM's Password:"
13425
15368
msgstr ""
13426
15369
13427
#: serverguide/C/network-auth.xml:1866(para)
15370
#: serverguide/C/network-auth.xml:2209(para)
13428
15371
msgid ""
13429
15372
"After entering the password, use the <application>klist</application> "
13430
15373
"utility to view information about the Ticket Granting Ticket (TGT):"
13431
15374
msgstr ""
13432
15375
13433
#: serverguide/C/network-auth.xml:1872(command) serverguide/C/network-auth.xml:2207(command)
15376
#: serverguide/C/network-auth.xml:2215(command) serverguide/C/network-auth.xml:2550(command)
13434
15377
msgid "klist"
13435
15378
msgstr ""
13436
15379
13437
#: serverguide/C/network-auth.xml:1873(computeroutput)
15380
#: serverguide/C/network-auth.xml:2216(computeroutput)
13438
15381
#, no-wrap
13439
15382
msgid ""
13440
15383
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
13444
15387
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
13445
15388
msgstr ""
13446
15389
13447
#: serverguide/C/network-auth.xml:1880(para)
15390
#: serverguide/C/network-auth.xml:2223(para)
13448
15391
msgid ""
13449
15392
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
13450
15393
"the KDC. For example:"
13451
15394
msgstr ""
13452
15395
13453
#: serverguide/C/network-auth.xml:1884(programlisting)
15396
#: serverguide/C/network-auth.xml:2227(programlisting)
13454
15397
#, no-wrap
13455
15398
msgid ""
13456
15399
"\n"
13457
15400
"192.168.0.1 kdc01.example.com kdc01\n"
13458
15401
msgstr ""
13459
15402
13460
#: serverguide/C/network-auth.xml:1888(para)
15403
#: serverguide/C/network-auth.xml:2231(para)
13461
15404
msgid ""
13462
15405
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
13463
15406
msgstr ""
13464
15407
13465
#: serverguide/C/network-auth.xml:1895(para)
15408
#: serverguide/C/network-auth.xml:2238(para)
13466
15409
msgid ""
13467
15410
"In order for clients to determine the KDC for the Realm some DNS SRV records "
13468
15411
"are needed. Add the following to "
13469
15412
"<filename>/etc/named/db.example.com</filename>:"
13470
15413
msgstr ""
13471
15414
13472
#: serverguide/C/network-auth.xml:1900(programlisting)
15415
#: serverguide/C/network-auth.xml:2243(programlisting)
13473
15416
#, no-wrap
13474
15417
msgid ""
13475
15418
"\n"
13481
15424
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
13482
15425
msgstr ""
13483
15426
13484
#: serverguide/C/network-auth.xml:1910(para)
15427
#: serverguide/C/network-auth.xml:2253(para)
13485
15428
msgid ""
13486
15429
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
13487
15430
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
13488
15431
"KDC."
13489
15432
msgstr ""
13490
15433
13491
#: serverguide/C/network-auth.xml:1916(para)
15434
#: serverguide/C/network-auth.xml:2259(para)
13492
15435
msgid ""
13493
15436
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
13494
15437
msgstr ""
13495
15438
13496
#: serverguide/C/network-auth.xml:1923(para)
15439
#: serverguide/C/network-auth.xml:2266(para)
13497
15440
msgid "Your new Kerberos Realm is now ready to authenticate clients."
13498
15441
msgstr ""
13499
15442
13500
#: serverguide/C/network-auth.xml:1930(title)
15443
#: serverguide/C/network-auth.xml:2273(title)
13501
15444
msgid "Secondary KDC"
13502
15445
msgstr ""
13503
15446
13504
#: serverguide/C/network-auth.xml:1932(para)
15447
#: serverguide/C/network-auth.xml:2275(para)
13505
15448
msgid ""
13506
15449
"Once you have one Key Distribution Center (KDC) on your network, it is good "
13507
15450
"practice to have a Secondary KDC in case the primary becomes unavailable."
13508
15451
msgstr ""
13509
15452
13510
#: serverguide/C/network-auth.xml:1940(para)
15453
#: serverguide/C/network-auth.xml:2283(para)
13511
15454
msgid ""
13512
15455
"First, install the packages, and when asked for the Kerberos and Admin "
13513
15456
"server names enter the name of the Primary KDC:"
13514
15457
msgstr ""
13515
15458
13516
#: serverguide/C/network-auth.xml:1951(para)
15459
#: serverguide/C/network-auth.xml:2294(para)
13517
15460
msgid ""
13518
15461
"Once you have the packages installed, create the Secondary KDC's host "
13519
15462
"principal. From a terminal prompt, enter:"
13520
15463
msgstr ""
13521
15464
13522
#: serverguide/C/network-auth.xml:1956(command)
15465
#: serverguide/C/network-auth.xml:2299(command)
13523
15466
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
13524
15467
msgstr ""
13525
15468
13526
#: serverguide/C/network-auth.xml:1960(para)
15469
#: serverguide/C/network-auth.xml:2303(para)
13527
15470
msgid ""
13528
15471
"After, issuing any <application>kadmin</application> commands you will be "
13529
15472
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
13530
15473
"password."
13531
15474
msgstr ""
13532
15475
13533
#: serverguide/C/network-auth.xml:1969(para)
15476
#: serverguide/C/network-auth.xml:2312(para)
13534
15477
msgid "Extract the <emphasis>keytab</emphasis> file:"
13535
15478
msgstr ""
13536
15479
13537
#: serverguide/C/network-auth.xml:1974(command)
15480
#: serverguide/C/network-auth.xml:2317(command)
13538
15481
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
13539
15482
msgstr ""
13540
15483
13541
#: serverguide/C/network-auth.xml:1980(para)
15484
#: serverguide/C/network-auth.xml:2323(para)
13542
15485
msgid ""
13543
15486
"There should now be a <filename>keytab.kdc02</filename> in the current "
13544
15487
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
13545
15488
msgstr ""
13546
15489
13547
#: serverguide/C/network-auth.xml:1986(command)
15490
#: serverguide/C/network-auth.xml:2329(command)
13548
15491
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
13549
15492
msgstr ""
13550
15493
13551
#: serverguide/C/network-auth.xml:1990(para)
15494
#: serverguide/C/network-auth.xml:2333(para)
13552
15495
msgid ""
13553
15496
"If the path to the <filename>keytab.kdc02</filename> file is different "
13554
15497
"adjust accordingly."
13555
15498
msgstr ""
13556
15499
13557
#: serverguide/C/network-auth.xml:1995(para)
15500
#: serverguide/C/network-auth.xml:2338(para)
13558
15501
msgid ""
13559
15502
"Also, you can list the principals in a Keytab file, which can be useful when "
13560
15503
"troubleshooting, using the <application>klist</application> utility:"
13561
15504
msgstr ""
13562
15505
13563
#: serverguide/C/network-auth.xml:2001(command)
15506
#: serverguide/C/network-auth.xml:2344(command)
13564
15507
msgid "sudo klist -k /etc/krb5.keytab"
13565
15508
msgstr ""
13566
15509
13567
#: serverguide/C/network-auth.xml:2007(para)
15510
#: serverguide/C/network-auth.xml:2350(para)
13568
15511
msgid ""
13569
15512
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
13570
15513
"that lists all KDCs for the Realm. For example, on both primary and "
13571
15514
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
13572
15515
msgstr ""
13573
15516
13574
#: serverguide/C/network-auth.xml:2012(programlisting)
15517
#: serverguide/C/network-auth.xml:2355(programlisting)
13575
15518
#, no-wrap
13576
15519
msgid ""
13577
15520
"\n"
13579
15522
"host/kdc02.example.com@EXAMPLE.COM\n"
13580
15523
msgstr ""
13581
15524
13582
#: serverguide/C/network-auth.xml:2020(para)
15525
#: serverguide/C/network-auth.xml:2363(para)
13583
15526
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
13584
15527
msgstr ""
13585
15528
13586
#: serverguide/C/network-auth.xml:2025(command)
15529
#: serverguide/C/network-auth.xml:2368(command)
13587
15530
msgid "sudo kdb5_util -s create"
13588
15531
msgstr ""
13589
15532
13590
#: serverguide/C/network-auth.xml:2031(para)
15533
#: serverguide/C/network-auth.xml:2374(para)
13591
15534
msgid ""
13592
15535
"Now start the <application>kpropd</application> daemon, which listens for "
13593
15536
"connections from the <application>kprop</application> utility. "
13594
15537
"<application>kprop</application> is used to transfer dump files:"
13595
15538
msgstr ""
13596
15539
13597
#: serverguide/C/network-auth.xml:2038(command)
15540
#: serverguide/C/network-auth.xml:2381(command)
13598
15541
msgid "sudo kpropd -S"
13599
15542
msgstr ""
13600
15543
13601
#: serverguide/C/network-auth.xml:2044(para)
15544
#: serverguide/C/network-auth.xml:2387(para)
13602
15545
msgid ""
13603
15546
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
13604
15547
"of the principal database:"
13605
15548
msgstr ""
13606
15549
13607
#: serverguide/C/network-auth.xml:2049(command)
15550
#: serverguide/C/network-auth.xml:2392(command)
13608
15551
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
13609
15552
msgstr ""
13610
15553
13611
#: serverguide/C/network-auth.xml:2055(para)
15554
#: serverguide/C/network-auth.xml:2398(para)
13612
15555
msgid ""
13613
15556
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
13614
15557
"<filename>/etc/krb5.keytab</filename>:"
13615
15558
msgstr ""
13616
15559
13617
#: serverguide/C/network-auth.xml:2060(command)
15560
#: serverguide/C/network-auth.xml:2403(command)
13618
15561
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
13619
15562
msgstr ""
13620
15563
13621
#: serverguide/C/network-auth.xml:2061(command)
15564
#: serverguide/C/network-auth.xml:2404(command)
13622
15565
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
13623
15566
msgstr ""
13624
15567
13625
#: serverguide/C/network-auth.xml:2065(para)
15568
#: serverguide/C/network-auth.xml:2408(para)
13626
15569
msgid ""
13627
15570
"Make sure there is a <emphasis>host</emphasis> for "
13628
15571
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
13629
15572
msgstr ""
13630
15573
13631
#: serverguide/C/network-auth.xml:2073(para)
15574
#: serverguide/C/network-auth.xml:2416(para)
13632
15575
msgid ""
13633
15576
"Using the <application>kprop</application> utility push the database to the "
13634
15577
"Secondary KDC:"
13635
15578
msgstr ""
13636
15579
13637
#: serverguide/C/network-auth.xml:2078(command)
15580
#: serverguide/C/network-auth.xml:2421(command)
13638
15581
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
13639
15582
msgstr ""
13640
15583
13641
#: serverguide/C/network-auth.xml:2082(para)
15584
#: serverguide/C/network-auth.xml:2425(para)
13642
15585
msgid ""
13643
15586
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
13644
15587
"worked. If there is an error message check "
13646
15589
"information."
13647
15590
msgstr ""
13648
15591
13649
#: serverguide/C/network-auth.xml:2088(para)
15592
#: serverguide/C/network-auth.xml:2431(para)
13650
15593
msgid ""
13651
15594
"You may also want to create a <application>cron</application> job to "
13652
15595
"periodically update the database on the Secondary KDC. For example, the "
13653
15596
"following will push the database every hour:"
13654
15597
msgstr ""
13655
15598
13656
#: serverguide/C/network-auth.xml:2093(programlisting)
15599
#: serverguide/C/network-auth.xml:2436(programlisting)
13657
15600
#, no-wrap
13658
15601
msgid ""
13659
15602
"\n"
13662
15605
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
13663
15606
msgstr ""
13664
15607
13665
#: serverguide/C/network-auth.xml:2101(para)
15608
#: serverguide/C/network-auth.xml:2444(para)
13666
15609
msgid ""
13667
15610
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
13668
15611
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
13669
15612
msgstr ""
13670
15613
13671
#: serverguide/C/network-auth.xml:2107(command)
15614
#: serverguide/C/network-auth.xml:2450(command)
13672
15615
msgid "sudo kdb5_util stash"
13673
15616
msgstr ""
13674
15617
13675
#: serverguide/C/network-auth.xml:2113(para)
15618
#: serverguide/C/network-auth.xml:2456(para)
13676
15619
msgid ""
13677
15620
"Finally, start the <application>krb5-kdc</application> daemon on the "
13678
15621
"Secondary KDC:"
13679
15622
msgstr ""
13680
15623
13681
#: serverguide/C/network-auth.xml:2118(command) serverguide/C/network-auth.xml:2725(command)
15624
#: serverguide/C/network-auth.xml:2461(command) serverguide/C/network-auth.xml:3073(command)
13682
15625
msgid "sudo /etc/init.d/krb5-kdc start"
13683
15626
msgstr ""
13684
15627
13685
#: serverguide/C/network-auth.xml:2124(para)
15628
#: serverguide/C/network-auth.xml:2467(para)
13686
15629
msgid ""
13687
15630
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
13688
15631
"for the Realm. You can test this by stopping the <application>krb5-"
13691
15634
"should receive a ticket from the Secondary KDC."
13692
15635
msgstr ""
13693
15636
13694
#: serverguide/C/network-auth.xml:2132(title)
15637
#: serverguide/C/network-auth.xml:2475(title)
13695
15638
msgid "Kerberos Linux Client"
13696
15639
msgstr ""
13697
15640
13698
#: serverguide/C/network-auth.xml:2134(para)
15641
#: serverguide/C/network-auth.xml:2477(para)
13699
15642
msgid ""
13700
15643
"This section covers configuring a Linux system as a "
13701
15644
"<application>Kerberos</application> client. This will allow access to any "
13702
15645
"kerberized services once a user has successfully logged into the system."
13703
15646
msgstr ""
13704
15647
13705
#: serverguide/C/network-auth.xml:2142(para)
15648
#: serverguide/C/network-auth.xml:2485(para)
13706
15649
msgid ""
13707
15650
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
13708
15651
"user</application> and <application>libpam-krb5</application> packages are "
13711
15654
"prompt:"
13712
15655
msgstr ""
13713
15656
13714
#: serverguide/C/network-auth.xml:2149(command)
15657
#: serverguide/C/network-auth.xml:2492(command)
13715
15658
msgid ""
13716
15659
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
13717
15660
msgstr ""
13718
15661
13719
#: serverguide/C/network-auth.xml:2152(para)
15662
#: serverguide/C/network-auth.xml:2495(para)
13720
15663
msgid ""
13721
15664
"The <application>auth-client-config</application> package allows simple "
13722
15665
"configuration of PAM for authentication from multiple sources, and the "
13727
15670
"be accessed off the network as well."
13728
15671
msgstr ""
13729
15672
13730
#: serverguide/C/network-auth.xml:2163(para)
15673
#: serverguide/C/network-auth.xml:2506(para)
13731
15674
msgid "To configure the client in a terminal enter:"
13732
15675
msgstr ""
13733
15676
13734
#: serverguide/C/network-auth.xml:2168(command)
15677
#: serverguide/C/network-auth.xml:2511(command)
13735
15678
msgid "sudo dpkg-reconfigure krb5-config"
13736
15679
msgstr ""
13737
15680
13738
#: serverguide/C/network-auth.xml:2171(para)
15681
#: serverguide/C/network-auth.xml:2514(para)
13739
15682
msgid ""
13740
15683
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
13741
15684
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
13743
15686
"Center (KDC) and Realm Administration server."
13744
15687
msgstr ""
13745
15688
13746
#: serverguide/C/network-auth.xml:2177(para)
15689
#: serverguide/C/network-auth.xml:2520(para)
13747
15690
msgid ""
13748
15691
"The <application>dpkg-reconfigure</application> adds entries to the "
13749
15692
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
13750
15693
"entries similar to the following:"
13751
15694
msgstr ""
13752
15695
13753
#: serverguide/C/network-auth.xml:2182(programlisting)
15696
#: serverguide/C/network-auth.xml:2525(programlisting)
13754
15697
#, no-wrap
13755
15698
msgid ""
13756
15699
"\n"
13764
15707
" }\n"
13765
15708
msgstr ""
13766
15709
13767
#: serverguide/C/network-auth.xml:2193(para)
15710
#: serverguide/C/network-auth.xml:2536(para)
13768
15711
msgid ""
13769
15712
"You can test the configuration by requesting a ticket using the "
13770
15713
"<application>kinit</application> utility. For example:"
13771
15714
msgstr ""
13772
15715
13773
#: serverguide/C/network-auth.xml:2198(command)
15716
#: serverguide/C/network-auth.xml:2541(command)
13774
15717
msgid "kinit steve@EXAMPLE.COM"
13775
15718
msgstr ""
13776
15719
13777
#: serverguide/C/network-auth.xml:2199(computeroutput)
15720
#: serverguide/C/network-auth.xml:2542(computeroutput)
13778
15721
#, no-wrap
13779
15722
msgid "Password for steve@EXAMPLE.COM:"
13780
15723
msgstr ""
13781
15724
13782
#: serverguide/C/network-auth.xml:2202(para)
15725
#: serverguide/C/network-auth.xml:2545(para)
13783
15726
msgid ""
13784
15727
"When a ticket has been granted, the details can be viewed using "
13785
15728
"<application>klist</application>:"
13786
15729
msgstr ""
13787
15730
13788
#: serverguide/C/network-auth.xml:2208(computeroutput)
15731
#: serverguide/C/network-auth.xml:2551(computeroutput)
13789
15732
#, no-wrap
13790
15733
msgid ""
13791
15734
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
13800
15743
"klist: You have no tickets cached"
13801
15744
msgstr ""
13802
15745
13803
#: serverguide/C/network-auth.xml:2220(para)
15746
#: serverguide/C/network-auth.xml:2563(para)
13804
15747
msgid ""
13805
15748
"Next, use the <application>auth-client-config</application> to configure the "
13806
15749
"<application>libpam-krb5</application> module to request a ticket during "
13807
15750
"login:"
13808
15751
msgstr ""
13809
15752
13810
#: serverguide/C/network-auth.xml:2226(command)
15753
#: serverguide/C/network-auth.xml:2569(command)
13811
15754
msgid "sudo auth-client-config -a -p kerberos_example"
13812
15755
msgstr ""
13813
15756
13814
#: serverguide/C/network-auth.xml:2229(para)
15757
#: serverguide/C/network-auth.xml:2572(para)
13815
15758
msgid ""
13816
15759
"You will should now receive a ticket upon successful login authentication."
13817
15760
msgstr ""
13818
15761
13819
#: serverguide/C/network-auth.xml:2240(para)
15762
#: serverguide/C/network-auth.xml:2583(para)
13820
15763
msgid ""
13821
15764
"For more information on Kerberos see the <ulink "
13822
15765
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
13823
15766
msgstr ""
13824
15767
13825
#: serverguide/C/network-auth.xml:2245(para)
15768
#: serverguide/C/network-auth.xml:2588(para)
15769
msgid ""
15770
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15771
"Kerberos</ulink> page has more details."
15772
msgstr ""
15773
15774
#: serverguide/C/network-auth.xml:2593(para)
13826
15775
msgid ""
13827
15776
"O'Reilly's <ulink "
13828
15777
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
13829
15778
"Guide</ulink> is a great reference when setting up Kerberos."
13830
15779
msgstr ""
13831
15780
13832
#: serverguide/C/network-auth.xml:2251(para)
15781
#: serverguide/C/network-auth.xml:2599(para)
13833
15782
msgid ""
13834
15783
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
13835
15784
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
13836
15785
"Kerberos questions."
13837
15786
msgstr ""
13838
15787
13839
#: serverguide/C/network-auth.xml:2261(title)
15788
#: serverguide/C/network-auth.xml:2609(title)
13840
15789
msgid "Kerberos and LDAP"
13841
15790
msgstr ""
13842
15791
13843
#: serverguide/C/network-auth.xml:2263(para)
15792
#: serverguide/C/network-auth.xml:2611(para)
13844
15793
msgid ""
13845
15794
"Replicating a Kerberos principal database between two servers can be "
13846
15795
"complicated, and adds an additional user database to your network. "
13850
15799
"<application>OpenLDAP</application> for the principal database."
13851
15800
msgstr ""
13852
15801
13853
#: serverguide/C/network-auth.xml:2271(title)
15802
#: serverguide/C/network-auth.xml:2619(title)
13854
15803
msgid "Configuring OpenLDAP"
13855
15804
msgstr ""
13856
15805
13857
#: serverguide/C/network-auth.xml:2273(para)
15806
#: serverguide/C/network-auth.xml:2621(para)
13858
15807
msgid ""
13859
15808
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
13860
15809
"<application>OpenLDAP</application> server that has network connectivity to "
13863
15812
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
13864
15813
msgstr ""
13865
15814
13866
#: serverguide/C/network-auth.xml:2280(para)
15815
#: serverguide/C/network-auth.xml:2628(para)
13867
15816
msgid ""
13868
15817
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
13869
15818
"that traffic between the KDC and LDAP server is encrypted. See <xref "
13870
15819
"linkend=\"openldap-tls\"/> for details."
13871
15820
msgstr ""
13872
15821
13873
#: serverguide/C/network-auth.xml:2287(para)
15822
#: serverguide/C/network-auth.xml:2635(para)
13874
15823
msgid ""
13875
15824
"To load the schema into LDAP, on the LDAP server install the "
13876
15825
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
13877
15826
msgstr ""
13878
15827
13879
#: serverguide/C/network-auth.xml:2293(command)
15828
#: serverguide/C/network-auth.xml:2641(command)
13880
15829
msgid "sudo apt-get install krb5-kdc-ldap"
13881
15830
msgstr ""
13882
15831
13883
#: serverguide/C/network-auth.xml:2298(para)
15832
#: serverguide/C/network-auth.xml:2646(para)
13884
15833
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
13885
15834
msgstr ""
13886
15835
13887
#: serverguide/C/network-auth.xml:2303(command)
15836
#: serverguide/C/network-auth.xml:2651(command)
13888
15837
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
13889
15838
msgstr ""
13890
15839
13891
#: serverguide/C/network-auth.xml:2304(command)
15840
#: serverguide/C/network-auth.xml:2652(command)
13892
15841
msgid ""
13893
15842
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
13894
15843
msgstr ""
13895
15844
13896
#: serverguide/C/network-auth.xml:2310(para)
15845
#: serverguide/C/network-auth.xml:2658(para)
13897
15846
msgid ""
13898
15847
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
13899
15848
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
13901
15850
"linkend=\"openldap-configuration\"/>."
13902
15851
msgstr ""
13903
15852
13904
#: serverguide/C/network-auth.xml:2323(programlisting)
15853
#: serverguide/C/network-auth.xml:2671(programlisting)
13905
15854
#, no-wrap
13906
15855
msgid ""
13907
15856
"\n"
13920
15869
"include /etc/ldap/schema/kerberos.schema\n"
13921
15870
msgstr ""
13922
15871
13923
#: serverguide/C/network-auth.xml:2343(para)
15872
#: serverguide/C/network-auth.xml:2691(para)
13924
15873
msgid "Create a temporary directory to hold the LDIF files:"
13925
15874
msgstr ""
13926
15875
13927
#: serverguide/C/network-auth.xml:2358(command)
15876
#: serverguide/C/network-auth.xml:2706(command)
13928
15877
msgid ""
13929
15878
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13930
15879
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
13931
15880
msgstr ""
13932
15881
13933
#: serverguide/C/network-auth.xml:2368(para)
15882
#: serverguide/C/network-auth.xml:2716(para)
13934
15883
msgid ""
13935
15884
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
13936
15885
"changing the following attributes:"
13937
15886
msgstr ""
13938
15887
13939
#: serverguide/C/network-auth.xml:2372(programlisting)
15888
#: serverguide/C/network-auth.xml:2720(programlisting)
13940
15889
#, no-wrap
13941
15890
msgid ""
13942
15891
"\n"
13945
15894
"cn: kerberos\n"
13946
15895
msgstr ""
13947
15896
13948
#: serverguide/C/network-auth.xml:2378(para)
15897
#: serverguide/C/network-auth.xml:2726(para)
13949
15898
msgid "And remove the following lines from the end of the file:"
13950
15899
msgstr ""
13951
15900
13952
#: serverguide/C/network-auth.xml:2382(programlisting)
15901
#: serverguide/C/network-auth.xml:2730(programlisting)
13953
15902
#, no-wrap
13954
15903
msgid ""
13955
15904
"\n"
13962
15911
"modifyTimestamp: 20090111203515Z\n"
13963
15912
msgstr ""
13964
15913
13965
#: serverguide/C/network-auth.xml:2401(para)
15914
#: serverguide/C/network-auth.xml:2749(para)
13966
15915
msgid "Load the new schema with <application>ldapadd</application>:"
13967
15916
msgstr ""
13968
15917
13969
#: serverguide/C/network-auth.xml:2406(command)
15918
#: serverguide/C/network-auth.xml:2754(command)
13970
15919
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
13971
15920
msgstr ""
13972
15921
13973
#: serverguide/C/network-auth.xml:2412(para)
15922
#: serverguide/C/network-auth.xml:2760(para)
13974
15923
msgid ""
13975
15924
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
13976
15925
msgstr ""
13977
15926
13978
#: serverguide/C/network-auth.xml:2419(userinput)
15927
#: serverguide/C/network-auth.xml:2765(command) serverguide/C/network-auth.xml:2782(command)
15928
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15929
msgstr ""
15930
15931
#: serverguide/C/network-auth.xml:2767(userinput)
13979
15932
#, no-wrap
13980
15933
msgid ""
13981
15934
"dn: olcDatabase={1}hdb,cn=config\n"
13983
15936
"olcDbIndex: krbPrincipalName eq,pres,sub"
13984
15937
msgstr ""
13985
15938
13986
#: serverguide/C/network-auth.xml:2429(para)
15939
#: serverguide/C/network-auth.xml:2766(computeroutput)
15940
#, no-wrap
15941
msgid ""
15942
"Enter LDAP Password:\n"
15943
"<placeholder-1/>\n"
15944
"\n"
15945
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15946
msgstr ""
15947
15948
#: serverguide/C/network-auth.xml:2777(para)
13987
15949
msgid "Finally, update the Access Control Lists (ACL):"
13988
15950
msgstr ""
13989
15951
13990
#: serverguide/C/network-auth.xml:2436(userinput)
15952
#: serverguide/C/network-auth.xml:2784(userinput)
13991
15953
#, no-wrap
13992
15954
msgid ""
13993
15955
"dn: olcDatabase={1}hdb,cn=config\n"
14003
15965
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
14004
15966
msgstr ""
14005
15967
14006
#: serverguide/C/network-auth.xml:2435(computeroutput)
15968
#: serverguide/C/network-auth.xml:2783(computeroutput)
14007
15969
#, no-wrap
14008
15970
msgid ""
14009
15971
"Enter LDAP Password: \n"
14012
15974
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14013
15975
msgstr ""
14014
15976
14015
#: serverguide/C/network-auth.xml:2456(para)
15977
#: serverguide/C/network-auth.xml:2804(para)
14016
15978
msgid ""
14017
15979
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
14018
15980
"database."
14019
15981
msgstr ""
14020
15982
14021
#: serverguide/C/network-auth.xml:2462(title)
15983
#: serverguide/C/network-auth.xml:2810(title)
14022
15984
msgid "Primary KDC Configuration"
14023
15985
msgstr ""
14024
15986
14025
#: serverguide/C/network-auth.xml:2464(para)
15987
#: serverguide/C/network-auth.xml:2812(para)
14026
15988
msgid ""
14027
15989
"With <application>OpenLDAP</application> configured it is time to configure "
14028
15990
"the KDC."
14029
15991
msgstr ""
14030
15992
14031
#: serverguide/C/network-auth.xml:2470(para)
15993
#: serverguide/C/network-auth.xml:2818(para)
14032
15994
msgid "First, install the necessary packages, from a terminal enter:"
14033
15995
msgstr ""
14034
15996
14035
#: serverguide/C/network-auth.xml:2475(command) serverguide/C/network-auth.xml:2632(command)
15997
#: serverguide/C/network-auth.xml:2823(command) serverguide/C/network-auth.xml:2980(command)
14036
15998
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
14037
15999
msgstr ""
14038
16000
14039
#: serverguide/C/network-auth.xml:2481(para)
16001
#: serverguide/C/network-auth.xml:2829(para)
14040
16002
msgid ""
14041
16003
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
14042
16004
"under the appropriate sections:"
14043
16005
msgstr ""
14044
16006
14045
#: serverguide/C/network-auth.xml:2485(programlisting)
16007
#: serverguide/C/network-auth.xml:2833(programlisting)
14046
16008
#, no-wrap
14047
16009
msgid ""
14048
16010
"\n"
14092
16054
" }\n"
14093
16055
msgstr ""
14094
16056
14095
#: serverguide/C/network-auth.xml:2530(para)
16057
#: serverguide/C/network-auth.xml:2878(para)
14096
16058
msgid ""
14097
16059
"Change <emphasis>example.com</emphasis>, "
14098
16060
"<emphasis>dc=example,dc=com</emphasis>, "
14101
16063
"object, and LDAP server for your network."
14102
16064
msgstr ""
14103
16065
14104
#: serverguide/C/network-auth.xml:2539(para)
16066
#: serverguide/C/network-auth.xml:2887(para)
14105
16067
msgid ""
14106
16068
"Next, use the <application>kdb5_ldap_util</application> utility to create "
14107
16069
"the realm:"
14108
16070
msgstr ""
14109
16071
14110
#: serverguide/C/network-auth.xml:2544(command)
16072
#: serverguide/C/network-auth.xml:2892(command)
14111
16073
msgid ""
14112
16074
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
14113
16075
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
14114
16076
msgstr ""
14115
16077
14116
#: serverguide/C/network-auth.xml:2550(para)
16078
#: serverguide/C/network-auth.xml:2898(para)
14117
16079
msgid ""
14118
16080
"Create a stash of the password used to bind to the LDAP server. This "
14119
16081
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
14121
16083
"<filename>/etc/krb5.conf</filename>:"
14122
16084
msgstr ""
14123
16085
14124
#: serverguide/C/network-auth.xml:2556(command) serverguide/C/network-auth.xml:2694(command)
16086
#: serverguide/C/network-auth.xml:2904(command) serverguide/C/network-auth.xml:3042(command)
14125
16087
msgid ""
14126
16088
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
14127
16089
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
14128
16090
msgstr ""
14129
16091
14130
#: serverguide/C/network-auth.xml:2562(para)
16092
#: serverguide/C/network-auth.xml:2910(para)
14131
16093
msgid "Copy the CA certificate from the LDAP server:"
14132
16094
msgstr ""
14133
16095
14134
#: serverguide/C/network-auth.xml:2567(command)
16096
#: serverguide/C/network-auth.xml:2915(command)
14135
16097
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
14136
16098
msgstr ""
14137
16099
14138
#: serverguide/C/network-auth.xml:2568(command)
16100
#: serverguide/C/network-auth.xml:2916(command)
14139
16101
msgid "sudo cp cacert.pem /etc/ssl/certs"
14140
16102
msgstr ""
14141
16103
14142
#: serverguide/C/network-auth.xml:2571(para)
16104
#: serverguide/C/network-auth.xml:2919(para)
14143
16105
msgid ""
14144
16106
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
14145
16107
msgstr ""
14146
16108
14147
#: serverguide/C/network-auth.xml:2575(programlisting)
16109
#: serverguide/C/network-auth.xml:2923(programlisting)
14148
16110
#, no-wrap
14149
16111
msgid ""
14150
16112
"\n"
14151
16113
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14152
16114
msgstr ""
14153
16115
14154
#: serverguide/C/network-auth.xml:2580(para)
16116
#: serverguide/C/network-auth.xml:2928(para)
14155
16117
msgid ""
14156
16118
"The certificate will also need to be copied to the Secondary KDC, to allow "
14157
16119
"the connection to the LDAP servers using LDAPS."
14158
16120
msgstr ""
14159
16121
14160
#: serverguide/C/network-auth.xml:2589(para)
16122
#: serverguide/C/network-auth.xml:2937(para)
14161
16123
msgid ""
14162
16124
"You can now add Kerberos principals to the LDAP database, and they will be "
14163
16125
"copied to any other LDAP servers configured for replication. To add a "
14164
16126
"principal using the <application>kadmin.local</application> utility enter:"
14165
16127
msgstr ""
14166
16128
14167
#: serverguide/C/network-auth.xml:2597(userinput)
16129
#: serverguide/C/network-auth.xml:2945(userinput)
14168
16130
#, no-wrap
14169
16131
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
14170
16132
msgstr ""
14171
16133
14172
#: serverguide/C/network-auth.xml:2596(computeroutput)
16134
#: serverguide/C/network-auth.xml:2944(computeroutput)
14173
16135
#, no-wrap
14174
16136
msgid ""
14175
16137
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
14180
16142
"Principal \"steve@EXAMPLE.COM\" created."
14181
16143
msgstr ""
14182
16144
14183
#: serverguide/C/network-auth.xml:2604(para)
16145
#: serverguide/C/network-auth.xml:2952(para)
14184
16146
msgid ""
14185
16147
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
14186
16148
"krbExtraData attributes added to the "
14189
16151
"utilities to test that the user is indeed issued a ticket."
14190
16152
msgstr ""
14191
16153
14192
#: serverguide/C/network-auth.xml:2611(para)
16154
#: serverguide/C/network-auth.xml:2959(para)
14193
16155
msgid ""
14194
16156
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
14195
16157
"option is needed to add the Kerberos attributes. Otherwise a new "
14196
16158
"<emphasis>principal</emphasis> object will be created in the realm subtree."
14197
16159
msgstr ""
14198
16160
14199
#: serverguide/C/network-auth.xml:2619(title)
16161
#: serverguide/C/network-auth.xml:2967(title)
14200
16162
msgid "Secondary KDC Configuration"
14201
16163
msgstr ""
14202
16164
14203
#: serverguide/C/network-auth.xml:2621(para)
16165
#: serverguide/C/network-auth.xml:2969(para)
14204
16166
msgid ""
14205
16167
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
14206
16168
"one using the normal Kerberos database."
14207
16169
msgstr ""
14208
16170
14209
#: serverguide/C/network-auth.xml:2627(para)
16171
#: serverguide/C/network-auth.xml:2975(para)
14210
16172
msgid "First, install the necessary packages. In a terminal enter:"
14211
16173
msgstr ""
14212
16174
14213
#: serverguide/C/network-auth.xml:2638(para)
16175
#: serverguide/C/network-auth.xml:2986(para)
14214
16176
msgid ""
14215
16177
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
14216
16178
msgstr ""
14217
16179
14218
#: serverguide/C/network-auth.xml:2642(programlisting)
16180
#: serverguide/C/network-auth.xml:2990(programlisting)
14219
16181
#, no-wrap
14220
16182
msgid ""
14221
16183
"\n"
14264
16226
" }\n"
14265
16227
msgstr ""
14266
16228
14267
#: serverguide/C/network-auth.xml:2689(para)
16229
#: serverguide/C/network-auth.xml:3037(para)
14268
16230
msgid "Create the stash for the LDAP bind password:"
14269
16231
msgstr ""
14270
16232
14271
#: serverguide/C/network-auth.xml:2700(para)
16233
#: serverguide/C/network-auth.xml:3048(para)
14272
16234
msgid ""
14273
16235
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
14274
16236
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
14277
16239
"media."
14278
16240
msgstr ""
14279
16241
14280
#: serverguide/C/network-auth.xml:2707(command)
16242
#: serverguide/C/network-auth.xml:3055(command)
14281
16243
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
14282
16244
msgstr ""
14283
16245
14284
#: serverguide/C/network-auth.xml:2708(command)
16246
#: serverguide/C/network-auth.xml:3056(command)
14285
16247
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
14286
16248
msgstr ""
14287
16249
14288
#: serverguide/C/network-auth.xml:2712(para)
16250
#: serverguide/C/network-auth.xml:3060(para)
14289
16251
msgid ""
14290
16252
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
14291
16253
msgstr ""
14292
16254
14293
#: serverguide/C/network-auth.xml:2720(para)
16255
#: serverguide/C/network-auth.xml:3068(para)
14294
16256
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
14295
16257
msgstr ""
14296
16258
14297
#: serverguide/C/network-auth.xml:2731(para)
16259
#: serverguide/C/network-auth.xml:3079(para)
14298
16260
msgid ""
14299
16261
"You now have redundant KDCs on your network, and with redundant LDAP servers "
14300
16262
"you should be able to continue to authenticate users if one LDAP server, one "
14301
16263
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
14302
16264
msgstr ""
14303
16265
14304
#: serverguide/C/network-auth.xml:2743(para)
16266
#: serverguide/C/network-auth.xml:3091(para)
14305
16267
msgid ""
14306
16268
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14307
16269
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
14308
16270
"Guide</ulink> has some additional details."
14309
16271
msgstr ""
14310
16272
14311
#: serverguide/C/network-auth.xml:2749(para)
16273
#: serverguide/C/network-auth.xml:3097(para)
14312
16274
msgid ""
14313
16275
"For more information on <application>kdb5_ldap_util</application> see <ulink "
14314
16276
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14315
16277
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
14316
16278
"5.6</ulink> and the <ulink "
14317
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/kdb5_ldap_util.8.htm"
14318
"l\">kdb5_ldap_util man page</ulink>."
16279
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
16280
"\">kdb5_ldap_util man page</ulink>."
14319
16281
msgstr ""
14320
16282
14321
#: serverguide/C/network-auth.xml:2757(para)
16283
#: serverguide/C/network-auth.xml:3105(para)
14322
16284
msgid ""
14323
16285
"Another useful link is the <ulink "
14324
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">k"
14325
"rb5.conf man page</ulink>."
16286
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
16287
"b5.conf man page</ulink>."
16288
msgstr ""
16289
16290
#: serverguide/C/network-auth.xml:3110(para)
16291
msgid ""
16292
"Also, see the <ulink "
16293
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16294
"and LDAP</ulink> Ubuntu wiki page."
14326
16295
msgstr ""
14327
16296
14328
16297
#: serverguide/C/monitoring.xml:13(title)
14739
16708
"Nagios and network monitoring:"
14740
16709
msgstr ""
14741
16710
14742
#: serverguide/C/monitoring.xml:420(title)
16711
#: serverguide/C/monitoring.xml:416(para)
16712
msgid ""
16713
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16714
"Wiki</ulink> page also has more details."
16715
msgstr ""
16716
16717
#: serverguide/C/monitoring.xml:425(title)
14743
16718
msgid "Munin"
14744
16719
msgstr ""
14745
16720
14746
#: serverguide/C/monitoring.xml:425(para)
16721
#: serverguide/C/monitoring.xml:430(para)
14747
16722
msgid ""
14748
16723
"Before installing <application>Munin</application> on "
14749
16724
"<emphasis>server01</emphasis><application>apache2</application> will need to "
14752
16727
"linkend=\"httpd\"/>."
14753
16728
msgstr ""
14754
16729
14755
#: serverguide/C/monitoring.xml:431(para)
16730
#: serverguide/C/monitoring.xml:436(para)
14756
16731
msgid ""
14757
16732
"First, on <emphasis>server01</emphasis> install "
14758
16733
"<application>munin</application>. In a terminal enter:"
14759
16734
msgstr ""
14760
16735
14761
#: serverguide/C/monitoring.xml:436(command)
16736
#: serverguide/C/monitoring.xml:441(command)
14762
16737
msgid "sudo apt-get install munin"
14763
16738
msgstr ""
14764
16739
14765
#: serverguide/C/monitoring.xml:439(para)
16740
#: serverguide/C/monitoring.xml:444(para)
14766
16741
msgid ""
14767
16742
"Now on <emphasis>server02</emphasis> install the <application>munin-"
14768
16743
"node</application> package:"
14769
16744
msgstr ""
14770
16745
14771
#: serverguide/C/monitoring.xml:444(command)
16746
#: serverguide/C/monitoring.xml:449(command)
14772
16747
msgid "sudo apt-get install munin-node"
14773
16748
msgstr ""
14774
16749
14775
#: serverguide/C/monitoring.xml:451(para)
16750
#: serverguide/C/monitoring.xml:456(para)
14776
16751
msgid ""
14777
16752
"On <emphasis>server01</emphasis> edit the "
14778
16753
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
14779
16754
"<emphasis>server02</emphasis>:"
14780
16755
msgstr ""
14781
16756
14782
#: serverguide/C/monitoring.xml:456(programlisting)
16757
#: serverguide/C/monitoring.xml:461(programlisting)
14783
16758
#, no-wrap
14784
16759
msgid ""
14785
16760
"\n"
14788
16763
" address 172.18.100.101\n"
14789
16764
msgstr ""
14790
16765
14791
#: serverguide/C/monitoring.xml:463(para)
16766
#: serverguide/C/monitoring.xml:468(para)
14792
16767
msgid ""
14793
16768
"Replace <emphasis>server02</emphasis> and "
14794
16769
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
14795
16770
"for your server."
14796
16771
msgstr ""
14797
16772
14798
#: serverguide/C/monitoring.xml:469(para)
16773
#: serverguide/C/monitoring.xml:474(para)
14799
16774
msgid ""
14800
16775
"Next, configure <application>munin-node</application> on "
14801
16776
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
14802
16777
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
14803
16778
msgstr ""
14804
16779
14805
#: serverguide/C/monitoring.xml:474(programlisting)
16780
#: serverguide/C/monitoring.xml:479(programlisting)
14806
16781
#, no-wrap
14807
16782
msgid ""
14808
16783
"\n"
14809
16784
"allow ^172\\.18\\.100\\.100$\n"
14810
16785
msgstr ""
14811
16786
14812
#: serverguide/C/monitoring.xml:479(para)
16787
#: serverguide/C/monitoring.xml:484(para)
14813
16788
msgid ""
14814
16789
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
14815
16790
"<application>munin</application> server."
14816
16791
msgstr ""
14817
16792
14818
#: serverguide/C/monitoring.xml:484(para)
16793
#: serverguide/C/monitoring.xml:489(para)
14819
16794
msgid ""
14820
16795
"Now restart <application>munin-node</application> on "
14821
16796
"<emphasis>server02</emphasis> for the changes to take effect:"
14822
16797
msgstr ""
14823
16798
14824
#: serverguide/C/monitoring.xml:489(command)
16799
#: serverguide/C/monitoring.xml:494(command)
14825
16800
msgid "sudo /etc/init.d/munin-node restart"
14826
16801
msgstr ""
14827
16802
14828
#: serverguide/C/monitoring.xml:492(para)
16803
#: serverguide/C/monitoring.xml:497(para)
14829
16804
msgid ""
14830
16805
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
14831
16806
"you should see links to nice graphs displaying information from the standard "
14832
16807
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
14833
16808
msgstr ""
14834
16809
14835
#: serverguide/C/monitoring.xml:498(para)
16810
#: serverguide/C/monitoring.xml:503(para)
14836
16811
msgid ""
14837
16812
"Since this is a new install it may take some time for the graphs to display "
14838
16813
"anything useful."
14839
16814
msgstr ""
14840
16815
14841
#: serverguide/C/monitoring.xml:505(title)
16816
#: serverguide/C/monitoring.xml:510(title)
14842
16817
msgid "Additional Plugins"
14843
16818
msgstr ""
14844
16819
14845
#: serverguide/C/monitoring.xml:507(para)
16820
#: serverguide/C/monitoring.xml:512(para)
14846
16821
msgid ""
14847
16822
"The <application>munin-plugins-extra</application> package contains "
14848
16823
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
14849
16824
"install the package, from a terminal enter:"
14850
16825
msgstr ""
14851
16826
14852
#: serverguide/C/monitoring.xml:513(command)
16827
#: serverguide/C/monitoring.xml:518(command)
14853
16828
msgid "sudo apt-get install munin-plugins-extra"
14854
16829
msgstr ""
14855
16830
14856
#: serverguide/C/monitoring.xml:516(para)
16831
#: serverguide/C/monitoring.xml:521(para)
14857
16832
msgid "Be sure to install the package on both the server and node machines."
14858
16833
msgstr ""
14859
16834
14860
#: serverguide/C/monitoring.xml:526(para)
16835
#: serverguide/C/monitoring.xml:531(para)
14861
16836
msgid ""
14862
16837
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
14863
16838
"website for more details."
14864
16839
msgstr ""
14865
16840
14866
#: serverguide/C/monitoring.xml:531(para)
16841
#: serverguide/C/monitoring.xml:536(para)
14867
16842
msgid ""
14868
16843
"Specifically the <ulink "
14869
16844
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
14871
16846
"writing plugins, etc."
14872
16847
msgstr ""
14873
16848
14874
#: serverguide/C/monitoring.xml:537(para)
16849
#: serverguide/C/monitoring.xml:542(para)
14875
16850
msgid ""
14876
16851
"Also, there is a book in German by Open Source Press: <ulink "
14877
16852
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
14878
16853
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
14879
16854
msgstr ""
14880
16855
16856
#: serverguide/C/monitoring.xml:548(para)
16857
msgid ""
16858
"Another resource is the <ulink "
16859
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16860
"page."
16861
msgstr ""
16862
14881
16863
#: serverguide/C/mail.xml:13(title)
14882
16864
msgid "Email Services"
14883
16865
msgstr ""
14895
16877
"IMAP server."
14896
16878
msgstr ""
14897
16879
14898
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:804(application) serverguide/C/mail.xml:838(title) serverguide/C/mail.xml:916(title) serverguide/C/mail.xml:1475(title)
16880
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
14899
16881
msgid "Postfix"
14900
16882
msgstr ""
14901
16883
14961
16943
msgstr ""
14962
16944
14963
16945
#: serverguide/C/mail.xml:68(para)
14964
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
16946
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
14965
16947
msgstr ""
14966
16948
14967
16949
#: serverguide/C/mail.xml:69(para)
14985
16967
#: serverguide/C/mail.xml:75(para)
14986
16968
msgid ""
14987
16969
"Replace mail.example.com with the domain for which you'll accept email, "
14988
"192.168.0/24 with the actual network and class range of your mail server, "
16970
"192.168.0.0/24 with the actual network and class range of your mail server, "
14989
16971
"and steve with the appropriate username."
14990
16972
msgstr ""
14991
16973
15018
17000
"your Mail Delivery Agent (MDA) to use the same path."
15019
17001
msgstr ""
15020
17002
15021
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:538(title)
17003
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
15022
17004
msgid "SMTP Authentication"
15023
17005
msgstr ""
15024
17006
15088
17070
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
15089
17071
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
15090
17072
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
15091
"sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'\n"
15092
17073
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
15093
17074
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
15094
17075
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
15096
17077
"sudo postconf -e 'myhostname = mail.example.com'\n"
15097
17078
msgstr ""
15098
17079
15099
#: serverguide/C/mail.xml:175(para)
17080
#: serverguide/C/mail.xml:173(para)
17081
msgid ""
17082
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17083
"the certificate enter:"
17084
msgstr ""
17085
17086
#: serverguide/C/mail.xml:177(command)
17087
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17088
msgstr ""
17089
17090
#: serverguide/C/mail.xml:180(para)
17091
msgid ""
17092
"Again, for more details about certificates see <xref linkend=\"certificates-"
17093
"and-security\"/>."
17094
msgstr ""
17095
17096
#: serverguide/C/mail.xml:186(para)
15100
17097
msgid ""
15101
17098
"After running all the commands, <application>Postfix</application> is "
15102
17099
"configured for SMTP-AUTH and a self-signed certificate has been created for "
15103
17100
"TLS encryption."
15104
17101
msgstr ""
15105
17102
15106
#: serverguide/C/mail.xml:180(para)
17103
#: serverguide/C/mail.xml:191(para)
15107
17104
msgid ""
15108
17105
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
15109
17106
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
15110
17107
msgstr ""
15111
17108
15112
#: serverguide/C/mail.xml:184(para)
17109
#: serverguide/C/mail.xml:195(para)
15113
17110
msgid ""
15114
17111
"The postfix initial configuration is complete. Run the following command to "
15115
17112
"restart the postfix daemon:"
15116
17113
msgstr ""
15117
17114
15118
#: serverguide/C/mail.xml:189(para)
17115
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17116
msgid "sudo /etc/init.d/postfix restart"
17117
msgstr ""
17118
17119
#: serverguide/C/mail.xml:204(para)
15119
17120
msgid ""
15120
17121
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
15121
17122
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
15124
17125
"use SMTP-AUTH."
15125
17126
msgstr ""
15126
17127
15127
#: serverguide/C/mail.xml:199(title) serverguide/C/mail.xml:591(title)
17128
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
15128
17129
msgid "Configuring SASL"
15129
17130
msgstr ""
15130
17131
15131
#: serverguide/C/mail.xml:200(para)
17132
#: serverguide/C/mail.xml:215(para)
15132
17133
msgid ""
15133
17134
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
15134
17135
"enable Dovecot SASL the <application>dovecot-common</application> package "
15135
17136
"will need to be installed. From a terminal prompt enter the following:"
15136
17137
msgstr ""
15137
17138
15138
#: serverguide/C/mail.xml:206(command)
17139
#: serverguide/C/mail.xml:221(command)
15139
17140
msgid "sudo apt-get install dovecot-common"
15140
17141
msgstr ""
15141
17142
15142
#: serverguide/C/mail.xml:208(para)
17143
#: serverguide/C/mail.xml:223(para)
15143
17144
msgid ""
15144
17145
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
15145
17146
"In the <emphasis>auth default</emphasis> section uncomment the "
15146
17147
"<emphasis>socket listen</emphasis> option and change the following:"
15147
17148
msgstr ""
15148
17149
15149
#: serverguide/C/mail.xml:212(programlisting)
17150
#: serverguide/C/mail.xml:227(programlisting)
15150
17151
#, no-wrap
15151
17152
msgid ""
15152
17153
"\n"
15174
17175
" }\n"
15175
17176
msgstr ""
15176
17177
15177
#: serverguide/C/mail.xml:236(para)
17178
#: serverguide/C/mail.xml:251(para)
15178
17179
msgid ""
15179
17180
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
15180
17181
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
15181
17182
"add <emphasis>\"login\"</emphasis>:"
15182
17183
msgstr ""
15183
17184
15184
#: serverguide/C/mail.xml:241(programlisting)
17185
#: serverguide/C/mail.xml:256(programlisting)
15185
17186
#, no-wrap
15186
17187
msgid ""
15187
17188
"\n"
15188
17189
" mechanisms = plain login\n"
15189
17190
msgstr ""
15190
17191
15191
#: serverguide/C/mail.xml:245(para)
17192
#: serverguide/C/mail.xml:260(para)
15192
17193
msgid ""
15193
17194
"Once you have <application>Dovecot</application> configured restart it with:"
15194
17195
msgstr ""
15195
17196
15196
#: serverguide/C/mail.xml:249(command) serverguide/C/mail.xml:712(command)
17197
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
15197
17198
msgid "sudo /etc/init.d/dovecot restart"
15198
17199
msgstr ""
15199
17200
15200
#: serverguide/C/mail.xml:254(title)
17201
#: serverguide/C/mail.xml:269(title)
15201
17202
msgid "Postfix-Dovecot"
15202
17203
msgstr ""
15203
17204
15204
#: serverguide/C/mail.xml:256(para)
17205
#: serverguide/C/mail.xml:271(para)
15205
17206
msgid ""
15206
17207
"Another option for configuring <application>Postfix</application> for SMTP-"
15207
17208
"AUTH is using the <application>dovecot-postfix</application> package. This "
15211
17212
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
15212
17213
msgstr ""
15213
17214
15214
#: serverguide/C/mail.xml:265(para)
17215
#: serverguide/C/mail.xml:280(para)
15215
17216
msgid ""
15216
17217
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
15217
17218
"server. For example, if you are configuring your server to be a mail "
15219
17220
"the above commands to configure Postfix for SMTPAUTH."
15220
17221
msgstr ""
15221
17222
15222
#: serverguide/C/mail.xml:272(para)
17223
#: serverguide/C/mail.xml:287(para)
15223
17224
msgid "To install the package, from a terminal prompt enter:"
15224
17225
msgstr ""
15225
17226
15226
#: serverguide/C/mail.xml:277(command)
17227
#: serverguide/C/mail.xml:292(command)
15227
17228
msgid "sudo apt-get install dovecot-postfix"
15228
17229
msgstr ""
15229
17230
15230
#: serverguide/C/mail.xml:280(para)
17231
#: serverguide/C/mail.xml:295(para)
15231
17232
msgid ""
15232
17233
"You should now have a working mail server, but there are a few options that "
15233
17234
"you may wish to further customize. For example, the package uses the "
15237
17238
"for more details."
15238
17239
msgstr ""
15239
17240
15240
#: serverguide/C/mail.xml:286(para)
17241
#: serverguide/C/mail.xml:301(para)
15241
17242
msgid ""
15242
17243
"Once you have a customized certificate and key for the host, change the "
15243
17244
"following options in <filename>/etc/postfix/main.cf</filename>:"
15244
17245
msgstr ""
15245
17246
15246
#: serverguide/C/mail.xml:290(programlisting)
17247
#: serverguide/C/mail.xml:305(programlisting)
15247
17248
#, no-wrap
15248
17249
msgid ""
15249
17250
"\n"
15251
17252
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
15252
17253
msgstr ""
15253
17254
15254
#: serverguide/C/mail.xml:295(para)
17255
#: serverguide/C/mail.xml:310(para)
15255
17256
msgid "Then restart Postfix:"
15256
17257
msgstr ""
15257
17258
15258
#: serverguide/C/mail.xml:300(command) serverguide/C/mail.xml:363(command) serverguide/C/mail.xml:956(command) serverguide/C/mail.xml:1526(command)
15259
msgid "sudo /etc/init.d/postfix restart"
15260
msgstr ""
15261
15262
#: serverguide/C/mail.xml:306(para)
17259
#: serverguide/C/mail.xml:321(para)
15263
17260
msgid ""
15264
17261
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
15265
17262
msgstr ""
15266
17263
15267
#: serverguide/C/mail.xml:309(para)
17264
#: serverguide/C/mail.xml:324(para)
15268
17265
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
15269
17266
msgstr ""
15270
17267
15271
#: serverguide/C/mail.xml:314(command)
17268
#: serverguide/C/mail.xml:329(command)
15272
17269
msgid "telnet mail.example.com 25"
15273
17270
msgstr ""
15274
17271
15275
#: serverguide/C/mail.xml:316(para)
17272
#: serverguide/C/mail.xml:331(para)
15276
17273
msgid ""
15277
17274
"After you have established the connection to the postfix mail server, type:"
15278
17275
msgstr ""
15279
17276
15280
#: serverguide/C/mail.xml:320(screen)
17277
#: serverguide/C/mail.xml:335(screen)
15281
17278
#, no-wrap
15282
17279
msgid ""
15283
17280
"\n"
15284
17281
"ehlo mail.example.com\n"
15285
17282
msgstr ""
15286
17283
15287
#: serverguide/C/mail.xml:323(para)
17284
#: serverguide/C/mail.xml:338(para)
15288
17285
msgid ""
15289
17286
"If you see the following lines among others, then everything is working "
15290
17287
"perfectly. Type <command>quit</command> to exit."
15291
17288
msgstr ""
15292
17289
15293
#: serverguide/C/mail.xml:327(programlisting)
17290
#: serverguide/C/mail.xml:342(programlisting)
15294
17291
#, no-wrap
15295
17292
msgid ""
15296
17293
"\n"
15300
17297
"250 8BITMIME\n"
15301
17298
msgstr ""
15302
17299
15303
#: serverguide/C/mail.xml:337(para)
17300
#: serverguide/C/mail.xml:352(para)
15304
17301
msgid ""
15305
17302
"This section introduces some common ways to determine the cause if problems "
15306
17303
"arise."
15307
17304
msgstr ""
15308
17305
15309
#: serverguide/C/mail.xml:341(title)
17306
#: serverguide/C/mail.xml:356(title)
15310
17307
msgid "Escaping chroot"
15311
17308
msgstr ""
15312
17309
15313
#: serverguide/C/mail.xml:342(para)
17310
#: serverguide/C/mail.xml:357(para)
15314
17311
msgid ""
15315
17312
"The Ubuntu <application>postfix</application> package will by default "
15316
17313
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
15317
17314
"This can add greater complexity when troubleshooting problems."
15318
17315
msgstr ""
15319
17316
15320
#: serverguide/C/mail.xml:346(para)
17317
#: serverguide/C/mail.xml:361(para)
15321
17318
msgid ""
15322
17319
"To turn off the chroot operation locate for the following line in the "
15323
17320
"<filename>/etc/postfix/master.cf</filename> configuration file:"
15324
17321
msgstr ""
15325
17322
15326
#: serverguide/C/mail.xml:350(screen)
17323
#: serverguide/C/mail.xml:365(screen)
15327
17324
#, no-wrap
15328
17325
msgid ""
15329
17326
"\n"
15330
17327
"smtp inet n - - - - smtpd\n"
15331
17328
msgstr ""
15332
17329
15333
#: serverguide/C/mail.xml:353(para)
17330
#: serverguide/C/mail.xml:368(para)
15334
17331
msgid "and modify it as follows:"
15335
17332
msgstr ""
15336
17333
15337
#: serverguide/C/mail.xml:356(screen)
17334
#: serverguide/C/mail.xml:371(screen)
15338
17335
#, no-wrap
15339
17336
msgid ""
15340
17337
"\n"
15341
17338
"smtp inet n - n - - smtpd\n"
15342
17339
msgstr ""
15343
17340
15344
#: serverguide/C/mail.xml:359(para)
17341
#: serverguide/C/mail.xml:374(para)
15345
17342
msgid ""
15346
17343
"You will then need to restart Postfix to use the new configuration. From a "
15347
17344
"terminal prompt enter:"
15348
17345
msgstr ""
15349
17346
15350
#: serverguide/C/mail.xml:367(title)
17347
#: serverguide/C/mail.xml:382(title)
15351
17348
msgid "Log Files"
15352
17349
msgstr ""
15353
17350
15354
#: serverguide/C/mail.xml:368(para)
17351
#: serverguide/C/mail.xml:383(para)
15355
17352
msgid ""
15356
17353
"<application>Postfix</application> sends all log messages to "
15357
17354
"<filename>/var/log/mail.log</filename>. However error and warning messages "
15360
17357
"<filename>/var/log/mail.warn</filename> respectively."
15361
17358
msgstr ""
15362
17359
15363
#: serverguide/C/mail.xml:373(para)
17360
#: serverguide/C/mail.xml:388(para)
15364
17361
msgid ""
15365
17362
"To see messages entered into the logs in real time you can use the "
15366
17363
"<application>tail -f</application> command:"
15367
17364
msgstr ""
15368
17365
15369
#: serverguide/C/mail.xml:378(command)
17366
#: serverguide/C/mail.xml:393(command)
15370
17367
msgid "tail -f /var/log/mail.err"
15371
17368
msgstr ""
15372
17369
15373
#: serverguide/C/mail.xml:380(para)
17370
#: serverguide/C/mail.xml:395(para)
15374
17371
msgid ""
15375
17372
"The amount of detail that is recorded in the logs can be increased. Below "
15376
17373
"are some configuration options for increasing the log level for some of the "
15377
17374
"areas covered above."
15378
17375
msgstr ""
15379
17376
15380
#: serverguide/C/mail.xml:386(para)
17377
#: serverguide/C/mail.xml:401(para)
15381
17378
msgid ""
15382
17379
"To increase <emphasis>TLS</emphasis> activity logging set the "
15383
17380
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
15384
17381
msgstr ""
15385
17382
15386
#: serverguide/C/mail.xml:390(command)
17383
#: serverguide/C/mail.xml:405(command)
15387
17384
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
15388
17385
msgstr ""
15389
17386
15390
#: serverguide/C/mail.xml:394(para)
17387
#: serverguide/C/mail.xml:409(para)
15391
17388
msgid ""
15392
17389
"If you are having trouble sending or receiving mail from a specific domain "
15393
17390
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
15394
17391
msgstr ""
15395
17392
15396
#: serverguide/C/mail.xml:399(command)
17393
#: serverguide/C/mail.xml:414(command)
15397
17394
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
15398
17395
msgstr ""
15399
17396
15400
#: serverguide/C/mail.xml:403(para)
17397
#: serverguide/C/mail.xml:418(para)
15401
17398
msgid ""
15402
17399
"You can increase the verbosity of any <application>Postfix</application> "
15403
17400
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
15405
17402
"<emphasis>smtp</emphasis> entry:"
15406
17403
msgstr ""
15407
17404
15408
#: serverguide/C/mail.xml:407(programlisting)
17405
#: serverguide/C/mail.xml:422(programlisting)
15409
17406
#, no-wrap
15410
17407
msgid ""
15411
17408
"\n"
15412
17409
"smtp unix - - - - - smtp -v\n"
15413
17410
msgstr ""
15414
17411
15415
#: serverguide/C/mail.xml:413(para)
17412
#: serverguide/C/mail.xml:428(para)
15416
17413
msgid ""
15417
17414
"It is important to note that after making one of the logging changes above "
15418
17415
"the <application>Postfix</application> process will need to be reloaded in "
15420
17417
"reload</command>"
15421
17418
msgstr ""
15422
17419
15423
#: serverguide/C/mail.xml:420(para)
17420
#: serverguide/C/mail.xml:435(para)
15424
17421
msgid ""
15425
17422
"To increase the amount of information logged when troubleshooting "
15426
17423
"<emphasis>SASL</emphasis> issues you can set the following options in "
15427
17424
"<filename>/etc/dovecot/dovecot.conf</filename>"
15428
17425
msgstr ""
15429
17426
15430
#: serverguide/C/mail.xml:424(programlisting)
17427
#: serverguide/C/mail.xml:439(programlisting)
15431
17428
#, no-wrap
15432
17429
msgid ""
15433
17430
"\n"
15435
17432
"auth_debug_passwords=yes\n"
15436
17433
msgstr ""
15437
17434
15438
#: serverguide/C/mail.xml:431(para)
17435
#: serverguide/C/mail.xml:446(para)
15439
17436
msgid ""
15440
17437
"Just like <application>Postfix</application> if you change a "
15441
17438
"<application>Dovecot</application> configuration the process will need to be "
15442
17439
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
15443
17440
msgstr ""
15444
17441
15445
#: serverguide/C/mail.xml:437(para)
17442
#: serverguide/C/mail.xml:452(para)
15446
17443
msgid ""
15447
17444
"Some of the options above can drastically increase the amount of information "
15448
17445
"sent to the log files. Remember to return the log level back to normal after "
15450
17447
"new configuration to take affect."
15451
17448
msgstr ""
15452
17449
15453
#: serverguide/C/mail.xml:445(para)
17450
#: serverguide/C/mail.xml:460(para)
15454
17451
msgid ""
15455
17452
"Administering a <application>Postfix</application> server can be a very "
15456
17453
"complicated task. At some point you may need to turn to the Ubuntu community "
15457
17454
"for more experienced help."
15458
17455
msgstr ""
15459
17456
15460
#: serverguide/C/mail.xml:449(para)
17457
#: serverguide/C/mail.xml:464(para)
15461
17458
msgid ""
15462
17459
"A great place to ask for <application>Postfix</application> assistance, and "
15463
17460
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
15467
17464
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
15468
17465
msgstr ""
15469
17466
15470
#: serverguide/C/mail.xml:454(para)
17467
#: serverguide/C/mail.xml:469(para)
15471
17468
msgid ""
15472
17469
"For in depth <application>Postfix</application> information Ubuntu "
15473
17470
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
15474
17471
"Book of Postfix</ulink>."
15475
17472
msgstr ""
15476
17473
15477
#: serverguide/C/mail.xml:458(para)
17474
#: serverguide/C/mail.xml:473(para)
15478
17475
msgid ""
15479
17476
"Finally, the <ulink "
15480
17477
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
15482
17479
"available."
15483
17480
msgstr ""
15484
17481
15485
#: serverguide/C/mail.xml:467(title) serverguide/C/mail.xml:844(title) serverguide/C/mail.xml:960(title)
17482
#: serverguide/C/mail.xml:477(para)
17483
msgid ""
17484
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17485
"Wiki Postifx</ulink> page has more information."
17486
msgstr ""
17487
17488
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
15486
17489
msgid "Exim4"
15487
17490
msgstr ""
15488
17491
15489
#: serverguide/C/mail.xml:468(para)
17492
#: serverguide/C/mail.xml:486(para)
15490
17493
msgid ""
15491
17494
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
15492
17495
"developed at the University of Cambridge for use on Unix systems connected "
15496
17499
"<application>sendmail</application>."
15497
17500
msgstr ""
15498
17501
15499
#: serverguide/C/mail.xml:479(para)
17502
#: serverguide/C/mail.xml:497(para)
15500
17503
msgid ""
15501
17504
"To install <application>exim4</application>, run the following command: "
15502
17505
"<screen>\n"
15504
17507
"</screen>"
15505
17508
msgstr ""
15506
17509
15507
#: serverguide/C/mail.xml:488(para)
17510
#: serverguide/C/mail.xml:506(para)
15508
17511
msgid ""
15509
17512
"To configure <application>Exim4</application>, run the following command:"
15510
17513
msgstr ""
15511
17514
15512
#: serverguide/C/mail.xml:492(command)
17515
#: serverguide/C/mail.xml:510(command)
15513
17516
msgid "sudo dpkg-reconfigure exim4-config"
15514
17517
msgstr ""
15515
17518
15516
#: serverguide/C/mail.xml:494(para)
17519
#: serverguide/C/mail.xml:512(para)
15517
17520
msgid ""
15518
17521
"The user interface will be displayed. The user interface lets you configure "
15519
17522
"many parameters. For example, In <application>Exim4</application> the "
15521
17524
"in one file you can configure accordingly in this user interface."
15522
17525
msgstr ""
15523
17526
15524
#: serverguide/C/mail.xml:502(para)
17527
#: serverguide/C/mail.xml:520(para)
15525
17528
msgid ""
15526
17529
"All the parameters you configure in the user interface are stored in "
15527
17530
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
15530
17533
"following command to generate the master configuration file:"
15531
17534
msgstr ""
15532
17535
15533
#: serverguide/C/mail.xml:513(command) serverguide/C/mail.xml:586(command)
17536
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
15534
17537
msgid "sudo update-exim4.conf"
15535
17538
msgstr ""
15536
17539
15537
#: serverguide/C/mail.xml:515(para)
17540
#: serverguide/C/mail.xml:533(para)
15538
17541
msgid ""
15539
17542
"The master configuration file, is generated and it is stored in "
15540
17543
"<filename>/var/lib/exim4/config.autogenerated</filename>."
15541
17544
msgstr ""
15542
17545
15543
#: serverguide/C/mail.xml:521(para)
17546
#: serverguide/C/mail.xml:539(para)
15544
17547
msgid ""
15545
17548
"At any time, you should not edit the master configuration file, "
15546
17549
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
15547
17550
"updated automatically every time you run <command>update-exim4.conf</command>"
15548
17551
msgstr ""
15549
17552
15550
#: serverguide/C/mail.xml:529(para)
17553
#: serverguide/C/mail.xml:547(para)
15551
17554
msgid ""
15552
17555
"You can run the following command to start <application>Exim4</application> "
15553
17556
"daemon."
15554
17557
msgstr ""
15555
17558
15556
#: serverguide/C/mail.xml:534(command) serverguide/C/mail.xml:966(command)
17559
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
15557
17560
msgid "sudo /etc/init.d/exim4 start"
15558
17561
msgstr ""
15559
17562
15560
#: serverguide/C/mail.xml:539(para)
17563
#: serverguide/C/mail.xml:557(para)
15561
17564
msgid ""
15562
17565
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
15563
17566
msgstr ""
15564
17567
15565
#: serverguide/C/mail.xml:542(para)
17568
#: serverguide/C/mail.xml:560(para)
15566
17569
msgid ""
15567
17570
"The first step is to create a certificate for use with TLS. Enter the "
15568
17571
"following into a terminal prompt:"
15569
17572
msgstr ""
15570
17573
15571
#: serverguide/C/mail.xml:546(command)
17574
#: serverguide/C/mail.xml:564(command)
15572
17575
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
15573
17576
msgstr ""
15574
17577
15575
#: serverguide/C/mail.xml:548(para)
17578
#: serverguide/C/mail.xml:566(para)
15576
17579
msgid ""
15577
17580
"Now Exim4 needs to be configured for TLS by editing "
15578
17581
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
15579
17582
"the following:"
15580
17583
msgstr ""
15581
17584
15582
#: serverguide/C/mail.xml:552(programlisting)
17585
#: serverguide/C/mail.xml:570(programlisting)
15583
17586
#, no-wrap
15584
17587
msgid ""
15585
17588
"\n"
15586
17589
"MAIN_TLS_ENABLE = yes\n"
15587
17590
msgstr ""
15588
17591
15589
#: serverguide/C/mail.xml:555(para)
17592
#: serverguide/C/mail.xml:573(para)
15590
17593
msgid ""
15591
17594
"Next you need to configure <application>Exim4</application> to use the "
15592
17595
"<application>saslauthd</application> for authentication. Edit "
15595
17598
"<emphasis>login_saslauthd_server</emphasis> sections:"
15596
17599
msgstr ""
15597
17600
15598
#: serverguide/C/mail.xml:560(programlisting)
17601
#: serverguide/C/mail.xml:578(programlisting)
15599
17602
#, no-wrap
15600
17603
msgid ""
15601
17604
"\n"
15621
17624
" .endif\n"
15622
17625
msgstr ""
15623
17626
15624
#: serverguide/C/mail.xml:582(para)
17627
#: serverguide/C/mail.xml:600(para)
15625
17628
msgid "Finally, update the Exim4 configuration and restart the service:"
15626
17629
msgstr ""
15627
17630
15628
#: serverguide/C/mail.xml:587(command)
17631
#: serverguide/C/mail.xml:605(command)
15629
17632
msgid "sudo /etc/init.d/exim4 restart"
15630
17633
msgstr ""
15631
17634
15632
#: serverguide/C/mail.xml:592(para)
17635
#: serverguide/C/mail.xml:610(para)
15633
17636
msgid ""
15634
17637
"This section provides details on configuring the saslauthd to provide "
15635
17638
"authentication for <application>Exim4</application>."
15636
17639
msgstr ""
15637
17640
15638
#: serverguide/C/mail.xml:595(para)
17641
#: serverguide/C/mail.xml:613(para)
15639
17642
msgid ""
15640
17643
"The first step is to install the sasl2-bin package. From a terminal prompt "
15641
17644
"enter the following:"
15642
17645
msgstr ""
15643
17646
15644
#: serverguide/C/mail.xml:599(command)
17647
#: serverguide/C/mail.xml:617(command)
15645
17648
msgid "sudo apt-get install sasl2-bin"
15646
17649
msgstr ""
15647
17650
15648
#: serverguide/C/mail.xml:601(para)
17651
#: serverguide/C/mail.xml:619(para)
15649
17652
msgid ""
15650
17653
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
15651
17654
"and set START=no to:"
15652
17655
msgstr ""
15653
17656
15654
#: serverguide/C/mail.xml:604(programlisting)
17657
#: serverguide/C/mail.xml:622(programlisting)
15655
17658
#, no-wrap
15656
17659
msgid ""
15657
17660
"\n"
15658
17661
"START=yes\n"
15659
17662
msgstr ""
15660
17663
15661
#: serverguide/C/mail.xml:607(para)
17664
#: serverguide/C/mail.xml:625(para)
15662
17665
msgid ""
15663
17666
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
15664
17667
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
15665
17668
"service:"
15666
17669
msgstr ""
15667
17670
15668
#: serverguide/C/mail.xml:612(command)
17671
#: serverguide/C/mail.xml:630(command)
15669
17672
msgid "sudo adduser Debian-exim sasl"
15670
17673
msgstr ""
15671
17674
15672
#: serverguide/C/mail.xml:614(para)
17675
#: serverguide/C/mail.xml:632(para)
15673
17676
msgid "Now start the <application>saslauthd</application> service:"
15674
17677
msgstr ""
15675
17678
15676
#: serverguide/C/mail.xml:618(command)
17679
#: serverguide/C/mail.xml:636(command)
15677
17680
msgid "sudo /etc/init.d/saslauthd start"
15678
17681
msgstr ""
15679
17682
15680
#: serverguide/C/mail.xml:620(para)
17683
#: serverguide/C/mail.xml:638(para)
15681
17684
msgid ""
15682
17685
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
15683
17686
"and SASL authentication."
15684
17687
msgstr ""
15685
17688
15686
#: serverguide/C/mail.xml:629(para)
17689
#: serverguide/C/mail.xml:647(para)
15687
17690
msgid ""
15688
17691
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
15689
17692
"information."
15690
17693
msgstr ""
15691
17694
15692
#: serverguide/C/mail.xml:634(para)
17695
#: serverguide/C/mail.xml:652(para)
15693
17696
msgid ""
15694
17697
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
15695
17698
"server\">Exim4 Book</ulink> available."
15696
17699
msgstr ""
15697
17700
15698
#: serverguide/C/mail.xml:643(title)
17701
#: serverguide/C/mail.xml:657(para)
17702
msgid ""
17703
"Another resource is the <ulink "
17704
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17705
"page."
17706
msgstr ""
17707
17708
#: serverguide/C/mail.xml:666(title)
15699
17709
msgid "Dovecot Server"
15700
17710
msgstr ""
15701
17711
15702
#: serverguide/C/mail.xml:644(para)
17712
#: serverguide/C/mail.xml:667(para)
15703
17713
msgid ""
15704
17714
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
15705
17715
"security primarily in mind. It supports the major mailbox formats: mbox or "
15706
17716
"Maildir. This section explain how to set it up as an imap or pop3 server."
15707
17717
msgstr ""
15708
17718
15709
#: serverguide/C/mail.xml:652(para)
17719
#: serverguide/C/mail.xml:675(para)
15710
17720
msgid ""
15711
17721
"To install <application>dovecot</application>, run the following command in "
15712
17722
"the command prompt:"
15713
17723
msgstr ""
15714
17724
15715
#: serverguide/C/mail.xml:657(command)
17725
#: serverguide/C/mail.xml:680(command)
15716
17726
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
15717
17727
msgstr ""
15718
17728
15719
#: serverguide/C/mail.xml:662(para)
17729
#: serverguide/C/mail.xml:685(para)
15720
17730
msgid ""
15721
17731
"To configure <application>dovecot</application>, you can edit the file "
15722
17732
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
15728
17738
"link>."
15729
17739
msgstr ""
15730
17740
15731
#: serverguide/C/mail.xml:672(para)
17741
#: serverguide/C/mail.xml:695(para)
15732
17742
msgid ""
15733
17743
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
15734
17744
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
15735
17745
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
15736
17746
msgstr ""
15737
17747
15738
#: serverguide/C/mail.xml:678(programlisting)
17748
#: serverguide/C/mail.xml:701(programlisting)
15739
17749
#, no-wrap
15740
17750
msgid ""
15741
17751
"\n"
15742
17752
"protocols = pop3 pop3s imap imaps\n"
15743
17753
msgstr ""
15744
17754
15745
#: serverguide/C/mail.xml:681(para)
17755
#: serverguide/C/mail.xml:704(para)
15746
17756
msgid ""
15747
17757
"Next, choose the mailbox you would like to use. "
15748
17758
"<application>Dovecot</application> supports <emphasis "
15753
17763
"site</ulink>."
15754
17764
msgstr ""
15755
17765
15756
#: serverguide/C/mail.xml:689(para)
17766
#: serverguide/C/mail.xml:712(para)
15757
17767
msgid ""
15758
17768
"Once you have chosen your mailbox type, edit the file "
15759
17769
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
15760
17770
msgstr ""
15761
17771
15762
#: serverguide/C/mail.xml:694(programlisting)
17772
#: serverguide/C/mail.xml:717(programlisting)
15763
17773
#, no-wrap
15764
17774
msgid ""
15765
17775
"\n"
15768
17778
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
15769
17779
msgstr ""
15770
17780
15771
#: serverguide/C/mail.xml:700(para)
17781
#: serverguide/C/mail.xml:723(para)
15772
17782
msgid ""
15773
17783
"You should configure your Mail Transport Agent (MTA) to transfer the "
15774
17784
"incoming mail to this type of mailbox if it is different from the one you "
15775
17785
"have configured."
15776
17786
msgstr ""
15777
17787
15778
#: serverguide/C/mail.xml:706(para)
17788
#: serverguide/C/mail.xml:729(para)
15779
17789
msgid ""
15780
17790
"Once you have configured dovecot, restart the "
15781
17791
"<application>dovecot</application> daemon in order to test your setup:"
15782
17792
msgstr ""
15783
17793
15784
#: serverguide/C/mail.xml:715(para)
17794
#: serverguide/C/mail.xml:738(para)
15785
17795
msgid ""
15786
17796
"If you have enabled imap, or pop3, you can also try to log in with the "
15787
17797
"commands <command>telnet localhost pop3</command> or <command>telnet "
15789
17799
"installation has been successful:"
15790
17800
msgstr ""
15791
17801
15792
#: serverguide/C/mail.xml:722(programlisting)
17802
#: serverguide/C/mail.xml:745(programlisting)
15793
17803
#, no-wrap
15794
17804
msgid ""
15795
17805
"\n"
15800
17810
"+OK Dovecot ready.\n"
15801
17811
msgstr ""
15802
17812
15803
#: serverguide/C/mail.xml:731(title)
17813
#: serverguide/C/mail.xml:754(title)
15804
17814
msgid "Dovecot SSL Configuration"
15805
17815
msgstr ""
15806
17816
15807
#: serverguide/C/mail.xml:732(para)
17817
#: serverguide/C/mail.xml:755(para)
15808
17818
msgid ""
15809
17819
"To configure <application>dovecot</application> to use SSL, you can edit the "
15810
17820
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
15811
17821
"lines:"
15812
17822
msgstr ""
15813
17823
15814
#: serverguide/C/mail.xml:737(programlisting)
17824
#: serverguide/C/mail.xml:760(programlisting)
15815
17825
#, no-wrap
15816
17826
msgid ""
15817
17827
"\n"
15821
17831
"disable_plaintext_auth = no\n"
15822
17832
msgstr ""
15823
17833
15824
#: serverguide/C/mail.xml:743(para)
17834
#: serverguide/C/mail.xml:766(para)
15825
17835
msgid ""
15826
17836
"You can get the SSL certificate from a Certificate Issuing Authority or you "
15827
17837
"can create self signed SSL certificate. The latter is a good option for "
15833
17843
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
15834
17844
msgstr ""
15835
17845
15836
#: serverguide/C/mail.xml:758(title)
17846
#: serverguide/C/mail.xml:781(title)
15837
17847
msgid "Firewall Configuration for an Email Server"
15838
17848
msgstr ""
15839
17849
15840
#: serverguide/C/mail.xml:764(para)
17850
#: serverguide/C/mail.xml:787(para)
15841
17851
msgid "IMAP - 143"
15842
17852
msgstr ""
15843
17853
15844
#: serverguide/C/mail.xml:765(para)
17854
#: serverguide/C/mail.xml:788(para)
15845
17855
msgid "IMAPS - 993"
15846
17856
msgstr ""
15847
17857
15848
#: serverguide/C/mail.xml:766(para)
17858
#: serverguide/C/mail.xml:789(para)
15849
17859
msgid "POP3 - 110"
15850
17860
msgstr ""
15851
17861
15852
#: serverguide/C/mail.xml:767(para)
17862
#: serverguide/C/mail.xml:790(para)
15853
17863
msgid "POP3S - 995"
15854
17864
msgstr ""
15855
17865
15856
#: serverguide/C/mail.xml:759(para)
17866
#: serverguide/C/mail.xml:782(para)
15857
17867
msgid ""
15858
17868
"To access your mail server from another computer, you must configure your "
15859
17869
"firewall to allow connections to the server on the necessary ports. "
15860
17870
"<placeholder-1/>"
15861
17871
msgstr ""
15862
17872
15863
#: serverguide/C/mail.xml:776(para)
17873
#: serverguide/C/mail.xml:799(para)
15864
17874
msgid ""
15865
17875
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
15866
17876
"more information."
15867
17877
msgstr ""
15868
17878
15869
#: serverguide/C/mail.xml:785(title) serverguide/C/mail.xml:862(title) serverguide/C/mail.xml:1085(title)
17879
#: serverguide/C/mail.xml:804(para)
17880
msgid ""
17881
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17882
"Ubuntu Wiki</ulink> page has more details."
17883
msgstr ""
17884
17885
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
15870
17886
msgid "Mailman"
15871
17887
msgstr ""
15872
17888
15873
#: serverguide/C/mail.xml:786(para)
17889
#: serverguide/C/mail.xml:814(para)
15874
17890
msgid ""
15875
17891
"Mailman is an open source program for managing electronic mail discussions "
15876
17892
"and e-newsletter lists. Many open source mailing lists (including all the "
15879
17895
"and maintain."
15880
17896
msgstr ""
15881
17897
15882
#: serverguide/C/mail.xml:796(para)
17898
#: serverguide/C/mail.xml:824(para)
15883
17899
msgid ""
15884
17900
"Mailman provides a web interface for the administrators and users, using an "
15885
17901
"external mail server to send and receive emails. It works perfectly with the "
15886
17902
"following mail servers:"
15887
17903
msgstr ""
15888
17904
15889
#: serverguide/C/mail.xml:807(application)
17905
#: serverguide/C/mail.xml:835(application)
15890
17906
msgid "Exim"
15891
17907
msgstr ""
15892
17908
15893
#: serverguide/C/mail.xml:810(application)
17909
#: serverguide/C/mail.xml:838(application)
15894
17910
msgid "Sendmail"
15895
17911
msgstr ""
15896
17912
15897
#: serverguide/C/mail.xml:813(application)
17913
#: serverguide/C/mail.xml:841(application)
15898
17914
msgid "Qmail"
15899
17915
msgstr ""
15900
17916
15901
#: serverguide/C/mail.xml:818(para)
17917
#: serverguide/C/mail.xml:846(para)
15902
17918
msgid ""
15903
17919
"We will see how to install and configure Mailman with, the Apache web "
15904
17920
"server, and either the Postfix or Exim mail server. If you wish to install "
15905
17921
"Mailman with a different mail server, please refer to the references section."
15906
17922
msgstr ""
15907
17923
15908
#: serverguide/C/mail.xml:825(para)
17924
#: serverguide/C/mail.xml:853(para)
15909
17925
msgid ""
15910
17926
"You only need to install one mail server and "
15911
17927
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
15912
17928
msgstr ""
15913
17929
15914
#: serverguide/C/mail.xml:830(title) serverguide/C/mail.xml:889(title)
17930
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
15915
17931
msgid "Apache2"
15916
17932
msgstr ""
15917
17933
15918
#: serverguide/C/mail.xml:831(para)
17934
#: serverguide/C/mail.xml:859(para)
15919
17935
msgid ""
15920
17936
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
15921
17937
"installation\">HTTPD Installation</ulink> section for details."
15922
17938
msgstr ""
15923
17939
15924
#: serverguide/C/mail.xml:839(para)
17940
#: serverguide/C/mail.xml:867(para)
15925
17941
msgid ""
15926
17942
"For instructions on installing and configuring Postfix refer to <xref "
15927
17943
"linkend=\"postfix\"/>"
15928
17944
msgstr ""
15929
17945
15930
#: serverguide/C/mail.xml:845(para)
17946
#: serverguide/C/mail.xml:873(para)
15931
17947
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
15932
17948
msgstr ""
15933
17949
15934
#: serverguide/C/mail.xml:856(application)
17950
#: serverguide/C/mail.xml:884(application)
15935
17951
msgid "dc_use_split_config='true'"
15936
17952
msgstr ""
15937
17953
15938
#: serverguide/C/mail.xml:848(para)
17954
#: serverguide/C/mail.xml:876(para)
15939
17955
msgid ""
15940
17956
"Once exim4 is installed, the configuration files are stored in the "
15941
17957
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
15944
17960
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
15945
17961
msgstr ""
15946
17962
15947
#: serverguide/C/mail.xml:863(para)
17963
#: serverguide/C/mail.xml:891(para)
15948
17964
msgid ""
15949
17965
"To install <application>Mailman</application>, run following command at a "
15950
17966
"terminal prompt:"
15951
17967
msgstr ""
15952
17968
15953
#: serverguide/C/mail.xml:867(command)
17969
#: serverguide/C/mail.xml:895(command)
15954
17970
msgid "sudo apt-get install mailman"
15955
17971
msgstr ""
15956
17972
15957
#: serverguide/C/mail.xml:869(para)
17973
#: serverguide/C/mail.xml:897(para)
15958
17974
msgid ""
15959
17975
"It copies the installation files in "
15960
17976
"<application>/var/lib/mailman</application> directory. It installs the CGI "
15964
17980
"this user."
15965
17981
msgstr ""
15966
17982
15967
#: serverguide/C/mail.xml:881(para)
17983
#: serverguide/C/mail.xml:909(para)
15968
17984
msgid ""
15969
17985
"This section assumes you have successfully installed "
15970
17986
"<application>mailman</application>, <application>apache2</application>, and "
15972
17988
"you just need to configure them."
15973
17989
msgstr ""
15974
17990
15975
#: serverguide/C/mail.xml:890(para)
17991
#: serverguide/C/mail.xml:918(para)
15976
17992
msgid ""
15977
17993
"An example Apache configuration file comes with "
15978
17994
"<application>Mailman</application> and is placed in "
15981
17997
"available</filename>:"
15982
17998
msgstr ""
15983
17999
15984
#: serverguide/C/mail.xml:896(command)
18000
#: serverguide/C/mail.xml:924(command)
15985
18001
msgid ""
15986
18002
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
15987
18003
msgstr ""
15988
18004
15989
#: serverguide/C/mail.xml:898(para)
18005
#: serverguide/C/mail.xml:926(para)
15990
18006
msgid ""
15991
18007
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
15992
18008
"Mailman administration site. Now enable the new configuration and restart "
15993
18009
"Apache:"
15994
18010
msgstr ""
15995
18011
15996
#: serverguide/C/mail.xml:903(command)
18012
#: serverguide/C/mail.xml:931(command)
15997
18013
msgid "sudo a2ensite mailman.conf"
15998
18014
msgstr ""
15999
18015
16000
#: serverguide/C/mail.xml:906(para)
18016
#: serverguide/C/mail.xml:934(para)
16001
18017
msgid ""
16002
18018
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
16003
18019
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
16006
18022
"available/mailman.conf</filename> file if you wish to change this behavior."
16007
18023
msgstr ""
16008
18024
16009
#: serverguide/C/mail.xml:917(para)
18025
#: serverguide/C/mail.xml:945(para)
16010
18026
msgid ""
16011
18027
"For <application>Postfix</application> integration, we will associate the "
16012
18028
"domain lists.example.com with the mailing lists. Please replace "
16013
18029
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
16014
18030
msgstr ""
16015
18031
16016
#: serverguide/C/mail.xml:921(para)
18032
#: serverguide/C/mail.xml:949(para)
16017
18033
msgid ""
16018
18034
"You can use the postconf command to add the necessary configuration to "
16019
18035
"<filename>/etc/postfix/main.cf</filename>:"
16020
18036
msgstr ""
16021
18037
16022
#: serverguide/C/mail.xml:925(command)
18038
#: serverguide/C/mail.xml:953(command)
16023
18039
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
16024
18040
msgstr ""
16025
18041
16026
#: serverguide/C/mail.xml:926(command)
18042
#: serverguide/C/mail.xml:954(command)
16027
18043
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
16028
18044
msgstr ""
16029
18045
16030
#: serverguide/C/mail.xml:927(command)
18046
#: serverguide/C/mail.xml:955(command)
16031
18047
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
16032
18048
msgstr ""
16033
18049
16034
#: serverguide/C/mail.xml:929(para)
18050
#: serverguide/C/mail.xml:957(para)
16035
18051
msgid ""
16036
18052
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
16037
18053
"the following transport:"
16038
18054
msgstr ""
16039
18055
16040
#: serverguide/C/mail.xml:932(programlisting)
18056
#: serverguide/C/mail.xml:960(programlisting)
16041
18057
#, no-wrap
16042
18058
msgid ""
16043
18059
"\n"
16046
18062
" ${nexthop} ${user}\n"
16047
18063
msgstr ""
16048
18064
16049
#: serverguide/C/mail.xml:937(para)
18065
#: serverguide/C/mail.xml:965(para)
16050
18066
msgid ""
16051
18067
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
16052
18068
"is delivered to a list."
16053
18069
msgstr ""
16054
18070
16055
#: serverguide/C/mail.xml:940(para)
18071
#: serverguide/C/mail.xml:968(para)
16056
18072
msgid ""
16057
18073
"Associate the domain lists.example.com to the Mailman transport with the "
16058
18074
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
16059
18075
msgstr ""
16060
18076
16061
#: serverguide/C/mail.xml:943(programlisting)
18077
#: serverguide/C/mail.xml:971(programlisting)
16062
18078
#, no-wrap
16063
18079
msgid ""
16064
18080
"\n"
16065
18081
"lists.example.com mailman:\n"
16066
18082
msgstr ""
16067
18083
16068
#: serverguide/C/mail.xml:946(para)
18084
#: serverguide/C/mail.xml:974(para)
16069
18085
msgid ""
16070
18086
"Now have <application>Postfix</application> build the transport map by "
16071
18087
"entering the following from a terminal prompt:"
16072
18088
msgstr ""
16073
18089
16074
#: serverguide/C/mail.xml:950(command)
18090
#: serverguide/C/mail.xml:978(command)
16075
18091
msgid "sudo postmap -v /etc/postfix/transport"
16076
18092
msgstr ""
16077
18093
16078
#: serverguide/C/mail.xml:952(para)
18094
#: serverguide/C/mail.xml:980(para)
16079
18095
msgid "Then restart Postfix to enable the new configurations:"
16080
18096
msgstr ""
16081
18097
16082
#: serverguide/C/mail.xml:961(para)
18098
#: serverguide/C/mail.xml:989(para)
16083
18099
msgid ""
16084
18100
"Once Exim4 is installed, you can start the Exim server using the following "
16085
18101
"command from a terminal prompt:"
16086
18102
msgstr ""
16087
18103
16088
#: serverguide/C/mail.xml:977(para) serverguide/C/mail.xml:992(title)
18104
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
16089
18105
msgid "Main"
16090
18106
msgstr ""
16091
18107
16092
#: serverguide/C/mail.xml:980(para) serverguide/C/mail.xml:1032(title)
18108
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
16093
18109
msgid "Transport"
16094
18110
msgstr ""
16095
18111
16096
#: serverguide/C/mail.xml:983(para) serverguide/C/mail.xml:1055(title)
18112
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
16097
18113
msgid "Router"
16098
18114
msgstr ""
16099
18115
16100
#: serverguide/C/mail.xml:968(para)
18116
#: serverguide/C/mail.xml:996(para)
16101
18117
msgid ""
16102
18118
"In order to make mailman work with Exim4, you need to configure Exim4. As "
16103
18119
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
16109
18125
"is very important."
16110
18126
msgstr ""
16111
18127
16112
#: serverguide/C/mail.xml:999(programlisting)
18128
#: serverguide/C/mail.xml:1027(programlisting)
16113
18129
#, no-wrap
16114
18130
msgid ""
16115
18131
"\n"
16143
18159
"# end\n"
16144
18160
msgstr ""
16145
18161
16146
#: serverguide/C/mail.xml:993(para)
18162
#: serverguide/C/mail.xml:1021(para)
16147
18163
msgid ""
16148
18164
"All the configuration files belonging to the main type are stored in the "
16149
18165
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
16151
18167
"config_mailman</filename>: <placeholder-1/>"
16152
18168
msgstr ""
16153
18169
16154
#: serverguide/C/mail.xml:1039(programlisting)
18170
#: serverguide/C/mail.xml:1067(programlisting)
16155
18171
#, no-wrap
16156
18172
msgid ""
16157
18173
"\n"
16169
18185
" group = MM_GID\n"
16170
18186
msgstr ""
16171
18187
16172
#: serverguide/C/mail.xml:1033(para)
18188
#: serverguide/C/mail.xml:1061(para)
16173
18189
msgid ""
16174
18190
"All the configuration files belonging to transport type are stored in the "
16175
18191
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
16177
18193
"config_mailman</filename>: <placeholder-1/>"
16178
18194
msgstr ""
16179
18195
16180
#: serverguide/C/mail.xml:1060(programlisting)
18196
#: serverguide/C/mail.xml:1088(programlisting)
16181
18197
#, no-wrap
16182
18198
msgid ""
16183
18199
"\n"
16191
18207
" transport = mailman_transport\n"
16192
18208
msgstr ""
16193
18209
16194
#: serverguide/C/mail.xml:1056(para)
18210
#: serverguide/C/mail.xml:1084(para)
16195
18211
msgid ""
16196
18212
"All the configuration files belonging to router type are stored in the "
16197
18213
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
16199
18215
"config_mailman</filename>: <placeholder-1/>"
16200
18216
msgstr ""
16201
18217
16202
#: serverguide/C/mail.xml:1073(para)
18218
#: serverguide/C/mail.xml:1101(para)
16203
18219
msgid ""
16204
18220
"The order of main and transport configuration files can be in any order. "
16205
18221
"But, the order of router configuration files must be the same. This "
16209
18225
"details, please refer to the references section."
16210
18226
msgstr ""
16211
18227
16212
#: serverguide/C/mail.xml:1086(para)
18228
#: serverguide/C/mail.xml:1114(para)
16213
18229
msgid ""
16214
18230
"Once mailman is installed, you can run it using the following command:"
16215
18231
msgstr ""
16216
18232
16217
#: serverguide/C/mail.xml:1090(command)
18233
#: serverguide/C/mail.xml:1118(command)
16218
18234
msgid "sudo /etc/init.d/mailman start"
16219
18235
msgstr ""
16220
18236
16221
#: serverguide/C/mail.xml:1092(para)
18237
#: serverguide/C/mail.xml:1120(para)
16222
18238
msgid ""
16223
18239
"Once mailman is installed, you should create the default mailing list. Run "
16224
18240
"the following command to create the mailing list:"
16225
18241
msgstr ""
16226
18242
16227
#: serverguide/C/mail.xml:1098(command)
18243
#: serverguide/C/mail.xml:1126(command)
16228
18244
msgid "sudo /usr/sbin/newlist mailman"
16229
18245
msgstr ""
16230
18246
16231
#: serverguide/C/mail.xml:1101(programlisting)
18247
#: serverguide/C/mail.xml:1129(programlisting)
16232
18248
#, no-wrap
16233
18249
msgid ""
16234
18250
"\n"
16259
18275
" # \n"
16260
18276
msgstr ""
16261
18277
16262
#: serverguide/C/mail.xml:1124(para)
18278
#: serverguide/C/mail.xml:1152(para)
16263
18279
msgid ""
16264
18280
"We have configured either Postfix or Exim4 to recognize all emails from "
16265
18281
"mailman. So, it is not mandatory to make any new entries in "
16268
18284
"continuing to next section."
16269
18285
msgstr ""
16270
18286
16271
#: serverguide/C/mail.xml:1132(para)
18287
#: serverguide/C/mail.xml:1160(para)
16272
18288
msgid ""
16273
18289
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
16274
18290
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
16276
18292
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
16277
18293
msgstr ""
16278
18294
16279
#: serverguide/C/mail.xml:1143(title)
18295
#: serverguide/C/mail.xml:1171(title)
16280
18296
msgid "Administration"
16281
18297
msgstr ""
16282
18298
16283
#: serverguide/C/mail.xml:1144(para)
18299
#: serverguide/C/mail.xml:1172(para)
16284
18300
msgid ""
16285
18301
"We assume you have a default installation. The mailman cgi scripts are still "
16286
18302
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
16288
18304
"point your browser to the following url:"
16289
18305
msgstr ""
16290
18306
16291
#: serverguide/C/mail.xml:1152(para)
18307
#: serverguide/C/mail.xml:1180(para)
16292
18308
msgid "http://hostname/cgi-bin/mailman/admin"
16293
18309
msgstr ""
16294
18310
16295
#: serverguide/C/mail.xml:1156(para)
18311
#: serverguide/C/mail.xml:1184(para)
16296
18312
msgid ""
16297
18313
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16298
18314
"screen. If you click the mailing list name, it will ask for your "
16303
18319
"mailing list using the web interface."
16304
18320
msgstr ""
16305
18321
16306
#: serverguide/C/mail.xml:1169(title)
18322
#: serverguide/C/mail.xml:1197(title)
16307
18323
msgid "Users"
16308
18324
msgstr ""
16309
18325
16310
#: serverguide/C/mail.xml:1170(para)
18326
#: serverguide/C/mail.xml:1198(para)
16311
18327
msgid ""
16312
18328
"Mailman provides a web based interface for users. To access this page, point "
16313
18329
"your browser to the following url:"
16314
18330
msgstr ""
16315
18331
16316
#: serverguide/C/mail.xml:1175(para)
18332
#: serverguide/C/mail.xml:1203(para)
16317
18333
msgid "http://hostname/cgi-bin/mailman/listinfo"
16318
18334
msgstr ""
16319
18335
16320
#: serverguide/C/mail.xml:1179(para)
18336
#: serverguide/C/mail.xml:1207(para)
16321
18337
msgid ""
16322
18338
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16323
18339
"screen. If you click the mailing list name, it will display the subscription "
16326
18342
"instructions in the email to subscribe."
16327
18343
msgstr ""
16328
18344
16329
#: serverguide/C/mail.xml:1191(ulink)
18345
#: serverguide/C/mail.xml:1219(ulink)
16330
18346
msgid "GNU Mailman - Installation Manual"
16331
18347
msgstr ""
16332
18348
16333
#: serverguide/C/mail.xml:1195(ulink)
18349
#: serverguide/C/mail.xml:1223(ulink)
16334
18350
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
16335
18351
msgstr ""
16336
18352
16337
#: serverguide/C/mail.xml:1201(title)
18353
#: serverguide/C/mail.xml:1226(para)
18354
msgid ""
18355
"Also, see the <ulink "
18356
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18357
"Wiki</ulink> page."
18358
msgstr ""
18359
18360
#: serverguide/C/mail.xml:1232(title)
16338
18361
msgid "Mail Filtering"
16339
18362
msgstr ""
16340
18363
16341
#: serverguide/C/mail.xml:1202(para)
18364
#: serverguide/C/mail.xml:1233(para)
16342
18365
msgid ""
16343
18366
"One of the largest issues with email today is the problem of Unsolicited "
16344
18367
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
16346
18369
"the bulk of all email traffic on the Internet."
16347
18370
msgstr ""
16348
18371
16349
#: serverguide/C/mail.xml:1207(para)
18372
#: serverguide/C/mail.xml:1238(para)
16350
18373
msgid ""
16351
18374
"This section will cover integrating <application>Amavisd-new</application>, "
16352
18375
"<application>Spamassassin</application>, and "
16359
18382
"filter</application> and <application>python-policyd-spf</application>."
16360
18383
msgstr ""
16361
18384
16362
#: serverguide/C/mail.xml:1217(para)
18385
#: serverguide/C/mail.xml:1248(para)
16363
18386
msgid ""
16364
18387
"<application>Amavisd-new</application> is a wrapper program that can call "
16365
18388
"any number of content filtering programs for spam detection, antivirus, etc."
16366
18389
msgstr ""
16367
18390
16368
#: serverguide/C/mail.xml:1223(para)
18391
#: serverguide/C/mail.xml:1254(para)
16369
18392
msgid ""
16370
18393
"<application>Spamassassin</application> uses a variety of mechanisms to "
16371
18394
"filter email based on the message content."
16372
18395
msgstr ""
16373
18396
16374
#: serverguide/C/mail.xml:1228(para)
18397
#: serverguide/C/mail.xml:1259(para)
16375
18398
msgid ""
16376
18399
"<application>ClamAV</application> is an open source antivirus application."
16377
18400
msgstr ""
16378
18401
16379
#: serverguide/C/mail.xml:1233(para)
18402
#: serverguide/C/mail.xml:1264(para)
16380
18403
msgid ""
16381
18404
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
16382
18405
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
16383
18406
msgstr ""
16384
18407
16385
#: serverguide/C/mail.xml:1239(para)
18408
#: serverguide/C/mail.xml:1270(para)
16386
18409
msgid ""
16387
18410
"<application>python-policyd-spf</application> enables Sender Policy "
16388
18411
"Framework (SPF) checking with <application>Postfix</application>."
16389
18412
msgstr ""
16390
18413
16391
#: serverguide/C/mail.xml:1244(para)
18414
#: serverguide/C/mail.xml:1275(para)
16392
18415
msgid "This is how the pieces fit together:"
16393
18416
msgstr ""
16394
18417
16395
#: serverguide/C/mail.xml:1249(para)
18418
#: serverguide/C/mail.xml:1280(para)
16396
18419
msgid "An email message is accepted by <application>Postfix</application>."
16397
18420
msgstr ""
16398
18421
16399
#: serverguide/C/mail.xml:1254(para)
18422
#: serverguide/C/mail.xml:1285(para)
16400
18423
msgid ""
16401
18424
"The message is passed through any external filters <application>dkim-"
16402
18425
"filter</application> and <application>python-policyd-spf</application> in "
16403
18426
"this case."
16404
18427
msgstr ""
16405
18428
16406
#: serverguide/C/mail.xml:1260(para)
18429
#: serverguide/C/mail.xml:1291(para)
16407
18430
msgid "<application>Amavisd-new</application> then processes the message."
16408
18431
msgstr ""
16409
18432
16410
#: serverguide/C/mail.xml:1265(para)
18433
#: serverguide/C/mail.xml:1296(para)
16411
18434
msgid ""
16412
18435
"<application>ClamAV</application> is used to scan the message. If the "
16413
18436
"message contains a virus <application>Postfix</application> will reject the "
16414
18437
"message."
16415
18438
msgstr ""
16416
18439
16417
#: serverguide/C/mail.xml:1271(para)
18440
#: serverguide/C/mail.xml:1302(para)
16418
18441
msgid ""
16419
18442
"Clean messages will then be analyzed by "
16420
18443
"<application>Spamassassin</application> to find out if the message is spam. "
16423
18446
"message."
16424
18447
msgstr ""
16425
18448
16426
#: serverguide/C/mail.xml:1278(para)
18449
#: serverguide/C/mail.xml:1309(para)
16427
18450
msgid ""
16428
18451
"For example, if a message has a Spam score of over fifty the message could "
16429
18452
"be automatically dropped from the queue without the recipient ever having to "
16432
18455
"see fit."
16433
18456
msgstr ""
16434
18457
16435
#: serverguide/C/mail.xml:1285(para)
18458
#: serverguide/C/mail.xml:1316(para)
16436
18459
msgid ""
16437
18460
"See <xref linkend=\"postfix\"/> for instructions on installing and "
16438
18461
"configuring Postfix."
16439
18462
msgstr ""
16440
18463
16441
#: serverguide/C/mail.xml:1288(para)
18464
#: serverguide/C/mail.xml:1319(para)
16442
18465
msgid ""
16443
18466
"To install the rest of the applications enter the following from a terminal "
16444
18467
"prompt:"
16445
18468
msgstr ""
16446
18469
16447
#: serverguide/C/mail.xml:1292(command)
18470
#: serverguide/C/mail.xml:1323(command)
16448
18471
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
16449
18472
msgstr ""
16450
18473
16451
#: serverguide/C/mail.xml:1293(command)
18474
#: serverguide/C/mail.xml:1324(command)
16452
18475
msgid "sudo apt-get install dkim-filter python-policyd-spf"
16453
18476
msgstr ""
16454
18477
16455
#: serverguide/C/mail.xml:1295(para)
18478
#: serverguide/C/mail.xml:1326(para)
16456
18479
msgid ""
16457
18480
"There are some optional packages that integrate with "
16458
18481
"<application>Spamassassin</application> for better spam detection:"
16459
18482
msgstr ""
16460
18483
16461
#: serverguide/C/mail.xml:1299(command)
18484
#: serverguide/C/mail.xml:1330(command)
16462
18485
msgid "sudo apt-get install pyzor razor"
16463
18486
msgstr ""
16464
18487
16465
#: serverguide/C/mail.xml:1301(para)
18488
#: serverguide/C/mail.xml:1332(para)
16466
18489
msgid ""
16467
18490
"Along with the main filtering applications compression utilities are needed "
16468
18491
"to process some email attachments:"
16469
18492
msgstr ""
16470
18493
16471
#: serverguide/C/mail.xml:1305(command)
18494
#: serverguide/C/mail.xml:1336(command)
16472
18495
msgid ""
16473
18496
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
16474
18497
msgstr ""
16475
18498
16476
#: serverguide/C/mail.xml:1310(para)
18499
#: serverguide/C/mail.xml:1339(para)
18500
msgid ""
18501
"If some packages are not found, check that the "
18502
"<emphasis>multiverse</emphasis> repository is enabled in "
18503
"<filename>/etc/apt/sources.list</filename>"
18504
msgstr ""
18505
18506
#: serverguide/C/mail.xml:1340(para)
18507
msgid ""
18508
"If you make changes to the file, be sure to run <command>sudo apt-get "
18509
"update</command> before trying to install again."
18510
msgstr ""
18511
18512
#: serverguide/C/mail.xml:1345(para)
16477
18513
msgid "Now configure everything to work together and filter email."
16478
18514
msgstr ""
16479
18515
16480
#: serverguide/C/mail.xml:1314(title)
18516
#: serverguide/C/mail.xml:1349(title)
16481
18517
msgid "ClamAV"
16482
18518
msgstr ""
16483
18519
16484
#: serverguide/C/mail.xml:1315(para)
18520
#: serverguide/C/mail.xml:1350(para)
16485
18521
msgid ""
16486
18522
"The default behaviour of <application>ClamAV</application> will fit our "
16487
18523
"needs. For more ClamAV configuration options, check the configuration files "
16488
18524
"in <filename>/etc/clamav</filename>."
16489
18525
msgstr ""
16490
18526
16491
#: serverguide/C/mail.xml:1320(para)
18527
#: serverguide/C/mail.xml:1355(para)
16492
18528
msgid ""
16493
18529
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
16494
18530
"group in order for <application>Amavisd-new</application> to have the "
16495
18531
"appropriate access to scan files:"
16496
18532
msgstr ""
16497
18533
16498
#: serverguide/C/mail.xml:1325(command)
18534
#: serverguide/C/mail.xml:1360(command)
16499
18535
msgid "sudo adduser clamav amavis"
16500
18536
msgstr ""
16501
18537
16502
#: serverguide/C/mail.xml:1329(title)
18538
#: serverguide/C/mail.xml:1364(title)
16503
18539
msgid "Spamassassin"
16504
18540
msgstr ""
16505
18541
16506
#: serverguide/C/mail.xml:1330(para)
18542
#: serverguide/C/mail.xml:1365(para)
16507
18543
msgid ""
16508
18544
"Spamassassin automatically detects optional components and will use them if "
16509
18545
"they are present. This means that there is no need to configure "
16510
18546
"<application>pyzor</application> and <application>razor</application>."
16511
18547
msgstr ""
16512
18548
16513
#: serverguide/C/mail.xml:1334(para)
18549
#: serverguide/C/mail.xml:1369(para)
16514
18550
msgid ""
16515
18551
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
16516
18552
"<application>Spamassassin</application> daemon. Change "
16517
18553
"<emphasis>ENABLED=0</emphasis> to:"
16518
18554
msgstr ""
16519
18555
16520
#: serverguide/C/mail.xml:1338(programlisting)
18556
#: serverguide/C/mail.xml:1373(programlisting)
16521
18557
#, no-wrap
16522
18558
msgid ""
16523
18559
"\n"
16524
18560
"ENABLED=1\n"
16525
18561
msgstr ""
16526
18562
16527
#: serverguide/C/mail.xml:1341(para)
18563
#: serverguide/C/mail.xml:1376(para)
16528
18564
msgid "Now start the daemon:"
16529
18565
msgstr ""
16530
18566
16531
#: serverguide/C/mail.xml:1345(command)
18567
#: serverguide/C/mail.xml:1380(command)
16532
18568
msgid "sudo /etc/init.d/spamassassin start"
16533
18569
msgstr ""
16534
18570
16535
#: serverguide/C/mail.xml:1349(title)
18571
#: serverguide/C/mail.xml:1384(title)
16536
18572
msgid "Amavisd-new"
16537
18573
msgstr ""
16538
18574
16539
#: serverguide/C/mail.xml:1350(para)
18575
#: serverguide/C/mail.xml:1385(para)
16540
18576
msgid ""
16541
18577
"First activate spam and antivirus detection in <application>Amavisd-"
16542
18578
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
16543
18579
"content_filter_mode</filename>:"
16544
18580
msgstr ""
16545
18581
16546
#: serverguide/C/mail.xml:1354(programlisting)
18582
#: serverguide/C/mail.xml:1389(programlisting)
16547
18583
#, no-wrap
16548
18584
msgid ""
16549
18585
"\n"
16574
18610
"1; # insure a defined return\n"
16575
18611
msgstr ""
16576
18612
16577
#: serverguide/C/mail.xml:1379(para)
18613
#: serverguide/C/mail.xml:1414(para)
16578
18614
msgid ""
16579
18615
"Bouncing spam can be a bad idea as the return address is often faked. "
16580
18616
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
16582
18618
"D_BOUNCE, as follows:"
16583
18619
msgstr ""
16584
18620
16585
#: serverguide/C/mail.xml:1385(programlisting)
18621
#: serverguide/C/mail.xml:1420(programlisting)
16586
18622
#, no-wrap
16587
18623
msgid ""
16588
18624
"\n"
16589
18625
"$final_spam_destiny = D_DISCARD;\n"
16590
18626
msgstr ""
16591
18627
16592
#: serverguide/C/mail.xml:1389(para)
18628
#: serverguide/C/mail.xml:1424(para)
16593
18629
msgid ""
16594
18630
"Additionally, you may want to adjust the following options to flag more "
16595
18631
"messages as spam:"
16596
18632
msgstr ""
16597
18633
16598
#: serverguide/C/mail.xml:1393(programlisting)
18634
#: serverguide/C/mail.xml:1428(programlisting)
16599
18635
#, no-wrap
16600
18636
msgid ""
16601
18637
"\n"
16606
18642
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
16607
18643
msgstr ""
16608
18644
16609
#: serverguide/C/mail.xml:1400(para)
18645
#: serverguide/C/mail.xml:1435(para)
16610
18646
msgid ""
16611
18647
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
16612
18648
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
16615
18651
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
16616
18652
msgstr ""
16617
18653
16618
#: serverguide/C/mail.xml:1407(programlisting)
18654
#: serverguide/C/mail.xml:1442(programlisting)
16619
18655
#, no-wrap
16620
18656
msgid ""
16621
18657
"\n"
16623
18659
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
16624
18660
msgstr ""
16625
18661
16626
#: serverguide/C/mail.xml:1412(para)
18662
#: serverguide/C/mail.xml:1447(para)
16627
18663
msgid ""
16628
18664
"After configuration <application>Amavisd-new</application> needs to be "
16629
18665
"restarted:"
16630
18666
msgstr ""
16631
18667
16632
#: serverguide/C/mail.xml:1416(command) serverguide/C/mail.xml:1462(command)
18668
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
16633
18669
msgid "sudo /etc/init.d/amavis restart"
16634
18670
msgstr ""
16635
18671
16636
#: serverguide/C/mail.xml:1419(title)
18672
#: serverguide/C/mail.xml:1454(title)
16637
18673
msgid "DKIM Whitelist"
16638
18674
msgstr ""
16639
18675
16640
#: serverguide/C/mail.xml:1421(para)
18676
#: serverguide/C/mail.xml:1456(para)
16641
18677
msgid ""
16642
18678
"<application>Amavisd-new</application> can be configured to automatically "
16643
18679
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
16645
18681
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
16646
18682
msgstr ""
16647
18683
16648
#: serverguide/C/mail.xml:1427(para)
18684
#: serverguide/C/mail.xml:1462(para)
16649
18685
msgid "There are multiple ways to configure the Whitelist for a domain:"
16650
18686
msgstr ""
16651
18687
16652
#: serverguide/C/mail.xml:1433(para)
18688
#: serverguide/C/mail.xml:1468(para)
16653
18689
msgid ""
16654
18690
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16655
18691
"address from the \"example.com\" domain."
16656
18692
msgstr ""
16657
18693
16658
#: serverguide/C/mail.xml:1438(para)
18694
#: serverguide/C/mail.xml:1473(para)
16659
18695
msgid ""
16660
18696
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16661
18697
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
16662
18698
"have a valid signature."
16663
18699
msgstr ""
16664
18700
16665
#: serverguide/C/mail.xml:1444(para)
18701
#: serverguide/C/mail.xml:1479(para)
16666
18702
msgid ""
16667
18703
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
16668
18704
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
16669
18705
"role=\"italic\">example.com</emphasis> the parent domain."
16670
18706
msgstr ""
16671
18707
16672
#: serverguide/C/mail.xml:1450(para)
18708
#: serverguide/C/mail.xml:1485(para)
16673
18709
msgid ""
16674
18710
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
16675
18711
"that have a valid signature from \"example.com\". This is usually used for "
16676
18712
"discussion groups that sign thier messages."
16677
18713
msgstr ""
16678
18714
16679
#: serverguide/C/mail.xml:1457(para)
18715
#: serverguide/C/mail.xml:1492(para)
16680
18716
msgid ""
16681
18717
"A domain can also have multiple Whitelist configurations. After, editing the "
16682
18718
"file restart <application>amaisd-new</application>:"
16683
18719
msgstr ""
16684
18720
16685
#: serverguide/C/mail.xml:1466(para)
18721
#: serverguide/C/mail.xml:1501(para)
16686
18722
msgid ""
16687
18723
"In this context, once a domain has been added to the Whitelist the message "
16688
18724
"will not receive any anti-virus or spam filtering. This may or may not be "
16689
18725
"the intended behavior you wish for a domain."
16690
18726
msgstr ""
16691
18727
16692
#: serverguide/C/mail.xml:1476(para)
18728
#: serverguide/C/mail.xml:1511(para)
16693
18729
msgid ""
16694
18730
"For <application>Postfix</application> integration, enter the following from "
16695
18731
"a terminal prompt:"
16696
18732
msgstr ""
16697
18733
16698
#: serverguide/C/mail.xml:1480(command)
18734
#: serverguide/C/mail.xml:1515(command)
16699
18735
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
16700
18736
msgstr ""
16701
18737
16702
#: serverguide/C/mail.xml:1482(para)
18738
#: serverguide/C/mail.xml:1517(para)
16703
18739
msgid ""
16704
18740
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
16705
18741
"to the end of the file:"
16706
18742
msgstr ""
16707
18743
16708
#: serverguide/C/mail.xml:1485(programlisting)
18744
#: serverguide/C/mail.xml:1520(programlisting)
16709
18745
#, no-wrap
16710
18746
msgid ""
16711
18747
"\n"
16737
18773
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
16738
18774
msgstr ""
16739
18775
16740
#: serverguide/C/mail.xml:1512(para)
18776
#: serverguide/C/mail.xml:1547(para)
16741
18777
msgid ""
16742
18778
"Also add the following two lines immediately below the "
16743
18779
"<emphasis>\"pickup\"</emphasis> transport service:"
16744
18780
msgstr ""
16745
18781
16746
#: serverguide/C/mail.xml:1515(programlisting)
18782
#: serverguide/C/mail.xml:1550(programlisting)
16747
18783
#, no-wrap
16748
18784
msgid ""
16749
18785
"\n"
16751
18787
" -o receive_override_options=no_header_body_checks\n"
16752
18788
msgstr ""
16753
18789
16754
#: serverguide/C/mail.xml:1519(para)
18790
#: serverguide/C/mail.xml:1554(para)
16755
18791
msgid ""
16756
18792
"This will prevent messages that are generated to report on spam from being "
16757
18793
"classified as spam."
16758
18794
msgstr ""
16759
18795
16760
#: serverguide/C/mail.xml:1522(para)
18796
#: serverguide/C/mail.xml:1557(para)
16761
18797
msgid "Now restart <application>Postfix</application>:"
16762
18798
msgstr ""
16763
18799
16764
#: serverguide/C/mail.xml:1528(para)
18800
#: serverguide/C/mail.xml:1563(para)
16765
18801
msgid "Content filtering with spam and virus detection is now enabled."
16766
18802
msgstr ""
16767
18803
16768
#: serverguide/C/mail.xml:1535(para)
18804
#: serverguide/C/mail.xml:1570(para)
16769
18805
msgid ""
16770
18806
"First, test that the <application>Amavisd-new</application> SMTP is "
16771
18807
"listening:"
16772
18808
msgstr ""
16773
18809
16774
#: serverguide/C/mail.xml:1538(programlisting)
18810
#: serverguide/C/mail.xml:1573(programlisting)
16775
18811
#, no-wrap
16776
18812
msgid ""
16777
18813
"\n"
16783
18819
"^]\n"
16784
18820
msgstr ""
16785
18821
16786
#: serverguide/C/mail.xml:1546(para)
18822
#: serverguide/C/mail.xml:1581(para)
16787
18823
msgid ""
16788
18824
"In the Header of messages that go through the content filter you should see:"
16789
18825
msgstr ""
16790
18826
16791
#: serverguide/C/mail.xml:1549(programlisting)
18827
#: serverguide/C/mail.xml:1584(programlisting)
16792
18828
#, no-wrap
16793
18829
msgid ""
16794
18830
"\n"
16799
18835
"X-Spam-Level: \n"
16800
18836
msgstr ""
16801
18837
16802
#: serverguide/C/mail.xml:1556(para)
18838
#: serverguide/C/mail.xml:1591(para)
16803
18839
msgid ""
16804
18840
"Your output will vary, but the important thing is that there are <emphasis>X-"
16805
18841
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
16806
18842
msgstr ""
16807
18843
16808
#: serverguide/C/mail.xml:1564(para)
18844
#: serverguide/C/mail.xml:1599(para)
16809
18845
msgid ""
16810
18846
"The best way to figure out why something is going wrong is to check the log "
16811
18847
"files."
16812
18848
msgstr ""
16813
18849
16814
#: serverguide/C/mail.xml:1569(para)
18850
#: serverguide/C/mail.xml:1604(para)
16815
18851
msgid ""
16816
18852
"For instructions on <application>Postfix</application> logging see the <xref "
16817
18853
"linkend=\"postfix-troubleshooting\"/> section."
16818
18854
msgstr ""
16819
18855
16820
#: serverguide/C/mail.xml:1575(para)
18856
#: serverguide/C/mail.xml:1610(para)
16821
18857
msgid ""
16822
18858
"<application>Amavisd-new</application> uses "
16823
18859
"<application>Syslog</application> to send messages to "
16827
18863
"1 to 5."
16828
18864
msgstr ""
16829
18865
16830
#: serverguide/C/mail.xml:1580(programlisting)
18866
#: serverguide/C/mail.xml:1615(programlisting)
16831
18867
#, no-wrap
16832
18868
msgid ""
16833
18869
"\n"
16834
18870
"$log_level = 2;\n"
16835
18871
msgstr ""
16836
18872
16837
#: serverguide/C/mail.xml:1584(para)
18873
#: serverguide/C/mail.xml:1619(para)
16838
18874
msgid ""
16839
18875
"When the <application>Amavisd-new</application> log output is increased "
16840
18876
"<application>Spamassassin</application> log output is also increased."
16841
18877
msgstr ""
16842
18878
16843
#: serverguide/C/mail.xml:1591(para)
18879
#: serverguide/C/mail.xml:1626(para)
16844
18880
msgid ""
16845
18881
"The <application>ClamAV</application> log level can be increased by editing "
16846
18882
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
16847
18883
msgstr ""
16848
18884
16849
#: serverguide/C/mail.xml:1595(programlisting)
18885
#: serverguide/C/mail.xml:1630(programlisting)
16850
18886
#, no-wrap
16851
18887
msgid ""
16852
18888
"\n"
16853
18889
"LogVerbose true\n"
16854
18890
msgstr ""
16855
18891
16856
#: serverguide/C/mail.xml:1598(para)
18892
#: serverguide/C/mail.xml:1633(para)
16857
18893
msgid ""
16858
18894
"By default <application>ClamAV</application> will send log messages to "
16859
18895
"<filename>/var/log/clamav/clamav.log</filename>."
16860
18896
msgstr ""
16861
18897
16862
#: serverguide/C/mail.xml:1604(para)
18898
#: serverguide/C/mail.xml:1639(para)
16863
18899
msgid ""
16864
18900
"After changing an applications log settings remember to restart the service "
16865
18901
"for the new settings to take affect. Also, once the issue you are "
16867
18903
"back to normal."
16868
18904
msgstr ""
16869
18905
16870
#: serverguide/C/mail.xml:1612(para)
18906
#: serverguide/C/mail.xml:1647(para)
16871
18907
msgid "For more information on filtering mail see the following links:"
16872
18908
msgstr ""
16873
18909
16874
#: serverguide/C/mail.xml:1618(ulink)
18910
#: serverguide/C/mail.xml:1653(ulink)
16875
18911
msgid "Amavisd-new Documentation"
16876
18912
msgstr ""
16877
18913
16878
#: serverguide/C/mail.xml:1622(para)
18914
#: serverguide/C/mail.xml:1657(para)
16879
18915
msgid ""
16880
18916
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
16881
18917
"Documentation</ulink> and <ulink "
16882
18918
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
16883
18919
msgstr ""
16884
18920
16885
#: serverguide/C/mail.xml:1629(ulink)
18921
#: serverguide/C/mail.xml:1664(ulink)
16886
18922
msgid "Spamassassin Wiki"
16887
18923
msgstr ""
16888
18924
16889
#: serverguide/C/mail.xml:1634(ulink)
18925
#: serverguide/C/mail.xml:1669(ulink)
16890
18926
msgid "Pyzor Homepage"
16891
18927
msgstr ""
16892
18928
16893
#: serverguide/C/mail.xml:1639(ulink)
18929
#: serverguide/C/mail.xml:1674(ulink)
16894
18930
msgid "Razor Homepage"
16895
18931
msgstr ""
16896
18932
16897
#: serverguide/C/mail.xml:1644(ulink)
18933
#: serverguide/C/mail.xml:1679(ulink)
16898
18934
msgid "DKIM.org"
16899
18935
msgstr ""
16900
18936
16901
#: serverguide/C/mail.xml:1648(para)
18937
#: serverguide/C/mail.xml:1684(ulink)
18938
msgid "Postfix Amavis New"
18939
msgstr ""
18940
18941
#: serverguide/C/mail.xml:1688(para)
16902
18942
msgid ""
16903
18943
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
16904
18944
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
17197
19237
"Wiki</ulink>."
17198
19238
msgstr ""
17199
19239
17200
#: serverguide/C/lamp-applications.xml:272(title)
19240
#: serverguide/C/lamp-applications.xml:268(para)
19241
msgid ""
19242
"Also, see the <ulink "
19243
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19244
"MoinMoin</ulink> page."
19245
msgstr ""
19246
19247
#: serverguide/C/lamp-applications.xml:277(title)
17201
19248
msgid "MediaWiki"
17202
19249
msgstr ""
17203
19250
17204
#: serverguide/C/lamp-applications.xml:274(para)
19251
#: serverguide/C/lamp-applications.xml:279(para)
17205
19252
msgid ""
17206
19253
"MediaWiki is an web based Wiki software written in the PHP language. It can "
17207
19254
"either use <application>MySQL</application> or "
17208
19255
"<application>PostgreSQL</application> Database Management System."
17209
19256
msgstr ""
17210
19257
17211
#: serverguide/C/lamp-applications.xml:284(para)
19258
#: serverguide/C/lamp-applications.xml:289(para)
17212
19259
msgid ""
17213
19260
"Before installing <application>MediaWiki</application> you should also "
17214
19261
"install <application>Apache2</application>, the "
17219
19266
"installation instructions."
17220
19267
msgstr ""
17221
19268
17222
#: serverguide/C/lamp-applications.xml:292(para)
19269
#: serverguide/C/lamp-applications.xml:297(para)
17223
19270
msgid ""
17224
19271
"To install <application>MediaWiki</application>, run the following command "
17225
19272
"in the command prompt:"
17226
19273
msgstr ""
17227
19274
17228
#: serverguide/C/lamp-applications.xml:298(command)
19275
#: serverguide/C/lamp-applications.xml:303(command)
17229
19276
msgid "sudo apt-get install mediawiki php5-gd"
17230
19277
msgstr ""
17231
19278
17232
#: serverguide/C/lamp-applications.xml:301(para)
19279
#: serverguide/C/lamp-applications.xml:306(para)
17233
19280
msgid ""
17234
19281
"For additional <application>MediaWiki</application> functionality see the "
17235
19282
"<application>mediawiki-extensions</application> package."
17236
19283
msgstr ""
17237
19284
17238
#: serverguide/C/lamp-applications.xml:311(para)
19285
#: serverguide/C/lamp-applications.xml:316(para)
17239
19286
msgid ""
17240
19287
"The Apache configuration file <filename>mediawiki.conf</filename> for "
17241
19288
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
17243
19290
"MediaWiki application."
17244
19291
msgstr ""
17245
19292
17246
#: serverguide/C/lamp-applications.xml:319(screen)
19293
#: serverguide/C/lamp-applications.xml:324(screen)
17247
19294
#, no-wrap
17248
19295
msgid ""
17249
19296
"\n"
17250
19297
"# Alias /mediawiki /var/lib/mediawiki\n"
17251
19298
msgstr ""
17252
19299
17253
#: serverguide/C/lamp-applications.xml:323(para)
19300
#: serverguide/C/lamp-applications.xml:328(para)
17254
19301
msgid ""
17255
19302
"After you uncomment the above line, restart Apache server and access "
17256
19303
"MediaWiki using the following url:"
17257
19304
msgstr ""
17258
19305
17259
#: serverguide/C/lamp-applications.xml:328(programlisting)
19306
#: serverguide/C/lamp-applications.xml:333(programlisting)
17260
19307
#, no-wrap
17261
19308
msgid ""
17262
19309
"\n"
17263
19310
"http://localhost/mediawiki/config/index.php\n"
17264
19311
msgstr ""
17265
19312
17266
#: serverguide/C/lamp-applications.xml:333(para)
19313
#: serverguide/C/lamp-applications.xml:338(para)
17267
19314
msgid ""
17268
19315
"Please read the <quote>Checking environment...</quote> section in this page. "
17269
19316
"You should be able to fix many issues by carefully reading this section."
17270
19317
msgstr ""
17271
19318
17272
#: serverguide/C/lamp-applications.xml:340(para)
19319
#: serverguide/C/lamp-applications.xml:345(para)
17273
19320
msgid ""
17274
19321
"Once the configuration is complete, you should copy the "
17275
"<filename>/var/lib/mediawiki/LocalSettings.php</filename> file to "
17276
"<filename>/etc/mediawiki</filename> directory."
17277
msgstr ""
17278
17279
#: serverguide/C/lamp-applications.xml:348(title)
19322
"<filename>LocalSettings.php</filename> file to "
19323
"<filename>/etc/mediawiki</filename> directory:"
19324
msgstr ""
19325
19326
#: serverguide/C/lamp-applications.xml:352(command)
19327
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19328
msgstr ""
19329
19330
#: serverguide/C/lamp-applications.xml:355(para)
19331
msgid ""
19332
"You may also want to edit "
19333
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19334
msgstr ""
19335
19336
#: serverguide/C/lamp-applications.xml:360(programlisting)
19337
#, no-wrap
19338
msgid ""
19339
"\n"
19340
"ini_set( 'memory_limit', '64M' );\n"
19341
msgstr ""
19342
19343
#: serverguide/C/lamp-applications.xml:367(title)
17280
19344
msgid "Extensions"
17281
19345
msgstr ""
17282
19346
17283
#: serverguide/C/lamp-applications.xml:349(para)
19347
#: serverguide/C/lamp-applications.xml:368(para)
17284
19348
msgid ""
17285
19349
"The extensions add new features and enhancements for the MediaWiki "
17286
19350
"application. The extensions give wiki administrators and end users the "
17287
19351
"ability to customize MediaWiki to their requirements."
17288
19352
msgstr ""
17289
19353
17290
#: serverguide/C/lamp-applications.xml:355(para)
19354
#: serverguide/C/lamp-applications.xml:374(para)
17291
19355
msgid ""
17292
19356
"You can download MediaWiki extensions as an archive file or checkout from "
17293
19357
"the Subversion repository. You should copy it to "
17296
19360
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
17297
19361
msgstr ""
17298
19362
17299
#: serverguide/C/lamp-applications.xml:363(programlisting)
19363
#: serverguide/C/lamp-applications.xml:382(programlisting)
17300
19364
#, no-wrap
17301
19365
msgid ""
17302
19366
"\n"
17303
19367
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
17304
19368
msgstr ""
17305
19369
17306
#: serverguide/C/lamp-applications.xml:373(para)
19370
#: serverguide/C/lamp-applications.xml:392(para)
17307
19371
msgid ""
17308
19372
"For more details, please refer to the <ulink "
17309
19373
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
17310
19374
msgstr ""
17311
19375
17312
#: serverguide/C/lamp-applications.xml:379(para)
19376
#: serverguide/C/lamp-applications.xml:398(para)
17313
19377
msgid ""
17314
19378
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
17315
19379
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
17316
19380
"new MediaWiki administrators."
17317
19381
msgstr ""
17318
19382
17319
#: serverguide/C/lamp-applications.xml:389(title)
19383
#: serverguide/C/lamp-applications.xml:404(para)
19384
msgid ""
19385
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19386
"Wiki MediaWiki</ulink> page is a good resource."
19387
msgstr ""
19388
19389
#: serverguide/C/lamp-applications.xml:414(title)
17320
19390
msgid "phpMyAdmin"
17321
19391
msgstr ""
17322
19392
17323
#: serverguide/C/lamp-applications.xml:391(para)
19393
#: serverguide/C/lamp-applications.xml:416(para)
17324
19394
msgid ""
17325
19395
"<application>phpMyAdmin</application> is a LAMP application specifically "
17326
19396
"written for administering <application>MySQL</application> servers. Written "
17328
19398
"phpMyAdmin provides a graphical interface for database administration tasks."
17329
19399
msgstr ""
17330
19400
17331
#: serverguide/C/lamp-applications.xml:400(para)
19401
#: serverguide/C/lamp-applications.xml:425(para)
17332
19402
msgid ""
17333
19403
"Before installing <application>phpMyAdmin</application> you will need access "
17334
19404
"to a <application>MySQL</application> database either on the same host as "
17337
19407
"enter:"
17338
19408
msgstr ""
17339
19409
17340
#: serverguide/C/lamp-applications.xml:407(command)
19410
#: serverguide/C/lamp-applications.xml:432(command)
17341
19411
msgid "sudo apt-get install phpmyadmin"
17342
19412
msgstr ""
17343
19413
17344
#: serverguide/C/lamp-applications.xml:410(para)
19414
#: serverguide/C/lamp-applications.xml:435(para)
17345
19415
msgid ""
17346
19416
"At the prompt choose which web server to be configured for "
17347
19417
"<application>phpMyAdmin</application>. The rest of this section will use "
17348
19418
"<application>Apache2</application> for the web server."
17349
19419
msgstr ""
17350
19420
17351
#: serverguide/C/lamp-applications.xml:415(para)
19421
#: serverguide/C/lamp-applications.xml:440(para)
17352
19422
msgid ""
17353
19423
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
17354
19424
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
17358
19428
"password."
17359
19429
msgstr ""
17360
19430
17361
#: serverguide/C/lamp-applications.xml:422(para)
19431
#: serverguide/C/lamp-applications.xml:447(para)
17362
19432
msgid ""
17363
19433
"Once logged in you can reset the <emphasis>root</emphasis> password if "
17364
19434
"needed, create users, create/destroy databases and tables, etc."
17365
19435
msgstr ""
17366
19436
17367
#: serverguide/C/lamp-applications.xml:430(para)
19437
#: serverguide/C/lamp-applications.xml:455(para)
17368
19438
msgid ""
17369
19439
"The configuration files for <application>phpMyAdmin</application> are "
17370
19440
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
17373
19443
"<application>phpMyAdmin</application>."
17374
19444
msgstr ""
17375
19445
17376
#: serverguide/C/lamp-applications.xml:436(para)
19446
#: serverguide/C/lamp-applications.xml:461(para)
17377
19447
msgid ""
17378
19448
"To use <application>phpMyAdmin</application> to administer a MySQL database "
17379
19449
"hosted on another server, adjust the following in "
17380
19450
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
17381
19451
msgstr ""
17382
19452
17383
#: serverguide/C/lamp-applications.xml:441(programlisting)
19453
#: serverguide/C/lamp-applications.xml:466(programlisting)
17384
19454
#, no-wrap
17385
19455
msgid ""
17386
19456
"\n"
17387
19457
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
17388
19458
msgstr ""
17389
19459
17390
#: serverguide/C/lamp-applications.xml:446(para)
19460
#: serverguide/C/lamp-applications.xml:471(para)
17391
19461
msgid ""
17392
19462
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
17393
19463
"remote database server name or IP address. Also, be sure that the "
17395
19465
"remote database."
17396
19466
msgstr ""
17397
19467
17398
#: serverguide/C/lamp-applications.xml:452(para)
19468
#: serverguide/C/lamp-applications.xml:477(para)
17399
19469
msgid ""
17400
19470
"Once configured, log out of <application>phpMyAdmin</application> and back "
17401
19471
"in, and you should be accessing the new server."
17402
19472
msgstr ""
17403
19473
17404
#: serverguide/C/lamp-applications.xml:456(para)
19474
#: serverguide/C/lamp-applications.xml:481(para)
17405
19475
msgid ""
17406
19476
"The <filename>config.header.inc.php</filename> and "
17407
19477
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
17408
19478
"header and footer to <application>phpMyAdmin</application>."
17409
19479
msgstr ""
17410
19480
17411
#: serverguide/C/lamp-applications.xml:461(para)
19481
#: serverguide/C/lamp-applications.xml:486(para)
17412
19482
msgid ""
17413
19483
"Another important configuration file is "
17414
19484
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
17420
19490
"linkend=\"httpd\"/>."
17421
19491
msgstr ""
17422
19492
17423
#: serverguide/C/lamp-applications.xml:475(para)
19493
#: serverguide/C/lamp-applications.xml:500(para)
17424
19494
msgid ""
17425
19495
"The <application>phpMyAdmin</application> documentation comes installed with "
17426
19496
"the package and can be accessed from the <emphasis>phpMyAdmin "
17429
19499
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
17430
19500
msgstr ""
17431
19501
17432
#: serverguide/C/lamp-applications.xml:482(para)
19502
#: serverguide/C/lamp-applications.xml:507(para)
17433
19503
msgid ""
17434
19504
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
17435
19505
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
17436
19506
msgstr ""
17437
19507
19508
#: serverguide/C/lamp-applications.xml:512(para)
19509
msgid ""
19510
"A third resource is the <ulink "
19511
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19512
"Wiki</ulink> page."
19513
msgstr ""
19514
17438
19515
#: serverguide/C/introduction.xml:14(para)
17439
19516
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
17440
19517
msgstr ""
17451
19528
"This guide assumes you have a basic understanding of your Ubuntu system. "
17452
19529
"Some installation details are covered in <xref linkend=\"installation\"/>, "
17453
19530
"but if you need detailed instructions installing Ubuntu please refer to the "
17454
"<ulink url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu "
19531
"<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
17455
19532
"Installation Guide</ulink>."
17456
19533
msgstr ""
17457
19534
17471
19548
msgstr ""
17472
19549
17473
19550
#: serverguide/C/introduction.xml:36(command)
17474
msgid "w3m /usr/share/ubuntu-serverguide/html/en_GB/index.html"
19551
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
17475
19552
msgstr ""
17476
19553
17477
19554
#: serverguide/C/introduction.xml:39(para)
17478
msgid "Replace <emphasis>en_GB</emphasis> with your language localization."
19555
msgid ""
19556
"If you are using a localized version of Ubuntu, replace "
19557
"<emphasis>C</emphasis> with your language localization (e.g. "
19558
"<emphasis>en_GB</emphasis>)."
17479
19559
msgstr ""
17480
19560
17481
19561
#: serverguide/C/introduction.xml:53(title)
17484
19564
17485
19565
#: serverguide/C/introduction.xml:55(para)
17486
19566
msgid ""
17487
"There a couple of different ways that Ubuntu Server Edition is supported, "
17488
"commercial support and community support. The main commercial support (and "
17489
"development funding) is available from Canonical Ltd. They supply reasonably "
17490
"priced support contracts on a per desktop or per server basis. For more "
17491
"information see the <ulink "
19567
"There are a couple of different ways that Ubuntu Server Edition is "
19568
"supported, commercial support and community support. The main commercial "
19569
"support (and development funding) is available from Canonical Ltd. They "
19570
"supply reasonably priced support contracts on a per desktop or per server "
19571
"basis. For more information see the <ulink "
17492
19572
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
17493
19573
"page."
17494
19574
msgstr ""
17506
19586
17507
19587
#: serverguide/C/installation.xml:14(para)
17508
19588
msgid ""
17509
"This chapter provides a quick overview of installing Ubuntu 9.10 Server "
19589
"This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
17510
19590
"Edition. For more detailed instructions, please refer to the <ulink "
17511
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
17512
"Guide</ulink>."
19591
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
19592
"Installation Guide</ulink>."
17513
19593
msgstr ""
17514
19594
17515
19595
#: serverguide/C/installation.xml:19(title)
17528
19608
17529
19609
#: serverguide/C/installation.xml:25(para)
17530
19610
msgid ""
17531
"Ubuntu 9.10 Server Edition supports two (2) major architectures: Intel x86 "
17532
"and AMD64. The table below lists recommended hardware specifications. "
19611
"Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
19612
"x86 and AMD64. The table below lists recommended hardware specifications. "
17533
19613
"Depending on your needs, you might manage with less than this. However, most "
17534
19614
"users risk being frustrated if they ignore these suggestions."
17535
19615
msgstr ""
17581
19661
"services, such as file/print services, web hosting, email hosting, etc."
17582
19662
msgstr ""
17583
19663
17584
#: serverguide/C/installation.xml:62(title)
19664
#: serverguide/C/installation.xml:60(para)
19665
msgid ""
19666
"The requirements for UEC are slightly different for Front End requirements "
19667
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19668
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19669
msgstr ""
19670
19671
#: serverguide/C/installation.xml:68(title)
17585
19672
msgid "Server and Desktop Differences"
17586
19673
msgstr ""
17587
19674
17588
#: serverguide/C/installation.xml:63(para)
19675
#: serverguide/C/installation.xml:69(para)
17589
19676
msgid ""
17590
19677
"There are a few differences between the <emphasis>Ubuntu Server "
17591
19678
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
17595
19682
"Desktop Edition as it is on the Server Edition."
17596
19683
msgstr ""
17597
19684
17598
#: serverguide/C/installation.xml:69(para)
19685
#: serverguide/C/installation.xml:75(para)
17599
19686
msgid ""
17600
19687
"The differences between the two editions are the lack of an X window "
17601
19688
"environment in the Server Edition, the installation process, and different "
17602
19689
"Kernel options."
17603
19690
msgstr ""
17604
19691
17605
#: serverguide/C/installation.xml:76(title)
19692
#: serverguide/C/installation.xml:82(title)
17606
19693
msgid "Kernel Differences:"
17607
19694
msgstr ""
17608
19695
17609
#: serverguide/C/installation.xml:79(para)
19696
#: serverguide/C/installation.xml:85(para)
17610
19697
msgid ""
17611
19698
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
17612
19699
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
17613
19700
"Edition."
17614
19701
msgstr ""
17615
19702
17616
#: serverguide/C/installation.xml:85(para)
19703
#: serverguide/C/installation.xml:91(para)
17617
19704
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
17618
19705
msgstr ""
17619
19706
17620
#: serverguide/C/installation.xml:90(para)
19707
#: serverguide/C/installation.xml:96(para)
17621
19708
msgid ""
17622
19709
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
17623
19710
"Desktop Edition."
17624
19711
msgstr ""
17625
19712
17626
#: serverguide/C/installation.xml:96(para)
19713
#: serverguide/C/installation.xml:102(para)
17627
19714
msgid ""
17628
19715
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
17629
19716
"limited by memory addressing space."
17630
19717
msgstr ""
17631
19718
17632
#: serverguide/C/installation.xml:101(para)
19719
#: serverguide/C/installation.xml:107(para)
17633
19720
msgid ""
17634
19721
"To see all kernel configuration options you can look through "
17635
19722
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
17637
19724
"great resource on the options available."
17638
19725
msgstr ""
17639
19726
17640
#: serverguide/C/installation.xml:110(title)
19727
#: serverguide/C/installation.xml:116(title)
17641
19728
msgid "Backing Up"
17642
19729
msgstr ""
17643
19730
17644
#: serverguide/C/installation.xml:113(para)
19731
#: serverguide/C/installation.xml:119(para)
17645
19732
msgid ""
17646
19733
"Before installing <application>Ubuntu Server Edition</application> you "
17647
19734
"should make sure all data on the system is backed up. See <xref "
17648
19735
"linkend=\"backups\"/> for backup options."
17649
19736
msgstr ""
17650
19737
17651
#: serverguide/C/installation.xml:117(para)
19738
#: serverguide/C/installation.xml:123(para)
17652
19739
msgid ""
17653
19740
"If this is not the first time an operating system has been installed on your "
17654
19741
"computer, it is likely you will need to re-partition your disk to make room "
17655
19742
"for Ubuntu."
17656
19743
msgstr ""
17657
19744
17658
#: serverguide/C/installation.xml:121(para)
19745
#: serverguide/C/installation.xml:127(para)
17659
19746
msgid ""
17660
19747
"Any time you partition your disk, you should be prepared to lose everything "
17661
19748
"on the disk should you make a mistake or something goes wrong during "
17663
19750
"have seen years of use, but they also perform destructive actions."
17664
19751
msgstr ""
17665
19752
17666
#: serverguide/C/installation.xml:133(title)
19753
#: serverguide/C/installation.xml:139(title)
17667
19754
msgid "Installing from CD"
17668
19755
msgstr ""
17669
19756
17670
#: serverguide/C/installation.xml:134(para)
19757
#: serverguide/C/installation.xml:140(para)
17671
19758
msgid ""
17672
19759
"The basic steps to install Ubuntu Server Edition from CD are the same for "
17673
19760
"installing any operating system from CD. Unlike the <emphasis>Desktop "
17676
19763
"menu based process."
17677
19764
msgstr ""
17678
19765
17679
#: serverguide/C/installation.xml:141(para)
19766
#: serverguide/C/installation.xml:147(para)
17680
19767
msgid ""
17681
19768
"First, download and burn the appropriate ISO file from the <ulink "
17682
19769
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
17683
19770
msgstr ""
17684
19771
17685
#: serverguide/C/installation.xml:147(para)
19772
#: serverguide/C/installation.xml:153(para)
17686
19773
msgid "Boot the system from the CD-ROM drive."
17687
19774
msgstr ""
17688
19775
17689
#: serverguide/C/installation.xml:152(para)
19776
#: serverguide/C/installation.xml:158(para)
17690
19777
msgid ""
17691
19778
"At the boot prompt you will be asked to select the language. Afterwards the "
17692
19779
"installation process begins by asking for your keyboard layout."
17693
19780
msgstr ""
17694
19781
17695
#: serverguide/C/installation.xml:158(para)
19782
#: serverguide/C/installation.xml:164(para)
19783
msgid ""
19784
"From the main boot menu there are some additional options to install Ubuntu "
19785
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19786
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19787
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19788
"will cover the basic Ubuntu Server install."
19789
msgstr ""
19790
19791
#: serverguide/C/installation.xml:172(para)
17696
19792
msgid ""
17697
19793
"The installer then discovers your hardware configuration, and configures the "
17698
19794
"network settings using DHCP. If you do not wish to use DHCP at the next "
17700
19796
"network manually\"."
17701
19797
msgstr ""
17702
19798
17703
#: serverguide/C/installation.xml:165(para)
19799
#: serverguide/C/installation.xml:179(para)
17704
19800
msgid "Next, the installer asks for the system's hostname and Time Zone."
17705
19801
msgstr ""
17706
19802
17707
#: serverguide/C/installation.xml:170(para)
19803
#: serverguide/C/installation.xml:184(para)
17708
19804
msgid ""
17709
19805
"You can then choose from several options to configure the hard drive layout. "
17710
19806
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
17711
19807
msgstr ""
17712
19808
17713
#: serverguide/C/installation.xml:176(para)
19809
#: serverguide/C/installation.xml:190(para)
17714
19810
msgid "The Ubuntu base system is then installed."
17715
19811
msgstr ""
17716
19812
17717
#: serverguide/C/installation.xml:181(para)
19813
#: serverguide/C/installation.xml:195(para)
17718
19814
msgid ""
17719
19815
"A new user is setup, this user will have <emphasis>root</emphasis> access "
17720
19816
"through the <application>sudo</application> utility."
17721
19817
msgstr ""
17722
19818
17723
#: serverguide/C/installation.xml:187(para)
19819
#: serverguide/C/installation.xml:201(para)
17724
19820
msgid ""
17725
19821
"After the user is setup, you will be asked to encrypt your <filename "
17726
19822
"role=\"directory\">home</filename> directory."
17727
19823
msgstr ""
17728
19824
17729
#: serverguide/C/installation.xml:193(para)
19825
#: serverguide/C/installation.xml:207(para)
17730
19826
msgid ""
17731
19827
"The next step in the installation process is to decide how you want to "
17732
19828
"update the system. There are three options:"
17733
19829
msgstr ""
17734
19830
17735
#: serverguide/C/installation.xml:199(para)
19831
#: serverguide/C/installation.xml:213(para)
17736
19832
msgid ""
17737
19833
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
17738
19834
"log into the machine and manually install updates."
17739
19835
msgstr ""
17740
19836
17741
#: serverguide/C/installation.xml:205(para)
19837
#: serverguide/C/installation.xml:219(para)
17742
19838
msgid ""
17743
19839
"<emphasis>Install security updates Automatically</emphasis>: will install "
17744
19840
"the <application>unattended-upgrades</application> package, which will "
17746
19842
"more details see <xref linkend=\"automatic-updates\"/>."
17747
19843
msgstr ""
17748
19844
17749
#: serverguide/C/installation.xml:212(para)
19845
#: serverguide/C/installation.xml:226(para)
17750
19846
msgid ""
17751
19847
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
17752
19848
"service provided by Canonical to help manage your Ubuntu machines. See the "
17754
19850
"site for details."
17755
19851
msgstr ""
17756
19852
17757
#: serverguide/C/installation.xml:221(para)
19853
#: serverguide/C/installation.xml:235(para)
17758
19854
msgid ""
17759
19855
"You now have the option to install, or not install, several package tasks. "
17760
19856
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
17762
19858
"install. For more information see <xref linkend=\"aptitude\"/>."
17763
19859
msgstr ""
17764
19860
17765
#: serverguide/C/installation.xml:229(para)
19861
#: serverguide/C/installation.xml:243(para)
17766
19862
msgid "Finally, the last step before rebooting is to set the clock to UTC."
17767
19863
msgstr ""
17768
19864
17769
#: serverguide/C/installation.xml:235(para)
19865
#: serverguide/C/installation.xml:249(para)
17770
19866
msgid ""
17771
19867
"If at any point during installation you are not satisfied by the default "
17772
19868
"setting, use the \"Go Back\" function at any prompt to be brought to a "
17774
19870
"settings."
17775
19871
msgstr ""
17776
19872
17777
#: serverguide/C/installation.xml:240(para)
19873
#: serverguide/C/installation.xml:254(para)
17778
19874
msgid ""
17779
19875
"At some point during the installation process you may want to read the help "
17780
19876
"screen provided by the installation system. To do this, press F1."
17781
19877
msgstr ""
17782
19878
17783
#: serverguide/C/installation.xml:245(para)
19879
#: serverguide/C/installation.xml:259(para)
17784
19880
msgid ""
17785
19881
"Once again, for detailed instructions see the <ulink "
17786
"url=\"https://help.ubuntu.com/9.10/installation-guide/\"> Ubuntu "
19882
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
17787
19883
"Installation Guide</ulink>."
17788
19884
msgstr ""
17789
19885
17790
#: serverguide/C/installation.xml:251(title)
19886
#: serverguide/C/installation.xml:265(title)
17791
19887
msgid "Package Tasks"
17792
19888
msgstr ""
17793
19889
17794
#: serverguide/C/installation.xml:252(para)
19890
#: serverguide/C/installation.xml:266(para)
17795
19891
msgid ""
17796
19892
"During the Server Edition installation you have the option of installing "
17797
19893
"additional packages from the CD. The packages are grouped by the type of "
17798
19894
"service they provide."
17799
19895
msgstr ""
17800
19896
17801
#: serverguide/C/installation.xml:258(para)
19897
#: serverguide/C/installation.xml:272(para)
19898
msgid "Cloud computing: Walrus storage service"
19899
msgstr ""
19900
19901
#: serverguide/C/installation.xml:277(para)
19902
msgid "Cloud computing: all-in-one cluster"
19903
msgstr ""
19904
19905
#: serverguide/C/installation.xml:282(para)
19906
msgid "Cloud computing: Cluster controller"
19907
msgstr ""
19908
19909
#: serverguide/C/installation.xml:287(para)
19910
msgid "Cloud computing: Node controller"
19911
msgstr ""
19912
19913
#: serverguide/C/installation.xml:292(para)
19914
msgid "Cloud computing: Storage controller"
19915
msgstr ""
19916
19917
#: serverguide/C/installation.xml:297(para)
19918
msgid "Cloud computing: top-level cloud controller"
19919
msgstr ""
19920
19921
#: serverguide/C/installation.xml:302(para)
17802
19922
msgid "DNS server: Selects the BIND DNS server and its documentation."
17803
19923
msgstr ""
17804
19924
17805
#: serverguide/C/installation.xml:263(para)
19925
#: serverguide/C/installation.xml:307(para)
17806
19926
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
17807
19927
msgstr ""
17808
19928
17809
#: serverguide/C/installation.xml:268(para)
19929
#: serverguide/C/installation.xml:312(para)
17810
19930
msgid ""
17811
19931
"Mail server: This task selects a variety of package useful for a general "
17812
19932
"purpose mail server system."
17813
19933
msgstr ""
17814
19934
17815
#: serverguide/C/installation.xml:273(para)
19935
#: serverguide/C/installation.xml:317(para)
17816
19936
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
17817
19937
msgstr ""
17818
19938
17819
#: serverguide/C/installation.xml:278(para)
19939
#: serverguide/C/installation.xml:322(para)
17820
19940
msgid ""
17821
19941
"PostgreSQL database: This task selects client and server packages for the "
17822
19942
"PostgreSQL database."
17823
19943
msgstr ""
17824
19944
17825
#: serverguide/C/installation.xml:283(para)
19945
#: serverguide/C/installation.xml:327(para)
17826
19946
msgid "Print server: This task sets up your system to be a print server."
17827
19947
msgstr ""
17828
19948
17829
#: serverguide/C/installation.xml:288(para)
19949
#: serverguide/C/installation.xml:332(para)
17830
19950
msgid ""
17831
19951
"Samba File server: This task sets up your system to be a Samba file server, "
17832
19952
"which is especially suitable in networks with both Windows and Linux systems."
17833
19953
msgstr ""
17834
19954
17835
#: serverguide/C/installation.xml:294(para)
19955
#: serverguide/C/installation.xml:338(para)
17836
19956
msgid ""
17837
19957
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
17838
19958
"etc."
17839
19959
msgstr ""
17840
19960
17841
#: serverguide/C/installation.xml:299(para)
19961
#: serverguide/C/installation.xml:343(para)
17842
19962
msgid ""
17843
19963
"Virtual machine host: Includes packages needed to run KVM virtual machines."
17844
19964
msgstr ""
17845
19965
17846
#: serverguide/C/installation.xml:304(para)
19966
#: serverguide/C/installation.xml:348(para)
19967
msgid ""
19968
"Manually select packages: Executes <application>apptitude</application> "
19969
"allowing you to individually select packages."
19970
msgstr ""
19971
19972
#: serverguide/C/installation.xml:353(para)
17847
19973
msgid ""
17848
19974
"Installing the package groups is accomplished using the "
17849
19975
"<application>tasksel</application> utility. One of the important difference "
17854
19980
"a fully integrated service."
17855
19981
msgstr ""
17856
19982
17857
#: serverguide/C/installation.xml:311(para)
19983
#: serverguide/C/installation.xml:360(para)
19984
msgid ""
19985
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19986
"<xref linkend=\"uec\"/>."
19987
msgstr ""
19988
19989
#: serverguide/C/installation.xml:363(para)
17858
19990
msgid ""
17859
19991
"Once the installation process has finished you can view a list of available "
17860
19992
"tasks by entering the following from a terminal prompt:"
17861
19993
msgstr ""
17862
19994
17863
#: serverguide/C/installation.xml:316(command)
19995
#: serverguide/C/installation.xml:368(command)
17864
19996
msgid "tasksel --list-tasks"
17865
19997
msgstr ""
17866
19998
17867
#: serverguide/C/installation.xml:319(para)
19999
#: serverguide/C/installation.xml:371(para)
17868
20000
msgid ""
17869
20001
"The output will list tasks from other Ubuntu based distributions such as "
17870
20002
"Kubuntu and Edubuntu. Note that you can also invoke the "
17872
20004
"the different tasks available."
17873
20005
msgstr ""
17874
20006
17875
#: serverguide/C/installation.xml:325(para)
20007
#: serverguide/C/installation.xml:377(para)
17876
20008
msgid ""
17877
20009
"You can view a list of which packages are installed with each task using the "
17878
20010
"<emphasis>--task-packages</emphasis> option. For example, to list the "
17880
20012
"following:"
17881
20013
msgstr ""
17882
20014
17883
#: serverguide/C/installation.xml:330(command)
20015
#: serverguide/C/installation.xml:382(command)
17884
20016
msgid "tasksel --task-packages dns-server"
17885
20017
msgstr ""
17886
20018
17887
#: serverguide/C/installation.xml:332(para)
20019
#: serverguide/C/installation.xml:384(para)
17888
20020
msgid "The output of the command should list:"
17889
20021
msgstr ""
17890
20022
17891
#: serverguide/C/installation.xml:335(programlisting)
20023
#: serverguide/C/installation.xml:387(programlisting)
17892
20024
#, no-wrap
17893
20025
msgid ""
17894
20026
"\n"
17897
20029
"bind9\n"
17898
20030
msgstr ""
17899
20031
17900
#: serverguide/C/installation.xml:340(para)
20032
#: serverguide/C/installation.xml:392(para)
17901
20033
msgid ""
17902
20034
"Also, if you did not install one of the tasks during the installation "
17903
20035
"process, but for example you decide to make your new LAMP server a DNS "
17904
20036
"server as well. Simply insert the installation CD and from a terminal:"
17905
20037
msgstr ""
17906
20038
17907
#: serverguide/C/installation.xml:345(command)
20039
#: serverguide/C/installation.xml:397(command)
17908
20040
msgid "sudo tasksel install dns-server"
17909
20041
msgstr ""
17910
20042
17911
#: serverguide/C/installation.xml:350(title)
20043
#: serverguide/C/installation.xml:402(title)
17912
20044
msgid "Upgrading"
17913
20045
msgstr ""
17914
20046
17915
#: serverguide/C/installation.xml:351(para)
20047
#: serverguide/C/installation.xml:403(para)
17916
20048
msgid ""
17917
20049
"There are several ways to upgrade from one Ubuntu release to another. This "
17918
20050
"section gives an overview of the recommended upgrade method."
17919
20051
msgstr ""
17920
20052
17921
#: serverguide/C/installation.xml:355(title) serverguide/C/installation.xml:370(command)
20053
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
17922
20054
msgid "do-release-upgrade"
17923
20055
msgstr ""
17924
20056
17925
#: serverguide/C/installation.xml:356(para)
20057
#: serverguide/C/installation.xml:408(para)
17926
20058
msgid ""
17927
20059
"The recommended way to upgrade a Server Edition installation is to use the "
17928
20060
"<application>do-release-upgrade</application> utility. Part of the "
17930
20062
"graphical dependencies and is installed by default."
17931
20063
msgstr ""
17932
20064
17933
#: serverguide/C/installation.xml:361(para)
20065
#: serverguide/C/installation.xml:413(para)
17934
20066
msgid ""
17935
20067
"Debian based systems can also be upgraded by using <command>apt-get dist-"
17936
20068
"upgrade</command>. However, using <application>do-release-"
17938
20070
"system configuration changes sometimes needed between releases."
17939
20071
msgstr ""
17940
20072
17941
#: serverguide/C/installation.xml:366(para)
20073
#: serverguide/C/installation.xml:418(para)
17942
20074
msgid "To upgrade to a newer release, from a terminal prompt enter:"
17943
20075
msgstr ""
17944
20076
17945
#: serverguide/C/installation.xml:372(para)
20077
#: serverguide/C/installation.xml:424(para)
17946
20078
msgid ""
17947
20079
"It is also possible to use <application>do-release-upgrade</application> to "
17948
20080
"upgrade to a development version of Ubuntu. To accomplish this use the "
17949
20081
"<emphasis>-d</emphasis> switch:"
17950
20082
msgstr ""
17951
20083
17952
#: serverguide/C/installation.xml:377(command)
20084
#: serverguide/C/installation.xml:429(command)
17953
20085
msgid "do-release-upgrade -d"
17954
20086
msgstr ""
17955
20087
17956
#: serverguide/C/installation.xml:380(para)
20088
#: serverguide/C/installation.xml:432(para)
17957
20089
msgid ""
17958
20090
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
17959
20091
"for production environments."
17960
20092
msgstr ""
17961
20093
17962
#: serverguide/C/installation.xml:387(title)
20094
#: serverguide/C/installation.xml:439(title)
17963
20095
msgid "Advanced Installation"
17964
20096
msgstr ""
17965
20097
17966
#: serverguide/C/installation.xml:390(title)
20098
#: serverguide/C/installation.xml:442(title)
17967
20099
msgid "Software RAID"
17968
20100
msgstr ""
17969
20101
17970
#: serverguide/C/installation.xml:392(para)
20102
#: serverguide/C/installation.xml:444(para)
17971
20103
msgid ""
17972
20104
"RAID is a method of configuring multiple hard drives to act as one, reducing "
17973
20105
"the probability of catastrophic data loss in case of drive failure. RAID is "
17977
20109
"drives 'invisibly')."
17978
20110
msgstr ""
17979
20111
17980
#: serverguide/C/installation.xml:399(para)
20112
#: serverguide/C/installation.xml:451(para)
17981
20113
msgid ""
17982
20114
"The RAID software included with current versions of Linux (and Ubuntu) is "
17983
20115
"based on the <application>'mdadm'</application> driver and works very well, "
17987
20119
"another for <emphasis>swap</emphasis>."
17988
20120
msgstr ""
17989
20121
17990
#: serverguide/C/installation.xml:409(para) serverguide/C/installation.xml:926(para)
20122
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
17991
20123
msgid ""
17992
20124
"Follow the installation steps until you get to the <emphasis>Partition "
17993
20125
"disks</emphasis> step, then:"
17994
20126
msgstr ""
17995
20127
17996
#: serverguide/C/installation.xml:416(para)
20128
#: serverguide/C/installation.xml:468(para)
17997
20129
msgid "Select <emphasis>Manual</emphasis> as the partition method."
17998
20130
msgstr ""
17999
20131
18000
#: serverguide/C/installation.xml:423(para)
20132
#: serverguide/C/installation.xml:475(para)
18001
20133
msgid ""
18002
20134
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
18003
20135
"partition table on this device?\"</emphasis>."
18004
20136
msgstr ""
18005
20137
18006
#: serverguide/C/installation.xml:427(para)
20138
#: serverguide/C/installation.xml:479(para)
18007
20139
msgid ""
18008
20140
"Repeat this step for each drive you wish to be part of the RAID array."
18009
20141
msgstr ""
18010
20142
18011
#: serverguide/C/installation.xml:434(para)
20143
#: serverguide/C/installation.xml:486(para)
18012
20144
msgid ""
18013
20145
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
18014
20146
"select <emphasis>\"Create a new partition\"</emphasis>."
18015
20147
msgstr ""
18016
20148
18017
#: serverguide/C/installation.xml:441(para)
20149
#: serverguide/C/installation.xml:493(para)
18018
20150
msgid ""
18019
20151
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
18020
20152
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
18022
20154
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18023
20155
msgstr ""
18024
20156
18025
#: serverguide/C/installation.xml:450(para)
20157
#: serverguide/C/installation.xml:502(para)
18026
20158
msgid ""
18027
20159
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18028
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
20160
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
18029
20161
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18030
20162
"<emphasis>\"Done setting up partition\"</emphasis>."
18031
20163
msgstr ""
18032
20164
18033
#: serverguide/C/installation.xml:459(para)
20165
#: serverguide/C/installation.xml:511(para)
18034
20166
msgid ""
18035
20167
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18036
20168
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18037
20169
"partition\"</emphasis>."
18038
20170
msgstr ""
18039
20171
18040
#: serverguide/C/installation.xml:467(para)
20172
#: serverguide/C/installation.xml:519(para)
18041
20173
msgid ""
18042
20174
"Use the rest of the free space on the drive and choose "
18043
20175
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18044
20176
msgstr ""
18045
20177
18046
#: serverguide/C/installation.xml:474(para)
20178
#: serverguide/C/installation.xml:526(para)
18047
20179
msgid ""
18048
20180
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18049
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18050
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
20181
"at the top, changing it to <emphasis>\"physical volume for "
20182
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20183
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20184
"<emphasis>\"Done setting up partition\"</emphasis>."
18051
20185
msgstr ""
18052
20186
18053
#: serverguide/C/installation.xml:482(para)
20187
#: serverguide/C/installation.xml:536(para)
18054
20188
msgid "Repeat steps three through eight for the other disk and partitions."
18055
20189
msgstr ""
18056
20190
18057
#: serverguide/C/installation.xml:491(title)
20191
#: serverguide/C/installation.xml:545(title)
18058
20192
msgid "RAID Configuration"
18059
20193
msgstr ""
18060
20194
18061
#: serverguide/C/installation.xml:493(para)
20195
#: serverguide/C/installation.xml:547(para)
18062
20196
msgid "With the partitions setup the arrays are ready to be configured:"
18063
20197
msgstr ""
18064
20198
18065
#: serverguide/C/installation.xml:500(para)
20199
#: serverguide/C/installation.xml:554(para)
18066
20200
msgid ""
18067
20201
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18068
20202
"Software RAID\"</emphasis> at the top."
18069
20203
msgstr ""
18070
20204
18071
#: serverguide/C/installation.xml:507(para)
20205
#: serverguide/C/installation.xml:561(para)
18072
20206
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18073
20207
msgstr ""
18074
20208
18075
#: serverguide/C/installation.xml:514(para)
18076
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
20209
#: serverguide/C/installation.xml:568(para)
20210
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
18077
20211
msgstr ""
18078
20212
18079
#: serverguide/C/installation.xml:521(para)
20213
#: serverguide/C/installation.xml:575(para)
18080
20214
msgid ""
18081
20215
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18082
20216
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18083
20217
msgstr ""
18084
20218
18085
#: serverguide/C/installation.xml:527(para)
20219
#: serverguide/C/installation.xml:581(para)
18086
20220
msgid ""
18087
20221
"In order to use <emphasis>RAID5</emphasis> you need at least "
18088
20222
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18089
20223
"<emphasis>two</emphasis> drives are required."
18090
20224
msgstr ""
18091
20225
18092
#: serverguide/C/installation.xml:536(para)
20226
#: serverguide/C/installation.xml:590(para)
18093
20227
msgid ""
18094
20228
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18095
20229
"of hard drives you have, for the array. Then select "
18096
20230
"<emphasis>\"Continue\"</emphasis>."
18097
20231
msgstr ""
18098
20232
18099
#: serverguide/C/installation.xml:544(para)
20233
#: serverguide/C/installation.xml:598(para)
18100
20234
msgid ""
18101
20235
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18102
20236
"default, then choose <emphasis>\"Continue\"</emphasis>."
18103
20237
msgstr ""
18104
20238
18105
#: serverguide/C/installation.xml:551(para)
20239
#: serverguide/C/installation.xml:605(para)
18106
20240
msgid ""
18107
20241
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18108
20242
"etc. The numbers will usually match and the different letters correspond to "
18109
20243
"different hard drives."
18110
20244
msgstr ""
18111
20245
18112
#: serverguide/C/installation.xml:556(para)
20246
#: serverguide/C/installation.xml:610(para)
18113
20247
msgid ""
18114
20248
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18115
20249
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18116
20250
"go to the next step."
18117
20251
msgstr ""
18118
20252
18119
#: serverguide/C/installation.xml:564(para)
20253
#: serverguide/C/installation.xml:618(para)
18120
20254
msgid ""
18121
20255
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18122
20256
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18123
20257
"and <emphasis>sdb2</emphasis>."
18124
20258
msgstr ""
18125
20259
18126
#: serverguide/C/installation.xml:572(para)
20260
#: serverguide/C/installation.xml:626(para)
18127
20261
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18128
20262
msgstr ""
18129
20263
18130
#: serverguide/C/installation.xml:582(title)
20264
#: serverguide/C/installation.xml:636(title)
18131
20265
msgid "Formatting"
18132
20266
msgstr ""
18133
20267
18134
#: serverguide/C/installation.xml:584(para)
20268
#: serverguide/C/installation.xml:638(para)
18135
20269
msgid ""
18136
20270
"There should now be a list of hard drives and RAID devices. The next step is "
18137
20271
"to format and set the mount point for the RAID devices. Treat the RAID "
18138
20272
"device as a local hard drive, format and mount accordingly."
18139
20273
msgstr ""
18140
20274
18141
#: serverguide/C/installation.xml:592(para)
18142
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
20275
#: serverguide/C/installation.xml:646(para)
20276
msgid ""
20277
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20278
"#0\"</emphasis> partition."
18143
20279
msgstr ""
18144
20280
18145
#: serverguide/C/installation.xml:599(para)
20281
#: serverguide/C/installation.xml:653(para)
18146
20282
msgid ""
18147
20283
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18148
20284
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18149
20285
msgstr ""
18150
20286
18151
#: serverguide/C/installation.xml:607(para)
18152
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
20287
#: serverguide/C/installation.xml:661(para)
20288
msgid ""
20289
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20290
"#1\"</emphasis> partition."
18153
20291
msgstr ""
18154
20292
18155
#: serverguide/C/installation.xml:614(para)
20293
#: serverguide/C/installation.xml:668(para)
18156
20294
msgid ""
18157
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
20295
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
18158
20296
"journaling file system\"</emphasis>."
18159
20297
msgstr ""
18160
20298
18161
#: serverguide/C/installation.xml:621(para)
20299
#: serverguide/C/installation.xml:675(para)
18162
20300
msgid ""
18163
20301
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18164
20302
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
18166
20304
"partition\"</emphasis>."
18167
20305
msgstr ""
18168
20306
18169
#: serverguide/C/installation.xml:629(para)
20307
#: serverguide/C/installation.xml:683(para)
18170
20308
msgid ""
18171
20309
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18172
20310
"disk\"</emphasis>."
18173
20311
msgstr ""
18174
20312
18175
#: serverguide/C/installation.xml:636(para)
20313
#: serverguide/C/installation.xml:690(para)
18176
20314
msgid ""
18177
20315
"If you choose to place the root partition on a RAID array, the installer "
18178
20316
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
18179
20317
"state. See <xref linkend=\"raid-degraded\"/> for further details."
18180
20318
msgstr ""
18181
20319
18182
#: serverguide/C/installation.xml:641(para)
20320
#: serverguide/C/installation.xml:695(para)
18183
20321
msgid "The installation process will then continue normally."
18184
20322
msgstr ""
18185
20323
18186
#: serverguide/C/installation.xml:647(title)
20324
#: serverguide/C/installation.xml:701(title)
18187
20325
msgid "Degraded RAID"
18188
20326
msgstr ""
18189
20327
18190
#: serverguide/C/installation.xml:649(para)
20328
#: serverguide/C/installation.xml:703(para)
18191
20329
msgid ""
18192
20330
"At some point in the life of the computer a disk failure event may occur. "
18193
20331
"When this happens, using Software RAID, the operating system will place the "
18194
20332
"array into what is known as a <emphasis>degraded</emphasis> state."
18195
20333
msgstr ""
18196
20334
18197
#: serverguide/C/installation.xml:654(para)
20335
#: serverguide/C/installation.xml:708(para)
18198
20336
msgid ""
18199
20337
"If the array has become degraded, due to the chance of data corruption, by "
18200
20338
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
18205
20343
"Booting to a degraded array can be configured several ways:"
18206
20344
msgstr ""
18207
20345
18208
#: serverguide/C/installation.xml:665(para)
20346
#: serverguide/C/installation.xml:719(para)
18209
20347
msgid ""
18210
20348
"The <application>dpkg-reconfigure</application> utility can be used to "
18211
20349
"configure the default behavior, and during the process you will be queried "
18214
20352
"following:"
18215
20353
msgstr ""
18216
20354
18217
#: serverguide/C/installation.xml:672(command)
20355
#: serverguide/C/installation.xml:726(command)
18218
20356
msgid "sudo dpkg-reconfigure mdadm"
18219
20357
msgstr ""
18220
20358
18221
#: serverguide/C/installation.xml:678(para)
20359
#: serverguide/C/installation.xml:732(para)
18222
20360
msgid ""
18223
20361
"The <command>dpkg-reconfigure mdadm</command> process will change the "
18224
20362
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
18226
20364
"behavior, and can also be manually edited:"
18227
20365
msgstr ""
18228
20366
18229
#: serverguide/C/installation.xml:684(programlisting)
20367
#: serverguide/C/installation.xml:738(programlisting)
18230
20368
#, no-wrap
18231
20369
msgid ""
18232
20370
"\n"
18233
20371
"BOOT_DEGRADED=true\n"
18234
20372
msgstr ""
18235
20373
18236
#: serverguide/C/installation.xml:689(para)
20374
#: serverguide/C/installation.xml:743(para)
18237
20375
msgid "The configuration file can be overridden by using a Kernel argument."
18238
20376
msgstr ""
18239
20377
18240
#: serverguide/C/installation.xml:697(para)
20378
#: serverguide/C/installation.xml:751(para)
18241
20379
msgid ""
18242
20380
"Using a Kernel argument will allow the system to boot to a degraded array as "
18243
20381
"well:"
18244
20382
msgstr ""
18245
20383
18246
#: serverguide/C/installation.xml:703(para)
20384
#: serverguide/C/installation.xml:757(para)
18247
20385
msgid ""
18248
"When the server is booting press <emphasis>ESC</emphasis> to open the "
20386
"When the server is booting press <keycap>Shift</keycap> to open the "
18249
20387
"<application>Grub</application> menu."
18250
20388
msgstr ""
18251
20389
18252
#: serverguide/C/installation.xml:708(para)
18253
msgid "Press <emphasis>\"e\"</emphasis> to edit your Kernel command options."
18254
msgstr ""
18255
18256
#: serverguide/C/installation.xml:713(para)
18257
msgid ""
18258
"Press the <emphasis>DOWN</emphasis> arrow to highlight the kernel line."
18259
msgstr ""
18260
18261
#: serverguide/C/installation.xml:718(para)
18262
msgid ""
18263
"Press the <emphasis>\"e\"</emphasis> key again to edit the kernel line."
18264
msgstr ""
18265
18266
#: serverguide/C/installation.xml:723(para)
20390
#: serverguide/C/installation.xml:762(para)
20391
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20392
msgstr ""
20393
20394
#: serverguide/C/installation.xml:767(para)
20395
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20396
msgstr ""
20397
20398
#: serverguide/C/installation.xml:772(para)
18267
20399
msgid ""
18268
20400
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
18269
20401
"end of the line."
18270
20402
msgstr ""
18271
20403
18272
#: serverguide/C/installation.xml:728(para)
18273
msgid "Press <emphasis>\"ENTER\"</emphasis>."
18274
msgstr ""
18275
18276
#: serverguide/C/installation.xml:733(para)
18277
msgid "Finally, press <emphasis>\"b\"</emphasis> to boot the system."
18278
msgstr ""
18279
18280
#: serverguide/C/installation.xml:742(para)
20404
#: serverguide/C/installation.xml:777(para)
20405
msgid ""
20406
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20407
"the system."
20408
msgstr ""
20409
20410
#: serverguide/C/installation.xml:786(para)
18281
20411
msgid ""
18282
20412
"Once the system has booted you can either repair the array see <xref "
18283
20413
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
18284
20414
"another machine due to major hardware failure."
18285
20415
msgstr ""
18286
20416
18287
#: serverguide/C/installation.xml:749(title)
20417
#: serverguide/C/installation.xml:793(title)
18288
20418
msgid "RAID Maintenance"
18289
20419
msgstr ""
18290
20420
18291
#: serverguide/C/installation.xml:751(para)
20421
#: serverguide/C/installation.xml:795(para)
18292
20422
msgid ""
18293
20423
"The <application>mdadm</application> utility can be used to view the status "
18294
20424
"of an array, add disks to an array, remove disks, etc:"
18295
20425
msgstr ""
18296
20426
18297
#: serverguide/C/installation.xml:758(para)
20427
#: serverguide/C/installation.xml:802(para)
18298
20428
msgid "To view the status of an array, from a terminal prompt enter:"
18299
20429
msgstr ""
18300
20430
18301
#: serverguide/C/installation.xml:762(command)
20431
#: serverguide/C/installation.xml:806(command)
18302
20432
msgid "sudo mdadm -D /dev/md0"
18303
20433
msgstr ""
18304
20434
18305
#: serverguide/C/installation.xml:765(para)
20435
#: serverguide/C/installation.xml:809(para)
18306
20436
msgid ""
18307
20437
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
18308
20438
"display <emphasis>detailed</emphasis> information about the "
18310
20440
"with the appropriate RAID device."
18311
20441
msgstr ""
18312
20442
18313
#: serverguide/C/installation.xml:771(para)
20443
#: serverguide/C/installation.xml:815(para)
18314
20444
msgid "To view the status of a disk in an array:"
18315
20445
msgstr ""
18316
20446
18317
#: serverguide/C/installation.xml:775(command)
20447
#: serverguide/C/installation.xml:819(command)
18318
20448
msgid "sudo mdadm -E /dev/sda1"
18319
20449
msgstr ""
18320
20450
18321
#: serverguide/C/installation.xml:777(para)
20451
#: serverguide/C/installation.xml:821(para)
18322
20452
msgid ""
18323
20453
"The output if very similar to the <command>mdadm -D</command> command, "
18324
20454
"adjust <filename>/dev/sda1</filename> for each disk."
18325
20455
msgstr ""
18326
20456
18327
#: serverguide/C/installation.xml:782(para)
20457
#: serverguide/C/installation.xml:826(para)
18328
20458
msgid "If a disk fails and needs to be removed from an array enter:"
18329
20459
msgstr ""
18330
20460
18331
#: serverguide/C/installation.xml:786(command)
20461
#: serverguide/C/installation.xml:830(command)
18332
20462
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
18333
20463
msgstr ""
18334
20464
18335
#: serverguide/C/installation.xml:788(para)
20465
#: serverguide/C/installation.xml:832(para)
18336
20466
msgid ""
18337
20467
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
18338
20468
"the appropriate RAID device and disk."
18339
20469
msgstr ""
18340
20470
18341
#: serverguide/C/installation.xml:793(para)
20471
#: serverguide/C/installation.xml:837(para)
18342
20472
msgid "Similarly, to add a new disk:"
18343
20473
msgstr ""
18344
20474
18345
#: serverguide/C/installation.xml:797(command)
20475
#: serverguide/C/installation.xml:841(command)
18346
20476
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
18347
20477
msgstr ""
18348
20478
18349
#: serverguide/C/installation.xml:802(para)
20479
#: serverguide/C/installation.xml:846(para)
18350
20480
msgid ""
18351
20481
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
18352
20482
"though there is nothing physically wrong with the drive. It is usually "
18355
20485
"the array, it is a good indication of hardware failure."
18356
20486
msgstr ""
18357
20487
18358
#: serverguide/C/installation.xml:808(para)
20488
#: serverguide/C/installation.xml:852(para)
18359
20489
msgid ""
18360
20490
"The <filename>/proc/mdstat</filename> file also contains useful information "
18361
20491
"about the system's RAID devices:"
18362
20492
msgstr ""
18363
20493
18364
#: serverguide/C/installation.xml:813(command)
20494
#: serverguide/C/installation.xml:857(command)
18365
20495
msgid "cat /proc/mdstat"
18366
20496
msgstr ""
18367
20497
18368
#: serverguide/C/installation.xml:814(computeroutput)
20498
#: serverguide/C/installation.xml:858(computeroutput)
18369
20499
#, no-wrap
18370
20500
msgid ""
18371
20501
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
18376
20506
"unused devices: <none>"
18377
20507
msgstr ""
18378
20508
18379
#: serverguide/C/installation.xml:821(para)
20509
#: serverguide/C/installation.xml:865(para)
18380
20510
msgid ""
18381
20511
"The following command is great for watching the status of a syncing drive:"
18382
20512
msgstr ""
18383
20513
18384
#: serverguide/C/installation.xml:826(command)
20514
#: serverguide/C/installation.xml:870(command)
18385
20515
msgid "watch -n1 cat /proc/mdstat"
18386
20516
msgstr ""
18387
20517
18388
#: serverguide/C/installation.xml:829(para)
20518
#: serverguide/C/installation.xml:873(para)
18389
20519
msgid ""
18390
20520
"Press <emphasis>Ctrl+c</emphasis> to stop the "
18391
20521
"<application>watch</application> command."
18392
20522
msgstr ""
18393
20523
18394
#: serverguide/C/installation.xml:833(para)
20524
#: serverguide/C/installation.xml:877(para)
18395
20525
msgid ""
18396
20526
"If you do need to replace a faulty drive, after the drive has been replaced "
18397
20527
"and synced, <application>grub</application> will need to be installed. To "
18399
20529
"following:"
18400
20530
msgstr ""
18401
20531
18402
#: serverguide/C/installation.xml:839(command)
20532
#: serverguide/C/installation.xml:883(command)
18403
20533
msgid "sudo grub-install /dev/md0"
18404
20534
msgstr ""
18405
20535
18406
#: serverguide/C/installation.xml:842(para)
20536
#: serverguide/C/installation.xml:886(para)
18407
20537
msgid ""
18408
20538
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
18409
20539
msgstr ""
18410
20540
18411
#: serverguide/C/installation.xml:850(para)
20541
#: serverguide/C/installation.xml:894(para)
18412
20542
msgid ""
18413
20543
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
18414
20544
"can be configured. Please see the following links for more information:"
18415
20545
msgstr ""
18416
20546
18417
#: serverguide/C/installation.xml:858(ulink)
20547
#: serverguide/C/installation.xml:901(para)
20548
msgid ""
20549
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20550
"Wiki Articles on RAID</ulink>."
20551
msgstr ""
20552
20553
#: serverguide/C/installation.xml:907(ulink)
18418
20554
msgid "Software RAID HOWTO"
18419
20555
msgstr ""
18420
20556
18421
#: serverguide/C/installation.xml:863(ulink)
20557
#: serverguide/C/installation.xml:912(ulink)
18422
20558
msgid "Managing RAID on Linux"
18423
20559
msgstr ""
18424
20560
18425
#: serverguide/C/installation.xml:870(title)
20561
#: serverguide/C/installation.xml:919(title)
18426
20562
msgid "Logical Volume Manager (LVM)"
18427
20563
msgstr ""
18428
20564
18429
#: serverguide/C/installation.xml:872(para)
20565
#: serverguide/C/installation.xml:921(para)
18430
20566
msgid ""
18431
20567
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
18432
20568
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
18435
20571
"giving greater flexibility to systems as requirements change."
18436
20572
msgstr ""
18437
20573
18438
#: serverguide/C/installation.xml:881(para)
20574
#: serverguide/C/installation.xml:930(para)
18439
20575
msgid ""
18440
20576
"A side effect of LVM's power and flexibility is a greater degree of "
18441
20577
"complication. Before diving into the LVM installation process, it is best to "
18442
20578
"get familiar with some terms."
18443
20579
msgstr ""
18444
20580
18445
#: serverguide/C/installation.xml:888(para)
20581
#: serverguide/C/installation.xml:937(para)
18446
20582
msgid ""
18447
20583
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
18448
20584
"Volumes (LV)."
18449
20585
msgstr ""
18450
20586
18451
#: serverguide/C/installation.xml:893(para)
20587
#: serverguide/C/installation.xml:942(para)
18452
20588
msgid ""
18453
20589
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
18454
20590
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
18455
20591
"which resides the actual EXT3, XFS, JFS, etc filesystem."
18456
20592
msgstr ""
18457
20593
18458
#: serverguide/C/installation.xml:899(para)
20594
#: serverguide/C/installation.xml:948(para)
18459
20595
msgid ""
18460
20596
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
18461
20597
"RAID partition. The Volume Group can be extended by adding more PVs."
18462
20598
msgstr ""
18463
20599
18464
#: serverguide/C/installation.xml:910(para)
20600
#: serverguide/C/installation.xml:959(para)
18465
20601
msgid ""
18466
20602
"As an example this section covers installing Ubuntu Server Edition with "
18467
20603
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
18470
20606
"can be extended."
18471
20607
msgstr ""
18472
20608
18473
#: serverguide/C/installation.xml:916(para)
20609
#: serverguide/C/installation.xml:965(para)
18474
20610
msgid ""
18475
20611
"There are several installation options for LVM, <emphasis>\"Guided - use the "
18476
20612
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
18481
20617
"the Manual approach."
18482
20618
msgstr ""
18483
20619
18484
#: serverguide/C/installation.xml:933(para)
20620
#: serverguide/C/installation.xml:982(para)
18485
20621
msgid ""
18486
20622
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
18487
20623
"<emphasis>\"Manual\"</emphasis>."
18488
20624
msgstr ""
18489
20625
18490
#: serverguide/C/installation.xml:940(para)
20626
#: serverguide/C/installation.xml:989(para)
18491
20627
msgid ""
18492
20628
"Select the hard disk and on the next screen choose \"yes\" to "
18493
20629
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
18494
20630
msgstr ""
18495
20631
18496
#: serverguide/C/installation.xml:947(para)
20632
#: serverguide/C/installation.xml:996(para)
18497
20633
msgid ""
18498
20634
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
18499
20635
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
18500
20636
msgstr ""
18501
20637
18502
#: serverguide/C/installation.xml:955(para)
20638
#: serverguide/C/installation.xml:1004(para)
18503
20639
msgid ""
18504
20640
"For the LVM <emphasis>/srv</emphasis>, create a new "
18505
20641
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
18507
20643
"<emphasis>\"Done setting up the partition\"</emphasis>."
18508
20644
msgstr ""
18509
20645
18510
#: serverguide/C/installation.xml:963(para)
20646
#: serverguide/C/installation.xml:1012(para)
18511
20647
msgid ""
18512
20648
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
18513
20649
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
18514
20650
"disk."
18515
20651
msgstr ""
18516
20652
18517
#: serverguide/C/installation.xml:971(para)
20653
#: serverguide/C/installation.xml:1020(para)
18518
20654
msgid ""
18519
20655
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
18520
20656
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
18523
20659
"<emphasis>\"Continue\"</emphasis>."
18524
20660
msgstr ""
18525
20661
18526
#: serverguide/C/installation.xml:980(para)
20662
#: serverguide/C/installation.xml:1029(para)
18527
20663
msgid ""
18528
20664
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
18529
20665
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
18534
20670
"main <emphasis>\"Partition Disks\"</emphasis> screen."
18535
20671
msgstr ""
18536
20672
18537
#: serverguide/C/installation.xml:990(para)
20673
#: serverguide/C/installation.xml:1039(para)
18538
20674
msgid ""
18539
20675
"Now add a filesystem to the new LVM. Select the partition under "
18540
20676
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
18543
20679
"select <emphasis>\"Done setting up the partition\"</emphasis>."
18544
20680
msgstr ""
18545
20681
18546
#: serverguide/C/installation.xml:999(para)
20682
#: serverguide/C/installation.xml:1048(para)
18547
20683
msgid ""
18548
20684
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18549
20685
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
18550
20686
"the installation."
18551
20687
msgstr ""
18552
20688
18553
#: serverguide/C/installation.xml:1007(para)
20689
#: serverguide/C/installation.xml:1056(para)
18554
20690
msgid "There are some useful utilities to view information about LVM:"
18555
20691
msgstr ""
18556
20692
18557
#: serverguide/C/installation.xml:1012(para)
20693
#: serverguide/C/installation.xml:1061(para)
18558
20694
msgid ""
18559
20695
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
18560
20696
msgstr ""
18561
20697
18562
#: serverguide/C/installation.xml:1013(para)
20698
#: serverguide/C/installation.xml:1062(para)
18563
20699
msgid ""
18564
20700
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
18565
20701
msgstr ""
18566
20702
18567
#: serverguide/C/installation.xml:1014(para)
20703
#: serverguide/C/installation.xml:1063(para)
18568
20704
msgid ""
18569
20705
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
18570
20706
"Physical Volumes."
18571
20707
msgstr ""
18572
20708
18573
#: serverguide/C/installation.xml:1019(title)
20709
#: serverguide/C/installation.xml:1068(title)
18574
20710
msgid "Extending Volume Groups"
18575
20711
msgstr ""
18576
20712
18577
#: serverguide/C/installation.xml:1021(para)
20713
#: serverguide/C/installation.xml:1070(para)
18578
20714
msgid ""
18579
20715
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
18580
20716
"section covers adding a second hard disk, creating a Physical Volume (PV), "
18589
20725
"them as different physical volumes)"
18590
20726
msgstr ""
18591
20727
18592
#: serverguide/C/installation.xml:1033(para)
20728
#: serverguide/C/installation.xml:1082(para)
18593
20729
msgid "First, create the physical volume, in a terminal execute:"
18594
20730
msgstr ""
18595
20731
18596
#: serverguide/C/installation.xml:1038(command)
20732
#: serverguide/C/installation.xml:1087(command)
18597
20733
msgid "sudo pvcreate /dev/sdb"
18598
20734
msgstr ""
18599
20735
18600
#: serverguide/C/installation.xml:1044(para)
20736
#: serverguide/C/installation.xml:1093(para)
18601
20737
msgid "Now extend the Volume Group (VG):"
18602
20738
msgstr ""
18603
20739
18604
#: serverguide/C/installation.xml:1049(command)
20740
#: serverguide/C/installation.xml:1098(command)
18605
20741
msgid "sudo vgextend vg01 /dev/sdb"
18606
20742
msgstr ""
18607
20743
18608
#: serverguide/C/installation.xml:1055(para)
20744
#: serverguide/C/installation.xml:1104(para)
18609
20745
msgid ""
18610
20746
"Use <application>vgdisplay</application> to find out the free physical "
18611
20747
"extents - Free PE / size (the size you can allocate). We will assume a free "
18613
20749
"whole free space available. Use your own PE and/or free space."
18614
20750
msgstr ""
18615
20751
18616
#: serverguide/C/installation.xml:1061(para)
20752
#: serverguide/C/installation.xml:1110(para)
18617
20753
msgid ""
18618
20754
"The Logical Volume (LV) can now be extended by different methods, we will "
18619
20755
"only see how to use the PE to extend the LV:"
18620
20756
msgstr ""
18621
20757
18622
#: serverguide/C/installation.xml:1066(command)
20758
#: serverguide/C/installation.xml:1115(command)
18623
20759
msgid "sudo lvextend /dev/vg01/srv -l +511"
18624
20760
msgstr ""
18625
20761
18626
#: serverguide/C/installation.xml:1069(para)
20762
#: serverguide/C/installation.xml:1118(para)
18627
20763
msgid ""
18628
20764
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
18629
20765
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
18630
20766
"Gig, Tera, etc bytes."
18631
20767
msgstr ""
18632
20768
18633
#: serverguide/C/installation.xml:1077(para)
20769
#: serverguide/C/installation.xml:1126(para)
18634
20770
msgid ""
18635
20771
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
18636
20772
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
18639
20775
"first is compulsory)."
18640
20776
msgstr ""
18641
20777
18642
#: serverguide/C/installation.xml:1083(para)
20778
#: serverguide/C/installation.xml:1132(para)
18643
20779
msgid ""
18644
20780
"The following commands are for an <emphasis>EXT3</emphasis> or "
18645
20781
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
18646
20782
"there may be other utilities available."
18647
20783
msgstr ""
18648
20784
18649
#: serverguide/C/installation.xml:1090(command)
20785
#: serverguide/C/installation.xml:1139(command)
18650
20786
msgid "sudo e2fsck -f /dev/vg01/srv"
18651
20787
msgstr ""
18652
20788
18653
#: serverguide/C/installation.xml:1093(para)
20789
#: serverguide/C/installation.xml:1142(para)
18654
20790
msgid ""
18655
20791
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
18656
20792
"forces checking even if the system seems clean."
18657
20793
msgstr ""
18658
20794
18659
#: serverguide/C/installation.xml:1100(para)
20795
#: serverguide/C/installation.xml:1149(para)
18660
20796
msgid "Finally, resize the filesystem:"
18661
20797
msgstr ""
18662
20798
18663
#: serverguide/C/installation.xml:1105(command)
20799
#: serverguide/C/installation.xml:1154(command)
18664
20800
msgid "sudo resize2fs /dev/vg01/srv"
18665
20801
msgstr ""
18666
20802
18667
#: serverguide/C/installation.xml:1111(para)
20803
#: serverguide/C/installation.xml:1160(para)
18668
20804
msgid "Now mount the partition and check its size."
18669
20805
msgstr ""
18670
20806
18671
#: serverguide/C/installation.xml:1116(command)
20807
#: serverguide/C/installation.xml:1165(command)
18672
20808
msgid "mount /dev/vg01/srv /srv && df -h /srv"
18673
20809
msgstr ""
18674
20810
18675
#: serverguide/C/installation.xml:1128(para)
20811
#: serverguide/C/installation.xml:1177(para)
20812
msgid ""
20813
"See the <ulink "
20814
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20815
"Articles</ulink>."
20816
msgstr ""
20817
20818
#: serverguide/C/installation.xml:1182(para)
18676
20819
msgid ""
18677
20820
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
18678
20821
"HOWTO</ulink> for more information."
18679
20822
msgstr ""
18680
20823
18681
#: serverguide/C/installation.xml:1133(para)
20824
#: serverguide/C/installation.xml:1187(para)
18682
20825
msgid ""
18683
20826
"Another good article is <ulink "
18684
20827
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
18686
20829
"linuxdevcenter.com site."
18687
20830
msgstr ""
18688
20831
18689
#: serverguide/C/installation.xml:1140(para)
20832
#: serverguide/C/installation.xml:1194(para)
18690
20833
msgid ""
18691
20834
"For more information on <application>fdisk</application> see the <ulink "
18692
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/fdisk.8.html\">fdisk"
18693
" man page</ulink>."
20835
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
20836
"man page</ulink>."
18694
20837
msgstr ""
18695
20838
18696
20839
#: serverguide/C/file-server.xml:13(title)
19017
21160
#: serverguide/C/file-server.xml:293(para)
19018
21161
msgid ""
19019
21162
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
19020
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/vsftpd.conf.5.html\""
19021
">vsftpd.conf man page</ulink>."
21163
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
21164
"vsftpd.conf man page</ulink>."
19022
21165
msgstr ""
19023
21166
19024
21167
#: serverguide/C/file-server.xml:299(para)
19029
21172
"contrasting FTPS and SFTP."
19030
21173
msgstr ""
19031
21174
19032
#: serverguide/C/file-server.xml:310(title)
21175
#: serverguide/C/file-server.xml:305(para)
21176
msgid ""
21177
"Also, for more information see the <ulink "
21178
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21179
"page."
21180
msgstr ""
21181
21182
#: serverguide/C/file-server.xml:315(title)
19033
21183
msgid "Network File System (NFS)"
19034
21184
msgstr ""
19035
21185
19036
#: serverguide/C/file-server.xml:311(para)
21186
#: serverguide/C/file-server.xml:316(para)
19037
21187
msgid ""
19038
21188
"NFS allows a system to share directories and files with others over a "
19039
21189
"network. By using NFS, users and programs can access files on remote systems "
19040
21190
"almost as if they were local files."
19041
21191
msgstr ""
19042
21192
19043
#: serverguide/C/file-server.xml:317(para)
21193
#: serverguide/C/file-server.xml:322(para)
19044
21194
msgid "Some of the most notable benefits that NFS can provide are:"
19045
21195
msgstr ""
19046
21196
19047
#: serverguide/C/file-server.xml:323(para)
21197
#: serverguide/C/file-server.xml:328(para)
19048
21198
msgid ""
19049
21199
"Local workstations use less disk space because commonly used data can be "
19050
21200
"stored on a single machine and still remain accessible to others over the "
19051
21201
"network."
19052
21202
msgstr ""
19053
21203
19054
#: serverguide/C/file-server.xml:328(para)
21204
#: serverguide/C/file-server.xml:333(para)
19055
21205
msgid ""
19056
21206
"There is no need for users to have separate home directories on every "
19057
21207
"network machine. Home directories could be set up on the NFS server and made "
19058
21208
"available throughout the network."
19059
21209
msgstr ""
19060
21210
19061
#: serverguide/C/file-server.xml:334(para)
21211
#: serverguide/C/file-server.xml:339(para)
19062
21212
msgid ""
19063
21213
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
19064
21214
"be used by other machines on the network. This may reduce the number of "
19065
21215
"removable media drives throughout the network."
19066
21216
msgstr ""
19067
21217
19068
#: serverguide/C/file-server.xml:344(para)
21218
#: serverguide/C/file-server.xml:349(para)
19069
21219
msgid ""
19070
21220
"At a terminal prompt enter the following command to install the NFS Server:"
19071
21221
msgstr ""
19072
21222
19073
#: serverguide/C/file-server.xml:350(command)
21223
#: serverguide/C/file-server.xml:355(command)
19074
21224
msgid "sudo apt-get install nfs-kernel-server"
19075
21225
msgstr ""
19076
21226
19077
#: serverguide/C/file-server.xml:356(para)
21227
#: serverguide/C/file-server.xml:361(para)
19078
21228
msgid ""
19079
21229
"You can configure the directories to be exported by adding them to the "
19080
21230
"<filename>/etc/exports</filename> file. For example:"
19081
21231
msgstr ""
19082
21232
19083
#: serverguide/C/file-server.xml:361(screen)
21233
#: serverguide/C/file-server.xml:366(screen)
19084
21234
#, no-wrap
19085
21235
msgid ""
19086
21236
"\n"
19088
21238
"/home *(rw,sync,no_root_squash)\n"
19089
21239
msgstr ""
19090
21240
19091
#: serverguide/C/file-server.xml:367(para)
21241
#: serverguide/C/file-server.xml:372(para)
19092
21242
msgid ""
19093
21243
"You can replace * with one of the hostname formats. Make the hostname "
19094
21244
"declaration as specific as possible so unwanted systems cannot access the "
19095
21245
"NFS mount."
19096
21246
msgstr ""
19097
21247
19098
#: serverguide/C/file-server.xml:373(para)
21248
#: serverguide/C/file-server.xml:378(para)
19099
21249
msgid ""
19100
21250
"To start the NFS server, you can run the following command at a terminal "
19101
21251
"prompt:"
19102
21252
msgstr ""
19103
21253
19104
#: serverguide/C/file-server.xml:378(command)
21254
#: serverguide/C/file-server.xml:383(command)
19105
21255
msgid "sudo /etc/init.d/nfs-kernel-server start"
19106
21256
msgstr ""
19107
21257
19108
#: serverguide/C/file-server.xml:383(title)
21258
#: serverguide/C/file-server.xml:388(title)
19109
21259
msgid "NFS Client Configuration"
19110
21260
msgstr ""
19111
21261
19112
#: serverguide/C/file-server.xml:384(para)
21262
#: serverguide/C/file-server.xml:389(para)
19113
21263
msgid ""
19114
21264
"Use the <application>mount</application> command to mount a shared NFS "
19115
21265
"directory from another machine, by typing a command line similar to the "
19116
21266
"following at a terminal prompt:"
19117
21267
msgstr ""
19118
21268
19119
#: serverguide/C/file-server.xml:390(command)
21269
#: serverguide/C/file-server.xml:395(command)
19120
21270
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
19121
21271
msgstr ""
19122
21272
19123
#: serverguide/C/file-server.xml:394(para)
21273
#: serverguide/C/file-server.xml:399(para)
19124
21274
msgid ""
19125
21275
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
19126
21276
"There should be no files or subdirectories in the "
19127
21277
"<filename>/local/ubuntu</filename> directory."
19128
21278
msgstr ""
19129
21279
19130
#: serverguide/C/file-server.xml:401(para)
21280
#: serverguide/C/file-server.xml:406(para)
19131
21281
msgid ""
19132
21282
"An alternate way to mount an NFS share from another machine is to add a line "
19133
21283
"to the <filename>/etc/fstab</filename> file. The line must state the "
19135
21285
"the directory on the local machine where the NFS share is to be mounted."
19136
21286
msgstr ""
19137
21287
19138
#: serverguide/C/file-server.xml:409(para)
21288
#: serverguide/C/file-server.xml:414(para)
19139
21289
msgid ""
19140
21290
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
19141
21291
"as follows:"
19142
21292
msgstr ""
19143
21293
19144
#: serverguide/C/file-server.xml:415(programlisting)
21294
#: serverguide/C/file-server.xml:420(programlisting)
19145
21295
#, no-wrap
19146
21296
msgid ""
19147
21297
"\n"
19149
21299
"rsize=8192,wsize=8192,timeo=14,intr\n"
19150
21300
msgstr ""
19151
21301
19152
#: serverguide/C/file-server.xml:419(para)
21302
#: serverguide/C/file-server.xml:424(para)
19153
21303
msgid ""
19154
21304
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
19155
21305
"common</application> package is installed on your client. To install "
19159
21309
"</screen>"
19160
21310
msgstr ""
19161
21311
19162
#: serverguide/C/file-server.xml:432(ulink)
21312
#: serverguide/C/file-server.xml:437(ulink)
19163
21313
msgid "Linux NFS faq"
19164
21314
msgstr ""
19165
21315
19166
#: serverguide/C/file-server.xml:437(title)
21316
#: serverguide/C/file-server.xml:439(ulink)
21317
msgid "Ubuntu Wiki NFS Howto"
21318
msgstr ""
21319
21320
#: serverguide/C/file-server.xml:445(title)
19167
21321
msgid "CUPS - Print Server"
19168
21322
msgstr ""
19169
21323
19170
#: serverguide/C/file-server.xml:438(para)
21324
#: serverguide/C/file-server.xml:446(para)
19171
21325
msgid ""
19172
21326
"The primary mechanism for Ubuntu printing and print services is the "
19173
21327
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
19175
21329
"become the new standard for printing in most Linux distributions."
19176
21330
msgstr ""
19177
21331
19178
#: serverguide/C/file-server.xml:445(para)
21332
#: serverguide/C/file-server.xml:453(para)
19179
21333
msgid ""
19180
21334
"CUPS manages print jobs and queues and provides network printing using the "
19181
21335
"standard Internet Printing Protocol (IPP), while offering support for a very "
19185
21339
"administration tool."
19186
21340
msgstr ""
19187
21341
19188
#: serverguide/C/file-server.xml:455(para)
21342
#: serverguide/C/file-server.xml:463(para)
19189
21343
msgid ""
19190
21344
"To install CUPS on your Ubuntu computer, simply use "
19191
21345
"<application>sudo</application> with the <application>apt-get</application> "
19195
21349
"CUPS:"
19196
21350
msgstr ""
19197
21351
19198
#: serverguide/C/file-server.xml:460(command)
21352
#: serverguide/C/file-server.xml:468(command)
19199
21353
msgid "sudo apt-get install cups"
19200
21354
msgstr ""
19201
21355
19202
#: serverguide/C/file-server.xml:463(para)
21356
#: serverguide/C/file-server.xml:471(para)
19203
21357
msgid ""
19204
21358
"Upon authenticating with your user password, the packages should be "
19205
21359
"downloaded and installed without error. Upon the conclusion of installation, "
19206
21360
"the CUPS server will be started automatically."
19207
21361
msgstr ""
19208
21362
19209
#: serverguide/C/file-server.xml:468(para)
21363
#: serverguide/C/file-server.xml:476(para)
19210
21364
msgid ""
19211
21365
"For troubleshooting purposes, you can access CUPS server errors via the "
19212
21366
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
19219
21373
"from becoming overly large."
19220
21374
msgstr ""
19221
21375
19222
#: serverguide/C/file-server.xml:481(para)
21376
#: serverguide/C/file-server.xml:489(para)
19223
21377
msgid ""
19224
21378
"The Common UNIX Printing System server's behavior is configured through the "
19225
21379
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
19230
21384
"initially will be presented here."
19231
21385
msgstr ""
19232
21386
19233
#: serverguide/C/file-server.xml:491(para)
21387
#: serverguide/C/file-server.xml:499(para)
19234
21388
msgid ""
19235
21389
"Prior to editing the configuration file, you should make a copy of the "
19236
21390
"original file and protect it from writing, so you will have the original "
19237
21391
"settings as a reference, and to reuse as necessary."
19238
21392
msgstr ""
19239
21393
19240
#: serverguide/C/file-server.xml:495(para)
21394
#: serverguide/C/file-server.xml:503(para)
19241
21395
msgid ""
19242
21396
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
19243
21397
"writing with the following commands, issued at a terminal prompt:"
19244
21398
msgstr ""
19245
21399
19246
#: serverguide/C/file-server.xml:501(command)
21400
#: serverguide/C/file-server.xml:509(command)
19247
21401
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
19248
21402
msgstr ""
19249
21403
19250
#: serverguide/C/file-server.xml:502(command)
21404
#: serverguide/C/file-server.xml:510(command)
19251
21405
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
19252
21406
msgstr ""
19253
21407
19254
#: serverguide/C/file-server.xml:507(para)
21408
#: serverguide/C/file-server.xml:515(para)
19255
21409
msgid ""
19256
21410
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
19257
21411
"address of the designated administrator of the CUPS server, simply edit the "
19263
21417
"as such:"
19264
21418
msgstr ""
19265
21419
19266
#: serverguide/C/file-server.xml:518(screen)
21420
#: serverguide/C/file-server.xml:526(screen)
19267
21421
#, no-wrap
19268
21422
msgid ""
19269
21423
"\n"
19270
21424
"ServerAdmin bjoy@somebigco.com\n"
19271
21425
msgstr ""
19272
21426
19273
#: serverguide/C/file-server.xml:524(para)
21427
#: serverguide/C/file-server.xml:532(para)
19274
21428
msgid ""
19275
21429
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
19276
21430
"server installation listens only on the loopback interface at IP address "
19285
21439
"such:"
19286
21440
msgstr ""
19287
21441
19288
#: serverguide/C/file-server.xml:538(screen)
21442
#: serverguide/C/file-server.xml:546(screen)
19289
21443
#, no-wrap
19290
21444
msgid ""
19291
21445
"\n"
19295
21449
"(IPP)\n"
19296
21450
msgstr ""
19297
21451
19298
#: serverguide/C/file-server.xml:544(para)
21452
#: serverguide/C/file-server.xml:552(para)
19299
21453
msgid ""
19300
21454
"In the example above, you may comment out or remove the reference to the "
19301
21455
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
19306
21460
"<emphasis>socrates</emphasis> as such:"
19307
21461
msgstr ""
19308
21462
19309
#: serverguide/C/file-server.xml:554(screen)
21463
#: serverguide/C/file-server.xml:562(screen)
19310
21464
#, no-wrap
19311
21465
msgid ""
19312
21466
"\n"
19313
21467
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
19314
21468
msgstr ""
19315
21469
19316
#: serverguide/C/file-server.xml:558(para)
21470
#: serverguide/C/file-server.xml:566(para)
19317
21471
msgid ""
19318
21472
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
19319
21473
"instead, as in:"
19320
21474
msgstr ""
19321
21475
19322
#: serverguide/C/file-server.xml:560(screen)
21476
#: serverguide/C/file-server.xml:568(screen)
19323
21477
#, no-wrap
19324
21478
msgid ""
19325
21479
"\n"
19326
21480
"Port 631 # Listen on port 631 on all interfaces\n"
19327
21481
msgstr ""
19328
21482
19329
#: serverguide/C/file-server.xml:567(para)
21483
#: serverguide/C/file-server.xml:575(para)
19330
21484
msgid ""
19331
21485
"For more examples of configuration directives in the CUPS server "
19332
21486
"configuration file, view the associated system manual page by entering the "
19333
21487
"following command at a terminal prompt:"
19334
21488
msgstr ""
19335
21489
19336
#: serverguide/C/file-server.xml:574(command)
21490
#: serverguide/C/file-server.xml:582(command)
19337
21491
msgid "man cupsd.conf"
19338
21492
msgstr ""
19339
21493
19340
#: serverguide/C/file-server.xml:578(para)
21494
#: serverguide/C/file-server.xml:586(para)
19341
21495
msgid ""
19342
21496
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
19343
21497
"configuration file, you'll need to restart the CUPS server by typing the "
19344
21498
"following command at a terminal prompt:"
19345
21499
msgstr ""
19346
21500
19347
#: serverguide/C/file-server.xml:584(command)
21501
#: serverguide/C/file-server.xml:592(command)
19348
21502
msgid "sudo /etc/init.d/cups restart"
19349
21503
msgstr ""
19350
21504
19351
#: serverguide/C/file-server.xml:590(title)
21505
#: serverguide/C/file-server.xml:598(title)
19352
21506
msgid "Web Interface"
19353
21507
msgstr ""
19354
21508
19355
#: serverguide/C/file-server.xml:592(para)
21509
#: serverguide/C/file-server.xml:600(para)
19356
21510
msgid ""
19357
21511
"CUPS can be configured and monitored using a web interface, which by default "
19358
21512
"is available at <ulink "
19360
21514
"web interface can be used to perform all printer management tasks."
19361
21515
msgstr ""
19362
21516
19363
#: serverguide/C/file-server.xml:596(para)
21517
#: serverguide/C/file-server.xml:604(para)
19364
21518
msgid ""
19365
21519
"In order to perform administrative tasks via the web interface, you must "
19366
21520
"either have the root account enabled on your server, or authenticate as a "
19368
21522
"reasons, CUPS won't authenticate a user that doesn't have a password."
19369
21523
msgstr ""
19370
21524
19371
#: serverguide/C/file-server.xml:599(para)
21525
#: serverguide/C/file-server.xml:607(para)
19372
21526
msgid ""
19373
21527
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
19374
21528
"at the terminal prompt: <screen>\n"
19376
21530
"</screen>"
19377
21531
msgstr ""
19378
21532
19379
#: serverguide/C/file-server.xml:605(para)
21533
#: serverguide/C/file-server.xml:613(para)
19380
21534
msgid ""
19381
21535
"Further documentation is available in the <emphasis "
19382
21536
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
19383
21537
msgstr ""
19384
21538
19385
#: serverguide/C/file-server.xml:613(ulink)
21539
#: serverguide/C/file-server.xml:621(ulink)
19386
21540
msgid "CUPS Website"
19387
21541
msgstr ""
19388
21542
21543
#: serverguide/C/file-server.xml:624(ulink)
21544
msgid "Ubuntu Wiki CUPS page"
21545
msgstr ""
21546
19389
21547
#: serverguide/C/dns.xml:13(title)
19390
21548
msgid "Domain Name Service (DNS)"
19391
21549
msgstr ""
20203
22361
"ns2\tIN A\t 192.168.1.11\n"
20204
22362
msgstr ""
20205
22363
20206
#: serverguide/C/dns.xml:619(title)
20207
msgid "More Information"
20208
msgstr ""
20209
20210
#: serverguide/C/dns.xml:620(para)
22364
#: serverguide/C/dns.xml:622(para)
20211
22365
msgid ""
20212
22366
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
20213
22367
"HOWTO</ulink> explains more advanced options for configuring BIND9."
20214
22368
msgstr ""
20215
22369
20216
#: serverguide/C/dns.xml:623(para)
22370
#: serverguide/C/dns.xml:627(para)
20217
22371
msgid ""
20218
22372
"For in depth coverage of <emphasis>DNS</emphasis> and "
20219
22373
"<application>BIND9</application> see <ulink "
20220
22374
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
20221
22375
msgstr ""
20222
22376
20223
#: serverguide/C/dns.xml:626(para)
22377
#: serverguide/C/dns.xml:632(para)
20224
22378
msgid ""
20225
22379
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
20226
22380
"BIND</ulink> is a popular book now in it's fifth edition."
20227
22381
msgstr ""
20228
22382
20229
#: serverguide/C/dns.xml:629(para)
22383
#: serverguide/C/dns.xml:637(para)
20230
22384
msgid ""
20231
22385
"A great place to ask for <application>BIND9</application> assistance, and "
20232
22386
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20234
22388
"url=\"http://freenode.net\">freenode</ulink>."
20235
22389
msgstr ""
20236
22390
22391
#: serverguide/C/dns.xml:643(para)
22392
msgid ""
22393
"Also, see the <ulink "
22394
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22395
"HOWTO</ulink> in the Ubuntu Wiki."
22396
msgstr ""
22397
20237
22398
#: serverguide/C/databases.xml:13(title)
20238
22399
msgid "Databases"
20239
22400
msgstr ""
20242
22403
msgid "Ubuntu provides two popular database servers. They are:"
20243
22404
msgstr ""
20244
22405
20245
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:152(title)
22406
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
20246
22407
msgid "PostgreSQL"
20247
22408
msgstr ""
20248
22409
20307
22468
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
20308
22469
"the basic settings -- log file, port number, etc. For example, to configure "
20309
22470
"<application>MySQL</application> to listen for connections from network "
20310
"hosts, change the <emphasis>bind_address</emphasis> directive to the "
22471
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
20311
22472
"server's IP address:"
20312
22473
msgstr ""
20313
22474
20336
22497
msgstr ""
20337
22498
20338
22499
#: serverguide/C/databases.xml:113(command)
20339
msgid "sudo dpkg-reconfigure mysql-server-5.0"
22500
msgid "sudo dpkg-reconfigure mysql-server-5.1"
20340
22501
msgstr ""
20341
22502
20342
22503
#: serverguide/C/databases.xml:116(para)
20369
22530
"chapter/index.html</command> in your browser's address bar."
20370
22531
msgstr ""
20371
22532
20372
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:285(para)
22533
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
20373
22534
msgid ""
20374
22535
"For general SQL information see <ulink "
20375
22536
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
20376
22537
"Special Edition</ulink> by Rafe Colburn."
20377
22538
msgstr ""
20378
22539
20379
#: serverguide/C/databases.xml:153(para)
22540
#: serverguide/C/databases.xml:149(para)
22541
msgid ""
22542
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22543
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22544
msgstr ""
22545
22546
#: serverguide/C/databases.xml:158(para)
20380
22547
msgid ""
20381
22548
"PostgreSQL is an object-relational database system that has the features of "
20382
22549
"traditional commercial database systems with enhancements to be found in "
20383
22550
"next-generation DBMS systems."
20384
22551
msgstr ""
20385
22552
20386
#: serverguide/C/databases.xml:160(para)
22553
#: serverguide/C/databases.xml:165(para)
20387
22554
msgid ""
20388
22555
"To install PostgreSQL, run the following command in the command prompt:"
20389
22556
msgstr ""
20390
22557
20391
#: serverguide/C/databases.xml:167(command)
22558
#: serverguide/C/databases.xml:172(command)
20392
22559
msgid "sudo apt-get install postgresql"
20393
22560
msgstr ""
20394
22561
20395
#: serverguide/C/databases.xml:171(para)
22562
#: serverguide/C/databases.xml:176(para)
20396
22563
msgid ""
20397
22564
"Once the installation is complete, you should configure the PostgreSQL "
20398
22565
"server based on your needs, although the default configuration is viable."
20399
22566
msgstr ""
20400
22567
20401
#: serverguide/C/databases.xml:179(para)
22568
#: serverguide/C/databases.xml:184(para)
20402
22569
msgid ""
20403
22570
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
20404
22571
"client authentication methods. By default, IDENT authentication method is "
20407
22574
"PostgreSQL Administrator's Guide</ulink>."
20408
22575
msgstr ""
20409
22576
20410
#: serverguide/C/databases.xml:186(para)
22577
#: serverguide/C/databases.xml:191(para)
20411
22578
msgid ""
20412
22579
"The following discussion assumes that you wish to enable TCP/IP connections "
20413
22580
"and use the MD5 method for client authentication. PostgreSQL configuration "
20417
22584
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
20418
22585
msgstr ""
20419
22586
20420
#: serverguide/C/databases.xml:196(para)
22587
#: serverguide/C/databases.xml:201(para)
20421
22588
msgid ""
20422
22589
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
20423
22590
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
20424
22591
msgstr ""
20425
22592
20426
#: serverguide/C/databases.xml:203(para)
22593
#: serverguide/C/databases.xml:208(para)
20427
22594
msgid ""
20428
22595
"To enable TCP/IP connections, edit the file "
20429
22596
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
20430
22597
msgstr ""
20431
22598
20432
#: serverguide/C/databases.xml:205(para)
22599
#: serverguide/C/databases.xml:210(para)
20433
22600
msgid ""
20434
22601
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
20435
22602
"change it to:"
20436
22603
msgstr ""
20437
22604
20438
#: serverguide/C/databases.xml:208(programlisting)
22605
#: serverguide/C/databases.xml:213(programlisting)
20439
22606
#, no-wrap
20440
22607
msgid ""
20441
22608
"\n"
20442
22609
"listen_addresses = 'localhost'\n"
20443
22610
msgstr ""
20444
22611
20445
#: serverguide/C/databases.xml:212(para)
22612
#: serverguide/C/databases.xml:217(para)
20446
22613
msgid ""
20447
22614
"To allow other computers to connect to your "
20448
22615
"<application>PostgreSQL</application> server replace 'localhost' with the "
20449
22616
"<emphasis>IP Address</emphasis> of your server."
20450
22617
msgstr ""
20451
22618
20452
#: serverguide/C/databases.xml:217(para)
22619
#: serverguide/C/databases.xml:222(para)
20453
22620
msgid ""
20454
22621
"You may also edit all other parameters, if you know what you are doing! For "
20455
22622
"details, refer to the configuration file or to the PostgreSQL documentation."
20456
22623
msgstr ""
20457
22624
20458
#: serverguide/C/databases.xml:222(para)
22625
#: serverguide/C/databases.xml:227(para)
20459
22626
msgid ""
20460
22627
"Now that we can connect to our <application>PostgreSQL</application> server, "
20461
22628
"the next step is to set a password for the <emphasis>postgres</emphasis> "
20463
22630
"default PostgreSQL template database:"
20464
22631
msgstr ""
20465
22632
20466
#: serverguide/C/databases.xml:229(command)
22633
#: serverguide/C/databases.xml:234(command)
20467
22634
msgid "sudo -u postgres psql template1"
20468
22635
msgstr ""
20469
22636
20470
#: serverguide/C/databases.xml:231(para)
22637
#: serverguide/C/databases.xml:236(para)
20471
22638
msgid ""
20472
22639
"The above command connects to PostgreSQL database "
20473
22640
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
20477
22644
"role=\"italics\">postgres</emphasis>."
20478
22645
msgstr ""
20479
22646
20480
#: serverguide/C/databases.xml:239(command)
22647
#: serverguide/C/databases.xml:244(command)
20481
22648
msgid "ALTER USER postgres with encrypted password 'your_password';"
20482
22649
msgstr ""
20483
22650
20484
#: serverguide/C/databases.xml:241(para)
22651
#: serverguide/C/databases.xml:246(para)
20485
22652
msgid ""
20486
22653
"After configuring the password, edit the file "
20487
22654
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
20489
22656
"<emphasis>postgres</emphasis> user:"
20490
22657
msgstr ""
20491
22658
20492
#: serverguide/C/databases.xml:247(programlisting)
22659
#: serverguide/C/databases.xml:252(programlisting)
20493
22660
#, no-wrap
20494
22661
msgid ""
20495
22662
"\n"
20496
"local all postgres md5 sameuser\n"
22663
"local all postgres md5\n"
20497
22664
msgstr ""
20498
22665
20499
#: serverguide/C/databases.xml:251(para)
22666
#: serverguide/C/databases.xml:256(para)
20500
22667
msgid ""
20501
22668
"Finally, you should restart the <application>PostgreSQL</application> "
20502
22669
"service to initialize the new configuration. From a terminal prompt enter "
20503
22670
"the following to restart <application>PostgreSQL</application>:"
20504
22671
msgstr ""
20505
22672
20506
#: serverguide/C/databases.xml:257(command)
22673
#: serverguide/C/databases.xml:262(command)
20507
22674
msgid "sudo /etc/init.d/postgresql-8.4 restart"
20508
22675
msgstr ""
20509
22676
20510
#: serverguide/C/databases.xml:260(para)
22677
#: serverguide/C/databases.xml:265(para)
20511
22678
msgid ""
20512
22679
"The above configuration is not complete by any means. Please refer <ulink "
20513
22680
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
20514
22681
"Administrator's Guide</ulink> to configure more parameters."
20515
22682
msgstr ""
20516
22683
20517
#: serverguide/C/databases.xml:271(para)
22684
#: serverguide/C/databases.xml:276(para)
20518
22685
msgid ""
20519
22686
"As mentioned above the <ulink "
20520
22687
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
20523
22690
"in a terminal to install the package:"
20524
22691
msgstr ""
20525
22692
20526
#: serverguide/C/databases.xml:277(command)
22693
#: serverguide/C/databases.xml:282(command)
20527
22694
msgid "sudo apt-get install postgresql-doc-8.4"
20528
22695
msgstr ""
20529
22696
20530
#: serverguide/C/databases.xml:279(para)
22697
#: serverguide/C/databases.xml:284(para)
20531
22698
msgid ""
20532
22699
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
20533
22700
"8.4/html/index.html</command> into the address bar of your browser."
20534
22701
msgstr ""
20535
22702
22703
#: serverguide/C/databases.xml:296(para)
22704
msgid ""
22705
"Also, see the <ulink "
22706
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22707
"Wiki</ulink> page for more information."
22708
msgstr ""
22709
20536
22710
#: serverguide/C/clustering.xml:13(title)
20537
22711
msgid "Clustering"
20538
22712
msgstr ""
20753
22927
#: serverguide/C/clustering.xml:243(para)
20754
22928
msgid ""
20755
22929
"The <ulink "
20756
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">d"
20757
"rbd.conf man page</ulink> contains details on the options not covered in "
20758
"this guide."
22930
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
22931
"bd.conf man page</ulink> contains details on the options not covered in this "
22932
"guide."
20759
22933
msgstr ""
20760
22934
20761
22935
#: serverguide/C/clustering.xml:249(para)
20762
22936
msgid ""
20763
22937
"Also, see the <ulink "
20764
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drb"
20765
"dadm man page</ulink>."
22938
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
22939
"adm man page</ulink>."
22940
msgstr ""
22941
22942
#: serverguide/C/clustering.xml:254(para)
22943
msgid ""
22944
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22945
"Wiki</ulink> page also has more information."
20766
22946
msgstr ""
20767
22947
20768
22948
#: serverguide/C/chat.xml:13(title)
20879
23059
"FAQ</ulink> for more details about the IRC Server."
20880
23060
msgstr ""
20881
23061
20882
#: serverguide/C/chat.xml:127(title)
23062
#: serverguide/C/chat.xml:124(para)
23063
msgid ""
23064
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23065
"IRCD</ulink> page has more information."
23066
msgstr ""
23067
23068
#: serverguide/C/chat.xml:132(title)
20883
23069
msgid "Jabber Instant Messaging Server"
20884
23070
msgstr ""
20885
23071
20886
#: serverguide/C/chat.xml:129(para)
23072
#: serverguide/C/chat.xml:134(para)
20887
23073
msgid ""
20888
23074
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
20889
23075
"XMPP, an open standard for instant messaging, and used by many popular "
20892
23078
"to providing messaging services to users over the Internet."
20893
23079
msgstr ""
20894
23080
20895
#: serverguide/C/chat.xml:138(para)
23081
#: serverguide/C/chat.xml:143(para)
20896
23082
msgid "To install <application>jabberd2</application>, in a terminal enter:"
20897
23083
msgstr ""
20898
23084
20899
#: serverguide/C/chat.xml:143(command)
23085
#: serverguide/C/chat.xml:148(command)
20900
23086
msgid "sudo apt-get install jabberd2"
20901
23087
msgstr ""
20902
23088
20903
#: serverguide/C/chat.xml:150(para)
23089
#: serverguide/C/chat.xml:155(para)
20904
23090
msgid ""
20905
23091
"A couple of XML configuration files will be used to configure "
20906
23092
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
20909
23095
"Postgresql, etc for for user authentication."
20910
23096
msgstr ""
20911
23097
20912
#: serverguide/C/chat.xml:157(para)
23098
#: serverguide/C/chat.xml:162(para)
20913
23099
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
20914
23100
msgstr ""
20915
23101
20916
#: serverguide/C/chat.xml:161(programlisting)
23102
#: serverguide/C/chat.xml:166(programlisting)
20917
23103
#, no-wrap
20918
23104
msgid ""
20919
23105
"\n"
20920
23106
" <id>jabber.example.com</id>\n"
20921
23107
msgstr ""
20922
23108
20923
#: serverguide/C/chat.xml:166(para)
23109
#: serverguide/C/chat.xml:171(para)
20924
23110
msgid ""
20925
23111
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
20926
23112
"id, of your server."
20927
23113
msgstr ""
20928
23114
20929
#: serverguide/C/chat.xml:171(para)
23115
#: serverguide/C/chat.xml:176(para)
20930
23116
msgid "Now in the <storage> section change the <driver> to:"
20931
23117
msgstr ""
20932
23118
20933
#: serverguide/C/chat.xml:175(programlisting)
23119
#: serverguide/C/chat.xml:180(programlisting)
20934
23120
#, no-wrap
20935
23121
msgid ""
20936
23122
"\n"
20937
23123
" <driver>db</driver>\n"
20938
23124
msgstr ""
20939
23125
20940
#: serverguide/C/chat.xml:179(para)
23126
#: serverguide/C/chat.xml:184(para)
20941
23127
msgid ""
20942
23128
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
20943
23129
"<emphasis><local></emphasis> section change:"
20944
23130
msgstr ""
20945
23131
20946
#: serverguide/C/chat.xml:183(programlisting)
23132
#: serverguide/C/chat.xml:188(programlisting)
20947
23133
#, no-wrap
20948
23134
msgid ""
20949
23135
"\n"
20950
23136
" <id>jabber.example.com</id>\n"
20951
23137
msgstr ""
20952
23138
20953
#: serverguide/C/chat.xml:187(para)
23139
#: serverguide/C/chat.xml:192(para)
20954
23140
msgid ""
20955
23141
"And in the <authreg> section adjust the <module> section to:"
20956
23142
msgstr ""
20957
23143
20958
#: serverguide/C/chat.xml:191(programlisting)
23144
#: serverguide/C/chat.xml:196(programlisting)
20959
23145
#, no-wrap
20960
23146
msgid ""
20961
23147
"\n"
20962
23148
" <module>db</module>\n"
20963
23149
msgstr ""
20964
23150
20965
#: serverguide/C/chat.xml:195(para)
23151
#: serverguide/C/chat.xml:200(para)
20966
23152
msgid ""
20967
23153
"Finally, restart <application>jabberd2</application> to enable the new "
20968
23154
"settings:"
20969
23155
msgstr ""
20970
23156
20971
#: serverguide/C/chat.xml:200(command)
23157
#: serverguide/C/chat.xml:205(command)
20972
23158
msgid "sudo /etc/init.d/jabberd2 restart"
20973
23159
msgstr ""
20974
23160
20975
#: serverguide/C/chat.xml:203(para)
23161
#: serverguide/C/chat.xml:208(para)
20976
23162
msgid ""
20977
23163
"You should now be able to connect to the server using a Jabber client like "
20978
23164
"<application>Pidgin</application> for example."
20979
23165
msgstr ""
20980
23166
20981
#: serverguide/C/chat.xml:208(para)
23167
#: serverguide/C/chat.xml:213(para)
20982
23168
msgid ""
20983
23169
"The advantage of using Berkeley DB for user data is that after being "
20984
23170
"configured no additional maintenance is required. If you need more control "
20986
23172
"recommended."
20987
23173
msgstr ""
20988
23174
20989
#: serverguide/C/chat.xml:220(para)
23175
#: serverguide/C/chat.xml:225(para)
20990
23176
msgid ""
20991
23177
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
20992
23178
"Site</ulink> contains more details on configuring "
20993
23179
"<application>Jabberd2</application>."
20994
23180
msgstr ""
20995
23181
20996
#: serverguide/C/chat.xml:226(para)
23182
#: serverguide/C/chat.xml:231(para)
20997
23183
msgid ""
20998
23184
"For more authentication options see the <ulink "
20999
23185
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
21000
23186
"Guide</ulink>."
21001
23187
msgstr ""
21002
23188
23189
#: serverguide/C/chat.xml:236(para)
23190
msgid ""
23191
"Also, the <ulink "
23192
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23193
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23194
msgstr ""
23195
21003
23196
#: serverguide/C/backups.xml:13(title)
21004
23197
msgid "Backups"
21005
23198
msgstr ""
22094
24287
"the latest Bacula news and developments."
22095
24288
msgstr ""
22096
24289
24290
#: serverguide/C/backups.xml:869(para)
24291
msgid ""
24292
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24293
"Ubuntu Wiki</ulink> page."
24294
msgstr ""
24295
22097
24296
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
22098
24297
#: serverguide/C/backups.xml:0(None)
22099
24298
msgid "translator-credits"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1