« back to all changes in this revision
Viewing changes to serverguide/po/km.po
- browse files at revision 91
- compare with another revision
- download diff
- download tarball
- view history from revision 91
- Committer: Bazaar Package Importer
- Author(s): Matthew East
- Date: 2010-04-18 21:06:41 UTC
- Revision ID: james.westby@ubuntu.com-20100418210641-ee4gokf3dfkak6j8
Tags: 10.04.3
* Import translations from Rosetta
* Replace old Ubuntu logo with new one from wiki:Brand (LP: #551058)
* Replace old Ubuntu logo with new one from wiki:Brand (LP: #551058)
- files added:
- about-ubuntu/po/om.po
- files modified:
- about-ubuntu/po/about-ubuntu.pot
added
removed
serverguide/po/km.po
1
# Khmer translation for ubuntu-docs
2
# Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2009.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2010-03-29 08:26+0100\n"
11
"PO-Revision-Date: 2009-11-11 02:17+0000\n"
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
"Language-Team: Khmer <km@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2010-04-17 14:50+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr ""
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr ""
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr ""
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr ""
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
48
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
49
msgid "Introduction"
50
msgstr "បណ្តើម"
51
52
#: serverguide/C/windows-networking.xml:27(para)
53
msgid ""
54
"Successfully networking your Ubuntu system with Windows clients involves "
55
"providing and integrating with services common to Windows environments. Such "
56
"services assist the sharing of data and information about the computers and "
57
"users involved in the network, and may be classified under three major "
58
"categories of functionality:"
59
msgstr ""
60
61
#: serverguide/C/windows-networking.xml:35(para)
62
msgid ""
63
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
64
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
65
"folders, volumes, and the sharing of printers throughout the network."
66
msgstr ""
67
68
#: serverguide/C/windows-networking.xml:41(para)
69
msgid ""
70
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
71
"information about the computers and users of the network with such "
72
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
73
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
74
msgstr ""
75
76
#: serverguide/C/windows-networking.xml:48(para)
77
msgid ""
78
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
79
"the identity of a computer or user of the network and determining the "
80
"information the computer or user is authorized to access using such "
81
"principles and technologies as file permissions, group policies, and the "
82
"Kerberos authentication service."
83
msgstr ""
84
85
#: serverguide/C/windows-networking.xml:56(para)
86
msgid ""
87
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
88
"clients and share network resources among them. One of the principal pieces "
89
"of software your Ubuntu system includes for Windows networking is the Samba "
90
"suite of SMB server applications and tools."
91
msgstr ""
92
93
#: serverguide/C/windows-networking.xml:62(para)
94
msgid ""
95
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
96
"of the common Samba use cases, and how to install and configure the "
97
"necessary packages. Additional detailed documentation and information on "
98
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
99
"website</ulink>."
100
msgstr ""
101
102
#: serverguide/C/windows-networking.xml:70(title)
103
msgid "Samba File Server"
104
msgstr "ខំព្យូរើ បំរើសេវា ឯកសារ Samba"
105
106
#: serverguide/C/windows-networking.xml:72(para)
107
msgid ""
108
"One of the most common ways to network Ubuntu and Windows computers is to "
109
"configure Samba as a File Server. This section covers setting up a "
110
"<application>Samba</application> server to share files with Windows clients."
111
msgstr ""
112
113
#: serverguide/C/windows-networking.xml:77(para)
114
msgid ""
115
"The server will be configured to share files with any client on the network "
116
"without prompting for a password. If your environment requires stricter "
117
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
118
msgstr ""
119
120
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:287(title) serverguide/C/windows-networking.xml:1302(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2014(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:233(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1581(title) serverguide/C/network-auth.xml:2092(title) serverguide/C/network-auth.xml:2483(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
121
msgid "Installation"
122
msgstr "ការតំលើង"
123
124
#: serverguide/C/windows-networking.xml:85(para)
125
msgid ""
126
"The first step is to install the <application>samba</application> package. "
127
"From a terminal prompt enter:"
128
msgstr ""
129
130
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:299(command)
131
msgid "sudo apt-get install samba"
132
msgstr "sudo apt-get install samba"
133
134
#: serverguide/C/windows-networking.xml:93(para)
135
msgid ""
136
"That's all there is to it; you are now ready to configure Samba to share "
137
"files."
138
msgstr ""
139
140
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:304(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/virtualization.xml:2088(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:258(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2131(title) serverguide/C/network-auth.xml:2504(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
141
msgid "Configuration"
142
msgstr "ការកំណត់ទំរង់"
143
144
#: serverguide/C/windows-networking.xml:101(para)
145
msgid ""
146
"The main Samba configuration file is located in "
147
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
148
"a significant amount of comments in order to document various configuration "
149
"directives."
150
msgstr ""
151
152
#: serverguide/C/windows-networking.xml:106(para)
153
msgid ""
154
"Not all the available options are included in the default configuration "
155
"file. See the <filename>smb.conf</filename><application>man</application> "
156
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
157
"Collection/\">Samba HOWTO Collection</ulink> for more details."
158
msgstr ""
159
160
#: serverguide/C/windows-networking.xml:116(para)
161
msgid ""
162
"First, edit the following key/value pairs in the "
163
"<emphasis>[global]</emphasis> section of "
164
"<filename>/etc/samba/smb.conf</filename>:"
165
msgstr ""
166
167
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:311(programlisting) serverguide/C/windows-networking.xml:776(programlisting) serverguide/C/windows-networking.xml:990(programlisting)
168
#, no-wrap
169
msgid ""
170
"\n"
171
" workgroup = EXAMPLE\n"
172
" ...\n"
173
" security = user\n"
174
msgstr ""
175
176
#: serverguide/C/windows-networking.xml:127(para)
177
msgid ""
178
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
179
"section, and is commented by default. Also, change "
180
"<emphasis>EXAMPLE</emphasis> to better match your environment."
181
msgstr ""
182
183
#: serverguide/C/windows-networking.xml:135(para)
184
msgid ""
185
"Create a new section at the bottom of the file, or uncomment one of the "
186
"examples, for the directory to be shared:"
187
msgstr ""
188
189
#: serverguide/C/windows-networking.xml:139(programlisting)
190
#, no-wrap
191
msgid ""
192
"\n"
193
"[share]\n"
194
" comment = Ubuntu File Server Share\n"
195
" path = /srv/samba/share\n"
196
" browsable = yes\n"
197
" guest ok = yes\n"
198
" read only = no\n"
199
" create mask = 0755\n"
200
msgstr ""
201
202
#: serverguide/C/windows-networking.xml:151(para)
203
msgid ""
204
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
205
"fit your needs."
206
msgstr ""
207
208
#: serverguide/C/windows-networking.xml:156(para)
209
msgid "<emphasis>path:</emphasis> the path to the directory to share."
210
msgstr ""
211
212
#: serverguide/C/windows-networking.xml:159(para)
213
msgid ""
214
"This example uses <filename>/srv/samba/sharename</filename> because, "
215
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
216
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
217
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
218
"specific data should be served. Technically Samba shares can be placed "
219
"anywhere on the filesystem as long as the permissions are correct, but "
220
"adhering to standards is recommended."
221
msgstr ""
222
223
#: serverguide/C/windows-networking.xml:168(para)
224
msgid ""
225
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
226
"directory using <application>Windows Explorer</application>."
227
msgstr ""
228
229
#: serverguide/C/windows-networking.xml:174(para)
230
msgid ""
231
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
232
"without supplying a password."
233
msgstr ""
234
235
#: serverguide/C/windows-networking.xml:179(para)
236
msgid ""
237
"<emphasis>read only:</emphasis> determines if the share is read only or if "
238
"write privileges are granted. Write privileges are allowed only when the "
239
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
240
"is <emphasis>yes</emphasis>, then access to the share is read only."
241
msgstr ""
242
243
#: serverguide/C/windows-networking.xml:184(para)
244
msgid ""
245
"<emphasis>create mask:</emphasis> determines the permissions new files will "
246
"have when created."
247
msgstr ""
248
249
#: serverguide/C/windows-networking.xml:193(para)
250
msgid ""
251
"Now that <application>Samba</application> is configured, the directory needs "
252
"to be created and the permissions changed. From a terminal enter:"
253
msgstr ""
254
255
#: serverguide/C/windows-networking.xml:199(command)
256
msgid "sudo mkdir -p /srv/samba/share"
257
msgstr "sudo mkdir -p /srv/samba/share"
258
259
#: serverguide/C/windows-networking.xml:200(command)
260
msgid "sudo chown nobody.nogroup /srv/samba/share/"
261
msgstr ""
262
263
#: serverguide/C/windows-networking.xml:204(para)
264
msgid ""
265
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
266
"directory tree if it doesn't exist. Change the share name to fit your "
267
"environment."
268
msgstr ""
269
270
#: serverguide/C/windows-networking.xml:213(para)
271
msgid ""
272
"Finally, restart the <application>samba</application> services to enable the "
273
"new configuration:"
274
msgstr ""
275
276
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:331(command) serverguide/C/windows-networking.xml:468(command) serverguide/C/windows-networking.xml:567(command) serverguide/C/windows-networking.xml:937(command) serverguide/C/windows-networking.xml:1047(command) serverguide/C/windows-networking.xml:1162(command) serverguide/C/network-auth.xml:1860(command)
277
msgid "sudo /etc/init.d/samba restart"
278
msgstr ""
279
280
#: serverguide/C/windows-networking.xml:225(para)
281
msgid ""
282
"Once again, the above configuration gives all access to any client on the "
283
"local network. For a more secure configuration see <xref linkend=\"samba-"
284
"fileprint-security\"/>."
285
msgstr ""
286
287
#: serverguide/C/windows-networking.xml:231(para)
288
msgid ""
289
"From a Windows client you should now be able to browse to the Ubuntu file "
290
"server and see the shared directory. To check that everything is working try "
291
"creating a directory from Windows."
292
msgstr ""
293
294
#: serverguide/C/windows-networking.xml:236(para)
295
msgid ""
296
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
297
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
298
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
299
"share actually exists and the permissions are correct."
300
msgstr ""
301
302
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:341(title) serverguide/C/windows-networking.xml:696(title) serverguide/C/windows-networking.xml:1066(title) serverguide/C/windows-networking.xml:1273(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:491(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1531(title) serverguide/C/network-auth.xml:1975(title) serverguide/C/network-auth.xml:2579(title) serverguide/C/network-auth.xml:3087(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
303
msgid "Resources"
304
msgstr "ធនធាន"
305
306
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:345(para) serverguide/C/windows-networking.xml:700(para) serverguide/C/windows-networking.xml:1070(para)
307
msgid ""
308
"For in depth Samba configurations see the <ulink "
309
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
310
"Collection</ulink>"
311
msgstr ""
312
313
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:706(para) serverguide/C/windows-networking.xml:1076(para)
314
msgid ""
315
"The guide is also available in <ulink "
316
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
317
"format</ulink>."
318
msgstr ""
319
320
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:357(para)
321
msgid ""
322
"O'Reilly's <ulink "
323
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
324
"another good reference."
325
msgstr ""
326
327
#: serverguide/C/windows-networking.xml:265(para) serverguide/C/windows-networking.xml:368(para) serverguide/C/windows-networking.xml:731(para) serverguide/C/windows-networking.xml:1100(para) serverguide/C/windows-networking.xml:1286(para)
328
msgid ""
329
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
330
"</ulink> page."
331
msgstr ""
332
333
#: serverguide/C/windows-networking.xml:274(title)
334
msgid "Samba Print Server"
335
msgstr "ខំព្យូរើបំរើសេវា បោះពុម្ភ Samba"
336
337
#: serverguide/C/windows-networking.xml:276(para)
338
msgid ""
339
"Another common use of Samba is to configure it to share printers installed, "
340
"either locally or over the network, on an Ubuntu server. Similar to <xref "
341
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
342
"any client on the local network to use the installed printers without "
343
"prompting for a username and password."
344
msgstr ""
345
346
#: serverguide/C/windows-networking.xml:282(para)
347
msgid ""
348
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
349
"security\"/>."
350
msgstr ""
351
352
#: serverguide/C/windows-networking.xml:289(para)
353
msgid ""
354
"Before installing and configuring Samba it is best to already have a working "
355
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
356
"for details."
357
msgstr ""
358
359
#: serverguide/C/windows-networking.xml:294(para)
360
msgid ""
361
"To install the <application>samba</application> package, from a terminal "
362
"enter:"
363
msgstr ""
364
365
#: serverguide/C/windows-networking.xml:305(para)
366
msgid ""
367
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
368
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
369
"network, and change <emphasis>security</emphasis> to <emphasis "
370
"role=\"italic\">share</emphasis>:"
371
msgstr ""
372
373
#: serverguide/C/windows-networking.xml:317(para)
374
msgid ""
375
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
376
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
377
msgstr ""
378
379
#: serverguide/C/windows-networking.xml:321(programlisting)
380
#, no-wrap
381
msgid ""
382
"\n"
383
" browsable = yes\n"
384
" guest ok = yes\n"
385
msgstr ""
386
387
#: serverguide/C/windows-networking.xml:326(para)
388
msgid "After editing <filename>smb.conf</filename> restart Samba:"
389
msgstr "ក្រោយកំណែប្រែ <filename>smb.conf</filename> ផ្តើមឡើងវិញ Samba:"
390
391
#: serverguide/C/windows-networking.xml:334(para)
392
msgid ""
393
"The default Samba configuration will automatically share any printers "
394
"installed. Simply install the printer locally on your Windows clients."
395
msgstr ""
396
397
#: serverguide/C/windows-networking.xml:363(para)
398
msgid ""
399
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
400
"more information on configuring CUPS."
401
msgstr ""
402
403
#: serverguide/C/windows-networking.xml:377(title)
404
msgid "Securing a Samba File and Print Server"
405
msgstr ""
406
407
#: serverguide/C/windows-networking.xml:380(title)
408
msgid "Samba Security Modes"
409
msgstr "បែបសុវត្ថភាព Samba"
410
411
#: serverguide/C/windows-networking.xml:382(para)
412
msgid ""
413
"There are two security levels available to the Common Internet Filesystem "
414
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
415
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
416
"allows more flexibility, providing four ways of implementing user-level "
417
"security and one way to implement share-level:"
418
msgstr ""
419
420
#: serverguide/C/windows-networking.xml:391(para)
421
msgid ""
422
"<emphasis>security = user:</emphasis> requires clients to supply a username "
423
"and password to connect to shares. Samba user accounts are separate from "
424
"system accounts, but the <application>libpam-smbpass</application> package "
425
"will sync system users and passwords with the Samba user database."
426
msgstr ""
427
428
#: serverguide/C/windows-networking.xml:398(para)
429
msgid ""
430
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
431
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
432
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
433
"linkend=\"samba-dc\"/> for further information."
434
msgstr ""
435
436
#: serverguide/C/windows-networking.xml:405(para)
437
msgid ""
438
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
439
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
440
"integration\"/> for details."
441
msgstr ""
442
443
#: serverguide/C/windows-networking.xml:411(para)
444
msgid ""
445
"<emphasis>security = server:</emphasis> this mode is left over from before "
446
"Samba could become a member server, and due to some security issues should "
447
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
448
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
449
"of the Samba guide for more details."
450
msgstr ""
451
452
#: serverguide/C/windows-networking.xml:419(para)
453
msgid ""
454
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
455
"without supplying a username and password."
456
msgstr ""
457
458
#: serverguide/C/windows-networking.xml:426(para)
459
msgid ""
460
"The security mode you choose will depend on your environment and what you "
461
"need the Samba server to accomplish."
462
msgstr ""
463
464
#: serverguide/C/windows-networking.xml:432(title)
465
msgid "Security = User"
466
msgstr "សុវត្ថភាព = អ្នកប្រើប្រាស់"
467
468
#: serverguide/C/windows-networking.xml:434(para)
469
msgid ""
470
"This section will reconfigure the Samba file and print server, from <xref "
471
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
472
"require authentication."
473
msgstr ""
474
475
#: serverguide/C/windows-networking.xml:439(para)
476
msgid ""
477
"First, install the <application>libpam-smbpass</application> package which "
478
"will sync the system users to the Samba user database:"
479
msgstr ""
480
481
#: serverguide/C/windows-networking.xml:445(command)
482
msgid "sudo apt-get install libpam-smbpass"
483
msgstr ""
484
485
#: serverguide/C/windows-networking.xml:449(para)
486
msgid ""
487
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
488
"<application>libpam-smbpass</application> is already installed."
489
msgstr ""
490
491
#: serverguide/C/windows-networking.xml:455(para)
492
msgid ""
493
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
494
"<emphasis>[share]</emphasis> section change:"
495
msgstr ""
496
"កែប្រែ <filename>/etc/samba/smb.conf</filename>, និង ក្នុងបំលាស់ប្តូរ ផ្នែក "
497
"<emphasis>[share]</emphasis> ៖"
498
499
#: serverguide/C/windows-networking.xml:459(programlisting)
500
#, no-wrap
501
msgid ""
502
"\n"
503
" guest ok = no\n"
504
msgstr ""
505
506
#: serverguide/C/windows-networking.xml:463(para)
507
msgid "Finally, restart Samba for the new settings to take effect:"
508
msgstr "ពេលបញ្ចប់, ផ្តើមឡើងវិញ Samba សំរាប់ការកំណត់ថ្មី ទទួលផល ៖"
509
510
#: serverguide/C/windows-networking.xml:471(para)
511
msgid ""
512
"Now when connecting to the shared directories or printers you should be "
513
"prompted for a username and password."
514
msgstr ""
515
516
#: serverguide/C/windows-networking.xml:476(para)
517
msgid ""
518
"If you choose to map a network drive to the share you can check the "
519
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
520
"enter the username and password once, at least until the password changes."
521
msgstr ""
522
523
#: serverguide/C/windows-networking.xml:484(title)
524
msgid "Share Security"
525
msgstr "ចែករំលែក សុវត្ថភាព"
526
527
#: serverguide/C/windows-networking.xml:486(para)
528
msgid ""
529
"There are several options available to increase the security for each "
530
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
531
"this section will cover some common options."
532
msgstr ""
533
534
#: serverguide/C/windows-networking.xml:492(title)
535
msgid "Groups"
536
msgstr "ក្រុម"
537
538
#: serverguide/C/windows-networking.xml:494(para)
539
msgid ""
540
"Groups define a collection of computers or users which have a common level "
541
"of access to particular network resources and offer a level of granularity "
542
"in controlling access to such resources. For example, if a group <emphasis "
543
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
544
"role=\"italic\">freda</emphasis>, <emphasis "
545
"role=\"italic\">danika</emphasis>, and <emphasis "
546
"role=\"italic\">rob</emphasis> and a second group <emphasis "
547
"role=\"italic\">support</emphasis> is defined and consists of users "
548
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
549
"role=\"italic\">jeremy</emphasis>, and <emphasis "
550
"role=\"italic\">vincent</emphasis> then certain network resources configured "
551
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
552
"subsequently enable access by freda, danika, and rob, but not jeremy or "
553
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
554
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
555
"role=\"italic\">support</emphasis> groups, she will be able to access "
556
"resources configured for access by both groups, whereas all other users will "
557
"have only access to resources explicitly allowing the group they are part of."
558
msgstr ""
559
560
#: serverguide/C/windows-networking.xml:508(para)
561
msgid ""
562
"By default Samba looks for the local system groups defined in "
563
"<filename>/etc/group</filename> to determine which users belong to which "
564
"groups. For more information on adding and removing users from groups see "
565
"<xref linkend=\"adding-deleting-users\"/>."
566
msgstr ""
567
568
#: serverguide/C/windows-networking.xml:514(para)
569
msgid ""
570
"When defining groups in the Samba configuration file, "
571
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
572
"preface the group name with an \"@\" symbol. For example, if you wished to "
573
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
574
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
575
"do so by entering the group name as <emphasis "
576
"role=\"bold\">@sysadmin</emphasis>."
577
msgstr ""
578
579
#: serverguide/C/windows-networking.xml:523(title)
580
msgid "File Permissions"
581
msgstr "ការអនុញ្ញាត ឯកសារ"
582
583
#: serverguide/C/windows-networking.xml:525(para)
584
msgid ""
585
"File Permissions define the explicit rights a computer or user has to a "
586
"particular directory, file, or set of files. Such permissions may be defined "
587
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
588
"the explicit permissions of a defined file share."
589
msgstr ""
590
591
#: serverguide/C/windows-networking.xml:531(para)
592
msgid ""
593
"For example, if you have defined a Samba share called "
594
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
595
"only</emphasis> permissions to the group of users known as <emphasis "
596
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
597
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
598
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
599
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
600
"under the <emphasis>[share]</emphasis> entry:"
601
msgstr ""
602
603
#: serverguide/C/windows-networking.xml:540(programlisting)
604
#, no-wrap
605
msgid ""
606
"\n"
607
" read list = @qa\n"
608
" write list = @sysadmin, vincent\n"
609
msgstr ""
610
611
#: serverguide/C/windows-networking.xml:545(para)
612
msgid ""
613
"Another possible Samba permission is to declare "
614
"<emphasis>administrative</emphasis> permissions to a particular shared "
615
"resource. Users having administrative permissions may read, write, or modify "
616
"any information contained in the resource the user has been given explicit "
617
"administrative permissions to."
618
msgstr ""
619
620
#: serverguide/C/windows-networking.xml:551(para)
621
msgid ""
622
"For example, if you wanted to give the user <emphasis "
623
"role=\"italic\">melissa</emphasis> administrative permissions to the "
624
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
625
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
626
"under the <emphasis>[share]</emphasis> entry:"
627
msgstr ""
628
629
#: serverguide/C/windows-networking.xml:558(programlisting)
630
#, no-wrap
631
msgid ""
632
"\n"
633
" admin users = melissa\n"
634
msgstr ""
635
636
#: serverguide/C/windows-networking.xml:562(para)
637
msgid ""
638
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
639
"the changes to take effect:"
640
msgstr ""
641
"ក្រោយកំណែប្រែ <filename>/etc/samba/smb.conf</filename>, ផ្តើមឡើងវិញ Samba "
642
"សំរាប់បំលាស់ប្តូរថ្មី ទទួលផល ៖"
643
644
#: serverguide/C/windows-networking.xml:571(para)
645
msgid ""
646
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
647
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
648
"<emphasis role=\"italic\">security = share</emphasis>"
649
msgstr ""
650
651
#: serverguide/C/windows-networking.xml:577(para)
652
msgid ""
653
"Now that Samba has been configured to limit which groups have access to the "
654
"shared directory, the filesystem permissions need to be updated."
655
msgstr ""
656
657
#: serverguide/C/windows-networking.xml:582(para)
658
msgid ""
659
"Traditional Linux file permissions do not map well to Windows NT Access "
660
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
661
"providing more fine grained control. For example, to enable ACLs on "
662
"<filename>/srv</filename> an EXT3 filesystem, edit "
663
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
664
msgstr ""
665
666
#: serverguide/C/windows-networking.xml:589(programlisting)
667
#, no-wrap
668
msgid ""
669
"\n"
670
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
671
"0 1\n"
672
msgstr ""
673
674
#: serverguide/C/windows-networking.xml:593(para)
675
msgid "Then remount the partition:"
676
msgstr ""
677
678
#: serverguide/C/windows-networking.xml:598(command)
679
msgid "sudo mount -v -o remount /srv"
680
msgstr ""
681
682
#: serverguide/C/windows-networking.xml:602(para)
683
msgid ""
684
"The above example assumes <filename>/srv</filename> on a separate partition. "
685
"If <filename>/srv</filename>, or wherever you have configured your share "
686
"path, is part of the <filename>/</filename> partition a reboot may be "
687
"required."
688
msgstr ""
689
690
#: serverguide/C/windows-networking.xml:609(para)
691
msgid ""
692
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
693
"group will be given read, write, and execute permissions to "
694
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
695
"will be given read and execute permissions, and the files will be owned by "
696
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
697
msgstr ""
698
699
#: serverguide/C/windows-networking.xml:617(command)
700
msgid "sudo chown -R melissa /srv/samba/share/"
701
msgstr ""
702
703
#: serverguide/C/windows-networking.xml:618(command)
704
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
705
msgstr ""
706
707
#: serverguide/C/windows-networking.xml:619(command)
708
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
709
msgstr ""
710
711
#: serverguide/C/windows-networking.xml:623(para)
712
msgid ""
713
"The <application>setfacl</application> command above gives "
714
"<emphasis>execute</emphasis> permissions to all files in the "
715
"<filename>/srv/samba/share</filename> directory, which you may or may not "
716
"want."
717
msgstr ""
718
719
#: serverguide/C/windows-networking.xml:629(para)
720
msgid ""
721
"Now from a Windows client you should notice the new file permissions are "
722
"implemented. See the <application>acl</application> and "
723
"<application>setfacl</application> man pages for more information on POSIX "
724
"ACLs."
725
msgstr ""
726
727
#: serverguide/C/windows-networking.xml:637(title)
728
msgid "Samba AppArmor Profile"
729
msgstr ""
730
731
#: serverguide/C/windows-networking.xml:639(para)
732
msgid ""
733
"Ubuntu comes with the <application>AppArmor</application> security module, "
734
"which provides mandatory access controls. The default AppArmor profile for "
735
"Samba will need to be adapted to your configuration. For more details on "
736
"using AppArmor see <xref linkend=\"apparmor\"/>."
737
msgstr ""
738
739
#: serverguide/C/windows-networking.xml:645(para)
740
msgid ""
741
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
742
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
743
"of the <application>apparmor-profiles</application> packages. To install the "
744
"package, from a terminal prompt enter:"
745
msgstr ""
746
747
#: serverguide/C/windows-networking.xml:652(command) serverguide/C/security.xml:925(command)
748
msgid "sudo apt-get install apparmor-profiles"
749
msgstr ""
750
751
#: serverguide/C/windows-networking.xml:656(para)
752
msgid "This package contains profiles for several other binaries."
753
msgstr ""
754
755
#: serverguide/C/windows-networking.xml:661(para)
756
msgid ""
757
"By default the profiles for <application>smbd</application> and "
758
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
759
"allowing Samba to work without modifying the profile, and only logging "
760
"errors. To place the <application>smbd</application> profile into "
761
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
762
"profile will need to be modified to reflect any directories that are shared."
763
msgstr ""
764
765
#: serverguide/C/windows-networking.xml:668(para)
766
msgid ""
767
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
768
"for <emphasis>[share]</emphasis> from the file server example:"
769
msgstr ""
770
771
#: serverguide/C/windows-networking.xml:673(programlisting)
772
#, no-wrap
773
msgid ""
774
"\n"
775
" /srv/samba/share/ r,\n"
776
" /srv/samba/share/** rwkix,\n"
777
msgstr ""
778
779
#: serverguide/C/windows-networking.xml:678(para)
780
msgid ""
781
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
782
msgstr ""
783
784
#: serverguide/C/windows-networking.xml:683(command)
785
msgid "sudo aa-enforce /usr/sbin/smbd"
786
msgstr ""
787
788
#: serverguide/C/windows-networking.xml:684(command)
789
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
790
msgstr ""
791
792
#: serverguide/C/windows-networking.xml:687(para)
793
msgid ""
794
"You should now be able to read, write, and execute files in the shared "
795
"directory as normal, and the <application>smbd</application> binary will "
796
"have access to only the configured files and directories. Be sure to add "
797
"entries for each directory you configure Samba to share. Also, any errors "
798
"will be logged to <filename>/var/log/syslog</filename>."
799
msgstr ""
800
801
#: serverguide/C/windows-networking.xml:712(para) serverguide/C/windows-networking.xml:1082(para)
802
msgid ""
803
"O'Reilly's <ulink "
804
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
805
"also a good reference."
806
msgstr ""
807
808
#: serverguide/C/windows-networking.xml:718(para)
809
msgid ""
810
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
811
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
812
"security."
813
msgstr ""
814
815
#: serverguide/C/windows-networking.xml:724(para)
816
msgid ""
817
"For more information on Samba and ACLs see the <ulink "
818
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
819
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
820
msgstr ""
821
822
#: serverguide/C/windows-networking.xml:740(title)
823
msgid "Samba as a Domain Controller"
824
msgstr ""
825
826
#: serverguide/C/windows-networking.xml:742(para)
827
msgid ""
828
"Although it cannot act as an Active Directory Primary Domain Controller "
829
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
830
"domain controller. A major advantage of this configuration is the ability to "
831
"centralize user and machine credentials. Samba can also use multiple "
832
"backends to store the user information."
833
msgstr ""
834
835
#: serverguide/C/windows-networking.xml:749(title)
836
msgid "Primary Domain Controller"
837
msgstr "ឧបករត្រួតពិនិត្យ ឈ្មោះកម្មសិទ្ធិបថម"
838
839
#: serverguide/C/windows-networking.xml:751(para)
840
msgid ""
841
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
842
"using the default smbpasswd backend."
843
msgstr ""
844
845
#: serverguide/C/windows-networking.xml:758(para)
846
msgid ""
847
"First, install Samba, and <application>libpam-smbpass</application> to sync "
848
"the user accounts, by entering the following in a terminal prompt:"
849
msgstr ""
850
851
#: serverguide/C/windows-networking.xml:764(command) serverguide/C/windows-networking.xml:980(command)
852
msgid "sudo apt-get install samba libpam-smbpass"
853
msgstr ""
854
855
#: serverguide/C/windows-networking.xml:770(para)
856
msgid ""
857
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
858
"The <emphasis>security</emphasis> mode should be set to <emphasis "
859
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
860
"should relate to your organization:"
861
msgstr ""
862
863
#: serverguide/C/windows-networking.xml:785(para)
864
msgid ""
865
"In the commented <quote>Domains</quote> section add or uncomment the "
866
"following:"
867
msgstr ""
868
869
#: serverguide/C/windows-networking.xml:789(programlisting)
870
#, no-wrap
871
msgid ""
872
"\n"
873
" domain logons = yes\n"
874
" logon path = \\\\%N\\%U\\profile\n"
875
" logon drive = H:\n"
876
" logon home = \\\\%N\\%U\n"
877
" logon script = logon.cmd\n"
878
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
879
"/var/lib/samba -s /bin/false %u\n"
880
msgstr ""
881
882
#: serverguide/C/windows-networking.xml:800(para)
883
msgid ""
884
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
885
"Samba to act as a domain controller."
886
msgstr ""
887
888
#: serverguide/C/windows-networking.xml:805(para)
889
msgid ""
890
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
891
"their home directory. It is also possible to configure a "
892
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
893
"directory."
894
msgstr ""
895
896
#: serverguide/C/windows-networking.xml:811(para)
897
msgid ""
898
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
899
msgstr ""
900
901
#: serverguide/C/windows-networking.xml:816(para)
902
msgid ""
903
"<emphasis>logon home:</emphasis> specifies the home directory location."
904
msgstr ""
905
906
#: serverguide/C/windows-networking.xml:821(para)
907
msgid ""
908
"<emphasis>logon script:</emphasis> determines the script to be run locally "
909
"once a user has logged in. The script needs to be placed in the "
910
"<emphasis>[netlogon]</emphasis> share."
911
msgstr ""
912
913
#: serverguide/C/windows-networking.xml:827(para)
914
msgid ""
915
"<emphasis>add machine script:</emphasis> a script that will automatically "
916
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
917
"workstation to join the domain."
918
msgstr ""
919
920
#: serverguide/C/windows-networking.xml:831(para)
921
msgid ""
922
"In this example the <emphasis>machines</emphasis> group will need to be "
923
"created using the <application>addgroup</application> utility see <xref "
924
"linkend=\"adding-deleting-users\"/> for details."
925
msgstr ""
926
927
#: serverguide/C/windows-networking.xml:839(para)
928
msgid ""
929
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
930
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
931
"commented."
932
msgstr ""
933
934
#: serverguide/C/windows-networking.xml:848(para)
935
msgid ""
936
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
937
"role=\"italic\">logon home</emphasis> to be mapped:"
938
msgstr ""
939
940
#: serverguide/C/windows-networking.xml:853(programlisting)
941
#, no-wrap
942
msgid ""
943
"\n"
944
"[homes]\n"
945
" comment = Home Directories\n"
946
" browseable = no\n"
947
" read only = no\n"
948
" create mask = 0700\n"
949
" directory mask = 0700\n"
950
" valid users = %S\n"
951
msgstr ""
952
953
#: serverguide/C/windows-networking.xml:866(para)
954
msgid ""
955
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
956
"share needs to be configured. To enable the share, uncomment:"
957
msgstr ""
958
959
#: serverguide/C/windows-networking.xml:871(programlisting)
960
#, no-wrap
961
msgid ""
962
"\n"
963
"[netlogon]\n"
964
" comment = Network Logon Service\n"
965
" path = /srv/samba/netlogon\n"
966
" guest ok = yes\n"
967
" read only = yes\n"
968
" share modes = no\n"
969
msgstr ""
970
971
#: serverguide/C/windows-networking.xml:881(para)
972
msgid ""
973
"The original <emphasis>netlogon</emphasis> share path is "
974
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
975
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
976
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
977
"location for site-specific data provided by the system."
978
msgstr ""
979
980
#: serverguide/C/windows-networking.xml:892(para)
981
msgid ""
982
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
983
"and an empty (for now) <filename>logon.cmd</filename> script file:"
984
msgstr ""
985
986
#: serverguide/C/windows-networking.xml:898(command)
987
msgid "sudo mkdir -p /srv/samba/netlogon"
988
msgstr ""
989
990
#: serverguide/C/windows-networking.xml:899(command)
991
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
992
msgstr ""
993
994
#: serverguide/C/windows-networking.xml:902(para)
995
msgid ""
996
"You can enter any normal Windows logon script commands in "
997
"<filename>logon.cmd</filename> to customize the client's environment."
998
msgstr ""
999
1000
#: serverguide/C/windows-networking.xml:910(para)
1001
msgid ""
1002
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1003
"workstation to the domain, a system group needs to be mapped to the Windows "
1004
"<emphasis>Domain Admins</emphasis> group. Using the "
1005
"<application>net</application> utility, from a terminal enter:"
1006
msgstr ""
1007
1008
#: serverguide/C/windows-networking.xml:917(command)
1009
msgid ""
1010
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1011
"type=d"
1012
msgstr ""
1013
1014
#: serverguide/C/windows-networking.xml:921(para)
1015
msgid ""
1016
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1017
"prefer. Also, the user used to join the domain needs to be a member of the "
1018
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1019
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1020
"allows <application>sudo</application> use."
1021
msgstr ""
1022
1023
#: serverguide/C/windows-networking.xml:932(para)
1024
msgid "Finally, restart Samba to enable the new domain controller:"
1025
msgstr ""
1026
"ទីបញ្ចប់, ផ្តើមឡើងវិញ Samba សំរាប់អនុញ្ញាត ឧបករត្រួតពិនិត្យ "
1027
"ឈ្មោះកម្មសិទ្ធិថ្មី ៖"
1028
1029
#: serverguide/C/windows-networking.xml:943(para)
1030
msgid ""
1031
"You should now be able to join Windows clients to the Domain in the same "
1032
"manner as joining them to an NT4 domain running on a Windows server."
1033
msgstr ""
1034
1035
#: serverguide/C/windows-networking.xml:953(title)
1036
msgid "Backup Domain Controller"
1037
msgstr "បង្កើតច្បាប់ចំលង ឧបករត្រួតពិនិត្យ ឈ្មោះកម្មសិទ្ធិ"
1038
1039
#: serverguide/C/windows-networking.xml:955(para)
1040
msgid ""
1041
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1042
"Backup Domain Controller (BDC) as well. This will allow clients to "
1043
"authenticate in case the PDC becomes unavailable."
1044
msgstr ""
1045
1046
#: serverguide/C/windows-networking.xml:960(para)
1047
msgid ""
1048
"When configuring Samba as a BDC you need a way to sync account information "
1049
"with the PDC. There are multiple ways of accomplishing this "
1050
"<application>scp</application>, <application>rsync</application>, or by "
1051
"using <application>LDAP</application> as the <emphasis>passdb "
1052
"backend</emphasis>."
1053
msgstr ""
1054
1055
#: serverguide/C/windows-networking.xml:966(para)
1056
msgid ""
1057
"Using LDAP is the most robust way to sync account information, because both "
1058
"domain controllers can use the same information in real time. However, "
1059
"setting up a LDAP server may be overly complicated for a small number of "
1060
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1061
msgstr ""
1062
1063
#: serverguide/C/windows-networking.xml:975(para)
1064
msgid ""
1065
"First, install <application>samba</application> and <application>libpam-"
1066
"smbpass</application>. From a terminal enter:"
1067
msgstr ""
1068
1069
#: serverguide/C/windows-networking.xml:986(para)
1070
msgid ""
1071
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1072
"following in the <emphasis>[global]</emphasis>:"
1073
msgstr ""
1074
1075
#: serverguide/C/windows-networking.xml:999(para)
1076
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1077
msgstr ""
1078
1079
#: serverguide/C/windows-networking.xml:1003(programlisting)
1080
#, no-wrap
1081
msgid ""
1082
"\n"
1083
" domain logons = yes\n"
1084
" domain master = no\n"
1085
msgstr ""
1086
1087
#: serverguide/C/windows-networking.xml:1011(para)
1088
msgid ""
1089
"Make sure a user has rights to read the files in "
1090
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1091
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1092
"files, enter:"
1093
msgstr ""
1094
1095
#: serverguide/C/windows-networking.xml:1017(command)
1096
msgid "sudo chgrp -R admin /var/lib/samba"
1097
msgstr ""
1098
1099
#: serverguide/C/windows-networking.xml:1023(para)
1100
msgid ""
1101
"Next, sync the user accounts, using <application>scp</application> to copy "
1102
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1103
msgstr ""
1104
1105
#: serverguide/C/windows-networking.xml:1029(command)
1106
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1107
msgstr ""
1108
1109
#: serverguide/C/windows-networking.xml:1033(para)
1110
msgid ""
1111
"Replace <emphasis>username</emphasis> with a valid username and "
1112
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1113
msgstr ""
1114
1115
#: serverguide/C/windows-networking.xml:1042(para)
1116
msgid "Finally, restart <application>samba</application>:"
1117
msgstr "ពេលបញ្ចប់, ផ្តើមឡើងវិញ <application>samba</application>:"
1118
1119
#: serverguide/C/windows-networking.xml:1053(para)
1120
msgid ""
1121
"You can test that your Backup Domain controller is working by stopping the "
1122
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1123
"the domain."
1124
msgstr ""
1125
1126
#: serverguide/C/windows-networking.xml:1058(para)
1127
msgid ""
1128
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1129
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1130
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1131
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1132
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1133
msgstr ""
1134
1135
#: serverguide/C/windows-networking.xml:1088(para)
1136
msgid ""
1137
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1138
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1139
"up a Primary Domain Controller."
1140
msgstr ""
1141
1142
#: serverguide/C/windows-networking.xml:1094(para)
1143
msgid ""
1144
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1145
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1146
"explains setting up a Backup Domain Controller."
1147
msgstr ""
1148
1149
#: serverguide/C/windows-networking.xml:1109(title)
1150
msgid "Samba Active Directory Integration"
1151
msgstr ""
1152
1153
#: serverguide/C/windows-networking.xml:1112(title)
1154
msgid "Accessing a Samba Share"
1155
msgstr ""
1156
1157
#: serverguide/C/windows-networking.xml:1114(para)
1158
msgid ""
1159
"Another, use for Samba is to integrate into an existing Windows network. "
1160
"Once part of an Active Directory domain, Samba can provide file and print "
1161
"services to AD users."
1162
msgstr ""
1163
1164
#: serverguide/C/windows-networking.xml:1119(para)
1165
msgid ""
1166
"The simplest way to join an AD domain is to use <application>Likewise-"
1167
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1168
"open\"/>."
1169
msgstr ""
1170
1171
#: serverguide/C/windows-networking.xml:1124(para)
1172
msgid ""
1173
"Once part of the domain, enter the following command in the terminal prompt:"
1174
msgstr ""
1175
1176
#: serverguide/C/windows-networking.xml:1129(command)
1177
msgid "sudo apt-get install samba smbfs smbclient"
1178
msgstr ""
1179
1180
#: serverguide/C/windows-networking.xml:1132(para)
1181
msgid ""
1182
"Since the <application>likewise-open</application> and "
1183
"<application>samba</application> packages use separate "
1184
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1185
"<filename role=\"directory\">/var/lib/samba</filename>:"
1186
msgstr ""
1187
1188
#: serverguide/C/windows-networking.xml:1138(command)
1189
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1190
msgstr ""
1191
1192
#: serverguide/C/windows-networking.xml:1139(command)
1193
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1194
msgstr ""
1195
1196
#: serverguide/C/windows-networking.xml:1142(para)
1197
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1198
msgstr ""
1199
1200
#: serverguide/C/windows-networking.xml:1146(programlisting)
1201
#, no-wrap
1202
msgid ""
1203
"\n"
1204
" workgroup = EXAMPLE\n"
1205
" ...\n"
1206
" security = ads\n"
1207
" realm = EXAMPLE.COM\n"
1208
" ...\n"
1209
" idmap backend = lwopen\n"
1210
" idmap uid = 50-9999999999\n"
1211
" idmap gid = 50-9999999999\n"
1212
msgstr ""
1213
1214
#: serverguide/C/windows-networking.xml:1157(para)
1215
msgid ""
1216
"Restart <application>samba</application> for the new settings to take effect:"
1217
msgstr ""
1218
"ផ្តើមឡើងវិញ <application>samba</application> សំរាប់ការកំណត់ថ្មី ទទួលផល ៖"
1219
1220
#: serverguide/C/windows-networking.xml:1165(para)
1221
msgid ""
1222
"You should now be able to access any <application>Samba</application> shares "
1223
"from a Windows client. However, be sure to give the appropriate AD users or "
1224
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1225
"security\"/> for more details."
1226
msgstr ""
1227
1228
#: serverguide/C/windows-networking.xml:1173(title)
1229
msgid "Accessing a Windows Share"
1230
msgstr ""
1231
1232
#: serverguide/C/windows-networking.xml:1175(para)
1233
msgid ""
1234
"Now that the Samba server is part of the Active Directory domain you can "
1235
"access any Windows server shares:"
1236
msgstr ""
1237
1238
#: serverguide/C/windows-networking.xml:1182(para)
1239
msgid ""
1240
"To mount a Windows file share enter the following in a terminal prompt:"
1241
msgstr ""
1242
1243
#: serverguide/C/windows-networking.xml:1186(command)
1244
msgid "mount.cifs //fs01.example.com/share mount_point"
1245
msgstr ""
1246
1247
#: serverguide/C/windows-networking.xml:1189(para)
1248
msgid ""
1249
"It is also possible to access shares on computers not part of an AD domain, "
1250
"but a username and password will need to be provided."
1251
msgstr ""
1252
1253
#: serverguide/C/windows-networking.xml:1197(para)
1254
msgid ""
1255
"To mount the share during boot place an entry in "
1256
"<filename>/etc/fstab</filename>, for example:"
1257
msgstr ""
1258
1259
#: serverguide/C/windows-networking.xml:1201(programlisting)
1260
#, no-wrap
1261
msgid ""
1262
"\n"
1263
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1264
"0 0\n"
1265
msgstr ""
1266
1267
#: serverguide/C/windows-networking.xml:1208(para)
1268
msgid ""
1269
"Another way to copy files from a Windows server is to use the "
1270
"<application>smbclient</application> utility. To list the files in a Windows "
1271
"share:"
1272
msgstr ""
1273
1274
#: serverguide/C/windows-networking.xml:1214(command)
1275
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1276
msgstr ""
1277
1278
#: serverguide/C/windows-networking.xml:1220(para)
1279
msgid "To copy a file from the share, enter:"
1280
msgstr "ដើម្បីចំលង មួយឯកសារ ពីការចែករំលែក, បញ្ចូល ៖"
1281
1282
#: serverguide/C/windows-networking.xml:1225(command)
1283
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1284
msgstr ""
1285
1286
#: serverguide/C/windows-networking.xml:1228(para)
1287
msgid ""
1288
"This will copy the <filename>file.txt</filename> into the current directory."
1289
msgstr ""
1290
1291
#: serverguide/C/windows-networking.xml:1235(para)
1292
msgid "And to copy a file to the share:"
1293
msgstr "និង ដើម្បីចំលង មួយឯកសារ ទៅការចែករំលែក ៖"
1294
1295
#: serverguide/C/windows-networking.xml:1240(command)
1296
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1297
msgstr ""
1298
1299
#: serverguide/C/windows-networking.xml:1243(para)
1300
msgid ""
1301
"This will copy the <filename>/etc/hosts</filename> to "
1302
"<filename>//fs01.example.com/share/hosts</filename>."
1303
msgstr ""
1304
1305
#: serverguide/C/windows-networking.xml:1250(para)
1306
msgid ""
1307
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1308
"<application>smbclient</application> command all at once. This is useful for "
1309
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1310
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1311
"and directory commands, simply execute:"
1312
msgstr ""
1313
1314
#: serverguide/C/windows-networking.xml:1257(command)
1315
msgid "smbclient //fs01.example.com/share -k"
1316
msgstr ""
1317
1318
#: serverguide/C/windows-networking.xml:1264(para)
1319
msgid ""
1320
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1321
"<emphasis>//192.168.0.5/share</emphasis>, "
1322
"<emphasis>username=steve,password=secret</emphasis>, and "
1323
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1324
"file name, and an actual username and password with rights to the share."
1325
msgstr ""
1326
1327
#: serverguide/C/windows-networking.xml:1275(para)
1328
msgid ""
1329
"For more <application>smbclient</application> options see the man page: "
1330
"<command>man smbclient</command>, also available <ulink "
1331
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
1332
"line</ulink>."
1333
msgstr ""
1334
1335
#: serverguide/C/windows-networking.xml:1280(para)
1336
msgid ""
1337
"The <application>mount.cifs</application><ulink "
1338
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
1339
"an page</ulink> is also useful for more detailed information."
1340
msgstr ""
1341
1342
#: serverguide/C/windows-networking.xml:1293(title)
1343
msgid "Likewise Open"
1344
msgstr ""
1345
1346
#: serverguide/C/windows-networking.xml:1295(para)
1347
msgid ""
1348
"<application>Likewise Open</application> simplifies the necessary "
1349
"configuration needed to authenticate a Linux machine to an Active Directory "
1350
"domain. Based on <application>winbind</application>, the "
1351
"<application>likewise-open</application> package takes the pain out of "
1352
"integrating Ubuntu authentication into an existing Windows network."
1353
msgstr ""
1354
1355
#: serverguide/C/windows-networking.xml:1304(para)
1356
msgid ""
1357
"There are two ways to use Likewise Open, <application>likewise-"
1358
"open</application> the command line utility and <application>likewise-open-"
1359
"gui</application>. This section focuses on the command line utility."
1360
msgstr ""
1361
1362
#: serverguide/C/windows-networking.xml:1309(para)
1363
msgid ""
1364
"To install the <application>likewise-open</application> package, open a "
1365
"terminal prompt and enter:"
1366
msgstr ""
1367
1368
#: serverguide/C/windows-networking.xml:1314(command)
1369
msgid "sudo apt-get install likewise-open"
1370
msgstr ""
1371
1372
#: serverguide/C/windows-networking.xml:1319(title)
1373
msgid "Joining a Domain"
1374
msgstr ""
1375
1376
#: serverguide/C/windows-networking.xml:1321(para)
1377
msgid ""
1378
"The main executable file of the <application>likewise-open</application> "
1379
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1380
"join your computer to the domain. Before you join a domain you will need to "
1381
"make sure you have:"
1382
msgstr ""
1383
1384
#: serverguide/C/windows-networking.xml:1329(para)
1385
msgid ""
1386
"Access to an Active Directory user with appropriate rights to join the "
1387
"domain."
1388
msgstr ""
1389
1390
#: serverguide/C/windows-networking.xml:1334(para)
1391
msgid ""
1392
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1393
"you want to join. If your AD domain does not match a valid domain such as "
1394
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1395
"the form of <emphasis>domainname.local</emphasis>."
1396
msgstr ""
1397
1398
#: serverguide/C/windows-networking.xml:1341(para)
1399
msgid ""
1400
"DNS for the domain setup properly. In a production AD environment this "
1401
"should be the case. Proper Microsoft DNS is needed so that client "
1402
"workstations can determine the Active Directory domain is available."
1403
msgstr ""
1404
1405
#: serverguide/C/windows-networking.xml:1345(para)
1406
msgid ""
1407
"If you don't have a Windows DNS server on your network, see <xref "
1408
"linkend=\"likewise-open-ms-dns\"/> for details."
1409
msgstr ""
1410
1411
#: serverguide/C/windows-networking.xml:1352(para)
1412
msgid "To join a domain, from a terminal prompt enter:"
1413
msgstr ""
1414
1415
#: serverguide/C/windows-networking.xml:1357(command)
1416
msgid "sudo domainjoin-cli join example.com Administrator"
1417
msgstr ""
1418
1419
#: serverguide/C/windows-networking.xml:1361(para)
1420
msgid ""
1421
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1422
"<emphasis>Administrator</emphasis> with the appropriate user name."
1423
msgstr ""
1424
1425
#: serverguide/C/windows-networking.xml:1367(para)
1426
msgid ""
1427
"You will then be prompted for the user's password. If all goes well a "
1428
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1429
msgstr ""
1430
1431
#: serverguide/C/windows-networking.xml:1373(para)
1432
msgid ""
1433
"After joining the domain, it is necessary to reboot before attempting to "
1434
"authenticate against the domain."
1435
msgstr ""
1436
1437
#: serverguide/C/windows-networking.xml:1379(para)
1438
msgid ""
1439
"After successfully joining an Ubuntu machine to an Active Directory domain "
1440
"you can authenticate using any valid AD user. To login you will need to "
1441
"enter the user name as 'domain\\username'. For example to ssh to a server "
1442
"joined to the domain enter:"
1443
msgstr ""
1444
1445
#: serverguide/C/windows-networking.xml:1386(command)
1446
msgid "ssh 'example\\steve'@hostname"
1447
msgstr ""
1448
1449
#: serverguide/C/windows-networking.xml:1390(para)
1450
msgid ""
1451
"If configuring a Desktop the user name will need to be prefixed with "
1452
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1453
msgstr ""
1454
1455
#: serverguide/C/windows-networking.xml:1396(para)
1456
msgid ""
1457
"To make likewise-open use a default domain, you can add the following "
1458
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1459
msgstr ""
1460
1461
#: serverguide/C/windows-networking.xml:1400(programlisting)
1462
#, no-wrap
1463
msgid ""
1464
"\n"
1465
"winbind use default domain = yes\n"
1466
msgstr ""
1467
1468
#: serverguide/C/windows-networking.xml:1404(para)
1469
msgid "Then restart the <application>likewise-open</application> daemons:"
1470
msgstr ""
1471
1472
#: serverguide/C/windows-networking.xml:1409(command)
1473
msgid "sudo /etc/init.d/likewise-open restart"
1474
msgstr ""
1475
1476
#: serverguide/C/windows-networking.xml:1413(para)
1477
msgid ""
1478
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1479
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1480
"using only their username."
1481
msgstr ""
1482
1483
#: serverguide/C/windows-networking.xml:1419(para)
1484
msgid ""
1485
"The <application>domainjoin-cli</application> utility can also be used to "
1486
"leave the domain. From a terminal:"
1487
msgstr ""
1488
1489
#: serverguide/C/windows-networking.xml:1424(command)
1490
msgid "sudo domainjoin-cli leave"
1491
msgstr ""
1492
1493
#: serverguide/C/windows-networking.xml:1429(title) serverguide/C/security.xml:1777(title)
1494
msgid "Other Utilities"
1495
msgstr ""
1496
1497
#: serverguide/C/windows-networking.xml:1431(para)
1498
msgid ""
1499
"The <application>likewise-open</application> package comes with a few other "
1500
"utilities that may be useful for gathering information about the Active "
1501
"Directory environment. These utilities are used to join the machine to the "
1502
"domain, and are the same as those available in the <application>samba-"
1503
"common</application> and <application>winbind</application> packages:"
1504
msgstr ""
1505
1506
#: serverguide/C/windows-networking.xml:1440(para)
1507
msgid ""
1508
"<application>lwinet</application>: Returns information about the network and "
1509
"the domain."
1510
msgstr ""
1511
1512
#: serverguide/C/windows-networking.xml:1445(para)
1513
msgid ""
1514
"<application>lwimsg</application>: Allows interaction with the "
1515
"<application>likewise-winbindd</application> daemon."
1516
msgstr ""
1517
1518
#: serverguide/C/windows-networking.xml:1450(para)
1519
msgid ""
1520
"<application>lwiinfo</application>: Displays information about various parts "
1521
"of the Domain."
1522
msgstr ""
1523
1524
#: serverguide/C/windows-networking.xml:1456(para)
1525
msgid "Please refer to each utility's man page specific for details."
1526
msgstr ""
1527
1528
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1529
msgid "Troubleshooting"
1530
msgstr ""
1531
1532
#: serverguide/C/windows-networking.xml:1466(para)
1533
msgid ""
1534
"If the client has trouble joining the domain, double check that the "
1535
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1536
"example:"
1537
msgstr ""
1538
1539
#: serverguide/C/windows-networking.xml:1471(programlisting)
1540
#, no-wrap
1541
msgid ""
1542
"\n"
1543
"nameserver 192.168.0.1\n"
1544
msgstr ""
1545
1546
#: serverguide/C/windows-networking.xml:1476(para)
1547
msgid ""
1548
"For more information when joining a domain, use the <emphasis>--loglevel "
1549
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1550
"<application>domainjoin-cli</application> utility:"
1551
msgstr ""
1552
1553
#: serverguide/C/windows-networking.xml:1482(command)
1554
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1555
msgstr ""
1556
1557
#: serverguide/C/windows-networking.xml:1486(para)
1558
msgid ""
1559
"If an Active Directory user has trouble logging in, check the "
1560
"<filename>/var/log/auth.log</filename> for details."
1561
msgstr ""
1562
1563
#: serverguide/C/windows-networking.xml:1491(para)
1564
msgid ""
1565
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1566
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1567
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1568
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1569
"<emphasis>hosts</emphasis> option. For example:"
1570
msgstr ""
1571
1572
#: serverguide/C/windows-networking.xml:1497(programlisting)
1573
#, no-wrap
1574
msgid ""
1575
"\n"
1576
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1577
msgstr ""
1578
1579
#: serverguide/C/windows-networking.xml:1501(para)
1580
msgid "Change the above to:"
1581
msgstr ""
1582
1583
#: serverguide/C/windows-networking.xml:1505(programlisting)
1584
#, no-wrap
1585
msgid ""
1586
"\n"
1587
"hosts: files dns [NOTFOUND=return]\n"
1588
msgstr ""
1589
1590
#: serverguide/C/windows-networking.xml:1509(para)
1591
msgid "Then restart networking by entering:"
1592
msgstr ""
1593
1594
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1595
msgid "sudo /etc/init.d/networking restart"
1596
msgstr ""
1597
1598
#: serverguide/C/windows-networking.xml:1517(para)
1599
msgid "You should now be able to join the Active Directory domain."
1600
msgstr ""
1601
1602
#: serverguide/C/windows-networking.xml:1525(title)
1603
msgid "Microsoft DNS"
1604
msgstr ""
1605
1606
#: serverguide/C/windows-networking.xml:1527(para)
1607
msgid ""
1608
"The following are instructions for installing DNS on an Active Directory "
1609
"domain controller running Windows Server 2003, but the instructions should "
1610
"be similar for other versions:"
1611
msgstr ""
1612
1613
#: serverguide/C/windows-networking.xml:1536(para)
1614
msgid ""
1615
"Click "
1616
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1617
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1618
"This will open the <application>Server Role Mangement</application> utility."
1619
msgstr ""
1620
1621
#: serverguide/C/windows-networking.xml:1544(para)
1622
msgid "Click <guilabel>Add or remove a role</guilabel>"
1623
msgstr ""
1624
1625
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1626
msgid "Click Next"
1627
msgstr ""
1628
1629
#: serverguide/C/windows-networking.xml:1546(para)
1630
msgid "Select \"DNS Server\""
1631
msgstr ""
1632
1633
#: serverguide/C/windows-networking.xml:1548(para)
1634
msgid "Click Next again to proceed"
1635
msgstr ""
1636
1637
#: serverguide/C/windows-networking.xml:1549(para)
1638
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1639
msgstr ""
1640
1641
#: serverguide/C/windows-networking.xml:1551(para)
1642
msgid ""
1643
"Make sure \"This server maintains the zone\" is selected and click Next."
1644
msgstr ""
1645
1646
#: serverguide/C/windows-networking.xml:1552(para)
1647
msgid "Enter your domain name and click Next"
1648
msgstr ""
1649
1650
#: serverguide/C/windows-networking.xml:1553(para)
1651
msgid "Click Next to \"Allow only secure dynamic updates\""
1652
msgstr ""
1653
1654
#: serverguide/C/windows-networking.xml:1555(para)
1655
msgid ""
1656
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1657
"should not forward queries\" and click Next."
1658
msgstr ""
1659
1660
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1661
msgid "Click Finish"
1662
msgstr ""
1663
1664
#: serverguide/C/windows-networking.xml:1562(para)
1665
msgid ""
1666
"DNS is now installed and can be further configured using the "
1667
"<application>Microsoft Management Console</application> DNS snap-in."
1668
msgstr ""
1669
1670
#: serverguide/C/windows-networking.xml:1570(para)
1671
msgid "Click Start"
1672
msgstr ""
1673
1674
#: serverguide/C/windows-networking.xml:1571(para)
1675
msgid "Control Panel"
1676
msgstr ""
1677
1678
#: serverguide/C/windows-networking.xml:1572(para)
1679
msgid "Network Connections"
1680
msgstr ""
1681
1682
#: serverguide/C/windows-networking.xml:1573(para)
1683
msgid "Right Click \"Local Area Connection\""
1684
msgstr ""
1685
1686
#: serverguide/C/windows-networking.xml:1574(para)
1687
msgid "Click Properties"
1688
msgstr ""
1689
1690
#: serverguide/C/windows-networking.xml:1575(para)
1691
msgid "Double click \"Internet Protocol (TCP/IP)\""
1692
msgstr ""
1693
1694
#: serverguide/C/windows-networking.xml:1576(para)
1695
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1696
msgstr ""
1697
1698
#: serverguide/C/windows-networking.xml:1577(para)
1699
msgid "Click Ok"
1700
msgstr ""
1701
1702
#: serverguide/C/windows-networking.xml:1578(para)
1703
msgid "Click Ok again to save the settings"
1704
msgstr ""
1705
1706
#: serverguide/C/windows-networking.xml:1567(para)
1707
msgid ""
1708
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1709
msgstr ""
1710
1711
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1712
msgid "References"
1713
msgstr ""
1714
1715
#: serverguide/C/windows-networking.xml:1587(para)
1716
msgid ""
1717
"Please refer to the <ulink "
1718
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1719
"further information."
1720
msgstr ""
1721
1722
#: serverguide/C/windows-networking.xml:1591(para)
1723
msgid ""
1724
"For more <application>domainjoin-cli</application> options see the man page: "
1725
"<command>man domainjoin-cli</command>."
1726
msgstr ""
1727
1728
#: serverguide/C/windows-networking.xml:1595(para)
1729
msgid ""
1730
"Also, see the <ulink "
1731
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1732
"LikewiseOpen</ulink> page."
1733
msgstr ""
1734
1735
#: serverguide/C/web-servers.xml:13(title)
1736
msgid "Web Servers"
1737
msgstr ""
1738
1739
#: serverguide/C/web-servers.xml:14(para)
1740
msgid ""
1741
"A Web server is a software responsible for accepting HTTP requests from "
1742
"clients, which are known as Web browsers, and serving them HTTP responses "
1743
"along with optional data contents, which usually are Web pages such as HTML "
1744
"documents and linked objects (images, etc.)."
1745
msgstr ""
1746
1747
#: serverguide/C/web-servers.xml:19(title)
1748
msgid "HTTPD - Apache2 Web Server"
1749
msgstr ""
1750
1751
#: serverguide/C/web-servers.xml:20(para)
1752
msgid ""
1753
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1754
"are used to serve Web Pages requested by client computers. Clients typically "
1755
"request and view Web Pages using Web Browser applications such as "
1756
"<application>Firefox</application>, <application>Opera</application>, or "
1757
"<application>Mozilla</application>."
1758
msgstr ""
1759
1760
#: serverguide/C/web-servers.xml:24(para)
1761
msgid ""
1762
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1763
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1764
"resource. For example, to view the home page of the <ulink "
1765
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1766
"the FQDN. To request specific information about <ulink "
1767
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1768
"enter the FQDN followed by a path."
1769
msgstr ""
1770
1771
#: serverguide/C/web-servers.xml:29(para)
1772
msgid ""
1773
"The most common protocol used to transfer Web pages is the Hyper Text "
1774
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1775
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1776
"protocol for uploading and downloading files, are also supported."
1777
msgstr ""
1778
1779
#: serverguide/C/web-servers.xml:33(para)
1780
msgid ""
1781
"Apache Web Servers are often used in combination with the "
1782
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1783
"(<application>PHP</application>) scripting language, and other popular "
1784
"scripting languages such as <application>Python</application> and "
1785
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1786
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1787
"for the development and deployment of Web-based applications."
1788
msgstr ""
1789
1790
#: serverguide/C/web-servers.xml:42(para)
1791
msgid ""
1792
"The <application>Apache2</application> web server is available in Ubuntu "
1793
"Linux. To install Apache2:"
1794
msgstr ""
1795
1796
#: serverguide/C/web-servers.xml:48(para)
1797
msgid "At a terminal prompt enter the following command:"
1798
msgstr ""
1799
1800
#: serverguide/C/web-servers.xml:53(command)
1801
msgid "sudo apt-get install apache2"
1802
msgstr ""
1803
1804
#: serverguide/C/web-servers.xml:63(para)
1805
msgid ""
1806
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1807
"text configuration files. These <emphasis>directives</emphasis> are "
1808
"separated between the following files and directories:"
1809
msgstr ""
1810
1811
#: serverguide/C/web-servers.xml:71(para)
1812
msgid ""
1813
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1814
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1815
msgstr ""
1816
1817
#: serverguide/C/web-servers.xml:77(para)
1818
msgid ""
1819
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1820
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1821
"serve content may add files, or symlinks, to this directory."
1822
msgstr ""
1823
1824
#: serverguide/C/web-servers.xml:83(para)
1825
msgid ""
1826
"<emphasis>envvars:</emphasis> file where Apache2 "
1827
"<emphasis>environment</emphasis> variables are set."
1828
msgstr ""
1829
1830
#: serverguide/C/web-servers.xml:88(para)
1831
msgid ""
1832
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1833
"file, named after the <application>httpd</application> daemon. The file can "
1834
"be used for <emphasis>user specific</emphasis> configuration options that "
1835
"globally effect Apache2."
1836
msgstr ""
1837
1838
#: serverguide/C/web-servers.xml:95(para)
1839
msgid ""
1840
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1841
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1842
"modules will have specific configuration files, however."
1843
msgstr ""
1844
1845
#: serverguide/C/web-servers.xml:101(para)
1846
msgid ""
1847
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1848
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1849
"configuration file is symlinked it will be enabled the next time "
1850
"<application>apache2</application> is restarted."
1851
msgstr ""
1852
1853
#: serverguide/C/web-servers.xml:108(para)
1854
msgid ""
1855
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1856
"TCP ports Apache2 is listening on."
1857
msgstr ""
1858
1859
#: serverguide/C/web-servers.xml:113(para)
1860
msgid ""
1861
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1862
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1863
"to be configured for multiple sites that have separate configurations."
1864
msgstr ""
1865
1866
#: serverguide/C/web-servers.xml:119(para)
1867
msgid ""
1868
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1869
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1870
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1871
"a configuration file in sites-available is symlinked, the site configured by "
1872
"it will be active once Apache2 is restarted."
1873
msgstr ""
1874
1875
#: serverguide/C/web-servers.xml:127(para)
1876
msgid ""
1877
"In addition, other configuration files may be added using the "
1878
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1879
"many configuration files. Any directive may be placed in any of these "
1880
"configuration files. Changes to the main configuration files are only "
1881
"recognized by Apache2 when it is started or restarted."
1882
msgstr ""
1883
1884
#: serverguide/C/web-servers.xml:136(para)
1885
msgid ""
1886
"The server also reads a file containing mime document types; the filename is "
1887
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1888
"<filename>/etc/mime.types</filename> by default."
1889
msgstr ""
1890
1891
#: serverguide/C/web-servers.xml:141(title)
1892
msgid "Basic Settings"
1893
msgstr ""
1894
1895
#: serverguide/C/web-servers.xml:142(para)
1896
msgid ""
1897
"This section explains Apache2 server essential configuration parameters. "
1898
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1899
"Documentation</ulink> for more details."
1900
msgstr ""
1901
1902
#: serverguide/C/web-servers.xml:150(para)
1903
msgid ""
1904
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1905
"it is configured with a single default virtual host (using the "
1906
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1907
"if you have a single site, or used as a template for additional virtual "
1908
"hosts if you have multiple sites. If left alone, the default virtual host "
1909
"will serve as your default site, or the site users will see if the URL they "
1910
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1911
"your custom sites. To modify the default virtual host, edit the file "
1912
"<filename>/etc/apache2/sites-available/default</filename>."
1913
msgstr ""
1914
1915
#: serverguide/C/web-servers.xml:163(para)
1916
msgid ""
1917
"The directives set for a virtual host only apply to that particular virtual "
1918
"host. If a directive is set server-wide and not defined within the virtual "
1919
"host settings, the default setting is used. For example, you can define a "
1920
"Webmaster email address and not define individual email addresses for each "
1921
"virtual host."
1922
msgstr ""
1923
1924
#: serverguide/C/web-servers.xml:171(para)
1925
msgid ""
1926
"If you wish to configure a new virtual host or site, copy that file into the "
1927
"same directory with a name you choose. For example:"
1928
msgstr ""
1929
1930
#: serverguide/C/web-servers.xml:177(command)
1931
msgid ""
1932
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1933
"available/mynewsite"
1934
msgstr ""
1935
1936
#: serverguide/C/web-servers.xml:180(para)
1937
msgid ""
1938
"Edit the new file to configure the new site using some of the directives "
1939
"described below."
1940
msgstr ""
1941
1942
#: serverguide/C/web-servers.xml:187(para)
1943
msgid ""
1944
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1945
"to be advertised for the server's administrator. The default value is "
1946
"webmaster@localhost. This should be changed to an email address that is "
1947
"delivered to you (if you are the server's administrator). If your website "
1948
"has a problem, Apache2 will display an error message containing this email "
1949
"address to report the problem to. Find this directive in your site's "
1950
"configuration file in /etc/apache2/sites-available."
1951
msgstr ""
1952
1953
#: serverguide/C/web-servers.xml:198(para)
1954
msgid ""
1955
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1956
"the IP address, Apache2 should listen on. If the IP address is not "
1957
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1958
"it runs on. The default value for the Listen directive is 80. Change this to "
1959
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1960
"that it will not be available to the Internet, to (for example) 81 to change "
1961
"the port that it listens on, or leave it as is for normal operation. This "
1962
"directive can be found and changed in its own file, "
1963
"<filename>/etc/apache2/ports.conf</filename>"
1964
msgstr ""
1965
1966
#: serverguide/C/web-servers.xml:211(para)
1967
msgid ""
1968
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1969
"FQDN your site should answer to. The default virtual host has no ServerName "
1970
"directive specified, so it will respond to all requests that do not match a "
1971
"ServerName directive in another virtual host. If you have just acquired the "
1972
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1973
"value of the ServerName directive in your virtual host configuration file "
1974
"should be ubunturocks.com. Add this directive to the new virtual host file "
1975
"you created earlier (<filename>/etc/apache2/sites-"
1976
"available/mynewsite</filename>)."
1977
msgstr ""
1978
1979
#: serverguide/C/web-servers.xml:223(para)
1980
msgid ""
1981
"You may also want your site to respond to www.ubunturocks.com, since many "
1982
"users will assume the www prefix is appropriate. Use the "
1983
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
1984
"wildcards in the ServerAlias directive."
1985
msgstr ""
1986
1987
#: serverguide/C/web-servers.xml:230(para)
1988
msgid ""
1989
"For example, the following configuration will cause your site to respond to "
1990
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
1991
msgstr ""
1992
1993
#: serverguide/C/web-servers.xml:236(programlisting)
1994
#, no-wrap
1995
msgid ""
1996
"\n"
1997
"ServerAlias *.ubunturocks.com\n"
1998
msgstr ""
1999
2000
#: serverguide/C/web-servers.xml:242(para)
2001
msgid ""
2002
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2003
"should look for the files that make up the site. The default value is "
2004
"/var/www. No site is configured there, but if you uncomment the "
2005
"<emphasis>RedirectMatch</emphasis> directive in "
2006
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2007
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2008
"this value in your site's virtual host file, and remember to create that "
2009
"directory if necessary!"
2010
msgstr ""
2011
2012
#: serverguide/C/web-servers.xml:254(para)
2013
msgid ""
2014
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2015
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2016
"enabled point to \"available\" sites."
2017
msgstr ""
2018
2019
#: serverguide/C/web-servers.xml:260(para)
2020
msgid ""
2021
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2022
"<application>a2ensite</application> utility and restart Apache2:"
2023
msgstr ""
2024
2025
#: serverguide/C/web-servers.xml:266(command)
2026
msgid "sudo a2ensite mynewsite"
2027
msgstr ""
2028
2029
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2030
msgid "sudo /etc/init.d/apache2 restart"
2031
msgstr ""
2032
2033
#: serverguide/C/web-servers.xml:271(para)
2034
msgid ""
2035
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2036
"name for the VirtualHost. One method is to name the file after the "
2037
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2038
msgstr ""
2039
2040
#: serverguide/C/web-servers.xml:278(para)
2041
msgid ""
2042
"Similarly, use the <application>a2dissite</application> utility to disable "
2043
"sites. This is can be useful when troubleshooting configuration problems "
2044
"with multiple VirtualHosts:"
2045
msgstr ""
2046
2047
#: serverguide/C/web-servers.xml:284(command)
2048
msgid "sudo a2dissite mynewsite"
2049
msgstr ""
2050
2051
#: serverguide/C/web-servers.xml:290(title)
2052
msgid "Default Settings"
2053
msgstr ""
2054
2055
#: serverguide/C/web-servers.xml:292(para)
2056
msgid ""
2057
"This section explains configuration of the Apache2 server default settings. "
2058
"For example, if you add a virtual host, the settings you configure for the "
2059
"virtual host take precedence for that virtual host. For a directive not "
2060
"defined within the virtual host settings, the default value is used."
2061
msgstr ""
2062
2063
#: serverguide/C/web-servers.xml:304(para)
2064
msgid ""
2065
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2066
"server when a user requests an index of a directory by specifying a forward "
2067
"slash (/) at the end of the directory name."
2068
msgstr ""
2069
2070
#: serverguide/C/web-servers.xml:311(para)
2071
msgid ""
2072
"For example, when a user requests the page "
2073
"http://www.example.com/this_directory/, he or she will get either the "
2074
"DirectoryIndex page if it exists, a server-generated directory list if it "
2075
"does not and the Indexes option is specified, or a Permission Denied page if "
2076
"neither is true. The server will try to find one of the files listed in the "
2077
"DirectoryIndex directive and will return the first one it finds. If it does "
2078
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2079
"set for that directory, the server will generate and return a list, in HTML "
2080
"format, of the subdirectories and files in the directory. The default value, "
2081
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2082
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2083
"Apache2 finds a file in a requested directory matching any of these names, "
2084
"the first will be displayed."
2085
msgstr ""
2086
2087
#: serverguide/C/web-servers.xml:332(para)
2088
msgid ""
2089
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2090
"file for Apache2 to use for specific error events. For example, if a user "
2091
"requests a resource that does not exist, a 404 error will occur, and per "
2092
"Apache2's default configuration, the file "
2093
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2094
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2095
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2096
"redirects requests to the /error directory to "
2097
"<filename>/usr/share/apache2/error/</filename>."
2098
msgstr ""
2099
2100
#: serverguide/C/web-servers.xml:344(para)
2101
msgid ""
2102
"To see a list of the default ErrorDocument directives, use this command:"
2103
msgstr ""
2104
2105
#: serverguide/C/web-servers.xml:350(command)
2106
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2107
msgstr ""
2108
2109
#: serverguide/C/web-servers.xml:355(para)
2110
msgid ""
2111
"By default, the server writes the transfer log to the file "
2112
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2113
"per-site basis in your virtual host configuration files with the "
2114
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2115
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2116
"specify the file to which errors are logged, via the "
2117
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2118
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2119
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2120
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2121
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2122
"/etc/apache2/apache2.conf</filename> for the default value)."
2123
msgstr ""
2124
2125
#: serverguide/C/web-servers.xml:370(para)
2126
msgid ""
2127
"Some options are specified on a per-directory basis rather than per-server. "
2128
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2129
"is enclosed in XML-like tags, like so:"
2130
msgstr ""
2131
2132
#: serverguide/C/web-servers.xml:376(programlisting)
2133
#, no-wrap
2134
msgid ""
2135
"\n"
2136
"<Directory /var/www/mynewsite>\n"
2137
"...\n"
2138
"</Directory>\n"
2139
msgstr ""
2140
2141
#: serverguide/C/web-servers.xml:382(para)
2142
msgid ""
2143
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2144
"one or more of the following values (among others), separated by spaces:"
2145
msgstr ""
2146
2147
#: serverguide/C/web-servers.xml:394(para)
2148
msgid ""
2149
"Most files should not be executed as CGI scripts. This would be very "
2150
"dangerous. CGI scripts should kept in a directory separate from and outside "
2151
"your DocumentRoot, and only this directory should have the ExecCGI option "
2152
"set. This is the default, and the default location for CGI scripts is "
2153
"<filename>/usr/lib/cgi-bin</filename>."
2154
msgstr ""
2155
2156
#: serverguide/C/web-servers.xml:389(para)
2157
msgid ""
2158
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2159
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2160
msgstr ""
2161
2162
#: serverguide/C/web-servers.xml:405(para)
2163
msgid ""
2164
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2165
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2166
"other files. This is not a common option. See <ulink "
2167
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2168
"HOWTO</ulink> for more information."
2169
msgstr ""
2170
2171
#: serverguide/C/web-servers.xml:414(para)
2172
msgid ""
2173
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2174
"includes, but disable the <emphasis>#exec</emphasis> and "
2175
"<emphasis>#include</emphasis> commands in CGI scripts."
2176
msgstr ""
2177
2178
#: serverguide/C/web-servers.xml:426(para)
2179
msgid ""
2180
"For security reasons, this should usually not be set, and certainly should "
2181
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2182
"per-directory basis only if you are certain you want users to see the entire "
2183
"contents of the directory."
2184
msgstr ""
2185
2186
#: serverguide/C/web-servers.xml:421(para)
2187
msgid ""
2188
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2189
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2190
"index.html) exists in the requested directory. <placeholder-1/>"
2191
msgstr ""
2192
2193
#: serverguide/C/web-servers.xml:436(para)
2194
msgid ""
2195
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2196
"multiviews; this option is disabled by default for security reasons. See the "
2197
"<ulink "
2198
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2199
"Apache2 documentation on this option</ulink>."
2200
msgstr ""
2201
2202
#: serverguide/C/web-servers.xml:444(para)
2203
msgid ""
2204
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2205
"symbolic links if the target file or directory has the same owner as the "
2206
"link."
2207
msgstr ""
2208
2209
#: serverguide/C/web-servers.xml:456(title)
2210
msgid "httpd Settings"
2211
msgstr ""
2212
2213
#: serverguide/C/web-servers.xml:458(para)
2214
msgid ""
2215
"This section explains some basic <application>httpd</application> daemon "
2216
"configuration settings."
2217
msgstr ""
2218
2219
#: serverguide/C/web-servers.xml:462(para)
2220
msgid ""
2221
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2222
"the path to the lockfile used when the server is compiled with either "
2223
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2224
"stored on the local disk. It should be left to the default value unless the "
2225
"logs directory is located on an NFS share. If this is the case, the default "
2226
"value should be changed to a location on the local disk and to a directory "
2227
"that is readable only by root."
2228
msgstr ""
2229
2230
#: serverguide/C/web-servers.xml:471(para)
2231
msgid ""
2232
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2233
"file in which the server records its process ID (pid). This file should only "
2234
"be readable by root. In most cases, it should be left to the default value."
2235
msgstr ""
2236
2237
#: serverguide/C/web-servers.xml:477(para)
2238
msgid ""
2239
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2240
"used by the server to answer requests. This setting determines the server's "
2241
"access. Any files inaccessible to this user will also be inaccessible to "
2242
"your website's visitors. The default value for User is www-data."
2243
msgstr ""
2244
2245
#: serverguide/C/web-servers.xml:484(para)
2246
msgid ""
2247
"Unless you know exactly what you are doing, do not set the User directive to "
2248
"root. Using root as the User will create large security holes for your Web "
2249
"server."
2250
msgstr ""
2251
2252
#: serverguide/C/web-servers.xml:490(para)
2253
msgid ""
2254
"The Group directive is similar to the User directive. Group sets the group "
2255
"under which the server will answer requests. The default group is also www-"
2256
"data."
2257
msgstr ""
2258
2259
#: serverguide/C/web-servers.xml:496(title)
2260
msgid "Apache2 Modules"
2261
msgstr ""
2262
2263
#: serverguide/C/web-servers.xml:498(para)
2264
msgid ""
2265
"Apache2 is a modular server. This implies that only the most basic "
2266
"functionality is included in the core server. Extended features are "
2267
"available through modules which can be loaded into Apache2. By default, a "
2268
"base set of modules is included in the server at compile-time. If the server "
2269
"is compiled to use dynamically loaded modules, then modules can be compiled "
2270
"separately, and added at any time using the LoadModule directive. Otherwise, "
2271
"Apache2 must be recompiled to add or remove modules."
2272
msgstr ""
2273
2274
#: serverguide/C/web-servers.xml:510(para)
2275
msgid ""
2276
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2277
"Configuration directives may be conditionally included on the presence of a "
2278
"particular module by enclosing them in an "
2279
"<emphasis><IfModule></emphasis> block."
2280
msgstr ""
2281
2282
#: serverguide/C/web-servers.xml:517(para)
2283
msgid ""
2284
"You can install additional Apache2 modules and use them with your Web "
2285
"server. For example, run the following command from a terminal prompt to "
2286
"install the <emphasis>MySQL Authentication</emphasis> module:"
2287
msgstr ""
2288
2289
#: serverguide/C/web-servers.xml:524(command)
2290
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2291
msgstr ""
2292
2293
#: serverguide/C/web-servers.xml:527(para)
2294
msgid ""
2295
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2296
"additional modules."
2297
msgstr ""
2298
2299
#: serverguide/C/web-servers.xml:531(para)
2300
msgid ""
2301
"Use the <application>a2enmod</application> utility to enable a module:"
2302
msgstr ""
2303
2304
#: serverguide/C/web-servers.xml:537(command)
2305
msgid "sudo a2enmod auth_mysql"
2306
msgstr ""
2307
2308
#: serverguide/C/web-servers.xml:541(para)
2309
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2310
msgstr ""
2311
2312
#: serverguide/C/web-servers.xml:546(command)
2313
msgid "sudo a2dismod auth_mysql"
2314
msgstr ""
2315
2316
#: serverguide/C/web-servers.xml:553(title)
2317
msgid "HTTPS Configuration"
2318
msgstr ""
2319
2320
#: serverguide/C/web-servers.xml:555(para)
2321
msgid ""
2322
"The <application>mod_ssl</application> module adds an important feature to "
2323
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2324
"browser is communicating using SSL, the https:// prefix is used at the "
2325
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2326
"bar."
2327
msgstr ""
2328
2329
#: serverguide/C/web-servers.xml:564(para)
2330
msgid ""
2331
"The <application>mod_ssl</application> module is available in "
2332
"<application>apache2-common</application> package. Execute the following "
2333
"command from a terminal prompt to enable the "
2334
"<application>mod_ssl</application> module:"
2335
msgstr ""
2336
2337
#: serverguide/C/web-servers.xml:571(command)
2338
msgid "sudo a2enmod ssl"
2339
msgstr ""
2340
2341
#: serverguide/C/web-servers.xml:574(para)
2342
msgid ""
2343
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2344
"available/default-ssl</filename>. In order for "
2345
"<application>Apache2</application> to provide HTTPS, a "
2346
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2347
"needed. The default HTTPS configuration will use a certificate and key "
2348
"generated by the <application>ssl-cert</application> package. They are good "
2349
"for testing, but the auto-generated certificate and key should be replaced "
2350
"by a certificate specific to the site or server. For information on "
2351
"generating a key and obtaining a certificate see <xref "
2352
"linkend=\"certificates-and-security\"/>"
2353
msgstr ""
2354
2355
#: serverguide/C/web-servers.xml:584(para)
2356
msgid ""
2357
"To configure <application>Apache2</application> for HTTPS, enter the "
2358
"following:"
2359
msgstr ""
2360
2361
#: serverguide/C/web-servers.xml:589(command)
2362
msgid "sudo a2ensite default-ssl"
2363
msgstr ""
2364
2365
#: serverguide/C/web-servers.xml:593(para)
2366
msgid ""
2367
"The directories <filename>/etc/ssl/certs</filename> and "
2368
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2369
"install the certificate and key in another directory make sure to change "
2370
"<emphasis>SSLCertificateFile</emphasis> and "
2371
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2372
msgstr ""
2373
2374
#: serverguide/C/web-servers.xml:600(para)
2375
msgid ""
2376
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2377
"settings:"
2378
msgstr ""
2379
2380
#: serverguide/C/web-servers.xml:611(para)
2381
msgid ""
2382
"Depending on how you obtained your certificate you may need to enter a "
2383
"passphrase when <application>Apache2</application> starts."
2384
msgstr ""
2385
2386
#: serverguide/C/web-servers.xml:617(para)
2387
msgid ""
2388
"You can access the secure server pages by typing https://your_hostname/url/ "
2389
"in your browser address bar."
2390
msgstr ""
2391
2392
#: serverguide/C/web-servers.xml:628(para)
2393
msgid ""
2394
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2395
"Documentation</ulink> contains in depth information on Apache2 configuration "
2396
"directives. Also, see the <application>apache2-doc</application> package for "
2397
"the official Apache2 docs."
2398
msgstr ""
2399
2400
#: serverguide/C/web-servers.xml:635(para)
2401
msgid ""
2402
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2403
"Documentation</ulink> site for more SSL related information."
2404
msgstr ""
2405
2406
#: serverguide/C/web-servers.xml:641(para)
2407
msgid ""
2408
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2409
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2410
"configurations."
2411
msgstr ""
2412
2413
#: serverguide/C/web-servers.xml:647(para)
2414
msgid ""
2415
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2416
"server</emphasis> IRC channel on <ulink "
2417
"url=\"http://freenode.net/\">freenode.net</ulink>."
2418
msgstr ""
2419
2420
#: serverguide/C/web-servers.xml:653(para)
2421
msgid ""
2422
"Usually integrated with PHP and MySQL the <ulink "
2423
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2424
"Ubuntu Wiki </ulink> page is a good resource."
2425
msgstr ""
2426
2427
#: serverguide/C/web-servers.xml:664(title)
2428
msgid "PHP5 - Scripting Language"
2429
msgstr ""
2430
2431
#: serverguide/C/web-servers.xml:665(para)
2432
msgid ""
2433
"PHP is a general-purpose scripting language suited for Web development. The "
2434
"PHP script can be embedded into HTML. This section explains how to install "
2435
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2436
msgstr ""
2437
2438
#: serverguide/C/web-servers.xml:669(para)
2439
msgid ""
2440
"This section assumes you have installed and configured Apache2 Web Server "
2441
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2442
"sections in this document to install and configure Apache2 and MySQL "
2443
"respectively."
2444
msgstr ""
2445
2446
#: serverguide/C/web-servers.xml:676(para)
2447
msgid "The PHP5 is available in Ubuntu Linux."
2448
msgstr ""
2449
2450
#: serverguide/C/web-servers.xml:678(para)
2451
msgid ""
2452
"To install PHP5 you can enter the following command in the terminal prompt: "
2453
"<screen>\n"
2454
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2455
"</screen>"
2456
msgstr ""
2457
2458
#: serverguide/C/web-servers.xml:687(para)
2459
msgid ""
2460
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2461
"line you should install <application>php5-cli</application> package. To "
2462
"install <application>php5-cli</application> you can enter the following "
2463
"command in the terminal prompt: <screen>\n"
2464
"<command>sudo apt-get install php5-cli</command>\n"
2465
"</screen>"
2466
msgstr ""
2467
2468
#: serverguide/C/web-servers.xml:696(para)
2469
msgid ""
2470
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2471
"accomplish this, you should install <application>php5-cgi</application> "
2472
"package. You can run the following command in a terminal prompt to install "
2473
"<application>php5-cgi</application> package: <screen>\n"
2474
"<command>sudo apt-get install php5-cgi</command>\n"
2475
"</screen>"
2476
msgstr ""
2477
2478
#: serverguide/C/web-servers.xml:706(para)
2479
msgid ""
2480
"To use <application>MySQL</application> with PHP5 you should install "
2481
"<application>php5-mysql</application> package. To install <application>php5-"
2482
"mysql</application> you can enter the following command in the terminal "
2483
"prompt: <screen>\n"
2484
"<command>sudo apt-get install php5-mysql</command>\n"
2485
"</screen>"
2486
msgstr ""
2487
2488
#: serverguide/C/web-servers.xml:714(para)
2489
msgid ""
2490
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2491
"install <application>php5-pgsql</application> package. To install "
2492
"<application>php5-pgsql</application> you can enter the following command in "
2493
"the terminal prompt: <screen>\n"
2494
"<command>sudo apt-get install php5-pgsql</command>\n"
2495
"</screen>"
2496
msgstr ""
2497
2498
#: serverguide/C/web-servers.xml:727(para)
2499
msgid ""
2500
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2501
"you have installed <application>php5-cli</application> package, you can run "
2502
"PHP5 scripts from your command prompt."
2503
msgstr ""
2504
2505
#: serverguide/C/web-servers.xml:734(para)
2506
msgid ""
2507
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2508
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2509
"when you install the module. Please verify if the files "
2510
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2511
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2512
"not exists, you can enable the module using <command>a2enmod</command> "
2513
"command."
2514
msgstr ""
2515
2516
#: serverguide/C/web-servers.xml:745(para)
2517
msgid ""
2518
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2519
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2520
"following command at a terminal prompt to restart your web server: "
2521
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2522
msgstr ""
2523
2524
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1569(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2525
msgid "Testing"
2526
msgstr ""
2527
2528
#: serverguide/C/web-servers.xml:754(para)
2529
msgid ""
2530
"To verify your installation, you can run following PHP5 phpinfo script:"
2531
msgstr ""
2532
2533
#: serverguide/C/web-servers.xml:757(programlisting)
2534
#, no-wrap
2535
msgid ""
2536
"\n"
2537
"<?php\n"
2538
" phpinfo();\n"
2539
"?>\n"
2540
msgstr ""
2541
2542
#: serverguide/C/web-servers.xml:762(para)
2543
msgid ""
2544
"You can save the content in a file <filename>phpinfo.php</filename> and "
2545
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2546
"server. When point your browser to "
2547
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2548
"various PHP5 configuration parameters."
2549
msgstr ""
2550
2551
#: serverguide/C/web-servers.xml:776(para)
2552
msgid ""
2553
"For more in depth information see <ulink "
2554
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2555
msgstr ""
2556
2557
#: serverguide/C/web-servers.xml:781(para)
2558
msgid ""
2559
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2560
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2561
"5</ulink> and the <ulink "
2562
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2563
msgstr ""
2564
2565
#: serverguide/C/web-servers.xml:788(para)
2566
msgid ""
2567
"Also, see the <ulink "
2568
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2569
"Ubuntu Wiki</ulink> page for more information."
2570
msgstr ""
2571
2572
#: serverguide/C/web-servers.xml:799(title)
2573
msgid "Squid - Proxy Server"
2574
msgstr ""
2575
2576
#: serverguide/C/web-servers.xml:800(para)
2577
msgid ""
2578
"Squid is a full-featured web proxy cache server application which provides "
2579
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2580
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2581
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2582
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2583
"caching. Squid also supports a wide variety of caching protocols, such as "
2584
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2585
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2586
"Protocol. (WCCP)"
2587
msgstr ""
2588
2589
#: serverguide/C/web-servers.xml:808(para)
2590
msgid ""
2591
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2592
"and caching server needs, and scales from the branch office to enterprise "
2593
"level networks while providing extensive, granular access control mechanisms "
2594
"and monitoring of critical parameters via the Simple Network Management "
2595
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2596
"Squid proxy, or caching servers, ensure your system is configured with a "
2597
"large amount of physical memory, as Squid maintains an in-memory cache for "
2598
"increased performance."
2599
msgstr ""
2600
2601
#: serverguide/C/web-servers.xml:817(para)
2602
msgid ""
2603
"At a terminal prompt, enter the following command to install the Squid "
2604
"server:"
2605
msgstr ""
2606
2607
#: serverguide/C/web-servers.xml:822(command)
2608
msgid "sudo apt-get install squid"
2609
msgstr ""
2610
2611
#: serverguide/C/web-servers.xml:828(para)
2612
msgid ""
2613
"Squid is configured by editing the directives contained within the "
2614
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2615
"examples illustrate some of the directives which may be modified to affect "
2616
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2617
"see the References section."
2618
msgstr ""
2619
2620
#: serverguide/C/web-servers.xml:834(para)
2621
msgid ""
2622
"Prior to editing the configuration file, you should make a copy of the "
2623
"original file and protect it from writing so you will have the original "
2624
"settings as a reference, and to re-use as necessary."
2625
msgstr ""
2626
2627
#: serverguide/C/web-servers.xml:837(para)
2628
msgid ""
2629
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2630
"writing with the following commands entered at a terminal prompt:"
2631
msgstr ""
2632
2633
#: serverguide/C/web-servers.xml:842(command)
2634
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2635
msgstr ""
2636
2637
#: serverguide/C/web-servers.xml:843(command)
2638
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2639
msgstr ""
2640
2641
#: serverguide/C/web-servers.xml:849(para)
2642
msgid ""
2643
"To set your Squid server to listen on TCP port 8888 instead of the default "
2644
"TCP port 3128, change the http_port directive as such:"
2645
msgstr ""
2646
2647
#: serverguide/C/web-servers.xml:853(programlisting)
2648
#, no-wrap
2649
msgid ""
2650
"\n"
2651
"http_port 8888\n"
2652
msgstr ""
2653
2654
#: serverguide/C/web-servers.xml:858(para)
2655
msgid ""
2656
"Change the visible_hostname directive in order to give the Squid server a "
2657
"specific hostname. This hostname does not necessarily need to be the "
2658
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2659
msgstr ""
2660
2661
#: serverguide/C/web-servers.xml:862(programlisting)
2662
#, no-wrap
2663
msgid ""
2664
"\n"
2665
"visible_hostname weezie\n"
2666
msgstr ""
2667
2668
#: serverguide/C/web-servers.xml:867(para)
2669
msgid ""
2670
"Using Squid's access control, you may configure use of Internet services "
2671
"proxied by Squid to be available only users with certain Internet Protocol "
2672
"(IP) addresses. For example, we will illustrate access by users of the "
2673
"192.168.42.0/24 subnetwork only:"
2674
msgstr ""
2675
2676
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2677
msgid ""
2678
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2679
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2680
msgstr ""
2681
2682
#: serverguide/C/web-servers.xml:875(programlisting)
2683
#, no-wrap
2684
msgid ""
2685
"\n"
2686
"acl fortytwo_network src 192.168.42.0/24\n"
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2690
msgid ""
2691
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2692
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2693
msgstr ""
2694
2695
#: serverguide/C/web-servers.xml:882(programlisting)
2696
#, no-wrap
2697
msgid ""
2698
"\n"
2699
"http_access allow fortytwo_network\n"
2700
msgstr ""
2701
2702
#: serverguide/C/web-servers.xml:887(para)
2703
msgid ""
2704
"Using the excellent access control features of Squid, you may configure use "
2705
"of Internet services proxied by Squid to be available only during normal "
2706
"business hours. For example, we'll illustrate access by employees of a "
2707
"business which is operating between 9:00AM and 5:00PM, Monday through "
2708
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2709
msgstr ""
2710
2711
#: serverguide/C/web-servers.xml:895(programlisting)
2712
#, no-wrap
2713
msgid ""
2714
"\n"
2715
"acl biz_network src 10.1.42.0/24\n"
2716
"acl biz_hours time M T W T F 9:00-17:00\n"
2717
msgstr ""
2718
2719
#: serverguide/C/web-servers.xml:903(programlisting)
2720
#, no-wrap
2721
msgid ""
2722
"\n"
2723
"http_access allow biz_network biz_hours\n"
2724
msgstr ""
2725
2726
#: serverguide/C/web-servers.xml:910(para)
2727
msgid ""
2728
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2729
"save the file and restart the <application>squid</application> server "
2730
"application to effect the changes using the following command entered at a "
2731
"terminal prompt:"
2732
msgstr ""
2733
2734
#: serverguide/C/web-servers.xml:917(command)
2735
msgid "sudo /etc/init.d/squid restart"
2736
msgstr ""
2737
2738
#: serverguide/C/web-servers.xml:924(ulink)
2739
msgid "Squid Website"
2740
msgstr ""
2741
2742
#: serverguide/C/web-servers.xml:926(para)
2743
msgid ""
2744
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2745
"Squid</ulink> page."
2746
msgstr ""
2747
2748
#: serverguide/C/web-servers.xml:933(title)
2749
msgid "Ruby on Rails"
2750
msgstr ""
2751
2752
#: serverguide/C/web-servers.xml:934(para)
2753
msgid ""
2754
"Ruby on Rails is an open source web framework for developing database backed "
2755
"web applications. It is optimized for sustainable productivity of the "
2756
"programmer since it lets the programmer to write code by favouring "
2757
"convention over configuration."
2758
msgstr ""
2759
2760
#: serverguide/C/web-servers.xml:941(para)
2761
msgid ""
2762
"Before installing <application>Rails</application> you should install "
2763
"<application>Apache</application> and <application>MySQL</application>. To "
2764
"install the <application>Apache</application> package, please refer to <xref "
2765
"linkend=\"httpd\"/>. For instructions on installing "
2766
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2767
msgstr ""
2768
2769
#: serverguide/C/web-servers.xml:949(para)
2770
msgid ""
2771
"Once you have <application>Apache</application> and "
2772
"<application>MySQL</application> packages installed, you are ready to "
2773
"install <application>Ruby on Rails</application> package."
2774
msgstr ""
2775
2776
#: serverguide/C/web-servers.xml:956(para)
2777
msgid ""
2778
"To install the <application>Ruby</application> base packages and "
2779
"<application>Ruby on Rails</application>, you can enter the following "
2780
"command in the terminal prompt:"
2781
msgstr ""
2782
2783
#: serverguide/C/web-servers.xml:962(command)
2784
msgid "sudo apt-get install rails"
2785
msgstr ""
2786
2787
#: serverguide/C/web-servers.xml:968(para)
2788
msgid ""
2789
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2790
"configuration file to setup your domains."
2791
msgstr ""
2792
2793
#: serverguide/C/web-servers.xml:972(para)
2794
msgid ""
2795
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2796
msgstr ""
2797
2798
#: serverguide/C/web-servers.xml:976(programlisting)
2799
#, no-wrap
2800
msgid ""
2801
"\n"
2802
"DocumentRoot /path/to/rails/application/public\n"
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:979(para)
2806
msgid ""
2807
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2808
"directive:"
2809
msgstr ""
2810
2811
#: serverguide/C/web-servers.xml:983(programlisting)
2812
#, no-wrap
2813
msgid ""
2814
"\n"
2815
"<Directory \"/path/to/rails/application/public\">\n"
2816
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2817
" AllowOverride All\n"
2818
" Order allow,deny\n"
2819
" allow from all\n"
2820
" AddHandler cgi-script .cgi\n"
2821
"</Directory>\n"
2822
msgstr ""
2823
2824
#: serverguide/C/web-servers.xml:993(para)
2825
msgid ""
2826
"You should also enable the <application>mod_rewrite</application> module for "
2827
"Apache. To enable <application>mod_rewrite</application> module, please "
2828
"enter the following command in a terminal prompt:"
2829
msgstr ""
2830
2831
#: serverguide/C/web-servers.xml:999(command)
2832
msgid "sudo a2enmod rewrite"
2833
msgstr ""
2834
2835
#: serverguide/C/web-servers.xml:1002(para)
2836
msgid ""
2837
"Finally you will need to change the ownership of the "
2838
"<filename>/path/to/rails/application/public</filename> and "
2839
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2840
"used to run the <application>Apache</application> process:"
2841
msgstr ""
2842
2843
#: serverguide/C/web-servers.xml:1008(command)
2844
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2845
msgstr ""
2846
2847
#: serverguide/C/web-servers.xml:1009(command)
2848
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2849
msgstr ""
2850
2851
#: serverguide/C/web-servers.xml:1012(para)
2852
msgid ""
2853
"That's it! Now you have your Server ready for your <application>Ruby on "
2854
"Rails</application> applications."
2855
msgstr ""
2856
2857
#: serverguide/C/web-servers.xml:1021(para)
2858
msgid ""
2859
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2860
"for more information."
2861
msgstr ""
2862
2863
#: serverguide/C/web-servers.xml:1026(para)
2864
msgid ""
2865
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2866
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2867
"resource."
2868
msgstr ""
2869
2870
#: serverguide/C/web-servers.xml:1032(para)
2871
msgid ""
2872
"Another place for more information is the <ulink "
2873
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2874
"Wiki</ulink> page."
2875
msgstr ""
2876
2877
#: serverguide/C/web-servers.xml:1043(title)
2878
msgid "Apache Tomcat"
2879
msgstr ""
2880
2881
#: serverguide/C/web-servers.xml:1044(para)
2882
msgid ""
2883
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2884
"JSP (Java Server Pages) web applications."
2885
msgstr ""
2886
2887
#: serverguide/C/web-servers.xml:1046(para)
2888
msgid ""
2889
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2890
"different ways of running Tomcat. You can install them as a classic unique "
2891
"system-wide instance, that will be started at boot time and will run as the "
2892
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2893
"will run with your own user rights, and that you should start and stop by "
2894
"yourself. This second way is particularly useful in a development server "
2895
"context where multiple users need to test on their own private Tomcat "
2896
"instances."
2897
msgstr ""
2898
2899
#: serverguide/C/web-servers.xml:1056(title)
2900
msgid "System-wide installation"
2901
msgstr ""
2902
2903
#: serverguide/C/web-servers.xml:1057(para)
2904
msgid ""
2905
"To install the <application>Tomcat</application> server, you can enter the "
2906
"following command in the terminal prompt:"
2907
msgstr ""
2908
2909
#: serverguide/C/web-servers.xml:1060(command)
2910
msgid "sudo apt-get install tomcat6"
2911
msgstr ""
2912
2913
#: serverguide/C/web-servers.xml:1062(para)
2914
msgid ""
2915
"This will install a Tomcat server with just a default ROOT webapp that "
2916
"displays a minimal \"It works\" page by default."
2917
msgstr ""
2918
2919
#: serverguide/C/web-servers.xml:1068(para)
2920
msgid ""
2921
"Tomcat configuration files can be found in "
2922
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2923
"will be described here, please see <ulink "
2924
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2925
"documentation</ulink> for more."
2926
msgstr ""
2927
2928
#: serverguide/C/web-servers.xml:1074(title)
2929
msgid "Changing default ports"
2930
msgstr ""
2931
2932
#: serverguide/C/web-servers.xml:1075(para)
2933
msgid ""
2934
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2935
"connector on port 8009. You might want to change those default ports to "
2936
"avoid conflict with another server on the system. This is done by changing "
2937
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2938
msgstr ""
2939
2940
#: serverguide/C/web-servers.xml:1080(programlisting)
2941
#, no-wrap
2942
msgid ""
2943
"\n"
2944
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2945
" connectionTimeout=\"20000\" \n"
2946
" redirectPort=\"8443\" />\n"
2947
"...\n"
2948
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2949
"/>\n"
2950
msgstr ""
2951
2952
#: serverguide/C/web-servers.xml:1089(title)
2953
msgid "Changing JVM used"
2954
msgstr ""
2955
2956
#: serverguide/C/web-servers.xml:1090(para)
2957
msgid ""
2958
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2959
"then try some other JVMs. If you have various JVMs installed, you can set "
2960
"which should be used by setting JAVA_HOME in "
2961
"<filename>/etc/default/tomcat6</filename>:"
2962
msgstr ""
2963
2964
#: serverguide/C/web-servers.xml:1094(programlisting)
2965
#, no-wrap
2966
msgid ""
2967
"\n"
2968
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2969
msgstr ""
2970
2971
#: serverguide/C/web-servers.xml:1099(title)
2972
msgid "Declaring users and roles"
2973
msgstr ""
2974
2975
#: serverguide/C/web-servers.xml:1100(para)
2976
msgid ""
2977
"Usernames, passwords and roles (groups) can be defined centrally in a "
2978
"Servlet container. In Tomcat 6.0 this is done in the "
2979
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2980
msgstr ""
2981
2982
#: serverguide/C/web-servers.xml:1103(programlisting)
2983
#, no-wrap
2984
msgid ""
2985
"\n"
2986
"<role rolename=\"admin\"/>\n"
2987
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2988
msgstr ""
2989
2990
#: serverguide/C/web-servers.xml:1111(title)
2991
msgid "Using Tomcat standard webapps"
2992
msgstr ""
2993
2994
#: serverguide/C/web-servers.xml:1112(para)
2995
msgid ""
2996
"Tomcat is shipped with webapps that you can install for documentation, "
2997
"administration or demo purposes."
2998
msgstr ""
2999
3000
#: serverguide/C/web-servers.xml:1115(title)
3001
msgid "Tomcat documentation"
3002
msgstr ""
3003
3004
#: serverguide/C/web-servers.xml:1116(para)
3005
msgid ""
3006
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3007
"documentation, packaged as a webapp that you can access by default at "
3008
"http://yourserver:8080/docs. You can install it by entering the following "
3009
"command in the terminal prompt:"
3010
msgstr ""
3011
3012
#: serverguide/C/web-servers.xml:1121(command)
3013
msgid "sudo apt-get install tomcat6-docs"
3014
msgstr ""
3015
3016
#: serverguide/C/web-servers.xml:1125(title)
3017
msgid "Tomcat administration webapps"
3018
msgstr ""
3019
3020
#: serverguide/C/web-servers.xml:1126(para)
3021
msgid ""
3022
"The <application>tomcat6-admin</application> package contains two webapps "
3023
"that can be used to administer the Tomcat server using a web interface. You "
3024
"can install them by entering the following command in the terminal prompt:"
3025
msgstr ""
3026
3027
#: serverguide/C/web-servers.xml:1131(command)
3028
msgid "sudo apt-get install tomcat6-admin"
3029
msgstr ""
3030
3031
#: serverguide/C/web-servers.xml:1133(para)
3032
msgid ""
3033
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3034
"access by default at http://yourserver:8080/manager/html. It is primarily "
3035
"used to get server status and restart webapps."
3036
msgstr ""
3037
3038
#: serverguide/C/web-servers.xml:1136(para)
3039
msgid ""
3040
"Access to the <emphasis>manager</emphasis> application is protected by "
3041
"default: you need to define a user with the role \"manager\" in "
3042
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3043
msgstr ""
3044
3045
#: serverguide/C/web-servers.xml:1140(para)
3046
msgid ""
3047
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3048
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3049
"used to create virtual hosts dynamically."
3050
msgstr ""
3051
3052
#: serverguide/C/web-servers.xml:1144(para)
3053
msgid ""
3054
"Access to the <emphasis>host-manager</emphasis> application is also "
3055
"protected by default: you need to define a user with the role \"admin\" in "
3056
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3057
msgstr ""
3058
3059
#: serverguide/C/web-servers.xml:1149(para)
3060
msgid ""
3061
"For security reasons, the tomcat6 user cannot write to the "
3062
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3063
"these admin webapps (application deployment, virtual host creation) need "
3064
"write access to that directory. If you want to use these features execute "
3065
"the following, to give users in the tomcat6 group the necessary rights:"
3066
msgstr ""
3067
3068
#: serverguide/C/web-servers.xml:1156(command)
3069
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3070
msgstr ""
3071
3072
#: serverguide/C/web-servers.xml:1157(command)
3073
msgid "sudo chmod -R g+w /etc/tomcat6"
3074
msgstr ""
3075
3076
#: serverguide/C/web-servers.xml:1162(title)
3077
msgid "Tomcat examples webapps"
3078
msgstr ""
3079
3080
#: serverguide/C/web-servers.xml:1163(para)
3081
msgid ""
3082
"The <application>tomcat6-examples</application> package contains two webapps "
3083
"that can be used to test or demonstrate Servlets and JSP features, which you "
3084
"can access them by default at http://yourserver:8080/examples. You can "
3085
"install them by entering the following command in the terminal prompt:"
3086
msgstr ""
3087
3088
#: serverguide/C/web-servers.xml:1169(command)
3089
msgid "sudo apt-get install tomcat6-examples"
3090
msgstr ""
3091
3092
#: serverguide/C/web-servers.xml:1175(title)
3093
msgid "Using private instances"
3094
msgstr ""
3095
3096
#: serverguide/C/web-servers.xml:1176(para)
3097
msgid ""
3098
"Tomcat is heavily used in development and testing scenarios where using a "
3099
"single system-wide instance doesn't meet the requirements of multiple users "
3100
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3101
"help deploy your own user-oriented instances, allowing every user on a "
3102
"system to run (without root rights) separate private instances while still "
3103
"using the system-installed libraries."
3104
msgstr ""
3105
3106
#: serverguide/C/web-servers.xml:1183(para)
3107
msgid ""
3108
"It is possible to run the system-wide instance and the private instances in "
3109
"parallel, as long as they do not use the same TCP ports."
3110
msgstr ""
3111
3112
#: serverguide/C/web-servers.xml:1187(title)
3113
msgid "Installing private instance support"
3114
msgstr ""
3115
3116
#: serverguide/C/web-servers.xml:1188(para)
3117
msgid ""
3118
"You can install everything necessary to run private instances by entering "
3119
"the following command in the terminal prompt:"
3120
msgstr ""
3121
3122
#: serverguide/C/web-servers.xml:1191(command)
3123
msgid "sudo apt-get install tomcat6-user"
3124
msgstr ""
3125
3126
#: serverguide/C/web-servers.xml:1195(title)
3127
msgid "Creating a private instance"
3128
msgstr ""
3129
3130
#: serverguide/C/web-servers.xml:1196(para)
3131
msgid ""
3132
"You can create a private instance directory by entering the following "
3133
"command in the terminal prompt:"
3134
msgstr ""
3135
3136
#: serverguide/C/web-servers.xml:1199(command)
3137
msgid "tomcat6-instance-create my-instance"
3138
msgstr ""
3139
3140
#: serverguide/C/web-servers.xml:1201(para)
3141
msgid ""
3142
"This will create a new <filename>my-instance</filename> directory with all "
3143
"the necessary subdirectories and scripts. You can for example install your "
3144
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3145
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3146
"are deployed by default."
3147
msgstr ""
3148
3149
#: serverguide/C/web-servers.xml:1209(title)
3150
msgid "Configuring your private instance"
3151
msgstr ""
3152
3153
#: serverguide/C/web-servers.xml:1210(para)
3154
msgid ""
3155
"You will find the classic Tomcat configuration files for your private "
3156
"instance in the <filename>conf/</filename> subdirectory. You should for "
3157
"example certainly edit the <filename>conf/server.xml</filename> file to "
3158
"change the default ports used by your private Tomcat instance to avoid "
3159
"conflict with other instances that might be running."
3160
msgstr ""
3161
3162
#: serverguide/C/web-servers.xml:1218(title)
3163
msgid "Starting/stopping your private instance"
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:1219(para)
3167
msgid ""
3168
"You can start your private instance by entering the following command in the "
3169
"terminal prompt (supposing your instance is located in the <filename>my-"
3170
"instance</filename> directory):"
3171
msgstr ""
3172
3173
#: serverguide/C/web-servers.xml:1223(command)
3174
msgid "my-instance/bin/startup.sh"
3175
msgstr ""
3176
3177
#: serverguide/C/web-servers.xml:1225(para)
3178
msgid ""
3179
"You should check the <filename>logs/</filename> subdirectory for any error. "
3180
"If you have a <emphasis>java.net.BindException: Address already in "
3181
"use<null>:8080</emphasis> error, it means that the port you're using "
3182
"is already taken and that you should change it."
3183
msgstr ""
3184
3185
#: serverguide/C/web-servers.xml:1230(para)
3186
msgid ""
3187
"You can stop your instance by entering the following command in the terminal "
3188
"prompt (supposing your instance is located in the <filename>my-"
3189
"instance</filename> directory):"
3190
msgstr ""
3191
3192
#: serverguide/C/web-servers.xml:1234(command)
3193
msgid "my-instance/bin/shutdown.sh"
3194
msgstr ""
3195
3196
#: serverguide/C/web-servers.xml:1243(para)
3197
msgid ""
3198
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3199
"website for more information."
3200
msgstr ""
3201
3202
#: serverguide/C/web-servers.xml:1248(para)
3203
msgid ""
3204
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3205
"Definitive Guide</ulink> is a good resource for building web applications "
3206
"with Tomcat."
3207
msgstr ""
3208
3209
#: serverguide/C/web-servers.xml:1254(para)
3210
msgid ""
3211
"For additional books see the <ulink "
3212
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3213
"page."
3214
msgstr ""
3215
3216
#: serverguide/C/web-servers.xml:1259(para)
3217
msgid ""
3218
"Also, see the<ulink "
3219
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3220
"Tomcat</ulink> page."
3221
msgstr ""
3222
3223
#: serverguide/C/vpn.xml:13(title)
3224
msgid "VPN"
3225
msgstr ""
3226
3227
#: serverguide/C/vpn.xml:15(para)
3228
msgid ""
3229
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3230
"network connection between two or more networks. There are several ways to "
3231
"create a VPN using software as well as dedicated hardware appliances. This "
3232
"chapter will cover installing and configuring "
3233
"<application>OpenVPN</application> to create a VPN between two servers."
3234
msgstr ""
3235
3236
#: serverguide/C/vpn.xml:23(title)
3237
msgid "OpenVPN"
3238
msgstr ""
3239
3240
#: serverguide/C/vpn.xml:25(para)
3241
msgid ""
3242
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3243
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3244
"clients through a bridge interface on the VPN server. This guide will assume "
3245
"that one VPN node, the server in this case, has a bridge interface "
3246
"configured. For more information on setting up a bridge see <xref "
3247
"linkend=\"bridging\"/>."
3248
msgstr ""
3249
3250
#: serverguide/C/vpn.xml:35(para)
3251
msgid "To install <application>openvpn</application> in a terminal enter:"
3252
msgstr ""
3253
3254
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3255
msgid "sudo apt-get install openvpn"
3256
msgstr ""
3257
3258
#: serverguide/C/vpn.xml:45(title)
3259
msgid "Server Certificates"
3260
msgstr ""
3261
3262
#: serverguide/C/vpn.xml:47(para)
3263
msgid ""
3264
"Now that the <application>openvpn</application> package is installed, the "
3265
"certificates for the VPN server need to be created."
3266
msgstr ""
3267
3268
#: serverguide/C/vpn.xml:52(para)
3269
msgid ""
3270
"First, copy the <filename>easy-rsa</filename> directory to "
3271
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3272
"scripts will not be lost when the package is updated. You will also need to "
3273
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3274
"the current user permission to create files. From a terminal enter:"
3275
msgstr ""
3276
3277
#: serverguide/C/vpn.xml:59(command)
3278
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3279
msgstr ""
3280
3281
#: serverguide/C/vpn.xml:60(command)
3282
msgid ""
3283
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3284
"rsa/"
3285
msgstr ""
3286
3287
#: serverguide/C/vpn.xml:61(command)
3288
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3289
msgstr ""
3290
3291
#: serverguide/C/vpn.xml:64(para)
3292
msgid ""
3293
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3294
"following to your environment:"
3295
msgstr ""
3296
3297
#: serverguide/C/vpn.xml:68(programlisting)
3298
#, no-wrap
3299
msgid ""
3300
"\n"
3301
"export KEY_COUNTRY=\"US\"\n"
3302
"export KEY_PROVINCE=\"NC\"\n"
3303
"export KEY_CITY=\"Winston-Salem\"\n"
3304
"export KEY_ORG=\"Example Company\"\n"
3305
"export KEY_EMAIL=\"steve@example.com\"\n"
3306
msgstr ""
3307
3308
#: serverguide/C/vpn.xml:76(para)
3309
msgid "Enter the following to create the server certificates:"
3310
msgstr ""
3311
3312
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3313
msgid "cd /etc/openvpn/easy-rsa/"
3314
msgstr ""
3315
3316
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3317
msgid "source vars"
3318
msgstr ""
3319
3320
#: serverguide/C/vpn.xml:83(command)
3321
msgid "./clean-all"
3322
msgstr ""
3323
3324
#: serverguide/C/vpn.xml:84(command)
3325
msgid "./build-dh"
3326
msgstr ""
3327
3328
#: serverguide/C/vpn.xml:85(command)
3329
msgid "./pkitool --initca"
3330
msgstr ""
3331
3332
#: serverguide/C/vpn.xml:86(command)
3333
msgid "./pkitool --server server"
3334
msgstr ""
3335
3336
#: serverguide/C/vpn.xml:87(command)
3337
msgid "cd keys"
3338
msgstr ""
3339
3340
#: serverguide/C/vpn.xml:88(command)
3341
msgid "openvpn --genkey --secret ta.key"
3342
msgstr ""
3343
3344
#: serverguide/C/vpn.xml:89(command)
3345
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3346
msgstr ""
3347
3348
#: serverguide/C/vpn.xml:94(title)
3349
msgid "Client Certificates"
3350
msgstr ""
3351
3352
#: serverguide/C/vpn.xml:96(para)
3353
msgid ""
3354
"The VPN client will also need a certificate to authenticate itself to the "
3355
"server. To create the certificate, enter the following in a terminal:"
3356
msgstr ""
3357
3358
#: serverguide/C/vpn.xml:104(command)
3359
msgid "./pkitool hostname"
3360
msgstr ""
3361
3362
#: serverguide/C/vpn.xml:108(para)
3363
msgid ""
3364
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3365
"machine connecting to the VPN."
3366
msgstr ""
3367
3368
#: serverguide/C/vpn.xml:113(para)
3369
msgid "Copy the following files to the client:"
3370
msgstr ""
3371
3372
#: serverguide/C/vpn.xml:118(para)
3373
msgid "/etc/openvpn/ca.crt"
3374
msgstr ""
3375
3376
#: serverguide/C/vpn.xml:119(para)
3377
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3378
msgstr ""
3379
3380
#: serverguide/C/vpn.xml:120(para)
3381
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3382
msgstr ""
3383
3384
#: serverguide/C/vpn.xml:121(para)
3385
msgid "/etc/openvpn/ta.key"
3386
msgstr ""
3387
3388
#: serverguide/C/vpn.xml:125(para)
3389
msgid ""
3390
"Remember to adjust the above file names for your client machine's "
3391
"<emphasis>hostname</emphasis>."
3392
msgstr ""
3393
3394
#: serverguide/C/vpn.xml:130(para)
3395
msgid ""
3396
"It is best to use a secure method to copy the certificate and key files. The "
3397
"<application>scp</application> utility is a good choice, but copying the "
3398
"files to removable media then to the client, also works well."
3399
msgstr ""
3400
3401
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3402
msgid "Server Configuration"
3403
msgstr ""
3404
3405
#: serverguide/C/vpn.xml:143(para)
3406
msgid ""
3407
"Now configure the <application>openvpn</application> server by creating "
3408
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3409
"terminal enter:"
3410
msgstr ""
3411
3412
#: serverguide/C/vpn.xml:149(command)
3413
msgid ""
3414
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3415
"/etc/openvpn/"
3416
msgstr ""
3417
3418
#: serverguide/C/vpn.xml:150(command)
3419
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3420
msgstr ""
3421
3422
#: serverguide/C/vpn.xml:153(para)
3423
msgid ""
3424
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3425
"options to:"
3426
msgstr ""
3427
3428
#: serverguide/C/vpn.xml:157(programlisting)
3429
#, no-wrap
3430
msgid ""
3431
"\n"
3432
"local 172.18.100.101\n"
3433
"dev tap0\n"
3434
"up \"/etc/openvpn/up.sh br0\"\n"
3435
"down \"/etc/openvpn/down.sh br0\"\n"
3436
";server 10.8.0.0 255.255.255.0\n"
3437
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3438
"push \"route 172.18.100.1 255.255.255.0\"\n"
3439
"push \"dhcp-option DNS 172.18.100.20\"\n"
3440
"push \"dhcp-option DOMAIN example.com\"\n"
3441
"tls-auth ta.key 0 # This file is secret\n"
3442
"user nobody\n"
3443
"group nogroup\n"
3444
msgstr ""
3445
3446
#: serverguide/C/vpn.xml:174(para)
3447
msgid ""
3448
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3449
msgstr ""
3450
3451
#: serverguide/C/vpn.xml:179(para)
3452
msgid ""
3453
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3454
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3455
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3456
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3457
"to clients."
3458
msgstr ""
3459
3460
#: serverguide/C/vpn.xml:186(para)
3461
msgid ""
3462
"<emphasis>push</emphasis>: are directives to add networking options for "
3463
"clients."
3464
msgstr ""
3465
3466
#: serverguide/C/vpn.xml:191(para)
3467
msgid ""
3468
"<emphasis>user and group</emphasis>: configure which user and group the "
3469
"<application>openvpn</application> daemon executes as."
3470
msgstr ""
3471
3472
#: serverguide/C/vpn.xml:198(para)
3473
msgid ""
3474
"Replace all IP addresses and domain names above with those of your network."
3475
msgstr ""
3476
3477
#: serverguide/C/vpn.xml:203(para)
3478
msgid ""
3479
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3480
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3481
msgstr ""
3482
3483
#: serverguide/C/vpn.xml:207(programlisting)
3484
#, no-wrap
3485
msgid ""
3486
"\n"
3487
"#!/bin/sh\n"
3488
"\n"
3489
"BR=$1\n"
3490
"DEV=$2\n"
3491
"MTU=$3\n"
3492
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3493
"/usr/sbin/brctl addif $BR $DEV\n"
3494
msgstr ""
3495
3496
#: serverguide/C/vpn.xml:217(para)
3497
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3498
msgstr ""
3499
3500
#: serverguide/C/vpn.xml:221(programlisting)
3501
#, no-wrap
3502
msgid ""
3503
"\n"
3504
"#!/bin/sh\n"
3505
"\n"
3506
"BR=$1\n"
3507
"DEV=$2\n"
3508
"\n"
3509
"/usr/sbin/brctl delif $BR $DEV\n"
3510
"/sbin/ifconfig $DEV down\n"
3511
msgstr ""
3512
3513
#: serverguide/C/vpn.xml:231(para)
3514
msgid "Then make them executable:"
3515
msgstr ""
3516
3517
#: serverguide/C/vpn.xml:236(command)
3518
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3519
msgstr ""
3520
3521
#: serverguide/C/vpn.xml:237(command)
3522
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3523
msgstr ""
3524
3525
#: serverguide/C/vpn.xml:240(para)
3526
msgid ""
3527
"After configuring the server, restart <application>openvpn</application> by "
3528
"entering:"
3529
msgstr ""
3530
3531
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3532
msgid "sudo /etc/init.d/openvpn restart"
3533
msgstr ""
3534
3535
#: serverguide/C/vpn.xml:250(title)
3536
msgid "Client Configuration"
3537
msgstr ""
3538
3539
#: serverguide/C/vpn.xml:252(para)
3540
msgid "First, install <application>openvpn</application> on the client:"
3541
msgstr ""
3542
3543
#: serverguide/C/vpn.xml:260(para)
3544
msgid ""
3545
"Then with the server configured and the client certificates copied to the "
3546
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3547
"file by copying the example. In a terminal on the client machine enter:"
3548
msgstr ""
3549
3550
#: serverguide/C/vpn.xml:266(command)
3551
msgid ""
3552
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3553
"/etc/openvpn"
3554
msgstr ""
3555
3556
#: serverguide/C/vpn.xml:269(para)
3557
msgid ""
3558
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3559
"following options:"
3560
msgstr ""
3561
3562
#: serverguide/C/vpn.xml:273(programlisting)
3563
#, no-wrap
3564
msgid ""
3565
"\n"
3566
"dev tap\n"
3567
"remote vpn.example.com 1194\n"
3568
"cert hostname.crt\n"
3569
"key hostname.key\n"
3570
"tls-auth ta.key 1\n"
3571
msgstr ""
3572
3573
#: serverguide/C/vpn.xml:282(para)
3574
msgid ""
3575
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3576
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3577
"key filenames."
3578
msgstr ""
3579
3580
#: serverguide/C/vpn.xml:288(para)
3581
msgid "Finally, restart <application>openvpn</application>:"
3582
msgstr ""
3583
3584
#: serverguide/C/vpn.xml:296(para)
3585
msgid "You should now be able to connect to the remote LAN through the VPN."
3586
msgstr ""
3587
3588
#: serverguide/C/vpn.xml:307(para)
3589
msgid ""
3590
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3591
"additional information."
3592
msgstr ""
3593
3594
#: serverguide/C/vpn.xml:312(para)
3595
msgid ""
3596
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3597
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3598
msgstr ""
3599
3600
#: serverguide/C/vpn.xml:318(para)
3601
msgid ""
3602
"Another source of further information is the <ulink "
3603
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3604
"OpenVPN</ulink> page."
3605
msgstr ""
3606
3607
#: serverguide/C/virtualization.xml:13(title)
3608
msgid "Virtualization"
3609
msgstr ""
3610
3611
#: serverguide/C/virtualization.xml:14(para)
3612
msgid ""
3613
"Virtualization is being adopted in many different environments and "
3614
"situations. If you are a developer, virtualization can provide you with a "
3615
"contained environment where you can safely do almost any sort of development "
3616
"safe from messing up your main working environment. If you are a systems "
3617
"administrator, you can use virtualization to more easily separate your "
3618
"services and move them around based on demand."
3619
msgstr ""
3620
3621
#: serverguide/C/virtualization.xml:20(para)
3622
msgid ""
3623
"The default virtualization technology supported in Ubuntu is "
3624
"<application>KVM</application>, a technology that takes advantage of "
3625
"virtualization extensions built into Intel and AMD hardware. For hardware "
3626
"without virtualization extensions <application>Xen</application> and "
3627
"<application>Qemu</application> are popular solutions."
3628
msgstr ""
3629
3630
#: serverguide/C/virtualization.xml:27(title)
3631
msgid "libvirt"
3632
msgstr ""
3633
3634
#: serverguide/C/virtualization.xml:28(para)
3635
msgid ""
3636
"The <application>libvirt</application> library is used to interface with "
3637
"different virtualization technologies. Before getting started with "
3638
"<application>libvirt</application> it is best to make sure your hardware "
3639
"supports the necessary virtualization extensions for "
3640
"<application>KVM</application>. Enter the following from a terminal prompt:"
3641
msgstr ""
3642
3643
#: serverguide/C/virtualization.xml:35(command)
3644
msgid "kvm-ok"
3645
msgstr ""
3646
3647
#: serverguide/C/virtualization.xml:37(para)
3648
msgid ""
3649
"A message will be printed informing you if your CPU "
3650
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3651
"virtualization."
3652
msgstr ""
3653
3654
#: serverguide/C/virtualization.xml:41(para)
3655
msgid ""
3656
"On most computer whose processor supports virtualization, it is necessary to "
3657
"activate an option in the BIOS to enable it."
3658
msgstr ""
3659
3660
#: serverguide/C/virtualization.xml:47(title)
3661
msgid "Virtual Networking"
3662
msgstr ""
3663
3664
#: serverguide/C/virtualization.xml:49(para)
3665
msgid ""
3666
"There are a few different ways to allow a virtual machine access to the "
3667
"external network. The default virtual network configuration is "
3668
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3669
"traffic is NATed through the host interface to the outside network."
3670
msgstr ""
3671
3672
#: serverguide/C/virtualization.xml:54(para)
3673
msgid ""
3674
"To enable external hosts to directly access services on virtual machines a "
3675
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3676
"interfaces to connect to the outside network through the physical interface, "
3677
"making them appear as normal hosts to the rest of the network. For "
3678
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3679
msgstr ""
3680
3681
#: serverguide/C/virtualization.xml:63(para)
3682
msgid "To install the necessary packages, from a terminal prompt enter:"
3683
msgstr ""
3684
3685
#: serverguide/C/virtualization.xml:67(command)
3686
msgid "sudo apt-get install kvm libvirt-bin"
3687
msgstr ""
3688
3689
#: serverguide/C/virtualization.xml:69(para)
3690
msgid ""
3691
"After installing <application>libvirt-bin</application>, the user used to "
3692
"manage virtual machines will need to be added to the "
3693
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3694
"the advanced networking options."
3695
msgstr ""
3696
3697
#: serverguide/C/virtualization.xml:73(para)
3698
msgid "In a terminal enter:"
3699
msgstr ""
3700
3701
#: serverguide/C/virtualization.xml:77(command)
3702
msgid "sudo adduser $USER libvirtd"
3703
msgstr ""
3704
3705
#: serverguide/C/virtualization.xml:80(para)
3706
msgid ""
3707
"If the user chosen is the current user, you will need to log out and back in "
3708
"for the new group membership to take effect."
3709
msgstr ""
3710
3711
#: serverguide/C/virtualization.xml:84(para)
3712
msgid ""
3713
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3714
"Installing a virtual machine follows the same process as installing the "
3715
"operating system directly on the hardware. You either need a way to automate "
3716
"the installation, or a keyboard and monitor will need to be attached to the "
3717
"physical machine."
3718
msgstr ""
3719
3720
#: serverguide/C/virtualization.xml:89(para)
3721
msgid ""
3722
"In the case of virtual machines a Graphical User Interface (GUI) is "
3723
"analogous to using a physical keyboard and mouse. Instead of installing a "
3724
"GUI the <application>virt-viewer</application> application can be used to "
3725
"connect to a virtual machine's console using <application>VNC</application>. "
3726
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3727
msgstr ""
3728
3729
#: serverguide/C/virtualization.xml:94(para)
3730
msgid ""
3731
"There are several ways to automate the Ubuntu installation process, for "
3732
"example using preseeds, kickstart, etc. Refer to the <ulink "
3733
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
3734
"Installation Guide</ulink> for details."
3735
msgstr ""
3736
3737
#: serverguide/C/virtualization.xml:98(para)
3738
msgid ""
3739
"Yet another way to install an Ubuntu virtual machine is to use "
3740
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3741
"builder</application> allows you to setup advanced partitions, execute "
3742
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3743
"vmbuilder\"/>"
3744
msgstr ""
3745
3746
#: serverguide/C/virtualization.xml:104(title)
3747
msgid "virt-install"
3748
msgstr ""
3749
3750
#: serverguide/C/virtualization.xml:105(para)
3751
msgid ""
3752
"<application>virt-install</application> is part of the <application>python-"
3753
"virtinst</application> package. To install it, from a terminal prompt enter:"
3754
msgstr ""
3755
3756
#: serverguide/C/virtualization.xml:109(command)
3757
msgid "sudo apt-get install python-virtinst"
3758
msgstr ""
3759
3760
#: serverguide/C/virtualization.xml:111(para)
3761
msgid ""
3762
"There are several options available when using <application>virt-"
3763
"install</application>. For example:"
3764
msgstr ""
3765
3766
#: serverguide/C/virtualization.xml:115(command)
3767
msgid ""
3768
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3769
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3770
msgstr ""
3771
3772
#: serverguide/C/virtualization.xml:122(para)
3773
msgid ""
3774
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3775
"be <emphasis>web_devel</emphasis> in this example."
3776
msgstr ""
3777
3778
#: serverguide/C/virtualization.xml:127(para)
3779
msgid ""
3780
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3781
"machine will use."
3782
msgstr ""
3783
3784
#: serverguide/C/virtualization.xml:132(para)
3785
msgid ""
3786
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3787
"disk which can be a file, partition, or logical volume. In this example a "
3788
"file named <filename>web_devel.img</filename>."
3789
msgstr ""
3790
3791
#: serverguide/C/virtualization.xml:138(para)
3792
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3793
msgstr ""
3794
3795
#: serverguide/C/virtualization.xml:143(para)
3796
msgid ""
3797
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3798
"file can be either an ISO file or the path to the host's CDROM device."
3799
msgstr ""
3800
3801
#: serverguide/C/virtualization.xml:149(para)
3802
msgid ""
3803
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3804
"technologies."
3805
msgstr ""
3806
3807
#: serverguide/C/virtualization.xml:154(para)
3808
msgid ""
3809
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3810
msgstr ""
3811
3812
#: serverguide/C/virtualization.xml:159(para)
3813
msgid ""
3814
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3815
"virtual machine's console."
3816
msgstr ""
3817
3818
#: serverguide/C/virtualization.xml:164(para)
3819
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3820
msgstr ""
3821
3822
#: serverguide/C/virtualization.xml:169(para)
3823
msgid ""
3824
"After launching <application>virt-install</application> you can connect to "
3825
"the virtual machine's console either locally using a GUI or with the "
3826
"<application>virt-viewer</application> utility."
3827
msgstr ""
3828
3829
#: serverguide/C/virtualization.xml:175(title)
3830
msgid "virt-clone"
3831
msgstr ""
3832
3833
#: serverguide/C/virtualization.xml:176(para)
3834
msgid ""
3835
"The <application>virt-clone</application> application can be used to copy "
3836
"one virtual machine to another. For example:"
3837
msgstr ""
3838
3839
#: serverguide/C/virtualization.xml:180(command)
3840
msgid ""
3841
"sudo virt-clone -o web_devel -n database_devel -f "
3842
"/path/to/database_devel.img --connect=qemu:///system"
3843
msgstr ""
3844
3845
#: serverguide/C/virtualization.xml:184(para)
3846
msgid "<emphasis>-o:</emphasis> original virtual machine."
3847
msgstr ""
3848
3849
#: serverguide/C/virtualization.xml:189(para)
3850
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3851
msgstr ""
3852
3853
#: serverguide/C/virtualization.xml:194(para)
3854
msgid ""
3855
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3856
"be used by the new virtual machine."
3857
msgstr ""
3858
3859
#: serverguide/C/virtualization.xml:199(para)
3860
msgid ""
3861
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3862
msgstr ""
3863
3864
#: serverguide/C/virtualization.xml:204(para)
3865
msgid ""
3866
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3867
"help troubleshoot problems with <application>virt-clone</application>."
3868
msgstr ""
3869
3870
#: serverguide/C/virtualization.xml:209(para)
3871
msgid ""
3872
"Replace <emphasis>web_devel</emphasis> and "
3873
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3874
msgstr ""
3875
3876
#: serverguide/C/virtualization.xml:215(title)
3877
msgid "Virtual Machine Management"
3878
msgstr ""
3879
3880
#: serverguide/C/virtualization.xml:217(title)
3881
msgid "virsh"
3882
msgstr ""
3883
3884
#: serverguide/C/virtualization.xml:218(para)
3885
msgid ""
3886
"There are several utilities available to manage virtual machines and "
3887
"<application>libvirt</application>. The <application>virsh</application> "
3888
"utility can be used from the command line. Some examples:"
3889
msgstr ""
3890
3891
#: serverguide/C/virtualization.xml:224(para)
3892
msgid "To list running virtual machines:"
3893
msgstr ""
3894
3895
#: serverguide/C/virtualization.xml:228(command)
3896
msgid "virsh -c qemu:///system list"
3897
msgstr ""
3898
3899
#: serverguide/C/virtualization.xml:232(para)
3900
msgid "To start a virtual machine:"
3901
msgstr ""
3902
3903
#: serverguide/C/virtualization.xml:236(command)
3904
msgid "virsh -c qemu:///system start web_devel"
3905
msgstr ""
3906
3907
#: serverguide/C/virtualization.xml:240(para)
3908
msgid "Similarly, to start a virtual machine at boot:"
3909
msgstr ""
3910
3911
#: serverguide/C/virtualization.xml:244(command)
3912
msgid "virsh -c qemu:///system autostart web_devel"
3913
msgstr ""
3914
3915
#: serverguide/C/virtualization.xml:248(para)
3916
msgid "Reboot a virtual machine with:"
3917
msgstr ""
3918
3919
#: serverguide/C/virtualization.xml:252(command)
3920
msgid "virsh -c qemu:///system reboot web_devel"
3921
msgstr ""
3922
3923
#: serverguide/C/virtualization.xml:256(para)
3924
msgid ""
3925
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3926
"order to be restored later. The following will save the virtual machine "
3927
"state into a file named according to the date:"
3928
msgstr ""
3929
3930
#: serverguide/C/virtualization.xml:261(command)
3931
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3932
msgstr ""
3933
3934
#: serverguide/C/virtualization.xml:263(para)
3935
msgid "Once saved the virtual machine will no longer be running."
3936
msgstr ""
3937
3938
#: serverguide/C/virtualization.xml:268(para)
3939
msgid "A saved virtual machine can be restored using:"
3940
msgstr ""
3941
3942
#: serverguide/C/virtualization.xml:272(command)
3943
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3944
msgstr ""
3945
3946
#: serverguide/C/virtualization.xml:276(para)
3947
msgid "To shutdown a virtual machine do:"
3948
msgstr ""
3949
3950
#: serverguide/C/virtualization.xml:280(command)
3951
msgid "virsh -c qemu:///system shutdown web_devel"
3952
msgstr ""
3953
3954
#: serverguide/C/virtualization.xml:284(para)
3955
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3956
msgstr ""
3957
3958
#: serverguide/C/virtualization.xml:288(command)
3959
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3960
msgstr ""
3961
3962
#: serverguide/C/virtualization.xml:293(para)
3963
msgid ""
3964
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3965
"appropriate virtual machine name, and <filename>web_devel-"
3966
"022708.state</filename> with a descriptive file name."
3967
msgstr ""
3968
3969
#: serverguide/C/virtualization.xml:300(title)
3970
msgid "Virtual Machine Manager"
3971
msgstr ""
3972
3973
#: serverguide/C/virtualization.xml:301(para)
3974
msgid ""
3975
"The <application>virt-manager</application> package contains a graphical "
3976
"utility to manage local and remote virtual machines. To install virt-manager "
3977
"enter:"
3978
msgstr ""
3979
3980
#: serverguide/C/virtualization.xml:306(command)
3981
msgid "sudo apt-get install virt-manager"
3982
msgstr ""
3983
3984
#: serverguide/C/virtualization.xml:308(para)
3985
msgid ""
3986
"Since <application>virt-manager</application> requires a Graphical User "
3987
"Interface (GUI) environment it is recommended to be installed on a "
3988
"workstation or test machine instead of a production server. To connect to "
3989
"the local <application>libvirt</application> service enter:"
3990
msgstr ""
3991
3992
#: serverguide/C/virtualization.xml:314(command)
3993
msgid "virt-manager -c qemu:///system"
3994
msgstr ""
3995
3996
#: serverguide/C/virtualization.xml:316(para)
3997
msgid ""
3998
"You can connect to the <application>libvirt</application> service running on "
3999
"another host by entering the following in a terminal prompt:"
4000
msgstr ""
4001
4002
#: serverguide/C/virtualization.xml:320(command)
4003
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
4004
msgstr ""
4005
4006
#: serverguide/C/virtualization.xml:323(para)
4007
msgid ""
4008
"The above example assumes that <application>SSH</application> connectivity "
4009
"between the management system and virtnode1.mydomain.com has already been "
4010
"configured, and uses SSH keys for authentication. SSH "
4011
"<emphasis>keys</emphasis> are needed because "
4012
"<application>libvirt</application> sends the password prompt to another "
4013
"process. For details on configuring <application>SSH</application> see <xref "
4014
"linkend=\"openssh-server\"/>"
4015
msgstr ""
4016
4017
#: serverguide/C/virtualization.xml:333(title)
4018
msgid "Virtual Machine Viewer"
4019
msgstr ""
4020
4021
#: serverguide/C/virtualization.xml:334(para)
4022
msgid ""
4023
"The <application>virt-viewer</application> application allows you to connect "
4024
"to a virtual machine's console. <application>virt-viewer</application> does "
4025
"require a Graphical User Interface (GUI) to interface with the virtual "
4026
"machine."
4027
msgstr ""
4028
4029
#: serverguide/C/virtualization.xml:338(para)
4030
msgid ""
4031
"To install <application>virt-viewer</application> from a terminal enter:"
4032
msgstr ""
4033
4034
#: serverguide/C/virtualization.xml:342(command)
4035
msgid "sudo apt-get install virt-viewer"
4036
msgstr ""
4037
4038
#: serverguide/C/virtualization.xml:344(para)
4039
msgid ""
4040
"Once a virtual machine is installed and running you can connect to the "
4041
"virtual machine's console by using:"
4042
msgstr ""
4043
4044
#: serverguide/C/virtualization.xml:348(command)
4045
msgid "virt-viewer -c qemu:///system web_devel"
4046
msgstr ""
4047
4048
#: serverguide/C/virtualization.xml:350(para)
4049
msgid ""
4050
"Similar to <application>virt-manager</application>, <application>virt-"
4051
"viewer</application> can connect to a remote host using "
4052
"<emphasis>SSH</emphasis> with key authentication, as well:"
4053
msgstr ""
4054
4055
#: serverguide/C/virtualization.xml:355(command)
4056
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4057
msgstr ""
4058
4059
#: serverguide/C/virtualization.xml:357(para)
4060
msgid ""
4061
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4062
"appropriate virtual machine name."
4063
msgstr ""
4064
4065
#: serverguide/C/virtualization.xml:360(para)
4066
msgid ""
4067
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4068
"can also setup <application>SSH</application> access to the virtual machine. "
4069
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4070
"more details."
4071
msgstr ""
4072
4073
#: serverguide/C/virtualization.xml:369(para)
4074
msgid ""
4075
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4076
"for more details."
4077
msgstr ""
4078
4079
#: serverguide/C/virtualization.xml:374(para)
4080
msgid ""
4081
"For more information on <application>libvirt</application> see the <ulink "
4082
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4083
msgstr ""
4084
4085
#: serverguide/C/virtualization.xml:379(para)
4086
msgid ""
4087
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4088
"Manager</ulink> site has more information on <application>virt-"
4089
"manager</application> development."
4090
msgstr ""
4091
4092
#: serverguide/C/virtualization.xml:385(para)
4093
msgid ""
4094
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4095
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4096
"technology in Ubuntu."
4097
msgstr ""
4098
4099
#: serverguide/C/virtualization.xml:391(para)
4100
msgid ""
4101
"Another good resource is the <ulink "
4102
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4103
msgstr ""
4104
4105
#: serverguide/C/virtualization.xml:399(title)
4106
msgid "JeOS and vmbuilder"
4107
msgstr ""
4108
4109
#: serverguide/C/virtualization.xml:405(title)
4110
msgid "What is JeOS"
4111
msgstr ""
4112
4113
#: serverguide/C/virtualization.xml:407(para)
4114
msgid ""
4115
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4116
"variant of the Ubuntu Server operating system, configured specifically for "
4117
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4118
"only as an option either:"
4119
msgstr ""
4120
4121
#: serverguide/C/virtualization.xml:414(para)
4122
msgid ""
4123
"While installing from the Server Edition ISO (pressing "
4124
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4125
"installation\", which is the package selection equivalent to JeOS)."
4126
msgstr ""
4127
4128
#: serverguide/C/virtualization.xml:420(para)
4129
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4130
msgstr ""
4131
4132
#: serverguide/C/virtualization.xml:426(para)
4133
msgid ""
4134
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4135
"kernel that only contains the base elements needed to run within a "
4136
"virtualized environment."
4137
msgstr ""
4138
4139
#: serverguide/C/virtualization.xml:431(para)
4140
msgid ""
4141
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4142
"in the latest virtualization products from VMware. This combination of "
4143
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4144
"delivers a highly efficient use of server resources in large virtual "
4145
"deployments."
4146
msgstr ""
4147
4148
#: serverguide/C/virtualization.xml:437(para)
4149
msgid ""
4150
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4151
"can configure their supporting OS exactly as they require. They have the "
4152
"peace of mind that updates, whether for security or enhancement reasons, "
4153
"will be limited to the bare minimum of what is required in their specific "
4154
"environment. In turn, users deploying virtual appliances built on top of "
4155
"JeOS will have to go through fewer updates and therefore less maintenance "
4156
"than they would have had to with a standard full installation of a server."
4157
msgstr ""
4158
4159
#: serverguide/C/virtualization.xml:446(title)
4160
msgid "What is vmbuilder"
4161
msgstr ""
4162
4163
#: serverguide/C/virtualization.xml:448(para)
4164
msgid ""
4165
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4166
"will fetch the various package and build a virtual machine tailored for your "
4167
"needs in about a minute. vmbuilder is a script that automates the process of "
4168
"creating a ready to use Linux based VM. The currently supported hypervisors "
4169
"are KVM and Xen."
4170
msgstr ""
4171
4172
#: serverguide/C/virtualization.xml:454(para)
4173
msgid ""
4174
"You can pass command line options to add extra packages, remove packages, "
4175
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4176
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4177
"a local mirror, you can bootstrap a VM in less than a minute."
4178
msgstr ""
4179
4180
#: serverguide/C/virtualization.xml:460(para)
4181
msgid ""
4182
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4183
"vm-builder</application> started with little emphasis as a hack to help "
4184
"developers test their new code in a virtual machine without having to "
4185
"restart from scratch each time. As a few Ubuntu administrators started to "
4186
"notice this script, a few of them went on improving it and adapting it for "
4187
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4188
"virtualization specialist, not the golf player) decided to rewrite it from "
4189
"scratch for Intrepid as a python script with a few new design goals:"
4190
msgstr ""
4191
4192
#: serverguide/C/virtualization.xml:470(para)
4193
msgid "Develop it so that it can be reused by other distributions."
4194
msgstr ""
4195
4196
#: serverguide/C/virtualization.xml:475(para)
4197
msgid ""
4198
"Use a plugin mechanisms for all virtualization interactions so that others "
4199
"can easily add logic for other virtualization environments."
4200
msgstr ""
4201
4202
#: serverguide/C/virtualization.xml:480(para)
4203
msgid ""
4204
"Provide an easy to maintain web interface as an option to the command line "
4205
"interface."
4206
msgstr ""
4207
4208
#: serverguide/C/virtualization.xml:486(para)
4209
msgid "But the general principles and commands remain the same."
4210
msgstr ""
4211
4212
#: serverguide/C/virtualization.xml:493(title)
4213
msgid "Initial Setup"
4214
msgstr ""
4215
4216
#: serverguide/C/virtualization.xml:495(para)
4217
msgid ""
4218
"It is assumed that you have installed and configured "
4219
"<application>libvirt</application> and <application>KVM</application> "
4220
"locally on the machine you are using. For details on how to perform this, "
4221
"please refer to:"
4222
msgstr ""
4223
4224
#: serverguide/C/virtualization.xml:507(para)
4225
msgid ""
4226
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4227
"page."
4228
msgstr ""
4229
4230
#: serverguide/C/virtualization.xml:513(para)
4231
msgid ""
4232
"We also assume that you know how to use a text based text editor such as "
4233
"nano or vi. If you have not used any of them before, you can get an overview "
4234
"of the various text editors available by reading the <ulink "
4235
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4236
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4237
"principle should remain on other virtualization technologies."
4238
msgstr ""
4239
4240
#: serverguide/C/virtualization.xml:521(title)
4241
msgid "Install vmbuilder"
4242
msgstr ""
4243
4244
#: serverguide/C/virtualization.xml:523(para)
4245
msgid ""
4246
"The name of the package that we need to install is <application>python-vm-"
4247
"builder</application>. In a terminal prompt enter:"
4248
msgstr ""
4249
4250
#: serverguide/C/virtualization.xml:528(command)
4251
msgid "sudo apt-get install python-vm-builder"
4252
msgstr ""
4253
4254
#: serverguide/C/virtualization.xml:532(para)
4255
msgid ""
4256
"If you are running Hardy, you can still perform most of this using the older "
4257
"version of the package named <application>ubuntu-vm-builder</application>, "
4258
"there are only a few changes to the syntax of the tool."
4259
msgstr ""
4260
4261
#: serverguide/C/virtualization.xml:541(title)
4262
msgid "Defining Your Virtual Machine"
4263
msgstr ""
4264
4265
#: serverguide/C/virtualization.xml:543(para)
4266
msgid ""
4267
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4268
"are a few thing to consider:"
4269
msgstr ""
4270
4271
#: serverguide/C/virtualization.xml:549(para)
4272
msgid ""
4273
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4274
"will know how to extend disk size to fit their need, so either plan for a "
4275
"large virtual disk to allow for your appliance to grow, or explain fairly "
4276
"well in your documentation how to allocate more space. It might actually be "
4277
"a good idea to store data on some separate external storage."
4278
msgstr ""
4279
4280
#: serverguide/C/virtualization.xml:556(para)
4281
msgid ""
4282
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4283
"whatever you think is a safe minimum for your appliance."
4284
msgstr ""
4285
4286
#: serverguide/C/virtualization.xml:562(para)
4287
msgid ""
4288
"The <application>vmbuilder</application> command has 2 main parameters: the "
4289
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4290
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4291
"and can be found using the following command:"
4292
msgstr ""
4293
4294
#: serverguide/C/virtualization.xml:568(command)
4295
msgid "vmbuilder --help"
4296
msgstr ""
4297
4298
#: serverguide/C/virtualization.xml:572(title)
4299
msgid "Base Parameters"
4300
msgstr ""
4301
4302
#: serverguide/C/virtualization.xml:574(para)
4303
msgid ""
4304
"As this example is based on <application>KVM</application> and Ubuntu 10.04 "
4305
"LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
4306
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4307
msgstr ""
4308
4309
#: serverguide/C/virtualization.xml:580(command)
4310
msgid ""
4311
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4312
"libvirt qemu:///system"
4313
msgstr ""
4314
4315
#: serverguide/C/virtualization.xml:583(para)
4316
msgid ""
4317
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4318
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4319
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4320
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4321
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4322
"libvirt</emphasis> tells to inform the local virtualization environment to "
4323
"add the resulting VM to the list of available machines."
4324
msgstr ""
4325
4326
#: serverguide/C/virtualization.xml:591(para)
4327
msgid "Notes:"
4328
msgstr ""
4329
4330
#: serverguide/C/virtualization.xml:597(para)
4331
msgid ""
4332
"Because of the nature of operations performed by vmbuilder, it needs to have "
4333
"root privilege, hence the use of sudo."
4334
msgstr ""
4335
4336
#: serverguide/C/virtualization.xml:602(para)
4337
msgid ""
4338
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4339
"a 64 bit machine (--arch amd64)."
4340
msgstr ""
4341
4342
#: serverguide/C/virtualization.xml:607(para)
4343
msgid ""
4344
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4345
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4346
"use <emphasis>--flavour</emphasis> server instead."
4347
msgstr ""
4348
4349
#: serverguide/C/virtualization.xml:615(title)
4350
msgid "JeOS Installation Parameters"
4351
msgstr ""
4352
4353
#: serverguide/C/virtualization.xml:618(title)
4354
msgid "JeOS Networking"
4355
msgstr ""
4356
4357
#: serverguide/C/virtualization.xml:621(title)
4358
msgid "Assigning a fixed IP address"
4359
msgstr ""
4360
4361
#: serverguide/C/virtualization.xml:623(para)
4362
msgid ""
4363
"As a virtual appliance that may be deployed on various very different "
4364
"networks, it is very difficult to know what the actual network will look "
4365
"like. In order to simplify configuration, it is a good idea to take an "
4366
"approach similar to what network hardware vendors usually do, namely "
4367
"assigning an initial fixed IP address to the appliance in a private class "
4368
"network that you will provide in your documentation. An address in the range "
4369
"192.168.0.0/255 is usually a good choice."
4370
msgstr ""
4371
4372
#: serverguide/C/virtualization.xml:630(para)
4373
msgid "To do this we'll use the following parameters:"
4374
msgstr ""
4375
4376
#: serverguide/C/virtualization.xml:636(para)
4377
msgid ""
4378
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4379
"dhcp if not specified)"
4380
msgstr ""
4381
4382
#: serverguide/C/virtualization.xml:641(para)
4383
msgid ""
4384
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4385
"255.255.255.0)"
4386
msgstr ""
4387
4388
#: serverguide/C/virtualization.xml:646(para)
4389
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4390
msgstr ""
4391
4392
#: serverguide/C/virtualization.xml:651(para)
4393
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4394
msgstr ""
4395
4396
#: serverguide/C/virtualization.xml:656(para)
4397
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4398
msgstr ""
4399
4400
#: serverguide/C/virtualization.xml:661(para)
4401
msgid ""
4402
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4403
msgstr ""
4404
4405
#: serverguide/C/virtualization.xml:667(para)
4406
msgid ""
4407
"We assume for now that default values are good enough, so the resulting "
4408
"invocation becomes:"
4409
msgstr ""
4410
4411
#: serverguide/C/virtualization.xml:672(command)
4412
msgid ""
4413
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4414
"libvirt qemu:///system --ip 192.168.0.100"
4415
msgstr ""
4416
4417
#: serverguide/C/virtualization.xml:677(title)
4418
msgid "Modifying the libvirt Template to use Bridging"
4419
msgstr ""
4420
4421
#: serverguide/C/virtualization.xml:679(para)
4422
msgid ""
4423
"Because our appliance will be likely to need to be accessed by remote hosts, "
4424
"we need to configure libvirt so that the appliance uses bridge networking. "
4425
"To do this we use vmbuilder template mechanism to modify the default one."
4426
msgstr ""
4427
4428
#: serverguide/C/virtualization.xml:684(para)
4429
msgid ""
4430
"In our working directory we create the template hierarchy and copy the "
4431
"default template:"
4432
msgstr ""
4433
4434
#: serverguide/C/virtualization.xml:689(command)
4435
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4436
msgstr ""
4437
4438
#: serverguide/C/virtualization.xml:690(command)
4439
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4440
msgstr ""
4441
4442
#: serverguide/C/virtualization.xml:693(para)
4443
msgid ""
4444
"We can then edit "
4445
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4446
"change:"
4447
msgstr ""
4448
4449
#: serverguide/C/virtualization.xml:697(programlisting)
4450
#, no-wrap
4451
msgid ""
4452
"\n"
4453
" <interface type='network'>\n"
4454
" <source network='default'/>\n"
4455
" </interface>\n"
4456
msgstr ""
4457
4458
#: serverguide/C/virtualization.xml:703(para)
4459
msgid "To:"
4460
msgstr ""
4461
4462
#: serverguide/C/virtualization.xml:707(programlisting)
4463
#, no-wrap
4464
msgid ""
4465
"\n"
4466
" <interface type='bridge'>\n"
4467
" <source bridge='br0'/>\n"
4468
" </interface>\n"
4469
msgstr ""
4470
4471
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4472
msgid "Partitioning"
4473
msgstr ""
4474
4475
#: serverguide/C/virtualization.xml:719(para)
4476
msgid ""
4477
"Partitioning of the virtual appliance will have to take into consideration "
4478
"what you are planning to do with is. Because most appliances want to have a "
4479
"separate storage for data, having a separate <filename>/var</filename> would "
4480
"make sense."
4481
msgstr ""
4482
4483
#: serverguide/C/virtualization.xml:724(para)
4484
msgid ""
4485
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4486
msgstr ""
4487
4488
#: serverguide/C/virtualization.xml:728(programlisting)
4489
#, no-wrap
4490
msgid ""
4491
"\n"
4492
"--part PATH\n"
4493
" Allows you to specify a partition table in a partition file, located at "
4494
"PATH. Each line of the partition file should specify\n"
4495
" (root first):\n"
4496
" mountpoint size\n"
4497
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4498
"disk starts on a\n"
4499
" line with ’---’. ie :\n"
4500
" root 1000\n"
4501
" /opt 1000\n"
4502
" swap 256\n"
4503
" ---\n"
4504
" /var 2000\n"
4505
" /log 1500\n"
4506
msgstr ""
4507
4508
#: serverguide/C/virtualization.xml:743(para)
4509
msgid ""
4510
"In our case we will define a text file name "
4511
"<filename>vmbuilder.partition</filename> which will contain the following:"
4512
msgstr ""
4513
4514
#: serverguide/C/virtualization.xml:747(programlisting)
4515
#, no-wrap
4516
msgid ""
4517
"\n"
4518
"root 8000\n"
4519
"swap 4000\n"
4520
"---\n"
4521
"/var 20000\n"
4522
msgstr ""
4523
4524
#: serverguide/C/virtualization.xml:755(para)
4525
msgid ""
4526
"Note that as we are using virtual disk images, the actual sizes that we put "
4527
"here are maximum sizes for these volumes."
4528
msgstr ""
4529
4530
#: serverguide/C/virtualization.xml:760(para)
4531
msgid "Our command line now looks like:"
4532
msgstr ""
4533
4534
#: serverguide/C/virtualization.xml:765(command)
4535
msgid ""
4536
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4537
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4538
msgstr ""
4539
4540
#: serverguide/C/virtualization.xml:770(para)
4541
msgid ""
4542
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4543
"next line."
4544
msgstr ""
4545
4546
#: serverguide/C/virtualization.xml:777(title)
4547
msgid "User and Password"
4548
msgstr ""
4549
4550
#: serverguide/C/virtualization.xml:779(para)
4551
msgid ""
4552
"Again setting up a virtual appliance, you will need to provide a default "
4553
"user and password that is generic so that you can include it in your "
4554
"documentation. We will see later on in this tutorial how we will provide "
4555
"some security by defining a script that will be run the first time a user "
4556
"actually logs in the appliance, that will, among other things, ask him to "
4557
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4558
"as my user name, and <emphasis>'default'</emphasis> as the password."
4559
msgstr ""
4560
4561
#: serverguide/C/virtualization.xml:787(para)
4562
msgid "To do this we use the following optional parameters:"
4563
msgstr ""
4564
4565
#: serverguide/C/virtualization.xml:793(para)
4566
msgid ""
4567
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4568
"Default: ubuntu."
4569
msgstr ""
4570
4571
#: serverguide/C/virtualization.xml:798(para)
4572
msgid ""
4573
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4574
"added. Default: Ubuntu."
4575
msgstr ""
4576
4577
#: serverguide/C/virtualization.xml:803(para)
4578
msgid ""
4579
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4580
"Default: ubuntu."
4581
msgstr ""
4582
4583
#: serverguide/C/virtualization.xml:809(para)
4584
msgid "Our resulting command line becomes:"
4585
msgstr ""
4586
4587
#: serverguide/C/virtualization.xml:814(command)
4588
msgid ""
4589
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4590
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
4591
"user user --name user --pass default"
4592
msgstr ""
4593
4594
#: serverguide/C/virtualization.xml:822(title)
4595
msgid "Installing Required Packages"
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:824(para)
4599
msgid ""
4600
"In this example we will be installing a package "
4601
"<application>(Limesurvey)</application> that accesses a "
4602
"<application>MySQL</application> database and has a web interface. We will "
4603
"therefore require our OS to provide us with:"
4604
msgstr ""
4605
4606
#: serverguide/C/virtualization.xml:831(para)
4607
msgid "Apache"
4608
msgstr ""
4609
4610
#: serverguide/C/virtualization.xml:832(para)
4611
msgid "PHP"
4612
msgstr ""
4613
4614
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4615
msgid "MySQL"
4616
msgstr ""
4617
4618
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:20(title)
4619
msgid "OpenSSH Server"
4620
msgstr ""
4621
4622
#: serverguide/C/virtualization.xml:835(para)
4623
msgid "Limesurvey (as an example application that we have packaged)"
4624
msgstr ""
4625
4626
#: serverguide/C/virtualization.xml:838(para)
4627
msgid ""
4628
"This is done using vmbuilder by specifying the --addpkg option multiple "
4629
"times:"
4630
msgstr ""
4631
4632
#: serverguide/C/virtualization.xml:842(programlisting)
4633
#, no-wrap
4634
msgid ""
4635
"\n"
4636
"--addpkg PKG\n"
4637
" Install PKG into the guest (can be specfied multiple times)\n"
4638
msgstr ""
4639
4640
#: serverguide/C/virtualization.xml:847(para)
4641
msgid ""
4642
"However, due to the way vmbuilder operates, packages that have to ask "
4643
"questions to the user during the post install phase are not supported and "
4644
"should instead be installed while interactivity can occur. This is the case "
4645
"of Limesurvey, which we will have to install later, once the user logs in."
4646
msgstr ""
4647
4648
#: serverguide/C/virtualization.xml:853(para)
4649
msgid ""
4650
"Other packages that ask simple debconf question, such as <application>mysql-"
4651
"server</application> asking to set a password, the package can be installed "
4652
"immediately, but we will have to reconfigure it the first time the user logs "
4653
"in."
4654
msgstr ""
4655
4656
#: serverguide/C/virtualization.xml:859(para)
4657
msgid ""
4658
"If some packages that we need to install are not in main, we need to enable "
4659
"the additional repositories using --comp and --ppa:"
4660
msgstr ""
4661
4662
#: serverguide/C/virtualization.xml:863(programlisting)
4663
#, no-wrap
4664
msgid ""
4665
"\n"
4666
"--components COMP1,COMP2,...,COMPN\n"
4667
" A comma separated list of distro components to include (e.g. "
4668
"main,universe). This defaults\n"
4669
" to \"main\"\n"
4670
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4671
msgstr ""
4672
4673
#: serverguide/C/virtualization.xml:870(para)
4674
msgid ""
4675
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4676
"PPA (personal package archive) address so that it is added to the VM "
4677
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4678
"to the command line:"
4679
msgstr ""
4680
4681
#: serverguide/C/virtualization.xml:876(command)
4682
msgid ""
4683
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4684
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4685
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4686
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4687
"server --ppa nijaba"
4688
msgstr ""
4689
4690
#: serverguide/C/virtualization.xml:883(title)
4691
msgid "OpenSSH"
4692
msgstr ""
4693
4694
#: serverguide/C/virtualization.xml:885(para)
4695
msgid ""
4696
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4697
"it will allow our admins to access the appliance remotely. However, pushing "
4698
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4699
"security risk as all these server will share the same secret key, making it "
4700
"very easy for hackers to target our appliance with all the tools they need "
4701
"to crack it open in a breeze. As for the user password, we will instead rely "
4702
"on a script that will install OpenSSH the first time a user logs in so that "
4703
"the key generated will be different for each appliance. For this we'll use a "
4704
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4705
"interaction."
4706
msgstr ""
4707
4708
#: serverguide/C/virtualization.xml:897(title)
4709
msgid "Speed Considerations"
4710
msgstr ""
4711
4712
#: serverguide/C/virtualization.xml:900(title)
4713
msgid "Package Caching"
4714
msgstr ""
4715
4716
#: serverguide/C/virtualization.xml:902(para)
4717
msgid ""
4718
"When vmbuilder creates builds your system, it has to go fetch each one of "
4719
"the packages that composes it over the network to one of the official "
4720
"repositories, which, depending on your internet connection speed and the "
4721
"load of the mirror, can have a big impact on the actual build time. In order "
4722
"to reduce this, it is recommended to either have a local repository (which "
4723
"can be created using <application>apt-mirror</application>) or using a "
4724
"caching proxy such as <application>apt-proxy</application>. The later option "
4725
"being much simpler to implement and requiring less disk space, it is the one "
4726
"we will pick in this tutorial. To install it, simply type:"
4727
msgstr ""
4728
4729
#: serverguide/C/virtualization.xml:912(command)
4730
msgid "sudo apt-get install apt-proxy"
4731
msgstr ""
4732
4733
#: serverguide/C/virtualization.xml:915(para)
4734
msgid ""
4735
"Once this is complete, your (empty) proxy is ready for use on "
4736
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4737
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4738
"option:"
4739
msgstr ""
4740
4741
#: serverguide/C/virtualization.xml:920(programlisting)
4742
#, no-wrap
4743
msgid ""
4744
"\n"
4745
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4746
" is http://archive.ubuntu.com/ubuntu for official\n"
4747
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4748
" otherwise\n"
4749
msgstr ""
4750
4751
#: serverguide/C/virtualization.xml:927(para)
4752
msgid "So we add to the command line:"
4753
msgstr ""
4754
4755
#: serverguide/C/virtualization.xml:932(command)
4756
msgid "--mirror http://mirroraddress:9999/ubuntu"
4757
msgstr ""
4758
4759
#: serverguide/C/virtualization.xml:936(para)
4760
msgid ""
4761
"The mirror address specified here will also be used in the "
4762
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4763
"is useful to specify here an address that can be resolved by the guest or to "
4764
"plan on reseting this address later on, such as in a <emphasis>--"
4765
"firstboot</emphasis> script."
4766
msgstr ""
4767
4768
#: serverguide/C/virtualization.xml:945(title)
4769
msgid "Install a Local Mirror"
4770
msgstr ""
4771
4772
#: serverguide/C/virtualization.xml:947(para)
4773
msgid ""
4774
"If we are in a larger environment, it may make sense to setup a local mirror "
4775
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4776
"script that will handle the mirroring for you. You should plan on having "
4777
"about 20 gigabyte of free space per supported release and architecture."
4778
msgstr ""
4779
4780
#: serverguide/C/virtualization.xml:953(para)
4781
msgid ""
4782
"By default, <application>apt-mirror</application> uses the configuration "
4783
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4784
"replicate only the architecture of the local machine. If you would like to "
4785
"support other architectures on your mirror, simply duplicate the lines "
4786
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4787
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4788
"archives as well, you will have:"
4789
msgstr ""
4790
4791
#: serverguide/C/virtualization.xml:960(programlisting)
4792
#, no-wrap
4793
msgid ""
4794
"\n"
4795
"deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4796
"multiverse \n"
4797
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4798
"multiverse\n"
4799
"\n"
4800
"deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
4801
"multiverse \n"
4802
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
4803
"universe multiverse \n"
4804
"\n"
4805
"deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
4806
"universe multiverse \n"
4807
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
4808
"universe multiverse \n"
4809
"\n"
4810
"deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
4811
"universe multiverse \n"
4812
"/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
4813
"universe multiverse \n"
4814
"\n"
4815
"deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4816
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4817
"installer \n"
4818
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4819
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4820
"installer \n"
4821
msgstr ""
4822
4823
#: serverguide/C/virtualization.xml:977(para)
4824
msgid ""
4825
"Notice that the source packages are not mirrored as they are seldom used "
4826
"compared to the binaries and they do take a lot more space, but they can be "
4827
"easily added to the list."
4828
msgstr ""
4829
4830
#: serverguide/C/virtualization.xml:982(para)
4831
msgid ""
4832
"Once the mirror has finished replicating (and this can be quite long), you "
4833
"need to configure Apache so that your mirror files (in "
4834
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4835
"default), are published by your Apache server. For more information on "
4836
"Apache see <xref linkend=\"httpd\"/>."
4837
msgstr ""
4838
4839
#: serverguide/C/virtualization.xml:991(title)
4840
msgid "Installing in a RAM Disk"
4841
msgstr ""
4842
4843
#: serverguide/C/virtualization.xml:993(para)
4844
msgid ""
4845
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4846
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4847
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4848
"-tmpfs</emphasis> will help you do just that:"
4849
msgstr ""
4850
4851
#: serverguide/C/virtualization.xml:999(programlisting)
4852
#, no-wrap
4853
msgid ""
4854
"\n"
4855
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4856
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4857
msgstr ""
4858
4859
#: serverguide/C/virtualization.xml:1004(para)
4860
msgid ""
4861
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4862
"have 1G of free ram."
4863
msgstr ""
4864
4865
#: serverguide/C/virtualization.xml:1011(title)
4866
msgid "Package the Application"
4867
msgstr ""
4868
4869
#: serverguide/C/virtualization.xml:1013(para)
4870
msgid "Two option are available to us:"
4871
msgstr ""
4872
4873
#: serverguide/C/virtualization.xml:1019(para)
4874
msgid ""
4875
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4876
"package. Since this is outside of the scope of this tutorial, we will not "
4877
"perform this here and invite the reader to read the documentation on how to "
4878
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4879
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4880
"repository for your package so that updates can be conveniently pulled from "
4881
"it. See the <ulink url=\"http://www.debian-"
4882
"administration.org/articles/286\">Debian Administration</ulink> article for "
4883
"a tutorial on this."
4884
msgstr ""
4885
4886
#: serverguide/C/virtualization.xml:1028(para)
4887
msgid ""
4888
"Manually install the application under <filename>/opt</filename> as "
4889
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4890
"guidelines</ulink>."
4891
msgstr ""
4892
4893
#: serverguide/C/virtualization.xml:1035(para)
4894
msgid ""
4895
"In our case we'll use <application>Limesurvey</application> as example web "
4896
"application for which we wish to provide a virtual appliance. As noted "
4897
"before, we've made a version of the package available in a PPA (Personal "
4898
"Package Archive)."
4899
msgstr ""
4900
4901
#: serverguide/C/virtualization.xml:1042(title)
4902
msgid "Finishing Install"
4903
msgstr ""
4904
4905
#: serverguide/C/virtualization.xml:1045(title)
4906
msgid "First Boot"
4907
msgstr ""
4908
4909
#: serverguide/C/virtualization.xml:1047(para)
4910
msgid ""
4911
"As we mentioned earlier, the first time the machine boots we'll need to "
4912
"install <application>openssh-server</application> so that the key generated "
4913
"for it is unique for each machine. To do this, we'll write a script called "
4914
"<filename>boot.sh</filename> as follows:"
4915
msgstr ""
4916
4917
#: serverguide/C/virtualization.xml:1053(programlisting)
4918
#, no-wrap
4919
msgid ""
4920
"\n"
4921
"# This script will run the first time the virtual machine boots\n"
4922
"# It is ran as root.\n"
4923
"\n"
4924
"apt-get update\n"
4925
"apt-get install -qqy --force-yes openssh-server\n"
4926
msgstr ""
4927
4928
#: serverguide/C/virtualization.xml:1061(para)
4929
msgid ""
4930
"And we add the <command>--firstboot boot.sh</command> option to our command "
4931
"line."
4932
msgstr ""
4933
4934
#: serverguide/C/virtualization.xml:1067(title)
4935
msgid "First Login"
4936
msgstr ""
4937
4938
#: serverguide/C/virtualization.xml:1069(para)
4939
msgid ""
4940
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4941
"set them up the first time a user logs in using a script named login.sh. "
4942
"We'll also use this script to let the user specify:"
4943
msgstr ""
4944
4945
#: serverguide/C/virtualization.xml:1075(para)
4946
msgid "His own password"
4947
msgstr ""
4948
4949
#: serverguide/C/virtualization.xml:1076(para)
4950
msgid "Define the keyboard and other locale info he wants to use"
4951
msgstr ""
4952
4953
#: serverguide/C/virtualization.xml:1079(para)
4954
msgid "So we'll define <filename>login.sh</filename> as follows:"
4955
msgstr ""
4956
4957
#: serverguide/C/virtualization.xml:1083(programlisting)
4958
#, no-wrap
4959
msgid ""
4960
"\n"
4961
"# This script is ran the first time a user logs in\n"
4962
"\n"
4963
"echo \"Your appliance is about to be finished to be set up.\"\n"
4964
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4965
"echo \"starting by changing your user password.\"\n"
4966
"\n"
4967
"passwd\n"
4968
"\n"
4969
"#give the opportunity to change the keyboard\n"
4970
"sudo dpkg-reconfigure console-setup\n"
4971
"\n"
4972
"#configure the mysql server root password\n"
4973
"sudo dpkg-reconfigure mysql-server-5.0\n"
4974
"\n"
4975
"#install limesurvey\n"
4976
"sudo apt-get install -qqy --force-yes limesurvey\n"
4977
"\n"
4978
"echo \"Your appliance is now configured. To use it point your\"\n"
4979
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4980
msgstr ""
4981
4982
#: serverguide/C/virtualization.xml:1105(para)
4983
msgid ""
4984
"And we add the <command>--firstlogin login.sh</command> option to our "
4985
"command line."
4986
msgstr ""
4987
4988
#: serverguide/C/virtualization.xml:1112(title)
4989
msgid "Useful Additions"
4990
msgstr ""
4991
4992
#: serverguide/C/virtualization.xml:1115(title)
4993
msgid "Configuring Automatic Updates"
4994
msgstr ""
4995
4996
#: serverguide/C/virtualization.xml:1117(para)
4997
msgid ""
4998
"To have your system be configured to update itself on a regular basis, we "
4999
"will just install <application>unattended-upgrades</application>, so we add "
5000
"the following option to our command line:"
5001
msgstr ""
5002
5003
#: serverguide/C/virtualization.xml:1123(command)
5004
msgid "--addpkg unattended-upgrades"
5005
msgstr ""
5006
5007
#: serverguide/C/virtualization.xml:1126(para)
5008
msgid ""
5009
"As we have put our application package in a PPA, the process will update not "
5010
"only the system, but also the application each time we update the version in "
5011
"the PPA."
5012
msgstr ""
5013
5014
#: serverguide/C/virtualization.xml:1133(title)
5015
msgid "ACPI Event Handling"
5016
msgstr ""
5017
5018
#: serverguide/C/virtualization.xml:1135(para)
5019
msgid ""
5020
"For your virtual machine to be able to handle restart and shutdown events it "
5021
"is being sent, it is a good idea to install the acpid package as well. To do "
5022
"this we just add the following option:"
5023
msgstr ""
5024
5025
#: serverguide/C/virtualization.xml:1141(command)
5026
msgid "--addpkg acpid"
5027
msgstr ""
5028
5029
#: serverguide/C/virtualization.xml:1147(title)
5030
msgid "Final Command"
5031
msgstr ""
5032
5033
#: serverguide/C/virtualization.xml:1149(para)
5034
msgid "Here is the command with all the options discussed above:"
5035
msgstr ""
5036
5037
#: serverguide/C/virtualization.xml:1154(command)
5038
msgid ""
5039
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
5040
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
5041
"user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
5042
"prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5043
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5044
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5045
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5046
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
5047
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
5048
"firstlogin login.sh es"
5049
msgstr ""
5050
5051
#: serverguide/C/virtualization.xml:1169(para)
5052
msgid ""
5053
"If you are interested in learning more, have questions or suggestions, "
5054
"please contact the Ubuntu Server Team at:"
5055
msgstr ""
5056
5057
#: serverguide/C/virtualization.xml:1174(para)
5058
msgid "IRC: #ubuntu-server on freenode"
5059
msgstr ""
5060
5061
#: serverguide/C/virtualization.xml:1179(para)
5062
msgid ""
5063
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5064
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5065
msgstr ""
5066
5067
#: serverguide/C/virtualization.xml:1184(para)
5068
msgid ""
5069
"Also, see the <ulink "
5070
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5071
"Wiki</ulink> page."
5072
msgstr ""
5073
5074
#: serverguide/C/virtualization.xml:1192(title)
5075
msgid "UEC"
5076
msgstr ""
5077
5078
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5079
msgid "Overview"
5080
msgstr ""
5081
5082
#: serverguide/C/virtualization.xml:1197(para)
5083
msgid ""
5084
"This tutorial covers <application>UEC</application> installation from the "
5085
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5086
"with a single system serving as the <emphasis>\"all-in-one "
5087
"controller\"</emphasis>, and one or more nodes attached."
5088
msgstr ""
5089
5090
#: serverguide/C/virtualization.xml:1202(para)
5091
msgid ""
5092
"From this Tutorial you will learn how to install, configure, register and "
5093
"perform several operations on a basic <application>UEC</application> setup "
5094
"that results in a cloud with a one controller <emphasis>\"front-"
5095
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5096
"instances. You will also use examples to help get you started using your own "
5097
"private compute cloud."
5098
msgstr ""
5099
5100
#: serverguide/C/virtualization.xml:1210(title)
5101
msgid "Prerequisites"
5102
msgstr ""
5103
5104
#: serverguide/C/virtualization.xml:1212(para)
5105
msgid ""
5106
"To deploy a minimal cloud infrastructure, you’ll need at least "
5107
"<emphasis>two</emphasis> dedicated systems:"
5108
msgstr ""
5109
5110
#: serverguide/C/virtualization.xml:1218(para)
5111
msgid "A front end."
5112
msgstr ""
5113
5114
#: serverguide/C/virtualization.xml:1223(para)
5115
msgid "One or more node(s)."
5116
msgstr ""
5117
5118
#: serverguide/C/virtualization.xml:1229(para)
5119
msgid ""
5120
"The following are recommendations, rather than fixed requirements. However, "
5121
"our experience in developing this documentation indicated the following "
5122
"suggestions."
5123
msgstr ""
5124
5125
#: serverguide/C/virtualization.xml:1234(title)
5126
msgid "Front End Requirements"
5127
msgstr ""
5128
5129
#: serverguide/C/virtualization.xml:1236(para)
5130
msgid "Use the following table for a system that will run one or more of:"
5131
msgstr ""
5132
5133
#: serverguide/C/virtualization.xml:1241(para)
5134
msgid "Cloud Controller (CLC)"
5135
msgstr ""
5136
5137
#: serverguide/C/virtualization.xml:1242(para)
5138
msgid "Cluster Controller (CC)"
5139
msgstr ""
5140
5141
#: serverguide/C/virtualization.xml:1243(para)
5142
msgid "Walrus (the S3-like storage service)"
5143
msgstr ""
5144
5145
#: serverguide/C/virtualization.xml:1244(para)
5146
msgid "Storage Controller (SC)"
5147
msgstr ""
5148
5149
#: serverguide/C/virtualization.xml:1248(title)
5150
msgid "UEC Front End Requirements"
5151
msgstr ""
5152
5153
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5154
msgid "Hardware"
5155
msgstr ""
5156
5157
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5158
msgid "Minimum"
5159
msgstr ""
5160
5161
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5162
msgid "Suggested"
5163
msgstr ""
5164
5165
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5166
msgid "Notes"
5167
msgstr ""
5168
5169
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5170
msgid "CPU"
5171
msgstr ""
5172
5173
#: serverguide/C/virtualization.xml:1265(para)
5174
msgid "1 GHz"
5175
msgstr ""
5176
5177
#: serverguide/C/virtualization.xml:1266(para)
5178
msgid "2 x 2 GHz"
5179
msgstr ""
5180
5181
#: serverguide/C/virtualization.xml:1267(para)
5182
msgid ""
5183
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5184
"a dual core processor."
5185
msgstr ""
5186
5187
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5188
msgid "Memory"
5189
msgstr ""
5190
5191
#: serverguide/C/virtualization.xml:1271(para)
5192
msgid "512 MB"
5193
msgstr ""
5194
5195
#: serverguide/C/virtualization.xml:1272(para)
5196
msgid "2 GB"
5197
msgstr ""
5198
5199
#: serverguide/C/virtualization.xml:1273(para)
5200
msgid "The Java web front end benefits from lots of available memory."
5201
msgstr ""
5202
5203
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5204
msgid "Disk"
5205
msgstr ""
5206
5207
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5208
msgid "5400 RPM IDE"
5209
msgstr ""
5210
5211
#: serverguide/C/virtualization.xml:1278(para)
5212
msgid "7200 RPM SATA"
5213
msgstr ""
5214
5215
#: serverguide/C/virtualization.xml:1279(para)
5216
msgid ""
5217
"Slower disks will work, but will yield much longer instance startup times."
5218
msgstr ""
5219
5220
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5221
msgid "Disk Space"
5222
msgstr ""
5223
5224
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5225
msgid "40 GB"
5226
msgstr ""
5227
5228
#: serverguide/C/virtualization.xml:1284(para)
5229
msgid "200 GB"
5230
msgstr ""
5231
5232
#: serverguide/C/virtualization.xml:1285(para)
5233
msgid ""
5234
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5235
"does not like to run out of disk space."
5236
msgstr ""
5237
5238
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5239
msgid "Networking"
5240
msgstr ""
5241
5242
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5243
msgid "100 Mbps"
5244
msgstr ""
5245
5246
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5247
msgid "1000 Mbps"
5248
msgstr ""
5249
5250
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5251
msgid ""
5252
"Machine images are hundreds of MB, and need to be copied over the network to "
5253
"nodes."
5254
msgstr ""
5255
5256
#: serverguide/C/virtualization.xml:1299(title)
5257
msgid "Node Requirements"
5258
msgstr ""
5259
5260
#: serverguide/C/virtualization.xml:1301(para)
5261
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5262
msgstr ""
5263
5264
#: serverguide/C/virtualization.xml:1306(para)
5265
msgid "the Node Controller (NC)"
5266
msgstr ""
5267
5268
#: serverguide/C/virtualization.xml:1310(title)
5269
msgid "UEC Node Requirements"
5270
msgstr ""
5271
5272
#: serverguide/C/virtualization.xml:1327(para)
5273
msgid "VT Extensions"
5274
msgstr ""
5275
5276
#: serverguide/C/virtualization.xml:1328(para)
5277
msgid "VT, 64-bit, Multicore"
5278
msgstr ""
5279
5280
#: serverguide/C/virtualization.xml:1329(para)
5281
msgid ""
5282
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5283
"only run 1 VM per CPU core on a Node."
5284
msgstr ""
5285
5286
#: serverguide/C/virtualization.xml:1333(para)
5287
msgid "1 GB"
5288
msgstr ""
5289
5290
#: serverguide/C/virtualization.xml:1334(para)
5291
msgid "4 GB"
5292
msgstr ""
5293
5294
#: serverguide/C/virtualization.xml:1335(para)
5295
msgid "Additional memory means more, and larger guests."
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1340(para)
5299
msgid "7200 RPM SATA or SCSI"
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1341(para)
5303
msgid ""
5304
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5305
"bottleneck."
5306
msgstr ""
5307
5308
#: serverguide/C/virtualization.xml:1346(para)
5309
msgid "100 GB"
5310
msgstr ""
5311
5312
#: serverguide/C/virtualization.xml:1347(para)
5313
msgid ""
5314
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5315
"space."
5316
msgstr ""
5317
5318
#: serverguide/C/virtualization.xml:1363(title)
5319
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5320
msgstr ""
5321
5322
#: serverguide/C/virtualization.xml:1367(para)
5323
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5324
msgstr ""
5325
5326
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5327
msgid ""
5328
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5329
msgstr ""
5330
5331
#: serverguide/C/virtualization.xml:1377(para)
5332
msgid ""
5333
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5334
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5335
msgstr ""
5336
5337
#: serverguide/C/virtualization.xml:1383(para)
5338
msgid ""
5339
"It will ask two other cloud-specific questions during the course of the "
5340
"install:"
5341
msgstr ""
5342
5343
#: serverguide/C/virtualization.xml:1388(para)
5344
msgid "Name of your cluster."
5345
msgstr ""
5346
5347
#: serverguide/C/virtualization.xml:1391(para)
5348
msgid "e.g. <emphasis>cluster1</emphasis>."
5349
msgstr ""
5350
5351
#: serverguide/C/virtualization.xml:1394(para)
5352
msgid ""
5353
"A range of public IP addresses on the LAN that the cloud can allocate to "
5354
"instances."
5355
msgstr ""
5356
5357
#: serverguide/C/virtualization.xml:1397(para)
5358
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5359
msgstr ""
5360
5361
#: serverguide/C/virtualization.xml:1405(title)
5362
msgid "Installing the Node Controller(s)"
5363
msgstr ""
5364
5365
#: serverguide/C/virtualization.xml:1407(para)
5366
msgid ""
5367
"The node controller install is even simpler. Just make sure that you are "
5368
"connected to the network on which the cloud/cluster controller is already "
5369
"running."
5370
msgstr ""
5371
5372
#: serverguide/C/virtualization.xml:1413(para)
5373
msgid "Boot from the same ISO on the node(s)."
5374
msgstr ""
5375
5376
#: serverguide/C/virtualization.xml:1423(para)
5377
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5378
msgstr ""
5379
5380
#: serverguide/C/virtualization.xml:1428(para)
5381
msgid ""
5382
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5383
"install for you."
5384
msgstr ""
5385
5386
#: serverguide/C/virtualization.xml:1433(para)
5387
msgid "Confirm the partitioning scheme."
5388
msgstr ""
5389
5390
#: serverguide/C/virtualization.xml:1438(para)
5391
msgid ""
5392
"The rest of the installation should proceed uninterrupted; complete the "
5393
"installation and reboot the node."
5394
msgstr ""
5395
5396
#: serverguide/C/virtualization.xml:1446(title)
5397
msgid "Register the Node(s)"
5398
msgstr ""
5399
5400
#: serverguide/C/virtualization.xml:1448(para)
5401
msgid ""
5402
"Nodes are the physical systems within <application>UEC</application> that "
5403
"actually run the virtual machine instances of the cloud."
5404
msgstr ""
5405
5406
#: serverguide/C/virtualization.xml:1452(para)
5407
msgid ""
5408
"Once one or more Ubuntu Server node(s) are installed and running the "
5409
"<application>eucalyptus-nc</application> service, log onto the "
5410
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5411
msgstr ""
5412
5413
#: serverguide/C/virtualization.xml:1458(command)
5414
msgid "sudo euca_conf --no-rsync --discover-nodes"
5415
msgstr ""
5416
5417
#: serverguide/C/virtualization.xml:1461(para)
5418
msgid ""
5419
"This will discover the systems on the network running the "
5420
"<application>eucalyptus-nc</application> service, and the administrator can "
5421
"confirm the registration of each node by its IP address."
5422
msgstr ""
5423
5424
#: serverguide/C/virtualization.xml:1467(para)
5425
msgid ""
5426
"If you get prompted for passwords, or receive errors from scp, you may need "
5427
"to revisit the key synchronization instructions at <ulink "
5428
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5429
"lation</ulink>."
5430
msgstr ""
5431
5432
#: serverguide/C/virtualization.xml:1475(title)
5433
msgid "Obtain Credentials"
5434
msgstr ""
5435
5436
#: serverguide/C/virtualization.xml:1477(para)
5437
msgid ""
5438
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5439
"users of the cloud will need to retrieve their credentials. This can be done "
5440
"either through a web browser, or at the command line."
5441
msgstr ""
5442
5443
#: serverguide/C/virtualization.xml:1483(title)
5444
msgid "From a Web Browser"
5445
msgstr ""
5446
5447
#: serverguide/C/virtualization.xml:1487(para)
5448
msgid ""
5449
"From your web browser (either remotely or on your Ubuntu server) access the "
5450
"following URL:"
5451
msgstr ""
5452
5453
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5454
#, no-wrap
5455
msgid ""
5456
"\n"
5457
"https://<cloud-controller-ip-address>:8443/\n"
5458
msgstr ""
5459
5460
#: serverguide/C/virtualization.xml:1495(para)
5461
msgid ""
5462
"You must use a secure connection, so make sure you use \"https\" not "
5463
"\"http\" in your URL. You will get a security certificate warning. You will "
5464
"have to add an exception to view the page. If you do not accept it you will "
5465
"not be able to view the Eucalyptus configuration page."
5466
msgstr ""
5467
5468
#: serverguide/C/virtualization.xml:1503(para)
5469
msgid ""
5470
"Use username <emphasis>'admin'</emphasis> and password "
5471
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5472
"to change your password)."
5473
msgstr ""
5474
5475
#: serverguide/C/virtualization.xml:1509(para)
5476
msgid ""
5477
"Then follow the on-screen instructions to update the admin password and "
5478
"email address."
5479
msgstr ""
5480
5481
#: serverguide/C/virtualization.xml:1514(para)
5482
msgid ""
5483
"Once the first time configuration process is completed, click the "
5484
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5485
"the screen."
5486
msgstr ""
5487
5488
#: serverguide/C/virtualization.xml:1520(para)
5489
msgid ""
5490
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5491
"certificates."
5492
msgstr ""
5493
5494
#: serverguide/C/virtualization.xml:1525(para)
5495
msgid "Save them to <filename>~/.euca</filename>."
5496
msgstr ""
5497
5498
#: serverguide/C/virtualization.xml:1530(para)
5499
msgid ""
5500
"Unzip the downloaded zip file into a safe location "
5501
"(<filename>~/.euca</filename>)."
5502
msgstr ""
5503
5504
#: serverguide/C/virtualization.xml:1534(command)
5505
msgid "unzip -d ~/.euca mycreds.zip"
5506
msgstr ""
5507
5508
#: serverguide/C/virtualization.xml:1541(title)
5509
msgid "From a Command Line"
5510
msgstr ""
5511
5512
#: serverguide/C/virtualization.xml:1545(para)
5513
msgid ""
5514
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5515
"Controller</emphasis>, you can run:"
5516
msgstr ""
5517
5518
#: serverguide/C/virtualization.xml:1549(command)
5519
msgid "mkdir -p ~/.euca"
5520
msgstr ""
5521
5522
#: serverguide/C/virtualization.xml:1550(command)
5523
msgid "chmod 700 ~/.euca"
5524
msgstr ""
5525
5526
#: serverguide/C/virtualization.xml:1551(command)
5527
msgid "cd ~/.euca"
5528
msgstr ""
5529
5530
#: serverguide/C/virtualization.xml:1552(command)
5531
msgid "sudo euca_conf --get-credentials mycreds.zip"
5532
msgstr ""
5533
5534
#: serverguide/C/virtualization.xml:1553(command)
5535
msgid "unzip mycreds.zip"
5536
msgstr ""
5537
5538
#: serverguide/C/virtualization.xml:1554(command)
5539
msgid "cd -"
5540
msgstr ""
5541
5542
#: serverguide/C/virtualization.xml:1561(title)
5543
msgid "Extracting and Using Your Credentials"
5544
msgstr ""
5545
5546
#: serverguide/C/virtualization.xml:1563(para)
5547
msgid ""
5548
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5549
"certificates."
5550
msgstr ""
5551
5552
#: serverguide/C/virtualization.xml:1569(para)
5553
msgid ""
5554
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5555
"Eucalyptus environment:"
5556
msgstr ""
5557
5558
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5559
msgid ". ~/.euca/eucarc"
5560
msgstr ""
5561
5562
#: serverguide/C/virtualization.xml:1577(para)
5563
msgid ""
5564
"You may additionally wish to add this command to your "
5565
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5566
"set up automatically when you log in. Eucalyptus treats this set of "
5567
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5568
"the holder global privileges across the cloud. As such, they should be "
5569
"protected in the same way that other elevated-priority access is protected "
5570
"(e.g. should not be made visible to the general user population)."
5571
msgstr ""
5572
5573
#: serverguide/C/virtualization.xml:1584(command)
5574
msgid ""
5575
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5576
msgstr ""
5577
5578
#: serverguide/C/virtualization.xml:1588(para)
5579
msgid "Install the required cloud user tools:"
5580
msgstr ""
5581
5582
#: serverguide/C/virtualization.xml:1592(command)
5583
msgid "sudo apt-get install euca2ools"
5584
msgstr ""
5585
5586
#: serverguide/C/virtualization.xml:1596(para)
5587
msgid ""
5588
"To validate that everything is working correctly, get the local cluster "
5589
"availability details:"
5590
msgstr ""
5591
5592
#: serverguide/C/virtualization.xml:1601(command)
5593
msgid "euca-describe-availability-zones verbose"
5594
msgstr ""
5595
5596
#: serverguide/C/virtualization.xml:1602(computeroutput)
5597
#, no-wrap
5598
msgid ""
5599
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5600
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5601
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5602
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5603
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5604
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5605
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5606
msgstr ""
5607
5608
#: serverguide/C/virtualization.xml:1612(para)
5609
msgid "Your output from the above command will vary."
5610
msgstr ""
5611
5612
#: serverguide/C/virtualization.xml:1622(title)
5613
msgid "Running an Image"
5614
msgstr ""
5615
5616
#: serverguide/C/virtualization.xml:1624(para)
5617
msgid "There are multiple ways to instantiate an image in UEC:"
5618
msgstr ""
5619
5620
#: serverguide/C/virtualization.xml:1629(para)
5621
msgid "Use the command line."
5622
msgstr ""
5623
5624
#: serverguide/C/virtualization.xml:1630(para)
5625
msgid ""
5626
"Use one of the UEC compatible management tools such as "
5627
"<emphasis>Landscape</emphasis>."
5628
msgstr ""
5629
5630
#: serverguide/C/virtualization.xml:1632(para)
5631
msgid ""
5632
"Use the <ulink "
5633
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5634
"extension to Firefox."
5635
msgstr ""
5636
5637
#: serverguide/C/virtualization.xml:1638(para)
5638
msgid "Here we will describe the process from the command line:"
5639
msgstr ""
5640
5641
#: serverguide/C/virtualization.xml:1644(para)
5642
msgid ""
5643
"Before running an instance of your image, you should first create a "
5644
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5645
"instance as root, once it boots. The key is stored, so you will only have to "
5646
"do this once."
5647
msgstr ""
5648
5649
#: serverguide/C/virtualization.xml:1648(para)
5650
msgid "Run the following command:"
5651
msgstr ""
5652
5653
#: serverguide/C/virtualization.xml:1651(programlisting)
5654
#, no-wrap
5655
msgid ""
5656
"\n"
5657
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5658
" touch ~/.euca/mykey.priv\n"
5659
" chmod 0600 ~/.euca/mykey.priv\n"
5660
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5661
"fi\n"
5662
msgstr ""
5663
5664
#: serverguide/C/virtualization.xml:1659(para)
5665
msgid ""
5666
"You can call your key whatever you like (in this example, the key is called "
5667
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5668
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5669
"a list of created keys stored in the system."
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1666(para)
5673
msgid "You must also allow access to port 22 in your instances:"
5674
msgstr ""
5675
5676
#: serverguide/C/virtualization.xml:1670(command)
5677
msgid "euca-describe-groups"
5678
msgstr ""
5679
5680
#: serverguide/C/virtualization.xml:1671(command)
5681
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5682
msgstr ""
5683
5684
#: serverguide/C/virtualization.xml:1675(para)
5685
msgid "Next, you can create instances of your registered image:"
5686
msgstr ""
5687
5688
#: serverguide/C/virtualization.xml:1679(command)
5689
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
5690
msgstr ""
5691
5692
#: serverguide/C/virtualization.xml:1682(para)
5693
msgid ""
5694
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5695
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5696
"on the <emphasis>Store</emphasis> page to see the sample command."
5697
msgstr ""
5698
5699
#: serverguide/C/virtualization.xml:1689(para)
5700
msgid ""
5701
"The first time you run an instance, the system will be setting up caches for "
5702
"the image from which it will be created. This can often take some time the "
5703
"first time an instance is run given that VM images are usually quite large."
5704
msgstr ""
5705
5706
#: serverguide/C/virtualization.xml:1693(para)
5707
msgid "To monitor the state of your instance, run:"
5708
msgstr ""
5709
5710
#: serverguide/C/virtualization.xml:1697(command)
5711
msgid "watch -n5 euca-describe-instances"
5712
msgstr ""
5713
5714
#: serverguide/C/virtualization.xml:1699(para)
5715
msgid ""
5716
"In the output, you should see information about the instance, including its "
5717
"state. While first-time caching is being performed, the instance's state "
5718
"will be <emphasis>'pending'</emphasis>."
5719
msgstr ""
5720
5721
#: serverguide/C/virtualization.xml:1705(para)
5722
msgid ""
5723
"When the instance is fully started, the above state will become "
5724
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5725
"instance in the output, then connect to it:"
5726
msgstr ""
5727
5728
#: serverguide/C/virtualization.xml:1710(command)
5729
msgid ""
5730
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5731
"'{print $4}')"
5732
msgstr ""
5733
5734
#: serverguide/C/virtualization.xml:1711(command)
5735
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5736
msgstr ""
5737
5738
#: serverguide/C/virtualization.xml:1715(para)
5739
msgid ""
5740
"And when you are done with this instance, exit your SSH connection, then "
5741
"terminate your instance:"
5742
msgstr ""
5743
5744
#: serverguide/C/virtualization.xml:1719(command)
5745
msgid ""
5746
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5747
"awk '{print $2}')"
5748
msgstr ""
5749
5750
#: serverguide/C/virtualization.xml:1720(command)
5751
msgid "euca-terminate-instances $INSTANCEID"
5752
msgstr ""
5753
5754
#: serverguide/C/virtualization.xml:1727(title)
5755
msgid "Install an Image from the Store"
5756
msgstr ""
5757
5758
#: serverguide/C/virtualization.xml:1729(para)
5759
msgid ""
5760
"The following is by far the simplest way to install an image. However, "
5761
"advanced users may be interested in learning how to <ulink "
5762
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5763
"own image</ulink>."
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1734(para)
5767
msgid ""
5768
"The simplest way to add an image to <application>UEC</application> is to "
5769
"install it from the Image Store on the UEC web interface."
5770
msgstr ""
5771
5772
#: serverguide/C/virtualization.xml:1740(para)
5773
msgid ""
5774
"Access the web interface at the following URL (Make sure you specify https):"
5775
msgstr ""
5776
5777
#: serverguide/C/virtualization.xml:1748(para)
5778
msgid ""
5779
"Enter your login and password (if requested, as you may still be logged in "
5780
"from earlier)."
5781
msgstr ""
5782
5783
#: serverguide/C/virtualization.xml:1753(para)
5784
msgid "Click on the <emphasis>Store</emphasis> tab."
5785
msgstr ""
5786
5787
#: serverguide/C/virtualization.xml:1758(para)
5788
msgid "Browse available images."
5789
msgstr ""
5790
5791
#: serverguide/C/virtualization.xml:1763(para)
5792
msgid "Click on <emphasis>install</emphasis> for the image you want."
5793
msgstr ""
5794
5795
#: serverguide/C/virtualization.xml:1769(para)
5796
msgid ""
5797
"Once the image has been downloaded and installed, you can click on "
5798
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5799
"button to view the command to execute to instantiate (start) this image. The "
5800
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5801
"tab."
5802
msgstr ""
5803
5804
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
5805
msgid "More Information"
5806
msgstr ""
5807
5808
#: serverguide/C/virtualization.xml:1779(para)
5809
msgid ""
5810
"How to use the <ulink "
5811
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
5812
"Controller</ulink>"
5813
msgstr ""
5814
5815
#: serverguide/C/virtualization.xml:1783(para)
5816
msgid "Controlling eucalyptus services:"
5817
msgstr ""
5818
5819
#: serverguide/C/virtualization.xml:1788(para)
5820
msgid ""
5821
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
5822
msgstr ""
5823
5824
#: serverguide/C/virtualization.xml:1789(para)
5825
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
5826
msgstr ""
5827
5828
#: serverguide/C/virtualization.xml:1792(para)
5829
msgid "Locations of some important files:"
5830
msgstr ""
5831
5832
#: serverguide/C/virtualization.xml:1799(emphasis)
5833
msgid "Log files:"
5834
msgstr ""
5835
5836
#: serverguide/C/virtualization.xml:1802(para)
5837
msgid "/var/log/eucalyptus"
5838
msgstr ""
5839
5840
#: serverguide/C/virtualization.xml:1807(emphasis)
5841
msgid "Configuration files:"
5842
msgstr ""
5843
5844
#: serverguide/C/virtualization.xml:1810(para)
5845
msgid "/etc/eucalyptus"
5846
msgstr ""
5847
5848
#: serverguide/C/virtualization.xml:1815(emphasis)
5849
msgid "Database:"
5850
msgstr ""
5851
5852
#: serverguide/C/virtualization.xml:1818(para)
5853
msgid "/var/lib/eucalyptus/db"
5854
msgstr ""
5855
5856
#: serverguide/C/virtualization.xml:1823(emphasis)
5857
msgid "Keys:"
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:1826(para)
5861
msgid "/var/lib/eucalyptus"
5862
msgstr ""
5863
5864
#: serverguide/C/virtualization.xml:1827(para)
5865
msgid "/var/lib/eucalyptus/.ssh"
5866
msgstr ""
5867
5868
#: serverguide/C/virtualization.xml:1833(para)
5869
msgid ""
5870
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
5871
"running the client tools."
5872
msgstr ""
5873
5874
#: serverguide/C/virtualization.xml:1844(para)
5875
msgid ""
5876
"For information on loading instances see the <ulink "
5877
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5878
"page."
5879
msgstr ""
5880
5881
#: serverguide/C/virtualization.xml:1849(para)
5882
msgid ""
5883
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
5884
"documentation, downloads)</ulink>."
5885
msgstr ""
5886
5887
#: serverguide/C/virtualization.xml:1854(para)
5888
msgid ""
5889
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
5890
"(bugs, code)</ulink>."
5891
msgstr ""
5892
5893
#: serverguide/C/virtualization.xml:1859(para)
5894
msgid ""
5895
"<ulink "
5896
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
5897
"ptus Troubleshooting (1.5)</ulink>."
5898
msgstr ""
5899
5900
#: serverguide/C/virtualization.xml:1864(para)
5901
msgid ""
5902
"<ulink url=\"http://support.rightscale.com/2._References/02-"
5903
"Cloud_Infrastructures/Eucalyptus/03-"
5904
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
5905
"RightScale</ulink>."
5906
msgstr ""
5907
5908
#: serverguide/C/virtualization.xml:1870(para)
5909
msgid ""
5910
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5911
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5912
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5913
msgstr ""
5914
5915
#: serverguide/C/virtualization.xml:1879(title)
5916
msgid "Glossary"
5917
msgstr ""
5918
5919
#: serverguide/C/virtualization.xml:1881(para)
5920
msgid ""
5921
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
5922
"unfamiliar to some readers. This page is intended to provide a glossary of "
5923
"such terms and acronyms."
5924
msgstr ""
5925
5926
#: serverguide/C/virtualization.xml:1888(para)
5927
msgid ""
5928
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
5929
"computing resources through virtual machines, provisioned and recollected "
5930
"dynamically."
5931
msgstr ""
5932
5933
#: serverguide/C/virtualization.xml:1894(para)
5934
msgid ""
5935
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
5936
"provides the web UI (an https server on port 8443), and implements the "
5937
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
5938
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
5939
"cloud</application> package."
5940
msgstr ""
5941
5942
#: serverguide/C/virtualization.xml:1901(para)
5943
msgid ""
5944
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
5945
"Cluster Controller. There can be more than one Cluster in an installation of "
5946
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
5947
"floor2, floor2)."
5948
msgstr ""
5949
5950
#: serverguide/C/virtualization.xml:1907(para)
5951
msgid ""
5952
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
5953
"manages collections of node resources. This service is provided by the "
5954
"Ubuntu <application>eucalyptus-cc</application> package."
5955
msgstr ""
5956
5957
#: serverguide/C/virtualization.xml:1913(para)
5958
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
5959
msgstr ""
5960
5961
#: serverguide/C/virtualization.xml:1918(para)
5962
msgid ""
5963
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
5964
"pay-by-the-gigabyte public cloud computing offering."
5965
msgstr ""
5966
5967
#: serverguide/C/virtualization.xml:1923(para)
5968
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
5969
msgstr ""
5970
5971
#: serverguide/C/virtualization.xml:1928(para)
5972
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
5973
msgstr ""
5974
5975
#: serverguide/C/virtualization.xml:1933(para)
5976
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
5977
msgstr ""
5978
5979
#: serverguide/C/virtualization.xml:1938(para)
5980
msgid ""
5981
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
5982
"Linking Your Programs To Useful Systems. An open source project originally "
5983
"from the University of California at Santa Barbara, now supported by "
5984
"Eucalyptus Systems, a Canonical Partner."
5985
msgstr ""
5986
5987
#: serverguide/C/virtualization.xml:1945(para)
5988
msgid ""
5989
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
5990
"the high level Eucalyptus components (cloud, walrus, storage controller, "
5991
"cluster controller)."
5992
msgstr ""
5993
5994
#: serverguide/C/virtualization.xml:1951(para)
5995
msgid ""
5996
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
5997
"running virtual machines, running a node controller. Within Ubuntu, this "
5998
"generally means that the CPU has VT extensions, and can run the KVM "
5999
"hypervisor."
6000
msgstr ""
6001
6002
#: serverguide/C/virtualization.xml:1957(para)
6003
msgid ""
6004
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6005
"on nodes which host the virtual machines that comprise the cloud. This "
6006
"service is provided by the Ubuntu package <application>eucalyptus-"
6007
"nc</application>."
6008
msgstr ""
6009
6010
#: serverguide/C/virtualization.xml:1963(para)
6011
msgid ""
6012
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6013
"gigabyte persistent storage solution for EC2."
6014
msgstr ""
6015
6016
#: serverguide/C/virtualization.xml:1968(para)
6017
msgid ""
6018
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6019
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6020
"installation can have its own Storage Controller. This component is provided "
6021
"by the <application>eucalyptus-sc</application> package."
6022
msgstr ""
6023
6024
#: serverguide/C/virtualization.xml:1975(para)
6025
msgid ""
6026
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6027
"solution, based on Eucalyptus."
6028
msgstr ""
6029
6030
#: serverguide/C/virtualization.xml:1980(para)
6031
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6032
msgstr ""
6033
6034
#: serverguide/C/virtualization.xml:1985(para)
6035
msgid ""
6036
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6037
"some modern CPUs, allowing for accelerated virtual machine hosting."
6038
msgstr ""
6039
6040
#: serverguide/C/virtualization.xml:1990(para)
6041
msgid ""
6042
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6043
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6044
"put/get abstractions."
6045
msgstr ""
6046
6047
#: serverguide/C/virtualization.xml:2000(title)
6048
msgid "OpenNebula"
6049
msgstr ""
6050
6051
#: serverguide/C/virtualization.xml:2002(para)
6052
msgid ""
6053
"<application>OpenNebula</application> allows virtual machines to be placed "
6054
"and re-placed dynamically on a pool of physical resources. This allows a "
6055
"virtual machine to be hosted from any location available."
6056
msgstr ""
6057
6058
#: serverguide/C/virtualization.xml:2007(para)
6059
msgid ""
6060
"This section will detail configuring an OpenNebula cluster using three "
6061
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
6062
"Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
6063
"also need a bridge configured to allow the virtual machines access to the "
6064
"local network. For details see <xref linkend=\"bridging\"/>."
6065
msgstr ""
6066
6067
#: serverguide/C/virtualization.xml:2016(para)
6068
msgid "First, from a terminal on the Front-End enter:"
6069
msgstr ""
6070
6071
#: serverguide/C/virtualization.xml:2021(command)
6072
msgid "sudo apt-get install opennebula"
6073
msgstr ""
6074
6075
#: serverguide/C/virtualization.xml:2024(para)
6076
msgid "On each Compute Node install:"
6077
msgstr ""
6078
6079
#: serverguide/C/virtualization.xml:2029(command)
6080
msgid "sudo apt-get install opennebula-node"
6081
msgstr ""
6082
6083
#: serverguide/C/virtualization.xml:2032(para)
6084
msgid ""
6085
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
6086
"to have a password. On each machine execute:"
6087
msgstr ""
6088
6089
#: serverguide/C/virtualization.xml:2037(command)
6090
msgid "sudo passwd oneadmin"
6091
msgstr ""
6092
6093
#: serverguide/C/virtualization.xml:2040(para)
6094
msgid ""
6095
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
6096
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
6097
msgstr ""
6098
6099
#: serverguide/C/virtualization.xml:2045(command)
6100
msgid ""
6101
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
6102
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
6103
msgstr ""
6104
6105
#: serverguide/C/virtualization.xml:2046(command)
6106
msgid ""
6107
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
6108
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
6109
msgstr ""
6110
6111
#: serverguide/C/virtualization.xml:2047(command)
6112
msgid ""
6113
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
6114
"/var/lib/one/.ssh/authorized_keys\""
6115
msgstr ""
6116
6117
#: serverguide/C/virtualization.xml:2050(para)
6118
msgid ""
6119
"The SSH key for the Compute Nodes needs to be added to the "
6120
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
6121
"accomplish this <application>ssh</application> to each Compute Node as a "
6122
"user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
6123
"session, and execute the following to copy the SSH key from "
6124
"<filename>~/.ssh/known_hosts</filename> to "
6125
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
6126
msgstr ""
6127
6128
#: serverguide/C/virtualization.xml:2057(command)
6129
msgid ""
6130
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
6131
"/etc/ssh/ssh_known_hosts\""
6132
msgstr ""
6133
6134
#: serverguide/C/virtualization.xml:2058(command)
6135
msgid ""
6136
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
6137
"/etc/ssh/ssh_known_hosts\""
6138
msgstr ""
6139
6140
#: serverguide/C/virtualization.xml:2062(para)
6141
msgid ""
6142
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
6143
"appropriate host names."
6144
msgstr ""
6145
6146
#: serverguide/C/virtualization.xml:2067(para)
6147
msgid ""
6148
"This allows the <emphasis>oneadmin</emphasis> to use "
6149
"<application>scp</application>, without a password or manual intervention, "
6150
"to deploy an image to the Compute Nodes."
6151
msgstr ""
6152
6153
#: serverguide/C/virtualization.xml:2072(para)
6154
msgid ""
6155
"On the Front-End create a directory to store the VM images, giving the "
6156
"<emphasis>oneadmin</emphasis> user access to the directory:"
6157
msgstr ""
6158
6159
#: serverguide/C/virtualization.xml:2077(command)
6160
msgid "sudo mkdir /var/lib/one/images"
6161
msgstr ""
6162
6163
#: serverguide/C/virtualization.xml:2078(command)
6164
msgid "sudo chown oneadmin /var/lib/one/images/"
6165
msgstr ""
6166
6167
#: serverguide/C/virtualization.xml:2081(para)
6168
msgid ""
6169
"Finally, copy a virtual machine disk file into "
6170
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
6171
"machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
6172
"and-vmbuilder\"/> for details."
6173
msgstr ""
6174
6175
#: serverguide/C/virtualization.xml:2090(para)
6176
msgid ""
6177
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
6178
"and virtual machines added to the cluster."
6179
msgstr ""
6180
6181
#: serverguide/C/virtualization.xml:2094(para)
6182
msgid "From a terminal prompt enter:"
6183
msgstr ""
6184
6185
#: serverguide/C/virtualization.xml:2099(command)
6186
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
6187
msgstr ""
6188
6189
#: serverguide/C/virtualization.xml:2100(command)
6190
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
6191
msgstr ""
6192
6193
#: serverguide/C/virtualization.xml:2103(para)
6194
msgid ""
6195
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
6196
"<filename>vnet01.template</filename>:"
6197
msgstr ""
6198
6199
#: serverguide/C/virtualization.xml:2107(programlisting)
6200
#, no-wrap
6201
msgid ""
6202
"\n"
6203
"NAME = \"LAN\"\n"
6204
"TYPE = RANGED\n"
6205
"BRIDGE = br0\n"
6206
"NETWORK_SIZE = C\n"
6207
"NETWORK_ADDRESS = 192.168.0.0\n"
6208
msgstr ""
6209
6210
#: serverguide/C/virtualization.xml:2116(para)
6211
msgid ""
6212
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
6213
msgstr ""
6214
6215
#: serverguide/C/virtualization.xml:2121(para)
6216
msgid ""
6217
"Using the <application>onevnet</application> utility, add the virtual "
6218
"network to OpenNebula:"
6219
msgstr ""
6220
6221
#: serverguide/C/virtualization.xml:2126(command)
6222
msgid "onevnet create vnet01.template"
6223
msgstr ""
6224
6225
#: serverguide/C/virtualization.xml:2129(para)
6226
msgid ""
6227
"Now create a <emphasis>VM Template</emphasis> file named "
6228
"<filename>vm01.template</filename>:"
6229
msgstr ""
6230
6231
#: serverguide/C/virtualization.xml:2133(programlisting)
6232
#, no-wrap
6233
msgid ""
6234
"\n"
6235
"NAME = vm01\n"
6236
"CPU = 0.5\n"
6237
"MEMORY = 512\n"
6238
"\n"
6239
"OS = [ BOOT = hd ]\n"
6240
"\n"
6241
"DISK = [\n"
6242
" source = \"/var/lib/one/images/vm01.qcow2\",\n"
6243
" target = \"hda\",\n"
6244
" readonly = \"no\" ]\n"
6245
"\n"
6246
"NIC = [ NETWORK=\"LAN\" ]\n"
6247
"\n"
6248
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
6249
msgstr ""
6250
6251
#: serverguide/C/virtualization.xml:2150(para)
6252
msgid "Start the virtual machine using <application>onevm</application>:"
6253
msgstr ""
6254
6255
#: serverguide/C/virtualization.xml:2155(command)
6256
msgid "onevm submit vm01.template"
6257
msgstr ""
6258
6259
#: serverguide/C/virtualization.xml:2158(para)
6260
msgid ""
6261
"Use the <application>onevm list</application> option to view information "
6262
"about virtual machines. Also, the <application>onevm show vm01</application> "
6263
"option will display more details about a specific virtual machine."
6264
msgstr ""
6265
6266
#: serverguide/C/virtualization.xml:2169(para)
6267
msgid ""
6268
"See the <ulink "
6269
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
6270
"> for more information."
6271
msgstr ""
6272
6273
#: serverguide/C/virtualization.xml:2174(para)
6274
msgid ""
6275
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
6276
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
6277
"url=\"http://freenode.net\">Freenode</ulink>."
6278
msgstr ""
6279
6280
#: serverguide/C/virtualization.xml:2180(para)
6281
msgid ""
6282
"Also, the <ulink "
6283
"url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
6284
"Wiki</ulink> page has more details."
6285
msgstr ""
6286
6287
#: serverguide/C/vcs.xml:13(title)
6288
msgid "Version Control System"
6289
msgstr ""
6290
6291
#: serverguide/C/vcs.xml:14(para)
6292
msgid ""
6293
"Version control is the art of managing changes to information. It has long "
6294
"been a critical tool for programmers, who typically spend their time making "
6295
"small changes to software and then undoing those changes the next day. But "
6296
"the usefulness of version control software extends far beyond the bounds of "
6297
"the software development world. Anywhere you can find people using computers "
6298
"to manage information that changes often, there is room for version control."
6299
msgstr ""
6300
6301
#: serverguide/C/vcs.xml:17(title)
6302
msgid "Bazaar"
6303
msgstr ""
6304
6305
#: serverguide/C/vcs.xml:18(para)
6306
msgid ""
6307
"Bazaar is a new version control system sponsored by Canonical, the "
6308
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
6309
"support a central repository model, Bazaar also supports "
6310
"<emphasis>distributed version control</emphasis>, giving people the ability "
6311
"to collaborate more efficiently. In particular, Bazaar is designed to "
6312
"maximize the level of community participation in open source projects."
6313
msgstr ""
6314
6315
#: serverguide/C/vcs.xml:29(para)
6316
msgid ""
6317
"At a terminal prompt, enter the following command to install "
6318
"<application>bzr</application>: <screen>\n"
6319
"<command>sudo apt-get install bzr</command>\n"
6320
"</screen>"
6321
msgstr ""
6322
6323
#: serverguide/C/vcs.xml:40(para)
6324
msgid ""
6325
"To introduce yourself to <application>bzr</application>, use the "
6326
"<emphasis>whoami</emphasis> command like this: <screen>\n"
6327
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
6328
"</screen>"
6329
msgstr ""
6330
6331
#: serverguide/C/vcs.xml:49(title)
6332
msgid "Learning Bazaar"
6333
msgstr ""
6334
6335
#: serverguide/C/vcs.xml:50(para)
6336
msgid ""
6337
"Bazaar comes with bundled documentation installed into "
6338
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
6339
"is a good place to start. The <application>bzr</application> command also "
6340
"comes with built-in help: <screen>\n"
6341
"<command>$ bzr help</command>\n"
6342
"</screen>"
6343
msgstr ""
6344
6345
#: serverguide/C/vcs.xml:60(para)
6346
msgid ""
6347
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
6348
"<command>$ bzr help foo</command>\n"
6349
"</screen>"
6350
msgstr ""
6351
6352
#: serverguide/C/vcs.xml:68(title)
6353
msgid "Launchpad Integration"
6354
msgstr ""
6355
6356
#: serverguide/C/vcs.xml:69(para)
6357
msgid ""
6358
"While highly useful as a stand-alone system, Bazaar has good, optional "
6359
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
6360
"the collaborative development system used by Canonical and the broader open "
6361
"source community to manage and extend Ubuntu itself. For information on how "
6362
"Bazaar can be used with Launchpad to collaborate on open source projects, "
6363
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
6364
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
6365
msgstr ""
6366
6367
#: serverguide/C/vcs.xml:81(title)
6368
msgid "Subversion"
6369
msgstr ""
6370
6371
#: serverguide/C/vcs.xml:82(para)
6372
msgid ""
6373
"Subversion is an open source version control system. Using Subversion, you "
6374
"can record the history of source files and documents. It manages files and "
6375
"directories over time. A tree of files is placed into a central repository. "
6376
"The repository is much like an ordinary file server, except that it "
6377
"remembers every change ever made to files and directories."
6378
msgstr ""
6379
6380
#: serverguide/C/vcs.xml:87(para)
6381
msgid ""
6382
"To access Subversion repository using the HTTP protocol, you must install "
6383
"and configure a web server. Apache2 is proven to work with Subversion. "
6384
"Please refer to the HTTP subsection in the Apache2 section to install and "
6385
"configure Apache2. To access the Subversion repository using the HTTPS "
6386
"protocol, you must install and configure a digital certificate in your "
6387
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
6388
"section to install and configure the digital certificate."
6389
msgstr ""
6390
6391
#: serverguide/C/vcs.xml:96(para)
6392
msgid ""
6393
"To install Subversion, run the following command from a terminal prompt:"
6394
msgstr ""
6395
6396
#: serverguide/C/vcs.xml:101(command)
6397
msgid "sudo apt-get install subversion libapache2-svn"
6398
msgstr ""
6399
6400
#: serverguide/C/vcs.xml:108(para)
6401
msgid ""
6402
"This step assumes you have installed above mentioned packages on your "
6403
"system. This section explains how to create a Subversion repository and "
6404
"access the project."
6405
msgstr ""
6406
6407
#: serverguide/C/vcs.xml:111(title)
6408
msgid "Create Subversion Repository"
6409
msgstr ""
6410
6411
#: serverguide/C/vcs.xml:112(para)
6412
msgid ""
6413
"The Subversion repository can be created using the following command from a "
6414
"terminal prompt:"
6415
msgstr ""
6416
6417
#: serverguide/C/vcs.xml:116(command)
6418
msgid "svnadmin create /path/to/repos/project"
6419
msgstr ""
6420
6421
#: serverguide/C/vcs.xml:121(title)
6422
msgid "Importing Files"
6423
msgstr ""
6424
6425
#: serverguide/C/vcs.xml:122(para)
6426
msgid ""
6427
"Once you create the repository you can <emphasis>import</emphasis> files "
6428
"into the repository. To import a directory, enter the following from a "
6429
"terminal prompt: <screen>\n"
6430
"<command>svn import /path/to/import/directory "
6431
"file:///path/to/repos/project</command>\n"
6432
"</screen>"
6433
msgstr ""
6434
6435
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
6436
msgid "Access Methods"
6437
msgstr ""
6438
6439
#: serverguide/C/vcs.xml:135(para)
6440
msgid ""
6441
"Subversion repositories can be accessed (checked out) through many different "
6442
"methods --on local disk, or through various network protocols. A repository "
6443
"location, however, is always a URL. The table describes how different URL "
6444
"schemes map to the available access methods."
6445
msgstr ""
6446
6447
#: serverguide/C/vcs.xml:146(para)
6448
msgid "Schema"
6449
msgstr ""
6450
6451
#: serverguide/C/vcs.xml:147(para)
6452
msgid "Access Method"
6453
msgstr ""
6454
6455
#: serverguide/C/vcs.xml:152(para)
6456
msgid "file://"
6457
msgstr ""
6458
6459
#: serverguide/C/vcs.xml:153(para)
6460
msgid "direct repository access (on local disk)"
6461
msgstr ""
6462
6463
#: serverguide/C/vcs.xml:156(para)
6464
msgid "http://"
6465
msgstr ""
6466
6467
#: serverguide/C/vcs.xml:157(para)
6468
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
6469
msgstr ""
6470
6471
#: serverguide/C/vcs.xml:160(para)
6472
msgid "https://"
6473
msgstr ""
6474
6475
#: serverguide/C/vcs.xml:161(para)
6476
msgid "Same as http://, but with SSL encryption"
6477
msgstr ""
6478
6479
#: serverguide/C/vcs.xml:164(para)
6480
msgid "svn://"
6481
msgstr ""
6482
6483
#: serverguide/C/vcs.xml:165(para)
6484
msgid "Access via custom protocol to an svnserve server"
6485
msgstr ""
6486
6487
#: serverguide/C/vcs.xml:168(para)
6488
msgid "svn+ssh://"
6489
msgstr ""
6490
6491
#: serverguide/C/vcs.xml:169(para)
6492
msgid "Same as svn://, but through an SSH tunnel"
6493
msgstr ""
6494
6495
#: serverguide/C/vcs.xml:175(para)
6496
msgid ""
6497
"In this section, we will see how to configure Subversion for all these "
6498
"access methods. Here, we cover the basics. For more advanced usage details, "
6499
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
6500
msgstr ""
6501
6502
#: serverguide/C/vcs.xml:182(title)
6503
msgid "Direct repository access (file://)"
6504
msgstr ""
6505
6506
#: serverguide/C/vcs.xml:183(para)
6507
msgid ""
6508
"This is the simplest of all access methods. It does not require any "
6509
"Subversion server process to be running. This access method is used to "
6510
"access Subversion from the same machine. The syntax of the command, entered "
6511
"at a terminal prompt, is as follows:"
6512
msgstr ""
6513
6514
#: serverguide/C/vcs.xml:190(command)
6515
msgid "svn co file:///path/to/repos/project"
6516
msgstr ""
6517
6518
#: serverguide/C/vcs.xml:193(para)
6519
msgid "or"
6520
msgstr ""
6521
6522
#: serverguide/C/vcs.xml:196(command)
6523
msgid "svn co file://localhost/path/to/repos/project"
6524
msgstr ""
6525
6526
#: serverguide/C/vcs.xml:200(para)
6527
msgid ""
6528
"If you do not specify the hostname, there are three forward slashes (///) -- "
6529
"two for the protocol (file, in this case) plus the leading slash in the "
6530
"path. If you specify the hostname, you must use two forward slashes (//)."
6531
msgstr ""
6532
6533
#: serverguide/C/vcs.xml:202(para)
6534
msgid ""
6535
"The repository permissions depend on filesystem permissions. If the user has "
6536
"read/write permission, he can checkout from and commit to the repository."
6537
msgstr ""
6538
6539
#: serverguide/C/vcs.xml:205(title)
6540
msgid "Access via WebDAV protocol (http://)"
6541
msgstr ""
6542
6543
#: serverguide/C/vcs.xml:206(para)
6544
msgid ""
6545
"To access the Subversion repository via WebDAV protocol, you must configure "
6546
"your Apache 2 web server. Add the following snippet between the "
6547
"<emphasis><VirtualHost></emphasis> and "
6548
"<emphasis></VirtualHost></emphasis> elements in "
6549
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6550
"VirtualHost file:"
6551
msgstr ""
6552
6553
#: serverguide/C/vcs.xml:212(programlisting)
6554
#, no-wrap
6555
msgid ""
6556
"\n"
6557
" <Location /svn>\n"
6558
" DAV svn\n"
6559
" SVNPath /home/svn\n"
6560
" AuthType Basic\n"
6561
" AuthName \"Your repository name\"\n"
6562
" AuthUserFile /etc/subversion/passwd\n"
6563
" Require valid-user\n"
6564
" </Location> \n"
6565
msgstr ""
6566
6567
#: serverguide/C/vcs.xml:223(para)
6568
msgid ""
6569
"The above configuration snippet assumes that Subversion repositories are "
6570
"created under <filename>/home/svn/</filename> directory using "
6571
"<command>svnadmin</command> command. They can be accessible using "
6572
"<command>http://hostname/svn/repos_name</command> url."
6573
msgstr ""
6574
6575
#: serverguide/C/vcs.xml:229(para)
6576
msgid ""
6577
"To import or commit files to your Subversion repository over HTTP, the "
6578
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
6579
"HTTP user is <command>www-data</command>. To change the ownership of the "
6580
"repository files enter the following command from terminal prompt:"
6581
msgstr ""
6582
6583
#: serverguide/C/vcs.xml:238(command)
6584
msgid "sudo chown -R www-data:www-data /path/to/repos"
6585
msgstr ""
6586
6587
#: serverguide/C/vcs.xml:241(para)
6588
msgid ""
6589
"By changing the ownership of repository as <command>www-data</command> you "
6590
"will not be able to import or commit files into the repository by running "
6591
"<command>svn import file:///</command> command as any user other than "
6592
"<command>www-data</command>."
6593
msgstr ""
6594
6595
#: serverguide/C/vcs.xml:250(para)
6596
msgid ""
6597
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
6598
"that will contain user authentication details. To create a file issue the "
6599
"following command at a command prompt (which will create the file and add "
6600
"the first user):"
6601
msgstr ""
6602
6603
#: serverguide/C/vcs.xml:256(command)
6604
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
6605
msgstr ""
6606
6607
#: serverguide/C/vcs.xml:259(para)
6608
msgid ""
6609
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
6610
"option replaces the old file. Instead use this form:"
6611
msgstr ""
6612
6613
#: serverguide/C/vcs.xml:264(command)
6614
msgid "sudo htpasswd /etc/subversion/password user_name"
6615
msgstr ""
6616
6617
#: serverguide/C/vcs.xml:268(para)
6618
msgid ""
6619
"This command will prompt you to enter the password. Once you enter the "
6620
"password, the user is added. Now, to access the repository you can run the "
6621
"following command:"
6622
msgstr ""
6623
6624
#: serverguide/C/vcs.xml:269(command)
6625
msgid "svn co http://servername/svn"
6626
msgstr ""
6627
6628
#: serverguide/C/vcs.xml:271(para)
6629
msgid ""
6630
"The password is transmitted as plain text. If you are worried about password "
6631
"snooping, you are advised to use SSL encryption. For details, please refer "
6632
"next section."
6633
msgstr ""
6634
6635
#: serverguide/C/vcs.xml:277(title)
6636
msgid "Access via WebDAV protocol with SSL encryption (https://)"
6637
msgstr ""
6638
6639
#: serverguide/C/vcs.xml:278(para)
6640
msgid ""
6641
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
6642
"(https://) is similar to http:// except that you must install and configure "
6643
"the digital certificate in your Apache2 web server. To use SSL with "
6644
"Subversion add the above Apache2 configuration to "
6645
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
6646
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
6647
"configuration\"/>."
6648
msgstr ""
6649
6650
#: serverguide/C/vcs.xml:287(para)
6651
msgid ""
6652
"You can install a digital certificate issued by a signing authority. "
6653
"Alternatively, you can install your own self-signed certificate."
6654
msgstr ""
6655
6656
#: serverguide/C/vcs.xml:292(para)
6657
msgid ""
6658
"This step assumes you have installed and configured a digital certificate in "
6659
"your Apache 2 web server. Now, to access the Subversion repository, please "
6660
"refer to the above section! The access methods are exactly the same, except "
6661
"the protocol. You must use https:// to access the Subversion repository."
6662
msgstr ""
6663
6664
#: serverguide/C/vcs.xml:302(title)
6665
msgid "Access via custom protocol (svn://)"
6666
msgstr ""
6667
6668
#: serverguide/C/vcs.xml:303(para)
6669
msgid ""
6670
"Once the Subversion repository is created, you can configure the access "
6671
"control. You can edit the <filename> "
6672
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
6673
"access control. For example, to set up authentication, you can uncomment the "
6674
"following lines in the configuration file:"
6675
msgstr ""
6676
6677
#: serverguide/C/vcs.xml:310(programlisting)
6678
#, no-wrap
6679
msgid ""
6680
"# [general]\n"
6681
"# password-db = passwd"
6682
msgstr ""
6683
6684
#: serverguide/C/vcs.xml:313(para)
6685
msgid ""
6686
"After uncommenting the above lines, you can maintain the user list in the "
6687
"passwd file. So, edit the file <filename>passwd </filename> in the same "
6688
"directory and add the new user. The syntax is as follows:"
6689
msgstr ""
6690
6691
#: serverguide/C/vcs.xml:319(programlisting)
6692
#, no-wrap
6693
msgid "username = password"
6694
msgstr ""
6695
6696
#: serverguide/C/vcs.xml:320(para)
6697
msgid "For more details, please refer to the file."
6698
msgstr ""
6699
6700
#: serverguide/C/vcs.xml:324(para)
6701
msgid ""
6702
"Now, to access Subversion via the svn:// custom protocol, either from the "
6703
"same machine or a different machine, you can run svnserver using svnserve "
6704
"command. The syntax is as follows:"
6705
msgstr ""
6706
6707
#: serverguide/C/vcs.xml:329(programlisting)
6708
#, no-wrap
6709
msgid ""
6710
"$ svnserve -d --foreground -r /path/to/repos\n"
6711
"# -d -- daemon mode\n"
6712
"# --foreground -- run in foreground (useful for debugging)\n"
6713
"# -r -- root of directory to serve\n"
6714
"\n"
6715
"For more usage details, please refer to:\n"
6716
"$ svnserve --help"
6717
msgstr ""
6718
6719
#: serverguide/C/vcs.xml:337(para)
6720
msgid ""
6721
"Once you run this command, Subversion starts listening on default port "
6722
"(3690). To access the project repository, you must run the following command "
6723
"from a terminal prompt:"
6724
msgstr ""
6725
6726
#: serverguide/C/vcs.xml:340(command)
6727
msgid "svn co svn://hostname/project project --username user_name"
6728
msgstr ""
6729
6730
#: serverguide/C/vcs.xml:343(para)
6731
msgid ""
6732
"Based on server configuration, it prompts for password. Once you are "
6733
"authenticated, it checks out the code from Subversion repository. To "
6734
"synchronize the project repository with the local copy, you can run the "
6735
"<command>update</command> sub-command. The syntax of the command, entered at "
6736
"a terminal prompt, is as follows:"
6737
msgstr ""
6738
6739
#: serverguide/C/vcs.xml:351(command)
6740
msgid "cd project_dir ; svn update"
6741
msgstr ""
6742
6743
#: serverguide/C/vcs.xml:354(para)
6744
msgid ""
6745
"For more details about using each Subversion sub-command, you can refer to "
6746
"the manual. For example, to learn more about the co (checkout) command, "
6747
"please run the following command from a terminal prompt:"
6748
msgstr ""
6749
6750
#: serverguide/C/vcs.xml:358(command)
6751
msgid "svn co help"
6752
msgstr ""
6753
6754
#: serverguide/C/vcs.xml:362(title)
6755
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
6756
msgstr ""
6757
6758
#: serverguide/C/vcs.xml:363(para)
6759
msgid ""
6760
"The configuration and server process is same as in the svn:// method. For "
6761
"details, please refer to the above section. This step assumes you have "
6762
"followed the above step and started the Subversion server using "
6763
"<application>svnserve</application> command."
6764
msgstr ""
6765
6766
#: serverguide/C/vcs.xml:369(para)
6767
msgid ""
6768
"It is also assumed that the ssh server is running on that machine and that "
6769
"it is allowing incoming connections. To confirm, please try to login to that "
6770
"machine using ssh. If you can login, everything is perfect. If you cannot "
6771
"login, please address it before continuing further."
6772
msgstr ""
6773
6774
#: serverguide/C/vcs.xml:375(para)
6775
msgid ""
6776
"The svn+ssh:// protocol is used to access the Subversion repository using "
6777
"SSL encryption. The data transfer is encrypted using this method. To access "
6778
"the project repository (for example with a checkout), you must use the "
6779
"following command syntax:"
6780
msgstr ""
6781
6782
#: serverguide/C/vcs.xml:382(command)
6783
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
6784
msgstr ""
6785
6786
#: serverguide/C/vcs.xml:386(para)
6787
msgid ""
6788
"You must use the full path (/path/to/repos/project) to access the Subversion "
6789
"repository using this access method."
6790
msgstr ""
6791
6792
#: serverguide/C/vcs.xml:389(para)
6793
msgid ""
6794
"Based on server configuration, it prompts for password. You must enter the "
6795
"password you use to login via ssh. Once you are authenticated, it checks out "
6796
"the code from the Subversion repository."
6797
msgstr ""
6798
6799
#: serverguide/C/vcs.xml:399(title)
6800
msgid "CVS Server"
6801
msgstr ""
6802
6803
#: serverguide/C/vcs.xml:400(para)
6804
msgid ""
6805
"CVS is a version control system. You can use it to record the history of "
6806
"source files."
6807
msgstr ""
6808
6809
#: serverguide/C/vcs.xml:406(para)
6810
msgid ""
6811
"To install <application>CVS</application>, run the following command from a "
6812
"terminal prompt: <screen>\n"
6813
"<command>sudo apt-get install cvs</command>\n"
6814
"</screen> After you install <application>cvs</application>, you should "
6815
"install <application>xinetd</application> to start/stop the cvs server. At "
6816
"the prompt, enter the following command to install "
6817
"<application>xinetd</application>: <screen>\n"
6818
"<command>sudo apt-get install xinetd</command>\n"
6819
"</screen>"
6820
msgstr ""
6821
6822
#: serverguide/C/vcs.xml:439(programlisting)
6823
#, no-wrap
6824
msgid ""
6825
"\n"
6826
"service cvspserver\n"
6827
"{\n"
6828
" port = 2401\n"
6829
" socket_type = stream\n"
6830
" protocol = tcp\n"
6831
" user = root\n"
6832
" wait = no\n"
6833
" type = UNLISTED\n"
6834
" server = /usr/bin/cvs\n"
6835
" server_args = -f --allow-root /var/lib/cvs pserver\n"
6836
" disable = no\n"
6837
"}\n"
6838
msgstr ""
6839
6840
#: serverguide/C/vcs.xml:455(para)
6841
msgid ""
6842
"Be sure to edit the repository if you have changed the default repository "
6843
"(<application>/var/lib/cvs</application>) directory."
6844
msgstr ""
6845
6846
#: serverguide/C/vcs.xml:424(para)
6847
msgid ""
6848
"Once you install cvs, the repository will be automatically initialized. By "
6849
"default, the repository resides under the "
6850
"<application>/var/lib/cvs</application> directory. You can change this path "
6851
"by running following command: <screen>\n"
6852
"<command>cvs -d /your/new/cvs/repo init</command>\n"
6853
"</screen> Once the initial repository is set up, you can configure "
6854
"<application>xinetd</application> to start the CVS server. You can copy the "
6855
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
6856
"<placeholder-1/><placeholder-2/> Once you have configured "
6857
"<application>xinetd</application> you can start the cvs server by running "
6858
"following command: <screen>\n"
6859
"<command>sudo /etc/init.d/xinetd restart</command>\n"
6860
"</screen>"
6861
msgstr ""
6862
6863
#: serverguide/C/vcs.xml:468(para)
6864
msgid ""
6865
"You can confirm that the CVS server is running by issuing the following "
6866
"command:"
6867
msgstr ""
6868
6869
#: serverguide/C/vcs.xml:475(command)
6870
msgid "sudo netstat -tap | grep cvs"
6871
msgstr ""
6872
6873
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
6874
msgid ""
6875
"When you run this command, you should see the following line or something "
6876
"similar:"
6877
msgstr ""
6878
6879
#: serverguide/C/vcs.xml:484(programlisting)
6880
#, no-wrap
6881
msgid ""
6882
"\n"
6883
"tcp 0 0 *:cvspserver *:* LISTEN \n"
6884
msgstr ""
6885
6886
#: serverguide/C/vcs.xml:488(para)
6887
msgid ""
6888
"From here you can continue to add users, add new projects, and manage the "
6889
"CVS server."
6890
msgstr ""
6891
6892
#: serverguide/C/vcs.xml:493(para)
6893
msgid ""
6894
"CVS allows the user to add users independently of the underlying OS "
6895
"installation. Probably the easiest way is to use the Linux Users for CVS, "
6896
"although it has potential security issues. Please refer to the CVS manual "
6897
"for details."
6898
msgstr ""
6899
6900
#: serverguide/C/vcs.xml:503(title)
6901
msgid "Add Projects"
6902
msgstr ""
6903
6904
#: serverguide/C/vcs.xml:515(para)
6905
msgid ""
6906
"You can use the CVSROOT environment variable to store the CVS root "
6907
"directory. Once you export the CVSROOT environment variable, you can avoid "
6908
"using -d option in the above cvs command."
6909
msgstr ""
6910
6911
#: serverguide/C/vcs.xml:527(para)
6912
msgid ""
6913
"When you add a new project, the CVS user you use must have write access to "
6914
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
6915
"the <application>src</application> group has write access to the CVS "
6916
"repository. So, you can add the user to this group, and he can then add and "
6917
"manage projects in the CVS repository."
6918
msgstr ""
6919
6920
#: serverguide/C/vcs.xml:504(para)
6921
msgid ""
6922
"This section explains how to add new project to the CVS repository. Create "
6923
"the directory and add necessary document and source files to the directory. "
6924
"Now, run the following command to add this project to CVS repository: "
6925
"<screen>\n"
6926
"<command>cd your/project</command>\n"
6927
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
6928
"\"Importing my project to CVS repository\" . new_project start</command>\n"
6929
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
6930
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
6931
"purpose in this context, but since CVS requires them, they must be present. "
6932
"<placeholder-2/>"
6933
msgstr ""
6934
6935
#: serverguide/C/vcs.xml:540(ulink)
6936
msgid "Bazaar Home Page"
6937
msgstr ""
6938
6939
#: serverguide/C/vcs.xml:541(ulink)
6940
msgid "Launchpad"
6941
msgstr ""
6942
6943
#: serverguide/C/vcs.xml:542(ulink)
6944
msgid "Subversion Home Page"
6945
msgstr ""
6946
6947
#: serverguide/C/vcs.xml:543(ulink)
6948
msgid "Subversion Book"
6949
msgstr ""
6950
6951
#: serverguide/C/vcs.xml:545(ulink)
6952
msgid "CVS Manual"
6953
msgstr ""
6954
6955
#: serverguide/C/vcs.xml:546(ulink)
6956
msgid "Easy Bazaar Ubuntu Wiki page"
6957
msgstr ""
6958
6959
#: serverguide/C/vcs.xml:547(ulink)
6960
msgid "Ubuntu Wiki Subversion page"
6961
msgstr ""
6962
6963
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
6964
msgid "Credits and License"
6965
msgstr ""
6966
6967
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
6968
msgid ""
6969
"This document is maintained by the Ubuntu documentation team "
6970
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
6971
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
6972
msgstr ""
6973
6974
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
6975
msgid ""
6976
"This document is made available under the Creative Commons ShareAlike 2.5 "
6977
"License (CC-BY-SA)."
6978
msgstr ""
6979
6980
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
6981
msgid ""
6982
"You are free to modify, extend, and improve the Ubuntu documentation source "
6983
"code under the terms of this license. All derivative works must be released "
6984
"under this license."
6985
msgstr ""
6986
6987
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
6988
msgid ""
6989
"This documentation is distributed in the hope that it will be useful, but "
6990
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
6991
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
6992
msgstr ""
6993
6994
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
6995
msgid ""
6996
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
6997
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
6998
msgstr ""
6999
7000
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
7001
msgid "2008"
7002
msgstr ""
7003
7004
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
7005
msgid "Ubuntu Documentation Project"
7006
msgstr ""
7007
7008
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
7009
msgid "Canonical Ltd. and members of the <placeholder-1/>"
7010
msgstr ""
7011
7012
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
7013
msgid "The Ubuntu Documentation Project"
7014
msgstr ""
7015
7016
#: serverguide/C/serverguide.xml:17(para)
7017
msgid ""
7018
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
7019
"information on how to install and configure various server applications on "
7020
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
7021
"guide for configuring and customizing your system."
7022
msgstr ""
7023
7024
#: serverguide/C/security.xml:13(title)
7025
msgid "Security"
7026
msgstr ""
7027
7028
#: serverguide/C/security.xml:14(para)
7029
msgid ""
7030
"Security should always be considered when installing, deploying, and using "
7031
"any type of computer system. Although a fresh installation of Ubuntu is "
7032
"relatively safe for immediate use on the Internet, it is important to have a "
7033
"balanced understanding of your systems security posture based on how it will "
7034
"be used after deployment."
7035
msgstr ""
7036
7037
#: serverguide/C/security.xml:17(para)
7038
msgid ""
7039
"This chapter provides an overview of security related topics as they pertain "
7040
"to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
7041
"to protect your server and network from any number of potential security "
7042
"threats."
7043
msgstr ""
7044
7045
#: serverguide/C/security.xml:21(title)
7046
msgid "User Management"
7047
msgstr ""
7048
7049
#: serverguide/C/security.xml:22(para)
7050
msgid ""
7051
"User management is a critical part of maintaining a secure system. "
7052
"Ineffective user and privilege management often lead many systems into being "
7053
"compromised. Therefore, it is important that you understand how you can "
7054
"protect your server through simple and effective user account management "
7055
"techniques."
7056
msgstr ""
7057
7058
#: serverguide/C/security.xml:26(title)
7059
msgid "Where is root?"
7060
msgstr ""
7061
7062
#: serverguide/C/security.xml:27(para)
7063
msgid ""
7064
"Ubuntu developers made a conscientious decision to disable the "
7065
"administrative root account by default in all Ubuntu installations. This "
7066
"does not mean that the root account has been deleted or that it may not be "
7067
"accessed. It merely has been given a password which matches no possible "
7068
"encrypted value, therefore may not log in directly by itself."
7069
msgstr ""
7070
7071
#: serverguide/C/security.xml:30(para)
7072
msgid ""
7073
"Instead, users are encouraged to make use of a tool by the name of "
7074
"<application>sudo</application> to carry out system administrative duties. "
7075
"<application>Sudo</application> allows an authorized user to temporarily "
7076
"elevate their privileges using their own password instead of having to know "
7077
"the password belonging to the root account. This simple yet effective "
7078
"methodology provides accountability for all user actions, and gives the "
7079
"administrator granular control over which actions a user can perform with "
7080
"said privileges."
7081
msgstr ""
7082
7083
#: serverguide/C/security.xml:35(para)
7084
msgid ""
7085
"If for some reason you wish to enable the root account, simply give it a "
7086
"password:"
7087
msgstr ""
7088
7089
#: serverguide/C/security.xml:39(command)
7090
msgid "sudo passwd"
7091
msgstr ""
7092
7093
#: serverguide/C/security.xml:41(para)
7094
msgid ""
7095
"Sudo will prompt you for your password, and then ask you to supply a new "
7096
"password for root as shown below:"
7097
msgstr ""
7098
7099
#: serverguide/C/security.xml:44(userinput)
7100
#, no-wrap
7101
msgid "(enter your own password)"
7102
msgstr ""
7103
7104
#: serverguide/C/security.xml:45(userinput)
7105
#, no-wrap
7106
msgid "(enter a new password for root)"
7107
msgstr ""
7108
7109
#: serverguide/C/security.xml:46(userinput)
7110
#, no-wrap
7111
msgid "(repeat new password for root)"
7112
msgstr ""
7113
7114
#: serverguide/C/security.xml:44(computeroutput)
7115
#, no-wrap
7116
msgid ""
7117
"[sudo] password for username: <placeholder-1/>\n"
7118
"Enter new UNIX password: <placeholder-2/>\n"
7119
"Retype new UNIX password: <placeholder-3/>\n"
7120
"passwd: password updated successfully"
7121
msgstr ""
7122
7123
#: serverguide/C/security.xml:51(para)
7124
msgid "To disable the root account, use the following passwd syntax:"
7125
msgstr ""
7126
7127
#: serverguide/C/security.xml:55(command)
7128
msgid "sudo passwd -l root"
7129
msgstr ""
7130
7131
#: serverguide/C/security.xml:59(para)
7132
msgid ""
7133
"You should read more on <application>Sudo</application> by checking out it's "
7134
"man page:"
7135
msgstr ""
7136
7137
#: serverguide/C/security.xml:63(command)
7138
msgid "man sudo"
7139
msgstr ""
7140
7141
#: serverguide/C/security.xml:67(para)
7142
msgid ""
7143
"By default, the initial user created by the Ubuntu installer is a member of "
7144
"the group \"admin\" which is added to the file "
7145
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
7146
"give any other account full root access through "
7147
"<application>sudo</application>, simply add them to the admin group."
7148
msgstr ""
7149
7150
#: serverguide/C/security.xml:73(title)
7151
msgid "Adding and Deleting Users"
7152
msgstr ""
7153
7154
#: serverguide/C/security.xml:74(para)
7155
msgid ""
7156
"The process for managing local users and groups is straight forward and "
7157
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
7158
"other Debian based distributions, encourage the use of the \"adduser\" "
7159
"package for account management."
7160
msgstr ""
7161
7162
#: serverguide/C/security.xml:79(para)
7163
msgid ""
7164
"To add a user account, use the following syntax, and follow the prompts to "
7165
"give the account a password and identifiable characteristics such as a full "
7166
"name, phone number, etc."
7167
msgstr ""
7168
7169
#: serverguide/C/security.xml:83(command)
7170
msgid "sudo adduser username"
7171
msgstr ""
7172
7173
#: serverguide/C/security.xml:87(para)
7174
msgid ""
7175
"To delete a user account and its primary group, use the following syntax:"
7176
msgstr ""
7177
7178
#: serverguide/C/security.xml:91(command)
7179
msgid "sudo deluser username"
7180
msgstr ""
7181
7182
#: serverguide/C/security.xml:93(para)
7183
msgid ""
7184
"Deleting an account does not remove their respective home folder. It is up "
7185
"to you whether or not you wish to delete the folder manually or keep it "
7186
"according to your desired retention policies."
7187
msgstr ""
7188
7189
#: serverguide/C/security.xml:96(para)
7190
msgid ""
7191
"Remember, any user added later on with the same UID/GID as the previous "
7192
"owner will now have access to this folder if you have not taken the "
7193
"necessary precautions."
7194
msgstr ""
7195
7196
#: serverguide/C/security.xml:99(para)
7197
msgid ""
7198
"You may want to change these UID/GID values to something more appropriate, "
7199
"such as the root account, and perhaps even relocate the folder to avoid "
7200
"future conflicts:"
7201
msgstr ""
7202
7203
#: serverguide/C/security.xml:103(command)
7204
msgid "sudo chown -R root:root /home/username/"
7205
msgstr ""
7206
7207
#: serverguide/C/security.xml:104(command)
7208
msgid "sudo mkdir /home/archived_users/"
7209
msgstr ""
7210
7211
#: serverguide/C/security.xml:105(command)
7212
msgid "sudo mv /home/username /home/archived_users/"
7213
msgstr ""
7214
7215
#: serverguide/C/security.xml:109(para)
7216
msgid ""
7217
"To temporarily lock or unlock a user account, use the following syntax, "
7218
"respectively:"
7219
msgstr ""
7220
7221
#: serverguide/C/security.xml:113(command)
7222
msgid "sudo passwd -l username"
7223
msgstr ""
7224
7225
#: serverguide/C/security.xml:114(command)
7226
msgid "sudo passwd -u username"
7227
msgstr ""
7228
7229
#: serverguide/C/security.xml:118(para)
7230
msgid ""
7231
"To add or delete a personalized group, use the following syntax, "
7232
"respectively:"
7233
msgstr ""
7234
7235
#: serverguide/C/security.xml:122(command)
7236
msgid "sudo addgroup groupname"
7237
msgstr ""
7238
7239
#: serverguide/C/security.xml:123(command)
7240
msgid "sudo delgroup groupname"
7241
msgstr ""
7242
7243
#: serverguide/C/security.xml:127(para)
7244
msgid "To add a user to a group, use the following syntax:"
7245
msgstr ""
7246
7247
#: serverguide/C/security.xml:131(command)
7248
msgid "sudo adduser username groupname"
7249
msgstr ""
7250
7251
#: serverguide/C/security.xml:138(title)
7252
msgid "User Profile Security"
7253
msgstr ""
7254
7255
#: serverguide/C/security.xml:139(para)
7256
msgid ""
7257
"When a new user is created, the adduser utility creates a brand new home "
7258
"directory named <filename class=\"directory\">/home/username</filename>, "
7259
"respectively. The default profile is modeled after the contents found in the "
7260
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
7261
"includes all profile basics."
7262
msgstr ""
7263
7264
#: serverguide/C/security.xml:142(para)
7265
msgid ""
7266
"If your server will be home to multiple users, you should pay close "
7267
"attention to the user home directory permissions to ensure confidentiality. "
7268
"By default, user home directories in Ubuntu are created with world "
7269
"read/execute permissions. This means that all users can browse and access "
7270
"the contents of other users home directories. This may not be suitable for "
7271
"your environment."
7272
msgstr ""
7273
7274
#: serverguide/C/security.xml:147(para)
7275
msgid ""
7276
"To verify your current users home directory permissions, use the following "
7277
"syntax:"
7278
msgstr ""
7279
7280
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
7281
msgid "ls -ld /home/username"
7282
msgstr ""
7283
7284
#: serverguide/C/security.xml:153(para)
7285
msgid ""
7286
"The following output shows that the directory <filename "
7287
"class=\"directory\">/home/username</filename> has world readable permissions:"
7288
msgstr ""
7289
7290
#: serverguide/C/security.xml:156(computeroutput)
7291
#, no-wrap
7292
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
7293
msgstr ""
7294
7295
#: serverguide/C/security.xml:160(para)
7296
msgid ""
7297
"You can remove the world readable permissions using the following syntax:"
7298
msgstr ""
7299
7300
#: serverguide/C/security.xml:164(command)
7301
msgid "sudo chmod 0750 /home/username"
7302
msgstr ""
7303
7304
#: serverguide/C/security.xml:167(para)
7305
msgid ""
7306
"Some people tend to use the recursive option (-R) indiscriminately which "
7307
"modifies all child folders and files, but this is not necessary, and may "
7308
"yield other undesirable results. The parent directory alone is sufficient "
7309
"for preventing unauthorized access to anything below the parent."
7310
msgstr ""
7311
7312
#: serverguide/C/security.xml:171(para)
7313
msgid ""
7314
"A much more efficient approach to the matter would be to modify the "
7315
"<application>adduser</application> global default permissions when creating "
7316
"user home folders. Simply edit the file "
7317
"<filename>/etc/adduser.conf</filename> and modify the "
7318
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
7319
"new home directories will receive the correct permissions."
7320
msgstr ""
7321
7322
#: serverguide/C/security.xml:174(programlisting)
7323
#, no-wrap
7324
msgid ""
7325
"\n"
7326
"DIR_MODE=0750\n"
7327
msgstr ""
7328
7329
#: serverguide/C/security.xml:179(para)
7330
msgid ""
7331
"After correcting the directory permissions using any of the previously "
7332
"mentioned techniques, verify the results using the following syntax:"
7333
msgstr ""
7334
7335
#: serverguide/C/security.xml:185(para)
7336
msgid ""
7337
"The results below show that world readable permissions have been removed:"
7338
msgstr ""
7339
7340
#: serverguide/C/security.xml:188(computeroutput)
7341
#, no-wrap
7342
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
7343
msgstr ""
7344
7345
#: serverguide/C/security.xml:195(title)
7346
msgid "Password Policy"
7347
msgstr ""
7348
7349
#: serverguide/C/security.xml:196(para)
7350
msgid ""
7351
"A strong password policy is one of the most important aspects of your "
7352
"security posture. Many successful security breaches involve simple brute "
7353
"force and dictionary attacks against weak passwords. If you intend to offer "
7354
"any form of remote access involving your local password system, make sure "
7355
"you adequately address minimum password complexity requirements, maximum "
7356
"password lifetimes, and frequent audits of your authentication systems."
7357
msgstr ""
7358
7359
#: serverguide/C/security.xml:200(title)
7360
msgid "Minimum Password Length"
7361
msgstr ""
7362
7363
#: serverguide/C/security.xml:201(para)
7364
msgid ""
7365
"By default, Ubuntu requires a minimum password length of 4 characters, as "
7366
"well as some basic entropy checks. These values are controlled in the file "
7367
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
7368
msgstr ""
7369
7370
#: serverguide/C/security.xml:204(programlisting)
7371
#, no-wrap
7372
msgid ""
7373
"\n"
7374
"password required pam_unix.so nullok obscure min=4 max=8 md5\n"
7375
msgstr ""
7376
7377
#: serverguide/C/security.xml:207(para)
7378
msgid ""
7379
"If you would like to adjust the minimum length to 6 characters, change the "
7380
"appropriate variable to min=6. The modification is outlined below."
7381
msgstr ""
7382
7383
#: serverguide/C/security.xml:210(programlisting)
7384
#, no-wrap
7385
msgid ""
7386
"\n"
7387
"password required pam_unix.so nullok obscure min=6 max=8 md5\n"
7388
msgstr ""
7389
7390
#: serverguide/C/security.xml:214(para)
7391
msgid ""
7392
"The <varname>max=8</varname> variable does not represent the maximum length "
7393
"of a password. It only means that complexity requirements will not be "
7394
"checked on passwords over 8 characters. You may want to look at the "
7395
"<application>libpam-cracklib</application> package for additional password "
7396
"entropy assistance."
7397
msgstr ""
7398
7399
#: serverguide/C/security.xml:220(title)
7400
msgid "Password Expiration"
7401
msgstr ""
7402
7403
#: serverguide/C/security.xml:221(para)
7404
msgid ""
7405
"When creating user accounts, you should make it a policy to have a minimum "
7406
"and maximum password age forcing users to change their passwords when they "
7407
"expire."
7408
msgstr ""
7409
7410
#: serverguide/C/security.xml:226(para)
7411
msgid ""
7412
"To easily view the current status of a user account, use the following "
7413
"syntax:"
7414
msgstr ""
7415
7416
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
7417
msgid "sudo chage -l username"
7418
msgstr ""
7419
7420
#: serverguide/C/security.xml:232(para)
7421
msgid ""
7422
"The output below shows interesting facts about the user account, namely that "
7423
"there are no policies applied:"
7424
msgstr ""
7425
7426
#: serverguide/C/security.xml:235(computeroutput)
7427
#, no-wrap
7428
msgid ""
7429
"Last password change : Jan 20, 2008\n"
7430
"Password expires : never\n"
7431
"Password inactive : never\n"
7432
"Account expires : never\n"
7433
"Minimum number of days between password change : 0\n"
7434
"Maximum number of days between password change : 99999\n"
7435
"Number of days of warning before password expires : 7"
7436
msgstr ""
7437
7438
#: serverguide/C/security.xml:245(para)
7439
msgid ""
7440
"To set any of these values, simply use the following syntax, and follow the "
7441
"interactive prompts:"
7442
msgstr ""
7443
7444
#: serverguide/C/security.xml:249(command)
7445
msgid "sudo chage username"
7446
msgstr ""
7447
7448
#: serverguide/C/security.xml:251(para)
7449
msgid ""
7450
"The following is also an example of how you can manually change the explicit "
7451
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
7452
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
7453
"password expiration, and a warning time period (-W) of 14 days before "
7454
"password expiration."
7455
msgstr ""
7456
7457
#: serverguide/C/security.xml:255(command)
7458
msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
7459
msgstr ""
7460
7461
#: serverguide/C/security.xml:259(para)
7462
msgid "To verify changes, use the same syntax as mentioned previously:"
7463
msgstr ""
7464
7465
#: serverguide/C/security.xml:265(para)
7466
msgid ""
7467
"The output below shows the new policies that have been established for the "
7468
"account:"
7469
msgstr ""
7470
7471
#: serverguide/C/security.xml:268(computeroutput)
7472
#, no-wrap
7473
msgid ""
7474
"Last password change : Jan 20, 2008\n"
7475
"Password expires : Apr 19, 2008\n"
7476
"Password inactive : May 19, 2008\n"
7477
"Account expires : Jan 31, 2008\n"
7478
"Minimum number of days between password change : 5\n"
7479
"Maximum number of days between password change : 90\n"
7480
"Number of days of warning before password expires : 14"
7481
msgstr ""
7482
7483
#: serverguide/C/security.xml:284(title)
7484
msgid "Other Security Considerations"
7485
msgstr ""
7486
7487
#: serverguide/C/security.xml:285(para)
7488
msgid ""
7489
"Many applications use alternate authentication mechanisms that can be easily "
7490
"overlooked by even experienced system administrators. Therefore, it is "
7491
"important to understand and control how users authenticate and gain access "
7492
"to services and applications on your server."
7493
msgstr ""
7494
7495
#: serverguide/C/security.xml:290(title)
7496
msgid "SSH Access by Disabled Users"
7497
msgstr ""
7498
7499
#: serverguide/C/security.xml:291(para)
7500
msgid ""
7501
"Simply disabling/locking a user account will not prevent a user from logging "
7502
"into your server remotely if they have previously set up RSA public key "
7503
"authentication. They will still be able to gain shell access to the server, "
7504
"without the need for any password. Remember to check the users home "
7505
"directory for files that will allow for this type of authenticated SSH "
7506
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
7507
msgstr ""
7508
7509
#: serverguide/C/security.xml:294(para)
7510
msgid ""
7511
"Remove or rename the directory <filename "
7512
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
7513
"further SSH authentication capabilities."
7514
msgstr ""
7515
7516
#: serverguide/C/security.xml:297(para)
7517
msgid ""
7518
"Be sure to check for any established SSH connections by the disabled user, "
7519
"as it is possible they may have existing inbound or outbound connections. "
7520
"Kill any that are found."
7521
msgstr ""
7522
7523
#: serverguide/C/security.xml:300(para)
7524
msgid ""
7525
"Restrict SSH access to only user accounts that should have it. For example, "
7526
"you may create a group called \"sshlogin\" and add the group name as the "
7527
"value associated with the <varname>AllowGroups</varname> variable located in "
7528
"the file <filename>/etc/ssh/sshd_config</filename>."
7529
msgstr ""
7530
7531
#: serverguide/C/security.xml:303(programlisting)
7532
#, no-wrap
7533
msgid ""
7534
"\n"
7535
"AllowGroups sshlogin\n"
7536
msgstr ""
7537
7538
#: serverguide/C/security.xml:306(para)
7539
msgid ""
7540
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
7541
"SSH service."
7542
msgstr ""
7543
7544
#: serverguide/C/security.xml:310(command)
7545
msgid "sudo adduser username sshlogin"
7546
msgstr ""
7547
7548
#: serverguide/C/security.xml:311(command) serverguide/C/remote-administration.xml:150(command)
7549
msgid "sudo /etc/init.d/ssh restart"
7550
msgstr ""
7551
7552
#: serverguide/C/security.xml:315(title)
7553
msgid "External User Database Authentication"
7554
msgstr ""
7555
7556
#: serverguide/C/security.xml:316(para)
7557
msgid ""
7558
"Most enterprise networks require centralized authentication and access "
7559
"controls for all system resources. If you have configured your server to "
7560
"authenticate users against external databases, be sure to disable the user "
7561
"accounts both externally and locally, this way you ensure that local "
7562
"fallback authentication is not possible."
7563
msgstr ""
7564
7565
#: serverguide/C/security.xml:325(title)
7566
msgid "Console Security"
7567
msgstr ""
7568
7569
#: serverguide/C/security.xml:326(para)
7570
msgid ""
7571
"As with any other security barrier you put in place to protect your server, "
7572
"it is pretty tough to defend against untold damage caused by someone with "
7573
"physical access to your environment, for example, theft of hard drives, "
7574
"power or service disruption and so on. Therefore, console security should be "
7575
"addressed merely as one component of your overall physical security "
7576
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
7577
"very least slow down a determined one, so it is still advisable to perform "
7578
"basic precautions with regard to console security."
7579
msgstr ""
7580
7581
#: serverguide/C/security.xml:329(para)
7582
msgid ""
7583
"The following instructions will help defend your server against issues that "
7584
"could otherwise yield very serious consequences."
7585
msgstr ""
7586
7587
#: serverguide/C/security.xml:334(title)
7588
msgid "Disable Ctrl+Alt+Delete"
7589
msgstr ""
7590
7591
#: serverguide/C/security.xml:335(para)
7592
msgid ""
7593
"First and foremost, anyone that has physical access to the keyboard can "
7594
"simply use the "
7595
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7596
"eycombo> key combination to reboot the server without having to log on. "
7597
"Sure, someone could simply unplug the power source, but you should still "
7598
"prevent the use of this key combination on a production server. This forces "
7599
"an attacker to take more drastic measures to reboot the server, and will "
7600
"prevent accidental reboots at the same time."
7601
msgstr ""
7602
7603
#: serverguide/C/security.xml:340(para)
7604
msgid ""
7605
"To disable the reboot action taken by pressing the "
7606
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
7607
"eycombo> key combination, comment out the following line in the file "
7608
"<filename>/etc/init/control-alt-delete.conf</filename>."
7609
msgstr ""
7610
7611
#: serverguide/C/security.xml:343(programlisting)
7612
#, no-wrap
7613
msgid ""
7614
"\n"
7615
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7616
msgstr ""
7617
7618
#: serverguide/C/security.xml:352(title)
7619
msgid "Firewall"
7620
msgstr ""
7621
7622
#: serverguide/C/security.xml:355(para)
7623
msgid ""
7624
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
7625
"which is used to manipulate or decide the fate of network traffic headed "
7626
"into or through your server. All modern Linux firewall solutions use this "
7627
"system for packet filtering."
7628
msgstr ""
7629
7630
#: serverguide/C/security.xml:360(para)
7631
msgid ""
7632
"The kernel's packet filtering system would be of little use to "
7633
"administrators without a userspace interface to manage it. This is the "
7634
"purpose of iptables. When a packet reaches your server, it will be handed "
7635
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
7636
"based on the rules supplied to it from userspace via iptables. Thus, "
7637
"iptables is all you need to manage your firewall if you're familiar with it, "
7638
"but many frontends are available to simplify the task."
7639
msgstr ""
7640
7641
#: serverguide/C/security.xml:370(title)
7642
msgid "ufw - Uncomplicated Firewall"
7643
msgstr ""
7644
7645
#: serverguide/C/security.xml:371(para)
7646
msgid ""
7647
"The default firewall configuration tool for Ubuntu is "
7648
"<application>ufw</application>. Developed to ease iptables firewall "
7649
"configuration, <application>ufw</application> provides a user friendly way "
7650
"to create an IPv4 or IPv6 host-based firewall."
7651
msgstr ""
7652
7653
#: serverguide/C/security.xml:375(para)
7654
msgid ""
7655
"<application>ufw</application> by default is initially disabled. From the "
7656
"<application>ufw</application> man page:"
7657
msgstr ""
7658
7659
#: serverguide/C/security.xml:379(quote)
7660
msgid ""
7661
"ufw is not intended to provide complete firewall functionality via its "
7662
"command interface, but instead provides an easy way to add or remove simple "
7663
"rules. It is currently mainly used for host-based firewalls."
7664
msgstr ""
7665
7666
#: serverguide/C/security.xml:383(para)
7667
msgid ""
7668
"The following are some examples of how to use <application>ufw</application>:"
7669
msgstr ""
7670
7671
#: serverguide/C/security.xml:388(para)
7672
msgid ""
7673
"First, <application>ufw</application> needs to be enabled. From a terminal "
7674
"prompt enter:"
7675
msgstr ""
7676
7677
#: serverguide/C/security.xml:392(command)
7678
msgid "sudo ufw enable"
7679
msgstr ""
7680
7681
#: serverguide/C/security.xml:396(para)
7682
msgid "To open a port (ssh in this example):"
7683
msgstr ""
7684
7685
#: serverguide/C/security.xml:400(command)
7686
msgid "sudo ufw allow 22"
7687
msgstr ""
7688
7689
#: serverguide/C/security.xml:404(para)
7690
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
7691
msgstr ""
7692
7693
#: serverguide/C/security.xml:408(command)
7694
msgid "sudo ufw insert 1 allow 80"
7695
msgstr ""
7696
7697
#: serverguide/C/security.xml:412(para)
7698
msgid "Similarly, to close an opened port:"
7699
msgstr ""
7700
7701
#: serverguide/C/security.xml:416(command)
7702
msgid "sudo ufw deny 22"
7703
msgstr ""
7704
7705
#: serverguide/C/security.xml:420(para)
7706
msgid "To remove a rule, use delete followed by the rule:"
7707
msgstr ""
7708
7709
#: serverguide/C/security.xml:424(command)
7710
msgid "sudo ufw delete deny 22"
7711
msgstr ""
7712
7713
#: serverguide/C/security.xml:428(para)
7714
msgid ""
7715
"It is also possible to allow access from specific hosts or networks to a "
7716
"port. The following example allows ssh access from host 192.168.0.2 to any "
7717
"ip address on this host:"
7718
msgstr ""
7719
7720
#: serverguide/C/security.xml:433(command)
7721
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
7722
msgstr ""
7723
7724
#: serverguide/C/security.xml:435(para)
7725
msgid ""
7726
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
7727
"subnet."
7728
msgstr ""
7729
7730
#: serverguide/C/security.xml:441(para)
7731
msgid ""
7732
"Adding the <emphasis>--dry-run</emphasis> option to a "
7733
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
7734
"apply them. For example, the following is what would be applied if opening "
7735
"the HTTP port:"
7736
msgstr ""
7737
7738
#: serverguide/C/security.xml:447(command)
7739
msgid "sudo ufw --dry-run allow http"
7740
msgstr ""
7741
7742
#: serverguide/C/security.xml:451(computeroutput)
7743
#, no-wrap
7744
msgid ""
7745
"*filter\n"
7746
":ufw-user-input - [0:0]\n"
7747
":ufw-user-output - [0:0]\n"
7748
":ufw-user-forward - [0:0]\n"
7749
":ufw-user-limit - [0:0]\n"
7750
":ufw-user-limit-accept - [0:0]\n"
7751
"### RULES ###\n"
7752
"\n"
7753
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
7754
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
7755
"\n"
7756
"### END RULES ###\n"
7757
"-A ufw-user-input -j RETURN\n"
7758
"-A ufw-user-output -j RETURN\n"
7759
"-A ufw-user-forward -j RETURN\n"
7760
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
7761
"LIMIT]: \"\n"
7762
"-A ufw-user-limit -j REJECT\n"
7763
"-A ufw-user-limit-accept -j ACCEPT\n"
7764
"COMMIT\n"
7765
"Rules updated"
7766
msgstr ""
7767
7768
#: serverguide/C/security.xml:475(para)
7769
msgid "<application>ufw</application> can be disabled by:"
7770
msgstr ""
7771
7772
#: serverguide/C/security.xml:479(command)
7773
msgid "sudo ufw disable"
7774
msgstr ""
7775
7776
#: serverguide/C/security.xml:483(para)
7777
msgid "To see the firewall status, enter:"
7778
msgstr ""
7779
7780
#: serverguide/C/security.xml:487(command)
7781
msgid "sudo ufw status"
7782
msgstr ""
7783
7784
#: serverguide/C/security.xml:491(para)
7785
msgid "And for more verbose status information use:"
7786
msgstr ""
7787
7788
#: serverguide/C/security.xml:495(command)
7789
msgid "sudo ufw status verbose"
7790
msgstr ""
7791
7792
#: serverguide/C/security.xml:499(para)
7793
msgid "To view the <emphasis>numbered</emphasis> format:"
7794
msgstr ""
7795
7796
#: serverguide/C/security.xml:503(command)
7797
msgid "sudo ufw status numbered"
7798
msgstr ""
7799
7800
#: serverguide/C/security.xml:508(para)
7801
msgid ""
7802
"If the port you want to open or close is defined in "
7803
"<filename>/etc/services</filename>, you can use the port name instead of the "
7804
"number. In the above examples, replace <emphasis>22</emphasis> with "
7805
"<emphasis>ssh</emphasis>."
7806
msgstr ""
7807
7808
#: serverguide/C/security.xml:514(para)
7809
msgid ""
7810
"This is a quick introduction to using <application>ufw</application>. Please "
7811
"refer to the <application>ufw</application> man page for more information."
7812
msgstr ""
7813
7814
#: serverguide/C/security.xml:520(title)
7815
msgid "ufw Application Integration"
7816
msgstr ""
7817
7818
#: serverguide/C/security.xml:522(para)
7819
msgid ""
7820
"Applications that open ports can include an <application>ufw</application> "
7821
"profile, which details the ports needed for the application to function "
7822
"properly. The profiles are kept in <filename "
7823
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7824
"the default ports have been changed."
7825
msgstr ""
7826
7827
#: serverguide/C/security.xml:531(para)
7828
msgid ""
7829
"To view which applications have installed a profile, enter the following in "
7830
"a terminal:"
7831
msgstr ""
7832
7833
#: serverguide/C/security.xml:536(command)
7834
msgid "sudo ufw app list"
7835
msgstr ""
7836
7837
#: serverguide/C/security.xml:542(para)
7838
msgid ""
7839
"Similar to allowing traffic to a port, using an application profile is "
7840
"accomplished by entering:"
7841
msgstr ""
7842
7843
#: serverguide/C/security.xml:547(command)
7844
msgid "sudo ufw allow Samba"
7845
msgstr ""
7846
7847
#: serverguide/C/security.xml:553(para)
7848
msgid "An extended syntax is available as well:"
7849
msgstr ""
7850
7851
#: serverguide/C/security.xml:558(command)
7852
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7853
msgstr ""
7854
7855
#: serverguide/C/security.xml:561(para)
7856
msgid ""
7857
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7858
"with the application profile you are using and the IP range for your network."
7859
msgstr ""
7860
7861
#: serverguide/C/security.xml:567(para)
7862
msgid ""
7863
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7864
"application, because that information is detailed in the profile. Also, note "
7865
"that the <emphasis>app</emphasis> name replaces the "
7866
"<emphasis>port</emphasis> number."
7867
msgstr ""
7868
7869
#: serverguide/C/security.xml:576(para)
7870
msgid ""
7871
"To view details about which ports, protocols, etc are defined for an "
7872
"application, enter:"
7873
msgstr ""
7874
7875
#: serverguide/C/security.xml:581(command)
7876
msgid "sudo ufw app info Samba"
7877
msgstr ""
7878
7879
#: serverguide/C/security.xml:587(para)
7880
msgid ""
7881
"Not all applications that require opening a network port come with "
7882
"<application>ufw</application> profiles, but if you have profiled an "
7883
"application and want the file to be included with the package, please file a "
7884
"bug against the package in <ulink "
7885
"url=\"https://launchpad.net/\">Launchpad</ulink>."
7886
msgstr ""
7887
7888
#: serverguide/C/security.xml:596(title)
7889
msgid "IP Masquerading"
7890
msgstr ""
7891
7892
#: serverguide/C/security.xml:597(para)
7893
msgid ""
7894
"The purpose of IP Masquerading is to allow machines with private, non-"
7895
"routable IP addresses on your network to access the Internet through the "
7896
"machine doing the masquerading. Traffic from your private network destined "
7897
"for the Internet must be manipulated for replies to be routable back to the "
7898
"machine that made the request. To do this, the kernel must modify the "
7899
"<emphasis>source</emphasis> IP address of each packet so that replies will "
7900
"be routed back to it, rather than to the private IP address that made the "
7901
"request, which is impossible over the Internet. Linux uses "
7902
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
7903
"connections belong to which machines and reroute each return packet "
7904
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
7905
"having originated from your Ubuntu gateway machine. This process is referred "
7906
"to in Microsoft documentation as Internet Connection Sharing."
7907
msgstr ""
7908
7909
#: serverguide/C/security.xml:613(title)
7910
msgid "ufw Masquerading"
7911
msgstr ""
7912
7913
#: serverguide/C/security.xml:614(para)
7914
msgid ""
7915
"IP Masquerading can be achieved using custom <application>ufw</application> "
7916
"rules. This is possible because the current back-end for "
7917
"<application>ufw</application> is <application>iptables-"
7918
"restore</application> with the rules files located in "
7919
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
7920
"legacy iptables rules used without <application>ufw</application>, and rules "
7921
"that are more network gateway or bridge related."
7922
msgstr ""
7923
7924
#: serverguide/C/security.xml:620(para)
7925
msgid ""
7926
"The rules are split into two different files, rules that should be executed "
7927
"before <application>ufw</application> command line rules, and rules that are "
7928
"executed after <application>ufw</application> command line rules."
7929
msgstr ""
7930
7931
#: serverguide/C/security.xml:626(para)
7932
msgid ""
7933
"First, packet forwarding needs to be enabled in "
7934
"<application>ufw</application>. Two configuration files will need to be "
7935
"adjusted, in <filename>/etc/default/ufw</filename> change the "
7936
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
7937
msgstr ""
7938
7939
#: serverguide/C/security.xml:630(programlisting)
7940
#, no-wrap
7941
msgid ""
7942
"\n"
7943
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
7944
msgstr ""
7945
7946
#: serverguide/C/security.xml:633(para)
7947
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
7948
msgstr ""
7949
7950
#: serverguide/C/security.xml:636(programlisting)
7951
#, no-wrap
7952
msgid ""
7953
"\n"
7954
"net/ipv4/ip_forward=1\n"
7955
msgstr ""
7956
7957
#: serverguide/C/security.xml:639(para)
7958
msgid "Similarly, for IPv6 forwarding uncomment:"
7959
msgstr ""
7960
7961
#: serverguide/C/security.xml:642(programlisting)
7962
#, no-wrap
7963
msgid ""
7964
"\n"
7965
"net/ipv6/conf/default/forwarding=1\n"
7966
msgstr ""
7967
7968
#: serverguide/C/security.xml:647(para)
7969
msgid ""
7970
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
7971
"file. The default rules only configure the <emphasis>filter</emphasis> "
7972
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
7973
"need to be configured. Add the following to the top of the file just after "
7974
"the header comments:"
7975
msgstr ""
7976
7977
#: serverguide/C/security.xml:652(programlisting)
7978
#, no-wrap
7979
msgid ""
7980
"\n"
7981
"# nat Table rules\n"
7982
"*nat\n"
7983
":POSTROUTING ACCEPT [0:0]\n"
7984
"\n"
7985
"# Forward traffic from eth1 through eth0.\n"
7986
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
7987
"\n"
7988
"# don't delete the 'COMMIT' line or these nat table rules won't be "
7989
"processed\n"
7990
"COMMIT\n"
7991
msgstr ""
7992
7993
#: serverguide/C/security.xml:663(para)
7994
msgid ""
7995
"The comments are not strictly necessary, but it is considered good practice "
7996
"to document your configuration. Also, when modifying any of the "
7997
"<emphasis>rules</emphasis> files in <filename "
7998
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
7999
"line for each table modified:"
8000
msgstr ""
8001
8002
#: serverguide/C/security.xml:669(programlisting)
8003
#, no-wrap
8004
msgid ""
8005
"\n"
8006
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
8007
"COMMIT\n"
8008
msgstr ""
8009
8010
#: serverguide/C/security.xml:674(para)
8011
msgid ""
8012
"For each <emphasis>Table</emphasis> a corresponding "
8013
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
8014
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
8015
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
8016
"<emphasis>mangle</emphasis> tables."
8017
msgstr ""
8018
8019
#: serverguide/C/security.xml:681(para)
8020
msgid ""
8021
"In the above example replace <emphasis>eth0</emphasis>, "
8022
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
8023
"appropriate interfaces and IP range for your network."
8024
msgstr ""
8025
8026
#: serverguide/C/security.xml:689(para)
8027
msgid ""
8028
"Finally, disable and re-enable <application>ufw</application> to apply the "
8029
"changes:"
8030
msgstr ""
8031
8032
#: serverguide/C/security.xml:693(command)
8033
msgid "sudo ufw disable && sudo ufw enable"
8034
msgstr ""
8035
8036
#: serverguide/C/security.xml:697(para)
8037
msgid ""
8038
"IP Masquerading should now be enabled. You can also add any additional "
8039
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
8040
"recommended that these additional rules be added to the <emphasis>ufw-before-"
8041
"forward</emphasis> chain."
8042
msgstr ""
8043
8044
#: serverguide/C/security.xml:704(title)
8045
msgid "iptables Masquerading"
8046
msgstr ""
8047
8048
#: serverguide/C/security.xml:705(para)
8049
msgid ""
8050
"<application>iptables</application> can also be used to enable masquerading."
8051
msgstr ""
8052
8053
#: serverguide/C/security.xml:710(para)
8054
msgid ""
8055
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
8056
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
8057
"uncomment the following line"
8058
msgstr ""
8059
8060
#: serverguide/C/security.xml:714(programlisting)
8061
#, no-wrap
8062
msgid ""
8063
"\n"
8064
"net.ipv4.ip_forward=1\n"
8065
msgstr ""
8066
8067
#: serverguide/C/security.xml:717(para)
8068
msgid "If you wish to enable IPv6 forwarding also uncomment:"
8069
msgstr ""
8070
8071
#: serverguide/C/security.xml:720(programlisting)
8072
#, no-wrap
8073
msgid ""
8074
"\n"
8075
"net.ipv6.conf.default.forwarding=1\n"
8076
msgstr ""
8077
8078
#: serverguide/C/security.xml:725(para)
8079
msgid ""
8080
"Next, execute the <application>sysctl</application> command to enable the "
8081
"new settings in the configuration file:"
8082
msgstr ""
8083
8084
#: serverguide/C/security.xml:729(command)
8085
msgid "sudo sysctl -p"
8086
msgstr ""
8087
8088
#: serverguide/C/security.xml:733(para)
8089
msgid ""
8090
"IP Masquerading can now be accomplished with a single iptables rule, which "
8091
"may differ slightly based on your network configuration:"
8092
msgstr ""
8093
8094
#: serverguide/C/security.xml:736(screen)
8095
#, no-wrap
8096
msgid ""
8097
"\n"
8098
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8099
msgstr ""
8100
8101
#: serverguide/C/security.xml:739(para)
8102
msgid ""
8103
"The above command assumes that your private address space is 192.168.0.0/16 "
8104
"and that your Internet-facing device is ppp0. The syntax is broken down as "
8105
"follows:"
8106
msgstr ""
8107
8108
#: serverguide/C/security.xml:744(para)
8109
msgid "-t nat -- the rule is to go into the nat table"
8110
msgstr ""
8111
8112
#: serverguide/C/security.xml:745(para)
8113
msgid ""
8114
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
8115
msgstr ""
8116
8117
#: serverguide/C/security.xml:746(para)
8118
msgid ""
8119
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
8120
"specified address space"
8121
msgstr ""
8122
8123
#: serverguide/C/security.xml:747(para)
8124
msgid ""
8125
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
8126
"specified network device"
8127
msgstr ""
8128
8129
#: serverguide/C/security.xml:749(para)
8130
msgid ""
8131
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
8132
"MASQUERADE target to be manipulated as described above"
8133
msgstr ""
8134
8135
#: serverguide/C/security.xml:757(para)
8136
msgid ""
8137
"Also, each chain in the filter table (the default table, and where most or "
8138
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
8139
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
8140
"you may have set the policies to DROP or REJECT, in which case your "
8141
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
8142
"above rule to work:"
8143
msgstr ""
8144
8145
#: serverguide/C/security.xml:764(screen)
8146
#, no-wrap
8147
msgid ""
8148
"\n"
8149
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
8150
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
8151
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
8152
msgstr ""
8153
8154
#: serverguide/C/security.xml:768(para)
8155
msgid ""
8156
"The above commands will allow all connections from your local network to the "
8157
"Internet and all traffic related to those connections to return to the "
8158
"machine that initiated them."
8159
msgstr ""
8160
8161
#: serverguide/C/security.xml:775(para)
8162
msgid ""
8163
"If you want masquerading to be enabled on reboot, which you probably do, "
8164
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
8165
"example add the first command with no filtering:"
8166
msgstr ""
8167
8168
#: serverguide/C/security.xml:779(screen)
8169
#, no-wrap
8170
msgid ""
8171
"\n"
8172
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
8173
msgstr ""
8174
8175
#: serverguide/C/security.xml:787(title)
8176
msgid "Logs"
8177
msgstr ""
8178
8179
#: serverguide/C/security.xml:788(para)
8180
msgid ""
8181
"Firewall logs are essential for recognizing attacks, troubleshooting your "
8182
"firewall rules, and noticing unusual activity on your network. You must "
8183
"include logging rules in your firewall for them to be generated, though, and "
8184
"logging rules must come before any applicable terminating rule (a rule with "
8185
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
8186
"REJECT)."
8187
msgstr ""
8188
8189
#: serverguide/C/security.xml:795(para)
8190
msgid ""
8191
"If you are using <application>ufw</application>, you can turn on logging by "
8192
"entering the following in a terminal:"
8193
msgstr ""
8194
8195
#: serverguide/C/security.xml:799(command)
8196
msgid "sudo ufw logging on"
8197
msgstr ""
8198
8199
#: serverguide/C/security.xml:801(para)
8200
msgid ""
8201
"To turn logging off in <application>ufw</application>, simply replace "
8202
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
8203
"role=\"italic\">off</emphasis> in the above command."
8204
msgstr ""
8205
8206
#: serverguide/C/security.xml:804(para)
8207
msgid ""
8208
"If using <application>iptables</application> instead of "
8209
"<application>ufw</application>, enter:"
8210
msgstr ""
8211
8212
#: serverguide/C/security.xml:807(screen)
8213
#, no-wrap
8214
msgid ""
8215
"\n"
8216
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
8217
"prefix \"NEW_HTTP_CONN: \"\n"
8218
msgstr ""
8219
8220
#: serverguide/C/security.xml:810(para)
8221
msgid ""
8222
"A request on port 80 from the local machine, then, would generate a log in "
8223
"dmesg that looks like this:"
8224
msgstr ""
8225
8226
#: serverguide/C/security.xml:815(programlisting)
8227
#, no-wrap
8228
msgid ""
8229
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
8230
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
8231
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
8232
"WINDOW=32767 RES=0x00 SYN URGP=0"
8233
msgstr ""
8234
8235
#: serverguide/C/security.xml:817(para)
8236
msgid ""
8237
"The above log will also appear in <filename>/var/log/messages</filename>, "
8238
"<filename>/var/log/syslog</filename>, and "
8239
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
8240
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
8241
"and configuring <application>ulogd</application> and using the ULOG target "
8242
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
8243
"server that listens for logging instructions from the kernel specifically "
8244
"for firewalls, and can log to any file you like, or even to a "
8245
"<application>PostgreSQL</application> or <application>MySQL</application> "
8246
"database. Making sense of your firewall logs can be simplified by using a "
8247
"log analyzing tool such as <application>fwanalog</application>, "
8248
"<application> fwlogwatch</application>, or <application>lire</application>."
8249
msgstr ""
8250
8251
#: serverguide/C/security.xml:832(title)
8252
msgid "Other Tools"
8253
msgstr ""
8254
8255
#: serverguide/C/security.xml:833(para)
8256
msgid ""
8257
"There are many tools available to help you construct a complete firewall "
8258
"without intimate knowledge of iptables. For the GUI-inclined:"
8259
msgstr ""
8260
8261
#: serverguide/C/security.xml:839(para)
8262
msgid ""
8263
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
8264
"popular and easy to use."
8265
msgstr ""
8266
8267
#: serverguide/C/security.xml:844(para)
8268
msgid ""
8269
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
8270
"and will look familiar to an administrator who has used a commercial "
8271
"firewall utility such as <application>Checkpoint FireWall-1</application>."
8272
msgstr ""
8273
8274
#: serverguide/C/security.xml:850(para)
8275
msgid ""
8276
"If you prefer a command-line tool with plain-text configuration files:"
8277
msgstr ""
8278
8279
#: serverguide/C/security.xml:855(para)
8280
msgid ""
8281
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
8282
"powerful solution to help you configure an advanced firewall for any network."
8283
msgstr ""
8284
8285
#: serverguide/C/security.xml:861(para)
8286
msgid ""
8287
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
8288
"a working firewall \"out of the box\" with zero configuration, and will "
8289
"allow you to easily set up a more advanced firewall by editing simple, well-"
8290
"documented configuration files."
8291
msgstr ""
8292
8293
#: serverguide/C/security.xml:868(para)
8294
msgid ""
8295
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
8296
"designed to be a desktop firewall application. It is made up of a server "
8297
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
8298
"like many popular interactive firewall applications for Windows."
8299
msgstr ""
8300
8301
#: serverguide/C/security.xml:880(para)
8302
msgid ""
8303
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
8304
"Firewall</ulink> wiki page contains information on the development of "
8305
"<application>ufw</application>."
8306
msgstr ""
8307
8308
#: serverguide/C/security.xml:886(para)
8309
msgid ""
8310
"Also, the <application>ufw</application> manual page contains some very "
8311
"useful information: <command>man ufw</command>."
8312
msgstr ""
8313
8314
#: serverguide/C/security.xml:891(para)
8315
msgid ""
8316
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
8317
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
8318
"on using <application>iptables</application>."
8319
msgstr ""
8320
8321
#: serverguide/C/security.xml:897(para)
8322
msgid ""
8323
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
8324
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
8325
msgstr ""
8326
8327
#: serverguide/C/security.xml:903(para)
8328
msgid ""
8329
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8330
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8331
msgstr ""
8332
8333
#: serverguide/C/security.xml:911(title)
8334
msgid "AppArmor"
8335
msgstr ""
8336
8337
#: serverguide/C/security.xml:912(para)
8338
msgid ""
8339
"<application>AppArmor</application> is a Linux Security Module "
8340
"implementation of name-based mandatory access controls. AppArmor confines "
8341
"individual programs to a set of listed files and posix 1003.1e draft "
8342
"capabilities."
8343
msgstr ""
8344
8345
#: serverguide/C/security.xml:916(para)
8346
msgid ""
8347
"<application>AppArmor</application> is installed and loaded by default. It "
8348
"uses <emphasis>profiles</emphasis> of an application to determine what files "
8349
"and permissions the application requires. Some packages will install their "
8350
"own profiles, and additional profiles can be found in the "
8351
"<application>apparmor-profiles</application> package."
8352
msgstr ""
8353
8354
#: serverguide/C/security.xml:921(para)
8355
msgid ""
8356
"To install the <application>apparmor-profiles</application> package from a "
8357
"terminal prompt:"
8358
msgstr ""
8359
8360
#: serverguide/C/security.xml:927(para)
8361
msgid "AppArmor profiles have two modes of execution:"
8362
msgstr ""
8363
8364
#: serverguide/C/security.xml:932(para)
8365
msgid ""
8366
"Complaining/Learning: profile violations are permitted and logged. Useful "
8367
"for testing and developing new profiles."
8368
msgstr ""
8369
8370
#: serverguide/C/security.xml:937(para)
8371
msgid ""
8372
"Enforced/Confined: enforces profile policy as well as logging the violation."
8373
msgstr ""
8374
8375
#: serverguide/C/security.xml:943(title)
8376
msgid "Using AppArmor"
8377
msgstr ""
8378
8379
#: serverguide/C/security.xml:944(para)
8380
msgid ""
8381
"The <application>apparmor-utils</application> package contains command line "
8382
"utilities that you can use to change the <application>AppArmor</application> "
8383
"execution mode, find the status of a profile, create new profiles, etc."
8384
msgstr ""
8385
8386
#: serverguide/C/security.xml:950(para)
8387
msgid ""
8388
"<application>apparmor_status</application> is used to view the current "
8389
"status of AppArmor profiles."
8390
msgstr ""
8391
8392
#: serverguide/C/security.xml:954(command)
8393
msgid "sudo apparmor_status"
8394
msgstr ""
8395
8396
#: serverguide/C/security.xml:958(para)
8397
msgid ""
8398
"<application>aa-complain</application> places a profile into "
8399
"<emphasis>complain</emphasis> mode."
8400
msgstr ""
8401
8402
#: serverguide/C/security.xml:962(command)
8403
msgid "sudo aa-complain /path/to/bin"
8404
msgstr ""
8405
8406
#: serverguide/C/security.xml:966(para)
8407
msgid ""
8408
"<application>aa-enforce</application> places a profile into "
8409
"<emphasis>enforce</emphasis> mode."
8410
msgstr ""
8411
8412
#: serverguide/C/security.xml:970(command)
8413
msgid "sudo aa-enforce /path/to/bin"
8414
msgstr ""
8415
8416
#: serverguide/C/security.xml:974(para)
8417
msgid ""
8418
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
8419
"profiles are located. It can be used to manipulate the "
8420
"<emphasis>mode</emphasis> of all profiles."
8421
msgstr ""
8422
8423
#: serverguide/C/security.xml:978(para)
8424
msgid "Enter the following to place all profiles into complain mode:"
8425
msgstr ""
8426
8427
#: serverguide/C/security.xml:982(command)
8428
msgid "sudo aa-complain /etc/apparmor.d/*"
8429
msgstr ""
8430
8431
#: serverguide/C/security.xml:984(para)
8432
msgid "To place all profiles in enforce mode:"
8433
msgstr ""
8434
8435
#: serverguide/C/security.xml:988(command)
8436
msgid "sudo aa-enforce /etc/apparmor.d/*"
8437
msgstr ""
8438
8439
#: serverguide/C/security.xml:992(para)
8440
msgid ""
8441
"<application>apparmor_parser</application> is used to load a profile into "
8442
"the kernel. It can also be used to reload a currently loaded profile using "
8443
"the <emphasis>-r</emphasis> option. To load a profile:"
8444
msgstr ""
8445
8446
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
8447
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
8448
msgstr ""
8449
8450
#: serverguide/C/security.xml:999(para)
8451
msgid "To reload a profile:"
8452
msgstr ""
8453
8454
#: serverguide/C/security.xml:1003(command)
8455
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
8456
msgstr ""
8457
8458
#: serverguide/C/security.xml:1007(para)
8459
msgid ""
8460
"<filename>/etc/init.d/apparmor</filename> can be used to "
8461
"<emphasis>reload</emphasis> all profiles:"
8462
msgstr ""
8463
8464
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
8465
msgid "sudo /etc/init.d/apparmor reload"
8466
msgstr ""
8467
8468
#: serverguide/C/security.xml:1015(para)
8469
msgid ""
8470
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
8471
"with the <application>apparmor_parser -R</application> option to "
8472
"<emphasis>disable</emphasis> a profile."
8473
msgstr ""
8474
8475
#: serverguide/C/security.xml:1020(command)
8476
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
8477
msgstr ""
8478
8479
#: serverguide/C/security.xml:1021(command)
8480
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
8481
msgstr ""
8482
8483
#: serverguide/C/security.xml:1023(para)
8484
msgid ""
8485
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
8486
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
8487
"load the profile using the <emphasis>-a</emphasis> option."
8488
msgstr ""
8489
8490
#: serverguide/C/security.xml:1028(command)
8491
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
8492
msgstr ""
8493
8494
#: serverguide/C/security.xml:1033(para)
8495
msgid ""
8496
"<application>AppArmor</application> can be disabled, and the kernel module "
8497
"unloaded by entering the following:"
8498
msgstr ""
8499
8500
#: serverguide/C/security.xml:1037(command)
8501
msgid "sudo /etc/init.d/apparmor stop"
8502
msgstr ""
8503
8504
#: serverguide/C/security.xml:1038(command)
8505
msgid "sudo update-rc.d -f apparmor remove"
8506
msgstr ""
8507
8508
#: serverguide/C/security.xml:1042(para)
8509
msgid "To re-enable <application>AppArmor</application> enter:"
8510
msgstr ""
8511
8512
#: serverguide/C/security.xml:1046(command)
8513
msgid "sudo /etc/init.d/apparmor start"
8514
msgstr ""
8515
8516
#: serverguide/C/security.xml:1047(command)
8517
msgid "sudo update-rc.d apparmor defaults"
8518
msgstr ""
8519
8520
#: serverguide/C/security.xml:1052(para)
8521
msgid ""
8522
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
8523
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
8524
"the actual executable file path. For example for the "
8525
"<application>ping</application> command use <filename>/bin/ping</filename>"
8526
msgstr ""
8527
8528
#: serverguide/C/security.xml:1060(title)
8529
msgid "Profiles"
8530
msgstr ""
8531
8532
#: serverguide/C/security.xml:1061(para)
8533
msgid ""
8534
"<application>AppArmor</application> profiles are simple text files located "
8535
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
8536
"path to the executable they profile replacing the \"/\" with \".\". For "
8537
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
8538
"profile for the <filename>/bin/ping</filename> command."
8539
msgstr ""
8540
8541
#: serverguide/C/security.xml:1067(para)
8542
msgid "There are two main type of rules used in profiles:"
8543
msgstr ""
8544
8545
#: serverguide/C/security.xml:1072(para)
8546
msgid ""
8547
"<emphasis>Path entries:</emphasis> which detail which files an application "
8548
"can access in the file system."
8549
msgstr ""
8550
8551
#: serverguide/C/security.xml:1077(para)
8552
msgid ""
8553
"<emphasis>Capability entries:</emphasis> determine what privileges a "
8554
"confined process is allowed to use."
8555
msgstr ""
8556
8557
#: serverguide/C/security.xml:1082(para)
8558
msgid ""
8559
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
8560
msgstr ""
8561
8562
#: serverguide/C/security.xml:1085(programlisting)
8563
#, no-wrap
8564
msgid ""
8565
"\n"
8566
"#include <tunables/global>\n"
8567
"/bin/ping flags=(complain) {\n"
8568
" #include <abstractions/base>\n"
8569
" #include <abstractions/consoles>\n"
8570
" #include <abstractions/nameservice>\n"
8571
"\n"
8572
" capability net_raw,\n"
8573
" capability setuid,\n"
8574
" network inet raw,\n"
8575
" \n"
8576
" /bin/ping mixr,\n"
8577
" /etc/modules.conf r,\n"
8578
"}\n"
8579
msgstr ""
8580
8581
#: serverguide/C/security.xml:1102(para)
8582
msgid ""
8583
"<emphasis>#include <tunables/global>:</emphasis> include statements "
8584
"from other files. This allows statements pertaining to multiple applications "
8585
"to be placed in a common file."
8586
msgstr ""
8587
8588
#: serverguide/C/security.xml:1108(para)
8589
msgid ""
8590
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
8591
"program, also setting the mode to <emphasis>complain</emphasis>."
8592
msgstr ""
8593
8594
#: serverguide/C/security.xml:1114(para)
8595
msgid ""
8596
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
8597
"the CAP_NET_RAW Posix.1e capability."
8598
msgstr ""
8599
8600
#: serverguide/C/security.xml:1119(para)
8601
msgid ""
8602
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
8603
"execute access to the file."
8604
msgstr ""
8605
8606
#: serverguide/C/security.xml:1125(para)
8607
msgid ""
8608
"After editing a profile file the profile must be reloaded. See <xref "
8609
"linkend=\"apparmor-usage\"/> for details."
8610
msgstr ""
8611
8612
#: serverguide/C/security.xml:1130(title)
8613
msgid "Creating a Profile"
8614
msgstr ""
8615
8616
#: serverguide/C/security.xml:1133(para)
8617
msgid ""
8618
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
8619
"application should be exercised. The test plan should be divided into small "
8620
"test cases. Each test case should have a small description and list the "
8621
"steps to follow."
8622
msgstr ""
8623
8624
#: serverguide/C/security.xml:1137(para)
8625
msgid "Some standard test cases are:"
8626
msgstr ""
8627
8628
#: serverguide/C/security.xml:1142(para)
8629
msgid "Starting the program."
8630
msgstr ""
8631
8632
#: serverguide/C/security.xml:1147(para)
8633
msgid "Stopping the program."
8634
msgstr ""
8635
8636
#: serverguide/C/security.xml:1152(para)
8637
msgid "Reloading the program."
8638
msgstr ""
8639
8640
#: serverguide/C/security.xml:1157(para)
8641
msgid "Testing all the commands supported by the init script."
8642
msgstr ""
8643
8644
#: serverguide/C/security.xml:1164(para)
8645
msgid ""
8646
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
8647
"genprof</application> to generate a new profile. From a terminal:"
8648
msgstr ""
8649
8650
#: serverguide/C/security.xml:1169(command)
8651
msgid "sudo aa-genprof executable"
8652
msgstr ""
8653
8654
#: serverguide/C/security.xml:1171(para)
8655
msgid "For example:"
8656
msgstr ""
8657
8658
#: serverguide/C/security.xml:1175(command)
8659
msgid "sudo aa-genprof slapd"
8660
msgstr ""
8661
8662
#: serverguide/C/security.xml:1179(para)
8663
msgid ""
8664
"To get your new profile included in the <application>apparmor-"
8665
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
8666
"against the <ulink "
8667
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
8668
"/ulink> package:"
8669
msgstr ""
8670
8671
#: serverguide/C/security.xml:1186(para)
8672
msgid "Include your test plan and test cases."
8673
msgstr ""
8674
8675
#: serverguide/C/security.xml:1191(para)
8676
msgid "Attach your new profile to the bug."
8677
msgstr ""
8678
8679
#: serverguide/C/security.xml:1200(title)
8680
msgid "Updating Profiles"
8681
msgstr ""
8682
8683
#: serverguide/C/security.xml:1201(para)
8684
msgid ""
8685
"When the program is misbehaving, audit messages are sent to the log files. "
8686
"The program <application>aa-logprof</application> can be used to scan log "
8687
"files for <application>AppArmor</application> audit messages, review them "
8688
"and update the profiles. From a terminal:"
8689
msgstr ""
8690
8691
#: serverguide/C/security.xml:1206(command)
8692
msgid "sudo aa-logprof"
8693
msgstr ""
8694
8695
#: serverguide/C/security.xml:1214(para)
8696
msgid ""
8697
"See the <ulink "
8698
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
8699
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
8700
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
8701
"configuration options."
8702
msgstr ""
8703
8704
#: serverguide/C/security.xml:1221(para)
8705
msgid ""
8706
"For details using AppArmor with other Ubuntu releases see the <ulink "
8707
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
8708
"Wiki</ulink> page."
8709
msgstr ""
8710
8711
#: serverguide/C/security.xml:1229(para)
8712
msgid ""
8713
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
8714
"page is another introduction to AppArmor."
8715
msgstr ""
8716
8717
#: serverguide/C/security.xml:1236(para)
8718
msgid ""
8719
"A great place to ask for <application>AppArmor</application> assistance, and "
8720
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
8721
"server</emphasis> IRC channel on <ulink "
8722
"url=\"http://freenode.net\">freenode</ulink>."
8723
msgstr ""
8724
8725
#: serverguide/C/security.xml:1246(title)
8726
msgid "Certificates"
8727
msgstr ""
8728
8729
#: serverguide/C/security.xml:1247(para)
8730
msgid ""
8731
"One of the most common forms of cryptography today is <emphasis>public-"
8732
"key</emphasis> cryptography. Public-key cryptography utilizes a "
8733
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
8734
"system works by <emphasis>encrypting</emphasis> information using the public "
8735
"key. The information can then only be <emphasis>decrypted</emphasis> using "
8736
"the private key."
8737
msgstr ""
8738
8739
#: serverguide/C/security.xml:1253(para)
8740
msgid ""
8741
"A common use for public-key cryptography is encrypting application traffic "
8742
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
8743
"connection. For example, configuring Apache to provide "
8744
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
8745
"encrypt traffic using a protocol that does not itself provide encryption."
8746
msgstr ""
8747
8748
#: serverguide/C/security.xml:1258(para)
8749
msgid ""
8750
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
8751
"<emphasis>public key</emphasis> and other information about a server and the "
8752
"organization who is responsible for it. Certificates can be digitally signed "
8753
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
8754
"third party that has confirmed that the information contained in the "
8755
"certificate is accurate."
8756
msgstr ""
8757
8758
#: serverguide/C/security.xml:1265(title)
8759
msgid "Types of Certificates"
8760
msgstr ""
8761
8762
#: serverguide/C/security.xml:1266(para)
8763
msgid ""
8764
"To set up a secure server using public-key cryptography, in most cases, you "
8765
"send your certificate request (including your public key), proof of your "
8766
"company's identity, and payment to a CA. The CA verifies the certificate "
8767
"request and your identity, and then sends back a certificate for your secure "
8768
"server. Alternatively, you can create your own <emphasis>self-"
8769
"signed</emphasis> certificate."
8770
msgstr ""
8771
8772
#: serverguide/C/security.xml:1276(para)
8773
msgid ""
8774
"Note, that self-signed certificates should not be used in most production "
8775
"environments."
8776
msgstr ""
8777
8778
#: serverguide/C/security.xml:1280(para)
8779
msgid ""
8780
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8781
"capabilities that a self-signed certificate does not:"
8782
msgstr ""
8783
8784
#: serverguide/C/security.xml:1287(para)
8785
msgid ""
8786
"Browsers (usually) automatically recognize the certificate and allow a "
8787
"secure connection to be made without prompting the user."
8788
msgstr ""
8789
8790
#: serverguide/C/security.xml:1294(para)
8791
msgid ""
8792
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8793
"the organization that is providing the web pages to the browser."
8794
msgstr ""
8795
8796
#: serverguide/C/security.xml:1302(para)
8797
msgid ""
8798
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8799
"certificates they automatically accept. If a browser encounters a "
8800
"certificate whose authorizing CA is not in the list, the browser asks the "
8801
"user to either accept or decline the connection. Also, other applications "
8802
"may generate an error message when using a self-singed certificate."
8803
msgstr ""
8804
8805
#: serverguide/C/security.xml:1310(para)
8806
msgid ""
8807
"The process of getting a certificate from a CA is fairly easy. A quick "
8808
"overview is as follows:"
8809
msgstr ""
8810
8811
#: serverguide/C/security.xml:1317(para)
8812
msgid "Create a private and public encryption key pair."
8813
msgstr ""
8814
8815
#: serverguide/C/security.xml:1320(para)
8816
msgid ""
8817
"Create a certificate request based on the public key. The certificate "
8818
"request contains information about your server and the company hosting it."
8819
msgstr ""
8820
8821
#: serverguide/C/security.xml:1325(para)
8822
msgid ""
8823
"Send the certificate request, along with documents proving your identity, to "
8824
"a CA. We cannot tell you which certificate authority to choose. Your "
8825
"decision may be based on your past experiences, or on the experiences of "
8826
"your friends or colleagues, or purely on monetary factors."
8827
msgstr ""
8828
8829
#: serverguide/C/security.xml:1331(para)
8830
msgid ""
8831
"Once you have decided upon a CA, you need to follow the instructions they "
8832
"provide on how to obtain a certificate from them."
8833
msgstr ""
8834
8835
#: serverguide/C/security.xml:1336(para)
8836
msgid ""
8837
"When the CA is satisfied that you are indeed who you claim to be, they send "
8838
"you a digital certificate."
8839
msgstr ""
8840
8841
#: serverguide/C/security.xml:1340(para)
8842
msgid ""
8843
"Install this certificate on your secure server, and configure the "
8844
"appropriate applications to use the certificate."
8845
msgstr ""
8846
8847
#: serverguide/C/security.xml:1349(title)
8848
msgid "Generating a Certificate Signing Request (CSR)"
8849
msgstr ""
8850
8851
#: serverguide/C/security.xml:1351(para)
8852
msgid ""
8853
"Whether you are getting a certificate from a CA or generating your own self-"
8854
"signed certificate, the first step is to generate a key."
8855
msgstr ""
8856
8857
#: serverguide/C/security.xml:1356(para)
8858
msgid ""
8859
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8860
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8861
"passphrase allows the services to start without manual intervention, usually "
8862
"the preferred way to start a daemon."
8863
msgstr ""
8864
8865
#: serverguide/C/security.xml:1362(para)
8866
msgid ""
8867
"This section will cover generating a key with a passphrase, and one without. "
8868
"The non-passphrase key will then be used to generate a certificate that can "
8869
"be used with various service daemons."
8870
msgstr ""
8871
8872
#: serverguide/C/security.xml:1368(para)
8873
msgid ""
8874
"Running your secure service without a passphrase is convenient because you "
8875
"will not need to enter the passphrase every time you start your secure "
8876
"service. But it is insecure and a compromise of the key means a compromise "
8877
"of the server as well."
8878
msgstr ""
8879
8880
#: serverguide/C/security.xml:1375(para)
8881
msgid ""
8882
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
8883
"Request (CSR) run the following command from a terminal prompt:"
8884
msgstr ""
8885
8886
#: serverguide/C/security.xml:1381(command)
8887
msgid "openssl genrsa -des3 -out server.key 1024"
8888
msgstr ""
8889
8890
#: serverguide/C/security.xml:1384(programlisting)
8891
#, no-wrap
8892
msgid ""
8893
"\n"
8894
"Generating RSA private key, 1024 bit long modulus\n"
8895
".....................++++++\n"
8896
".................++++++\n"
8897
"unable to write 'random state'\n"
8898
"e is 65537 (0x10001)\n"
8899
"Enter pass phrase for server.key:\n"
8900
msgstr ""
8901
8902
#: serverguide/C/security.xml:1393(para)
8903
msgid ""
8904
"You can now enter your passphrase. For best security, it should at least "
8905
"contain eight characters. The minimum length when specifying -des3 is four "
8906
"characters. It should include numbers and/or punctuation and not be a word "
8907
"in a dictionary. Also remember that your passphrase is case-sensitive."
8908
msgstr ""
8909
8910
#: serverguide/C/security.xml:1401(para)
8911
msgid ""
8912
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
8913
"server key is generated and stored in the <filename>server.key</filename> "
8914
"file."
8915
msgstr ""
8916
8917
#: serverguide/C/security.xml:1407(para)
8918
msgid ""
8919
"Now create the insecure key, the one without a passphrase, and shuffle the "
8920
"key names:"
8921
msgstr ""
8922
8923
#: serverguide/C/security.xml:1413(command)
8924
msgid "openssl rsa -in server.key -out server.key.insecure"
8925
msgstr ""
8926
8927
#: serverguide/C/security.xml:1414(command)
8928
msgid "mv server.key server.key.secure"
8929
msgstr ""
8930
8931
#: serverguide/C/security.xml:1415(command)
8932
msgid "mv server.key.insecure server.key"
8933
msgstr ""
8934
8935
#: serverguide/C/security.xml:1418(para)
8936
msgid ""
8937
"The insecure key is now named <filename>server.key</filename>, and you can "
8938
"use this file to generate the CSR without passphrase."
8939
msgstr ""
8940
8941
#: serverguide/C/security.xml:1423(para)
8942
msgid "To create the CSR, run the following command at a terminal prompt:"
8943
msgstr ""
8944
8945
#: serverguide/C/security.xml:1428(command)
8946
msgid "openssl req -new -key server.key -out server.csr"
8947
msgstr ""
8948
8949
#: serverguide/C/security.xml:1431(para)
8950
msgid ""
8951
"It will prompt you enter the passphrase. If you enter the correct "
8952
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
8953
"etc. Once you enter all these details, your CSR will be created and it will "
8954
"be stored in the <filename>server.csr</filename> file."
8955
msgstr ""
8956
8957
#: serverguide/C/security.xml:1439(para)
8958
msgid ""
8959
"You can now submit this CSR file to a CA for processing. The CA will use "
8960
"this CSR file and issue the certificate. On the other hand, you can create "
8961
"self-signed certificate using this CSR."
8962
msgstr ""
8963
8964
#: serverguide/C/security.xml:1447(title)
8965
msgid "Creating a Self-Signed Certificate"
8966
msgstr ""
8967
8968
#: serverguide/C/security.xml:1448(para)
8969
msgid ""
8970
"To create the self-signed certificate, run the following command at a "
8971
"terminal prompt:"
8972
msgstr ""
8973
8974
#: serverguide/C/security.xml:1453(command)
8975
msgid ""
8976
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8977
"server.crt"
8978
msgstr ""
8979
8980
#: serverguide/C/security.xml:1456(para)
8981
msgid ""
8982
"The above command will prompt you to enter the passphrase. Once you enter "
8983
"the correct passphrase, your certificate will be created and it will be "
8984
"stored in the <filename>server.crt</filename> file."
8985
msgstr ""
8986
8987
#: serverguide/C/security.xml:1461(para)
8988
msgid ""
8989
"If your secure server is to be used in a production environment, you "
8990
"probably need a CA-signed certificate. It is not recommended to use self-"
8991
"signed certificate."
8992
msgstr ""
8993
8994
#: serverguide/C/security.xml:1469(title)
8995
msgid "Installing the Certificate"
8996
msgstr ""
8997
8998
#: serverguide/C/security.xml:1471(para)
8999
msgid ""
9000
"You can install the key file <filename>server.key</filename> and certificate "
9001
"file <filename>server.crt</filename>, or the certificate file issued by your "
9002
"CA, by running following commands at a terminal prompt:"
9003
msgstr ""
9004
9005
#: serverguide/C/security.xml:1477(command)
9006
msgid "sudo cp server.crt /etc/ssl/certs"
9007
msgstr ""
9008
9009
#: serverguide/C/security.xml:1478(command)
9010
msgid "sudo cp server.key /etc/ssl/private"
9011
msgstr ""
9012
9013
#: serverguide/C/security.xml:1480(para)
9014
msgid ""
9015
"Now simply configure any applications, with the ability to use public-key "
9016
"cryptography, to use the <emphasis>certificate</emphasis> and "
9017
"<emphasis>key</emphasis> files. For example, "
9018
"<application>Apache</application> can provide HTTPS, "
9019
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
9020
msgstr ""
9021
9022
#: serverguide/C/security.xml:1487(title)
9023
msgid "Certification Authority"
9024
msgstr ""
9025
9026
#: serverguide/C/security.xml:1489(para)
9027
msgid ""
9028
"If the services on your network require more than a few self-signed "
9029
"certificates it may be worth the additional effort to setup your own "
9030
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
9031
"certificates signed by your own CA, allows the various services using the "
9032
"certificates to easily trust other services using certificates issued from "
9033
"the same CA."
9034
msgstr ""
9035
9036
#: serverguide/C/security.xml:1499(para)
9037
msgid ""
9038
"First, create the directories to hold the CA certificate and related files:"
9039
msgstr ""
9040
9041
#: serverguide/C/security.xml:1504(command)
9042
msgid "sudo mkdir /etc/ssl/CA"
9043
msgstr ""
9044
9045
#: serverguide/C/security.xml:1505(command)
9046
msgid "sudo mkdir /etc/ssl/newcerts"
9047
msgstr ""
9048
9049
#: serverguide/C/security.xml:1511(para)
9050
msgid ""
9051
"The CA needs a few additional files to operate, one to keep track of the "
9052
"last serial number used by the CA, each certificate must have a unique "
9053
"serial number, and another file to record which certificates have been "
9054
"issued:"
9055
msgstr ""
9056
9057
#: serverguide/C/security.xml:1518(command)
9058
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
9059
msgstr ""
9060
9061
#: serverguide/C/security.xml:1519(command)
9062
msgid "sudo touch /etc/ssl/CA/index.txt"
9063
msgstr ""
9064
9065
#: serverguide/C/security.xml:1525(para)
9066
msgid ""
9067
"The third file is a CA configuration file. Though not strictly necessary, it "
9068
"is very convenient when issuing multiple certificates. Edit "
9069
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
9070
"]</emphasis> change:"
9071
msgstr ""
9072
9073
#: serverguide/C/security.xml:1531(programlisting)
9074
#, no-wrap
9075
msgid ""
9076
"\n"
9077
"dir = /etc/ssl/ # Where everything is kept\n"
9078
"database = $dir/CA/index.txt # database index file.\n"
9079
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
9080
"serial = $dir/CA/serial # The current serial number\n"
9081
"private_key = $dir/private/cakey.pem# The private key\n"
9082
msgstr ""
9083
9084
#: serverguide/C/security.xml:1542(para)
9085
msgid "Next, create the self-singed root certificate:"
9086
msgstr ""
9087
9088
#: serverguide/C/security.xml:1547(command)
9089
msgid ""
9090
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
9091
"days 3650"
9092
msgstr ""
9093
9094
#: serverguide/C/security.xml:1550(para)
9095
msgid "You will then be asked to enter the details about the certificate."
9096
msgstr ""
9097
9098
#: serverguide/C/security.xml:1557(para)
9099
msgid "Now install the root certificate and key:"
9100
msgstr ""
9101
9102
#: serverguide/C/security.xml:1562(command)
9103
msgid "sudo mv cakey.pem /etc/ssl/private/"
9104
msgstr ""
9105
9106
#: serverguide/C/security.xml:1563(command)
9107
msgid "sudo mv cacert.pem /etc/ssl/certs/"
9108
msgstr ""
9109
9110
#: serverguide/C/security.xml:1569(para)
9111
msgid ""
9112
"You are now ready to start signing certificates. The first item needed is a "
9113
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
9114
"for details. Once you have a CSR, enter the following to generate a "
9115
"certificate signed by the CA:"
9116
msgstr ""
9117
9118
#: serverguide/C/security.xml:1576(command)
9119
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
9120
msgstr ""
9121
9122
#: serverguide/C/security.xml:1579(para)
9123
msgid ""
9124
"After entering the password for the CA key, you will be prompted to sign the "
9125
"certificate, and again to commit the new certificate. You should then see a "
9126
"somewhat large amount of output related to the certificate creation."
9127
msgstr ""
9128
9129
#: serverguide/C/security.xml:1588(para)
9130
msgid ""
9131
"There should now be a new file, "
9132
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
9133
"Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
9134
"</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
9135
"file named after the hostname of the server where the certificate will be "
9136
"installed. For example <filename>mail.example.com.crt</filename>, is a nice "
9137
"descriptive name."
9138
msgstr ""
9139
9140
#: serverguide/C/security.xml:1596(para)
9141
msgid ""
9142
"Subsequent certificates will be named <filename>02.pem</filename>, "
9143
"<filename>03.pem</filename>, etc."
9144
msgstr ""
9145
9146
#: serverguide/C/security.xml:1601(para)
9147
msgid ""
9148
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
9149
"name."
9150
msgstr ""
9151
9152
#: serverguide/C/security.xml:1609(para)
9153
msgid ""
9154
"Finally, copy the new certificate to the host that needs it, and configure "
9155
"the appropriate applications to use it. The default location to install "
9156
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
9157
"enables multiple services to use the same certificate without overly "
9158
"complicated file permissions."
9159
msgstr ""
9160
9161
#: serverguide/C/security.xml:1615(para)
9162
msgid ""
9163
"For applications that can be configured to use a CA certificate, you should "
9164
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
9165
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
9166
"server."
9167
msgstr ""
9168
9169
#: serverguide/C/security.xml:1629(para)
9170
msgid ""
9171
"For more detailed instructions on using cryptography see the <ulink "
9172
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
9173
"Certificates HOWTO</ulink> by tlpd.org"
9174
msgstr ""
9175
9176
#: serverguide/C/security.xml:1635(para)
9177
msgid ""
9178
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
9179
"of Certificate Authorities."
9180
msgstr ""
9181
9182
#: serverguide/C/security.xml:1640(para)
9183
msgid ""
9184
"The Wikipedia <ulink "
9185
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
9186
"information regarding HTTPS."
9187
msgstr ""
9188
9189
#: serverguide/C/security.xml:1645(para)
9190
msgid ""
9191
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
9192
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
9193
msgstr ""
9194
9195
#: serverguide/C/security.xml:1650(para)
9196
msgid ""
9197
"Also, O'Reilly's <ulink "
9198
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
9199
"OpenSSL</ulink> is a good in depth reference."
9200
msgstr ""
9201
9202
#: serverguide/C/security.xml:1659(title)
9203
msgid "eCryptfs"
9204
msgstr ""
9205
9206
#: serverguide/C/security.xml:1661(para)
9207
msgid ""
9208
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
9209
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
9210
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
9211
"filesystem, partition type, etc."
9212
msgstr ""
9213
9214
#: serverguide/C/security.xml:1667(para)
9215
msgid ""
9216
"During installation there is an option to encrypt the <filename "
9217
"role=\"directory\">/home</filename> partition. This will automatically "
9218
"configure everything needed to encrypt and mount the partition."
9219
msgstr ""
9220
9221
#: serverguide/C/security.xml:1672(para)
9222
msgid ""
9223
"As an example, this section will cover configuring <filename "
9224
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
9225
msgstr ""
9226
9227
#: serverguide/C/security.xml:1677(title)
9228
msgid "Using eCryptfs"
9229
msgstr ""
9230
9231
#: serverguide/C/security.xml:1679(para)
9232
msgid "First, install the necessary packages. From a terminal prompt enter:"
9233
msgstr ""
9234
9235
#: serverguide/C/security.xml:1684(command)
9236
msgid "sudo apt-get install ecryptfs-utils"
9237
msgstr ""
9238
9239
#: serverguide/C/security.xml:1687(para)
9240
msgid "Now mount the partition to be encrypted:"
9241
msgstr ""
9242
9243
#: serverguide/C/security.xml:1692(command)
9244
msgid "sudo mount -t ecryptfs /srv /srv"
9245
msgstr ""
9246
9247
#: serverguide/C/security.xml:1695(para)
9248
msgid ""
9249
"You will then be prompted for some details on how "
9250
"<application>ecryptfs</application> should encrypt the data."
9251
msgstr ""
9252
9253
#: serverguide/C/security.xml:1699(para)
9254
msgid ""
9255
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
9256
"copy the <filename>/etc/default</filename> folder to "
9257
"<filename>/srv</filename>:"
9258
msgstr ""
9259
9260
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:192(command)
9261
msgid "sudo cp -r /etc/default /srv"
9262
msgstr ""
9263
9264
#: serverguide/C/security.xml:1708(para)
9265
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
9266
msgstr ""
9267
9268
#: serverguide/C/security.xml:1713(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
9269
msgid "sudo umount /srv"
9270
msgstr ""
9271
9272
#: serverguide/C/security.xml:1714(command)
9273
msgid "cat /srv/default/cron"
9274
msgstr ""
9275
9276
#: serverguide/C/security.xml:1717(para)
9277
msgid ""
9278
"Remounting <filename>/srv</filename> using "
9279
"<application>ecryptfs</application> will make the data viewable once again."
9280
msgstr ""
9281
9282
#: serverguide/C/security.xml:1723(title)
9283
msgid "Automatically Mounting Encrypted Partitions"
9284
msgstr ""
9285
9286
#: serverguide/C/security.xml:1725(para)
9287
msgid ""
9288
"There are a couple of ways to automatically mount an "
9289
"<application>ecryptfs</application> encrypted filesystem at boot. This "
9290
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
9291
"mount options, along with a passphrase file residing on a USB key."
9292
msgstr ""
9293
9294
#: serverguide/C/security.xml:1731(para)
9295
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
9296
msgstr ""
9297
9298
#: serverguide/C/security.xml:1735(programlisting)
9299
#, no-wrap
9300
msgid ""
9301
"\n"
9302
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
9303
"ecryptfs_sig=5826dd62cf81c615\n"
9304
"ecryptfs_cipher=aes\n"
9305
"ecryptfs_key_bytes=16\n"
9306
"ecryptfs_passthrough=n\n"
9307
"ecryptfs_enable_filename_crypto=n\n"
9308
msgstr ""
9309
9310
#: serverguide/C/security.xml:1745(para)
9311
msgid ""
9312
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
9313
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
9314
msgstr ""
9315
9316
#: serverguide/C/security.xml:1750(para)
9317
msgid ""
9318
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
9319
"file:"
9320
msgstr ""
9321
9322
#: serverguide/C/security.xml:1754(programlisting)
9323
#, no-wrap
9324
msgid ""
9325
"\n"
9326
"passphrase_passwd=[secrets]\n"
9327
msgstr ""
9328
9329
#: serverguide/C/security.xml:1758(para)
9330
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
9331
msgstr ""
9332
9333
#: serverguide/C/security.xml:1762(programlisting)
9334
#, no-wrap
9335
msgid ""
9336
"\n"
9337
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
9338
"/srv /srv ecryptfs defaults 0 0\n"
9339
msgstr ""
9340
9341
#: serverguide/C/security.xml:1767(para)
9342
msgid "Make sure the USB drive is mounted before the encrypted partition."
9343
msgstr ""
9344
9345
#: serverguide/C/security.xml:1771(para)
9346
msgid ""
9347
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
9348
"ecryptfs."
9349
msgstr ""
9350
9351
#: serverguide/C/security.xml:1779(para)
9352
msgid ""
9353
"The <application>ecryptfs-utils</application> package includes several other "
9354
"useful utilities:"
9355
msgstr ""
9356
9357
#: serverguide/C/security.xml:1785(para)
9358
msgid ""
9359
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
9360
"<filename>~/Private</filename> directory to contain encrypted information. "
9361
"This utility can be run by unprivileged users to keep data private from "
9362
"other users on the system."
9363
msgstr ""
9364
9365
#: serverguide/C/security.xml:1792(para)
9366
msgid ""
9367
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
9368
"will mount and unmount respectively, a users <filename>~/Private</filename> "
9369
"directory."
9370
msgstr ""
9371
9372
#: serverguide/C/security.xml:1798(para)
9373
msgid ""
9374
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
9375
"kernel keyring."
9376
msgstr ""
9377
9378
#: serverguide/C/security.xml:1803(para)
9379
msgid ""
9380
"<emphasis>ecryptfs-manager:</emphasis> manages "
9381
"<application>eCryptfs</application> objects such as keys."
9382
msgstr ""
9383
9384
#: serverguide/C/security.xml:1808(para)
9385
msgid ""
9386
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
9387
"<application>ecryptfs</application> meta information for a file."
9388
msgstr ""
9389
9390
#: serverguide/C/security.xml:1821(para)
9391
msgid ""
9392
"For more information on eCryptfs see the <ulink "
9393
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
9394
msgstr ""
9395
9396
#: serverguide/C/security.xml:1826(para)
9397
msgid ""
9398
"There is also a <ulink "
9399
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
9400
"article covering eCryptfs."
9401
msgstr ""
9402
9403
#: serverguide/C/security.xml:1831(para)
9404
msgid ""
9405
"Also, for more <application>ecryptfs</application> options see the <ulink "
9406
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9407
"yptfs man page</ulink>."
9408
msgstr ""
9409
9410
#: serverguide/C/security.xml:1837(para)
9411
msgid ""
9412
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9413
"Ubuntu Wiki</ulink> page also has more details."
9414
msgstr ""
9415
9416
#: serverguide/C/reporting-bugs.xml:13(title)
9417
msgid "Appendix"
9418
msgstr ""
9419
9420
#: serverguide/C/reporting-bugs.xml:16(title)
9421
msgid "Reporting Bugs in Ubuntu Server Edition"
9422
msgstr ""
9423
9424
#: serverguide/C/reporting-bugs.xml:18(para)
9425
msgid ""
9426
"While the Ubuntu Project attempts to release software with as few bugs as "
9427
"possible, they do occur. You can help fix these bugs by reporting ones that "
9428
"you find to the project. The Ubuntu Project uses <ulink "
9429
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9430
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9431
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9432
"account</ulink>."
9433
msgstr ""
9434
9435
#: serverguide/C/reporting-bugs.xml:30(title)
9436
msgid "Reporting Bugs With ubuntu-bug"
9437
msgstr ""
9438
9439
#: serverguide/C/reporting-bugs.xml:32(para)
9440
msgid ""
9441
"The preferred way to report a bug is with the <application>ubuntu-"
9442
"bug</application> command. The ubuntu-bug tool gathers information about the "
9443
"system useful to developers in diagnosing the reported problem that will "
9444
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9445
"need to be filed against a specific software package, thus the name of the "
9446
"package that the bug occurs in needs to be given to ubuntu-bug:"
9447
msgstr ""
9448
9449
#: serverguide/C/reporting-bugs.xml:43(command)
9450
msgid "ubuntu-bug PACKAGENAME"
9451
msgstr ""
9452
9453
#: serverguide/C/reporting-bugs.xml:46(para)
9454
msgid ""
9455
"For example, to file a bug against the openssh-server package, you would do:"
9456
msgstr ""
9457
9458
#: serverguide/C/reporting-bugs.xml:51(command)
9459
msgid "ubuntu-bug openssh-server"
9460
msgstr ""
9461
9462
#: serverguide/C/reporting-bugs.xml:54(para)
9463
msgid ""
9464
"You can specify either a binary package or the source package for ubuntu-"
9465
"bug. Again using openssh-server as an example, you could also generate the "
9466
"report against the source package for openssh-server, openssh:"
9467
msgstr ""
9468
9469
#: serverguide/C/reporting-bugs.xml:62(command)
9470
msgid "ubuntu-bug openssh"
9471
msgstr ""
9472
9473
#: serverguide/C/reporting-bugs.xml:66(para)
9474
msgid ""
9475
"See <xref linkend=\"package-management\"/> for more information about "
9476
"packages in Ubuntu."
9477
msgstr ""
9478
9479
#: serverguide/C/reporting-bugs.xml:72(para)
9480
msgid ""
9481
"The ubuntu-bug command will gather information about the system in question, "
9482
"possibly including information specific to the specified package, and then "
9483
"ask you what you would like to do with collected information:"
9484
msgstr ""
9485
9486
#: serverguide/C/reporting-bugs.xml:80(command)
9487
msgid "ubuntu-bug postgresql"
9488
msgstr ""
9489
9490
#: serverguide/C/reporting-bugs.xml:79(screen)
9491
#, no-wrap
9492
msgid ""
9493
"\n"
9494
"<placeholder-1/>\n"
9495
"\n"
9496
"*** Collecting problem information\n"
9497
"\n"
9498
"The collected information can be sent to the developers to improve the\n"
9499
"application. This might take a few minutes.\n"
9500
"..........\n"
9501
"\n"
9502
"*** Send problem report to the developers?\n"
9503
"\n"
9504
"After the problem report has been sent, please fill out the form in the\n"
9505
"automatically opened web browser.\n"
9506
"\n"
9507
"What would you like to do? Your options are:\n"
9508
" S: Send report (1.7 KiB)\n"
9509
" V: View report\n"
9510
" K: Keep report file for sending later or copying to somewhere else\n"
9511
" C: Cancel\n"
9512
"Please choose (S/V/K/C):\n"
9513
msgstr ""
9514
9515
#: serverguide/C/reporting-bugs.xml:101(para)
9516
msgid "The options available are:"
9517
msgstr ""
9518
9519
#: serverguide/C/reporting-bugs.xml:108(para)
9520
msgid ""
9521
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9522
"the collected information to Launchpad as part of the the process of filing "
9523
"a bug report. You will be given the opportunity to describe the situation "
9524
"that led up to the occurrance of the bug."
9525
msgstr ""
9526
9527
#: serverguide/C/reporting-bugs.xml:115(screen)
9528
#, no-wrap
9529
msgid ""
9530
"\n"
9531
"*** Uploading problem information\n"
9532
"\n"
9533
"The collected information is being sent to the bug tracking system.\n"
9534
"This might take a few minutes.\n"
9535
"91%\n"
9536
"\n"
9537
"*** To continue, you must visit the following URL:\n"
9538
"\n"
9539
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9540
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9541
"\n"
9542
"You can launch a browser now, or copy this URL into a browser on another\n"
9543
"computer.\n"
9544
"\n"
9545
"Choices:\n"
9546
" 1: Launch a browser now\n"
9547
" C: Cancel\n"
9548
"Please choose (1/C):\n"
9549
msgstr ""
9550
9551
#: serverguide/C/reporting-bugs.xml:135(para)
9552
msgid ""
9553
"If you choose to start a browser, by default the text based web browser "
9554
"<application>w3m</application> will be used to finish filing the bug report. "
9555
"Alternately, you can copy the given URL to a currently running web browser."
9556
msgstr ""
9557
9558
#: serverguide/C/reporting-bugs.xml:144(para)
9559
msgid ""
9560
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9561
"the collected information to be displayed to the terminal for review."
9562
msgstr ""
9563
9564
#: serverguide/C/reporting-bugs.xml:150(screen)
9565
#, no-wrap
9566
msgid ""
9567
"\n"
9568
"Package: postgresql 8.4.2-2\n"
9569
"PackageArchitecture: all\n"
9570
"Tags: lucid\n"
9571
"ProblemType: Bug\n"
9572
"ProcEnviron:\n"
9573
" LANG=en_US.UTF-8\n"
9574
" SHELL=/bin/bash\n"
9575
"Uname: Linux 2.6.32-16-server x86_64\n"
9576
"Dependencies:\n"
9577
" adduser 3.112ubuntu1\n"
9578
" base-files 5.0.0ubuntu10\n"
9579
" base-passwd 3.5.22\n"
9580
" coreutils 7.4-2ubuntu2\n"
9581
"...\n"
9582
msgstr ""
9583
9584
#: serverguide/C/reporting-bugs.xml:167(para)
9585
msgid ""
9586
"After viewing the report, you will be brought back to the same menu asking "
9587
"what you would like to do with the report."
9588
msgstr ""
9589
9590
#: serverguide/C/reporting-bugs.xml:174(para)
9591
msgid ""
9592
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9593
"File causes the gathered information to be written to a file. This file can "
9594
"then be used to later file a bug report or transferred to a different Ubuntu "
9595
"system for reporting. To submit the report file, simply give it as an "
9596
"argument to the ubuntu-bug command:"
9597
msgstr ""
9598
9599
#: serverguide/C/reporting-bugs.xml:189(userinput)
9600
#, no-wrap
9601
msgid "k"
9602
msgstr ""
9603
9604
#: serverguide/C/reporting-bugs.xml:192(command)
9605
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9606
msgstr ""
9607
9608
#: serverguide/C/reporting-bugs.xml:183(screen)
9609
#, no-wrap
9610
msgid ""
9611
"\n"
9612
"What would you like to do? Your options are:\n"
9613
" S: Send report (1.7 KiB)\n"
9614
" V: View report\n"
9615
" K: Keep report file for sending later or copying to somewhere else\n"
9616
" C: Cancel\n"
9617
"Please choose (S/V/K/C): <placeholder-1/>\n"
9618
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9619
"\n"
9620
"<placeholder-2/>\n"
9621
"\n"
9622
"*** Send problem report to the developers?\n"
9623
"...\n"
9624
msgstr ""
9625
9626
#: serverguide/C/reporting-bugs.xml:200(para)
9627
msgid ""
9628
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9629
"collected information to be discarded."
9630
msgstr ""
9631
9632
#: serverguide/C/reporting-bugs.xml:210(title)
9633
msgid "Reporting Application Crashes"
9634
msgstr ""
9635
9636
#: serverguide/C/reporting-bugs.xml:212(para)
9637
msgid ""
9638
"The software package that provides the ubuntu-bug utility, "
9639
"<application>apport</application>, can be configured to trigger when "
9640
"applications crash. This is disabled by default, as capturing a crash can be "
9641
"resource intensive depending on how much memory the application that crashed "
9642
"was using as apport captures and processes the core dump."
9643
msgstr ""
9644
9645
#: serverguide/C/reporting-bugs.xml:221(para)
9646
msgid ""
9647
"Configuring apport to capture information about crashing applications "
9648
"requires a couple of steps. First, <application>gdb</application> needs to "
9649
"be installed; it is not installed by default in Ubuntu Server Edition."
9650
msgstr ""
9651
9652
#: serverguide/C/reporting-bugs.xml:229(command)
9653
msgid "sudo apt-get install gdb"
9654
msgstr ""
9655
9656
#: serverguide/C/reporting-bugs.xml:232(para)
9657
msgid ""
9658
"See <xref linkend=\"package-management\"/> for more information about "
9659
"managing packages in Ubuntu."
9660
msgstr ""
9661
9662
#: serverguide/C/reporting-bugs.xml:237(para)
9663
msgid ""
9664
"Once you have ensured that gdb is installed, open the file "
9665
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9666
"<emphasis>enabled</emphasis> setting to be <emphasis "
9667
"role=\"bold\">1</emphasis> like so:"
9668
msgstr ""
9669
9670
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9671
#, no-wrap
9672
msgid ""
9673
"\n"
9674
"# set this to 0 to disable apport, or to 1 to enable it\n"
9675
"# you can temporarily override this with\n"
9676
"# sudo service apport start force_start=1\n"
9677
"enabled=<userinput>1</userinput>\n"
9678
"\n"
9679
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9680
"maxsize=209715200\n"
9681
msgstr ""
9682
9683
#: serverguide/C/reporting-bugs.xml:254(para)
9684
msgid ""
9685
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9686
"start the apport service:"
9687
msgstr ""
9688
9689
#: serverguide/C/reporting-bugs.xml:261(command)
9690
msgid "sudo start apport"
9691
msgstr ""
9692
9693
#: serverguide/C/reporting-bugs.xml:264(para)
9694
msgid ""
9695
"After an application crashes, use the <application>apport-cli</application> "
9696
"command to search for the existing saved crash report information:"
9697
msgstr ""
9698
9699
#: serverguide/C/reporting-bugs.xml:271(command)
9700
msgid "apport-cli"
9701
msgstr ""
9702
9703
#: serverguide/C/reporting-bugs.xml:270(screen)
9704
#, no-wrap
9705
msgid ""
9706
"\n"
9707
"<placeholder-1/>\n"
9708
"\n"
9709
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9710
"\n"
9711
"If you were not doing anything confidential (entering passwords or other\n"
9712
"private information), you can help to improve the application by\n"
9713
"reporting\n"
9714
"the problem.\n"
9715
"\n"
9716
"What would you like to do? Your options are:\n"
9717
" R: Report Problem...\n"
9718
" I: Cancel and ignore future crashes of this program version\n"
9719
" C: Cancel\n"
9720
"Please choose (R/I/C):\n"
9721
msgstr ""
9722
9723
#: serverguide/C/reporting-bugs.xml:287(para)
9724
msgid ""
9725
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9726
"steps as when using ubuntu-bug. One important difference is that a crash "
9727
"report will be marked as private when filed on Launchpad, meaning that it "
9728
"will be visible to only a limited set of bug triagers. These triagers will "
9729
"review the gathered data for private information before making the bug "
9730
"report publicly visible."
9731
msgstr ""
9732
9733
#: serverguide/C/reporting-bugs.xml:307(para)
9734
msgid ""
9735
"See the <ulink "
9736
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9737
"Bugs</ulink> Ubuntu wiki page."
9738
msgstr ""
9739
9740
#: serverguide/C/reporting-bugs.xml:313(para)
9741
msgid ""
9742
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9743
"has some useful information. Though some of it pertains to using a GUI."
9744
msgstr ""
9745
9746
#: serverguide/C/remote-administration.xml:13(title)
9747
msgid "Remote Administration"
9748
msgstr ""
9749
9750
#: serverguide/C/remote-administration.xml:14(para)
9751
msgid ""
9752
"There are many ways to remotely administer a Linux server. This chapter will "
9753
"cover one of the most popular <application>SSH</application> as well as "
9754
"<application>eBox</application>, a web based administration framework."
9755
msgstr ""
9756
9757
#: serverguide/C/remote-administration.xml:23(para)
9758
msgid ""
9759
"This section of the Ubuntu Server Guide introduces a powerful collection of "
9760
"tools for the remote control of networked computers and transfer of data "
9761
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
9762
"also learn about some of the configuration settings possible with the "
9763
"OpenSSH server application and how to change them on your Ubuntu system."
9764
msgstr ""
9765
9766
#: serverguide/C/remote-administration.xml:30(para)
9767
msgid ""
9768
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
9769
"family of tools for remotely controlling a computer or transferring files "
9770
"between computers. Traditional tools used to accomplish these functions, "
9771
"such as <application>telnet</application> or <application>rcp</application>, "
9772
"are insecure and transmit the user's password in cleartext when used. "
9773
"OpenSSH provides a server daemon and client tools to facilitate secure, "
9774
"encrypted remote control and file transfer operations, effectively replacing "
9775
"the legacy tools."
9776
msgstr ""
9777
9778
#: serverguide/C/remote-administration.xml:39(para)
9779
msgid ""
9780
"The OpenSSH server component, <application>sshd</application>, listens "
9781
"continuously for client connections from any of the client tools. When a "
9782
"connection request occurs, <application>sshd</application> sets up the "
9783
"correct connection depending on the type of client tool connecting. For "
9784
"example, if the remote computer is connecting with the "
9785
"<application>ssh</application> client application, the OpenSSH server sets "
9786
"up a remote control session after authentication. If a remote user connects "
9787
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
9788
"daemon initiates a secure copy of files between the server and client after "
9789
"authentication. OpenSSH can use many authentication methods, including plain "
9790
"password, public key, and <application>Kerberos</application> tickets."
9791
msgstr ""
9792
9793
#: serverguide/C/remote-administration.xml:53(para)
9794
msgid ""
9795
"Installation of the OpenSSH client and server applications is simple. To "
9796
"install the OpenSSH client applications on your Ubuntu system, use this "
9797
"command at a terminal prompt:"
9798
msgstr ""
9799
9800
#: serverguide/C/remote-administration.xml:59(command)
9801
msgid "sudo apt-get install openssh-client"
9802
msgstr ""
9803
9804
#: serverguide/C/remote-administration.xml:61(para)
9805
msgid ""
9806
"To install the OpenSSH server application, and related support files, use "
9807
"this command at a terminal prompt:"
9808
msgstr ""
9809
9810
#: serverguide/C/remote-administration.xml:66(command)
9811
msgid "sudo apt-get install openssh-server"
9812
msgstr ""
9813
9814
#: serverguide/C/remote-administration.xml:68(para)
9815
msgid ""
9816
"The <application>openssh-server</application> package can also be selected "
9817
"to install during the Server Edition installation process."
9818
msgstr ""
9819
9820
#: serverguide/C/remote-administration.xml:75(para)
9821
msgid ""
9822
"You may configure the default behavior of the OpenSSH server application, "
9823
"<application>sshd</application>, by editing the file "
9824
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
9825
"configuration directives used in this file, you may view the appropriate "
9826
"manual page with the following command, issued at a terminal prompt:"
9827
msgstr ""
9828
9829
#: serverguide/C/remote-administration.xml:83(command)
9830
msgid "man sshd_config"
9831
msgstr ""
9832
9833
#: serverguide/C/remote-administration.xml:85(para)
9834
msgid ""
9835
"There are many directives in the <application>sshd</application> "
9836
"configuration file controlling such things as communication settings and "
9837
"authentication modes. The following are examples of configuration directives "
9838
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
9839
"file."
9840
msgstr ""
9841
9842
#: serverguide/C/remote-administration.xml:92(para)
9843
msgid ""
9844
"Prior to editing the configuration file, you should make a copy of the "
9845
"original file and protect it from writing so you will have the original "
9846
"settings as a reference and to reuse as necessary."
9847
msgstr ""
9848
9849
#: serverguide/C/remote-administration.xml:96(para)
9850
msgid ""
9851
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
9852
"writing with the following commands, issued at a terminal prompt:"
9853
msgstr ""
9854
9855
#: serverguide/C/remote-administration.xml:101(command)
9856
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
9857
msgstr ""
9858
9859
#: serverguide/C/remote-administration.xml:102(command)
9860
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
9861
msgstr ""
9862
9863
#: serverguide/C/remote-administration.xml:104(para)
9864
msgid ""
9865
"The following are examples of configuration directives you may change:"
9866
msgstr ""
9867
9868
#: serverguide/C/remote-administration.xml:109(para)
9869
msgid ""
9870
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
9871
"port 22, change the Port directive as such:"
9872
msgstr ""
9873
9874
#: serverguide/C/remote-administration.xml:113(para)
9875
msgid "Port 2222"
9876
msgstr ""
9877
9878
#: serverguide/C/remote-administration.xml:118(para)
9879
msgid ""
9880
"To have <application>sshd</application> allow public key-based login "
9881
"credentials, simply add or modify the line:"
9882
msgstr ""
9883
9884
#: serverguide/C/remote-administration.xml:122(para)
9885
msgid "PubkeyAuthentication yes"
9886
msgstr ""
9887
9888
#: serverguide/C/remote-administration.xml:125(para)
9889
msgid ""
9890
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
9891
"present, ensure the line is not commented out."
9892
msgstr ""
9893
9894
#: serverguide/C/remote-administration.xml:131(para)
9895
msgid ""
9896
"To make your OpenSSH server display the contents of the "
9897
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
9898
"or modify the line:"
9899
msgstr ""
9900
9901
#: serverguide/C/remote-administration.xml:136(para)
9902
msgid "Banner /etc/issue.net"
9903
msgstr ""
9904
9905
#: serverguide/C/remote-administration.xml:139(para)
9906
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
9907
msgstr ""
9908
9909
#: serverguide/C/remote-administration.xml:144(para)
9910
msgid ""
9911
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
9912
"save the file, and restart the <application>sshd</application> server "
9913
"application to effect the changes using the following command at a terminal "
9914
"prompt:"
9915
msgstr ""
9916
9917
#: serverguide/C/remote-administration.xml:153(para)
9918
msgid ""
9919
"Many other configuration directives for <application>sshd</application> are "
9920
"available for changing the server application's behavior to fit your needs. "
9921
"Be advised, however, if your only method of access to a server is "
9922
"<application>ssh</application>, and you make a mistake in configuring "
9923
"<application>sshd</application> via the "
9924
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
9925
"out of the server upon restarting it, or that the "
9926
"<application>sshd</application> server refuses to start due to an incorrect "
9927
"configuration directive, so be extra careful when editing this file on a "
9928
"remote server."
9929
msgstr ""
9930
9931
#: serverguide/C/remote-administration.xml:168(title)
9932
msgid "SSH Keys"
9933
msgstr ""
9934
9935
#: serverguide/C/remote-administration.xml:169(para)
9936
msgid ""
9937
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
9938
"the need of a password. SSH key authentication uses two keys a "
9939
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
9940
msgstr ""
9941
9942
#: serverguide/C/remote-administration.xml:173(para)
9943
msgid "To generate the keys, from a terminal prompt enter:"
9944
msgstr ""
9945
9946
#: serverguide/C/remote-administration.xml:177(command)
9947
msgid "ssh-keygen -t dsa"
9948
msgstr ""
9949
9950
#: serverguide/C/remote-administration.xml:179(para)
9951
msgid ""
9952
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
9953
"identity of the user. During the process you will be prompted for a "
9954
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
9955
"key."
9956
msgstr ""
9957
9958
#: serverguide/C/remote-administration.xml:183(para)
9959
msgid ""
9960
"By default the <emphasis>public</emphasis> key is saved in the file "
9961
"<filename>~/.ssh/id_dsa.pub</filename>, while "
9962
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
9963
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
9964
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
9965
msgstr ""
9966
9967
#: serverguide/C/remote-administration.xml:189(command)
9968
msgid "ssh-copy-id username@remotehost"
9969
msgstr ""
9970
9971
#: serverguide/C/remote-administration.xml:191(para)
9972
msgid ""
9973
"Finally, double check the permissions on the "
9974
"<filename>authorized_keys</filename> file, only the authenticated user "
9975
"should have read and write permissions. If the permissions are not correct "
9976
"change them by:"
9977
msgstr ""
9978
9979
#: serverguide/C/remote-administration.xml:196(command)
9980
msgid "chmod 600 .ssh/authorized_keys"
9981
msgstr ""
9982
9983
#: serverguide/C/remote-administration.xml:198(para)
9984
msgid ""
9985
"You should now be able to SSH to the host without being prompted for a "
9986
"password."
9987
msgstr ""
9988
9989
#: serverguide/C/remote-administration.xml:207(para)
9990
msgid ""
9991
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
9992
"page."
9993
msgstr ""
9994
9995
#: serverguide/C/remote-administration.xml:213(ulink)
9996
msgid "OpenSSH Website"
9997
msgstr ""
9998
9999
#: serverguide/C/remote-administration.xml:218(ulink)
10000
msgid "Advanced OpenSSH Wiki Page"
10001
msgstr ""
10002
10003
#: serverguide/C/remote-administration.xml:226(title)
10004
msgid "eBox"
10005
msgstr ""
10006
10007
#: serverguide/C/remote-administration.xml:227(para)
10008
msgid ""
10009
"<application>eBox</application> is a web framework used to manage server "
10010
"application configuration. The modular design of eBox allows you to pick and "
10011
"choose which services you want to configure using eBox."
10012
msgstr ""
10013
10014
#: serverguide/C/remote-administration.xml:234(para)
10015
msgid ""
10016
"The different <application>eBox</application> modules are split into "
10017
"different packages, allowing you to only install those necessary. One way to "
10018
"view the available packages is to enter the following from a terminal:"
10019
msgstr ""
10020
10021
#: serverguide/C/remote-administration.xml:240(command)
10022
msgid "apt-cache rdepends ebox | uniq"
10023
msgstr ""
10024
10025
#: serverguide/C/remote-administration.xml:242(para)
10026
msgid ""
10027
"To install the <application>ebox</application> package, which contains the "
10028
"default modules, enter the following:"
10029
msgstr ""
10030
10031
#: serverguide/C/remote-administration.xml:247(command)
10032
msgid "sudo apt-get install ebox"
10033
msgstr ""
10034
10035
#: serverguide/C/remote-administration.xml:250(para)
10036
msgid ""
10037
"During the installation you will be asked to supply a password for the ebox "
10038
"user. After installing eBox the web interface can be accessed from: "
10039
"<emphasis>https://yourserver/ebox</emphasis>."
10040
msgstr ""
10041
10042
#: serverguide/C/remote-administration.xml:259(para)
10043
msgid ""
10044
"An important thing to remember when using <application>eBox</application> is "
10045
"that when configuring most modules there is a <emphasis>Change</emphasis> "
10046
"button that implements the new configuration. After clicking the Change "
10047
"button most, but not all, modules will then need to be "
10048
"<emphasis>Saved</emphasis>. To save the new configuration click on the "
10049
"<quote>Save changes</quote> link in the top right hand corner."
10050
msgstr ""
10051
10052
#: serverguide/C/remote-administration.xml:267(para)
10053
msgid ""
10054
"Once you make a change that requires a Save, the link will change from green "
10055
"to red."
10056
msgstr ""
10057
10058
#: serverguide/C/remote-administration.xml:273(title)
10059
msgid "eBox Modules"
10060
msgstr ""
10061
10062
#: serverguide/C/remote-administration.xml:274(para)
10063
msgid ""
10064
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
10065
"new module is installed it will not be automatically enabled."
10066
msgstr ""
10067
10068
#: serverguide/C/remote-administration.xml:278(para)
10069
msgid ""
10070
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
10071
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
10072
"which modules you would like to enable and click the <quote>Save</quote> "
10073
"link."
10074
msgstr ""
10075
10076
#: serverguide/C/remote-administration.xml:284(title)
10077
msgid "Default Modules"
10078
msgstr ""
10079
10080
#: serverguide/C/remote-administration.xml:285(para)
10081
msgid ""
10082
"This section provides a quick summary of the default "
10083
"<application>eBox</application> modules."
10084
msgstr ""
10085
10086
#: serverguide/C/remote-administration.xml:291(para)
10087
msgid ""
10088
"<emphasis>System:</emphasis> contains options allowing configuration of "
10089
"general eBox items."
10090
msgstr ""
10091
10092
#: serverguide/C/remote-administration.xml:297(para)
10093
msgid ""
10094
"<emphasis>General:</emphasis> allows you to set the language, port number, "
10095
"and contains a change password form."
10096
msgstr ""
10097
10098
#: serverguide/C/remote-administration.xml:303(para)
10099
msgid ""
10100
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
10101
"about disk usage."
10102
msgstr ""
10103
10104
#: serverguide/C/remote-administration.xml:309(para)
10105
msgid ""
10106
"<emphasis>Backup:</emphasis> is used to backup "
10107
"<application>eBox</application> configuration information, and the "
10108
"<emphasis>Full Backup</emphasis> option allows you to save all eBox "
10109
"information not included in the <emphasis>Configuration</emphasis> option "
10110
"such as log files."
10111
msgstr ""
10112
10113
#: serverguide/C/remote-administration.xml:317(para)
10114
msgid ""
10115
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
10116
msgstr ""
10117
10118
#: serverguide/C/remote-administration.xml:322(para)
10119
msgid ""
10120
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
10121
"when reporting bugs to the eBox developers."
10122
msgstr ""
10123
10124
#: serverguide/C/remote-administration.xml:330(para)
10125
msgid ""
10126
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
10127
"queried depending on the purge time configured."
10128
msgstr ""
10129
10130
#: serverguide/C/remote-administration.xml:336(para)
10131
msgid ""
10132
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
10133
"through rss, jabber, and log file."
10134
msgstr ""
10135
10136
#: serverguide/C/remote-administration.xml:343(emphasis)
10137
msgid "Available Events:"
10138
msgstr ""
10139
10140
#: serverguide/C/remote-administration.xml:347(para)
10141
msgid ""
10142
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
10143
"drops below a configured percentage, 10% by default."
10144
msgstr ""
10145
10146
#: serverguide/C/remote-administration.xml:353(para)
10147
msgid ""
10148
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10149
"has logged something."
10150
msgstr ""
10151
10152
#: serverguide/C/remote-administration.xml:359(para)
10153
msgid ""
10154
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
10155
"any issues arise."
10156
msgstr ""
10157
10158
#: serverguide/C/remote-administration.xml:365(para)
10159
msgid ""
10160
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
10161
"times in a short time period."
10162
msgstr ""
10163
10164
#: serverguide/C/remote-administration.xml:371(para)
10165
msgid ""
10166
"<emphasis>State:</emphasis> alerts on the state of "
10167
"<application>eBox</application>, either up or down."
10168
msgstr ""
10169
10170
#: serverguide/C/remote-administration.xml:380(emphasis)
10171
msgid "Dispatchers:"
10172
msgstr ""
10173
10174
#: serverguide/C/remote-administration.xml:384(para)
10175
msgid ""
10176
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
10177
"<application>eBox</application> log file "
10178
"<filename>/var/log/ebox/ebox.log</filename>."
10179
msgstr ""
10180
10181
#: serverguide/C/remote-administration.xml:391(para)
10182
msgid ""
10183
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
10184
"configure it by clicking on the <quote>Configure</quote> icon."
10185
msgstr ""
10186
10187
#: serverguide/C/remote-administration.xml:397(para)
10188
msgid ""
10189
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
10190
"subscribe to the link in order to view event alerts."
10191
msgstr ""
10192
10193
#: serverguide/C/remote-administration.xml:410(title)
10194
msgid "Additional Modules"
10195
msgstr ""
10196
10197
#: serverguide/C/remote-administration.xml:411(para)
10198
msgid ""
10199
"Here is a quick description of other available "
10200
"<application>eBox</application> modules:"
10201
msgstr ""
10202
10203
#: serverguide/C/remote-administration.xml:416(para)
10204
msgid ""
10205
"<emphasis>Network:</emphasis> allows configuration of the server's network "
10206
"options through eBox."
10207
msgstr ""
10208
10209
#: serverguide/C/remote-administration.xml:422(para)
10210
msgid ""
10211
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
10212
msgstr ""
10213
10214
#: serverguide/C/remote-administration.xml:427(para)
10215
msgid ""
10216
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
10217
"groups contained in an <application>OpenLDAP</application> LDAP directory."
10218
msgstr ""
10219
10220
#: serverguide/C/remote-administration.xml:433(para)
10221
msgid ""
10222
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
10223
"server."
10224
msgstr ""
10225
10226
#: serverguide/C/remote-administration.xml:438(para)
10227
msgid ""
10228
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
10229
"server configuration options."
10230
msgstr ""
10231
10232
#: serverguide/C/remote-administration.xml:444(para)
10233
msgid ""
10234
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
10235
"Objects</emphasis>, which allow you to assign a name to an IP address or "
10236
"group of IPs."
10237
msgstr ""
10238
10239
#: serverguide/C/remote-administration.xml:451(para)
10240
msgid ""
10241
"<emphasis>Services:</emphasis> displays configuration information for "
10242
"services that are available to the network."
10243
msgstr ""
10244
10245
#: serverguide/C/remote-administration.xml:457(para)
10246
msgid ""
10247
"<emphasis>Squid:</emphasis> configuration options for the "
10248
"<application>Squid</application> proxy server."
10249
msgstr ""
10250
10251
#: serverguide/C/remote-administration.xml:463(para)
10252
msgid ""
10253
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
10254
msgstr ""
10255
10256
#: serverguide/C/remote-administration.xml:468(para)
10257
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
10258
msgstr ""
10259
10260
#: serverguide/C/remote-administration.xml:473(para)
10261
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
10262
msgstr ""
10263
10264
#: serverguide/C/remote-administration.xml:478(para)
10265
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
10266
msgstr ""
10267
10268
#: serverguide/C/remote-administration.xml:483(para)
10269
msgid ""
10270
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
10271
"Network application."
10272
msgstr ""
10273
10274
#: serverguide/C/remote-administration.xml:494(para)
10275
msgid ""
10276
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10277
"Wiki</ulink> page has more details."
10278
msgstr ""
10279
10280
#: serverguide/C/remote-administration.xml:499(para)
10281
msgid ""
10282
"For more information also see the <ulink url=\"http://ebox-"
10283
"platform.com/\">eBox Home Page</ulink>."
10284
msgstr ""
10285
10286
#: serverguide/C/package-management.xml:13(title)
10287
msgid "Package Management"
10288
msgstr ""
10289
10290
#: serverguide/C/package-management.xml:14(para)
10291
msgid ""
10292
"Ubuntu features a comprehensive package management system for the "
10293
"installation, upgrade, configuration, and removal of software. In addition "
10294
"to providing access to an organized base of over 24,000 software packages "
10295
"for your Ubuntu computer, the package management facilities also feature "
10296
"dependency resolution capabilities and software update checking."
10297
msgstr ""
10298
10299
#: serverguide/C/package-management.xml:16(para)
10300
msgid ""
10301
"Several tools are available for interacting with Ubuntu's package management "
10302
"system, from simple command-line utilities which may be easily automated by "
10303
"system administrators, to a simple graphical interface which is easy to use "
10304
"by those new to Ubuntu."
10305
msgstr ""
10306
10307
#: serverguide/C/package-management.xml:21(para)
10308
msgid ""
10309
"Ubuntu's package management system is derived from the same system used by "
10310
"the Debian GNU/Linux distribution. The package files contain all of the "
10311
"necessary files, meta-data, and instructions to implement a particular "
10312
"functionality or software application on your Ubuntu computer."
10313
msgstr ""
10314
10315
#: serverguide/C/package-management.xml:24(para)
10316
msgid ""
10317
"Debian package files typically have the extension '.deb', and typically "
10318
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
10319
"collections of packages found on various media, such as CD-ROM discs, or "
10320
"online. Packages are normally of the pre-compiled binary format; thus "
10321
"installation is quick and requires no compiling of software."
10322
msgstr ""
10323
10324
#: serverguide/C/package-management.xml:27(para)
10325
msgid ""
10326
"Many complex packages use the concept of <emphasis "
10327
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
10328
"packages required by the principal package in order to function properly. "
10329
"For example, the speech synthesis package "
10330
"<application>Festival</application> depends upon the package "
10331
"<application>libasound2</application>, which is a package supplying the "
10332
"<application>ALSA</application> sound library needed for audio playback. In "
10333
"order for <application>Festival</application> to function, it and all of its "
10334
"dependencies must be installed. The software management tools in Ubuntu will "
10335
"do this automatically."
10336
msgstr ""
10337
10338
#: serverguide/C/package-management.xml:32(title)
10339
msgid "dpkg"
10340
msgstr ""
10341
10342
#: serverguide/C/package-management.xml:34(para)
10343
msgid ""
10344
"<application>dpkg</application> is a package manager for "
10345
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
10346
"packages, but unlike other package management system's it can not "
10347
"automatically download and install packages and their dependencies. This "
10348
"section covers using <application>dpkg</application> to manage locally "
10349
"installed packages:"
10350
msgstr ""
10351
10352
#: serverguide/C/package-management.xml:43(para)
10353
msgid ""
10354
"To list all packages installed on the system, from a terminal prompt enter:"
10355
msgstr ""
10356
10357
#: serverguide/C/package-management.xml:48(command)
10358
msgid "dpkg -l"
10359
msgstr ""
10360
10361
#: serverguide/C/package-management.xml:54(para)
10362
msgid ""
10363
"Depending on the amount of packages on your system, this can generate a "
10364
"large amount of output. Pipe the output through "
10365
"<application>grep</application> to see if a specific package is installed:"
10366
msgstr ""
10367
10368
#: serverguide/C/package-management.xml:60(command)
10369
msgid "dpkg -l | grep apache2"
10370
msgstr ""
10371
10372
#: serverguide/C/package-management.xml:63(para)
10373
msgid ""
10374
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
10375
"package name, or other regular expression."
10376
msgstr ""
10377
10378
#: serverguide/C/package-management.xml:70(para)
10379
msgid ""
10380
"To list the files installed by a package, in this case the "
10381
"<application>ufw</application> package, enter:"
10382
msgstr ""
10383
10384
#: serverguide/C/package-management.xml:75(command)
10385
msgid "dpkg -L ufw"
10386
msgstr ""
10387
10388
#: serverguide/C/package-management.xml:81(para)
10389
msgid ""
10390
"If you are not sure which package installed a file, <application>dpkg -"
10391
"S</application> may be able to tell you. For example:"
10392
msgstr ""
10393
10394
#: serverguide/C/package-management.xml:87(command)
10395
msgid "dpkg -S /etc/host.conf"
10396
msgstr ""
10397
10398
#: serverguide/C/package-management.xml:88(computeroutput)
10399
#, no-wrap
10400
msgid "base-files: /etc/host.conf"
10401
msgstr ""
10402
10403
#: serverguide/C/package-management.xml:91(para)
10404
msgid ""
10405
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
10406
"<application>base-files</application> package."
10407
msgstr ""
10408
10409
#: serverguide/C/package-management.xml:96(para)
10410
msgid ""
10411
"Many files are automatically generated during the package install process, "
10412
"and even though they are on the filesystem <command>dpkg -S</command> may "
10413
"not know which package they belong to."
10414
msgstr ""
10415
10416
#: serverguide/C/package-management.xml:105(para)
10417
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
10418
msgstr ""
10419
10420
#: serverguide/C/package-management.xml:110(command)
10421
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
10422
msgstr ""
10423
10424
#: serverguide/C/package-management.xml:113(para)
10425
msgid ""
10426
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
10427
"the local .deb file."
10428
msgstr ""
10429
10430
#: serverguide/C/package-management.xml:120(para)
10431
msgid "Uninstalling a package can be accomplished by:"
10432
msgstr ""
10433
10434
#: serverguide/C/package-management.xml:125(command)
10435
msgid "sudo dpkg -r zip"
10436
msgstr ""
10437
10438
#: serverguide/C/package-management.xml:129(para)
10439
msgid ""
10440
"Uninstalling packages using <application>dpkg</application>, in most cases, "
10441
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
10442
"manager that handles dependencies, to ensure that the system is in a "
10443
"consistent state. For example using <command>dpkg -r</command> you can "
10444
"remove the <application>zip</application> package, but any packages that "
10445
"depend on it will still be installed and may no longer function correctly."
10446
msgstr ""
10447
10448
#: serverguide/C/package-management.xml:140(para)
10449
msgid ""
10450
"For more <application>dpkg</application> options see the man page: "
10451
"<command>man dpkg</command>."
10452
msgstr ""
10453
10454
#: serverguide/C/package-management.xml:146(title)
10455
msgid "Apt-Get"
10456
msgstr ""
10457
10458
#: serverguide/C/package-management.xml:147(para)
10459
msgid ""
10460
"The <application>apt-get</application> command is a powerful command-line "
10461
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
10462
"(APT) performing such functions as installation of new software packages, "
10463
"upgrade of existing software packages, updating of the package list index, "
10464
"and even upgrading the entire Ubuntu system."
10465
msgstr ""
10466
10467
#: serverguide/C/package-management.xml:150(para)
10468
msgid ""
10469
"Being a simple command-line tool, <application>apt-get</application> has "
10470
"numerous advantages over other package management tools available in Ubuntu "
10471
"for server administrators. Some of these advantages include ease of use over "
10472
"simple terminal connections (SSH) and the ability to be used in system "
10473
"administration scripts, which can in turn be automated by the "
10474
"<application>cron</application> scheduling utility."
10475
msgstr ""
10476
10477
#: serverguide/C/package-management.xml:157(para)
10478
msgid ""
10479
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
10480
"packages using the <application>apt-get</application> tool is quite simple. "
10481
"For example, to install the network scanner <emphasis "
10482
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
10483
"<command>sudo apt-get install nmap</command>\n"
10484
"</screen>"
10485
msgstr ""
10486
10487
#: serverguide/C/package-management.xml:165(para)
10488
msgid ""
10489
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
10490
"packages is also a straightforward and simple process. To remove the nmap "
10491
"package installed in the previous example, type the following: <screen>\n"
10492
"<command>sudo apt-get remove nmap</command>\n"
10493
"</screen>"
10494
msgstr ""
10495
10496
#: serverguide/C/package-management.xml:172(para)
10497
msgid ""
10498
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
10499
"multiple packages to be installed or removed, separated by spaces."
10500
msgstr ""
10501
10502
#: serverguide/C/package-management.xml:175(para)
10503
msgid ""
10504
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
10505
"remove</command> will remove the package configuration files as well. This "
10506
"may or may not be the desired effect so use with caution."
10507
msgstr ""
10508
10509
#: serverguide/C/package-management.xml:181(para)
10510
msgid ""
10511
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
10512
"index is essentially a database of available packages from the repositories "
10513
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
10514
"the local package index with the latest changes made in repositories, type "
10515
"the following: <screen>\n"
10516
"<command>sudo apt-get update</command>\n"
10517
"</screen>"
10518
msgstr ""
10519
10520
#: serverguide/C/package-management.xml:189(para)
10521
msgid ""
10522
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
10523
"versions of packages currently installed on your computer may become "
10524
"available from the package repositories (for example security updates). To "
10525
"upgrade your system, first update your package index as outlined above, and "
10526
"then type: <screen>\n"
10527
"<command>sudo apt-get upgrade</command>\n"
10528
"</screen>"
10529
msgstr ""
10530
10531
#: serverguide/C/package-management.xml:195(para)
10532
msgid ""
10533
"For information on upgrading to a new Ubuntu release see <xref "
10534
"linkend=\"installing-upgrading\"/>."
10535
msgstr ""
10536
10537
#: serverguide/C/package-management.xml:153(para)
10538
msgid ""
10539
"Some examples of popular uses for the <application>apt-get</application> "
10540
"utility: <placeholder-1/>"
10541
msgstr ""
10542
10543
#: serverguide/C/package-management.xml:201(para)
10544
msgid ""
10545
"Actions of the <application>apt-get</application> command, such as "
10546
"installation and removal of packages, are logged in the /var/log/dpkg.log "
10547
"log file."
10548
msgstr ""
10549
10550
#: serverguide/C/package-management.xml:204(para)
10551
msgid ""
10552
"For further information about the use of <application>APT</application>, "
10553
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
10554
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
10555
"help</screen>"
10556
msgstr ""
10557
10558
#: serverguide/C/package-management.xml:208(title)
10559
msgid "Aptitude"
10560
msgstr ""
10561
10562
#: serverguide/C/package-management.xml:209(para)
10563
msgid ""
10564
"<application>Aptitude</application> is a menu-driven, text-based front-end "
10565
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
10566
"the common package management functions, such as installation, removal, and "
10567
"upgrade, are performed in <application>Aptitude</application> with single-"
10568
"key commands, which are typically lowercase letters."
10569
msgstr ""
10570
10571
#: serverguide/C/package-management.xml:212(para)
10572
msgid ""
10573
"<application>Aptitude</application> is best suited for use in a non-"
10574
"graphical terminal environment to ensure proper functioning of the command "
10575
"keys. You may start <application>Aptitude</application> as a normal user "
10576
"with the following command at a terminal prompt: <screen>\n"
10577
"<command>sudo aptitude</command>\n"
10578
"</screen>"
10579
msgstr ""
10580
10581
#: serverguide/C/package-management.xml:219(para)
10582
msgid ""
10583
"When <application>Aptitude</application> starts, you will see a menu bar at "
10584
"the top of the screen and two panes below the menu bar. The top pane "
10585
"contains package categories, such as <emphasis role=\"italics\">New "
10586
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
10587
"Packages</emphasis>. The bottom pane contains information related to the "
10588
"packages and package categories."
10589
msgstr ""
10590
10591
#: serverguide/C/package-management.xml:222(para)
10592
msgid ""
10593
"Using <application>Aptitude</application> for package management is "
10594
"relatively straightforward, and the user interface makes common tasks simple "
10595
"to perform. The following are examples of common package management "
10596
"functions as performed in <application>Aptitude</application>:"
10597
msgstr ""
10598
10599
#: serverguide/C/package-management.xml:226(para)
10600
msgid ""
10601
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
10602
"locate the package via the Not Installed Packages package category, for "
10603
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
10604
"key, and highlight the package you wish to install. After highlighting the "
10605
"package you wish to install, press the <keycap>+</keycap> key, and the "
10606
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
10607
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
10608
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
10609
"again, and you will be prompted to become root to complete the installation. "
10610
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
10611
"your user password to become root. Finally, press <keycap>g</keycap> once "
10612
"more and you'll be prompted to download the package. Press "
10613
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
10614
"prompt, and downloading and installation of the package will commence."
10615
msgstr ""
10616
10617
#: serverguide/C/package-management.xml:230(para)
10618
msgid ""
10619
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
10620
"locate the package via the Installed Packages package category, for example, "
10621
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
10622
"highlight the package you wish to remove. After highlighting the package you "
10623
"wish to install, press the <keycap>-</keycap> key, and the package entry "
10624
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
10625
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
10626
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
10627
"prompted to become root to complete the installation. Press "
10628
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
10629
"user password to become root. Finally, press <keycap>g</keycap> once more, "
10630
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
10631
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
10632
"the package will commence."
10633
msgstr ""
10634
10635
#: serverguide/C/package-management.xml:234(para)
10636
msgid ""
10637
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
10638
"package index, simply press the <keycap>u</keycap> key and you will be "
10639
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
10640
"which will result in a Password: prompt. Enter your user password to become "
10641
"root. Updating of the package index will commence. Press "
10642
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
10643
"presented to complete the process."
10644
msgstr ""
10645
10646
#: serverguide/C/package-management.xml:238(para)
10647
msgid ""
10648
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
10649
"perform the update of the package index as detailed above, and then press "
10650
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
10651
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
10652
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
10653
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
10654
"result in a Password: prompt. Enter your user password to become root. "
10655
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
10656
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
10657
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
10658
"will commence."
10659
msgstr ""
10660
10661
#: serverguide/C/package-management.xml:245(para)
10662
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
10663
msgstr ""
10664
10665
#: serverguide/C/package-management.xml:250(para)
10666
msgid ""
10667
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
10668
"configuration remains on system"
10669
msgstr ""
10670
10671
#: serverguide/C/package-management.xml:254(para)
10672
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
10673
msgstr ""
10674
10675
#: serverguide/C/package-management.xml:258(para)
10676
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
10677
msgstr ""
10678
10679
#: serverguide/C/package-management.xml:262(para)
10680
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
10681
msgstr ""
10682
10683
#: serverguide/C/package-management.xml:266(para)
10684
msgid ""
10685
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
10686
"configured"
10687
msgstr ""
10688
10689
#: serverguide/C/package-management.xml:270(para)
10690
msgid ""
10691
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
10692
"and requires fix"
10693
msgstr ""
10694
10695
#: serverguide/C/package-management.xml:274(para)
10696
msgid ""
10697
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
10698
"requires fix"
10699
msgstr ""
10700
10701
#: serverguide/C/package-management.xml:242(para)
10702
msgid ""
10703
"The first column of information displayed in the package list in the top "
10704
"pane, when actually viewing packages lists the current state of the package, "
10705
"and uses the following key to describe the state of the package: "
10706
"<placeholder-1/>"
10707
msgstr ""
10708
10709
#: serverguide/C/package-management.xml:280(para)
10710
msgid ""
10711
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
10712
"wish to exit. Many other functions are available from the Aptitude menu by "
10713
"pressing the <keycap>F10</keycap> key."
10714
msgstr ""
10715
10716
#: serverguide/C/package-management.xml:285(title)
10717
msgid "Automatic Updates"
10718
msgstr ""
10719
10720
#: serverguide/C/package-management.xml:287(para)
10721
msgid ""
10722
"The <application>unattended-upgrades</application> package can be used to "
10723
"automatically install updated packages, and can be configured to update all "
10724
"packages or just install security updates. First, install the package by "
10725
"entering the following in a terminal:"
10726
msgstr ""
10727
10728
#: serverguide/C/package-management.xml:293(command)
10729
msgid "sudo apt-get install unattended-upgrades"
10730
msgstr ""
10731
10732
#: serverguide/C/package-management.xml:296(para)
10733
msgid ""
10734
"To configure <application>unattended-upgrades</application>, edit "
10735
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
10736
"the following to fit your needs:"
10737
msgstr ""
10738
10739
#: serverguide/C/package-management.xml:301(programlisting)
10740
#, no-wrap
10741
msgid ""
10742
"\n"
10743
"Unattended-Upgrade::Allowed-Origins {\n"
10744
" \"Ubuntu lucid-security\";\n"
10745
"// \"Ubuntu lucid-updates\";\n"
10746
"};\n"
10747
msgstr ""
10748
10749
#: serverguide/C/package-management.xml:308(para)
10750
msgid ""
10751
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
10752
"will not be automatically updated. To blacklist a package, add it to the "
10753
"list:"
10754
msgstr ""
10755
10756
#: serverguide/C/package-management.xml:313(programlisting)
10757
#, no-wrap
10758
msgid ""
10759
"\n"
10760
"Unattended-Upgrade::Package-Blacklist {\n"
10761
"// \"vim\";\n"
10762
"// \"libc6\";\n"
10763
"// \"libc6-dev\";\n"
10764
"// \"libc6-i686\";\n"
10765
"};\n"
10766
msgstr ""
10767
10768
#: serverguide/C/package-management.xml:323(para)
10769
msgid ""
10770
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
10771
"whatever follows \"//\" will not be evaluated."
10772
msgstr ""
10773
10774
#: serverguide/C/package-management.xml:328(para)
10775
msgid ""
10776
"To enable automatic updates, edit "
10777
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10778
"<application>apt</application> configuration options:"
10779
msgstr ""
10780
10781
#: serverguide/C/package-management.xml:332(programlisting)
10782
#, no-wrap
10783
msgid ""
10784
"\n"
10785
"APT::Periodic::Update-Package-Lists \"1\";\n"
10786
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10787
"APT::Periodic::AutocleanInterval \"7\";\n"
10788
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10789
msgstr ""
10790
10791
#: serverguide/C/package-management.xml:339(para)
10792
msgid ""
10793
"The above configuration updates the package list, downloads, and installs "
10794
"available upgrades every day. The local download archive is cleaned every "
10795
"week."
10796
msgstr ""
10797
10798
#: serverguide/C/package-management.xml:345(para)
10799
msgid ""
10800
"You can read more about <application>apt</application> Periodic "
10801
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10802
"header."
10803
msgstr ""
10804
10805
#: serverguide/C/package-management.xml:350(para)
10806
msgid ""
10807
"The results of <application>unattended-upgrades</application> will be logged "
10808
"to <filename>/var/log/unattended-upgrades</filename>."
10809
msgstr ""
10810
10811
#: serverguide/C/package-management.xml:355(title)
10812
msgid "Notifications"
10813
msgstr ""
10814
10815
#: serverguide/C/package-management.xml:357(para)
10816
msgid ""
10817
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
10818
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
10819
"<application>unattended-upgrades</application> to email an administrator "
10820
"detailing any packages that need upgrading or have problems."
10821
msgstr ""
10822
10823
#: serverguide/C/package-management.xml:362(para)
10824
msgid ""
10825
"Another useful package is <application>apticron</application>. "
10826
"<application>apticron</application> will configure a "
10827
"<application>cron</application> job to email an administrator information "
10828
"about any packages on the system that have updates available, as well as a "
10829
"summary of changes in each package."
10830
msgstr ""
10831
10832
#: serverguide/C/package-management.xml:368(para)
10833
msgid ""
10834
"To install the <application>apticron</application> package, in a terminal "
10835
"enter:"
10836
msgstr ""
10837
10838
#: serverguide/C/package-management.xml:373(command)
10839
msgid "sudo apt-get install apticron"
10840
msgstr ""
10841
10842
#: serverguide/C/package-management.xml:376(para)
10843
msgid ""
10844
"Once the package is installed edit "
10845
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
10846
"and other options:"
10847
msgstr ""
10848
10849
#: serverguide/C/package-management.xml:380(programlisting)
10850
#, no-wrap
10851
msgid ""
10852
"\n"
10853
"EMAIL=\"root@example.com\"\n"
10854
msgstr ""
10855
10856
#: serverguide/C/package-management.xml:389(para)
10857
msgid ""
10858
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
10859
"system repositories is stored in the /etc/apt/sources.list configuration "
10860
"file. An example of this file is referenced here, along with information on "
10861
"adding or removing repository references from the file."
10862
msgstr ""
10863
10864
#: serverguide/C/package-management.xml:395(para)
10865
msgid ""
10866
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
10867
"typical <filename>/etc/apt/sources.list</filename> file."
10868
msgstr ""
10869
10870
#: serverguide/C/package-management.xml:399(para)
10871
msgid ""
10872
"You may edit the file to enable repositories or disable them. For example, "
10873
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
10874
"operations occur, simply comment out the appropriate line for the CD-ROM, "
10875
"which appears at the top of the file:"
10876
msgstr ""
10877
10878
#: serverguide/C/package-management.xml:404(screen)
10879
#, no-wrap
10880
msgid ""
10881
"\n"
10882
"# no more prompting for CD-ROM please\n"
10883
"# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
10884
"main restricted\n"
10885
msgstr ""
10886
10887
#: serverguide/C/package-management.xml:410(title)
10888
msgid "Extra Repositories"
10889
msgstr ""
10890
10891
#: serverguide/C/package-management.xml:411(para)
10892
msgid ""
10893
"In addition to the officially supported package repositories available for "
10894
"Ubuntu, there exist additional community-maintained repositories which add "
10895
"thousands more potential packages for installation. Two of the most popular "
10896
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
10897
"repositories. These repositories are not officially supported by Ubuntu, but "
10898
"because they are maintained by the community they generally provide packages "
10899
"which are safe for use with your Ubuntu computer."
10900
msgstr ""
10901
10902
#: serverguide/C/package-management.xml:414(para)
10903
msgid ""
10904
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
10905
"licensing issues that prevent them from being distributed with a free "
10906
"operating system, and they may be illegal in your locality."
10907
msgstr ""
10908
10909
#: serverguide/C/package-management.xml:416(para)
10910
msgid ""
10911
"Be advised that neither the <emphasis>Universe</emphasis> or "
10912
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
10913
"packages. In particular, there may not be security updates for these "
10914
"packages."
10915
msgstr ""
10916
10917
#: serverguide/C/package-management.xml:420(para)
10918
msgid ""
10919
"Many other package sources are available, sometimes even offering only one "
10920
"package, as in the case of package sources provided by the developer of a "
10921
"single application. You should always be very careful and cautious when "
10922
"using non-standard package sources, however. Research the source and "
10923
"packages carefully before performing any installation, as some package "
10924
"sources and their packages could render your system unstable or non-"
10925
"functional in some respects."
10926
msgstr ""
10927
10928
#: serverguide/C/package-management.xml:423(para)
10929
msgid ""
10930
"By default, the <emphasis>Universe</emphasis> and "
10931
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
10932
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
10933
"comment the following lines:"
10934
msgstr ""
10935
10936
#: serverguide/C/package-management.xml:430(programlisting)
10937
#, no-wrap
10938
msgid ""
10939
"\n"
10940
"deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
10941
"deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
10942
"\n"
10943
"deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
10944
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
10945
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
10946
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
10947
"\n"
10948
"deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
10949
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
10950
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
10951
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
10952
"\n"
10953
"deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
10954
"deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
10955
"deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
10956
"deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
10957
msgstr ""
10958
10959
#: serverguide/C/package-management.xml:456(para)
10960
msgid ""
10961
"Most of the material covered in this chapter is available in "
10962
"<application>man</application> pages, many of which are available online."
10963
msgstr ""
10964
10965
#: serverguide/C/package-management.xml:463(para)
10966
msgid ""
10967
"The <ulink "
10968
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
10969
"re</ulink> Ubuntu wiki page has more information."
10970
msgstr ""
10971
10972
#: serverguide/C/package-management.xml:468(para)
10973
msgid ""
10974
"For more <application>dpkg</application> details see the <ulink "
10975
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
10976
"man page</ulink>."
10977
msgstr ""
10978
10979
#: serverguide/C/package-management.xml:474(para)
10980
msgid ""
10981
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
10982
"HOWTO</ulink> and <ulink "
10983
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
10984
"get man page</ulink> contain useful information regarding <application>apt-"
10985
"get</application> usage."
10986
msgstr ""
10987
10988
#: serverguide/C/package-management.xml:481(para)
10989
msgid ""
10990
"See the <ulink "
10991
"url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
10992
"de man page</ulink> for more <application>aptitude</application> options."
10993
msgstr ""
10994
10995
#: serverguide/C/package-management.xml:487(para)
10996
msgid ""
10997
"The <ulink "
10998
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
10999
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
11000
"adding repositories."
11001
msgstr ""
11002
11003
#: serverguide/C/other-apps.xml:13(title)
11004
msgid "Other Useful Applications"
11005
msgstr ""
11006
11007
#: serverguide/C/other-apps.xml:15(para)
11008
msgid ""
11009
"There are many very useful applications developed by the Ubuntu Server Team, "
11010
"and others that are well integrated with Ubuntu Server Edition, that might "
11011
"not be well known. This chapter will showcase some useful applications that "
11012
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
11013
"easier."
11014
msgstr ""
11015
11016
#: serverguide/C/other-apps.xml:23(title)
11017
msgid "pam_motd"
11018
msgstr ""
11019
11020
#: serverguide/C/other-apps.xml:25(para)
11021
msgid ""
11022
"When logging into an Ubuntu server you may have noticed the informative "
11023
"Message Of The Day (MOTD). This information is obtained and displayed using "
11024
"a couple of packages:"
11025
msgstr ""
11026
11027
#: serverguide/C/other-apps.xml:32(para)
11028
msgid ""
11029
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
11030
"<application>landscape-client</application>, which can be used to manage "
11031
"systems using the web based <emphasis>Landscape</emphasis> application. The "
11032
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
11033
"utility which is used to gather the information displayed in the MOTD."
11034
msgstr ""
11035
11036
#: serverguide/C/other-apps.xml:40(para)
11037
msgid ""
11038
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11039
"the MOTD via <application>pam_motd</application> module."
11040
msgstr ""
11041
11042
#: serverguide/C/other-apps.xml:46(para)
11043
msgid ""
11044
"<application>pam_motd</application> executes the scripts in "
11045
"<filename>/etc/update-motd.d</filename> in order based on the number "
11046
"prepended to the script. The output of the scripts is written to "
11047
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11048
"concatenated with <filename>/etc/motd.tail</filename>."
11049
msgstr ""
11050
11051
#: serverguide/C/other-apps.xml:52(para)
11052
msgid ""
11053
"You can add your own dynamic information to the MOTD. For example, to add "
11054
"local weather information:"
11055
msgstr ""
11056
11057
#: serverguide/C/other-apps.xml:58(para)
11058
msgid "First, install the <application>weather-util</application> package:"
11059
msgstr ""
11060
11061
#: serverguide/C/other-apps.xml:63(command)
11062
msgid "sudo apt-get install weather-util"
11063
msgstr ""
11064
11065
#: serverguide/C/other-apps.xml:68(para)
11066
msgid ""
11067
"The <application>weather</application> utility uses METAR data from the "
11068
"National Oceanic and Atmospheric Administration and forecasts from the "
11069
"National Weather Service. In order to find local information you will need "
11070
"the 4-character ICAO location indicator. This can be determined by browsing "
11071
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
11072
"Weather Service</ulink> site."
11073
msgstr ""
11074
11075
#: serverguide/C/other-apps.xml:75(para)
11076
msgid ""
11077
"Although the National Weather Service is a United States government agency "
11078
"there are weather stations available world wide. However, local weather "
11079
"information for all locations outside the U.S. may not be available."
11080
msgstr ""
11081
11082
#: serverguide/C/other-apps.xml:81(para)
11083
msgid ""
11084
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
11085
"script to use <application>weather</application> with your local ICAO "
11086
"indicator:"
11087
msgstr ""
11088
11089
#: serverguide/C/other-apps.xml:86(programlisting)
11090
#, no-wrap
11091
msgid ""
11092
"\n"
11093
"#!/bin/sh\n"
11094
"#\n"
11095
"#\n"
11096
"# Prints the local weather information for the MOTD.\n"
11097
"#\n"
11098
"#\n"
11099
"\n"
11100
"# Replace KINT with your local weather station.\n"
11101
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
11102
"\n"
11103
"echo\n"
11104
"weather -i KINT\n"
11105
"echo\n"
11106
"\n"
11107
msgstr ""
11108
11109
#: serverguide/C/other-apps.xml:104(para)
11110
msgid "Make the script executable:"
11111
msgstr ""
11112
11113
#: serverguide/C/other-apps.xml:109(command)
11114
msgid "sudo chmod 755 /usr/local/bin/local-weather"
11115
msgstr ""
11116
11117
#: serverguide/C/other-apps.xml:113(para)
11118
msgid ""
11119
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
11120
"weather</filename>:"
11121
msgstr ""
11122
11123
#: serverguide/C/other-apps.xml:118(command)
11124
msgid ""
11125
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11126
msgstr ""
11127
11128
#: serverguide/C/other-apps.xml:122(para)
11129
msgid "Finally, exit the server and re-login to view the new MOTD."
11130
msgstr ""
11131
11132
#: serverguide/C/other-apps.xml:128(para)
11133
msgid ""
11134
"You should now be greeted with some useful information, and some information "
11135
"about the local weather that may not be quite so useful. Hopefully the "
11136
"<application>local-weather</application> example demonstrates the "
11137
"flexibility of <application>pam_motd</application>."
11138
msgstr ""
11139
11140
#: serverguide/C/other-apps.xml:136(title)
11141
msgid "etckeeper"
11142
msgstr ""
11143
11144
#: serverguide/C/other-apps.xml:138(para)
11145
msgid ""
11146
"<application>etckeeper</application> allows the contents of <filename "
11147
"role=\"directory\">/etc</filename> be easily stored in Version Control "
11148
"System (VCS) repository. It hooks into <application>apt</application> to "
11149
"automatically commit changes to <filename>/etc</filename> when packages are "
11150
"installed or upgraded. Placing <filename>/etc</filename> under version "
11151
"control is considered an industry best practice, and the goal of "
11152
"<application>etckeeper</application> is to make this process as painless as "
11153
"possible."
11154
msgstr ""
11155
11156
#: serverguide/C/other-apps.xml:146(para)
11157
msgid ""
11158
"Install <application>etckeeper</application> by entering the following in a "
11159
"terminal:"
11160
msgstr ""
11161
11162
#: serverguide/C/other-apps.xml:151(command)
11163
msgid "sudo apt-get install etckeeper"
11164
msgstr ""
11165
11166
#: serverguide/C/other-apps.xml:154(para)
11167
msgid ""
11168
"The main configuration file, "
11169
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
11170
"main option is which VCS to use. By default "
11171
"<application>etckeeper</application> is configured to use "
11172
"<application>bzr</application> for version control. The repository is "
11173
"automatically initialized (and committed for the first time) during package "
11174
"installation. It is possible to undo this by entering the following command:"
11175
msgstr ""
11176
11177
#: serverguide/C/other-apps.xml:164(command)
11178
msgid "sudo etckeeper uninit"
11179
msgstr ""
11180
11181
#: serverguide/C/other-apps.xml:167(para)
11182
msgid ""
11183
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
11184
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
11185
"It will also automatically commit changes before and after package "
11186
"installation. For a more precise tracking of changes, it is recommended to "
11187
"commit your changes manually, together with a commit message, using:"
11188
msgstr ""
11189
11190
#: serverguide/C/other-apps.xml:176(command)
11191
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
11192
msgstr ""
11193
11194
#: serverguide/C/other-apps.xml:179(para)
11195
msgid ""
11196
"Using the VCS commands you can view log information about files in "
11197
"<filename>/etc</filename>:"
11198
msgstr ""
11199
11200
#: serverguide/C/other-apps.xml:184(command)
11201
msgid "sudo bzr log /etc/passwd"
11202
msgstr ""
11203
11204
#: serverguide/C/other-apps.xml:187(para)
11205
msgid ""
11206
"To demonstrate the integration with the package management system, install "
11207
"<application>postfix</application>:"
11208
msgstr ""
11209
11210
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
11211
msgid "sudo apt-get install postfix"
11212
msgstr ""
11213
11214
#: serverguide/C/other-apps.xml:195(para)
11215
msgid ""
11216
"When the installation is finished, all the "
11217
"<application>postfix</application> configuration files should be committed "
11218
"to the repository:"
11219
msgstr ""
11220
11221
#: serverguide/C/other-apps.xml:201(computeroutput)
11222
#, no-wrap
11223
msgid ""
11224
"Committing to: /etc/\n"
11225
"added aliases.db\n"
11226
"modified group\n"
11227
"modified group-\n"
11228
"modified gshadow\n"
11229
"modified gshadow-\n"
11230
"modified passwd\n"
11231
"modified passwd-\n"
11232
"added postfix\n"
11233
"added resolvconf\n"
11234
"added rsyslog.d\n"
11235
"modified shadow\n"
11236
"modified shadow-\n"
11237
"added init.d/postfix\n"
11238
"added network/if-down.d/postfix\n"
11239
"added network/if-up.d/postfix\n"
11240
"added postfix/dynamicmaps.cf\n"
11241
"added postfix/main.cf\n"
11242
"added postfix/master.cf\n"
11243
"added postfix/post-install\n"
11244
"added postfix/postfix-files\n"
11245
"added postfix/postfix-script\n"
11246
"added postfix/sasl\n"
11247
"added ppp/ip-down.d\n"
11248
"added ppp/ip-down.d/postfix\n"
11249
"added ppp/ip-up.d/postfix\n"
11250
"added rc0.d/K20postfix\n"
11251
"added rc1.d/K20postfix\n"
11252
"added rc2.d/S20postfix\n"
11253
"added rc3.d/S20postfix\n"
11254
"added rc4.d/S20postfix\n"
11255
"added rc5.d/S20postfix\n"
11256
"added rc6.d/K20postfix\n"
11257
"added resolvconf/update-libc.d\n"
11258
"added resolvconf/update-libc.d/postfix\n"
11259
"added rsyslog.d/postfix.conf\n"
11260
"added ufw/applications.d/postfix\n"
11261
"Committed revision 2."
11262
msgstr ""
11263
11264
#: serverguide/C/other-apps.xml:241(para)
11265
msgid ""
11266
"For an example of how <application>etckeeper</application> tracks manual "
11267
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
11268
"<application>bzr</application> you can see which files have been modified:"
11269
msgstr ""
11270
11271
#: serverguide/C/other-apps.xml:247(command)
11272
msgid "sudo bzr status /etc/"
11273
msgstr ""
11274
11275
#: serverguide/C/other-apps.xml:248(computeroutput)
11276
#, no-wrap
11277
msgid ""
11278
"modified:\n"
11279
" hosts"
11280
msgstr ""
11281
11282
#: serverguide/C/other-apps.xml:252(para)
11283
msgid "Now commit the changes:"
11284
msgstr ""
11285
11286
#: serverguide/C/other-apps.xml:257(command)
11287
msgid "sudo etckeeper commit \"new host\""
11288
msgstr ""
11289
11290
#: serverguide/C/other-apps.xml:260(para)
11291
msgid ""
11292
"For more information on <application>bzr</application> see <xref "
11293
"linkend=\"bazaar\"/>."
11294
msgstr ""
11295
11296
#: serverguide/C/other-apps.xml:266(title)
11297
msgid "Byobu"
11298
msgstr ""
11299
11300
#: serverguide/C/other-apps.xml:268(para)
11301
msgid ""
11302
"One of the most useful applications for any system administrator is "
11303
"<application>screen</application>. It allows the execution of multiple "
11304
"shells in one terminal. To make some of the advanced "
11305
"<application>screen</application> features more user friendly, and provide "
11306
"some useful information about the system, the "
11307
"<application>byobu</application> package was created."
11308
msgstr ""
11309
11310
#: serverguide/C/other-apps.xml:275(para)
11311
msgid ""
11312
"When executing <application>byobu</application> pressing the "
11313
"<emphasis>F9</emphasis> key will bring up the "
11314
"<application>Configuration</application> menu. This menu will allow you to:"
11315
msgstr ""
11316
11317
#: serverguide/C/other-apps.xml:281(para)
11318
msgid "View the Help menu"
11319
msgstr ""
11320
11321
#: serverguide/C/other-apps.xml:282(para)
11322
msgid "Change Byobu's background color"
11323
msgstr ""
11324
11325
#: serverguide/C/other-apps.xml:283(para)
11326
msgid "Change Byobu's foreground color"
11327
msgstr ""
11328
11329
#: serverguide/C/other-apps.xml:284(para)
11330
msgid "Toggle status notifications"
11331
msgstr ""
11332
11333
#: serverguide/C/other-apps.xml:285(para)
11334
msgid "Change the key binding set"
11335
msgstr ""
11336
11337
#: serverguide/C/other-apps.xml:286(para)
11338
msgid "Change the escape sequence"
11339
msgstr ""
11340
11341
#: serverguide/C/other-apps.xml:287(para)
11342
msgid "Create new windows"
11343
msgstr ""
11344
11345
#: serverguide/C/other-apps.xml:288(para)
11346
msgid "Manage the default windows"
11347
msgstr ""
11348
11349
#: serverguide/C/other-apps.xml:289(para)
11350
msgid "Byobu currently does not launch at login (toggle on)"
11351
msgstr ""
11352
11353
#: serverguide/C/other-apps.xml:292(para)
11354
msgid ""
11355
"The <emphasis>key bindings</emphasis> determine such things as the escape "
11356
"sequence, new window, change window, etc. There are two key binding sets to "
11357
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11358
"keys</emphasis>. If you wish to use the original key bindings choose the "
11359
"<emphasis>none</emphasis> set."
11360
msgstr ""
11361
11362
#: serverguide/C/other-apps.xml:298(para)
11363
msgid ""
11364
"<application>byobu</application> provides a menu which displays the Ubuntu "
11365
"release, processor information, memory information, and the time and date. "
11366
"The effect is similar to a desktop menu."
11367
msgstr ""
11368
11369
#: serverguide/C/other-apps.xml:303(para)
11370
msgid ""
11371
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11372
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11373
"executed any time a terminal is opened. Changes made to "
11374
"<application>byobu</application> are on a per user basis, and will not "
11375
"affect other users on the system."
11376
msgstr ""
11377
11378
#: serverguide/C/other-apps.xml:309(para)
11379
msgid ""
11380
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11381
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11382
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11383
"commands. Here is a quick list of movement commands:"
11384
msgstr ""
11385
11386
#: serverguide/C/other-apps.xml:316(para)
11387
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
11388
msgstr ""
11389
11390
#: serverguide/C/other-apps.xml:317(para)
11391
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
11392
msgstr ""
11393
11394
#: serverguide/C/other-apps.xml:318(para)
11395
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
11396
msgstr ""
11397
11398
#: serverguide/C/other-apps.xml:319(para)
11399
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
11400
msgstr ""
11401
11402
#: serverguide/C/other-apps.xml:320(para)
11403
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
11404
msgstr ""
11405
11406
#: serverguide/C/other-apps.xml:321(para)
11407
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
11408
msgstr ""
11409
11410
#: serverguide/C/other-apps.xml:322(para)
11411
msgid ""
11412
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
11413
"the buffer)"
11414
msgstr ""
11415
11416
#: serverguide/C/other-apps.xml:323(para)
11417
msgid "<emphasis>/</emphasis> - Search forward"
11418
msgstr ""
11419
11420
#: serverguide/C/other-apps.xml:324(para)
11421
msgid "<emphasis>?</emphasis> - Search backward"
11422
msgstr ""
11423
11424
#: serverguide/C/other-apps.xml:325(para)
11425
msgid ""
11426
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
11427
msgstr ""
11428
11429
#: serverguide/C/other-apps.xml:334(para)
11430
msgid ""
11431
"See the <ulink "
11432
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11433
"update-motd man page</ulink> for more options available to "
11434
"<application>update-motd</application>."
11435
msgstr ""
11436
11437
#: serverguide/C/other-apps.xml:340(para)
11438
msgid ""
11439
"The Debian Package of the Day <ulink "
11440
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
11441
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
11442
"details about using the <application>weather</application>utility."
11443
msgstr ""
11444
11445
#: serverguide/C/other-apps.xml:347(para)
11446
msgid ""
11447
"See the <ulink "
11448
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
11449
"more details on using <application>etckeeper</application>."
11450
msgstr ""
11451
11452
#: serverguide/C/other-apps.xml:353(para)
11453
msgid ""
11454
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11455
"Ubuntu Wiki</ulink> page."
11456
msgstr ""
11457
11458
#: serverguide/C/other-apps.xml:358(para)
11459
msgid ""
11460
"For the latest news and information about <application>bzr</application> see "
11461
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
11462
msgstr ""
11463
11464
#: serverguide/C/other-apps.xml:363(para)
11465
msgid ""
11466
"For more information on <application>screen</application> see the <ulink "
11467
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
11468
msgstr ""
11469
11470
#: serverguide/C/other-apps.xml:368(para)
11471
msgid ""
11472
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11473
"screen</ulink> page."
11474
msgstr ""
11475
11476
#: serverguide/C/other-apps.xml:373(para)
11477
msgid ""
11478
"Also, see the <application>byobu</application><ulink "
11479
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
11480
"information."
11481
msgstr ""
11482
11483
#: serverguide/C/network-config.xml:14(para)
11484
msgid ""
11485
"Networks consist of two or more devices, such as computer systems, printers, "
11486
"and related equipment which are connected by either physical cabling or "
11487
"wireless links for the purpose of sharing and distributing information among "
11488
"the connected devices."
11489
msgstr ""
11490
11491
#: serverguide/C/network-config.xml:20(para)
11492
msgid ""
11493
"This section provides general and specific information pertaining to "
11494
"networking, including an overview of network concepts and detailed "
11495
"discussion of popular network protocols."
11496
msgstr ""
11497
11498
#: serverguide/C/network-config.xml:27(title)
11499
msgid "Network Configuration"
11500
msgstr ""
11501
11502
#: serverguide/C/network-config.xml:28(para)
11503
msgid ""
11504
"Ubuntu ships with a number of graphical utilities to configure your network "
11505
"devices. This document is geared toward server administrators and will focus "
11506
"on managing your network on the command line."
11507
msgstr ""
11508
11509
#: serverguide/C/network-config.xml:35(title)
11510
msgid "Ethernet Interfaces"
11511
msgstr ""
11512
11513
#: serverguide/C/network-config.xml:36(para)
11514
msgid ""
11515
"Ethernet interfaces are identified by the system using the naming convention "
11516
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11517
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11518
"interface is typically identified as <emphasis "
11519
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11520
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11521
"order."
11522
msgstr ""
11523
11524
#: serverguide/C/network-config.xml:46(title)
11525
msgid "Identify Ethernet Interfaces"
11526
msgstr ""
11527
11528
#: serverguide/C/network-config.xml:47(para)
11529
msgid ""
11530
"To quickly identify all available Ethernet interfaces, you can use the "
11531
"<application>ifconfig</application> command as shown below."
11532
msgstr ""
11533
11534
#: serverguide/C/network-config.xml:52(userinput)
11535
#, no-wrap
11536
msgid "ifconfig -a | grep eth"
11537
msgstr ""
11538
11539
#: serverguide/C/network-config.xml:51(screen)
11540
#, no-wrap
11541
msgid ""
11542
"\n"
11543
"<placeholder-1/>\n"
11544
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11545
msgstr ""
11546
11547
#: serverguide/C/network-config.xml:55(para)
11548
msgid ""
11549
"Another application that can help identify all network interfaces available "
11550
"to your system is the <application>lshw</application> command. In the "
11551
"example below, <application>lshw</application> shows a single Ethernet "
11552
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11553
"along with bus information, driver details and all supported capabilities."
11554
msgstr ""
11555
11556
#: serverguide/C/network-config.xml:62(userinput)
11557
#, no-wrap
11558
msgid "sudo lshw -class network"
11559
msgstr ""
11560
11561
#: serverguide/C/network-config.xml:61(screen)
11562
#, no-wrap
11563
msgid ""
11564
"\n"
11565
"<placeholder-1/>\n"
11566
" *-network\n"
11567
" description: Ethernet interface\n"
11568
" product: BCM4401-B0 100Base-TX\n"
11569
" vendor: Broadcom Corporation\n"
11570
" physical id: 0\n"
11571
" bus info: pci@0000:03:00.0\n"
11572
" logical name: eth0\n"
11573
" version: 02\n"
11574
" serial: 00:15:c5:4a:16:5a\n"
11575
" size: 10MB/s\n"
11576
" capacity: 100MB/s\n"
11577
" width: 32 bits\n"
11578
" clock: 33MHz\n"
11579
" capabilities: (snipped for brevity)\n"
11580
" configuration: (snipped for brevity)\n"
11581
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11582
msgstr ""
11583
11584
#: serverguide/C/network-config.xml:83(title)
11585
msgid "Ethernet Interface Logical Names"
11586
msgstr ""
11587
11588
#: serverguide/C/network-config.xml:84(para)
11589
msgid ""
11590
"Interface logical names are configured in the file "
11591
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11592
"like control which interface receives a particular logical name, find the "
11593
"line matching the interfaces physical MAC address and modify the value of "
11594
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11595
"Reboot the system to commit your changes."
11596
msgstr ""
11597
11598
#: serverguide/C/network-config.xml:92(programlisting)
11599
#, no-wrap
11600
msgid ""
11601
"\n"
11602
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11603
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11604
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11605
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11606
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11607
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11608
msgstr ""
11609
11610
#: serverguide/C/network-config.xml:99(title)
11611
msgid "Ethernet Interface Settings"
11612
msgstr ""
11613
11614
#: serverguide/C/network-config.xml:100(para)
11615
msgid ""
11616
"<application>ethtool</application> is a program that displays and changes "
11617
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11618
"and Wake-on-LAN. It is not installed by default, but is available for "
11619
"installation in the repositories."
11620
msgstr ""
11621
11622
#: serverguide/C/network-config.xml:106(userinput)
11623
#, no-wrap
11624
msgid "sudo apt-get install ethtool"
11625
msgstr ""
11626
11627
#: serverguide/C/network-config.xml:108(para)
11628
msgid ""
11629
"The following is an example of how to view supported features and configured "
11630
"settings of an Ethernet interface."
11631
msgstr ""
11632
11633
#: serverguide/C/network-config.xml:113(userinput)
11634
#, no-wrap
11635
msgid "sudo ethtool eth0"
11636
msgstr ""
11637
11638
#: serverguide/C/network-config.xml:112(screen)
11639
#, no-wrap
11640
msgid ""
11641
"\n"
11642
"<placeholder-1/>\n"
11643
"Settings for eth0:\n"
11644
" Supported ports: [ TP ]\n"
11645
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11646
" 100baseT/Half 100baseT/Full \n"
11647
" 1000baseT/Half 1000baseT/Full \n"
11648
" Supports auto-negotiation: Yes\n"
11649
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11650
" 100baseT/Half 100baseT/Full \n"
11651
" 1000baseT/Half 1000baseT/Full \n"
11652
" Advertised auto-negotiation: Yes\n"
11653
" Speed: 1000Mb/s\n"
11654
" Duplex: Full\n"
11655
" Port: Twisted Pair\n"
11656
" PHYAD: 1\n"
11657
" Transceiver: internal\n"
11658
" Auto-negotiation: on\n"
11659
" Supports Wake-on: g\n"
11660
" Wake-on: d\n"
11661
" Current message level: 0x000000ff (255)\n"
11662
" Link detected: yes\n"
11663
msgstr ""
11664
11665
#: serverguide/C/network-config.xml:135(para)
11666
msgid ""
11667
"Changes made with the <application>ethtool</application> command are "
11668
"temporary and will be lost after a reboot. If you would like to retain "
11669
"settings, simply add the desired <application>ethtool</application> command "
11670
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11671
"configuration file <filename>/etc/network/interfaces</filename>."
11672
msgstr ""
11673
11674
#: serverguide/C/network-config.xml:141(para)
11675
msgid ""
11676
"The following is an example of how the interface identified as <emphasis "
11677
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11678
"speed of 1000Mb/s running in full duplex mode."
11679
msgstr ""
11680
11681
#: serverguide/C/network-config.xml:145(programlisting)
11682
#, no-wrap
11683
msgid ""
11684
"\n"
11685
"auto eth0\n"
11686
"iface eth0 inet static\n"
11687
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11688
msgstr ""
11689
11690
#: serverguide/C/network-config.xml:151(para)
11691
msgid ""
11692
"Although the example above shows the interface configured to use the "
11693
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11694
"other methods as well, such as DHCP. The example is meant to demonstrate "
11695
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11696
"statement in relation to the rest of the interface configuration."
11697
msgstr ""
11698
11699
#: serverguide/C/network-config.xml:163(title)
11700
msgid "IP Addressing"
11701
msgstr ""
11702
11703
#: serverguide/C/network-config.xml:164(para)
11704
msgid ""
11705
"The following section describes the process of configuring your systems IP "
11706
"address and default gateway needed for communicating on a local area network "
11707
"and the Internet."
11708
msgstr ""
11709
11710
#: serverguide/C/network-config.xml:171(title)
11711
msgid "Temporary IP Address Assignment"
11712
msgstr ""
11713
11714
#: serverguide/C/network-config.xml:172(para)
11715
msgid ""
11716
"For temporary network configurations, you can use standard commands such as "
11717
"<application>ip</application>, <application>ifconfig</application> and "
11718
"<application>route</application>, which are also found on most other "
11719
"GNU/Linux operating systems. These commands allow you to configure settings "
11720
"which take effect immediately, however they are not persistent and will be "
11721
"lost after a reboot."
11722
msgstr ""
11723
11724
#: serverguide/C/network-config.xml:180(para)
11725
msgid ""
11726
"To temporarily configure an IP address, you can use the "
11727
"<application>ifconfig</application> command in the following manner. Just "
11728
"modify the IP address and subnet mask to match your network requirements."
11729
msgstr ""
11730
11731
#: serverguide/C/network-config.xml:186(userinput)
11732
#, no-wrap
11733
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11734
msgstr ""
11735
11736
#: serverguide/C/network-config.xml:188(para)
11737
msgid ""
11738
"To verify the IP address configuration of <application>eth0</application>, "
11739
"you can use the <application>ifconfig</application> command in the following "
11740
"manner."
11741
msgstr ""
11742
11743
#: serverguide/C/network-config.xml:193(userinput)
11744
#, no-wrap
11745
msgid "ifconfig eth0"
11746
msgstr ""
11747
11748
#: serverguide/C/network-config.xml:192(screen)
11749
#, no-wrap
11750
msgid ""
11751
"\n"
11752
"<placeholder-1/>\n"
11753
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11754
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11755
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11756
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11757
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11758
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11759
" collisions:0 txqueuelen:1000 \n"
11760
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11761
" Interrupt:16 \n"
11762
msgstr ""
11763
11764
#: serverguide/C/network-config.xml:204(para)
11765
msgid ""
11766
"To configure a default gateway, you can use the "
11767
"<application>route</application> command in the following manner. Modify the "
11768
"default gateway address to match your network requirements."
11769
msgstr ""
11770
11771
#: serverguide/C/network-config.xml:210(userinput)
11772
#, no-wrap
11773
msgid "sudo route add default gw 10.0.0.1 eth0"
11774
msgstr ""
11775
11776
#: serverguide/C/network-config.xml:212(para)
11777
msgid ""
11778
"To verify your default gateway configuration, you can use the "
11779
"<application>route</application> command in the following manner."
11780
msgstr ""
11781
11782
#: serverguide/C/network-config.xml:217(userinput)
11783
#, no-wrap
11784
msgid "route -n"
11785
msgstr ""
11786
11787
#: serverguide/C/network-config.xml:216(screen)
11788
#, no-wrap
11789
msgid ""
11790
"\n"
11791
"<placeholder-1/>\n"
11792
"Kernel IP routing table\n"
11793
"Destination Gateway Genmask Flags Metric Ref Use "
11794
"Iface\n"
11795
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11796
"eth0\n"
11797
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11798
"eth0\n"
11799
msgstr ""
11800
11801
#: serverguide/C/network-config.xml:223(para)
11802
msgid ""
11803
"If you require DNS for your temporary network configuration, you can add DNS "
11804
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11805
"example below shows how to enter two DNS servers to "
11806
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11807
"appropriate for your network. A more lengthy description of DNS client "
11808
"configuration is in a following section."
11809
msgstr ""
11810
11811
#: serverguide/C/network-config.xml:230(programlisting)
11812
#, no-wrap
11813
msgid ""
11814
"\n"
11815
"nameserver 8.8.8.8\n"
11816
"nameserver 8.8.4.4\n"
11817
msgstr ""
11818
11819
#: serverguide/C/network-config.xml:234(para)
11820
msgid ""
11821
"If you no longer need this configuration and wish to purge all IP "
11822
"configuration from an interface, you can use the "
11823
"<application>ip</application> command with the flush option as shown below."
11824
msgstr ""
11825
11826
#: serverguide/C/network-config.xml:240(userinput)
11827
#, no-wrap
11828
msgid "ip addr flush eth0"
11829
msgstr ""
11830
11831
#: serverguide/C/network-config.xml:243(para)
11832
msgid ""
11833
"Flushing the IP configuration using the <application>ip</application> "
11834
"command does not clear the contents of "
11835
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11836
"entries manually."
11837
msgstr ""
11838
11839
#: serverguide/C/network-config.xml:251(title)
11840
msgid "Dynamic IP Address Assignment (DHCP Client)"
11841
msgstr ""
11842
11843
#: serverguide/C/network-config.xml:252(para)
11844
msgid ""
11845
"To configure your server to use DHCP for dynamic address assignment, add the "
11846
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11847
"statement for the appropriate interface in the file "
11848
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11849
"are configuring your first Ethernet interface identified as <emphasis "
11850
"role=\"italic\">eth0</emphasis>."
11851
msgstr ""
11852
11853
#: serverguide/C/network-config.xml:259(programlisting)
11854
#, no-wrap
11855
msgid ""
11856
"\n"
11857
"auto eth0\n"
11858
"iface eth0 inet dhcp\n"
11859
msgstr ""
11860
11861
#: serverguide/C/network-config.xml:263(para)
11862
msgid ""
11863
"By adding an interface configuration as shown above, you can manually enable "
11864
"the interface through the <application>ifup</application> command which "
11865
"initiates the DHCP process via <application>dhclient</application>."
11866
msgstr ""
11867
11868
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11869
#, no-wrap
11870
msgid "sudo ifup eth0"
11871
msgstr ""
11872
11873
#: serverguide/C/network-config.xml:271(para)
11874
msgid ""
11875
"To manually disable the interface, you can use the "
11876
"<application>ifdown</application> command, which in turn will initiate the "
11877
"DHCP release process and shut down the interface."
11878
msgstr ""
11879
11880
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11881
#, no-wrap
11882
msgid "sudo ifdown eth0"
11883
msgstr ""
11884
11885
#: serverguide/C/network-config.xml:282(title)
11886
msgid "Static IP Address Assignment"
11887
msgstr ""
11888
11889
#: serverguide/C/network-config.xml:283(para)
11890
msgid ""
11891
"To configure your system to use a static IP address assignment, add the "
11892
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11893
"family statement for the appropriate interface in the file "
11894
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11895
"are configuring your first Ethernet interface identified as <emphasis "
11896
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11897
"role=\"italic\">address</emphasis>, <emphasis "
11898
"role=\"italic\">netmask</emphasis>, and <emphasis "
11899
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11900
"network."
11901
msgstr ""
11902
11903
#: serverguide/C/network-config.xml:292(programlisting)
11904
#, no-wrap
11905
msgid ""
11906
"\n"
11907
"auto eth0\n"
11908
"iface eth0 inet static\n"
11909
"address 10.0.0.100\n"
11910
"netmask 255.255.255.0\n"
11911
"gateway 10.0.0.1\n"
11912
msgstr ""
11913
11914
#: serverguide/C/network-config.xml:299(para)
11915
msgid ""
11916
"By adding an interface configuration as shown above, you can manually enable "
11917
"the interface through the <application>ifup</application> command."
11918
msgstr ""
11919
11920
#: serverguide/C/network-config.xml:306(para)
11921
msgid ""
11922
"To manually disable the interface, you can use the "
11923
"<application>ifdown</application> command."
11924
msgstr ""
11925
11926
#: serverguide/C/network-config.xml:316(title)
11927
msgid "Loopback Interface"
11928
msgstr ""
11929
11930
#: serverguide/C/network-config.xml:317(para)
11931
msgid ""
11932
"The loopback interface is identified by the system as <emphasis "
11933
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11934
"can be viewed using the ifconfig command."
11935
msgstr ""
11936
11937
#: serverguide/C/network-config.xml:322(userinput)
11938
#, no-wrap
11939
msgid "ifconfig lo"
11940
msgstr ""
11941
11942
#: serverguide/C/network-config.xml:321(screen)
11943
#, no-wrap
11944
msgid ""
11945
"\n"
11946
"<placeholder-1/>\n"
11947
"lo Link encap:Local Loopback \n"
11948
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
11949
" inet6 addr: ::1/128 Scope:Host\n"
11950
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
11951
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
11952
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
11953
" collisions:0 txqueuelen:0 \n"
11954
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
11955
msgstr ""
11956
11957
#: serverguide/C/network-config.xml:332(para)
11958
msgid ""
11959
"By default, there should be two lines in "
11960
"<filename>/etc/network/interfaces</filename> responsible for automatically "
11961
"configuring your loopback interface. It is recommended that you keep the "
11962
"default settings unless you have a specific purpose for changing them. An "
11963
"example of the two default lines are shown below."
11964
msgstr ""
11965
11966
#: serverguide/C/network-config.xml:338(programlisting)
11967
#, no-wrap
11968
msgid ""
11969
"\n"
11970
"auto lo\n"
11971
"iface lo inet loopback\n"
11972
msgstr ""
11973
11974
#: serverguide/C/network-config.xml:347(title)
11975
msgid "Name Resolution"
11976
msgstr ""
11977
11978
#: serverguide/C/network-config.xml:348(para)
11979
msgid ""
11980
"Name resolution as it relates to IP networking is the process of mapping IP "
11981
"addresses to hostnames, making it easier to identify resources on a network. "
11982
"The following section will explain how to properly configure your system for "
11983
"name resolution using DNS and static hostname records."
11984
msgstr ""
11985
11986
#: serverguide/C/network-config.xml:356(title)
11987
msgid "DNS Client Configuration"
11988
msgstr ""
11989
11990
#: serverguide/C/network-config.xml:357(para)
11991
msgid ""
11992
"To configure your system to use DNS for name resolution, add the IP "
11993
"addresses of the DNS servers that are appropriate for your network in the "
11994
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
11995
"suffix search-lists to match your network domain names."
11996
msgstr ""
11997
11998
#: serverguide/C/network-config.xml:362(para)
11999
msgid ""
12000
"Below is an example of a typical configuration of "
12001
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12002
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12003
msgstr ""
12004
12005
#: serverguide/C/network-config.xml:367(programlisting)
12006
#, no-wrap
12007
msgid ""
12008
"\n"
12009
"search example.com\n"
12010
"nameserver 8.8.8.8\n"
12011
"nameserver 8.8.4.4\n"
12012
msgstr ""
12013
12014
#: serverguide/C/network-config.xml:372(para)
12015
msgid ""
12016
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12017
"multiple domain names so that DNS queries will be appended in the order in "
12018
"which they are entered. For example, your network may have multiple sub-"
12019
"domains to search; a parent domain of <emphasis "
12020
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12021
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12022
"role=\"italic\">dev.example.com</emphasis>."
12023
msgstr ""
12024
12025
#: serverguide/C/network-config.xml:380(para)
12026
msgid ""
12027
"If you have multiple domains you wish to search, your configuration might "
12028
"look like the following."
12029
msgstr ""
12030
12031
#: serverguide/C/network-config.xml:383(programlisting)
12032
#, no-wrap
12033
msgid ""
12034
"\n"
12035
"search example.com sales.example.com dev.example.com\n"
12036
"nameserver 8.8.8.8\n"
12037
"nameserver 8.8.4.4\n"
12038
msgstr ""
12039
12040
#: serverguide/C/network-config.xml:388(para)
12041
msgid ""
12042
"If you try to ping a host with the name of <emphasis "
12043
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12044
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12045
msgstr ""
12046
12047
#: serverguide/C/network-config.xml:394(para)
12048
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12049
msgstr ""
12050
12051
#: serverguide/C/network-config.xml:399(para)
12052
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12053
msgstr ""
12054
12055
#: serverguide/C/network-config.xml:404(para)
12056
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12057
msgstr ""
12058
12059
#: serverguide/C/network-config.xml:409(para)
12060
msgid ""
12061
"If no matches are found, the DNS server will provide a result of <emphasis "
12062
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12063
msgstr ""
12064
12065
#: serverguide/C/network-config.xml:416(title)
12066
msgid "Static Hostnames"
12067
msgstr ""
12068
12069
#: serverguide/C/network-config.xml:417(para)
12070
msgid ""
12071
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12072
"file <filename>/etc/hosts</filename>. Entries in the "
12073
"<filename>hosts</filename> file will have precedence over DNS by default. "
12074
"This means that if your system tries to resolve a hostname and it matches an "
12075
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12076
"some configurations, especially when Internet access is not required, "
12077
"servers that communicate with a limited number of resources can be "
12078
"conveniently set to use static hostnames instead of DNS."
12079
msgstr ""
12080
12081
#: serverguide/C/network-config.xml:424(para)
12082
msgid ""
12083
"The following is an example of a <filename>hosts</filename> file where a "
12084
"number of local servers have been identified by simple hostnames, aliases "
12085
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12086
msgstr ""
12087
12088
#: serverguide/C/network-config.xml:428(programlisting)
12089
#, no-wrap
12090
msgid ""
12091
"\n"
12092
"127.0.0.1\tlocalhost\n"
12093
"127.0.1.1\tubuntu-server\n"
12094
"10.0.0.11\tserver1 vpn server1.example.com\n"
12095
"10.0.0.12\tserver2 mail server2.example.com\n"
12096
"10.0.0.13\tserver3 www server3.example.com\n"
12097
"10.0.0.14\tserver4 file server4.example.com\n"
12098
msgstr ""
12099
12100
#: serverguide/C/network-config.xml:437(para)
12101
msgid ""
12102
"In the above example, notice that each of the servers have been given "
12103
"aliases in addition to their proper names and FQDN's. <emphasis "
12104
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12105
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12106
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12107
"role=\"italic\">server3</emphasis> as <emphasis "
12108
"role=\"italic\">www</emphasis>, and <emphasis "
12109
"role=\"italic\">server4</emphasis> as <emphasis "
12110
"role=\"italic\">file</emphasis>."
12111
msgstr ""
12112
12113
#: serverguide/C/network-config.xml:449(title)
12114
msgid "Name Service Switch Configuration"
12115
msgstr ""
12116
12117
#: serverguide/C/network-config.xml:450(para)
12118
msgid ""
12119
"The order in which your system selects a method of resolving hostnames to IP "
12120
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12121
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12122
"section, typically static hostnames defined in the systems "
12123
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12124
"from DNS. The following is an example of the line responsible for this order "
12125
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12126
msgstr ""
12127
12128
#: serverguide/C/network-config.xml:458(programlisting)
12129
#, no-wrap
12130
msgid ""
12131
"\n"
12132
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12133
msgstr ""
12134
12135
#: serverguide/C/network-config.xml:464(para)
12136
msgid ""
12137
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12138
"hostnames located in <filename>/etc/hosts</filename>."
12139
msgstr ""
12140
12141
#: serverguide/C/network-config.xml:470(para)
12142
msgid ""
12143
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12144
"name using Multicast DNS."
12145
msgstr ""
12146
12147
#: serverguide/C/network-config.xml:475(para)
12148
msgid ""
12149
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12150
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12151
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12152
"authoritative and that the system should not try to continue hunting for an "
12153
"answer."
12154
msgstr ""
12155
12156
#: serverguide/C/network-config.xml:483(para)
12157
msgid ""
12158
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12159
msgstr ""
12160
12161
#: serverguide/C/network-config.xml:488(para)
12162
msgid ""
12163
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12164
msgstr ""
12165
12166
#: serverguide/C/network-config.xml:494(para)
12167
msgid ""
12168
"To modify the order of the above mentioned name resolution methods, you can "
12169
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12170
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12171
"versus Multicast DNS, you can change the string in "
12172
"<filename>/etc/nsswitch.conf</filename> as shown below."
12173
msgstr ""
12174
12175
#: serverguide/C/network-config.xml:501(programlisting)
12176
#, no-wrap
12177
msgid ""
12178
"\n"
12179
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12180
msgstr ""
12181
12182
#: serverguide/C/network-config.xml:508(title)
12183
msgid "Bridging"
12184
msgstr ""
12185
12186
#: serverguide/C/network-config.xml:510(para)
12187
msgid ""
12188
"Bridging multiple interfaces is a more advanced configuration, but is very "
12189
"useful in multiple scenarios. One scenario is setting up a bridge with "
12190
"multiple network interfaces, then using a firewall to filter traffic between "
12191
"two network segments. Another scenario is using bridge on a system with one "
12192
"interface to allow virtual machines direct access to the outside network. "
12193
"The following example covers the latter scenario."
12194
msgstr ""
12195
12196
#: serverguide/C/network-config.xml:517(para)
12197
msgid ""
12198
"Before configuring a bridge you will need to install the <application>bridge-"
12199
"utils</application> package. To install the package, in a terminal enter:"
12200
msgstr ""
12201
12202
#: serverguide/C/network-config.xml:523(command)
12203
msgid "sudo apt-get install bridge-utils"
12204
msgstr ""
12205
12206
#: serverguide/C/network-config.xml:526(para)
12207
msgid ""
12208
"Next, configure the bridge by editing "
12209
"<filename>/etc/network/interfaces</filename>:"
12210
msgstr ""
12211
12212
#: serverguide/C/network-config.xml:530(programlisting)
12213
#, no-wrap
12214
msgid ""
12215
"\n"
12216
"auto lo\n"
12217
"iface lo inet loopback\n"
12218
"\n"
12219
"auto br0\n"
12220
"iface br0 inet static\n"
12221
" address 192.168.0.10\n"
12222
" network 192.168.0.0\n"
12223
" netmask 255.255.255.0\n"
12224
" broadcast 192.168.0.255\n"
12225
" gateway 192.168.0.1\n"
12226
" bridge_ports eth0\n"
12227
" bridge_fd 9\n"
12228
" bridge_hello 2\n"
12229
" bridge_maxage 12\n"
12230
" bridge_stp off\n"
12231
msgstr ""
12232
12233
#: serverguide/C/network-config.xml:549(para)
12234
msgid "Enter the appropriate values for your physical interface and network."
12235
msgstr ""
12236
12237
#: serverguide/C/network-config.xml:554(para)
12238
msgid "Now restart networking to enable the bridge interface:"
12239
msgstr ""
12240
12241
#: serverguide/C/network-config.xml:561(para)
12242
msgid ""
12243
"The new bridge interface should now be up and running. The "
12244
"<application>brctl</application> provides useful information about the state "
12245
"of the bridge, controls which interfaces are part of the bridge, etc. See "
12246
"<command>man brctl</command> for more information."
12247
msgstr ""
12248
12249
#: serverguide/C/network-config.xml:577(para)
12250
msgid ""
12251
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12252
"Network page</ulink> has links to articles covering more advanced network "
12253
"configuration."
12254
msgstr ""
12255
12256
#: serverguide/C/network-config.xml:583(para)
12257
msgid ""
12258
"The <ulink "
12259
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
12260
"nterfaces man page</ulink> has details on more options for "
12261
"<filename>/etc/network/interfaces</filename>."
12262
msgstr ""
12263
12264
#: serverguide/C/network-config.xml:589(para)
12265
msgid ""
12266
"The <ulink "
12267
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
12268
"lient man page</ulink> has details on more options for configuring DHCP "
12269
"client settings."
12270
msgstr ""
12271
12272
#: serverguide/C/network-config.xml:595(para)
12273
msgid ""
12274
"For more information on DNS client configuration see the <ulink "
12275
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
12276
"olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12277
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
12278
"Administrator's Guide</ulink> is a good source of resolver and name service "
12279
"configuration information."
12280
msgstr ""
12281
12282
#: serverguide/C/network-config.xml:603(para)
12283
msgid ""
12284
"For more information on <emphasis>bridging</emphasis> see the <ulink "
12285
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
12286
"man page</ulink> and the Linux Foundation's <ulink "
12287
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
12288
msgstr ""
12289
12290
#: serverguide/C/network-config.xml:614(title)
12291
msgid "TCP/IP"
12292
msgstr ""
12293
12294
#: serverguide/C/network-config.xml:615(para)
12295
msgid ""
12296
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
12297
"standard set of protocols developed in the late 1970s by the Defense "
12298
"Advanced Research Projects Agency (DARPA) as a means of communication "
12299
"between different types of computers and computer networks. TCP/IP is the "
12300
"driving force of the Internet, and thus it is the most popular set of "
12301
"network protocols on Earth."
12302
msgstr ""
12303
12304
#: serverguide/C/network-config.xml:623(title)
12305
msgid "TCP/IP Introduction"
12306
msgstr ""
12307
12308
#: serverguide/C/network-config.xml:624(para)
12309
msgid ""
12310
"The two protocol components of TCP/IP deal with different aspects of "
12311
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
12312
"TCP/IP is a connectionless protocol which deals only with network packet "
12313
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
12314
"basic unit of networking information. The IP Datagram consists of a header "
12315
"followed by a message. The <emphasis> Transmission Control "
12316
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
12317
"establish connections which may be used to exchange data streams. TCP also "
12318
"guarantees that the data between connections is delivered and that it "
12319
"arrives at one network host in the same order as sent from another network "
12320
"host."
12321
msgstr ""
12322
12323
#: serverguide/C/network-config.xml:637(title)
12324
msgid "TCP/IP Configuration"
12325
msgstr ""
12326
12327
#: serverguide/C/network-config.xml:638(para)
12328
msgid ""
12329
"The TCP/IP protocol configuration consists of several elements which must be "
12330
"set by editing the appropriate configuration files, or deploying solutions "
12331
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
12332
"can be configured to provide the proper TCP/IP configuration settings to "
12333
"network clients automatically. These configuration values must be set "
12334
"correctly in order to facilitate the proper network operation of your Ubuntu "
12335
"system."
12336
msgstr ""
12337
12338
#: serverguide/C/network-config.xml:650(para)
12339
msgid ""
12340
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
12341
"identifying string expressed as four decimal numbers ranging from zero (0) "
12342
"to two-hundred and fifty-five (255), separated by periods, with each of the "
12343
"four numbers representing eight (8) bits of the address for a total length "
12344
"of thirty-two (32) bits for the whole address. This format is called "
12345
"<emphasis>dotted quad notation</emphasis>."
12346
msgstr ""
12347
12348
#: serverguide/C/network-config.xml:660(para)
12349
msgid ""
12350
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
12351
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
12352
"separate the portions of an IP address significant to the network from the "
12353
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
12354
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
12355
"three bytes of the IP address and allows the last byte of the IP address to "
12356
"remain available for specifying hosts on the subnetwork."
12357
msgstr ""
12358
12359
#: serverguide/C/network-config.xml:671(para)
12360
msgid ""
12361
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
12362
"represents the bytes comprising the network portion of an IP address. For "
12363
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
12364
"network address, where twelve (12) represents the first byte of the IP "
12365
"address, (the network part) and zeroes (0) in all of the remaining three "
12366
"bytes to represent the potential host values. A network host using the "
12367
"private IP address 192.168.1.100 would in turn use a Network Address of "
12368
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
12369
"network and a zero (0) for all the possible hosts on the network."
12370
msgstr ""
12371
12372
#: serverguide/C/network-config.xml:684(para)
12373
msgid ""
12374
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
12375
"is an IP address which allows network data to be sent simultaneously to all "
12376
"hosts on a given subnetwork rather than specifying a particular host. The "
12377
"standard general broadcast address for IP networks is 255.255.255.255, but "
12378
"this broadcast address cannot be used to send a broadcast message to every "
12379
"host on the Internet because routers block it. A more appropriate broadcast "
12380
"address is set to match a specific subnetwork. For example, on the private "
12381
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
12382
"Broadcast messages are typically produced by network protocols such as the "
12383
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
12384
msgstr ""
12385
12386
#: serverguide/C/network-config.xml:697(para)
12387
msgid ""
12388
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
12389
"IP address through which a particular network, or host on a network, may be "
12390
"reached. If one network host wishes to communicate with another network "
12391
"host, and that host is not located on the same network, then a "
12392
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
12393
"Address will be that of a router on the same network, which will in turn "
12394
"pass traffic on to other networks or hosts, such as Internet hosts. The "
12395
"value of the Gateway Address setting must be correct, or your system will "
12396
"not be able to reach any hosts beyond those on the same network."
12397
msgstr ""
12398
12399
#: serverguide/C/network-config.xml:708(para)
12400
msgid ""
12401
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
12402
"represent the IP addresses of Domain Name Service (DNS) systems, which "
12403
"resolve network hostnames into IP addresses. There are three levels of "
12404
"Nameserver Addresses, which may be specified in order of precedence: The "
12405
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
12406
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
12407
"your system to be able to resolve network hostnames into their corresponding "
12408
"IP addresses, you must specify valid Nameserver Addresses which you are "
12409
"authorized to use in your system's TCP/IP configuration. In many cases these "
12410
"addresses can and will be provided by your network service provider, but "
12411
"many free and publicly accessible nameservers are available for use, such as "
12412
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
12413
msgstr ""
12414
12415
#: serverguide/C/network-config.xml:722(para)
12416
msgid ""
12417
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
12418
"Address are typically specified via the appropriate directives in the file "
12419
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
12420
"typically specified via <emphasis>nameserver</emphasis> directives in the "
12421
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
12422
"system manual page for <filename>interfaces</filename> or "
12423
"<filename>resolv.conf</filename> respectively, with the following commands "
12424
"typed at a terminal prompt:"
12425
msgstr ""
12426
12427
#: serverguide/C/network-config.xml:729(para)
12428
msgid ""
12429
"Access the system manual page for <filename>interfaces</filename> with the "
12430
"following command:"
12431
msgstr ""
12432
12433
#: serverguide/C/network-config.xml:734(command)
12434
msgid "man interfaces"
12435
msgstr ""
12436
12437
#: serverguide/C/network-config.xml:737(para)
12438
msgid ""
12439
"Access the system manual page for <filename>resolv.conf</filename> with the "
12440
"following command:"
12441
msgstr ""
12442
12443
#: serverguide/C/network-config.xml:741(command)
12444
msgid "man resolv.conf"
12445
msgstr ""
12446
12447
#: serverguide/C/network-config.xml:646(para)
12448
msgid ""
12449
"The common configuration elements of TCP/IP and their purposes are as "
12450
"follows: <placeholder-1/>"
12451
msgstr ""
12452
12453
#: serverguide/C/network-config.xml:748(title)
12454
msgid "IP Routing"
12455
msgstr ""
12456
12457
#: serverguide/C/network-config.xml:749(para)
12458
msgid ""
12459
"IP routing is a means of specifying and discovering paths in a TCP/IP "
12460
"network along which network data may be sent. Routing uses a set of "
12461
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
12462
"packets from their source to the destination, often via many intermediary "
12463
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
12464
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
12465
"<emphasis>Dynamic Routing.</emphasis>"
12466
msgstr ""
12467
12468
#: serverguide/C/network-config.xml:758(para)
12469
msgid ""
12470
"Static routing involves manually adding IP routes to the system's routing "
12471
"table, and this is usually done by manipulating the routing table with the "
12472
"<application>route</application> command. Static routing enjoys many "
12473
"advantages over dynamic routing, such as simplicity of implementation on "
12474
"smaller networks, predictability (the routing table is always computed in "
12475
"advance, and thus the route is precisely the same each time it is used), and "
12476
"low overhead on other routers and network links due to the lack of a dynamic "
12477
"routing protocol. However, static routing does present some disadvantages as "
12478
"well. For example, static routing is limited to small networks and does not "
12479
"scale well. Static routing also fails completely to adapt to network outages "
12480
"and failures along the route due to the fixed nature of the route."
12481
msgstr ""
12482
12483
#: serverguide/C/network-config.xml:768(para)
12484
msgid ""
12485
"Dynamic routing depends on large networks with multiple possible IP routes "
12486
"from a source to a destination and makes use of special routing protocols, "
12487
"such as the Router Information Protocol (RIP), which handle the automatic "
12488
"adjustments in routing tables that make dynamic routing possible. Dynamic "
12489
"routing has several advantages over static routing, such as superior "
12490
"scalability and the ability to adapt to failures and outages along network "
12491
"routes. Additionally, there is less manual configuration of the routing "
12492
"tables, since routers learn from one another about their existence and "
12493
"available routes. This trait also eliminates the possibility of introducing "
12494
"mistakes in the routing tables via human error. Dynamic routing is not "
12495
"perfect, however, and presents disadvantages such as heightened complexity "
12496
"and additional network overhead from router communications, which does not "
12497
"immediately benefit the end users, but still consumes network bandwidth."
12498
msgstr ""
12499
12500
#: serverguide/C/network-config.xml:782(title)
12501
msgid "TCP and UDP"
12502
msgstr ""
12503
12504
#: serverguide/C/network-config.xml:783(para)
12505
msgid ""
12506
"TCP is a connection-based protocol, offering error correction and guaranteed "
12507
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
12508
"Flow control determines when the flow of a data stream needs to be stopped, "
12509
"and previously sent data packets should to be re-sent due to problems such "
12510
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
12511
"accurate delivery of the data. TCP is typically used in the exchange of "
12512
"important information such as database transactions."
12513
msgstr ""
12514
12515
#: serverguide/C/network-config.xml:791(para)
12516
msgid ""
12517
"The User Datagram Protocol (UDP), on the other hand, is a "
12518
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
12519
"transmission of important data because it lacks flow control or any other "
12520
"method to ensure reliable delivery of the data. UDP is commonly used in such "
12521
"applications as audio and video streaming, where it is considerably faster "
12522
"than TCP due to the lack of error correction and flow control, and where the "
12523
"loss of a few packets is not generally catastrophic."
12524
msgstr ""
12525
12526
#: serverguide/C/network-config.xml:801(title)
12527
msgid "ICMP"
12528
msgstr ""
12529
12530
#: serverguide/C/network-config.xml:802(para)
12531
msgid ""
12532
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
12533
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
12534
"supports network packets containing control, error, and informational "
12535
"messages. ICMP is used by such network applications as the "
12536
"<application>ping</application> utility, which can determine the "
12537
"availability of a network host or device. Examples of some error messages "
12538
"returned by ICMP which are useful to both network hosts and devices such as "
12539
"routers, include <emphasis>Destination Unreachable</emphasis> and "
12540
"<emphasis>Time Exceeded</emphasis>."
12541
msgstr ""
12542
12543
#: serverguide/C/network-config.xml:812(title)
12544
msgid "Daemons"
12545
msgstr ""
12546
12547
#: serverguide/C/network-config.xml:813(para)
12548
msgid ""
12549
"Daemons are special system applications which typically execute continuously "
12550
"in the background and await requests for the functions they provide from "
12551
"other applications. Many daemons are network-centric; that is, a large "
12552
"number of daemons executing in the background on an Ubuntu system may "
12553
"provide network-related functionality. Some examples of such network daemons "
12554
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
12555
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
12556
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
12557
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
12558
"Daemon</emphasis> (imapd), which provides E-Mail services."
12559
msgstr ""
12560
12561
#: serverguide/C/network-config.xml:828(para)
12562
msgid ""
12563
"There are man pages for <ulink "
12564
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
12565
"nk> and <ulink "
12566
"url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
12567
"that contain more useful information."
12568
msgstr ""
12569
12570
#: serverguide/C/network-config.xml:834(para)
12571
msgid ""
12572
"Also, see the <ulink "
12573
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
12574
"and Technical Overview</ulink> IBM Redbook."
12575
msgstr ""
12576
12577
#: serverguide/C/network-config.xml:840(para)
12578
msgid ""
12579
"Another resource is O'Reilly's <ulink "
12580
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
12581
"Administration</ulink>."
12582
msgstr ""
12583
12584
#: serverguide/C/network-config.xml:849(title)
12585
msgid "Dynamic Host Configuration Protocol (DHCP)"
12586
msgstr ""
12587
12588
#: serverguide/C/network-config.xml:850(para)
12589
msgid ""
12590
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
12591
"enables host computers to be automatically assigned settings from a server "
12592
"as opposed to manually configuring each network host. Computers configured "
12593
"to be DHCP clients have no control over the settings they receive from the "
12594
"DHCP server, and the configuration is transparent to the computer's user."
12595
msgstr ""
12596
12597
#: serverguide/C/network-config.xml:857(para)
12598
msgid ""
12599
"The most common settings provided by a DHCP server to DHCP clients include:"
12600
msgstr ""
12601
12602
#: serverguide/C/network-config.xml:862(para)
12603
msgid "IP-Address and Netmask"
12604
msgstr ""
12605
12606
#: serverguide/C/network-config.xml:865(para)
12607
msgid "DNS"
12608
msgstr ""
12609
12610
#: serverguide/C/network-config.xml:868(para)
12611
msgid "WINS"
12612
msgstr ""
12613
12614
#: serverguide/C/network-config.xml:871(para)
12615
msgid ""
12616
"However, a DHCP server can also supply configuration properties such as:"
12617
msgstr ""
12618
12619
#: serverguide/C/network-config.xml:876(para)
12620
msgid "Host Name"
12621
msgstr ""
12622
12623
#: serverguide/C/network-config.xml:879(para)
12624
msgid "Domain Name"
12625
msgstr ""
12626
12627
#: serverguide/C/network-config.xml:882(para)
12628
msgid "Default Gateway"
12629
msgstr ""
12630
12631
#: serverguide/C/network-config.xml:885(para)
12632
msgid "Time Server"
12633
msgstr ""
12634
12635
#: serverguide/C/network-config.xml:888(para)
12636
msgid "Print Server"
12637
msgstr ""
12638
12639
#: serverguide/C/network-config.xml:891(para)
12640
msgid ""
12641
"The advantage of using DHCP is that changes to the network, for example a "
12642
"change in the address of the DNS server, need only be changed at the DHCP "
12643
"server, and all network hosts will be reconfigured the next time their DHCP "
12644
"clients poll the DHCP server. As an added advantage, it is also easier to "
12645
"integrate new computers into the network, as there is no need to check for "
12646
"the availability of an IP address. Conflicts in IP address allocation are "
12647
"also reduced."
12648
msgstr ""
12649
12650
#: serverguide/C/network-config.xml:899(para)
12651
msgid "A DHCP server can provide configuration settings using two methods:"
12652
msgstr ""
12653
12654
#: serverguide/C/network-config.xml:904(term)
12655
msgid "MAC Address"
12656
msgstr ""
12657
12658
#: serverguide/C/network-config.xml:906(para)
12659
msgid ""
12660
"This method entails using DHCP to identify the unique hardware address of "
12661
"each network card connected to the network and then continually supplying a "
12662
"constant configuration each time the DHCP client makes a request to the DHCP "
12663
"server using that network device."
12664
msgstr ""
12665
12666
#: serverguide/C/network-config.xml:915(term)
12667
msgid "Address Pool"
12668
msgstr ""
12669
12670
#: serverguide/C/network-config.xml:917(para)
12671
msgid ""
12672
"This method entails defining a pool (sometimes also called a range or scope) "
12673
"of IP addresses from which DHCP clients are supplied their configuration "
12674
"properties dynamically and on a \"first come, first served\" basis. When a "
12675
"DHCP client is no longer on the network for a specified period, the "
12676
"configuration is expired and released back to the address pool for use by "
12677
"other DHCP Clients."
12678
msgstr ""
12679
12680
#: serverguide/C/network-config.xml:928(para)
12681
msgid ""
12682
"Ubuntu is shipped with both DHCP server and client. The server is "
12683
"<application>dhcpd</application> (dynamic host configuration protocol "
12684
"daemon). The client provided with Ubuntu is "
12685
"<application>dhclient</application> and should be installed on all computers "
12686
"required to be automatically configured. Both programs are easy to install "
12687
"and configure and will be automatically started at system boot."
12688
msgstr ""
12689
12690
#: serverguide/C/network-config.xml:938(para)
12691
msgid ""
12692
"At a terminal prompt, enter the following command to install "
12693
"<application>dhcpd</application>:"
12694
msgstr ""
12695
12696
#: serverguide/C/network-config.xml:943(command)
12697
msgid "sudo apt-get install dhcp3-server"
12698
msgstr ""
12699
12700
#: serverguide/C/network-config.xml:945(para)
12701
msgid ""
12702
"You will probably need to change the default configuration by editing "
12703
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
12704
msgstr ""
12705
12706
#: serverguide/C/network-config.xml:949(para)
12707
msgid ""
12708
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
12709
"dhcpd should listen to. By default it listens to eth0."
12710
msgstr ""
12711
12712
#: serverguide/C/network-config.xml:953(para)
12713
msgid ""
12714
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
12715
"messages."
12716
msgstr ""
12717
12718
#: serverguide/C/network-config.xml:960(para)
12719
msgid ""
12720
"The error message the installation ends with might be a little confusing, "
12721
"but the following steps will help you configure the service:"
12722
msgstr ""
12723
12724
#: serverguide/C/network-config.xml:964(para)
12725
msgid ""
12726
"Most commonly, what you want to do is assign an IP address randomly. This "
12727
"can be done with settings as follows:"
12728
msgstr ""
12729
12730
#: serverguide/C/network-config.xml:968(programlisting)
12731
#, no-wrap
12732
msgid ""
12733
"\n"
12734
"# Sample /etc/dhcpd.conf\n"
12735
"# (add your comments here) \n"
12736
"default-lease-time 600;\n"
12737
"max-lease-time 7200;\n"
12738
"option subnet-mask 255.255.255.0;\n"
12739
"option broadcast-address 192.168.1.255;\n"
12740
"option routers 192.168.1.254;\n"
12741
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
12742
"option domain-name \"mydomain.example\";\n"
12743
"\n"
12744
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
12745
"range 192.168.1.10 192.168.1.100;\n"
12746
"range 192.168.1.150 192.168.1.200;\n"
12747
"} \n"
12748
msgstr ""
12749
12750
#: serverguide/C/network-config.xml:984(para)
12751
msgid ""
12752
"This will result in the DHCP server giving a client an IP address from the "
12753
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
12754
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
12755
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
12756
"server will also \"advise\" the client that it should use 255.255.255.0 as "
12757
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
12758
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
12759
msgstr ""
12760
12761
#: serverguide/C/network-config.xml:993(para)
12762
msgid ""
12763
"If you need to specify a WINS server for your Windows clients, you will need "
12764
"to include the netbios-name-servers option, e.g."
12765
msgstr ""
12766
12767
#: serverguide/C/network-config.xml:997(programlisting)
12768
#, no-wrap
12769
msgid ""
12770
"\n"
12771
"option netbios-name-servers 192.168.1.1; \n"
12772
msgstr ""
12773
12774
#: serverguide/C/network-config.xml:1000(para)
12775
msgid ""
12776
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
12777
"be found <ulink "
12778
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
12779
msgstr ""
12780
12781
#: serverguide/C/network-config.xml:1010(para)
12782
msgid ""
12783
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12784
"server Ubuntu Wiki</ulink> page has more information."
12785
msgstr ""
12786
12787
#: serverguide/C/network-config.xml:1015(para)
12788
msgid ""
12789
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
12790
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
12791
"hcpd.conf man page</ulink>."
12792
msgstr ""
12793
12794
#: serverguide/C/network-config.xml:1021(para)
12795
msgid ""
12796
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
12797
"FAQ</ulink>"
12798
msgstr ""
12799
12800
#: serverguide/C/network-config.xml:1031(title)
12801
msgid "Time Synchronisation with NTP"
12802
msgstr ""
12803
12804
#: serverguide/C/network-config.xml:1032(para)
12805
msgid ""
12806
"This page describes methods for keeping your computer's time accurate. This "
12807
"is useful for servers, but is not necessary (or desirable) for desktop "
12808
"machines."
12809
msgstr ""
12810
12811
#: serverguide/C/network-config.xml:1035(para)
12812
msgid ""
12813
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
12814
"client requests the current time from a server, and uses it to set its own "
12815
"clock."
12816
msgstr ""
12817
12818
#: serverguide/C/network-config.xml:1038(para)
12819
msgid ""
12820
"Behind this simple description, there is a lot of complexity - there are "
12821
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
12822
"clocks (often via GPS), and tier two and three servers spreading the load of "
12823
"actually handling requests across the Internet. Also the client software is "
12824
"a lot more complex than you might think - it has to factor out communication "
12825
"delays, and adjust the time in a way that does not upset all the other "
12826
"processes that run on the server. But luckily all that complexity is hidden "
12827
"from you!"
12828
msgstr ""
12829
12830
#: serverguide/C/network-config.xml:1041(para)
12831
msgid ""
12832
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
12833
msgstr ""
12834
12835
#: serverguide/C/network-config.xml:1046(title)
12836
msgid "ntpdate"
12837
msgstr ""
12838
12839
#: serverguide/C/network-config.xml:1047(para)
12840
msgid ""
12841
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
12842
"set up your time according to Ubuntu's NTP server. However, a server's clock "
12843
"is likely to drift considerably between reboots, so it makes sense to "
12844
"correct the time occasionally. The easiest way to do this is to get cron to "
12845
"run ntpdate every day. With your favorite editor, as root, create a file "
12846
"<code>/etc/cron.daily/ntpdate</code> containing:"
12847
msgstr ""
12848
12849
#: serverguide/C/network-config.xml:1052(screen)
12850
#, no-wrap
12851
msgid "ntpdate ntp.ubuntu.com\n"
12852
msgstr ""
12853
12854
#: serverguide/C/network-config.xml:1054(para)
12855
msgid ""
12856
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
12857
msgstr ""
12858
12859
#: serverguide/C/network-config.xml:1057(screen)
12860
#, no-wrap
12861
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
12862
msgstr ""
12863
12864
#: serverguide/C/network-config.xml:1061(title)
12865
msgid "ntpd"
12866
msgstr ""
12867
12868
#: serverguide/C/network-config.xml:1062(para)
12869
msgid ""
12870
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
12871
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
12872
"calculates the drift of your system clock and continuously adjusts it, so "
12873
"there are no large corrections that could lead to inconsistent logs for "
12874
"instance. The cost is a little processing power and memory, but for a modern "
12875
"server this is negligible."
12876
msgstr ""
12877
12878
#: serverguide/C/network-config.xml:1065(para)
12879
msgid "To set up ntpd:"
12880
msgstr ""
12881
12882
#: serverguide/C/network-config.xml:1066(screen)
12883
#, no-wrap
12884
msgid "sudo apt-get install ntp\n"
12885
msgstr ""
12886
12887
#: serverguide/C/network-config.xml:1071(title)
12888
msgid "Changing Time Servers"
12889
msgstr ""
12890
12891
#: serverguide/C/network-config.xml:1072(para)
12892
msgid ""
12893
"In both cases above, your system will use Ubuntu's NTP server at "
12894
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
12895
"use several servers to increase accuracy and resilience, and you may want to "
12896
"use time servers that are geographically closer to you. to do this for "
12897
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
12898
msgstr ""
12899
12900
#: serverguide/C/network-config.xml:1079(screen)
12901
#, no-wrap
12902
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
12903
msgstr ""
12904
12905
#: serverguide/C/network-config.xml:1081(para)
12906
msgid ""
12907
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
12908
"lines:"
12909
msgstr ""
12910
12911
#: serverguide/C/network-config.xml:1086(screen)
12912
#, no-wrap
12913
msgid ""
12914
"server ntp.ubuntu.com\n"
12915
"server pool.ntp.org\n"
12916
msgstr ""
12917
12918
#: serverguide/C/network-config.xml:1089(para)
12919
msgid ""
12920
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
12921
"really good idea which uses round-robin DNS to return an NTP server from a "
12922
"pool, spreading the load between several different servers. Even better, "
12923
"they have pools for different regions - for instance, if you are in New "
12924
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
12925
"<code>pool.ntp.org</code> . Look at <ulink "
12926
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
12927
"details."
12928
msgstr ""
12929
12930
#: serverguide/C/network-config.xml:1100(para)
12931
msgid ""
12932
"You can also Google for NTP servers in your region, and add these to your "
12933
"configuration. To test that a server works, just type <code>sudo ntpdate "
12934
"ntp.server.name</code> and see what happens."
12935
msgstr ""
12936
12937
#: serverguide/C/network-config.xml:1111(para)
12938
msgid ""
12939
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12940
"Time</ulink> wiki page for more information."
12941
msgstr ""
12942
12943
#: serverguide/C/network-config.xml:1117(ulink)
12944
msgid "NTP Support"
12945
msgstr ""
12946
12947
#: serverguide/C/network-config.xml:1122(ulink)
12948
msgid "The NTP FAQ and HOWTO"
12949
msgstr ""
12950
12951
#: serverguide/C/network-auth.xml:13(title)
12952
msgid "Network Authentication"
12953
msgstr ""
12954
12955
#: serverguide/C/network-auth.xml:15(para)
12956
msgid "This section explains various Network Authentication protocols."
12957
msgstr ""
12958
12959
#: serverguide/C/network-auth.xml:19(title)
12960
msgid "OpenLDAP Server"
12961
msgstr ""
12962
12963
#: serverguide/C/network-auth.xml:20(para)
12964
msgid ""
12965
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
12966
"simplified version of the X.500 protocol. The directory setup in this "
12967
"section will be used for authentication. Nevertheless, LDAP can be used in "
12968
"numerous ways: authentication, shared directory (for mail clients), address "
12969
"book, etc."
12970
msgstr ""
12971
12972
#: serverguide/C/network-auth.xml:28(para)
12973
msgid ""
12974
"To describe LDAP quickly, all information is stored in a tree structure. "
12975
"With <application>OpenLDAP</application> you have freedom to determine the "
12976
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
12977
"We will begin with a basic tree containing two nodes below the root:"
12978
msgstr ""
12979
12980
#: serverguide/C/network-auth.xml:37(para)
12981
msgid "\"People\" node where your users will be stored"
12982
msgstr ""
12983
12984
#: serverguide/C/network-auth.xml:40(para)
12985
msgid "\"Groups\" node where your groups will be stored"
12986
msgstr ""
12987
12988
#: serverguide/C/network-auth.xml:44(para)
12989
msgid ""
12990
"Before beginning, you should determine what the root of your LDAP directory "
12991
"will be. By default, your tree will be determined by your Fully Qualified "
12992
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
12993
"example), your root node will be dc=example,dc=com."
12994
msgstr ""
12995
12996
#: serverguide/C/network-auth.xml:54(para)
12997
msgid ""
12998
"First, install the <application>OpenLDAP</application> server daemon "
12999
"<application>slapd</application> and <application>ldap-utils</application>, "
13000
"a package containing LDAP management utilities:"
13001
msgstr ""
13002
13003
#: serverguide/C/network-auth.xml:60(command)
13004
msgid "sudo apt-get install slapd ldap-utils"
13005
msgstr ""
13006
13007
#: serverguide/C/network-auth.xml:63(para)
13008
msgid ""
13009
"By default <application>slapd</application> is configured with minimal "
13010
"options needed to run the <application>slapd</application> daemon."
13011
msgstr ""
13012
13013
#: serverguide/C/network-auth.xml:68(para)
13014
msgid ""
13015
"The configuration example in the following sections will match the domain "
13016
"name of the server. For example, if the machine's Fully Qualified Domain "
13017
"Name (FQDN) is ldap.example.com, the default suffix will be "
13018
"<emphasis>dc=example,dc=com</emphasis>."
13019
msgstr ""
13020
13021
#: serverguide/C/network-auth.xml:76(title)
13022
msgid "Populating LDAP"
13023
msgstr ""
13024
13025
#: serverguide/C/network-auth.xml:78(para)
13026
msgid ""
13027
"<application>OpenLDAP</application> uses a separate directory which contains "
13028
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
13029
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
13030
"<application>slapd</application> daemon, allowing the modification of schema "
13031
"definitions, indexes, ACLs, etc without stopping the service."
13032
msgstr ""
13033
13034
#: serverguide/C/network-auth.xml:86(para)
13035
msgid ""
13036
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13037
"configuration and will need additional configuration options in order to "
13038
"populate the frontend directory. The frontend will be populated with a "
13039
"\"classical\" scheme that will be compatible with address book applications "
13040
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13041
"various applications, such as web applications, email Mail Transfer Agent "
13042
"(MTA) applications, etc."
13043
msgstr ""
13044
13045
#: serverguide/C/network-auth.xml:95(para)
13046
msgid ""
13047
"For external applications to authenticate using LDAP they will each need to "
13048
"be specifically configured to do so. Refer to the individual application "
13049
"documentation for details."
13050
msgstr ""
13051
13052
#: serverguide/C/network-auth.xml:103(para)
13053
msgid ""
13054
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13055
"examples to match your LDAP configuration."
13056
msgstr ""
13057
13058
#: serverguide/C/network-auth.xml:108(para)
13059
msgid ""
13060
"First, some additional schema files need to be loaded. In a terminal enter:"
13061
msgstr ""
13062
13063
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13064
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13065
msgstr ""
13066
13067
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13068
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13069
msgstr ""
13070
13071
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13072
msgid ""
13073
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13074
msgstr ""
13075
13076
#: serverguide/C/network-auth.xml:118(para)
13077
msgid ""
13078
"Next, copy the following example LDIF file, naming it "
13079
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13080
msgstr ""
13081
13082
#: serverguide/C/network-auth.xml:123(programlisting)
13083
#, no-wrap
13084
msgid ""
13085
"\n"
13086
"# Load dynamic backend modules\n"
13087
"dn: cn=module,cn=config\n"
13088
"objectClass: olcModuleList\n"
13089
"cn: module\n"
13090
"olcModulepath: /usr/lib/ldap\n"
13091
"olcModuleload: back_hdb\n"
13092
"\n"
13093
"# Database settings\n"
13094
"dn: olcDatabase=hdb,cn=config\n"
13095
"objectClass: olcDatabaseConfig\n"
13096
"objectClass: olcHdbConfig\n"
13097
"olcDatabase: {1}hdb\n"
13098
"olcSuffix: dc=example,dc=com\n"
13099
"olcDbDirectory: /var/lib/ldap\n"
13100
"olcRootDN: cn=admin,dc=example,dc=com\n"
13101
"olcRootPW: secret\n"
13102
"olcDbConfig: set_cachesize 0 2097152 0\n"
13103
"olcDbConfig: set_lk_max_objects 1500\n"
13104
"olcDbConfig: set_lk_max_locks 1500\n"
13105
"olcDbConfig: set_lk_max_lockers 1500\n"
13106
"olcDbIndex: objectClass eq\n"
13107
"olcLastMod: TRUE\n"
13108
"olcDbCheckpoint: 512 30\n"
13109
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13110
"by anonymous auth by self write by * none\n"
13111
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13112
"olcAccess: to dn.base=\"\" by * read\n"
13113
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13114
"\n"
13115
msgstr ""
13116
13117
#: serverguide/C/network-auth.xml:155(para)
13118
msgid ""
13119
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13120
msgstr ""
13121
13122
#: serverguide/C/network-auth.xml:160(para)
13123
msgid "Now add the LDIF to the directory:"
13124
msgstr ""
13125
13126
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13127
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13128
msgstr ""
13129
13130
#: serverguide/C/network-auth.xml:168(para)
13131
msgid ""
13132
"The frontend directory is now ready to be populated. Create a "
13133
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13134
msgstr ""
13135
13136
#: serverguide/C/network-auth.xml:173(programlisting)
13137
#, no-wrap
13138
msgid ""
13139
"\n"
13140
"# Create top-level object in domain\n"
13141
"dn: dc=example,dc=com\n"
13142
"objectClass: top\n"
13143
"objectClass: dcObject\n"
13144
"objectclass: organization\n"
13145
"o: Example Organization\n"
13146
"dc: Example\n"
13147
"description: LDAP Example \n"
13148
"\n"
13149
"# Admin user.\n"
13150
"dn: cn=admin,dc=example,dc=com\n"
13151
"objectClass: simpleSecurityObject\n"
13152
"objectClass: organizationalRole\n"
13153
"cn: admin\n"
13154
"description: LDAP administrator\n"
13155
"userPassword: secret\n"
13156
"\n"
13157
"dn: ou=people,dc=example,dc=com\n"
13158
"objectClass: organizationalUnit\n"
13159
"ou: people\n"
13160
"\n"
13161
"dn: ou=groups,dc=example,dc=com\n"
13162
"objectClass: organizationalUnit\n"
13163
"ou: groups\n"
13164
"\n"
13165
"dn: uid=john,ou=people,dc=example,dc=com\n"
13166
"objectClass: inetOrgPerson\n"
13167
"objectClass: posixAccount\n"
13168
"objectClass: shadowAccount\n"
13169
"uid: john\n"
13170
"sn: Doe\n"
13171
"givenName: John\n"
13172
"cn: John Doe\n"
13173
"displayName: John Doe\n"
13174
"uidNumber: 1000\n"
13175
"gidNumber: 10000\n"
13176
"userPassword: password\n"
13177
"gecos: John Doe\n"
13178
"loginShell: /bin/bash\n"
13179
"homeDirectory: /home/john\n"
13180
"shadowExpire: -1\n"
13181
"shadowFlag: 0\n"
13182
"shadowWarning: 7\n"
13183
"shadowMin: 8\n"
13184
"shadowMax: 999999\n"
13185
"shadowLastChange: 10877\n"
13186
"mail: john.doe@example.com\n"
13187
"postalCode: 31000\n"
13188
"l: Toulouse\n"
13189
"o: Example\n"
13190
"mobile: +33 (0)6 xx xx xx xx\n"
13191
"homePhone: +33 (0)5 xx xx xx xx\n"
13192
"title: System Administrator\n"
13193
"postalAddress: \n"
13194
"initials: JD\n"
13195
"\n"
13196
"dn: cn=example,ou=groups,dc=example,dc=com\n"
13197
"objectClass: posixGroup\n"
13198
"cn: example\n"
13199
"gidNumber: 10000\n"
13200
msgstr ""
13201
13202
#: serverguide/C/network-auth.xml:236(para)
13203
msgid ""
13204
"In this example the directory structure, a user, and a group have been "
13205
"setup. In other examples you might see the <emphasis>objectClass: "
13206
"top</emphasis> added in every entry, but that is the default behaviour so "
13207
"you do not have to add it explicitly."
13208
msgstr ""
13209
13210
#: serverguide/C/network-auth.xml:243(para)
13211
msgid "Add the entries to the LDAP directory:"
13212
msgstr ""
13213
13214
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13215
msgid ""
13216
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13217
msgstr ""
13218
13219
#: serverguide/C/network-auth.xml:252(para)
13220
msgid ""
13221
"We can check that the content has been correctly added with the "
13222
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13223
"directory:"
13224
msgstr ""
13225
13226
#: serverguide/C/network-auth.xml:258(command)
13227
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
13228
msgstr ""
13229
13230
#: serverguide/C/network-auth.xml:259(computeroutput)
13231
#, no-wrap
13232
msgid ""
13233
"\n"
13234
"dn: uid=john,ou=people,dc=example,dc=com\n"
13235
"cn: John Doe\n"
13236
"sn: Doe\n"
13237
"givenName: John\n"
13238
msgstr ""
13239
13240
#: serverguide/C/network-auth.xml:267(para)
13241
msgid "Just a quick explanation:"
13242
msgstr ""
13243
13244
#: serverguide/C/network-auth.xml:273(para)
13245
msgid ""
13246
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
13247
"the default."
13248
msgstr ""
13249
13250
#: serverguide/C/network-auth.xml:279(para)
13251
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13252
msgstr ""
13253
13254
#: serverguide/C/network-auth.xml:287(title)
13255
msgid "Further Configuration"
13256
msgstr ""
13257
13258
#: serverguide/C/network-auth.xml:290(para)
13259
msgid ""
13260
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13261
"utilities in the <application>ldap-utils</application> package. For example:"
13262
msgstr ""
13263
13264
#: serverguide/C/network-auth.xml:298(para)
13265
msgid ""
13266
"Use <application>ldapsearch</application> to view the tree, entering the "
13267
"admin password set during installation or reconfiguration:"
13268
msgstr ""
13269
13270
#: serverguide/C/network-auth.xml:304(command)
13271
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13272
msgstr ""
13273
13274
#: serverguide/C/network-auth.xml:308(computeroutput)
13275
#, no-wrap
13276
msgid ""
13277
"\n"
13278
"SASL/EXTERNAL authentication started\n"
13279
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13280
"SASL SSF: 0\n"
13281
"dn: cn=config\n"
13282
"\n"
13283
"dn: cn=module{0},cn=config\n"
13284
"\n"
13285
"dn: cn=schema,cn=config\n"
13286
"\n"
13287
"dn: cn={0}core,cn=schema,cn=config\n"
13288
"\n"
13289
"dn: cn={1}cosine,cn=schema,cn=config\n"
13290
"\n"
13291
"dn: cn={2}nis,cn=schema,cn=config\n"
13292
"\n"
13293
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13294
"\n"
13295
"dn: olcDatabase={-1}frontend,cn=config\n"
13296
"\n"
13297
"dn: olcDatabase={0}config,cn=config\n"
13298
"\n"
13299
"dn: olcDatabase={1}hdb,cn=config\n"
13300
msgstr ""
13301
13302
#: serverguide/C/network-auth.xml:334(para)
13303
msgid ""
13304
"The output above is the current configuration options for the "
13305
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13306
msgstr ""
13307
13308
#: serverguide/C/network-auth.xml:342(para)
13309
msgid ""
13310
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13311
"another attribute to the index list using "
13312
"<application>ldapmodify</application>:"
13313
msgstr ""
13314
13315
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13316
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13317
msgstr ""
13318
13319
#: serverguide/C/network-auth.xml:356(userinput)
13320
#, no-wrap
13321
msgid ""
13322
"dn: olcDatabase={1}hdb,cn=config\n"
13323
"add: olcDbIndex\n"
13324
"olcDbIndex: uidNumber eq"
13325
msgstr ""
13326
13327
#: serverguide/C/network-auth.xml:352(computeroutput)
13328
#, no-wrap
13329
msgid ""
13330
"\n"
13331
"SASL/EXTERNAL authentication started\n"
13332
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13333
"SASL SSF: 0\n"
13334
"<placeholder-1/>\n"
13335
"\n"
13336
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13337
msgstr ""
13338
13339
#: serverguide/C/network-auth.xml:364(para)
13340
msgid ""
13341
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13342
"exit the utility."
13343
msgstr ""
13344
13345
#: serverguide/C/network-auth.xml:371(para)
13346
msgid ""
13347
"<application>ldapmodify</application> can also read the changes from a file. "
13348
"Copy and paste the following into a file named "
13349
"<filename>uid_index.ldif</filename>:"
13350
msgstr ""
13351
13352
#: serverguide/C/network-auth.xml:376(programlisting)
13353
#, no-wrap
13354
msgid ""
13355
"\n"
13356
"dn: olcDatabase={1}hdb,cn=config\n"
13357
"add: olcDbIndex\n"
13358
"olcDbIndex: uid eq,pres,sub\n"
13359
msgstr ""
13360
13361
#: serverguide/C/network-auth.xml:382(para)
13362
msgid "Then execute <application>ldapmodify</application>:"
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:387(command)
13366
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13367
msgstr ""
13368
13369
#: serverguide/C/network-auth.xml:391(computeroutput)
13370
#, no-wrap
13371
msgid ""
13372
"\n"
13373
"SASL/EXTERNAL authentication started\n"
13374
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13375
"SASL SSF: 0\n"
13376
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13377
msgstr ""
13378
13379
#: serverguide/C/network-auth.xml:399(para)
13380
msgid "The file method is very useful for large changes."
13381
msgstr ""
13382
13383
#: serverguide/C/network-auth.xml:406(para)
13384
msgid ""
13385
"Adding additional <emphasis>schemas</emphasis> to "
13386
"<application>slapd</application> requires the schema to be converted to LDIF "
13387
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13388
"directory contains some schema files already converted to LDIF format as "
13389
"demonstrated in the previous section. Fortunately, the "
13390
"<application>slapd</application> program can be used to automate the "
13391
"conversion. The following example will add the "
13392
"<emphasis>dyngoup.schema</emphasis>:"
13393
msgstr ""
13394
13395
#: serverguide/C/network-auth.xml:416(para)
13396
msgid ""
13397
"First, create a conversion <filename>schema_convert.conf</filename> file "
13398
"containing the following lines:"
13399
msgstr ""
13400
13401
#: serverguide/C/network-auth.xml:421(programlisting)
13402
#, no-wrap
13403
msgid ""
13404
"\n"
13405
"include /etc/ldap/schema/core.schema\n"
13406
"include /etc/ldap/schema/collective.schema\n"
13407
"include /etc/ldap/schema/corba.schema\n"
13408
"include /etc/ldap/schema/cosine.schema\n"
13409
"include /etc/ldap/schema/duaconf.schema\n"
13410
"include /etc/ldap/schema/dyngroup.schema\n"
13411
"include /etc/ldap/schema/inetorgperson.schema\n"
13412
"include /etc/ldap/schema/java.schema\n"
13413
"include /etc/ldap/schema/misc.schema\n"
13414
"include /etc/ldap/schema/nis.schema\n"
13415
"include /etc/ldap/schema/openldap.schema\n"
13416
"include /etc/ldap/schema/ppolicy.schema\n"
13417
msgstr ""
13418
13419
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13420
msgid "Next, create a temporary directory to hold the output:"
13421
msgstr ""
13422
13423
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13424
msgid "mkdir /tmp/ldif_output"
13425
msgstr ""
13426
13427
#: serverguide/C/network-auth.xml:450(para)
13428
msgid ""
13429
"Now using <application>slapcat</application> convert the schema files to "
13430
"LDIF:"
13431
msgstr ""
13432
13433
#: serverguide/C/network-auth.xml:455(command)
13434
msgid ""
13435
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13436
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13437
msgstr ""
13438
13439
#: serverguide/C/network-auth.xml:458(para)
13440
msgid ""
13441
"Adjust the configuration file name and temporary directory names if yours "
13442
"are different. Also, it may be worthwhile to keep the "
13443
"<filename>ldif_output</filename> directory around in case you want to add "
13444
"additional schemas in the future."
13445
msgstr ""
13446
13447
#: serverguide/C/network-auth.xml:467(para)
13448
msgid ""
13449
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13450
"following attributes:"
13451
msgstr ""
13452
13453
#: serverguide/C/network-auth.xml:471(programlisting)
13454
#, no-wrap
13455
msgid ""
13456
"\n"
13457
"dn: cn=dyngroup,cn=schema,cn=config\n"
13458
"...\n"
13459
"cn: dyngroup\n"
13460
msgstr ""
13461
13462
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13463
msgid "And remove the following lines from the bottom of the file:"
13464
msgstr ""
13465
13466
#: serverguide/C/network-auth.xml:481(programlisting)
13467
#, no-wrap
13468
msgid ""
13469
"\n"
13470
"structuralObjectClass: olcSchemaConfig\n"
13471
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13472
"creatorsName: cn=config\n"
13473
"createTimestamp: 20080826021140Z\n"
13474
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13475
"modifiersName: cn=config\n"
13476
"modifyTimestamp: 20080826021140Z\n"
13477
msgstr ""
13478
13479
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13480
msgid ""
13481
"The attribute values will vary, just be sure the attributes are removed."
13482
msgstr ""
13483
13484
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13485
msgid ""
13486
"Finally, using the <application>ldapadd</application> utility, add the new "
13487
"schema to the directory:"
13488
msgstr ""
13489
13490
#: serverguide/C/network-auth.xml:506(command)
13491
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13492
msgstr ""
13493
13494
#: serverguide/C/network-auth.xml:512(para)
13495
msgid ""
13496
"There should now be a <emphasis>dn: "
13497
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13498
msgstr ""
13499
13500
#: serverguide/C/network-auth.xml:522(title)
13501
msgid "LDAP Replication"
13502
msgstr ""
13503
13504
#: serverguide/C/network-auth.xml:524(para)
13505
msgid ""
13506
"LDAP often quickly becomes a highly critical service to the network. "
13507
"Multiple systems will come to depend on LDAP for authentication, "
13508
"authorization, configuration, etc. It is a good idea to setup a redundant "
13509
"system through replication."
13510
msgstr ""
13511
13512
#: serverguide/C/network-auth.xml:530(para)
13513
msgid ""
13514
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
13515
"Syncrepl allows the changes to be synced using a "
13516
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13517
"provider sends directory changes to consumers."
13518
msgstr ""
13519
13520
#: serverguide/C/network-auth.xml:537(title)
13521
msgid "Provider Configuration"
13522
msgstr ""
13523
13524
#: serverguide/C/network-auth.xml:539(para)
13525
msgid ""
13526
"The following is an example of a <emphasis>Single-Master</emphasis> "
13527
"configuration. In this configuration one OpenLDAP server is configured as a "
13528
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13529
msgstr ""
13530
13531
#: serverguide/C/network-auth.xml:547(para)
13532
msgid ""
13533
"First, configure the provider server. Copy the following to a file named "
13534
"<filename>provider_sync.ldif</filename>:"
13535
msgstr ""
13536
13537
#: serverguide/C/network-auth.xml:552(programlisting)
13538
#, no-wrap
13539
msgid ""
13540
"\n"
13541
"# Add indexes to the frontend db.\n"
13542
"dn: olcDatabase={1}hdb,cn=config\n"
13543
"changetype: modify\n"
13544
"add: olcDbIndex\n"
13545
"olcDbIndex: entryCSN eq\n"
13546
"-\n"
13547
"add: olcDbIndex\n"
13548
"olcDbIndex: entryUUID eq\n"
13549
"\n"
13550
"#Load the syncprov and accesslog modules.\n"
13551
"dn: cn=module{0},cn=config\n"
13552
"changetype: modify\n"
13553
"add: olcModuleLoad\n"
13554
"olcModuleLoad: syncprov\n"
13555
"-\n"
13556
"add: olcModuleLoad\n"
13557
"olcModuleLoad: accesslog\n"
13558
"\n"
13559
"# Accesslog database definitions\n"
13560
"dn: olcDatabase={2}hdb,cn=config\n"
13561
"objectClass: olcDatabaseConfig\n"
13562
"objectClass: olcHdbConfig\n"
13563
"olcDatabase: {2}hdb\n"
13564
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13565
"olcSuffix: cn=accesslog\n"
13566
"olcRootDN: cn=admin,dc=example,dc=com\n"
13567
"olcDbIndex: default eq\n"
13568
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13569
"\n"
13570
"# Accesslog db syncprov.\n"
13571
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
13572
"changetype: add\n"
13573
"objectClass: olcOverlayConfig\n"
13574
"objectClass: olcSyncProvConfig\n"
13575
"olcOverlay: syncprov\n"
13576
"olcSpNoPresent: TRUE\n"
13577
"olcSpReloadHint: TRUE\n"
13578
"\n"
13579
"# syncrepl Provider for primary db\n"
13580
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
13581
"changetype: add\n"
13582
"objectClass: olcOverlayConfig\n"
13583
"objectClass: olcSyncProvConfig\n"
13584
"olcOverlay: syncprov\n"
13585
"olcSpNoPresent: TRUE\n"
13586
"\n"
13587
"# accesslog overlay definitions for primary db\n"
13588
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13589
"objectClass: olcOverlayConfig\n"
13590
"objectClass: olcAccessLogConfig\n"
13591
"olcOverlay: accesslog\n"
13592
"olcAccessLogDB: cn=accesslog\n"
13593
"olcAccessLogOps: writes\n"
13594
"olcAccessLogSuccess: TRUE\n"
13595
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13596
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13597
msgstr ""
13598
13599
#: serverguide/C/network-auth.xml:614(para)
13600
msgid ""
13601
"The <application>AppArmor</application> profile for "
13602
"<application>slapd</application> will need to be adjusted for the accesslog "
13603
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13604
"adding:"
13605
msgstr ""
13606
13607
#: serverguide/C/network-auth.xml:619(programlisting)
13608
#, no-wrap
13609
msgid ""
13610
"\n"
13611
" /var/lib/ldap/accesslog/ r,\n"
13612
" /var/lib/ldap/accesslog/** rwk,\n"
13613
msgstr ""
13614
13615
#: serverguide/C/network-auth.xml:624(para)
13616
msgid ""
13617
"Then create the directory, reload the <application>apparmor</application> "
13618
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13619
msgstr ""
13620
13621
#: serverguide/C/network-auth.xml:630(command)
13622
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13623
msgstr ""
13624
13625
#: serverguide/C/network-auth.xml:631(command)
13626
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13627
msgstr ""
13628
13629
#: serverguide/C/network-auth.xml:636(para)
13630
msgid ""
13631
"Using the <emphasis>-u openldap</emphasis> option with the "
13632
"<application>sudo</application> commands above removes the need to adjust "
13633
"permissions for the new directory later."
13634
msgstr ""
13635
13636
#: serverguide/C/network-auth.xml:645(para)
13637
msgid ""
13638
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13639
"directory:"
13640
msgstr ""
13641
13642
#: serverguide/C/network-auth.xml:649(programlisting)
13643
#, no-wrap
13644
msgid ""
13645
"\n"
13646
"olcRootDN: cn=admin,dc=example,dc=com\n"
13647
msgstr ""
13648
13649
#: serverguide/C/network-auth.xml:657(para)
13650
msgid ""
13651
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13652
msgstr ""
13653
13654
#: serverguide/C/network-auth.xml:662(command)
13655
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13656
msgstr ""
13657
13658
#: serverguide/C/network-auth.xml:669(para)
13659
msgid "Restart <application>slapd</application>:"
13660
msgstr ""
13661
13662
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
13663
msgid "sudo /etc/init.d/slapd restart"
13664
msgstr ""
13665
13666
#: serverguide/C/network-auth.xml:680(para)
13667
msgid ""
13668
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13669
"to configure a <emphasis>Consumer</emphasis> server."
13670
msgstr ""
13671
13672
#: serverguide/C/network-auth.xml:687(title)
13673
msgid "Consumer Configuration"
13674
msgstr ""
13675
13676
#: serverguide/C/network-auth.xml:692(para)
13677
msgid ""
13678
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13679
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13680
"configuration steps."
13681
msgstr ""
13682
13683
#: serverguide/C/network-auth.xml:697(para)
13684
msgid "Add the additional schema files:"
13685
msgstr ""
13686
13687
#: serverguide/C/network-auth.xml:707(para)
13688
msgid ""
13689
"Also, create, or copy from the provider server, the "
13690
"<filename>backend.example.com.ldif</filename>"
13691
msgstr ""
13692
13693
#: serverguide/C/network-auth.xml:711(programlisting)
13694
#, no-wrap
13695
msgid ""
13696
"\n"
13697
"# Load dynamic backend modules\n"
13698
"dn: cn=module,cn=config\n"
13699
"objectClass: olcModuleList\n"
13700
"cn: module\n"
13701
"olcModulepath: /usr/lib/ldap\n"
13702
"olcModuleload: back_hdb\n"
13703
"\n"
13704
"# Database settings\n"
13705
"dn: olcDatabase=hdb,cn=config\n"
13706
"objectClass: olcDatabaseConfig\n"
13707
"objectClass: olcHdbConfig\n"
13708
"olcDatabase: {1}hdb\n"
13709
"olcSuffix: dc=example,dc=com\n"
13710
"olcDbDirectory: /var/lib/ldap\n"
13711
"olcRootDN: cn=admin,dc=example,dc=com\n"
13712
"olcRootPW: secret\n"
13713
"olcDbConfig: set_cachesize 0 2097152 0\n"
13714
"olcDbConfig: set_lk_max_objects 1500\n"
13715
"olcDbConfig: set_lk_max_locks 1500\n"
13716
"olcDbConfig: set_lk_max_lockers 1500\n"
13717
"olcDbIndex: objectClass eq\n"
13718
"olcLastMod: TRUE\n"
13719
"olcDbCheckpoint: 512 30\n"
13720
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13721
"by anonymous auth by self write by * none\n"
13722
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13723
"olcAccess: to dn.base=\"\" by * read\n"
13724
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13725
msgstr ""
13726
13727
#: serverguide/C/network-auth.xml:741(para)
13728
msgid "And add the LDIF by entering:"
13729
msgstr ""
13730
13731
#: serverguide/C/network-auth.xml:752(para)
13732
msgid ""
13733
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13734
"listed above, and add it:"
13735
msgstr ""
13736
13737
#: serverguide/C/network-auth.xml:760(para)
13738
msgid ""
13739
"The two severs should now have the same configuration except for the "
13740
"<emphasis>Syncrepl</emphasis> options."
13741
msgstr ""
13742
13743
#: serverguide/C/network-auth.xml:768(para)
13744
msgid ""
13745
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13746
msgstr ""
13747
13748
#: serverguide/C/network-auth.xml:772(programlisting)
13749
#, no-wrap
13750
msgid ""
13751
"\n"
13752
"#Load the syncprov module.\n"
13753
"dn: cn=module{0},cn=config\n"
13754
"changetype: modify\n"
13755
"add: olcModuleLoad\n"
13756
"olcModuleLoad: syncprov\n"
13757
"\n"
13758
"# syncrepl specific indices\n"
13759
"dn: olcDatabase={1}hdb,cn=config\n"
13760
"changetype: modify\n"
13761
"add: olcDbIndex\n"
13762
"olcDbIndex: entryUUID eq\n"
13763
"-\n"
13764
"add: olcSyncRepl\n"
13765
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13766
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13767
" credentials=secret searchbase=\"dc=example,dc=com\" "
13768
"logbase=\"cn=accesslog\" \n"
13769
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13770
"schemachecking=on \n"
13771
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13772
"-\n"
13773
"add: olcUpdateRef\n"
13774
"olcUpdateRef: ldap://ldap01.example.com\n"
13775
msgstr ""
13776
13777
#: serverguide/C/network-auth.xml:795(para)
13778
msgid "You will probably want to change the following attributes:"
13779
msgstr ""
13780
13781
#: serverguide/C/network-auth.xml:800(para)
13782
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13783
msgstr ""
13784
13785
#: serverguide/C/network-auth.xml:801(emphasis)
13786
msgid "binddn"
13787
msgstr ""
13788
13789
#: serverguide/C/network-auth.xml:802(emphasis)
13790
msgid "credentials"
13791
msgstr ""
13792
13793
#: serverguide/C/network-auth.xml:803(emphasis)
13794
msgid "searchbase"
13795
msgstr ""
13796
13797
#: serverguide/C/network-auth.xml:804(emphasis)
13798
msgid "olcUpdateRef:"
13799
msgstr ""
13800
13801
#: serverguide/C/network-auth.xml:810(para)
13802
msgid "Add the LDIF file to the configuration tree:"
13803
msgstr ""
13804
13805
#: serverguide/C/network-auth.xml:815(command)
13806
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13807
msgstr ""
13808
13809
#: serverguide/C/network-auth.xml:821(para)
13810
msgid ""
13811
"The frontend database should now sync between servers. You can add "
13812
"additional servers using the steps above as the need arises."
13813
msgstr ""
13814
13815
#: serverguide/C/network-auth.xml:831(programlisting)
13816
#, no-wrap
13817
msgid "127.0.0.1\tldap01.example.com ldap01"
13818
msgstr ""
13819
13820
#: serverguide/C/network-auth.xml:827(para)
13821
msgid ""
13822
"The <application>slapd</application> daemon will send log information to "
13823
"<filename>/var/log/syslog</filename> by default. So if all does "
13824
"<emphasis>not</emphasis> go well check there for errors and other "
13825
"troubleshooting information. Also, be sure that each server knows it's Fully "
13826
"Qualified Domain Name (FQDN). This is configured in "
13827
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
13828
msgstr ""
13829
13830
#: serverguide/C/network-auth.xml:839(title)
13831
msgid "Setting up ACL"
13832
msgstr ""
13833
13834
#: serverguide/C/network-auth.xml:841(para)
13835
msgid ""
13836
"Authentication requires access to the password field, that should be not "
13837
"accessible by default. Also, in order for users to change their own "
13838
"password, using <command>passwd</command> or other utilities, "
13839
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
13840
"authenticated."
13841
msgstr ""
13842
13843
#: serverguide/C/network-auth.xml:848(para)
13844
msgid ""
13845
"To view the Access Control List (ACL), use the "
13846
"<application>ldapsearch</application> utility:"
13847
msgstr ""
13848
13849
#: serverguide/C/network-auth.xml:853(command)
13850
msgid ""
13851
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
13852
"olcAccess"
13853
msgstr ""
13854
13855
#: serverguide/C/network-auth.xml:857(computeroutput)
13856
#, no-wrap
13857
msgid ""
13858
"Enter LDAP Password: \n"
13859
"dn: olcDatabase={1}hdb,cn=config\n"
13860
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
13861
"dn=\"cn=admin,dc=exampl\n"
13862
" e,dc=com\" write by anonymous auth by self write by * none\n"
13863
"olcAccess: {1}to dn.base=\"\" by * read\n"
13864
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13865
msgstr ""
13866
13867
#: serverguide/C/network-auth.xml:869(title)
13868
msgid "TLS and SSL"
13869
msgstr ""
13870
13871
#: serverguide/C/network-auth.xml:871(para)
13872
msgid ""
13873
"When authenticating to an OpenLDAP server it is best to do so using an "
13874
"encrypted session. This can be accomplished using Transport Layer Security "
13875
"(TLS) and/or Secure Sockets Layer (SSL)."
13876
msgstr ""
13877
13878
#: serverguide/C/network-auth.xml:876(para)
13879
msgid ""
13880
"The first step in the process is to obtain or create a "
13881
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13882
"is compiled using the <application>gnutls</application> library, the "
13883
"<application>certtool</application> utility will be used to create "
13884
"certificates."
13885
msgstr ""
13886
13887
#: serverguide/C/network-auth.xml:885(para)
13888
msgid ""
13889
"First, install <application>gnutls-bin</application> by entering the "
13890
"following in a terminal:"
13891
msgstr ""
13892
13893
#: serverguide/C/network-auth.xml:890(command)
13894
msgid "sudo apt-get install gnutls-bin"
13895
msgstr ""
13896
13897
#: serverguide/C/network-auth.xml:896(para)
13898
msgid ""
13899
"Next, create a private key for the <emphasis>Certificate "
13900
"Authority</emphasis> (CA):"
13901
msgstr ""
13902
13903
#: serverguide/C/network-auth.xml:901(command)
13904
msgid ""
13905
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13906
msgstr ""
13907
13908
#: serverguide/C/network-auth.xml:907(para)
13909
msgid ""
13910
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13911
"CA certificate containing:"
13912
msgstr ""
13913
13914
#: serverguide/C/network-auth.xml:911(programlisting)
13915
#, no-wrap
13916
msgid ""
13917
"\n"
13918
"cn = Example Company\n"
13919
"ca\n"
13920
"cert_signing_key\n"
13921
msgstr ""
13922
13923
#: serverguide/C/network-auth.xml:920(para)
13924
msgid "Now create the self-signed CA certificate:"
13925
msgstr ""
13926
13927
#: serverguide/C/network-auth.xml:925(command)
13928
msgid ""
13929
"sudo certtool --generate-self-signed --load-privkey "
13930
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13931
"/etc/ssl/certs/cacert.pem"
13932
msgstr ""
13933
13934
#: serverguide/C/network-auth.xml:932(para)
13935
msgid "Make a private key for the server:"
13936
msgstr ""
13937
13938
#: serverguide/C/network-auth.xml:937(command)
13939
msgid ""
13940
"sudo sh -c \"certtool --generate-privkey > "
13941
"/etc/ssl/private/ldap01_slapd_key.pem\""
13942
msgstr ""
13943
13944
#: serverguide/C/network-auth.xml:941(para)
13945
msgid ""
13946
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
13947
"hostname. Naming the certificate and key for the host and service that will "
13948
"be using them will help keep filenames and paths straight."
13949
msgstr ""
13950
13951
#: serverguide/C/network-auth.xml:950(para)
13952
msgid ""
13953
"To sign the server's certificate with the CA, create the "
13954
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
13955
msgstr ""
13956
13957
#: serverguide/C/network-auth.xml:954(programlisting)
13958
#, no-wrap
13959
msgid ""
13960
"\n"
13961
"organization = Example Company\n"
13962
"cn = ldap01.example.com\n"
13963
"tls_www_server\n"
13964
"encryption_key\n"
13965
"signing_key\n"
13966
msgstr ""
13967
13968
#: serverguide/C/network-auth.xml:965(para)
13969
msgid "Create the server's certificate:"
13970
msgstr ""
13971
13972
#: serverguide/C/network-auth.xml:970(command)
13973
msgid ""
13974
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
13975
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
13976
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
13977
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
13978
msgstr ""
13979
13980
#: serverguide/C/network-auth.xml:978(para)
13981
msgid ""
13982
"Once you have a certificate, key, and CA cert installed, use "
13983
"<application>ldapmodify</application> to add the new configuration options:"
13984
msgstr ""
13985
13986
#: serverguide/C/network-auth.xml:989(userinput)
13987
#, no-wrap
13988
msgid ""
13989
"dn: cn=config\n"
13990
"add: olcTLSCACertificateFile\n"
13991
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
13992
"-\n"
13993
"add: olcTLSCertificateFile\n"
13994
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
13995
"-\n"
13996
"add: olcTLSCertificateKeyFile\n"
13997
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
13998
msgstr ""
13999
14000
#: serverguide/C/network-auth.xml:988(computeroutput) serverguide/C/network-auth.xml:1159(computeroutput)
14001
#, no-wrap
14002
msgid ""
14003
"Enter LDAP Password:\n"
14004
"<placeholder-1/>\n"
14005
"\n"
14006
"modifying entry \"cn=config\"\n"
14007
msgstr ""
14008
14009
#: serverguide/C/network-auth.xml:1004(para)
14010
msgid ""
14011
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14012
"<filename>ldap01_slapd_key.pem</filename>, and "
14013
"<filename>cacert.pem</filename> names if yours are different."
14014
msgstr ""
14015
14016
#: serverguide/C/network-auth.xml:1010(para)
14017
msgid ""
14018
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
14019
"<emphasis>SLAPD_SERVICES</emphasis> option:"
14020
msgstr ""
14021
14022
#: serverguide/C/network-auth.xml:1014(programlisting)
14023
#, no-wrap
14024
msgid ""
14025
"\n"
14026
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
14027
msgstr ""
14028
14029
#: serverguide/C/network-auth.xml:1018(para)
14030
msgid ""
14031
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
14032
msgstr ""
14033
14034
#: serverguide/C/network-auth.xml:1023(command)
14035
msgid "sudo adduser openldap ssl-cert"
14036
msgstr ""
14037
14038
#: serverguide/C/network-auth.xml:1024(command)
14039
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14040
msgstr ""
14041
14042
#: serverguide/C/network-auth.xml:1025(command)
14043
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14044
msgstr ""
14045
14046
#: serverguide/C/network-auth.xml:1029(para)
14047
msgid ""
14048
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
14049
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
14050
"adjust the commands appropriately."
14051
msgstr ""
14052
14053
#: serverguide/C/network-auth.xml:1035(para)
14054
msgid "Finally, restart <application>slapd</application>:"
14055
msgstr ""
14056
14057
#: serverguide/C/network-auth.xml:1043(para)
14058
msgid ""
14059
"The <application>slapd</application> daemon should now be listening for "
14060
"LDAPS connections and be able to use STARTTLS during authentication."
14061
msgstr ""
14062
14063
#: serverguide/C/network-auth.xml:1049(para)
14064
msgid ""
14065
"If you run into troubles with the server not starting, check the "
14066
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
14067
"it is likely there is a configuration problem. Check that the certificate is "
14068
"signed by the authority from in the files configured, and that the ssl-cert "
14069
"group has read permissions on the private key."
14070
msgstr ""
14071
14072
#: serverguide/C/network-auth.xml:1061(title)
14073
msgid "TLS Replication"
14074
msgstr ""
14075
14076
#: serverguide/C/network-auth.xml:1063(para)
14077
msgid ""
14078
"If you have setup <application>Syncrepl</application> between servers, it is "
14079
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
14080
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
14081
"linkend=\"openldap-server-replication\"/>."
14082
msgstr ""
14083
14084
#: serverguide/C/network-auth.xml:1069(para)
14085
msgid ""
14086
"Assuming you have followed the above instructions and created a CA "
14087
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14088
"server. Follow the following instructions to create a certificate and key "
14089
"for the <emphasis>Consumer</emphasis> server."
14090
msgstr ""
14091
14092
#: serverguide/C/network-auth.xml:1078(para)
14093
msgid "Create a new key for the Consumer server:"
14094
msgstr ""
14095
14096
#: serverguide/C/network-auth.xml:1083(command)
14097
msgid "mkdir ldap02-ssl"
14098
msgstr ""
14099
14100
#: serverguide/C/network-auth.xml:1084(command)
14101
msgid "cd ldap02-ssl"
14102
msgstr ""
14103
14104
#: serverguide/C/network-auth.xml:1085(command)
14105
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14106
msgstr ""
14107
14108
#: serverguide/C/network-auth.xml:1089(para)
14109
msgid ""
14110
"Creating a new directory is not strictly necessary, but it will help keep "
14111
"things organized and make it easier to copy the files to the Consumer server."
14112
msgstr ""
14113
14114
#: serverguide/C/network-auth.xml:1098(para)
14115
msgid ""
14116
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14117
"server, changing the attributes to match your locality and server:"
14118
msgstr ""
14119
14120
#: serverguide/C/network-auth.xml:1103(programlisting)
14121
#, no-wrap
14122
msgid ""
14123
"\n"
14124
"country = US\n"
14125
"state = North Carolina\n"
14126
"locality = Winston-Salem\n"
14127
"organization = Example Company\n"
14128
"cn = ldap02.salem.edu\n"
14129
"tls_www_client\n"
14130
"encryption_key\n"
14131
"signing_key\n"
14132
msgstr ""
14133
14134
#: serverguide/C/network-auth.xml:1117(para)
14135
msgid "Create the certificate:"
14136
msgstr ""
14137
14138
#: serverguide/C/network-auth.xml:1122(command)
14139
msgid ""
14140
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14141
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14142
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14143
"ldap02_slapd_cert.pem"
14144
msgstr ""
14145
14146
#: serverguide/C/network-auth.xml:1130(para)
14147
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14148
msgstr ""
14149
14150
#: serverguide/C/network-auth.xml:1135(command)
14151
msgid "cp /etc/ssl/certs/cacert.pem ."
14152
msgstr ""
14153
14154
#: serverguide/C/network-auth.xml:1141(para)
14155
msgid ""
14156
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14157
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14158
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14159
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14160
"<filename>/etc/ssl/private</filename>."
14161
msgstr ""
14162
14163
#: serverguide/C/network-auth.xml:1150(para)
14164
msgid ""
14165
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14166
"by entering:"
14167
msgstr ""
14168
14169
#: serverguide/C/network-auth.xml:1160(userinput)
14170
#, no-wrap
14171
msgid ""
14172
"dn: cn=config\n"
14173
"add: olcTLSCACertificateFile\n"
14174
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14175
"-\n"
14176
"add: olcTLSCertificateFile\n"
14177
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14178
"-\n"
14179
"add: olcTLSCertificateKeyFile\n"
14180
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14181
msgstr ""
14182
14183
#: serverguide/C/network-auth.xml:1177(para)
14184
msgid ""
14185
"As with the Provider you can now edit "
14186
"<filename>/etc/default/slapd</filename> and add the "
14187
"<emphasis>ldaps:///</emphasis> parameter to the "
14188
"<emphasis>SLAPD_SERVICES</emphasis> option."
14189
msgstr ""
14190
14191
#: serverguide/C/network-auth.xml:1185(para)
14192
msgid ""
14193
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14194
"modify the <emphasis>Consumer</emphasis> server's "
14195
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14196
msgstr ""
14197
14198
#: serverguide/C/network-auth.xml:1198(userinput)
14199
#, no-wrap
14200
msgid ""
14201
"\n"
14202
"dn: olcDatabase={1}hdb,cn=config\n"
14203
"replace: olcSyncrepl\n"
14204
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14205
"binddn=\"cn=ad\n"
14206
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14207
"logbas\n"
14208
" e=\"cn=accesslog\" "
14209
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14210
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14211
"starttls=yes"
14212
msgstr ""
14213
14214
#: serverguide/C/network-auth.xml:1195(computeroutput)
14215
#, no-wrap
14216
msgid ""
14217
"SASL/EXTERNAL authentication started\n"
14218
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14219
"SASL SSF: 0\n"
14220
"<placeholder-1/>\n"
14221
"\n"
14222
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14223
msgstr ""
14224
14225
#: serverguide/C/network-auth.xml:1210(para)
14226
msgid ""
14227
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
14228
"(FQDN) in the certificate, you may have to edit "
14229
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
14230
msgstr ""
14231
14232
#: serverguide/C/network-auth.xml:1215(programlisting)
14233
#, no-wrap
14234
msgid ""
14235
"\n"
14236
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14237
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
14238
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14239
msgstr ""
14240
14241
#: serverguide/C/network-auth.xml:1222(para)
14242
msgid ""
14243
"Finally, restart <application>slapd</application> on each of the servers:"
14244
msgstr ""
14245
14246
#: serverguide/C/network-auth.xml:1235(title)
14247
msgid "LDAP Authentication"
14248
msgstr ""
14249
14250
#: serverguide/C/network-auth.xml:1237(para)
14251
msgid ""
14252
"Once you have a working LDAP server, the <application>auth-client-"
14253
"config</application> and <application>libnss-ldap</application> packages "
14254
"take the pain out of configuring an Ubuntu client to authenticate using "
14255
"LDAP. To install the packages from, a terminal prompt enter:"
14256
msgstr ""
14257
14258
#: serverguide/C/network-auth.xml:1244(command)
14259
msgid "sudo apt-get install libnss-ldap"
14260
msgstr ""
14261
14262
#: serverguide/C/network-auth.xml:1247(para)
14263
msgid ""
14264
"During the install a menu dialog will ask you connection details about your "
14265
"LDAP server."
14266
msgstr ""
14267
14268
#: serverguide/C/network-auth.xml:1251(para)
14269
msgid ""
14270
"If you make a mistake when entering your information you can execute the "
14271
"dialog again using:"
14272
msgstr ""
14273
14274
#: serverguide/C/network-auth.xml:1256(command)
14275
msgid "sudo dpkg-reconfigure ldap-auth-config"
14276
msgstr ""
14277
14278
#: serverguide/C/network-auth.xml:1259(para)
14279
msgid ""
14280
"The results of the dialog can be seen in "
14281
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
14282
"covered in the menu edit this file accordingly."
14283
msgstr ""
14284
14285
#: serverguide/C/network-auth.xml:1264(para)
14286
msgid ""
14287
"Now that <application>libnss-ldap</application> is configured enable the "
14288
"<application>auth-client-config</application> LDAP profile by entering:"
14289
msgstr ""
14290
14291
#: serverguide/C/network-auth.xml:1270(command)
14292
msgid "sudo auth-client-config -t nss -p lac_ldap"
14293
msgstr ""
14294
14295
#: serverguide/C/network-auth.xml:1275(para)
14296
msgid ""
14297
"<emphasis>-t:</emphasis> only modifies "
14298
"<filename>/etc/nsswitch.conf</filename>."
14299
msgstr ""
14300
14301
#: serverguide/C/network-auth.xml:1280(para)
14302
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
14303
msgstr ""
14304
14305
#: serverguide/C/network-auth.xml:1285(para)
14306
msgid ""
14307
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
14308
"config</application> profile that is part of the <application>ldap-auth-"
14309
"config</application> package."
14310
msgstr ""
14311
14312
#: serverguide/C/network-auth.xml:1292(para)
14313
msgid ""
14314
"Using the <application>pam-auth-update</application> utility, configure the "
14315
"system to use LDAP for authentication:"
14316
msgstr ""
14317
14318
#: serverguide/C/network-auth.xml:1297(command)
14319
msgid "sudo pam-auth-update"
14320
msgstr ""
14321
14322
#: serverguide/C/network-auth.xml:1300(para)
14323
msgid ""
14324
"From the <application>pam-auth-update</application> menu, choose LDAP and "
14325
"any other authentication mechanisms you need."
14326
msgstr ""
14327
14328
#: serverguide/C/network-auth.xml:1304(para)
14329
msgid ""
14330
"You should now be able to login using user credentials stored in the LDAP "
14331
"directory."
14332
msgstr ""
14333
14334
#: serverguide/C/network-auth.xml:1309(para)
14335
msgid ""
14336
"If you are going to use LDAP to store Samba users you will need to configure "
14337
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
14338
"for details."
14339
msgstr ""
14340
14341
#: serverguide/C/network-auth.xml:1317(title)
14342
msgid "User and Group Management"
14343
msgstr ""
14344
14345
#: serverguide/C/network-auth.xml:1319(para)
14346
msgid ""
14347
"The <application>ldap-utils</application> package comes with multiple "
14348
"utilities to manage the directory, but the long string of options needed, "
14349
"can make them a burden to use. The <application>ldapscripts</application> "
14350
"package contains configurable scripts to easily manage LDAP users and groups."
14351
msgstr ""
14352
14353
#: serverguide/C/network-auth.xml:1325(para)
14354
msgid "To install the package, from a terminal enter:"
14355
msgstr ""
14356
14357
#: serverguide/C/network-auth.xml:1330(command)
14358
msgid "sudo apt-get install ldapscripts"
14359
msgstr ""
14360
14361
#: serverguide/C/network-auth.xml:1333(para)
14362
msgid ""
14363
"Next, edit the config file "
14364
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
14365
"changing the following to match your environment:"
14366
msgstr ""
14367
14368
#: serverguide/C/network-auth.xml:1338(programlisting)
14369
#, no-wrap
14370
msgid ""
14371
"\n"
14372
"SERVER=localhost\n"
14373
"BINDDN='cn=admin,dc=example,dc=com'\n"
14374
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
14375
"SUFFIX='dc=example,dc=com'\n"
14376
"GSUFFIX='ou=Groups'\n"
14377
"USUFFIX='ou=People'\n"
14378
"MSUFFIX='ou=Computers'\n"
14379
"GIDSTART=10000\n"
14380
"UIDSTART=10000\n"
14381
"MIDSTART=10000\n"
14382
msgstr ""
14383
14384
#: serverguide/C/network-auth.xml:1351(para)
14385
msgid ""
14386
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
14387
"authenticated access to the directory:"
14388
msgstr ""
14389
14390
#: serverguide/C/network-auth.xml:1356(command)
14391
msgid ""
14392
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
14393
msgstr ""
14394
14395
#: serverguide/C/network-auth.xml:1357(command)
14396
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
14397
msgstr ""
14398
14399
#: serverguide/C/network-auth.xml:1361(para)
14400
msgid ""
14401
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
14402
"user."
14403
msgstr ""
14404
14405
#: serverguide/C/network-auth.xml:1366(para)
14406
msgid ""
14407
"The <application>ldapscripts</application> are now ready to help manage your "
14408
"directory. The following are some examples of how to use the scripts:"
14409
msgstr ""
14410
14411
#: serverguide/C/network-auth.xml:1373(para)
14412
msgid "Create a new user:"
14413
msgstr ""
14414
14415
#: serverguide/C/network-auth.xml:1377(command)
14416
msgid "sudo ldapadduser george example"
14417
msgstr ""
14418
14419
#: serverguide/C/network-auth.xml:1379(para)
14420
msgid ""
14421
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
14422
"and set the user's primary group (gid) to <emphasis "
14423
"role=\"italic\">example</emphasis>"
14424
msgstr ""
14425
14426
#: serverguide/C/network-auth.xml:1385(para)
14427
msgid "Change a user's password:"
14428
msgstr ""
14429
14430
#: serverguide/C/network-auth.xml:1389(command)
14431
msgid "sudo ldapsetpasswd george"
14432
msgstr ""
14433
14434
#: serverguide/C/network-auth.xml:1390(computeroutput)
14435
#, no-wrap
14436
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
14437
msgstr ""
14438
14439
#: serverguide/C/network-auth.xml:1391(userinput)
14440
#, no-wrap
14441
msgid "New Password: "
14442
msgstr ""
14443
14444
#: serverguide/C/network-auth.xml:1392(userinput)
14445
#, no-wrap
14446
msgid "New Password (verify): "
14447
msgstr ""
14448
14449
#: serverguide/C/network-auth.xml:1396(para)
14450
msgid "Delete a user:"
14451
msgstr ""
14452
14453
#: serverguide/C/network-auth.xml:1400(command)
14454
msgid "sudo ldapdeleteuser george"
14455
msgstr ""
14456
14457
#: serverguide/C/network-auth.xml:1405(para)
14458
msgid "Add a group:"
14459
msgstr ""
14460
14461
#: serverguide/C/network-auth.xml:1409(command)
14462
msgid "sudo ldapaddgroup qa"
14463
msgstr ""
14464
14465
#: serverguide/C/network-auth.xml:1413(para)
14466
msgid "Delete a group:"
14467
msgstr ""
14468
14469
#: serverguide/C/network-auth.xml:1417(command)
14470
msgid "sudo ldapdeletegroup qa"
14471
msgstr ""
14472
14473
#: serverguide/C/network-auth.xml:1421(para)
14474
msgid "Add a user to a group:"
14475
msgstr ""
14476
14477
#: serverguide/C/network-auth.xml:1425(command)
14478
msgid "sudo ldapaddusertogroup george qa"
14479
msgstr ""
14480
14481
#: serverguide/C/network-auth.xml:1427(para)
14482
msgid ""
14483
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
14484
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
14485
"role=\"italic\">george</emphasis>."
14486
msgstr ""
14487
14488
#: serverguide/C/network-auth.xml:1433(para)
14489
msgid "Remove a user from a group:"
14490
msgstr ""
14491
14492
#: serverguide/C/network-auth.xml:1437(command)
14493
msgid "sudo ldapdeleteuserfromgroup george qa"
14494
msgstr ""
14495
14496
#: serverguide/C/network-auth.xml:1439(para)
14497
msgid ""
14498
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
14499
"<emphasis role=\"italic\">qa</emphasis> group."
14500
msgstr ""
14501
14502
#: serverguide/C/network-auth.xml:1445(para)
14503
msgid ""
14504
"The <application>ldapmodifyuser</application> script allows you to add, "
14505
"remove, or replace a user's attributes. The script uses the same syntax as "
14506
"the <application>ldapmodify</application> utility. For example:"
14507
msgstr ""
14508
14509
#: serverguide/C/network-auth.xml:1450(command)
14510
msgid "sudo ldapmodifyuser george"
14511
msgstr ""
14512
14513
#: serverguide/C/network-auth.xml:1451(computeroutput)
14514
#, no-wrap
14515
msgid ""
14516
"# About to modify the following entry :\n"
14517
"dn: uid=george,ou=People,dc=example,dc=com\n"
14518
"objectClass: account\n"
14519
"objectClass: posixAccount\n"
14520
"cn: george\n"
14521
"uid: george\n"
14522
"uidNumber: 1001\n"
14523
"gidNumber: 1001\n"
14524
"homeDirectory: /home/george\n"
14525
"loginShell: /bin/bash\n"
14526
"gecos: george\n"
14527
"description: User account\n"
14528
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
14529
"\n"
14530
"# Enter your modifications here, end with CTRL-D.\n"
14531
"dn: uid=george,ou=People,dc=example,dc=com"
14532
msgstr ""
14533
14534
#: serverguide/C/network-auth.xml:1467(userinput)
14535
#, no-wrap
14536
msgid ""
14537
"replace: gecos\n"
14538
"gecos: George Carlin"
14539
msgstr ""
14540
14541
#: serverguide/C/network-auth.xml:1470(para)
14542
msgid ""
14543
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
14544
"Carlin</quote>."
14545
msgstr ""
14546
14547
#: serverguide/C/network-auth.xml:1475(para)
14548
msgid ""
14549
"Another great feature of <application>ldapscripts</application>, is the "
14550
"template system. Templates allow you to customize the attributes of user, "
14551
"group, and machine objectes. For example, to enable the "
14552
"<emphasis>user</emphasis> template edit "
14553
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
14554
msgstr ""
14555
14556
#: serverguide/C/network-auth.xml:1482(programlisting)
14557
#, no-wrap
14558
msgid ""
14559
"\n"
14560
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
14561
msgstr ""
14562
14563
#: serverguide/C/network-auth.xml:1486(para)
14564
msgid ""
14565
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
14566
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
14567
"<filename>ldapadduser.template.sample</filename> file to "
14568
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
14569
msgstr ""
14570
14571
#: serverguide/C/network-auth.xml:1493(command)
14572
msgid ""
14573
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
14574
"/etc/ldapscripts/ldapadduser.template"
14575
msgstr ""
14576
14577
#: serverguide/C/network-auth.xml:1496(para)
14578
msgid ""
14579
"Edit the new template to add the desired attributes. The following will "
14580
"create new user's as with an <emphasis>objectClass</emphasis> of "
14581
"<emphasis>inetOrgPerson</emphasis>:"
14582
msgstr ""
14583
14584
#: serverguide/C/network-auth.xml:1501(programlisting)
14585
#, no-wrap
14586
msgid ""
14587
"\n"
14588
"dn: uid=<user>,<usuffix>,<suffix>\n"
14589
"objectClass: inetOrgPerson\n"
14590
"objectClass: posixAccount\n"
14591
"cn: <user>\n"
14592
"sn: <ask>\n"
14593
"uid: <user>\n"
14594
"uidNumber: <uid>\n"
14595
"gidNumber: <gid>\n"
14596
"homeDirectory: <home>\n"
14597
"loginShell: <shell>\n"
14598
"gecos: <user>\n"
14599
"description: User account\n"
14600
"title: Employee\n"
14601
msgstr ""
14602
14603
#: serverguide/C/network-auth.xml:1517(para)
14604
msgid ""
14605
"Notice the <emphasis><ask></emphasis> option used for the "
14606
"<emphasis>cn</emphasis> value. Using <ask> will configure "
14607
"<application>ldapadduser</application> to prompt you for the attribute value "
14608
"during user creation."
14609
msgstr ""
14610
14611
#: serverguide/C/network-auth.xml:1525(para)
14612
msgid ""
14613
"There are more useful scripts in the package, to see a full list enter: "
14614
"<command>dpkg -L ldapscripts | grep bin</command>"
14615
msgstr ""
14616
14617
#: serverguide/C/network-auth.xml:1534(para)
14618
msgid ""
14619
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14620
"Ubuntu Wiki</ulink> page has more details."
14621
msgstr ""
14622
14623
#: serverguide/C/network-auth.xml:1539(para)
14624
msgid ""
14625
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
14626
"Home Page</ulink>"
14627
msgstr ""
14628
14629
#: serverguide/C/network-auth.xml:1544(para)
14630
msgid ""
14631
"Though starting to show it's age, a great source for in depth LDAP "
14632
"information is O'Reilly's <ulink "
14633
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
14634
"Administration</ulink>"
14635
msgstr ""
14636
14637
#: serverguide/C/network-auth.xml:1550(para)
14638
msgid ""
14639
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
14640
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
14641
"newer versions of OpenLDAP."
14642
msgstr ""
14643
14644
#: serverguide/C/network-auth.xml:1556(para)
14645
msgid ""
14646
"For more information on <application>auth-client-config</application> see "
14647
"the man page: <command>man auth-client-config</command>."
14648
msgstr ""
14649
14650
#: serverguide/C/network-auth.xml:1561(para)
14651
msgid ""
14652
"For more details regarding the <application>ldapscripts</application> "
14653
"package see the man pages: <command>man ldapscripts</command>, <command>man "
14654
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
14655
msgstr ""
14656
14657
#: serverguide/C/network-auth.xml:1571(title)
14658
msgid "Samba and LDAP"
14659
msgstr ""
14660
14661
#: serverguide/C/network-auth.xml:1573(para)
14662
msgid ""
14663
"This section covers configuring Samba to use LDAP for user, group, and "
14664
"machine account information and authentication. The assumption is, you "
14665
"already have a working OpenLDAP directory installed and the server is "
14666
"configured to use it for authentication. See <xref linkend=\"openldap-"
14667
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
14668
"setting up OpenLDAP. For more information on installing and configuring "
14669
"Samba see <xref linkend=\"windows-networking\"/>."
14670
msgstr ""
14671
14672
#: serverguide/C/network-auth.xml:1583(para)
14673
msgid ""
14674
"There are three packages needed when integrating Samba with LDAP. "
14675
"<application>samba</application>, <application>samba-doc</application>, and "
14676
"<application>smbldap-tools</application> packages . To install the packages, "
14677
"from a terminal enter:"
14678
msgstr ""
14679
14680
#: serverguide/C/network-auth.xml:1589(command)
14681
msgid "sudo apt-get install samba samba-doc smbldap-tools"
14682
msgstr ""
14683
14684
#: serverguide/C/network-auth.xml:1592(para)
14685
msgid ""
14686
"Strictly speaking the <application>smbldap-tools</application> package isn't "
14687
"needed, but unless you have another package or custom scripts, a method of "
14688
"managing users, groups, and computer accounts is needed."
14689
msgstr ""
14690
14691
#: serverguide/C/network-auth.xml:1599(title)
14692
msgid "OpenLDAP Configuration"
14693
msgstr ""
14694
14695
#: serverguide/C/network-auth.xml:1601(para)
14696
msgid ""
14697
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
14698
"the user objects in the directory will need additional attributes. This "
14699
"section assumes you want Samba to be configured as a Windows NT domain "
14700
"controller, and will add the necessary LDAP objects and attributes."
14701
msgstr ""
14702
14703
#: serverguide/C/network-auth.xml:1609(para)
14704
msgid ""
14705
"The Samba attributes are defined in the <filename>samba.schema</filename> "
14706
"file which is part of the <application>samba-doc</application> package. The "
14707
"schema file needs to be unzipped and copied to "
14708
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
14709
msgstr ""
14710
14711
#: serverguide/C/network-auth.xml:1616(command)
14712
msgid ""
14713
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
14714
"/etc/ldap/schema/"
14715
msgstr ""
14716
14717
#: serverguide/C/network-auth.xml:1617(command)
14718
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
14719
msgstr ""
14720
14721
#: serverguide/C/network-auth.xml:1623(para)
14722
msgid ""
14723
"The <emphasis>samba</emphasis> schema needs to be added to the "
14724
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
14725
"<application>slapd</application> is also detailed in <xref "
14726
"linkend=\"openldap-configuration\"/>."
14727
msgstr ""
14728
14729
#: serverguide/C/network-auth.xml:1631(para) serverguide/C/network-auth.xml:2666(para)
14730
msgid ""
14731
"First, create a configuration file named "
14732
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
14733
"containing the following lines:"
14734
msgstr ""
14735
14736
#: serverguide/C/network-auth.xml:1636(programlisting)
14737
#, no-wrap
14738
msgid ""
14739
"\n"
14740
"include /etc/ldap/schema/core.schema\n"
14741
"include /etc/ldap/schema/collective.schema\n"
14742
"include /etc/ldap/schema/corba.schema\n"
14743
"include /etc/ldap/schema/cosine.schema\n"
14744
"include /etc/ldap/schema/duaconf.schema\n"
14745
"include /etc/ldap/schema/dyngroup.schema\n"
14746
"include /etc/ldap/schema/inetorgperson.schema\n"
14747
"include /etc/ldap/schema/java.schema\n"
14748
"include /etc/ldap/schema/misc.schema\n"
14749
"include /etc/ldap/schema/nis.schema\n"
14750
"include /etc/ldap/schema/openldap.schema\n"
14751
"include /etc/ldap/schema/ppolicy.schema\n"
14752
"include /etc/ldap/schema/samba.schema\n"
14753
msgstr ""
14754
14755
#: serverguide/C/network-auth.xml:1666(para) serverguide/C/network-auth.xml:2701(para)
14756
msgid ""
14757
"Now use <application>slapcat</application> to convert the schema files:"
14758
msgstr ""
14759
14760
#: serverguide/C/network-auth.xml:1671(command)
14761
msgid ""
14762
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
14763
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
14764
msgstr ""
14765
14766
#: serverguide/C/network-auth.xml:1674(para) serverguide/C/network-auth.xml:2709(para)
14767
msgid ""
14768
"Change the above file and path names to match your own if they are different."
14769
msgstr ""
14770
14771
#: serverguide/C/network-auth.xml:1681(para)
14772
msgid ""
14773
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
14774
"the following attributes:"
14775
msgstr ""
14776
14777
#: serverguide/C/network-auth.xml:1685(programlisting)
14778
#, no-wrap
14779
msgid ""
14780
"\n"
14781
"dn: cn=samba,cn=schema,cn=config\n"
14782
"...\n"
14783
"cn: samba\n"
14784
msgstr ""
14785
14786
#: serverguide/C/network-auth.xml:1695(programlisting)
14787
#, no-wrap
14788
msgid ""
14789
"\n"
14790
"structuralObjectClass: olcSchemaConfig\n"
14791
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
14792
"creatorsName: cn=config\n"
14793
"createTimestamp: 20080827045234Z\n"
14794
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
14795
"modifiersName: cn=config\n"
14796
"modifyTimestamp: 20080827045234Z\n"
14797
msgstr ""
14798
14799
#: serverguide/C/network-auth.xml:1720(command)
14800
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
14801
msgstr ""
14802
14803
#: serverguide/C/network-auth.xml:1726(para)
14804
msgid ""
14805
"There should now be a <emphasis>dn: "
14806
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
14807
"sequential schema, entry in the cn=config tree."
14808
msgstr ""
14809
14810
#: serverguide/C/network-auth.xml:1734(para)
14811
msgid ""
14812
"Copy and paste the following into a file named "
14813
"<filename>samba_indexes.ldif</filename>:"
14814
msgstr ""
14815
14816
#: serverguide/C/network-auth.xml:1738(programlisting)
14817
#, no-wrap
14818
msgid ""
14819
"\n"
14820
"dn: olcDatabase={1}hdb,cn=config\n"
14821
"changetype: modify\n"
14822
"add: olcDbIndex\n"
14823
"olcDbIndex: uidNumber eq\n"
14824
"olcDbIndex: gidNumber eq\n"
14825
"olcDbIndex: loginShell eq\n"
14826
"olcDbIndex: uid eq,pres,sub\n"
14827
"olcDbIndex: memberUid eq,pres,sub\n"
14828
"olcDbIndex: uniqueMember eq,pres\n"
14829
"olcDbIndex: sambaSID eq\n"
14830
"olcDbIndex: sambaPrimaryGroupSID eq\n"
14831
"olcDbIndex: sambaGroupType eq\n"
14832
"olcDbIndex: sambaSIDList eq\n"
14833
"olcDbIndex: sambaDomainName eq\n"
14834
"olcDbIndex: default sub\n"
14835
msgstr ""
14836
14837
#: serverguide/C/network-auth.xml:1756(para)
14838
msgid ""
14839
"Using the <application>ldapmodify</application> utility load the new indexes:"
14840
msgstr ""
14841
14842
#: serverguide/C/network-auth.xml:1761(command)
14843
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
14844
msgstr ""
14845
14846
#: serverguide/C/network-auth.xml:1763(para)
14847
msgid ""
14848
"If all went well you should see the new indexes using "
14849
"<application>ldapsearch</application>:"
14850
msgstr ""
14851
14852
#: serverguide/C/network-auth.xml:1768(command)
14853
msgid ""
14854
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
14855
msgstr ""
14856
14857
#: serverguide/C/network-auth.xml:1774(para)
14858
msgid ""
14859
"Next, configure the <application>smbldap-tools</application> package to "
14860
"match your environment. The package comes with a configuration script that "
14861
"will ask questions about the needed options. To run the script enter:"
14862
msgstr ""
14863
14864
#: serverguide/C/network-auth.xml:1780(command)
14865
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
14866
msgstr ""
14867
14868
#: serverguide/C/network-auth.xml:1781(command)
14869
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
14870
msgstr ""
14871
14872
#: serverguide/C/network-auth.xml:1784(para)
14873
msgid ""
14874
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
14875
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
14876
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
14877
"configure script, so if you made any mistakes while executing the script it "
14878
"may be simpler to edit the file appropriately."
14879
msgstr ""
14880
14881
#: serverguide/C/network-auth.xml:1794(para)
14882
msgid ""
14883
"The <application>smbldap-populate</application> script will add the "
14884
"necessary users, groups, and LDAP objects required for Samba. It is a good "
14885
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
14886
"<application>slapcat</application> before executing the command:"
14887
msgstr ""
14888
14889
#: serverguide/C/network-auth.xml:1801(command)
14890
msgid "sudo slapcat -l backup.ldif"
14891
msgstr ""
14892
14893
#: serverguide/C/network-auth.xml:1807(para)
14894
msgid ""
14895
"Once you have a current backup execute <application>smbldap-"
14896
"populate</application> by entering:"
14897
msgstr ""
14898
14899
#: serverguide/C/network-auth.xml:1812(command)
14900
msgid "sudo smbldap-populate"
14901
msgstr ""
14902
14903
#: serverguide/C/network-auth.xml:1816(para)
14904
msgid ""
14905
"You can create an LDIF file containing the new Samba objects by executing "
14906
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
14907
"look over the changes making sure everything is correct."
14908
msgstr ""
14909
14910
#: serverguide/C/network-auth.xml:1824(para)
14911
msgid ""
14912
"Your LDAP directory now has the necessary domain information to authenticate "
14913
"Samba users."
14914
msgstr ""
14915
14916
#: serverguide/C/network-auth.xml:1830(title)
14917
msgid "Samba Configuration"
14918
msgstr ""
14919
14920
#: serverguide/C/network-auth.xml:1832(para)
14921
msgid ""
14922
"There a multiple ways to configure Samba for details on some common "
14923
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
14924
"Samba to use LDAP, edit the main Samba configuration file "
14925
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
14926
"backend</emphasis> option and adding the following:"
14927
msgstr ""
14928
14929
#: serverguide/C/network-auth.xml:1838(programlisting)
14930
#, no-wrap
14931
msgid ""
14932
"\n"
14933
"# passdb backend = tdbsam\n"
14934
"\n"
14935
"# LDAP Settings\n"
14936
" passdb backend = ldapsam:ldap://hostname\n"
14937
" ldap suffix = dc=example,dc=com\n"
14938
" ldap user suffix = ou=People\n"
14939
" ldap group suffix = ou=Groups\n"
14940
" ldap machine suffix = ou=Computers\n"
14941
" ldap idmap suffix = ou=Idmap\n"
14942
" ldap admin dn = cn=admin,dc=example,dc=com\n"
14943
" ldap ssl = start tls\n"
14944
" ldap passwd sync = yes\n"
14945
"...\n"
14946
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
14947
msgstr ""
14948
14949
#: serverguide/C/network-auth.xml:1855(para)
14950
msgid "Restart <application>samba</application> to enable the new settings:"
14951
msgstr ""
14952
14953
#: serverguide/C/network-auth.xml:1863(para)
14954
msgid ""
14955
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
14956
"enter:"
14957
msgstr ""
14958
14959
#: serverguide/C/network-auth.xml:1868(command)
14960
msgid "sudo smbpasswd -w secret"
14961
msgstr ""
14962
14963
#: serverguide/C/network-auth.xml:1872(para)
14964
msgid ""
14965
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
14966
"password."
14967
msgstr ""
14968
14969
#: serverguide/C/network-auth.xml:1877(para)
14970
msgid ""
14971
"If you currently have users in LDAP, and you want them to authenticate using "
14972
"Samba, they will need some Samba attributes defined in the "
14973
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
14974
"users using the <application>smbpasswd</application> utility, replacing "
14975
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
14976
msgstr ""
14977
14978
#: serverguide/C/network-auth.xml:1885(command)
14979
msgid "sudo smbpasswd -a username"
14980
msgstr ""
14981
14982
#: serverguide/C/network-auth.xml:1888(para)
14983
msgid "You will then be asked to enter the user's password."
14984
msgstr ""
14985
14986
#: serverguide/C/network-auth.xml:1892(para)
14987
msgid ""
14988
"To add new user, group, and machine accounts use the utilities from the "
14989
"<application>smbldap-tools</application> package. Here are some examples:"
14990
msgstr ""
14991
14992
#: serverguide/C/network-auth.xml:1899(para)
14993
msgid ""
14994
"To add a new user to LDAP with Samba attributes enter the following, "
14995
"replacing username with an actual username:"
14996
msgstr ""
14997
14998
#: serverguide/C/network-auth.xml:1903(command)
14999
msgid "sudo smbldap-useradd -a -P username"
15000
msgstr ""
15001
15002
#: serverguide/C/network-auth.xml:1905(para)
15003
msgid ""
15004
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
15005
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
15006
"passwd</application> utility after the user is created allowing you to enter "
15007
"a password for the user."
15008
msgstr ""
15009
15010
#: serverguide/C/network-auth.xml:1911(para)
15011
msgid "To remove a user from the directory enter:"
15012
msgstr ""
15013
15014
#: serverguide/C/network-auth.xml:1915(command)
15015
msgid "sudo smbldap-userdel username"
15016
msgstr ""
15017
15018
#: serverguide/C/network-auth.xml:1917(para)
15019
msgid ""
15020
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
15021
"r</emphasis> option to remove the user's home directory."
15022
msgstr ""
15023
15024
#: serverguide/C/network-auth.xml:1922(para)
15025
msgid ""
15026
"Use <application>smbldap-groupadd</application> to add a group, replacing "
15027
"groupname with an appropriate group:"
15028
msgstr ""
15029
15030
#: serverguide/C/network-auth.xml:1926(command)
15031
msgid "sudo smbldap-groupadd -a groupname"
15032
msgstr ""
15033
15034
#: serverguide/C/network-auth.xml:1928(para)
15035
msgid ""
15036
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
15037
"a</emphasis> adds the Samba attributes."
15038
msgstr ""
15039
15040
#: serverguide/C/network-auth.xml:1933(para)
15041
msgid ""
15042
"To add a user to a group use <application>smbldap-groupmod</application>:"
15043
msgstr ""
15044
15045
#: serverguide/C/network-auth.xml:1937(command)
15046
msgid "sudo smbldap-groupmod -m username groupname"
15047
msgstr ""
15048
15049
#: serverguide/C/network-auth.xml:1939(para)
15050
msgid ""
15051
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
15052
"<emphasis>-m</emphasis> option can add more than one user at a time by "
15053
"listing them in <emphasis>comma separated</emphasis> format."
15054
msgstr ""
15055
15056
#: serverguide/C/network-auth.xml:1945(para)
15057
msgid ""
15058
"<application>smbldap-groupmod</application> can also be used to remove a "
15059
"user from a group:"
15060
msgstr ""
15061
15062
#: serverguide/C/network-auth.xml:1949(command)
15063
msgid "sudo smbldap-groupmod -x username groupname"
15064
msgstr ""
15065
15066
#: serverguide/C/network-auth.xml:1953(para)
15067
msgid ""
15068
"Additionally, the <application>smbldap-useradd</application> utility can add "
15069
"Samba machine accounts:"
15070
msgstr ""
15071
15072
#: serverguide/C/network-auth.xml:1957(command)
15073
msgid "sudo smbldap-useradd -t 0 -w username"
15074
msgstr ""
15075
15076
#: serverguide/C/network-auth.xml:1959(para)
15077
msgid ""
15078
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
15079
"<emphasis>-t 0</emphasis> option creates the machine account without a "
15080
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
15081
"machine account. Also, note the <emphasis>add machine script</emphasis> "
15082
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
15083
"<application>smbldap-useradd</application>."
15084
msgstr ""
15085
15086
#: serverguide/C/network-auth.xml:1968(para)
15087
msgid ""
15088
"There are more useful utilities and options in the <application>smbldap-"
15089
"tools</application> package. The man page for each utility provides more "
15090
"details."
15091
msgstr ""
15092
15093
#: serverguide/C/network-auth.xml:1979(para)
15094
msgid ""
15095
"There are multiple places where LDAP and Samba is documented in the <ulink "
15096
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
15097
"Collection</ulink>."
15098
msgstr ""
15099
15100
#: serverguide/C/network-auth.xml:1985(para)
15101
msgid ""
15102
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
15103
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
15104
msgstr ""
15105
15106
#: serverguide/C/network-auth.xml:1991(para)
15107
msgid ""
15108
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
15109
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
15110
msgstr ""
15111
15112
#: serverguide/C/network-auth.xml:1997(para)
15113
msgid ""
15114
"Again, for more information on <application>smbldap-tools</application> see "
15115
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
15116
"groupadd</command>, <command>man smbldap-populate</command>, etc."
15117
msgstr ""
15118
15119
#: serverguide/C/network-auth.xml:2004(para)
15120
msgid ""
15121
"Also, there is a list of <ulink "
15122
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15123
"wiki</ulink> articles with more information."
15124
msgstr ""
15125
15126
#: serverguide/C/network-auth.xml:2013(title)
15127
msgid "Kerberos"
15128
msgstr ""
15129
15130
#: serverguide/C/network-auth.xml:2015(para)
15131
msgid ""
15132
"<application>Kerberos</application> is a network authentication system based "
15133
"on the principal of a trusted third party. The other two parties being the "
15134
"user and the service the user wishes to authenticate to. Not all services "
15135
"and applications can use Kerberos, but for those that can, it brings the "
15136
"network environment one step closer to being Single Sign On (SSO)."
15137
msgstr ""
15138
15139
#: serverguide/C/network-auth.xml:2021(para)
15140
msgid ""
15141
"This section covers installation and configuration of a Kerberos server, and "
15142
"some example client configurations."
15143
msgstr ""
15144
15145
#: serverguide/C/network-auth.xml:2028(para)
15146
msgid ""
15147
"If you are new to Kerberos there are a few terms that are good to understand "
15148
"before setting up a Kerberos server. Most of the terms will relate to things "
15149
"you may be familiar with in other environments:"
15150
msgstr ""
15151
15152
#: serverguide/C/network-auth.xml:2035(para)
15153
msgid ""
15154
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
15155
"by servers need to be defined as Kerberos Principals."
15156
msgstr ""
15157
15158
#: serverguide/C/network-auth.xml:2040(para)
15159
msgid ""
15160
"<emphasis>Instances:</emphasis> are used for service principals and special "
15161
"administrative principals."
15162
msgstr ""
15163
15164
#: serverguide/C/network-auth.xml:2045(para)
15165
msgid ""
15166
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
15167
"Kerberos installation. Usually the DNS domain converted to uppercase "
15168
"(EXAMPLE.COM)."
15169
msgstr ""
15170
15171
#: serverguide/C/network-auth.xml:2051(para)
15172
msgid ""
15173
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
15174
"a database of all principals, the authentication server, and the ticket "
15175
"granting server. For each realm there must be at least one KDC."
15176
msgstr ""
15177
15178
#: serverguide/C/network-auth.xml:2057(para)
15179
msgid ""
15180
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
15181
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
15182
"password which is known only to the user and the KDC."
15183
msgstr ""
15184
15185
#: serverguide/C/network-auth.xml:2063(para)
15186
msgid ""
15187
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
15188
"clients upon request."
15189
msgstr ""
15190
15191
#: serverguide/C/network-auth.xml:2068(para)
15192
msgid ""
15193
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
15194
"One principal being a user and the other a service requested by the user. "
15195
"Tickets establish an encryption key used for secure communication during the "
15196
"authenticated session."
15197
msgstr ""
15198
15199
#: serverguide/C/network-auth.xml:2074(para)
15200
msgid ""
15201
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
15202
"principal database and contain the encryption key for a service or host."
15203
msgstr ""
15204
15205
#: serverguide/C/network-auth.xml:2081(para)
15206
msgid ""
15207
"To put the pieces together, a Realm has at least one KDC, preferably two for "
15208
"redundancy, which contains a database of Principals. When a user principal "
15209
"logs into a workstation, configured for Kerberos authentication, the KDC "
15210
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
15211
"match, the user is authenticated and can then request tickets for Kerberized "
15212
"services from the Ticket Granting Server (TGS). The service tickets allow "
15213
"the user to authenticate to the service without entering another username "
15214
"and password."
15215
msgstr ""
15216
15217
#: serverguide/C/network-auth.xml:2090(title)
15218
msgid "Kerberos Server"
15219
msgstr ""
15220
15221
#: serverguide/C/network-auth.xml:2094(para)
15222
msgid ""
15223
"Before installing the Kerberos server a properly configured DNS server is "
15224
"needed for your domain. Since the Kerberos Realm by convention matches the "
15225
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
15226
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
15227
msgstr ""
15228
15229
#: serverguide/C/network-auth.xml:2100(para)
15230
msgid ""
15231
"Also, Kerberos is a time sensitive protocol. So if the local system time "
15232
"between a client machine and the server differs by more than five minutes "
15233
"(by default), the workstation will not be able to authenticate. To correct "
15234
"the problem all hosts should have their time synchronized using the "
15235
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
15236
"NTP see <xref linkend=\"NTP\"/>."
15237
msgstr ""
15238
15239
#: serverguide/C/network-auth.xml:2107(para)
15240
msgid ""
15241
"The first step in installing a Kerberos Realm is to install the "
15242
"<application>krb5-kdc</application> and <application>krb5-admin-"
15243
"server</application> packages. From a terminal enter:"
15244
msgstr ""
15245
15246
#: serverguide/C/network-auth.xml:2113(command) serverguide/C/network-auth.xml:2288(command)
15247
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
15248
msgstr ""
15249
15250
#: serverguide/C/network-auth.xml:2116(para)
15251
msgid ""
15252
"You will be asked at the end of the install to supply a name for the "
15253
"Kerberos and Admin servers, which may or may not be the same server, for the "
15254
"realm."
15255
msgstr ""
15256
15257
#: serverguide/C/network-auth.xml:2121(para)
15258
msgid ""
15259
"Next, create the new realm with the <application>kdb5_newrealm</application> "
15260
"utility:"
15261
msgstr ""
15262
15263
#: serverguide/C/network-auth.xml:2126(command)
15264
msgid "sudo krb5_newrealm"
15265
msgstr ""
15266
15267
#: serverguide/C/network-auth.xml:2133(para)
15268
msgid ""
15269
"The questions asked during installation are used to configure the "
15270
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
15271
"Distribution Center (KDC) settings simply edit the file and restart the "
15272
"<application>krb5-kdc</application> daemon."
15273
msgstr ""
15274
15275
#: serverguide/C/network-auth.xml:2141(para)
15276
msgid ""
15277
"Now that the KDC running an admin user is needed. It is recommended to use a "
15278
"different username from your everyday username. Using the "
15279
"<application>kadmin.local</application> utility in a terminal prompt enter:"
15280
msgstr ""
15281
15282
#: serverguide/C/network-auth.xml:2147(command) serverguide/C/network-auth.xml:2943(command)
15283
msgid "sudo kadmin.local"
15284
msgstr ""
15285
15286
#: serverguide/C/network-auth.xml:2148(computeroutput)
15287
#, no-wrap
15288
msgid ""
15289
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
15290
"kadmin.local:"
15291
msgstr ""
15292
15293
#: serverguide/C/network-auth.xml:2149(userinput)
15294
#, no-wrap
15295
msgid " addprinc steve/admin"
15296
msgstr ""
15297
15298
#: serverguide/C/network-auth.xml:2150(computeroutput)
15299
#, no-wrap
15300
msgid ""
15301
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
15302
"policy\n"
15303
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15304
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
15305
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
15306
"kadmin.local:"
15307
msgstr ""
15308
15309
#: serverguide/C/network-auth.xml:2154(userinput)
15310
#, no-wrap
15311
msgid " quit"
15312
msgstr ""
15313
15314
#: serverguide/C/network-auth.xml:2157(para)
15315
msgid ""
15316
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
15317
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
15318
"is an <emphasis>Instance</emphasis>, and <emphasis "
15319
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
15320
"role=\"italic\">\"every day\"</emphasis> Principal would be "
15321
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
15322
"rights."
15323
msgstr ""
15324
15325
#: serverguide/C/network-auth.xml:2165(para)
15326
msgid ""
15327
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
15328
"your Realm and admin username."
15329
msgstr ""
15330
15331
#: serverguide/C/network-auth.xml:2173(para)
15332
msgid ""
15333
"Next, the new admin user needs to have the appropriate Access Control List "
15334
"(ACL) permissions. The permissions are configured in the "
15335
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
15336
msgstr ""
15337
15338
#: serverguide/C/network-auth.xml:2178(programlisting)
15339
#, no-wrap
15340
msgid ""
15341
"\n"
15342
"steve/admin@EXAMPLE.COM *\n"
15343
msgstr ""
15344
15345
#: serverguide/C/network-auth.xml:2182(para)
15346
msgid ""
15347
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
15348
"any operation on all principals in the realm."
15349
msgstr ""
15350
15351
#: serverguide/C/network-auth.xml:2189(para)
15352
msgid ""
15353
"Now restart the <application>krb5-admin-server</application> for the new ACL "
15354
"to take affect:"
15355
msgstr ""
15356
15357
#: serverguide/C/network-auth.xml:2194(command)
15358
msgid "sudo /etc/init.d/krb5-admin-server restart"
15359
msgstr ""
15360
15361
#: serverguide/C/network-auth.xml:2200(para)
15362
msgid ""
15363
"The new user principal can be tested using the <application>kinit "
15364
"utility</application>:"
15365
msgstr ""
15366
15367
#: serverguide/C/network-auth.xml:2205(command)
15368
msgid "kinit steve/admin"
15369
msgstr ""
15370
15371
#: serverguide/C/network-auth.xml:2206(computeroutput)
15372
#, no-wrap
15373
msgid "steve/admin@EXAMPLE.COM's Password:"
15374
msgstr ""
15375
15376
#: serverguide/C/network-auth.xml:2209(para)
15377
msgid ""
15378
"After entering the password, use the <application>klist</application> "
15379
"utility to view information about the Ticket Granting Ticket (TGT):"
15380
msgstr ""
15381
15382
#: serverguide/C/network-auth.xml:2215(command) serverguide/C/network-auth.xml:2550(command)
15383
msgid "klist"
15384
msgstr ""
15385
15386
#: serverguide/C/network-auth.xml:2216(computeroutput)
15387
#, no-wrap
15388
msgid ""
15389
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
15390
" Principal: steve/admin@EXAMPLE.COM\n"
15391
"\n"
15392
" Issued Expires Principal\n"
15393
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
15394
msgstr ""
15395
15396
#: serverguide/C/network-auth.xml:2223(para)
15397
msgid ""
15398
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
15399
"the KDC. For example:"
15400
msgstr ""
15401
15402
#: serverguide/C/network-auth.xml:2227(programlisting)
15403
#, no-wrap
15404
msgid ""
15405
"\n"
15406
"192.168.0.1 kdc01.example.com kdc01\n"
15407
msgstr ""
15408
15409
#: serverguide/C/network-auth.xml:2231(para)
15410
msgid ""
15411
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
15412
msgstr ""
15413
15414
#: serverguide/C/network-auth.xml:2238(para)
15415
msgid ""
15416
"In order for clients to determine the KDC for the Realm some DNS SRV records "
15417
"are needed. Add the following to "
15418
"<filename>/etc/named/db.example.com</filename>:"
15419
msgstr ""
15420
15421
#: serverguide/C/network-auth.xml:2243(programlisting)
15422
#, no-wrap
15423
msgid ""
15424
"\n"
15425
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15426
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
15427
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15428
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
15429
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
15430
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
15431
msgstr ""
15432
15433
#: serverguide/C/network-auth.xml:2253(para)
15434
msgid ""
15435
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
15436
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
15437
"KDC."
15438
msgstr ""
15439
15440
#: serverguide/C/network-auth.xml:2259(para)
15441
msgid ""
15442
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
15443
msgstr ""
15444
15445
#: serverguide/C/network-auth.xml:2266(para)
15446
msgid "Your new Kerberos Realm is now ready to authenticate clients."
15447
msgstr ""
15448
15449
#: serverguide/C/network-auth.xml:2273(title)
15450
msgid "Secondary KDC"
15451
msgstr ""
15452
15453
#: serverguide/C/network-auth.xml:2275(para)
15454
msgid ""
15455
"Once you have one Key Distribution Center (KDC) on your network, it is good "
15456
"practice to have a Secondary KDC in case the primary becomes unavailable."
15457
msgstr ""
15458
15459
#: serverguide/C/network-auth.xml:2283(para)
15460
msgid ""
15461
"First, install the packages, and when asked for the Kerberos and Admin "
15462
"server names enter the name of the Primary KDC:"
15463
msgstr ""
15464
15465
#: serverguide/C/network-auth.xml:2294(para)
15466
msgid ""
15467
"Once you have the packages installed, create the Secondary KDC's host "
15468
"principal. From a terminal prompt, enter:"
15469
msgstr ""
15470
15471
#: serverguide/C/network-auth.xml:2299(command)
15472
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
15473
msgstr ""
15474
15475
#: serverguide/C/network-auth.xml:2303(para)
15476
msgid ""
15477
"After, issuing any <application>kadmin</application> commands you will be "
15478
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
15479
"password."
15480
msgstr ""
15481
15482
#: serverguide/C/network-auth.xml:2312(para)
15483
msgid "Extract the <emphasis>keytab</emphasis> file:"
15484
msgstr ""
15485
15486
#: serverguide/C/network-auth.xml:2317(command)
15487
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
15488
msgstr ""
15489
15490
#: serverguide/C/network-auth.xml:2323(para)
15491
msgid ""
15492
"There should now be a <filename>keytab.kdc02</filename> in the current "
15493
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
15494
msgstr ""
15495
15496
#: serverguide/C/network-auth.xml:2329(command)
15497
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
15498
msgstr ""
15499
15500
#: serverguide/C/network-auth.xml:2333(para)
15501
msgid ""
15502
"If the path to the <filename>keytab.kdc02</filename> file is different "
15503
"adjust accordingly."
15504
msgstr ""
15505
15506
#: serverguide/C/network-auth.xml:2338(para)
15507
msgid ""
15508
"Also, you can list the principals in a Keytab file, which can be useful when "
15509
"troubleshooting, using the <application>klist</application> utility:"
15510
msgstr ""
15511
15512
#: serverguide/C/network-auth.xml:2344(command)
15513
msgid "sudo klist -k /etc/krb5.keytab"
15514
msgstr ""
15515
15516
#: serverguide/C/network-auth.xml:2350(para)
15517
msgid ""
15518
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
15519
"that lists all KDCs for the Realm. For example, on both primary and "
15520
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
15521
msgstr ""
15522
15523
#: serverguide/C/network-auth.xml:2355(programlisting)
15524
#, no-wrap
15525
msgid ""
15526
"\n"
15527
"host/kdc01.example.com@EXAMPLE.COM\n"
15528
"host/kdc02.example.com@EXAMPLE.COM\n"
15529
msgstr ""
15530
15531
#: serverguide/C/network-auth.xml:2363(para)
15532
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
15533
msgstr ""
15534
15535
#: serverguide/C/network-auth.xml:2368(command)
15536
msgid "sudo kdb5_util -s create"
15537
msgstr ""
15538
15539
#: serverguide/C/network-auth.xml:2374(para)
15540
msgid ""
15541
"Now start the <application>kpropd</application> daemon, which listens for "
15542
"connections from the <application>kprop</application> utility. "
15543
"<application>kprop</application> is used to transfer dump files:"
15544
msgstr ""
15545
15546
#: serverguide/C/network-auth.xml:2381(command)
15547
msgid "sudo kpropd -S"
15548
msgstr ""
15549
15550
#: serverguide/C/network-auth.xml:2387(para)
15551
msgid ""
15552
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
15553
"of the principal database:"
15554
msgstr ""
15555
15556
#: serverguide/C/network-auth.xml:2392(command)
15557
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
15558
msgstr ""
15559
15560
#: serverguide/C/network-auth.xml:2398(para)
15561
msgid ""
15562
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
15563
"<filename>/etc/krb5.keytab</filename>:"
15564
msgstr ""
15565
15566
#: serverguide/C/network-auth.xml:2403(command)
15567
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
15568
msgstr ""
15569
15570
#: serverguide/C/network-auth.xml:2404(command)
15571
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
15572
msgstr ""
15573
15574
#: serverguide/C/network-auth.xml:2408(para)
15575
msgid ""
15576
"Make sure there is a <emphasis>host</emphasis> for "
15577
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
15578
msgstr ""
15579
15580
#: serverguide/C/network-auth.xml:2416(para)
15581
msgid ""
15582
"Using the <application>kprop</application> utility push the database to the "
15583
"Secondary KDC:"
15584
msgstr ""
15585
15586
#: serverguide/C/network-auth.xml:2421(command)
15587
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
15588
msgstr ""
15589
15590
#: serverguide/C/network-auth.xml:2425(para)
15591
msgid ""
15592
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
15593
"worked. If there is an error message check "
15594
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
15595
"information."
15596
msgstr ""
15597
15598
#: serverguide/C/network-auth.xml:2431(para)
15599
msgid ""
15600
"You may also want to create a <application>cron</application> job to "
15601
"periodically update the database on the Secondary KDC. For example, the "
15602
"following will push the database every hour:"
15603
msgstr ""
15604
15605
#: serverguide/C/network-auth.xml:2436(programlisting)
15606
#, no-wrap
15607
msgid ""
15608
"\n"
15609
"# m h dom mon dow command\n"
15610
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
15611
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
15612
msgstr ""
15613
15614
#: serverguide/C/network-auth.xml:2444(para)
15615
msgid ""
15616
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
15617
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
15618
msgstr ""
15619
15620
#: serverguide/C/network-auth.xml:2450(command)
15621
msgid "sudo kdb5_util stash"
15622
msgstr ""
15623
15624
#: serverguide/C/network-auth.xml:2456(para)
15625
msgid ""
15626
"Finally, start the <application>krb5-kdc</application> daemon on the "
15627
"Secondary KDC:"
15628
msgstr ""
15629
15630
#: serverguide/C/network-auth.xml:2461(command) serverguide/C/network-auth.xml:3073(command)
15631
msgid "sudo /etc/init.d/krb5-kdc start"
15632
msgstr ""
15633
15634
#: serverguide/C/network-auth.xml:2467(para)
15635
msgid ""
15636
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
15637
"for the Realm. You can test this by stopping the <application>krb5-"
15638
"kdc</application> daemon on the Primary KDC, then use "
15639
"<application>kinit</application> to request a ticket. If all goes well you "
15640
"should receive a ticket from the Secondary KDC."
15641
msgstr ""
15642
15643
#: serverguide/C/network-auth.xml:2475(title)
15644
msgid "Kerberos Linux Client"
15645
msgstr ""
15646
15647
#: serverguide/C/network-auth.xml:2477(para)
15648
msgid ""
15649
"This section covers configuring a Linux system as a "
15650
"<application>Kerberos</application> client. This will allow access to any "
15651
"kerberized services once a user has successfully logged into the system."
15652
msgstr ""
15653
15654
#: serverguide/C/network-auth.xml:2485(para)
15655
msgid ""
15656
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
15657
"user</application> and <application>libpam-krb5</application> packages are "
15658
"needed, along with a few others that are not strictly necessary but make "
15659
"life easier. To install the packages enter the following in a terminal "
15660
"prompt:"
15661
msgstr ""
15662
15663
#: serverguide/C/network-auth.xml:2492(command)
15664
msgid ""
15665
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
15666
msgstr ""
15667
15668
#: serverguide/C/network-auth.xml:2495(para)
15669
msgid ""
15670
"The <application>auth-client-config</application> package allows simple "
15671
"configuration of PAM for authentication from multiple sources, and the "
15672
"<application>libpam-ccreds</application> will cache authentication "
15673
"credentials allowing you to login in case the Key Distribution Center (KDC) "
15674
"is unavailable. This package is also useful for laptops that may "
15675
"authenticate using Kerberos while on the corporate network, but will need to "
15676
"be accessed off the network as well."
15677
msgstr ""
15678
15679
#: serverguide/C/network-auth.xml:2506(para)
15680
msgid "To configure the client in a terminal enter:"
15681
msgstr ""
15682
15683
#: serverguide/C/network-auth.xml:2511(command)
15684
msgid "sudo dpkg-reconfigure krb5-config"
15685
msgstr ""
15686
15687
#: serverguide/C/network-auth.xml:2514(para)
15688
msgid ""
15689
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
15690
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
15691
"records, the menu will prompt you for the hostname of the Key Distribution "
15692
"Center (KDC) and Realm Administration server."
15693
msgstr ""
15694
15695
#: serverguide/C/network-auth.xml:2520(para)
15696
msgid ""
15697
"The <application>dpkg-reconfigure</application> adds entries to the "
15698
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
15699
"entries similar to the following:"
15700
msgstr ""
15701
15702
#: serverguide/C/network-auth.xml:2525(programlisting)
15703
#, no-wrap
15704
msgid ""
15705
"\n"
15706
"[libdefaults]\n"
15707
" default_realm = EXAMPLE.COM\n"
15708
"...\n"
15709
"[realms]\n"
15710
" EXAMPLE.COM = } \n"
15711
" kdc = 192.168.0.1 \n"
15712
" admin_server = 192.168.0.1\n"
15713
" }\n"
15714
msgstr ""
15715
15716
#: serverguide/C/network-auth.xml:2536(para)
15717
msgid ""
15718
"You can test the configuration by requesting a ticket using the "
15719
"<application>kinit</application> utility. For example:"
15720
msgstr ""
15721
15722
#: serverguide/C/network-auth.xml:2541(command)
15723
msgid "kinit steve@EXAMPLE.COM"
15724
msgstr ""
15725
15726
#: serverguide/C/network-auth.xml:2542(computeroutput)
15727
#, no-wrap
15728
msgid "Password for steve@EXAMPLE.COM:"
15729
msgstr ""
15730
15731
#: serverguide/C/network-auth.xml:2545(para)
15732
msgid ""
15733
"When a ticket has been granted, the details can be viewed using "
15734
"<application>klist</application>:"
15735
msgstr ""
15736
15737
#: serverguide/C/network-auth.xml:2551(computeroutput)
15738
#, no-wrap
15739
msgid ""
15740
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
15741
"Default principal: steve@EXAMPLE.COM\n"
15742
"\n"
15743
"Valid starting Expires Service principal\n"
15744
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
15745
" renew until 07/25/08 05:18:57\n"
15746
"\n"
15747
"\n"
15748
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
15749
"klist: You have no tickets cached"
15750
msgstr ""
15751
15752
#: serverguide/C/network-auth.xml:2563(para)
15753
msgid ""
15754
"Next, use the <application>auth-client-config</application> to configure the "
15755
"<application>libpam-krb5</application> module to request a ticket during "
15756
"login:"
15757
msgstr ""
15758
15759
#: serverguide/C/network-auth.xml:2569(command)
15760
msgid "sudo auth-client-config -a -p kerberos_example"
15761
msgstr ""
15762
15763
#: serverguide/C/network-auth.xml:2572(para)
15764
msgid ""
15765
"You will should now receive a ticket upon successful login authentication."
15766
msgstr ""
15767
15768
#: serverguide/C/network-auth.xml:2583(para)
15769
msgid ""
15770
"For more information on Kerberos see the <ulink "
15771
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
15772
msgstr ""
15773
15774
#: serverguide/C/network-auth.xml:2588(para)
15775
msgid ""
15776
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15777
"Kerberos</ulink> page has more details."
15778
msgstr ""
15779
15780
#: serverguide/C/network-auth.xml:2593(para)
15781
msgid ""
15782
"O'Reilly's <ulink "
15783
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
15784
"Guide</ulink> is a great reference when setting up Kerberos."
15785
msgstr ""
15786
15787
#: serverguide/C/network-auth.xml:2599(para)
15788
msgid ""
15789
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
15790
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
15791
"Kerberos questions."
15792
msgstr ""
15793
15794
#: serverguide/C/network-auth.xml:2609(title)
15795
msgid "Kerberos and LDAP"
15796
msgstr ""
15797
15798
#: serverguide/C/network-auth.xml:2611(para)
15799
msgid ""
15800
"Replicating a Kerberos principal database between two servers can be "
15801
"complicated, and adds an additional user database to your network. "
15802
"Fortunately, MIT Kerberos can be configured to use an "
15803
"<application>LDAP</application> directory as a principal database. This "
15804
"section covers configuring a primary and secondary kerberos server to use "
15805
"<application>OpenLDAP</application> for the principal database."
15806
msgstr ""
15807
15808
#: serverguide/C/network-auth.xml:2619(title)
15809
msgid "Configuring OpenLDAP"
15810
msgstr ""
15811
15812
#: serverguide/C/network-auth.xml:2621(para)
15813
msgid ""
15814
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
15815
"<application>OpenLDAP</application> server that has network connectivity to "
15816
"the Primary and Secondary KDCs. The rest of this section assumes that you "
15817
"also have LDAP replication configured between at least two servers. For "
15818
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
15819
msgstr ""
15820
15821
#: serverguide/C/network-auth.xml:2628(para)
15822
msgid ""
15823
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
15824
"that traffic between the KDC and LDAP server is encrypted. See <xref "
15825
"linkend=\"openldap-tls\"/> for details."
15826
msgstr ""
15827
15828
#: serverguide/C/network-auth.xml:2635(para)
15829
msgid ""
15830
"To load the schema into LDAP, on the LDAP server install the "
15831
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
15832
msgstr ""
15833
15834
#: serverguide/C/network-auth.xml:2641(command)
15835
msgid "sudo apt-get install krb5-kdc-ldap"
15836
msgstr ""
15837
15838
#: serverguide/C/network-auth.xml:2646(para)
15839
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
15840
msgstr ""
15841
15842
#: serverguide/C/network-auth.xml:2651(command)
15843
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
15844
msgstr ""
15845
15846
#: serverguide/C/network-auth.xml:2652(command)
15847
msgid ""
15848
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
15849
msgstr ""
15850
15851
#: serverguide/C/network-auth.xml:2658(para)
15852
msgid ""
15853
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
15854
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
15855
"<application>slapd</application> is also detailed in <xref "
15856
"linkend=\"openldap-configuration\"/>."
15857
msgstr ""
15858
15859
#: serverguide/C/network-auth.xml:2671(programlisting)
15860
#, no-wrap
15861
msgid ""
15862
"\n"
15863
"include /etc/ldap/schema/core.schema\n"
15864
"include /etc/ldap/schema/collective.schema\n"
15865
"include /etc/ldap/schema/corba.schema\n"
15866
"include /etc/ldap/schema/cosine.schema\n"
15867
"include /etc/ldap/schema/duaconf.schema\n"
15868
"include /etc/ldap/schema/dyngroup.schema\n"
15869
"include /etc/ldap/schema/inetorgperson.schema\n"
15870
"include /etc/ldap/schema/java.schema\n"
15871
"include /etc/ldap/schema/misc.schema\n"
15872
"include /etc/ldap/schema/nis.schema\n"
15873
"include /etc/ldap/schema/openldap.schema\n"
15874
"include /etc/ldap/schema/ppolicy.schema\n"
15875
"include /etc/ldap/schema/kerberos.schema\n"
15876
msgstr ""
15877
15878
#: serverguide/C/network-auth.xml:2691(para)
15879
msgid "Create a temporary directory to hold the LDIF files:"
15880
msgstr ""
15881
15882
#: serverguide/C/network-auth.xml:2706(command)
15883
msgid ""
15884
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
15885
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
15886
msgstr ""
15887
15888
#: serverguide/C/network-auth.xml:2716(para)
15889
msgid ""
15890
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
15891
"changing the following attributes:"
15892
msgstr ""
15893
15894
#: serverguide/C/network-auth.xml:2720(programlisting)
15895
#, no-wrap
15896
msgid ""
15897
"\n"
15898
"dn: cn=kerberos,cn=schema,cn=config\n"
15899
"...\n"
15900
"cn: kerberos\n"
15901
msgstr ""
15902
15903
#: serverguide/C/network-auth.xml:2726(para)
15904
msgid "And remove the following lines from the end of the file:"
15905
msgstr ""
15906
15907
#: serverguide/C/network-auth.xml:2730(programlisting)
15908
#, no-wrap
15909
msgid ""
15910
"\n"
15911
"structuralObjectClass: olcSchemaConfig\n"
15912
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
15913
"creatorsName: cn=config\n"
15914
"createTimestamp: 20090111203515Z\n"
15915
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
15916
"modifiersName: cn=config\n"
15917
"modifyTimestamp: 20090111203515Z\n"
15918
msgstr ""
15919
15920
#: serverguide/C/network-auth.xml:2749(para)
15921
msgid "Load the new schema with <application>ldapadd</application>:"
15922
msgstr ""
15923
15924
#: serverguide/C/network-auth.xml:2754(command)
15925
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
15926
msgstr ""
15927
15928
#: serverguide/C/network-auth.xml:2760(para)
15929
msgid ""
15930
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
15931
msgstr ""
15932
15933
#: serverguide/C/network-auth.xml:2765(command) serverguide/C/network-auth.xml:2782(command)
15934
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15935
msgstr ""
15936
15937
#: serverguide/C/network-auth.xml:2767(userinput)
15938
#, no-wrap
15939
msgid ""
15940
"dn: olcDatabase={1}hdb,cn=config\n"
15941
"add: olcDbIndex\n"
15942
"olcDbIndex: krbPrincipalName eq,pres,sub"
15943
msgstr ""
15944
15945
#: serverguide/C/network-auth.xml:2766(computeroutput)
15946
#, no-wrap
15947
msgid ""
15948
"Enter LDAP Password:\n"
15949
"<placeholder-1/>\n"
15950
"\n"
15951
"modifying entry \"olcDatabase={1}hdb,cn=config\""
15952
msgstr ""
15953
15954
#: serverguide/C/network-auth.xml:2777(para)
15955
msgid "Finally, update the Access Control Lists (ACL):"
15956
msgstr ""
15957
15958
#: serverguide/C/network-auth.xml:2784(userinput)
15959
#, no-wrap
15960
msgid ""
15961
"dn: olcDatabase={1}hdb,cn=config\n"
15962
"replace: olcAccess\n"
15963
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
15964
"dn=\"cn=admin,dc=exampl\n"
15965
" e,dc=com\" write by anonymous auth by self write by * none\n"
15966
"-\n"
15967
"add: olcAccess\n"
15968
"olcAccess: to dn.base=\"\" by * read\n"
15969
"-\n"
15970
"add: olcAccess\n"
15971
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
15972
msgstr ""
15973
15974
#: serverguide/C/network-auth.xml:2783(computeroutput)
15975
#, no-wrap
15976
msgid ""
15977
"Enter LDAP Password: \n"
15978
"<placeholder-1/>\n"
15979
"\n"
15980
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
15981
msgstr ""
15982
15983
#: serverguide/C/network-auth.xml:2804(para)
15984
msgid ""
15985
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
15986
"database."
15987
msgstr ""
15988
15989
#: serverguide/C/network-auth.xml:2810(title)
15990
msgid "Primary KDC Configuration"
15991
msgstr ""
15992
15993
#: serverguide/C/network-auth.xml:2812(para)
15994
msgid ""
15995
"With <application>OpenLDAP</application> configured it is time to configure "
15996
"the KDC."
15997
msgstr ""
15998
15999
#: serverguide/C/network-auth.xml:2818(para)
16000
msgid "First, install the necessary packages, from a terminal enter:"
16001
msgstr ""
16002
16003
#: serverguide/C/network-auth.xml:2823(command) serverguide/C/network-auth.xml:2980(command)
16004
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
16005
msgstr ""
16006
16007
#: serverguide/C/network-auth.xml:2829(para)
16008
msgid ""
16009
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
16010
"under the appropriate sections:"
16011
msgstr ""
16012
16013
#: serverguide/C/network-auth.xml:2833(programlisting)
16014
#, no-wrap
16015
msgid ""
16016
"\n"
16017
"[libdefaults]\n"
16018
" default_realm = EXAMPLE.COM\n"
16019
"\n"
16020
"...\n"
16021
"\n"
16022
"[realms]\n"
16023
" EXAMPLE.COM = {\n"
16024
" kdc = kdc01.example.com\n"
16025
" kdc = kdc02.example.com\n"
16026
" admin_server = kdc01.example.com\n"
16027
" admin_server = kdc02.example.com\n"
16028
" default_domain = example.com\n"
16029
" database_module = openldap_ldapconf\n"
16030
" }\n"
16031
"\n"
16032
"...\n"
16033
"\n"
16034
"[domain_realm]\n"
16035
" .example.com = EXAMPLE.COM\n"
16036
"\n"
16037
"\n"
16038
"...\n"
16039
"\n"
16040
"[dbdefaults]\n"
16041
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16042
"\n"
16043
"[dbmodules]\n"
16044
" openldap_ldapconf = {\n"
16045
" db_library = kldap\n"
16046
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16047
"\n"
16048
" # this object needs to have read rights on\n"
16049
" # the realm container, principal container and realm sub-"
16050
"trees\n"
16051
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16052
"\n"
16053
" # this object needs to have read and write rights on\n"
16054
" # the realm container, principal container and realm sub-"
16055
"trees\n"
16056
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16057
" ldap_servers = ldaps://ldap01.example.com "
16058
"ldaps://ldap02.example.com\n"
16059
" ldap_conns_per_server = 5\n"
16060
" }\n"
16061
msgstr ""
16062
16063
#: serverguide/C/network-auth.xml:2878(para)
16064
msgid ""
16065
"Change <emphasis>example.com</emphasis>, "
16066
"<emphasis>dc=example,dc=com</emphasis>, "
16067
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
16068
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
16069
"object, and LDAP server for your network."
16070
msgstr ""
16071
16072
#: serverguide/C/network-auth.xml:2887(para)
16073
msgid ""
16074
"Next, use the <application>kdb5_ldap_util</application> utility to create "
16075
"the realm:"
16076
msgstr ""
16077
16078
#: serverguide/C/network-auth.xml:2892(command)
16079
msgid ""
16080
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
16081
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
16082
msgstr ""
16083
16084
#: serverguide/C/network-auth.xml:2898(para)
16085
msgid ""
16086
"Create a stash of the password used to bind to the LDAP server. This "
16087
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
16088
"<emphasis>ldap_kadmin_dn</emphasis> options in "
16089
"<filename>/etc/krb5.conf</filename>:"
16090
msgstr ""
16091
16092
#: serverguide/C/network-auth.xml:2904(command) serverguide/C/network-auth.xml:3042(command)
16093
msgid ""
16094
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
16095
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
16096
msgstr ""
16097
16098
#: serverguide/C/network-auth.xml:2910(para)
16099
msgid "Copy the CA certificate from the LDAP server:"
16100
msgstr ""
16101
16102
#: serverguide/C/network-auth.xml:2915(command)
16103
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
16104
msgstr ""
16105
16106
#: serverguide/C/network-auth.xml:2916(command)
16107
msgid "sudo cp cacert.pem /etc/ssl/certs"
16108
msgstr ""
16109
16110
#: serverguide/C/network-auth.xml:2919(para)
16111
msgid ""
16112
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
16113
msgstr ""
16114
16115
#: serverguide/C/network-auth.xml:2923(programlisting)
16116
#, no-wrap
16117
msgid ""
16118
"\n"
16119
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
16120
msgstr ""
16121
16122
#: serverguide/C/network-auth.xml:2928(para)
16123
msgid ""
16124
"The certificate will also need to be copied to the Secondary KDC, to allow "
16125
"the connection to the LDAP servers using LDAPS."
16126
msgstr ""
16127
16128
#: serverguide/C/network-auth.xml:2937(para)
16129
msgid ""
16130
"You can now add Kerberos principals to the LDAP database, and they will be "
16131
"copied to any other LDAP servers configured for replication. To add a "
16132
"principal using the <application>kadmin.local</application> utility enter:"
16133
msgstr ""
16134
16135
#: serverguide/C/network-auth.xml:2945(userinput)
16136
#, no-wrap
16137
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
16138
msgstr ""
16139
16140
#: serverguide/C/network-auth.xml:2944(computeroutput)
16141
#, no-wrap
16142
msgid ""
16143
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
16144
"kadmin.local: <placeholder-1/>\n"
16145
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
16146
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
16147
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
16148
"Principal \"steve@EXAMPLE.COM\" created."
16149
msgstr ""
16150
16151
#: serverguide/C/network-auth.xml:2952(para)
16152
msgid ""
16153
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
16154
"krbExtraData attributes added to the "
16155
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
16156
"the <application>kinit</application> and <application>klist</application> "
16157
"utilities to test that the user is indeed issued a ticket."
16158
msgstr ""
16159
16160
#: serverguide/C/network-auth.xml:2959(para)
16161
msgid ""
16162
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
16163
"option is needed to add the Kerberos attributes. Otherwise a new "
16164
"<emphasis>principal</emphasis> object will be created in the realm subtree."
16165
msgstr ""
16166
16167
#: serverguide/C/network-auth.xml:2967(title)
16168
msgid "Secondary KDC Configuration"
16169
msgstr ""
16170
16171
#: serverguide/C/network-auth.xml:2969(para)
16172
msgid ""
16173
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
16174
"one using the normal Kerberos database."
16175
msgstr ""
16176
16177
#: serverguide/C/network-auth.xml:2975(para)
16178
msgid "First, install the necessary packages. In a terminal enter:"
16179
msgstr ""
16180
16181
#: serverguide/C/network-auth.xml:2986(para)
16182
msgid ""
16183
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
16184
msgstr ""
16185
16186
#: serverguide/C/network-auth.xml:2990(programlisting)
16187
#, no-wrap
16188
msgid ""
16189
"\n"
16190
"[libdefaults]\n"
16191
" default_realm = EXAMPLE.COM\n"
16192
"\n"
16193
"...\n"
16194
"\n"
16195
"[realms]\n"
16196
" EXAMPLE.COM = {\n"
16197
" kdc = kdc01.example.com\n"
16198
" kdc = kdc02.example.com\n"
16199
" admin_server = kdc01.example.com\n"
16200
" admin_server = kdc02.example.com\n"
16201
" default_domain = example.com\n"
16202
" database_module = openldap_ldapconf\n"
16203
" }\n"
16204
"\n"
16205
"...\n"
16206
"\n"
16207
"[domain_realm]\n"
16208
" .example.com = EXAMPLE.COM\n"
16209
"\n"
16210
"...\n"
16211
"\n"
16212
"[dbdefaults]\n"
16213
" ldap_kerberos_container_dn = dc=example,dc=com\n"
16214
"\n"
16215
"[dbmodules]\n"
16216
" openldap_ldapconf = {\n"
16217
" db_library = kldap\n"
16218
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
16219
"\n"
16220
" # this object needs to have read rights on\n"
16221
" # the realm container, principal container and realm sub-"
16222
"trees\n"
16223
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
16224
"\n"
16225
" # this object needs to have read and write rights on\n"
16226
" # the realm container, principal container and realm sub-"
16227
"trees\n"
16228
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
16229
" ldap_servers = ldaps://ldap01.example.com "
16230
"ldaps://ldap02.example.com\n"
16231
" ldap_conns_per_server = 5\n"
16232
" }\n"
16233
msgstr ""
16234
16235
#: serverguide/C/network-auth.xml:3037(para)
16236
msgid "Create the stash for the LDAP bind password:"
16237
msgstr ""
16238
16239
#: serverguide/C/network-auth.xml:3048(para)
16240
msgid ""
16241
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
16242
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
16243
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
16244
"encrypted connection such as <application>scp</application>, or on physical "
16245
"media."
16246
msgstr ""
16247
16248
#: serverguide/C/network-auth.xml:3055(command)
16249
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
16250
msgstr ""
16251
16252
#: serverguide/C/network-auth.xml:3056(command)
16253
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
16254
msgstr ""
16255
16256
#: serverguide/C/network-auth.xml:3060(para)
16257
msgid ""
16258
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
16259
msgstr ""
16260
16261
#: serverguide/C/network-auth.xml:3068(para)
16262
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
16263
msgstr ""
16264
16265
#: serverguide/C/network-auth.xml:3079(para)
16266
msgid ""
16267
"You now have redundant KDCs on your network, and with redundant LDAP servers "
16268
"you should be able to continue to authenticate users if one LDAP server, one "
16269
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
16270
msgstr ""
16271
16272
#: serverguide/C/network-auth.xml:3091(para)
16273
msgid ""
16274
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16275
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
16276
"Guide</ulink> has some additional details."
16277
msgstr ""
16278
16279
#: serverguide/C/network-auth.xml:3097(para)
16280
msgid ""
16281
"For more information on <application>kdb5_ldap_util</application> see <ulink "
16282
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
16283
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
16284
"5.6</ulink> and the <ulink "
16285
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
16286
"\">kdb5_ldap_util man page</ulink>."
16287
msgstr ""
16288
16289
#: serverguide/C/network-auth.xml:3105(para)
16290
msgid ""
16291
"Another useful link is the <ulink "
16292
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
16293
"b5.conf man page</ulink>."
16294
msgstr ""
16295
16296
#: serverguide/C/network-auth.xml:3110(para)
16297
msgid ""
16298
"Also, see the <ulink "
16299
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16300
"and LDAP</ulink> Ubuntu wiki page."
16301
msgstr ""
16302
16303
#: serverguide/C/monitoring.xml:13(title)
16304
msgid "Monitoring"
16305
msgstr ""
16306
16307
#: serverguide/C/monitoring.xml:17(para)
16308
msgid ""
16309
"The monitoring of essential servers and services is an important part of "
16310
"system administration. Most network services are monitored for performance, "
16311
"availability, or both. This section will cover installation and "
16312
"configuration of <application>Nagios</application> for availability "
16313
"monitoring, and <application>Munin</application> for performance monitoring."
16314
msgstr ""
16315
16316
#: serverguide/C/monitoring.xml:24(para)
16317
msgid ""
16318
"The examples in this section will use two servers with hostnames "
16319
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
16320
"<emphasis>Server01</emphasis> will be configured with "
16321
"<application>Nagios</application> to monitor services on itself and "
16322
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
16323
"<application>munin</application> package to gather information from the "
16324
"network. Using the <application>munin-node</application> package, "
16325
"<emphasis>server02</emphasis> will be configured to send information to "
16326
"<emphasis>server01</emphasis>."
16327
msgstr ""
16328
16329
#: serverguide/C/monitoring.xml:33(para)
16330
msgid ""
16331
"Hopefully these simple examples will allow you to monitor additional servers "
16332
"and services on your network."
16333
msgstr ""
16334
16335
#: serverguide/C/monitoring.xml:39(title)
16336
msgid "Nagios"
16337
msgstr ""
16338
16339
#: serverguide/C/monitoring.xml:44(para)
16340
msgid ""
16341
"First, on <emphasis>server01</emphasis> install the "
16342
"<application>nagios</application> package. In a terminal enter:"
16343
msgstr ""
16344
16345
#: serverguide/C/monitoring.xml:50(command)
16346
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
16347
msgstr ""
16348
16349
#: serverguide/C/monitoring.xml:53(para)
16350
msgid ""
16351
"You will be asked to enter a password for the "
16352
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
16353
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
16354
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
16355
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
16356
"of the <application>apache2-utils</application> package."
16357
msgstr ""
16358
16359
#: serverguide/C/monitoring.xml:60(para)
16360
msgid ""
16361
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
16362
"user enter:"
16363
msgstr ""
16364
16365
#: serverguide/C/monitoring.xml:65(command)
16366
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
16367
msgstr ""
16368
16369
#: serverguide/C/monitoring.xml:68(para)
16370
msgid "To add a user:"
16371
msgstr ""
16372
16373
#: serverguide/C/monitoring.xml:73(command)
16374
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
16375
msgstr ""
16376
16377
#: serverguide/C/monitoring.xml:76(para)
16378
msgid ""
16379
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
16380
"server</application> package. From a terminal on server02 enter:"
16381
msgstr ""
16382
16383
#: serverguide/C/monitoring.xml:82(command)
16384
msgid "sudo apt-get install nagios-nrpe-server"
16385
msgstr ""
16386
16387
#: serverguide/C/monitoring.xml:86(para)
16388
msgid ""
16389
"<application>NRPE</application> allows you to execute local checks on remote "
16390
"hosts. There are other ways of accomplishing this through other Nagios "
16391
"plugins as well as other checks."
16392
msgstr ""
16393
16394
#: serverguide/C/monitoring.xml:94(title)
16395
msgid "Configuration Overview"
16396
msgstr ""
16397
16398
#: serverguide/C/monitoring.xml:96(para)
16399
msgid ""
16400
"There are a couple of directories containing "
16401
"<application>Nagios</application> configuration and check files."
16402
msgstr ""
16403
16404
#: serverguide/C/monitoring.xml:102(para)
16405
msgid ""
16406
"<filename>/etc/nagios3</filename>: contains configuration files for the "
16407
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
16408
"etc."
16409
msgstr ""
16410
16411
#: serverguide/C/monitoring.xml:108(para)
16412
msgid ""
16413
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
16414
"service checks."
16415
msgstr ""
16416
16417
#: serverguide/C/monitoring.xml:113(para)
16418
msgid ""
16419
"<filename>/etc/nagios</filename>: on the remote host contains the "
16420
"<application>nagios-nrpe-server</application> configuration files."
16421
msgstr ""
16422
16423
#: serverguide/C/monitoring.xml:118(para)
16424
msgid ""
16425
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
16426
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
16427
msgstr ""
16428
16429
#: serverguide/C/monitoring.xml:123(para)
16430
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
16431
msgstr ""
16432
16433
#: serverguide/C/monitoring.xml:129(para)
16434
msgid ""
16435
"There are a plethora of checks <application>Nagios</application> can be "
16436
"configured to execute for any given host. For this example Nagios will be "
16437
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
16438
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
16439
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
16440
msgstr ""
16441
16442
#: serverguide/C/monitoring.xml:136(para)
16443
msgid ""
16444
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
16445
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
16446
msgstr ""
16447
16448
#: serverguide/C/monitoring.xml:141(para)
16449
msgid ""
16450
"Additionally, there are some terms that once explained will hopefully make "
16451
"understanding Nagios configuration easier:"
16452
msgstr ""
16453
16454
#: serverguide/C/monitoring.xml:147(para)
16455
msgid ""
16456
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
16457
"is being monitored."
16458
msgstr ""
16459
16460
#: serverguide/C/monitoring.xml:152(para)
16461
msgid ""
16462
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
16463
"could group all web servers, file server, etc."
16464
msgstr ""
16465
16466
#: serverguide/C/monitoring.xml:157(para)
16467
msgid ""
16468
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
16469
"as HTTP, DNS, NFS, etc."
16470
msgstr ""
16471
16472
#: serverguide/C/monitoring.xml:162(para)
16473
msgid ""
16474
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
16475
"together. This is useful for grouping multiple HTTP for example."
16476
msgstr ""
16477
16478
#: serverguide/C/monitoring.xml:168(para)
16479
msgid ""
16480
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
16481
"place. Nagios can be configured to send emails, SMS messages, etc."
16482
msgstr ""
16483
16484
#: serverguide/C/monitoring.xml:174(para)
16485
msgid ""
16486
"By default Nagios is configured to check HTTP, disk space, SSH, current "
16487
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
16488
"will also <application>ping</application> check the "
16489
"<emphasis>gateway</emphasis>."
16490
msgstr ""
16491
16492
#: serverguide/C/monitoring.xml:179(para)
16493
msgid ""
16494
"Large Nagios installations can be quite complex to configure. It is usually "
16495
"best to start small, one or two hosts, get things configured the way you "
16496
"like then expand."
16497
msgstr ""
16498
16499
#: serverguide/C/monitoring.xml:194(para)
16500
msgid ""
16501
"First, create a <emphasis>host</emphasis> configuration file for "
16502
"<emphasis>server02</emphasis>. In a terminal enter:"
16503
msgstr ""
16504
16505
#: serverguide/C/monitoring.xml:199(command)
16506
msgid ""
16507
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
16508
"/etc/nagios3/conf.d/server02.cfg"
16509
msgstr ""
16510
16511
#: serverguide/C/monitoring.xml:203(para)
16512
msgid ""
16513
"In the above and following command examples, replace "
16514
"<emphasis>\"server01\"</emphasis>, "
16515
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
16516
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
16517
"your servers."
16518
msgstr ""
16519
16520
#: serverguide/C/monitoring.xml:212(para)
16521
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16522
msgstr ""
16523
16524
#: serverguide/C/monitoring.xml:216(programlisting)
16525
#, no-wrap
16526
msgid ""
16527
"\n"
16528
"define host{\n"
16529
" use generic-host ; Name of host "
16530
"template to use\n"
16531
" host_name server02\n"
16532
" alias Server 02\n"
16533
" address 172.18.100.101\n"
16534
"}\n"
16535
"\n"
16536
"# check DNS service.\n"
16537
"define service {\n"
16538
" use generic-service\n"
16539
" host_name server02\n"
16540
" service_description DNS\n"
16541
" check_command check_dns!172.18.100.101\n"
16542
"}\n"
16543
msgstr ""
16544
16545
#: serverguide/C/monitoring.xml:236(para)
16546
msgid ""
16547
"Restart the <application>nagios</application> daemon to enable the new "
16548
"configuration:"
16549
msgstr ""
16550
16551
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
16552
msgid "sudo /etc/init.d/nagios3 restart"
16553
msgstr ""
16554
16555
#: serverguide/C/monitoring.xml:251(para)
16556
msgid ""
16557
"Now add a service definition for the MySQL check by adding the following to "
16558
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
16559
msgstr ""
16560
16561
#: serverguide/C/monitoring.xml:255(programlisting)
16562
#, no-wrap
16563
msgid ""
16564
"\n"
16565
"# check MySQL servers.\n"
16566
"define service {\n"
16567
" hostgroup_name mysql-servers\n"
16568
" service_description MySQL\n"
16569
" check_command "
16570
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
16571
" use generic-service\n"
16572
" notification_interval 0 ; set > 0 if you want to be "
16573
"renotified\n"
16574
"}\n"
16575
msgstr ""
16576
16577
#: serverguide/C/monitoring.xml:269(para)
16578
msgid ""
16579
"A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
16580
"Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
16581
msgstr ""
16582
16583
#: serverguide/C/monitoring.xml:274(programlisting)
16584
#, no-wrap
16585
msgid ""
16586
"\n"
16587
"# MySQL hostgroup.\n"
16588
"define hostgroup {\n"
16589
" hostgroup_name mysql-servers\n"
16590
" alias MySQL servers\n"
16591
" members localhost, server02\n"
16592
" }\n"
16593
msgstr ""
16594
16595
#: serverguide/C/monitoring.xml:286(para)
16596
msgid ""
16597
"The Nagios check needs to authenticate to MySQL. To add a "
16598
"<emphasis>nagios</emphasis> user to MySQL enter:"
16599
msgstr ""
16600
16601
#: serverguide/C/monitoring.xml:291(command)
16602
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
16603
msgstr ""
16604
16605
#: serverguide/C/monitoring.xml:295(para)
16606
msgid ""
16607
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
16608
"<emphasis>mysql-servers</emphasis> hostgroup."
16609
msgstr ""
16610
16611
#: serverguide/C/monitoring.xml:303(para)
16612
msgid ""
16613
"Restart <application>nagios</application> to start checking the MySQL "
16614
"servers."
16615
msgstr ""
16616
16617
#: serverguide/C/monitoring.xml:318(para)
16618
msgid ""
16619
"Lastly configure NRPE to check the disk space on "
16620
"<emphasis>server02</emphasis>."
16621
msgstr ""
16622
16623
#: serverguide/C/monitoring.xml:322(para)
16624
msgid ""
16625
"On <emphasis>server01</emphasis> add the service check to "
16626
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
16627
msgstr ""
16628
16629
#: serverguide/C/monitoring.xml:327(programlisting)
16630
#, no-wrap
16631
msgid ""
16632
"\n"
16633
"# NRPE disk check.\n"
16634
"define service {\n"
16635
" use generic-service\n"
16636
" host_name server02\n"
16637
" service_description nrpe-disk\n"
16638
" check_command "
16639
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
16640
"}\n"
16641
msgstr ""
16642
16643
#: serverguide/C/monitoring.xml:340(para)
16644
msgid ""
16645
"Now on <emphasis>server02</emphasis> edit "
16646
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
16647
msgstr ""
16648
16649
#: serverguide/C/monitoring.xml:344(programlisting)
16650
#, no-wrap
16651
msgid ""
16652
"\n"
16653
"allowed_hosts=172.18.100.100\n"
16654
msgstr ""
16655
16656
#: serverguide/C/monitoring.xml:348(para)
16657
msgid "And below in the command definition area add:"
16658
msgstr ""
16659
16660
#: serverguide/C/monitoring.xml:352(programlisting)
16661
#, no-wrap
16662
msgid ""
16663
"\n"
16664
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
16665
"e\n"
16666
msgstr ""
16667
16668
#: serverguide/C/monitoring.xml:359(para)
16669
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
16670
msgstr ""
16671
16672
#: serverguide/C/monitoring.xml:364(command)
16673
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
16674
msgstr ""
16675
16676
#: serverguide/C/monitoring.xml:370(para)
16677
msgid ""
16678
"Also, on <emphasis>server01</emphasis> restart "
16679
"<application>nagios</application>:"
16680
msgstr ""
16681
16682
#: serverguide/C/monitoring.xml:383(para)
16683
msgid ""
16684
"You should now be able to see the host and service checks in the Nagios CGI "
16685
"files. To access them point a browser to http://server01/nagios3. You will "
16686
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
16687
"password."
16688
msgstr ""
16689
16690
#: serverguide/C/monitoring.xml:393(para)
16691
msgid ""
16692
"This section has just scratched the surface of Nagios' features. The "
16693
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
16694
"plugins</application> contain many more service checks."
16695
msgstr ""
16696
16697
#: serverguide/C/monitoring.xml:400(para)
16698
msgid ""
16699
"For more information see <ulink "
16700
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
16701
msgstr ""
16702
16703
#: serverguide/C/monitoring.xml:405(para)
16704
msgid ""
16705
"Specifically the <ulink "
16706
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
16707
"site."
16708
msgstr ""
16709
16710
#: serverguide/C/monitoring.xml:410(para)
16711
msgid ""
16712
"There is also a list of <ulink "
16713
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
16714
"Nagios and network monitoring:"
16715
msgstr ""
16716
16717
#: serverguide/C/monitoring.xml:416(para)
16718
msgid ""
16719
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16720
"Wiki</ulink> page also has more details."
16721
msgstr ""
16722
16723
#: serverguide/C/monitoring.xml:425(title)
16724
msgid "Munin"
16725
msgstr ""
16726
16727
#: serverguide/C/monitoring.xml:430(para)
16728
msgid ""
16729
"Before installing <application>Munin</application> on "
16730
"<emphasis>server01</emphasis><application>apache2</application> will need to "
16731
"be installed. The default configuration is fine for running a "
16732
"<application>munin</application> server. For more information see <xref "
16733
"linkend=\"httpd\"/>."
16734
msgstr ""
16735
16736
#: serverguide/C/monitoring.xml:436(para)
16737
msgid ""
16738
"First, on <emphasis>server01</emphasis> install "
16739
"<application>munin</application>. In a terminal enter:"
16740
msgstr ""
16741
16742
#: serverguide/C/monitoring.xml:441(command)
16743
msgid "sudo apt-get install munin"
16744
msgstr ""
16745
16746
#: serverguide/C/monitoring.xml:444(para)
16747
msgid ""
16748
"Now on <emphasis>server02</emphasis> install the <application>munin-"
16749
"node</application> package:"
16750
msgstr ""
16751
16752
#: serverguide/C/monitoring.xml:449(command)
16753
msgid "sudo apt-get install munin-node"
16754
msgstr ""
16755
16756
#: serverguide/C/monitoring.xml:456(para)
16757
msgid ""
16758
"On <emphasis>server01</emphasis> edit the "
16759
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
16760
"<emphasis>server02</emphasis>:"
16761
msgstr ""
16762
16763
#: serverguide/C/monitoring.xml:461(programlisting)
16764
#, no-wrap
16765
msgid ""
16766
"\n"
16767
"## First our \"normal\" host.\n"
16768
"[server02]\n"
16769
" address 172.18.100.101\n"
16770
msgstr ""
16771
16772
#: serverguide/C/monitoring.xml:468(para)
16773
msgid ""
16774
"Replace <emphasis>server02</emphasis> and "
16775
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
16776
"for your server."
16777
msgstr ""
16778
16779
#: serverguide/C/monitoring.xml:474(para)
16780
msgid ""
16781
"Next, configure <application>munin-node</application> on "
16782
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
16783
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
16784
msgstr ""
16785
16786
#: serverguide/C/monitoring.xml:479(programlisting)
16787
#, no-wrap
16788
msgid ""
16789
"\n"
16790
"allow ^172\\.18\\.100\\.100$\n"
16791
msgstr ""
16792
16793
#: serverguide/C/monitoring.xml:484(para)
16794
msgid ""
16795
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
16796
"<application>munin</application> server."
16797
msgstr ""
16798
16799
#: serverguide/C/monitoring.xml:489(para)
16800
msgid ""
16801
"Now restart <application>munin-node</application> on "
16802
"<emphasis>server02</emphasis> for the changes to take effect:"
16803
msgstr ""
16804
"ឥឡូវ ផ្តើមឡើងវិញ <application>munin-node</application> on "
16805
"<emphasis>server02</emphasis> សំរាប់បំលាស់ប្តូរ ទទួលផល ៖"
16806
16807
#: serverguide/C/monitoring.xml:494(command)
16808
msgid "sudo /etc/init.d/munin-node restart"
16809
msgstr ""
16810
16811
#: serverguide/C/monitoring.xml:497(para)
16812
msgid ""
16813
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
16814
"you should see links to nice graphs displaying information from the standard "
16815
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
16816
msgstr ""
16817
16818
#: serverguide/C/monitoring.xml:503(para)
16819
msgid ""
16820
"Since this is a new install it may take some time for the graphs to display "
16821
"anything useful."
16822
msgstr ""
16823
16824
#: serverguide/C/monitoring.xml:510(title)
16825
msgid "Additional Plugins"
16826
msgstr ""
16827
16828
#: serverguide/C/monitoring.xml:512(para)
16829
msgid ""
16830
"The <application>munin-plugins-extra</application> package contains "
16831
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
16832
"install the package, from a terminal enter:"
16833
msgstr ""
16834
16835
#: serverguide/C/monitoring.xml:518(command)
16836
msgid "sudo apt-get install munin-plugins-extra"
16837
msgstr ""
16838
16839
#: serverguide/C/monitoring.xml:521(para)
16840
msgid "Be sure to install the package on both the server and node machines."
16841
msgstr ""
16842
16843
#: serverguide/C/monitoring.xml:531(para)
16844
msgid ""
16845
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
16846
"website for more details."
16847
msgstr ""
16848
16849
#: serverguide/C/monitoring.xml:536(para)
16850
msgid ""
16851
"Specifically the <ulink "
16852
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
16853
"Documentation</ulink> page includes information on additional plugins, "
16854
"writing plugins, etc."
16855
msgstr ""
16856
16857
#: serverguide/C/monitoring.xml:542(para)
16858
msgid ""
16859
"Also, there is a book in German by Open Source Press: <ulink "
16860
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
16861
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
16862
msgstr ""
16863
16864
#: serverguide/C/monitoring.xml:548(para)
16865
msgid ""
16866
"Another resource is the <ulink "
16867
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16868
"page."
16869
msgstr ""
16870
16871
#: serverguide/C/mail.xml:13(title)
16872
msgid "Email Services"
16873
msgstr ""
16874
16875
#: serverguide/C/mail.xml:14(para)
16876
msgid ""
16877
"The process of getting an email from one person to another over a network or "
16878
"the Internet involves many systems working together. Each of these systems "
16879
"must be correctly configured for the process to work. The sender uses a "
16880
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
16881
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
16882
"the last of which will hand it off to a <emphasis>Mail Delivery "
16883
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
16884
"it will be retrieved by the recipient's email client, usually via a POP3 or "
16885
"IMAP server."
16886
msgstr ""
16887
16888
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
16889
msgid "Postfix"
16890
msgstr ""
16891
16892
#: serverguide/C/mail.xml:25(para)
16893
msgid ""
16894
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
16895
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
16896
"compatible with the MTA <application>sendmail</application>. This section "
16897
"explains how to install and configure <application>postfix</application>. It "
16898
"also explains how to set it up as an SMTP server using a secure connection "
16899
"(for sending emails securely)."
16900
msgstr ""
16901
16902
#: serverguide/C/mail.xml:34(para)
16903
msgid ""
16904
"This guide does not cover setting up Postfix <emphasis>Virtual "
16905
"Domains</emphasis>, for information on Virtual Domains and other advanced "
16906
"configurations see <xref linkend=\"postfix-references\"/>."
16907
msgstr ""
16908
16909
#: serverguide/C/mail.xml:41(para)
16910
msgid ""
16911
"To install <application>postfix</application> run the following command:"
16912
msgstr ""
16913
16914
#: serverguide/C/mail.xml:47(para)
16915
msgid ""
16916
"Simply press return when the installation process asks questions, the "
16917
"configuration will be done in greater detail in the next stage."
16918
msgstr ""
16919
16920
#: serverguide/C/mail.xml:52(title)
16921
msgid "Basic Configuration"
16922
msgstr ""
16923
16924
#: serverguide/C/mail.xml:53(para)
16925
msgid ""
16926
"To configure <application>postfix</application>, run the following command:"
16927
msgstr ""
16928
16929
#: serverguide/C/mail.xml:57(command)
16930
msgid "sudo dpkg-reconfigure postfix"
16931
msgstr ""
16932
16933
#: serverguide/C/mail.xml:63(para)
16934
msgid "Internet Site"
16935
msgstr ""
16936
16937
#: serverguide/C/mail.xml:64(para)
16938
msgid "mail.example.com"
16939
msgstr ""
16940
16941
#: serverguide/C/mail.xml:65(para)
16942
msgid "steve"
16943
msgstr ""
16944
16945
#: serverguide/C/mail.xml:66(para)
16946
msgid "mail.example.com, localhost.localdomain, localhost"
16947
msgstr ""
16948
16949
#: serverguide/C/mail.xml:67(para)
16950
msgid "No"
16951
msgstr ""
16952
16953
#: serverguide/C/mail.xml:68(para)
16954
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
16955
msgstr ""
16956
16957
#: serverguide/C/mail.xml:69(para)
16958
msgid "0"
16959
msgstr ""
16960
16961
#: serverguide/C/mail.xml:70(para)
16962
msgid "+"
16963
msgstr ""
16964
16965
#: serverguide/C/mail.xml:71(para)
16966
msgid "all"
16967
msgstr ""
16968
16969
#: serverguide/C/mail.xml:59(para)
16970
msgid ""
16971
"The user interface will be displayed. On each screen, select the following "
16972
"values: <placeholder-1/>"
16973
msgstr ""
16974
16975
#: serverguide/C/mail.xml:75(para)
16976
msgid ""
16977
"Replace mail.example.com with the domain for which you'll accept email, "
16978
"192.168.0.0/24 with the actual network and class range of your mail server, "
16979
"and steve with the appropriate username."
16980
msgstr ""
16981
16982
#: serverguide/C/mail.xml:81(para)
16983
msgid ""
16984
"Now is a good time to decide which mailbox format you want to use. By "
16985
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
16986
"mailbox format. Rather than editing the configuration file directly, you can "
16987
"use the <command>postconf</command> command to configure all "
16988
"<application>postfix</application> parameters. The configuration parameters "
16989
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
16990
"you wish to re-configure a particular parameter, you can either run the "
16991
"command or change it manually in the file."
16992
msgstr ""
16993
16994
#: serverguide/C/mail.xml:92(para)
16995
msgid ""
16996
"To configure the mailbox format for <emphasis "
16997
"role=\"strong\">Maildir:</emphasis>"
16998
msgstr ""
16999
17000
#: serverguide/C/mail.xml:97(command)
17001
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
17002
msgstr ""
17003
17004
#: serverguide/C/mail.xml:100(para)
17005
msgid ""
17006
"This will place new mail in /home/<emphasis "
17007
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
17008
"your Mail Delivery Agent (MDA) to use the same path."
17009
msgstr ""
17010
17011
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
17012
msgid "SMTP Authentication"
17013
msgstr ""
17014
17015
#: serverguide/C/mail.xml:110(para)
17016
msgid ""
17017
"SMTP-AUTH allows a client to identify itself through an authentication "
17018
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
17019
"the authentication process. Once authenticated the SMTP server will allow "
17020
"the client to relay mail."
17021
msgstr ""
17022
17023
#: serverguide/C/mail.xml:117(para)
17024
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
17025
msgstr ""
17026
17027
#: serverguide/C/mail.xml:120(screen)
17028
#, no-wrap
17029
msgid ""
17030
"\n"
17031
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
17032
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
17033
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
17034
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
17035
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
17036
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
17037
"sudo postconf -e 'smtpd_recipient_restrictions = "
17038
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
17039
"sudo postconf -e 'inet_interfaces = all'\n"
17040
msgstr ""
17041
17042
#: serverguide/C/mail.xml:131(para)
17043
msgid ""
17044
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
17045
"the Postfix queue directory."
17046
msgstr ""
17047
17048
#: serverguide/C/mail.xml:137(para)
17049
msgid ""
17050
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
17051
"and-security\"/> for details. This example also uses a Certificate Authority "
17052
"(CA). For information on generating a CA certificate see <xref "
17053
"linkend=\"certificate-authority\"/>."
17054
msgstr ""
17055
17056
#: serverguide/C/mail.xml:143(para)
17057
msgid ""
17058
"You can get the digital certificate from a certificate authority. But unlike "
17059
"web clients, SMTP clients rarely complain about \"self-signed "
17060
"certificates\", so alternatively, you can create the certificate yourself. "
17061
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
17062
"details."
17063
msgstr ""
17064
17065
#: serverguide/C/mail.xml:155(para)
17066
msgid ""
17067
"Once you have a certificate, configure Postfix to provide TLS encryption for "
17068
"both incoming and outgoing mail:"
17069
msgstr ""
17070
17071
#: serverguide/C/mail.xml:158(screen)
17072
#, no-wrap
17073
msgid ""
17074
"\n"
17075
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
17076
"sudo postconf -e 'smtp_use_tls = yes'\n"
17077
"sudo postconf -e 'smtpd_use_tls = yes'\n"
17078
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
17079
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
17080
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
17081
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
17082
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
17083
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
17084
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
17085
"sudo postconf -e 'myhostname = mail.example.com'\n"
17086
msgstr ""
17087
17088
#: serverguide/C/mail.xml:173(para)
17089
msgid ""
17090
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17091
"the certificate enter:"
17092
msgstr ""
17093
17094
#: serverguide/C/mail.xml:177(command)
17095
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17096
msgstr ""
17097
17098
#: serverguide/C/mail.xml:180(para)
17099
msgid ""
17100
"Again, for more details about certificates see <xref linkend=\"certificates-"
17101
"and-security\"/>."
17102
msgstr ""
17103
17104
#: serverguide/C/mail.xml:186(para)
17105
msgid ""
17106
"After running all the commands, <application>Postfix</application> is "
17107
"configured for SMTP-AUTH and a self-signed certificate has been created for "
17108
"TLS encryption."
17109
msgstr ""
17110
17111
#: serverguide/C/mail.xml:191(para)
17112
msgid ""
17113
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
17114
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
17115
msgstr ""
17116
17117
#: serverguide/C/mail.xml:195(para)
17118
msgid ""
17119
"The postfix initial configuration is complete. Run the following command to "
17120
"restart the postfix daemon:"
17121
msgstr ""
17122
17123
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17124
msgid "sudo /etc/init.d/postfix restart"
17125
msgstr ""
17126
17127
#: serverguide/C/mail.xml:204(para)
17128
msgid ""
17129
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
17130
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
17131
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
17132
"However it is still necessary to set up SASL authentication before you can "
17133
"use SMTP-AUTH."
17134
msgstr ""
17135
17136
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
17137
msgid "Configuring SASL"
17138
msgstr ""
17139
17140
#: serverguide/C/mail.xml:215(para)
17141
msgid ""
17142
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
17143
"enable Dovecot SASL the <application>dovecot-common</application> package "
17144
"will need to be installed. From a terminal prompt enter the following:"
17145
msgstr ""
17146
17147
#: serverguide/C/mail.xml:221(command)
17148
msgid "sudo apt-get install dovecot-common"
17149
msgstr ""
17150
17151
#: serverguide/C/mail.xml:223(para)
17152
msgid ""
17153
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
17154
"In the <emphasis>auth default</emphasis> section uncomment the "
17155
"<emphasis>socket listen</emphasis> option and change the following:"
17156
msgstr ""
17157
17158
#: serverguide/C/mail.xml:227(programlisting)
17159
#, no-wrap
17160
msgid ""
17161
"\n"
17162
" socket listen {\n"
17163
" #master {\n"
17164
" # Master socket provides access to userdb information. It's typically\n"
17165
" # used to give Dovecot's local delivery agent access to userdb so it\n"
17166
" # can find mailbox locations.\n"
17167
" #path = /var/run/dovecot/auth-master\n"
17168
" #mode = 0600\n"
17169
" # Default user/group is the one who started dovecot-auth (root)\n"
17170
" #user = \n"
17171
" #group = \n"
17172
" #}\n"
17173
" client {\n"
17174
" # The client socket is generally safe to export to everyone. Typical "
17175
"use\n"
17176
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
17177
" # using it.\n"
17178
" path = /var/spool/postfix/private/auth-client\n"
17179
" mode = 0660\n"
17180
" user = postfix\n"
17181
" group = postfix\n"
17182
" }\n"
17183
" }\n"
17184
msgstr ""
17185
17186
#: serverguide/C/mail.xml:251(para)
17187
msgid ""
17188
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
17189
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
17190
"add <emphasis>\"login\"</emphasis>:"
17191
msgstr ""
17192
17193
#: serverguide/C/mail.xml:256(programlisting)
17194
#, no-wrap
17195
msgid ""
17196
"\n"
17197
" mechanisms = plain login\n"
17198
msgstr ""
17199
17200
#: serverguide/C/mail.xml:260(para)
17201
msgid ""
17202
"Once you have <application>Dovecot</application> configured restart it with:"
17203
msgstr ""
17204
17205
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
17206
msgid "sudo /etc/init.d/dovecot restart"
17207
msgstr ""
17208
17209
#: serverguide/C/mail.xml:269(title)
17210
msgid "Postfix-Dovecot"
17211
msgstr ""
17212
17213
#: serverguide/C/mail.xml:271(para)
17214
msgid ""
17215
"Another option for configuring <application>Postfix</application> for SMTP-"
17216
"AUTH is using the <application>dovecot-postfix</application> package. This "
17217
"package will install <application>Dovecot</application> and configure "
17218
"<application>Postfix</application> to use it for both SASL authentication "
17219
"and as a Mail Delivery Agent (MDA). The package also configures "
17220
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
17221
msgstr ""
17222
17223
#: serverguide/C/mail.xml:280(para)
17224
msgid ""
17225
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
17226
"server. For example, if you are configuring your server to be a mail "
17227
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
17228
"the above commands to configure Postfix for SMTPAUTH."
17229
msgstr ""
17230
17231
#: serverguide/C/mail.xml:287(para)
17232
msgid "To install the package, from a terminal prompt enter:"
17233
msgstr ""
17234
17235
#: serverguide/C/mail.xml:292(command)
17236
msgid "sudo apt-get install dovecot-postfix"
17237
msgstr ""
17238
17239
#: serverguide/C/mail.xml:295(para)
17240
msgid ""
17241
"You should now have a working mail server, but there are a few options that "
17242
"you may wish to further customize. For example, the package uses the "
17243
"certificate and key from the <application>ssl-cert</application> package, "
17244
"and in a production environment you should use a certificate and key "
17245
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
17246
"for more details."
17247
msgstr ""
17248
17249
#: serverguide/C/mail.xml:301(para)
17250
msgid ""
17251
"Once you have a customized certificate and key for the host, change the "
17252
"following options in <filename>/etc/postfix/main.cf</filename>:"
17253
msgstr ""
17254
17255
#: serverguide/C/mail.xml:305(programlisting)
17256
#, no-wrap
17257
msgid ""
17258
"\n"
17259
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
17260
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
17261
msgstr ""
17262
17263
#: serverguide/C/mail.xml:310(para)
17264
msgid "Then restart Postfix:"
17265
msgstr ""
17266
17267
#: serverguide/C/mail.xml:321(para)
17268
msgid ""
17269
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
17270
msgstr ""
17271
17272
#: serverguide/C/mail.xml:324(para)
17273
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
17274
msgstr ""
17275
17276
#: serverguide/C/mail.xml:329(command)
17277
msgid "telnet mail.example.com 25"
17278
msgstr ""
17279
17280
#: serverguide/C/mail.xml:331(para)
17281
msgid ""
17282
"After you have established the connection to the postfix mail server, type:"
17283
msgstr ""
17284
17285
#: serverguide/C/mail.xml:335(screen)
17286
#, no-wrap
17287
msgid ""
17288
"\n"
17289
"ehlo mail.example.com\n"
17290
msgstr ""
17291
17292
#: serverguide/C/mail.xml:338(para)
17293
msgid ""
17294
"If you see the following lines among others, then everything is working "
17295
"perfectly. Type <command>quit</command> to exit."
17296
msgstr ""
17297
17298
#: serverguide/C/mail.xml:342(programlisting)
17299
#, no-wrap
17300
msgid ""
17301
"\n"
17302
"250-STARTTLS\n"
17303
"250-AUTH LOGIN PLAIN\n"
17304
"250-AUTH=LOGIN PLAIN\n"
17305
"250 8BITMIME\n"
17306
msgstr ""
17307
17308
#: serverguide/C/mail.xml:352(para)
17309
msgid ""
17310
"This section introduces some common ways to determine the cause if problems "
17311
"arise."
17312
msgstr ""
17313
17314
#: serverguide/C/mail.xml:356(title)
17315
msgid "Escaping chroot"
17316
msgstr ""
17317
17318
#: serverguide/C/mail.xml:357(para)
17319
msgid ""
17320
"The Ubuntu <application>postfix</application> package will by default "
17321
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
17322
"This can add greater complexity when troubleshooting problems."
17323
msgstr ""
17324
17325
#: serverguide/C/mail.xml:361(para)
17326
msgid ""
17327
"To turn off the chroot operation locate for the following line in the "
17328
"<filename>/etc/postfix/master.cf</filename> configuration file:"
17329
msgstr ""
17330
17331
#: serverguide/C/mail.xml:365(screen)
17332
#, no-wrap
17333
msgid ""
17334
"\n"
17335
"smtp inet n - - - - smtpd\n"
17336
msgstr ""
17337
17338
#: serverguide/C/mail.xml:368(para)
17339
msgid "and modify it as follows:"
17340
msgstr ""
17341
17342
#: serverguide/C/mail.xml:371(screen)
17343
#, no-wrap
17344
msgid ""
17345
"\n"
17346
"smtp inet n - n - - smtpd\n"
17347
msgstr ""
17348
17349
#: serverguide/C/mail.xml:374(para)
17350
msgid ""
17351
"You will then need to restart Postfix to use the new configuration. From a "
17352
"terminal prompt enter:"
17353
msgstr ""
17354
17355
#: serverguide/C/mail.xml:382(title)
17356
msgid "Log Files"
17357
msgstr ""
17358
17359
#: serverguide/C/mail.xml:383(para)
17360
msgid ""
17361
"<application>Postfix</application> sends all log messages to "
17362
"<filename>/var/log/mail.log</filename>. However error and warning messages "
17363
"can sometimes get lost in the normal log output so they are also logged to "
17364
"<filename>/var/log/mail.err</filename> and "
17365
"<filename>/var/log/mail.warn</filename> respectively."
17366
msgstr ""
17367
17368
#: serverguide/C/mail.xml:388(para)
17369
msgid ""
17370
"To see messages entered into the logs in real time you can use the "
17371
"<application>tail -f</application> command:"
17372
msgstr ""
17373
17374
#: serverguide/C/mail.xml:393(command)
17375
msgid "tail -f /var/log/mail.err"
17376
msgstr ""
17377
17378
#: serverguide/C/mail.xml:395(para)
17379
msgid ""
17380
"The amount of detail that is recorded in the logs can be increased. Below "
17381
"are some configuration options for increasing the log level for some of the "
17382
"areas covered above."
17383
msgstr ""
17384
17385
#: serverguide/C/mail.xml:401(para)
17386
msgid ""
17387
"To increase <emphasis>TLS</emphasis> activity logging set the "
17388
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
17389
msgstr ""
17390
17391
#: serverguide/C/mail.xml:405(command)
17392
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
17393
msgstr ""
17394
17395
#: serverguide/C/mail.xml:409(para)
17396
msgid ""
17397
"If you are having trouble sending or receiving mail from a specific domain "
17398
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
17399
msgstr ""
17400
17401
#: serverguide/C/mail.xml:414(command)
17402
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
17403
msgstr ""
17404
17405
#: serverguide/C/mail.xml:418(para)
17406
msgid ""
17407
"You can increase the verbosity of any <application>Postfix</application> "
17408
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
17409
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
17410
"<emphasis>smtp</emphasis> entry:"
17411
msgstr ""
17412
17413
#: serverguide/C/mail.xml:422(programlisting)
17414
#, no-wrap
17415
msgid ""
17416
"\n"
17417
"smtp unix - - - - - smtp -v\n"
17418
msgstr ""
17419
17420
#: serverguide/C/mail.xml:428(para)
17421
msgid ""
17422
"It is important to note that after making one of the logging changes above "
17423
"the <application>Postfix</application> process will need to be reloaded in "
17424
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
17425
"reload</command>"
17426
msgstr ""
17427
17428
#: serverguide/C/mail.xml:435(para)
17429
msgid ""
17430
"To increase the amount of information logged when troubleshooting "
17431
"<emphasis>SASL</emphasis> issues you can set the following options in "
17432
"<filename>/etc/dovecot/dovecot.conf</filename>"
17433
msgstr ""
17434
17435
#: serverguide/C/mail.xml:439(programlisting)
17436
#, no-wrap
17437
msgid ""
17438
"\n"
17439
"auth_debug=yes\n"
17440
"auth_debug_passwords=yes\n"
17441
msgstr ""
17442
17443
#: serverguide/C/mail.xml:446(para)
17444
msgid ""
17445
"Just like <application>Postfix</application> if you change a "
17446
"<application>Dovecot</application> configuration the process will need to be "
17447
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
17448
msgstr ""
17449
17450
#: serverguide/C/mail.xml:452(para)
17451
msgid ""
17452
"Some of the options above can drastically increase the amount of information "
17453
"sent to the log files. Remember to return the log level back to normal after "
17454
"you have corrected the problem. Then reload the appropriate daemon for the "
17455
"new configuration to take affect."
17456
msgstr ""
17457
17458
#: serverguide/C/mail.xml:460(para)
17459
msgid ""
17460
"Administering a <application>Postfix</application> server can be a very "
17461
"complicated task. At some point you may need to turn to the Ubuntu community "
17462
"for more experienced help."
17463
msgstr ""
17464
17465
#: serverguide/C/mail.xml:464(para)
17466
msgid ""
17467
"A great place to ask for <application>Postfix</application> assistance, and "
17468
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
17469
"server</emphasis> IRC channel on <ulink "
17470
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
17471
"one of the <ulink "
17472
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
17473
msgstr ""
17474
17475
#: serverguide/C/mail.xml:469(para)
17476
msgid ""
17477
"For in depth <application>Postfix</application> information Ubuntu "
17478
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
17479
"Book of Postfix</ulink>."
17480
msgstr ""
17481
17482
#: serverguide/C/mail.xml:473(para)
17483
msgid ""
17484
"Finally, the <ulink "
17485
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
17486
"also has great documentation on all the different configuration options "
17487
"available."
17488
msgstr ""
17489
17490
#: serverguide/C/mail.xml:477(para)
17491
msgid ""
17492
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17493
"Wiki Postifx</ulink> page has more information."
17494
msgstr ""
17495
17496
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
17497
msgid "Exim4"
17498
msgstr ""
17499
17500
#: serverguide/C/mail.xml:486(para)
17501
msgid ""
17502
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
17503
"developed at the University of Cambridge for use on Unix systems connected "
17504
"to the Internet. Exim can be installed in place of "
17505
"<application>sendmail</application>, although the configuration of "
17506
"<application>exim</application> is quite different to that of "
17507
"<application>sendmail</application>."
17508
msgstr ""
17509
17510
#: serverguide/C/mail.xml:497(para)
17511
msgid ""
17512
"To install <application>exim4</application>, run the following command: "
17513
"<screen>\n"
17514
"<command>sudo apt-get install exim4</command>\n"
17515
"</screen>"
17516
msgstr ""
17517
17518
#: serverguide/C/mail.xml:506(para)
17519
msgid ""
17520
"To configure <application>Exim4</application>, run the following command:"
17521
msgstr ""
17522
17523
#: serverguide/C/mail.xml:510(command)
17524
msgid "sudo dpkg-reconfigure exim4-config"
17525
msgstr ""
17526
17527
#: serverguide/C/mail.xml:512(para)
17528
msgid ""
17529
"The user interface will be displayed. The user interface lets you configure "
17530
"many parameters. For example, In <application>Exim4</application> the "
17531
"configuration files are split among multiple files. If you wish to have them "
17532
"in one file you can configure accordingly in this user interface."
17533
msgstr ""
17534
17535
#: serverguide/C/mail.xml:520(para)
17536
msgid ""
17537
"All the parameters you configure in the user interface are stored in "
17538
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
17539
"re-configure, either you re-run the configuration wizard or manually edit "
17540
"this file using your favorite editor. Once you configure, you can run the "
17541
"following command to generate the master configuration file:"
17542
msgstr ""
17543
17544
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
17545
msgid "sudo update-exim4.conf"
17546
msgstr ""
17547
17548
#: serverguide/C/mail.xml:533(para)
17549
msgid ""
17550
"The master configuration file, is generated and it is stored in "
17551
"<filename>/var/lib/exim4/config.autogenerated</filename>."
17552
msgstr ""
17553
17554
#: serverguide/C/mail.xml:539(para)
17555
msgid ""
17556
"At any time, you should not edit the master configuration file, "
17557
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
17558
"updated automatically every time you run <command>update-exim4.conf</command>"
17559
msgstr ""
17560
17561
#: serverguide/C/mail.xml:547(para)
17562
msgid ""
17563
"You can run the following command to start <application>Exim4</application> "
17564
"daemon."
17565
msgstr ""
17566
17567
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
17568
msgid "sudo /etc/init.d/exim4 start"
17569
msgstr ""
17570
17571
#: serverguide/C/mail.xml:557(para)
17572
msgid ""
17573
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
17574
msgstr ""
17575
17576
#: serverguide/C/mail.xml:560(para)
17577
msgid ""
17578
"The first step is to create a certificate for use with TLS. Enter the "
17579
"following into a terminal prompt:"
17580
msgstr ""
17581
17582
#: serverguide/C/mail.xml:564(command)
17583
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
17584
msgstr ""
17585
17586
#: serverguide/C/mail.xml:566(para)
17587
msgid ""
17588
"Now Exim4 needs to be configured for TLS by editing "
17589
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
17590
"the following:"
17591
msgstr ""
17592
17593
#: serverguide/C/mail.xml:570(programlisting)
17594
#, no-wrap
17595
msgid ""
17596
"\n"
17597
"MAIN_TLS_ENABLE = yes\n"
17598
msgstr ""
17599
17600
#: serverguide/C/mail.xml:573(para)
17601
msgid ""
17602
"Next you need to configure <application>Exim4</application> to use the "
17603
"<application>saslauthd</application> for authentication. Edit "
17604
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
17605
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
17606
"<emphasis>login_saslauthd_server</emphasis> sections:"
17607
msgstr ""
17608
17609
#: serverguide/C/mail.xml:578(programlisting)
17610
#, no-wrap
17611
msgid ""
17612
"\n"
17613
" plain_saslauthd_server:\n"
17614
" driver = plaintext\n"
17615
" public_name = PLAIN\n"
17616
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
17617
" server_set_id = $auth2\n"
17618
" server_prompts = :\n"
17619
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17620
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17621
" .endif\n"
17622
"#\n"
17623
" login_saslauthd_server:\n"
17624
" driver = plaintext\n"
17625
" public_name = LOGIN\n"
17626
" server_prompts = \"Username:: : Password::\"\n"
17627
" # don't send system passwords over unencrypted connections\n"
17628
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
17629
" server_set_id = $auth1\n"
17630
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
17631
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
17632
" .endif\n"
17633
msgstr ""
17634
17635
#: serverguide/C/mail.xml:600(para)
17636
msgid "Finally, update the Exim4 configuration and restart the service:"
17637
msgstr ""
17638
17639
#: serverguide/C/mail.xml:605(command)
17640
msgid "sudo /etc/init.d/exim4 restart"
17641
msgstr ""
17642
17643
#: serverguide/C/mail.xml:610(para)
17644
msgid ""
17645
"This section provides details on configuring the saslauthd to provide "
17646
"authentication for <application>Exim4</application>."
17647
msgstr ""
17648
17649
#: serverguide/C/mail.xml:613(para)
17650
msgid ""
17651
"The first step is to install the sasl2-bin package. From a terminal prompt "
17652
"enter the following:"
17653
msgstr ""
17654
17655
#: serverguide/C/mail.xml:617(command)
17656
msgid "sudo apt-get install sasl2-bin"
17657
msgstr ""
17658
17659
#: serverguide/C/mail.xml:619(para)
17660
msgid ""
17661
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
17662
"and set START=no to:"
17663
msgstr ""
17664
17665
#: serverguide/C/mail.xml:622(programlisting)
17666
#, no-wrap
17667
msgid ""
17668
"\n"
17669
"START=yes\n"
17670
msgstr ""
17671
17672
#: serverguide/C/mail.xml:625(para)
17673
msgid ""
17674
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
17675
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
17676
"service:"
17677
msgstr ""
17678
17679
#: serverguide/C/mail.xml:630(command)
17680
msgid "sudo adduser Debian-exim sasl"
17681
msgstr ""
17682
17683
#: serverguide/C/mail.xml:632(para)
17684
msgid "Now start the <application>saslauthd</application> service:"
17685
msgstr ""
17686
17687
#: serverguide/C/mail.xml:636(command)
17688
msgid "sudo /etc/init.d/saslauthd start"
17689
msgstr ""
17690
17691
#: serverguide/C/mail.xml:638(para)
17692
msgid ""
17693
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
17694
"and SASL authentication."
17695
msgstr ""
17696
17697
#: serverguide/C/mail.xml:647(para)
17698
msgid ""
17699
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
17700
"information."
17701
msgstr ""
17702
17703
#: serverguide/C/mail.xml:652(para)
17704
msgid ""
17705
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
17706
"server\">Exim4 Book</ulink> available."
17707
msgstr ""
17708
17709
#: serverguide/C/mail.xml:657(para)
17710
msgid ""
17711
"Another resource is the <ulink "
17712
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17713
"page."
17714
msgstr ""
17715
17716
#: serverguide/C/mail.xml:666(title)
17717
msgid "Dovecot Server"
17718
msgstr ""
17719
17720
#: serverguide/C/mail.xml:667(para)
17721
msgid ""
17722
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
17723
"security primarily in mind. It supports the major mailbox formats: mbox or "
17724
"Maildir. This section explain how to set it up as an imap or pop3 server."
17725
msgstr ""
17726
17727
#: serverguide/C/mail.xml:675(para)
17728
msgid ""
17729
"To install <application>dovecot</application>, run the following command in "
17730
"the command prompt:"
17731
msgstr ""
17732
17733
#: serverguide/C/mail.xml:680(command)
17734
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
17735
msgstr ""
17736
17737
#: serverguide/C/mail.xml:685(para)
17738
msgid ""
17739
"To configure <application>dovecot</application>, you can edit the file "
17740
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
17741
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
17742
"secure). A description of these protocols is beyond the scope of this guide. "
17743
"For further information, refer to the Wikipedia articles on <ulink "
17744
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
17745
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
17746
"link>."
17747
msgstr ""
17748
17749
#: serverguide/C/mail.xml:695(para)
17750
msgid ""
17751
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
17752
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
17753
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
17754
msgstr ""
17755
17756
#: serverguide/C/mail.xml:701(programlisting)
17757
#, no-wrap
17758
msgid ""
17759
"\n"
17760
"protocols = pop3 pop3s imap imaps\n"
17761
msgstr ""
17762
17763
#: serverguide/C/mail.xml:704(para)
17764
msgid ""
17765
"Next, choose the mailbox you would like to use. "
17766
"<application>Dovecot</application> supports <emphasis "
17767
"role=\"strong\">maildir</emphasis> and <emphasis "
17768
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
17769
"mailbox formats. They both have their own benefits and are discussed on "
17770
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
17771
"site</ulink>."
17772
msgstr ""
17773
17774
#: serverguide/C/mail.xml:712(para)
17775
msgid ""
17776
"Once you have chosen your mailbox type, edit the file "
17777
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
17778
msgstr ""
17779
17780
#: serverguide/C/mail.xml:717(programlisting)
17781
#, no-wrap
17782
msgid ""
17783
"\n"
17784
"mail_location = maildir:~/Maildir # (for maildir)\n"
17785
"or\n"
17786
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
17787
msgstr ""
17788
17789
#: serverguide/C/mail.xml:723(para)
17790
msgid ""
17791
"You should configure your Mail Transport Agent (MTA) to transfer the "
17792
"incoming mail to this type of mailbox if it is different from the one you "
17793
"have configured."
17794
msgstr ""
17795
17796
#: serverguide/C/mail.xml:729(para)
17797
msgid ""
17798
"Once you have configured dovecot, restart the "
17799
"<application>dovecot</application> daemon in order to test your setup:"
17800
msgstr ""
17801
17802
#: serverguide/C/mail.xml:738(para)
17803
msgid ""
17804
"If you have enabled imap, or pop3, you can also try to log in with the "
17805
"commands <command>telnet localhost pop3</command> or <command>telnet "
17806
"localhost imap2</command>. If you see something like the following, the "
17807
"installation has been successful:"
17808
msgstr ""
17809
17810
#: serverguide/C/mail.xml:745(programlisting)
17811
#, no-wrap
17812
msgid ""
17813
"\n"
17814
"bhuvan@rainbow:~$ telnet localhost pop3\n"
17815
"Trying 127.0.0.1...\n"
17816
"Connected to localhost.localdomain.\n"
17817
"Escape character is '^]'.\n"
17818
"+OK Dovecot ready.\n"
17819
msgstr ""
17820
17821
#: serverguide/C/mail.xml:754(title)
17822
msgid "Dovecot SSL Configuration"
17823
msgstr ""
17824
17825
#: serverguide/C/mail.xml:755(para)
17826
msgid ""
17827
"To configure <application>dovecot</application> to use SSL, you can edit the "
17828
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
17829
"lines:"
17830
msgstr ""
17831
17832
#: serverguide/C/mail.xml:760(programlisting)
17833
#, no-wrap
17834
msgid ""
17835
"\n"
17836
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17837
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
17838
"ssl_disable = no\n"
17839
"disable_plaintext_auth = no\n"
17840
msgstr ""
17841
17842
#: serverguide/C/mail.xml:766(para)
17843
msgid ""
17844
"You can get the SSL certificate from a Certificate Issuing Authority or you "
17845
"can create self signed SSL certificate. The latter is a good option for "
17846
"email, because SMTP clients rarely complain about \"self-signed "
17847
"certificates\". Please refer to <xref linkend=\"certificates-and-"
17848
"security\"/> for details about how to create self signed SSL certificate. "
17849
"Once you create the certificate, you will have a key file and a certificate "
17850
"file. Please copy them to the location pointed in the "
17851
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
17852
msgstr ""
17853
17854
#: serverguide/C/mail.xml:781(title)
17855
msgid "Firewall Configuration for an Email Server"
17856
msgstr ""
17857
17858
#: serverguide/C/mail.xml:787(para)
17859
msgid "IMAP - 143"
17860
msgstr ""
17861
17862
#: serverguide/C/mail.xml:788(para)
17863
msgid "IMAPS - 993"
17864
msgstr ""
17865
17866
#: serverguide/C/mail.xml:789(para)
17867
msgid "POP3 - 110"
17868
msgstr ""
17869
17870
#: serverguide/C/mail.xml:790(para)
17871
msgid "POP3S - 995"
17872
msgstr ""
17873
17874
#: serverguide/C/mail.xml:782(para)
17875
msgid ""
17876
"To access your mail server from another computer, you must configure your "
17877
"firewall to allow connections to the server on the necessary ports. "
17878
"<placeholder-1/>"
17879
msgstr ""
17880
17881
#: serverguide/C/mail.xml:799(para)
17882
msgid ""
17883
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
17884
"more information."
17885
msgstr ""
17886
17887
#: serverguide/C/mail.xml:804(para)
17888
msgid ""
17889
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17890
"Ubuntu Wiki</ulink> page has more details."
17891
msgstr ""
17892
17893
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
17894
msgid "Mailman"
17895
msgstr ""
17896
17897
#: serverguide/C/mail.xml:814(para)
17898
msgid ""
17899
"Mailman is an open source program for managing electronic mail discussions "
17900
"and e-newsletter lists. Many open source mailing lists (including all the "
17901
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
17902
"Mailman as their mailing list software. It is powerful and easy to install "
17903
"and maintain."
17904
msgstr ""
17905
17906
#: serverguide/C/mail.xml:824(para)
17907
msgid ""
17908
"Mailman provides a web interface for the administrators and users, using an "
17909
"external mail server to send and receive emails. It works perfectly with the "
17910
"following mail servers:"
17911
msgstr ""
17912
17913
#: serverguide/C/mail.xml:835(application)
17914
msgid "Exim"
17915
msgstr ""
17916
17917
#: serverguide/C/mail.xml:838(application)
17918
msgid "Sendmail"
17919
msgstr ""
17920
17921
#: serverguide/C/mail.xml:841(application)
17922
msgid "Qmail"
17923
msgstr ""
17924
17925
#: serverguide/C/mail.xml:846(para)
17926
msgid ""
17927
"We will see how to install and configure Mailman with, the Apache web "
17928
"server, and either the Postfix or Exim mail server. If you wish to install "
17929
"Mailman with a different mail server, please refer to the references section."
17930
msgstr ""
17931
17932
#: serverguide/C/mail.xml:853(para)
17933
msgid ""
17934
"You only need to install one mail server and "
17935
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
17936
msgstr ""
17937
17938
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
17939
msgid "Apache2"
17940
msgstr ""
17941
17942
#: serverguide/C/mail.xml:859(para)
17943
msgid ""
17944
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
17945
"installation\">HTTPD Installation</ulink> section for details."
17946
msgstr ""
17947
17948
#: serverguide/C/mail.xml:867(para)
17949
msgid ""
17950
"For instructions on installing and configuring Postfix refer to <xref "
17951
"linkend=\"postfix\"/>"
17952
msgstr ""
17953
17954
#: serverguide/C/mail.xml:873(para)
17955
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
17956
msgstr ""
17957
17958
#: serverguide/C/mail.xml:884(application)
17959
msgid "dc_use_split_config='true'"
17960
msgstr ""
17961
17962
#: serverguide/C/mail.xml:876(para)
17963
msgid ""
17964
"Once exim4 is installed, the configuration files are stored in the "
17965
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
17966
"configuration files are split across different files. You can change this "
17967
"behavior by changing the following variable in the "
17968
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
17969
msgstr ""
17970
17971
#: serverguide/C/mail.xml:891(para)
17972
msgid ""
17973
"To install <application>Mailman</application>, run following command at a "
17974
"terminal prompt:"
17975
msgstr ""
17976
17977
#: serverguide/C/mail.xml:895(command)
17978
msgid "sudo apt-get install mailman"
17979
msgstr ""
17980
17981
#: serverguide/C/mail.xml:897(para)
17982
msgid ""
17983
"It copies the installation files in "
17984
"<application>/var/lib/mailman</application> directory. It installs the CGI "
17985
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
17986
"creates <emphasis>list</emphasis> linux user. It creates the "
17987
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
17988
"this user."
17989
msgstr ""
17990
17991
#: serverguide/C/mail.xml:909(para)
17992
msgid ""
17993
"This section assumes you have successfully installed "
17994
"<application>mailman</application>, <application>apache2</application>, and "
17995
"<application>postfix</application> or <application>exim4</application>. Now "
17996
"you just need to configure them."
17997
msgstr ""
17998
17999
#: serverguide/C/mail.xml:918(para)
18000
msgid ""
18001
"An example Apache configuration file comes with "
18002
"<application>Mailman</application> and is placed in "
18003
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
18004
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
18005
"available</filename>:"
18006
msgstr ""
18007
18008
#: serverguide/C/mail.xml:924(command)
18009
msgid ""
18010
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
18011
msgstr ""
18012
18013
#: serverguide/C/mail.xml:926(para)
18014
msgid ""
18015
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
18016
"Mailman administration site. Now enable the new configuration and restart "
18017
"Apache:"
18018
msgstr ""
18019
18020
#: serverguide/C/mail.xml:931(command)
18021
msgid "sudo a2ensite mailman.conf"
18022
msgstr ""
18023
18024
#: serverguide/C/mail.xml:934(para)
18025
msgid ""
18026
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
18027
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
18028
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
18029
"can make changes to the <filename>/etc/apache2/sites-"
18030
"available/mailman.conf</filename> file if you wish to change this behavior."
18031
msgstr ""
18032
18033
#: serverguide/C/mail.xml:945(para)
18034
msgid ""
18035
"For <application>Postfix</application> integration, we will associate the "
18036
"domain lists.example.com with the mailing lists. Please replace "
18037
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
18038
msgstr ""
18039
18040
#: serverguide/C/mail.xml:949(para)
18041
msgid ""
18042
"You can use the postconf command to add the necessary configuration to "
18043
"<filename>/etc/postfix/main.cf</filename>:"
18044
msgstr ""
18045
18046
#: serverguide/C/mail.xml:953(command)
18047
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
18048
msgstr ""
18049
18050
#: serverguide/C/mail.xml:954(command)
18051
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
18052
msgstr ""
18053
18054
#: serverguide/C/mail.xml:955(command)
18055
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
18056
msgstr ""
18057
18058
#: serverguide/C/mail.xml:957(para)
18059
msgid ""
18060
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
18061
"the following transport:"
18062
msgstr ""
18063
18064
#: serverguide/C/mail.xml:960(programlisting)
18065
#, no-wrap
18066
msgid ""
18067
"\n"
18068
"mailman unix - n n - - pipe\n"
18069
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
18070
" ${nexthop} ${user}\n"
18071
msgstr ""
18072
18073
#: serverguide/C/mail.xml:965(para)
18074
msgid ""
18075
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
18076
"is delivered to a list."
18077
msgstr ""
18078
18079
#: serverguide/C/mail.xml:968(para)
18080
msgid ""
18081
"Associate the domain lists.example.com to the Mailman transport with the "
18082
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
18083
msgstr ""
18084
18085
#: serverguide/C/mail.xml:971(programlisting)
18086
#, no-wrap
18087
msgid ""
18088
"\n"
18089
"lists.example.com mailman:\n"
18090
msgstr ""
18091
18092
#: serverguide/C/mail.xml:974(para)
18093
msgid ""
18094
"Now have <application>Postfix</application> build the transport map by "
18095
"entering the following from a terminal prompt:"
18096
msgstr ""
18097
18098
#: serverguide/C/mail.xml:978(command)
18099
msgid "sudo postmap -v /etc/postfix/transport"
18100
msgstr ""
18101
18102
#: serverguide/C/mail.xml:980(para)
18103
msgid "Then restart Postfix to enable the new configurations:"
18104
msgstr ""
18105
18106
#: serverguide/C/mail.xml:989(para)
18107
msgid ""
18108
"Once Exim4 is installed, you can start the Exim server using the following "
18109
"command from a terminal prompt:"
18110
msgstr ""
18111
18112
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
18113
msgid "Main"
18114
msgstr ""
18115
18116
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
18117
msgid "Transport"
18118
msgstr ""
18119
18120
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
18121
msgid "Router"
18122
msgstr ""
18123
18124
#: serverguide/C/mail.xml:996(para)
18125
msgid ""
18126
"In order to make mailman work with Exim4, you need to configure Exim4. As "
18127
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
18128
"different types. For details, please refer to the <ulink "
18129
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
18130
"add new a configuration file to the following configuration types: "
18131
"<placeholder-1/> Exim creates a master configuration file by sorting all "
18132
"these mini configuration files. So, the order of these configuration files "
18133
"is very important."
18134
msgstr ""
18135
18136
#: serverguide/C/mail.xml:1027(programlisting)
18137
#, no-wrap
18138
msgid ""
18139
"\n"
18140
"# start\n"
18141
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
18142
"# directory.\n"
18143
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
18144
"# This is normally the same as ~mailman\n"
18145
"MM_HOME=/var/lib/mailman\n"
18146
"#\n"
18147
"# User and group for Mailman, should match your --with-mail-gid\n"
18148
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
18149
"MM_UID=list\n"
18150
"MM_GID=list\n"
18151
"#\n"
18152
"# Domains that your lists are in - colon separated list\n"
18153
"# you may wish to add these into local_domains as well\n"
18154
"domainlist mm_domains=hostname.com\n"
18155
"#\n"
18156
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
18157
"#\n"
18158
"# These values are derived from the ones above and should not need\n"
18159
"# editing unless you have munged your mailman installation\n"
18160
"#\n"
18161
"# The path of the Mailman mail wrapper script\n"
18162
"MM_WRAP=MM_HOME/mail/mailman\n"
18163
"#\n"
18164
"# The path of the list config file (used as a required file when\n"
18165
"# verifying list addresses)\n"
18166
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
18167
"# end\n"
18168
msgstr ""
18169
18170
#: serverguide/C/mail.xml:1021(para)
18171
msgid ""
18172
"All the configuration files belonging to the main type are stored in the "
18173
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
18174
"following content to a new file, named <filename>04_exim4-"
18175
"config_mailman</filename>: <placeholder-1/>"
18176
msgstr ""
18177
18178
#: serverguide/C/mail.xml:1067(programlisting)
18179
#, no-wrap
18180
msgid ""
18181
"\n"
18182
" mailman_transport:\n"
18183
" driver = pipe\n"
18184
" command = MM_WRAP \\\n"
18185
" '${if def:local_part_suffix \\\n"
18186
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
18187
"\\\n"
18188
" {post}}' \\\n"
18189
" $local_part\n"
18190
" current_directory = MM_HOME\n"
18191
" home_directory = MM_HOME\n"
18192
" user = MM_UID\n"
18193
" group = MM_GID\n"
18194
msgstr ""
18195
18196
#: serverguide/C/mail.xml:1061(para)
18197
msgid ""
18198
"All the configuration files belonging to transport type are stored in the "
18199
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
18200
"following content to a new file named <filename> 40_exim4-"
18201
"config_mailman</filename>: <placeholder-1/>"
18202
msgstr ""
18203
18204
#: serverguide/C/mail.xml:1088(programlisting)
18205
#, no-wrap
18206
msgid ""
18207
"\n"
18208
" mailman_router:\n"
18209
" driver = accept\n"
18210
" require_files = MM_HOME/lists/$local_part/config.pck\n"
18211
" local_part_suffix_optional\n"
18212
" local_part_suffix = -bounces : -bounces+* : \\\n"
18213
" -confirm+* : -join : -leave : \\\n"
18214
" -owner : -request : -admin\n"
18215
" transport = mailman_transport\n"
18216
msgstr ""
18217
18218
#: serverguide/C/mail.xml:1084(para)
18219
msgid ""
18220
"All the configuration files belonging to router type are stored in the "
18221
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
18222
"following content in to a new file named <filename>101_exim4-"
18223
"config_mailman</filename>: <placeholder-1/>"
18224
msgstr ""
18225
18226
#: serverguide/C/mail.xml:1101(para)
18227
msgid ""
18228
"The order of main and transport configuration files can be in any order. "
18229
"But, the order of router configuration files must be the same. This "
18230
"particular file must appear before the <application>200_exim4-"
18231
"config_primary</application> file. These two configuration files contain "
18232
"same type of information. The first file takes the precedence. For more "
18233
"details, please refer to the references section."
18234
msgstr ""
18235
18236
#: serverguide/C/mail.xml:1114(para)
18237
msgid ""
18238
"Once mailman is installed, you can run it using the following command:"
18239
msgstr ""
18240
18241
#: serverguide/C/mail.xml:1118(command)
18242
msgid "sudo /etc/init.d/mailman start"
18243
msgstr ""
18244
18245
#: serverguide/C/mail.xml:1120(para)
18246
msgid ""
18247
"Once mailman is installed, you should create the default mailing list. Run "
18248
"the following command to create the mailing list:"
18249
msgstr ""
18250
18251
#: serverguide/C/mail.xml:1126(command)
18252
msgid "sudo /usr/sbin/newlist mailman"
18253
msgstr ""
18254
18255
#: serverguide/C/mail.xml:1129(programlisting)
18256
#, no-wrap
18257
msgid ""
18258
"\n"
18259
" Enter the email address of the person running the list: bhuvan at "
18260
"ubuntu.com\n"
18261
" Initial mailman password:\n"
18262
" To finish creating your mailing list, you must edit your "
18263
"<filename>/etc/aliases</filename> (or\n"
18264
" equivalent) file by adding the following lines, and possibly running the\n"
18265
" `newaliases' program:\n"
18266
"\n"
18267
" ## mailman mailing list\n"
18268
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
18269
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
18270
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
18271
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
18272
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
18273
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
18274
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
18275
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
18276
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
18277
"mailman\"\n"
18278
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
18279
"mailman\"\n"
18280
"\n"
18281
" Hit enter to notify mailman owner...\n"
18282
"\n"
18283
" # \n"
18284
msgstr ""
18285
18286
#: serverguide/C/mail.xml:1152(para)
18287
msgid ""
18288
"We have configured either Postfix or Exim4 to recognize all emails from "
18289
"mailman. So, it is not mandatory to make any new entries in "
18290
"<filename>/etc/aliases</filename>. If you have made any changes to the "
18291
"configuration files, please ensure that you restart those services before "
18292
"continuing to next section."
18293
msgstr ""
18294
18295
#: serverguide/C/mail.xml:1160(para)
18296
msgid ""
18297
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
18298
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
18299
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
18300
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
18301
msgstr ""
18302
18303
#: serverguide/C/mail.xml:1171(title)
18304
msgid "Administration"
18305
msgstr ""
18306
18307
#: serverguide/C/mail.xml:1172(para)
18308
msgid ""
18309
"We assume you have a default installation. The mailman cgi scripts are still "
18310
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
18311
"Mailman provides a web based administration facility. To access this page, "
18312
"point your browser to the following url:"
18313
msgstr ""
18314
18315
#: serverguide/C/mail.xml:1180(para)
18316
msgid "http://hostname/cgi-bin/mailman/admin"
18317
msgstr ""
18318
18319
#: serverguide/C/mail.xml:1184(para)
18320
msgid ""
18321
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18322
"screen. If you click the mailing list name, it will ask for your "
18323
"authentication password. If you enter the correct password, you will be able "
18324
"to change administrative settings of this mailing list. You can create a new "
18325
"mailing list using the command line utility "
18326
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
18327
"mailing list using the web interface."
18328
msgstr ""
18329
18330
#: serverguide/C/mail.xml:1197(title)
18331
msgid "Users"
18332
msgstr ""
18333
18334
#: serverguide/C/mail.xml:1198(para)
18335
msgid ""
18336
"Mailman provides a web based interface for users. To access this page, point "
18337
"your browser to the following url:"
18338
msgstr ""
18339
18340
#: serverguide/C/mail.xml:1203(para)
18341
msgid "http://hostname/cgi-bin/mailman/listinfo"
18342
msgstr ""
18343
18344
#: serverguide/C/mail.xml:1207(para)
18345
msgid ""
18346
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
18347
"screen. If you click the mailing list name, it will display the subscription "
18348
"form. You can enter your email address, name (optional), and password to "
18349
"subscribe. An email invitation will be sent to you. You can follow the "
18350
"instructions in the email to subscribe."
18351
msgstr ""
18352
18353
#: serverguide/C/mail.xml:1219(ulink)
18354
msgid "GNU Mailman - Installation Manual"
18355
msgstr ""
18356
18357
#: serverguide/C/mail.xml:1223(ulink)
18358
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
18359
msgstr ""
18360
18361
#: serverguide/C/mail.xml:1226(para)
18362
msgid ""
18363
"Also, see the <ulink "
18364
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18365
"Wiki</ulink> page."
18366
msgstr ""
18367
18368
#: serverguide/C/mail.xml:1232(title)
18369
msgid "Mail Filtering"
18370
msgstr ""
18371
18372
#: serverguide/C/mail.xml:1233(para)
18373
msgid ""
18374
"One of the largest issues with email today is the problem of Unsolicited "
18375
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
18376
"and other forms of malware. According to some reports these messages make up "
18377
"the bulk of all email traffic on the Internet."
18378
msgstr ""
18379
18380
#: serverguide/C/mail.xml:1238(para)
18381
msgid ""
18382
"This section will cover integrating <application>Amavisd-new</application>, "
18383
"<application>Spamassassin</application>, and "
18384
"<application>ClamAV</application> with the "
18385
"<application>Postfix</application> Mail Transport Agent (MTA). "
18386
"<application>Postfix</application> can also check email validity by passing "
18387
"it through external content filters. These filters can sometimes determine "
18388
"if a message is spam without needing to process it with more resource "
18389
"intensive applications. Two common filters are <application>dkim-"
18390
"filter</application> and <application>python-policyd-spf</application>."
18391
msgstr ""
18392
18393
#: serverguide/C/mail.xml:1248(para)
18394
msgid ""
18395
"<application>Amavisd-new</application> is a wrapper program that can call "
18396
"any number of content filtering programs for spam detection, antivirus, etc."
18397
msgstr ""
18398
18399
#: serverguide/C/mail.xml:1254(para)
18400
msgid ""
18401
"<application>Spamassassin</application> uses a variety of mechanisms to "
18402
"filter email based on the message content."
18403
msgstr ""
18404
18405
#: serverguide/C/mail.xml:1259(para)
18406
msgid ""
18407
"<application>ClamAV</application> is an open source antivirus application."
18408
msgstr ""
18409
18410
#: serverguide/C/mail.xml:1264(para)
18411
msgid ""
18412
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
18413
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
18414
msgstr ""
18415
18416
#: serverguide/C/mail.xml:1270(para)
18417
msgid ""
18418
"<application>python-policyd-spf</application> enables Sender Policy "
18419
"Framework (SPF) checking with <application>Postfix</application>."
18420
msgstr ""
18421
18422
#: serverguide/C/mail.xml:1275(para)
18423
msgid "This is how the pieces fit together:"
18424
msgstr ""
18425
18426
#: serverguide/C/mail.xml:1280(para)
18427
msgid "An email message is accepted by <application>Postfix</application>."
18428
msgstr ""
18429
18430
#: serverguide/C/mail.xml:1285(para)
18431
msgid ""
18432
"The message is passed through any external filters <application>dkim-"
18433
"filter</application> and <application>python-policyd-spf</application> in "
18434
"this case."
18435
msgstr ""
18436
18437
#: serverguide/C/mail.xml:1291(para)
18438
msgid "<application>Amavisd-new</application> then processes the message."
18439
msgstr ""
18440
18441
#: serverguide/C/mail.xml:1296(para)
18442
msgid ""
18443
"<application>ClamAV</application> is used to scan the message. If the "
18444
"message contains a virus <application>Postfix</application> will reject the "
18445
"message."
18446
msgstr ""
18447
18448
#: serverguide/C/mail.xml:1302(para)
18449
msgid ""
18450
"Clean messages will then be analyzed by "
18451
"<application>Spamassassin</application> to find out if the message is spam. "
18452
"<application>Spamassassin</application> will then add X-Header lines "
18453
"allowing <application>Amavisd-new</application> to further manipulate the "
18454
"message."
18455
msgstr ""
18456
18457
#: serverguide/C/mail.xml:1309(para)
18458
msgid ""
18459
"For example, if a message has a Spam score of over fifty the message could "
18460
"be automatically dropped from the queue without the recipient ever having to "
18461
"be bothered. Another, way to handle flagged messages is to deliver them to "
18462
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
18463
"see fit."
18464
msgstr ""
18465
18466
#: serverguide/C/mail.xml:1316(para)
18467
msgid ""
18468
"See <xref linkend=\"postfix\"/> for instructions on installing and "
18469
"configuring Postfix."
18470
msgstr ""
18471
18472
#: serverguide/C/mail.xml:1319(para)
18473
msgid ""
18474
"To install the rest of the applications enter the following from a terminal "
18475
"prompt:"
18476
msgstr ""
18477
18478
#: serverguide/C/mail.xml:1323(command)
18479
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
18480
msgstr ""
18481
18482
#: serverguide/C/mail.xml:1324(command)
18483
msgid "sudo apt-get install dkim-filter python-policyd-spf"
18484
msgstr ""
18485
18486
#: serverguide/C/mail.xml:1326(para)
18487
msgid ""
18488
"There are some optional packages that integrate with "
18489
"<application>Spamassassin</application> for better spam detection:"
18490
msgstr ""
18491
18492
#: serverguide/C/mail.xml:1330(command)
18493
msgid "sudo apt-get install pyzor razor"
18494
msgstr ""
18495
18496
#: serverguide/C/mail.xml:1332(para)
18497
msgid ""
18498
"Along with the main filtering applications compression utilities are needed "
18499
"to process some email attachments:"
18500
msgstr ""
18501
18502
#: serverguide/C/mail.xml:1336(command)
18503
msgid ""
18504
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
18505
msgstr ""
18506
18507
#: serverguide/C/mail.xml:1339(para)
18508
msgid ""
18509
"If some packages are not found, check that the "
18510
"<emphasis>multiverse</emphasis> repository is enabled in "
18511
"<filename>/etc/apt/sources.list</filename>"
18512
msgstr ""
18513
18514
#: serverguide/C/mail.xml:1340(para)
18515
msgid ""
18516
"If you make changes to the file, be sure to run <command>sudo apt-get "
18517
"update</command> before trying to install again."
18518
msgstr ""
18519
18520
#: serverguide/C/mail.xml:1345(para)
18521
msgid "Now configure everything to work together and filter email."
18522
msgstr ""
18523
18524
#: serverguide/C/mail.xml:1349(title)
18525
msgid "ClamAV"
18526
msgstr ""
18527
18528
#: serverguide/C/mail.xml:1350(para)
18529
msgid ""
18530
"The default behaviour of <application>ClamAV</application> will fit our "
18531
"needs. For more ClamAV configuration options, check the configuration files "
18532
"in <filename>/etc/clamav</filename>."
18533
msgstr ""
18534
18535
#: serverguide/C/mail.xml:1355(para)
18536
msgid ""
18537
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
18538
"group in order for <application>Amavisd-new</application> to have the "
18539
"appropriate access to scan files:"
18540
msgstr ""
18541
18542
#: serverguide/C/mail.xml:1360(command)
18543
msgid "sudo adduser clamav amavis"
18544
msgstr ""
18545
18546
#: serverguide/C/mail.xml:1364(title)
18547
msgid "Spamassassin"
18548
msgstr ""
18549
18550
#: serverguide/C/mail.xml:1365(para)
18551
msgid ""
18552
"Spamassassin automatically detects optional components and will use them if "
18553
"they are present. This means that there is no need to configure "
18554
"<application>pyzor</application> and <application>razor</application>."
18555
msgstr ""
18556
18557
#: serverguide/C/mail.xml:1369(para)
18558
msgid ""
18559
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
18560
"<application>Spamassassin</application> daemon. Change "
18561
"<emphasis>ENABLED=0</emphasis> to:"
18562
msgstr ""
18563
18564
#: serverguide/C/mail.xml:1373(programlisting)
18565
#, no-wrap
18566
msgid ""
18567
"\n"
18568
"ENABLED=1\n"
18569
msgstr ""
18570
18571
#: serverguide/C/mail.xml:1376(para)
18572
msgid "Now start the daemon:"
18573
msgstr ""
18574
18575
#: serverguide/C/mail.xml:1380(command)
18576
msgid "sudo /etc/init.d/spamassassin start"
18577
msgstr ""
18578
18579
#: serverguide/C/mail.xml:1384(title)
18580
msgid "Amavisd-new"
18581
msgstr ""
18582
18583
#: serverguide/C/mail.xml:1385(para)
18584
msgid ""
18585
"First activate spam and antivirus detection in <application>Amavisd-"
18586
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
18587
"content_filter_mode</filename>:"
18588
msgstr ""
18589
18590
#: serverguide/C/mail.xml:1389(programlisting)
18591
#, no-wrap
18592
msgid ""
18593
"\n"
18594
"use strict;\n"
18595
"\n"
18596
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
18597
"# and to re-enable antivirus checking.\n"
18598
"\n"
18599
"#\n"
18600
"# Default antivirus checking mode\n"
18601
"# Uncomment the two lines below to enable it\n"
18602
"#\n"
18603
"\n"
18604
"@bypass_virus_checks_maps = (\n"
18605
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
18606
"$bypass_virus_checks_re);\n"
18607
"\n"
18608
"\n"
18609
"#\n"
18610
"# Default SPAM checking mode\n"
18611
"# Uncomment the two lines below to enable it\n"
18612
"#\n"
18613
"\n"
18614
"@bypass_spam_checks_maps = (\n"
18615
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
18616
"$bypass_spam_checks_re);\n"
18617
"\n"
18618
"1; # insure a defined return\n"
18619
msgstr ""
18620
18621
#: serverguide/C/mail.xml:1414(para)
18622
msgid ""
18623
"Bouncing spam can be a bad idea as the return address is often faked. "
18624
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
18625
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
18626
"D_BOUNCE, as follows:"
18627
msgstr ""
18628
18629
#: serverguide/C/mail.xml:1420(programlisting)
18630
#, no-wrap
18631
msgid ""
18632
"\n"
18633
"$final_spam_destiny = D_DISCARD;\n"
18634
msgstr ""
18635
18636
#: serverguide/C/mail.xml:1424(para)
18637
msgid ""
18638
"Additionally, you may want to adjust the following options to flag more "
18639
"messages as spam:"
18640
msgstr ""
18641
18642
#: serverguide/C/mail.xml:1428(programlisting)
18643
#, no-wrap
18644
msgid ""
18645
"\n"
18646
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
18647
"level\n"
18648
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
18649
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
18650
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
18651
msgstr ""
18652
18653
#: serverguide/C/mail.xml:1435(para)
18654
msgid ""
18655
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
18656
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
18657
"option. Also, if the server receives mail for multiple domains the "
18658
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
18659
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
18660
msgstr ""
18661
18662
#: serverguide/C/mail.xml:1442(programlisting)
18663
#, no-wrap
18664
msgid ""
18665
"\n"
18666
"$myhostname = 'mail.example.com';\n"
18667
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
18668
msgstr ""
18669
18670
#: serverguide/C/mail.xml:1447(para)
18671
msgid ""
18672
"After configuration <application>Amavisd-new</application> needs to be "
18673
"restarted:"
18674
msgstr ""
18675
18676
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
18677
msgid "sudo /etc/init.d/amavis restart"
18678
msgstr ""
18679
18680
#: serverguide/C/mail.xml:1454(title)
18681
msgid "DKIM Whitelist"
18682
msgstr ""
18683
18684
#: serverguide/C/mail.xml:1456(para)
18685
msgid ""
18686
"<application>Amavisd-new</application> can be configured to automatically "
18687
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
18688
"Keys. There are some pre-configured domains in the "
18689
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
18690
msgstr ""
18691
18692
#: serverguide/C/mail.xml:1462(para)
18693
msgid "There are multiple ways to configure the Whitelist for a domain:"
18694
msgstr ""
18695
18696
#: serverguide/C/mail.xml:1468(para)
18697
msgid ""
18698
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18699
"address from the \"example.com\" domain."
18700
msgstr ""
18701
18702
#: serverguide/C/mail.xml:1473(para)
18703
msgid ""
18704
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
18705
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
18706
"have a valid signature."
18707
msgstr ""
18708
18709
#: serverguide/C/mail.xml:1479(para)
18710
msgid ""
18711
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
18712
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
18713
"role=\"italic\">example.com</emphasis> the parent domain."
18714
msgstr ""
18715
18716
#: serverguide/C/mail.xml:1485(para)
18717
msgid ""
18718
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
18719
"that have a valid signature from \"example.com\". This is usually used for "
18720
"discussion groups that sign thier messages."
18721
msgstr ""
18722
18723
#: serverguide/C/mail.xml:1492(para)
18724
msgid ""
18725
"A domain can also have multiple Whitelist configurations. After, editing the "
18726
"file restart <application>amaisd-new</application>:"
18727
msgstr ""
18728
18729
#: serverguide/C/mail.xml:1501(para)
18730
msgid ""
18731
"In this context, once a domain has been added to the Whitelist the message "
18732
"will not receive any anti-virus or spam filtering. This may or may not be "
18733
"the intended behavior you wish for a domain."
18734
msgstr ""
18735
18736
#: serverguide/C/mail.xml:1511(para)
18737
msgid ""
18738
"For <application>Postfix</application> integration, enter the following from "
18739
"a terminal prompt:"
18740
msgstr ""
18741
18742
#: serverguide/C/mail.xml:1515(command)
18743
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
18744
msgstr ""
18745
18746
#: serverguide/C/mail.xml:1517(para)
18747
msgid ""
18748
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
18749
"to the end of the file:"
18750
msgstr ""
18751
18752
#: serverguide/C/mail.xml:1520(programlisting)
18753
#, no-wrap
18754
msgid ""
18755
"\n"
18756
"smtp-amavis unix - - - - 2 smtp\n"
18757
" -o smtp_data_done_timeout=1200\n"
18758
" -o smtp_send_xforward_command=yes\n"
18759
" -o disable_dns_lookups=yes\n"
18760
" -o max_use=20\n"
18761
"\n"
18762
"127.0.0.1:10025 inet n - - - - smtpd\n"
18763
" -o content_filter=\n"
18764
" -o local_recipient_maps=\n"
18765
" -o relay_recipient_maps=\n"
18766
" -o smtpd_restriction_classes=\n"
18767
" -o smtpd_delay_reject=no\n"
18768
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
18769
" -o smtpd_helo_restrictions=\n"
18770
" -o smtpd_sender_restrictions=\n"
18771
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
18772
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
18773
" -o smtpd_end_of_data_restrictions=\n"
18774
" -o mynetworks=127.0.0.0/8\n"
18775
" -o smtpd_error_sleep_time=0\n"
18776
" -o smtpd_soft_error_limit=1001\n"
18777
" -o smtpd_hard_error_limit=1000\n"
18778
" -o smtpd_client_connection_count_limit=0\n"
18779
" -o smtpd_client_connection_rate_limit=0\n"
18780
" -o "
18781
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
18782
msgstr ""
18783
18784
#: serverguide/C/mail.xml:1547(para)
18785
msgid ""
18786
"Also add the following two lines immediately below the "
18787
"<emphasis>\"pickup\"</emphasis> transport service:"
18788
msgstr ""
18789
18790
#: serverguide/C/mail.xml:1550(programlisting)
18791
#, no-wrap
18792
msgid ""
18793
"\n"
18794
" -o content_filter=\n"
18795
" -o receive_override_options=no_header_body_checks\n"
18796
msgstr ""
18797
18798
#: serverguide/C/mail.xml:1554(para)
18799
msgid ""
18800
"This will prevent messages that are generated to report on spam from being "
18801
"classified as spam."
18802
msgstr ""
18803
18804
#: serverguide/C/mail.xml:1557(para)
18805
msgid "Now restart <application>Postfix</application>:"
18806
msgstr ""
18807
18808
#: serverguide/C/mail.xml:1563(para)
18809
msgid "Content filtering with spam and virus detection is now enabled."
18810
msgstr ""
18811
18812
#: serverguide/C/mail.xml:1570(para)
18813
msgid ""
18814
"First, test that the <application>Amavisd-new</application> SMTP is "
18815
"listening:"
18816
msgstr ""
18817
18818
#: serverguide/C/mail.xml:1573(programlisting)
18819
#, no-wrap
18820
msgid ""
18821
"\n"
18822
"telnet localhost 10024\n"
18823
"Trying 127.0.0.1...\n"
18824
"Connected to localhost.\n"
18825
"Escape character is '^]'.\n"
18826
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
18827
"^]\n"
18828
msgstr ""
18829
18830
#: serverguide/C/mail.xml:1581(para)
18831
msgid ""
18832
"In the Header of messages that go through the content filter you should see:"
18833
msgstr ""
18834
18835
#: serverguide/C/mail.xml:1584(programlisting)
18836
#, no-wrap
18837
msgid ""
18838
"\n"
18839
"X-Spam-Level: \n"
18840
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
18841
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
18842
"BAYES_00\n"
18843
"X-Spam-Level: \n"
18844
msgstr ""
18845
18846
#: serverguide/C/mail.xml:1591(para)
18847
msgid ""
18848
"Your output will vary, but the important thing is that there are <emphasis>X-"
18849
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
18850
msgstr ""
18851
18852
#: serverguide/C/mail.xml:1599(para)
18853
msgid ""
18854
"The best way to figure out why something is going wrong is to check the log "
18855
"files."
18856
msgstr ""
18857
18858
#: serverguide/C/mail.xml:1604(para)
18859
msgid ""
18860
"For instructions on <application>Postfix</application> logging see the <xref "
18861
"linkend=\"postfix-troubleshooting\"/> section."
18862
msgstr ""
18863
18864
#: serverguide/C/mail.xml:1610(para)
18865
msgid ""
18866
"<application>Amavisd-new</application> uses "
18867
"<application>Syslog</application> to send messages to "
18868
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
18869
"increased by adding the <emphasis>$log_level</emphasis> option to "
18870
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
18871
"1 to 5."
18872
msgstr ""
18873
18874
#: serverguide/C/mail.xml:1615(programlisting)
18875
#, no-wrap
18876
msgid ""
18877
"\n"
18878
"$log_level = 2;\n"
18879
msgstr ""
18880
18881
#: serverguide/C/mail.xml:1619(para)
18882
msgid ""
18883
"When the <application>Amavisd-new</application> log output is increased "
18884
"<application>Spamassassin</application> log output is also increased."
18885
msgstr ""
18886
18887
#: serverguide/C/mail.xml:1626(para)
18888
msgid ""
18889
"The <application>ClamAV</application> log level can be increased by editing "
18890
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
18891
msgstr ""
18892
18893
#: serverguide/C/mail.xml:1630(programlisting)
18894
#, no-wrap
18895
msgid ""
18896
"\n"
18897
"LogVerbose true\n"
18898
msgstr ""
18899
18900
#: serverguide/C/mail.xml:1633(para)
18901
msgid ""
18902
"By default <application>ClamAV</application> will send log messages to "
18903
"<filename>/var/log/clamav/clamav.log</filename>."
18904
msgstr ""
18905
18906
#: serverguide/C/mail.xml:1639(para)
18907
msgid ""
18908
"After changing an applications log settings remember to restart the service "
18909
"for the new settings to take affect. Also, once the issue you are "
18910
"troubleshooting is resolved it is a good idea to change the log settings "
18911
"back to normal."
18912
msgstr ""
18913
18914
#: serverguide/C/mail.xml:1647(para)
18915
msgid "For more information on filtering mail see the following links:"
18916
msgstr ""
18917
18918
#: serverguide/C/mail.xml:1653(ulink)
18919
msgid "Amavisd-new Documentation"
18920
msgstr ""
18921
18922
#: serverguide/C/mail.xml:1657(para)
18923
msgid ""
18924
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
18925
"Documentation</ulink> and <ulink "
18926
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
18927
msgstr ""
18928
18929
#: serverguide/C/mail.xml:1664(ulink)
18930
msgid "Spamassassin Wiki"
18931
msgstr ""
18932
18933
#: serverguide/C/mail.xml:1669(ulink)
18934
msgid "Pyzor Homepage"
18935
msgstr ""
18936
18937
#: serverguide/C/mail.xml:1674(ulink)
18938
msgid "Razor Homepage"
18939
msgstr ""
18940
18941
#: serverguide/C/mail.xml:1679(ulink)
18942
msgid "DKIM.org"
18943
msgstr ""
18944
18945
#: serverguide/C/mail.xml:1684(ulink)
18946
msgid "Postfix Amavis New"
18947
msgstr ""
18948
18949
#: serverguide/C/mail.xml:1688(para)
18950
msgid ""
18951
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
18952
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
18953
msgstr ""
18954
18955
#: serverguide/C/lamp-applications.xml:13(title)
18956
msgid "LAMP Applications"
18957
msgstr ""
18958
18959
#: serverguide/C/lamp-applications.xml:19(para)
18960
msgid ""
18961
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
18962
"Ubuntu servers. There is a plethora of Open Source applications written "
18963
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
18964
"Content Management Systems, and Management Software such as phpMyAdmin."
18965
msgstr ""
18966
18967
#: serverguide/C/lamp-applications.xml:26(para)
18968
msgid ""
18969
"One advantage of LAMP is the substantial flexibility for different database, "
18970
"web server, and scripting languages. Popular substitutes for MySQL include "
18971
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
18972
"instead of PHP."
18973
msgstr ""
18974
18975
#: serverguide/C/lamp-applications.xml:32(para)
18976
msgid ""
18977
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
18978
"is:"
18979
msgstr ""
18980
18981
#: serverguide/C/lamp-applications.xml:38(para)
18982
msgid "Download an archive containing the application source files."
18983
msgstr ""
18984
18985
#: serverguide/C/lamp-applications.xml:43(para)
18986
msgid ""
18987
"Unpack the archive, usually in a directory accessible to a web server."
18988
msgstr ""
18989
18990
#: serverguide/C/lamp-applications.xml:48(para)
18991
msgid ""
18992
"Depending on where the source was extracted, configure a web browser to "
18993
"serve the files."
18994
msgstr ""
18995
18996
#: serverguide/C/lamp-applications.xml:53(para)
18997
msgid "Configure the application to connect to the database."
18998
msgstr ""
18999
19000
#: serverguide/C/lamp-applications.xml:58(para)
19001
msgid ""
19002
"Run a script, or browse to a page of the application, to install the "
19003
"database needed by the application."
19004
msgstr ""
19005
19006
#: serverguide/C/lamp-applications.xml:63(para)
19007
msgid ""
19008
"Once the steps above, or similar steps, are completed you are ready to begin "
19009
"using the application."
19010
msgstr ""
19011
19012
#: serverguide/C/lamp-applications.xml:69(para)
19013
msgid ""
19014
"A disadvantage of using this approach is that the application files are not "
19015
"placed in the file system in a standard way, which can cause confusion as to "
19016
"where the application is installed. Another larger disadvantage is updating "
19017
"the application. When a new version is released, the same process used to "
19018
"install the application is needed to apply updates."
19019
msgstr ""
19020
19021
#: serverguide/C/lamp-applications.xml:76(para)
19022
msgid ""
19023
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
19024
"packaged for Ubuntu, and are available for installation in the same way as "
19025
"non-LAMP applications. Depending on the application some extra configuration "
19026
"and setup steps may be needed, however."
19027
msgstr ""
19028
19029
#: serverguide/C/lamp-applications.xml:82(para)
19030
msgid ""
19031
"This section covers howto install and configure the Wiki applications "
19032
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
19033
"and the MySQL management application <application>phpMyAdmin</application>."
19034
msgstr ""
19035
19036
#: serverguide/C/lamp-applications.xml:88(para)
19037
msgid ""
19038
"A Wiki is a website that allows the visitors to easily add, remove and "
19039
"modify available content easily. The ease of interaction and operation makes "
19040
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
19041
"also referred to the collaborative software."
19042
msgstr ""
19043
19044
#: serverguide/C/lamp-applications.xml:100(title)
19045
msgid "Moin Moin"
19046
msgstr ""
19047
19048
#: serverguide/C/lamp-applications.xml:102(para)
19049
msgid ""
19050
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
19051
"engine, and licensed under the GNU GPL."
19052
msgstr ""
19053
19054
#: serverguide/C/lamp-applications.xml:110(para)
19055
msgid ""
19056
"To install <application>MoinMoin</application>, run the following command in "
19057
"the command prompt:"
19058
msgstr ""
19059
19060
#: serverguide/C/lamp-applications.xml:116(command)
19061
msgid "sudo apt-get install python-moinmoin"
19062
msgstr ""
19063
19064
#: serverguide/C/lamp-applications.xml:119(para)
19065
msgid ""
19066
"You should also install <application>apache2</application> web server. For "
19067
"installing <application>apache2</application> web server, please refer to "
19068
"<xref linkend=\"http-installation\"/> sub-section in <xref "
19069
"linkend=\"httpd\"/> section."
19070
msgstr ""
19071
19072
#: serverguide/C/lamp-applications.xml:130(para)
19073
msgid ""
19074
"For configuring your first Wiki application, please run the following set of "
19075
"commands. Let us assume that you are creating a Wiki named "
19076
"<emphasis>mywiki</emphasis>:"
19077
msgstr ""
19078
19079
#: serverguide/C/lamp-applications.xml:137(command)
19080
msgid "cd /usr/share/moin"
19081
msgstr ""
19082
19083
#: serverguide/C/lamp-applications.xml:138(command)
19084
msgid "sudo mkdir mywiki"
19085
msgstr ""
19086
19087
#: serverguide/C/lamp-applications.xml:139(command)
19088
msgid "sudo cp -R data mywiki"
19089
msgstr ""
19090
19091
#: serverguide/C/lamp-applications.xml:140(command)
19092
msgid "sudo cp -R underlay mywiki"
19093
msgstr ""
19094
19095
#: serverguide/C/lamp-applications.xml:141(command)
19096
msgid "sudo cp server/moin.cgi mywiki"
19097
msgstr ""
19098
19099
#: serverguide/C/lamp-applications.xml:142(command)
19100
msgid "sudo chown -R www-data.www-data mywiki"
19101
msgstr ""
19102
19103
#: serverguide/C/lamp-applications.xml:143(command)
19104
msgid "sudo chmod -R ug+rwX mywiki"
19105
msgstr ""
19106
19107
#: serverguide/C/lamp-applications.xml:144(command)
19108
msgid "sudo chmod -R o-rwx mywiki"
19109
msgstr ""
19110
19111
#: serverguide/C/lamp-applications.xml:147(para)
19112
msgid ""
19113
"Now you should configure <application>MoinMoin</application> to find your "
19114
"new Wiki <emphasis>mywiki</emphasis>. To configure "
19115
"<application>MoinMoin</application>, open "
19116
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
19117
msgstr ""
19118
19119
#: serverguide/C/lamp-applications.xml:155(programlisting)
19120
#, no-wrap
19121
msgid "data_dir = '/org/mywiki/data'"
19122
msgstr ""
19123
19124
#: serverguide/C/lamp-applications.xml:157(para)
19125
msgid "to"
19126
msgstr ""
19127
19128
#: serverguide/C/lamp-applications.xml:161(programlisting)
19129
#, no-wrap
19130
msgid "data_dir = '/usr/share/moin/mywiki/data'"
19131
msgstr ""
19132
19133
#: serverguide/C/lamp-applications.xml:163(para)
19134
msgid ""
19135
"Also, below the <emphasis>data_dir</emphasis> option add the "
19136
"<emphasis>data_underlay_dir</emphasis>:"
19137
msgstr ""
19138
19139
#: serverguide/C/lamp-applications.xml:167(programlisting)
19140
#, no-wrap
19141
msgid ""
19142
"\n"
19143
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
19144
msgstr ""
19145
19146
#: serverguide/C/lamp-applications.xml:172(para)
19147
msgid ""
19148
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
19149
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
19150
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
19151
"change."
19152
msgstr ""
19153
19154
#: serverguide/C/lamp-applications.xml:181(para)
19155
msgid ""
19156
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
19157
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
19158
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
19159
"<quote>(\"mywiki\", r\".*\")</quote>."
19160
msgstr ""
19161
19162
#: serverguide/C/lamp-applications.xml:189(para)
19163
msgid ""
19164
"Once you have configured <application>MoinMoin</application> to find your "
19165
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
19166
"<application>apache2</application> and make it ready for your Wiki "
19167
"application."
19168
msgstr ""
19169
19170
#: serverguide/C/lamp-applications.xml:196(para)
19171
msgid ""
19172
"You should add the following lines in <filename>/etc/apache2/sites-"
19173
"available/default</filename> file inside the <quote><VirtualHost "
19174
"*></quote> tag:"
19175
msgstr ""
19176
19177
#: serverguide/C/lamp-applications.xml:202(programlisting)
19178
#, no-wrap
19179
msgid ""
19180
"\n"
19181
"### moin\n"
19182
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
19183
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
19184
" <Directory /usr/share/moin/htdocs>\n"
19185
" Order allow,deny\n"
19186
" allow from all\n"
19187
" </Directory>\n"
19188
"### end moin\n"
19189
msgstr ""
19190
19191
#: serverguide/C/lamp-applications.xml:214(para)
19192
msgid ""
19193
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
19194
"<emphasis>alias</emphasis> line above, to the "
19195
"<application>moinmoin</application> version installed."
19196
msgstr ""
19197
19198
#: serverguide/C/lamp-applications.xml:220(para)
19199
msgid ""
19200
"Once you configure the <application>apache2</application> web server and "
19201
"make it ready for your Wiki application, you should restart it. You can run "
19202
"the following command to restart the <application>apache2</application> web "
19203
"server:"
19204
msgstr ""
19205
19206
#: serverguide/C/lamp-applications.xml:233(title)
19207
msgid "Verification"
19208
msgstr ""
19209
19210
#: serverguide/C/lamp-applications.xml:235(para)
19211
msgid ""
19212
"You can verify the Wiki application and see if it works by pointing your web "
19213
"browser to the following URL:"
19214
msgstr ""
19215
19216
#: serverguide/C/lamp-applications.xml:239(programlisting)
19217
#, no-wrap
19218
msgid ""
19219
"\n"
19220
"http://localhost/mywiki\n"
19221
msgstr ""
19222
19223
#: serverguide/C/lamp-applications.xml:243(para)
19224
msgid ""
19225
"You can also run the test command by pointing your web browser to the "
19226
"following URL:"
19227
msgstr ""
19228
19229
#: serverguide/C/lamp-applications.xml:248(programlisting)
19230
#, no-wrap
19231
msgid ""
19232
"\n"
19233
"http://localhost/mywiki?action=test\n"
19234
msgstr ""
19235
19236
#: serverguide/C/lamp-applications.xml:252(para)
19237
msgid ""
19238
"For more details, please refer to the <ulink "
19239
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
19240
msgstr ""
19241
19242
#: serverguide/C/lamp-applications.xml:263(para)
19243
msgid ""
19244
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
19245
"Wiki</ulink>."
19246
msgstr ""
19247
19248
#: serverguide/C/lamp-applications.xml:268(para)
19249
msgid ""
19250
"Also, see the <ulink "
19251
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19252
"MoinMoin</ulink> page."
19253
msgstr ""
19254
19255
#: serverguide/C/lamp-applications.xml:277(title)
19256
msgid "MediaWiki"
19257
msgstr ""
19258
19259
#: serverguide/C/lamp-applications.xml:279(para)
19260
msgid ""
19261
"MediaWiki is an web based Wiki software written in the PHP language. It can "
19262
"either use <application>MySQL</application> or "
19263
"<application>PostgreSQL</application> Database Management System."
19264
msgstr ""
19265
19266
#: serverguide/C/lamp-applications.xml:289(para)
19267
msgid ""
19268
"Before installing <application>MediaWiki</application> you should also "
19269
"install <application>Apache2</application>, the "
19270
"<application>PHP5</application> scripting language and Database a Management "
19271
"System. <application>MySQL</application> or "
19272
"<application>PostgreSQL</application> are the most common, choose one "
19273
"depending on your need. Please refer to those sections in this manual for "
19274
"installation instructions."
19275
msgstr ""
19276
19277
#: serverguide/C/lamp-applications.xml:297(para)
19278
msgid ""
19279
"To install <application>MediaWiki</application>, run the following command "
19280
"in the command prompt:"
19281
msgstr ""
19282
19283
#: serverguide/C/lamp-applications.xml:303(command)
19284
msgid "sudo apt-get install mediawiki php5-gd"
19285
msgstr ""
19286
19287
#: serverguide/C/lamp-applications.xml:306(para)
19288
msgid ""
19289
"For additional <application>MediaWiki</application> functionality see the "
19290
"<application>mediawiki-extensions</application> package."
19291
msgstr ""
19292
19293
#: serverguide/C/lamp-applications.xml:316(para)
19294
msgid ""
19295
"The Apache configuration file <filename>mediawiki.conf</filename> for "
19296
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
19297
"directory. You should uncomment the following line in this file to access "
19298
"MediaWiki application."
19299
msgstr ""
19300
19301
#: serverguide/C/lamp-applications.xml:324(screen)
19302
#, no-wrap
19303
msgid ""
19304
"\n"
19305
"# Alias /mediawiki /var/lib/mediawiki\n"
19306
msgstr ""
19307
19308
#: serverguide/C/lamp-applications.xml:328(para)
19309
msgid ""
19310
"After you uncomment the above line, restart Apache server and access "
19311
"MediaWiki using the following url:"
19312
msgstr ""
19313
19314
#: serverguide/C/lamp-applications.xml:333(programlisting)
19315
#, no-wrap
19316
msgid ""
19317
"\n"
19318
"http://localhost/mediawiki/config/index.php\n"
19319
msgstr ""
19320
19321
#: serverguide/C/lamp-applications.xml:338(para)
19322
msgid ""
19323
"Please read the <quote>Checking environment...</quote> section in this page. "
19324
"You should be able to fix many issues by carefully reading this section."
19325
msgstr ""
19326
19327
#: serverguide/C/lamp-applications.xml:345(para)
19328
msgid ""
19329
"Once the configuration is complete, you should copy the "
19330
"<filename>LocalSettings.php</filename> file to "
19331
"<filename>/etc/mediawiki</filename> directory:"
19332
msgstr ""
19333
19334
#: serverguide/C/lamp-applications.xml:352(command)
19335
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19336
msgstr ""
19337
19338
#: serverguide/C/lamp-applications.xml:355(para)
19339
msgid ""
19340
"You may also want to edit "
19341
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19342
msgstr ""
19343
19344
#: serverguide/C/lamp-applications.xml:360(programlisting)
19345
#, no-wrap
19346
msgid ""
19347
"\n"
19348
"ini_set( 'memory_limit', '64M' );\n"
19349
msgstr ""
19350
19351
#: serverguide/C/lamp-applications.xml:367(title)
19352
msgid "Extensions"
19353
msgstr ""
19354
19355
#: serverguide/C/lamp-applications.xml:368(para)
19356
msgid ""
19357
"The extensions add new features and enhancements for the MediaWiki "
19358
"application. The extensions give wiki administrators and end users the "
19359
"ability to customize MediaWiki to their requirements."
19360
msgstr ""
19361
19362
#: serverguide/C/lamp-applications.xml:374(para)
19363
msgid ""
19364
"You can download MediaWiki extensions as an archive file or checkout from "
19365
"the Subversion repository. You should copy it to "
19366
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
19367
"also add the following line at the end of file: "
19368
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
19369
msgstr ""
19370
19371
#: serverguide/C/lamp-applications.xml:382(programlisting)
19372
#, no-wrap
19373
msgid ""
19374
"\n"
19375
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
19376
msgstr ""
19377
19378
#: serverguide/C/lamp-applications.xml:392(para)
19379
msgid ""
19380
"For more details, please refer to the <ulink "
19381
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
19382
msgstr ""
19383
19384
#: serverguide/C/lamp-applications.xml:398(para)
19385
msgid ""
19386
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
19387
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
19388
"new MediaWiki administrators."
19389
msgstr ""
19390
19391
#: serverguide/C/lamp-applications.xml:404(para)
19392
msgid ""
19393
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19394
"Wiki MediaWiki</ulink> page is a good resource."
19395
msgstr ""
19396
19397
#: serverguide/C/lamp-applications.xml:414(title)
19398
msgid "phpMyAdmin"
19399
msgstr ""
19400
19401
#: serverguide/C/lamp-applications.xml:416(para)
19402
msgid ""
19403
"<application>phpMyAdmin</application> is a LAMP application specifically "
19404
"written for administering <application>MySQL</application> servers. Written "
19405
"in <application>PHP</application>, and accessed through a web browser, "
19406
"phpMyAdmin provides a graphical interface for database administration tasks."
19407
msgstr ""
19408
19409
#: serverguide/C/lamp-applications.xml:425(para)
19410
msgid ""
19411
"Before installing <application>phpMyAdmin</application> you will need access "
19412
"to a <application>MySQL</application> database either on the same host as "
19413
"that phpMyAdmin is installed on, or on a host accessible over the network. "
19414
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
19415
"enter:"
19416
msgstr ""
19417
19418
#: serverguide/C/lamp-applications.xml:432(command)
19419
msgid "sudo apt-get install phpmyadmin"
19420
msgstr ""
19421
19422
#: serverguide/C/lamp-applications.xml:435(para)
19423
msgid ""
19424
"At the prompt choose which web server to be configured for "
19425
"<application>phpMyAdmin</application>. The rest of this section will use "
19426
"<application>Apache2</application> for the web server."
19427
msgstr ""
19428
19429
#: serverguide/C/lamp-applications.xml:440(para)
19430
msgid ""
19431
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
19432
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
19433
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
19434
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
19435
"user if you any setup, and enter the <application>MySQL</application> user's "
19436
"password."
19437
msgstr ""
19438
19439
#: serverguide/C/lamp-applications.xml:447(para)
19440
msgid ""
19441
"Once logged in you can reset the <emphasis>root</emphasis> password if "
19442
"needed, create users, create/destroy databases and tables, etc."
19443
msgstr ""
19444
19445
#: serverguide/C/lamp-applications.xml:455(para)
19446
msgid ""
19447
"The configuration files for <application>phpMyAdmin</application> are "
19448
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
19449
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
19450
"configuration options that apply globally to "
19451
"<application>phpMyAdmin</application>."
19452
msgstr ""
19453
19454
#: serverguide/C/lamp-applications.xml:461(para)
19455
msgid ""
19456
"To use <application>phpMyAdmin</application> to administer a MySQL database "
19457
"hosted on another server, adjust the following in "
19458
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
19459
msgstr ""
19460
19461
#: serverguide/C/lamp-applications.xml:466(programlisting)
19462
#, no-wrap
19463
msgid ""
19464
"\n"
19465
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
19466
msgstr ""
19467
19468
#: serverguide/C/lamp-applications.xml:471(para)
19469
msgid ""
19470
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
19471
"remote database server name or IP address. Also, be sure that the "
19472
"<application>phpMyAdmin</application> host has permissions to access the "
19473
"remote database."
19474
msgstr ""
19475
19476
#: serverguide/C/lamp-applications.xml:477(para)
19477
msgid ""
19478
"Once configured, log out of <application>phpMyAdmin</application> and back "
19479
"in, and you should be accessing the new server."
19480
msgstr ""
19481
19482
#: serverguide/C/lamp-applications.xml:481(para)
19483
msgid ""
19484
"The <filename>config.header.inc.php</filename> and "
19485
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
19486
"header and footer to <application>phpMyAdmin</application>."
19487
msgstr ""
19488
19489
#: serverguide/C/lamp-applications.xml:486(para)
19490
msgid ""
19491
"Another important configuration file is "
19492
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
19493
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
19494
"configure <application>Apache2</application> to serve the "
19495
"<application>phpMyAdmin</application> site. The file contains directives for "
19496
"loading <application>PHP</application>, directory permissions, etc. For more "
19497
"information on configuring <application>Apache2</application> see <xref "
19498
"linkend=\"httpd\"/>."
19499
msgstr ""
19500
19501
#: serverguide/C/lamp-applications.xml:500(para)
19502
msgid ""
19503
"The <application>phpMyAdmin</application> documentation comes installed with "
19504
"the package and can be accessed from the <emphasis>phpMyAdmin "
19505
"Documentation</emphasis> link (a question mark with a box around it) under "
19506
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
19507
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
19508
msgstr ""
19509
19510
#: serverguide/C/lamp-applications.xml:507(para)
19511
msgid ""
19512
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
19513
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
19514
msgstr ""
19515
19516
#: serverguide/C/lamp-applications.xml:512(para)
19517
msgid ""
19518
"A third resource is the <ulink "
19519
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19520
"Wiki</ulink> page."
19521
msgstr ""
19522
19523
#: serverguide/C/introduction.xml:14(para)
19524
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
19525
msgstr ""
19526
19527
#: serverguide/C/introduction.xml:15(para)
19528
msgid ""
19529
"Here you can find information on how to install and configure various server "
19530
"applications. It is a step-by-step, task-oriented guide for configuring and "
19531
"customizing your system."
19532
msgstr ""
19533
19534
#: serverguide/C/introduction.xml:19(para)
19535
msgid ""
19536
"This guide assumes you have a basic understanding of your Ubuntu system. "
19537
"Some installation details are covered in <xref linkend=\"installation\"/>, "
19538
"but if you need detailed instructions installing Ubuntu please refer to the "
19539
"<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
19540
"Installation Guide</ulink>."
19541
msgstr ""
19542
19543
#: serverguide/C/introduction.xml:25(para)
19544
msgid ""
19545
"A HTML version of the manual is available online at <ulink "
19546
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
19547
"HTML files are also available in the <application>ubuntu-"
19548
"serverguide</application> package. See <xref linkend=\"package-"
19549
"management\"/> for details on installing packages."
19550
msgstr ""
19551
19552
#: serverguide/C/introduction.xml:32(para)
19553
msgid ""
19554
"If you choose to install the <application>ubuntu-serverguide</application> "
19555
"you can view this document from a console by:"
19556
msgstr ""
19557
19558
#: serverguide/C/introduction.xml:36(command)
19559
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
19560
msgstr ""
19561
19562
#: serverguide/C/introduction.xml:39(para)
19563
msgid ""
19564
"If you are using a localized version of Ubuntu, replace "
19565
"<emphasis>C</emphasis> with your language localization (e.g. "
19566
"<emphasis>en_GB</emphasis>)."
19567
msgstr ""
19568
19569
#: serverguide/C/introduction.xml:53(title)
19570
msgid "Support"
19571
msgstr ""
19572
19573
#: serverguide/C/introduction.xml:55(para)
19574
msgid ""
19575
"There are a couple of different ways that Ubuntu Server Edition is "
19576
"supported, commercial support and community support. The main commercial "
19577
"support (and development funding) is available from Canonical Ltd. They "
19578
"supply reasonably priced support contracts on a per desktop or per server "
19579
"basis. For more information see the <ulink "
19580
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
19581
"page."
19582
msgstr ""
19583
19584
#: serverguide/C/introduction.xml:62(para)
19585
msgid ""
19586
"Community support is also provided by dedicated individuals, and companies, "
19587
"that wish to make Ubuntu the best distribution possible. Support is provided "
19588
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
19589
"large amount of information available can be overwhelming, but a good search "
19590
"engine query can usually provide an answer to your questions. See the <ulink "
19591
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
19592
"information."
19593
msgstr ""
19594
19595
#: serverguide/C/installation.xml:14(para)
19596
msgid ""
19597
"This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
19598
"Edition. For more detailed instructions, please refer to the <ulink "
19599
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
19600
"Installation Guide</ulink>."
19601
msgstr ""
19602
19603
#: serverguide/C/installation.xml:19(title)
19604
msgid "Preparing to Install"
19605
msgstr ""
19606
19607
#: serverguide/C/installation.xml:20(para)
19608
msgid ""
19609
"This section explains various aspects to consider before starting the "
19610
"installation."
19611
msgstr ""
19612
19613
#: serverguide/C/installation.xml:24(title)
19614
msgid "System Requirements"
19615
msgstr ""
19616
19617
#: serverguide/C/installation.xml:25(para)
19618
msgid ""
19619
"Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
19620
"x86 and AMD64. The table below lists recommended hardware specifications. "
19621
"Depending on your needs, you might manage with less than this. However, most "
19622
"users risk being frustrated if they ignore these suggestions."
19623
msgstr ""
19624
19625
#: serverguide/C/installation.xml:27(title)
19626
msgid "Recommended Minimum Requirements"
19627
msgstr ""
19628
19629
#: serverguide/C/installation.xml:35(para)
19630
msgid "Install Type"
19631
msgstr ""
19632
19633
#: serverguide/C/installation.xml:36(para)
19634
msgid "RAM"
19635
msgstr ""
19636
19637
#: serverguide/C/installation.xml:37(para)
19638
msgid "Hard Drive Space"
19639
msgstr ""
19640
19641
#: serverguide/C/installation.xml:40(para)
19642
msgid "Base System"
19643
msgstr ""
19644
19645
#: serverguide/C/installation.xml:41(para)
19646
msgid "All Tasks Installed"
19647
msgstr ""
19648
19649
#: serverguide/C/installation.xml:46(para)
19650
msgid "Server"
19651
msgstr ""
19652
19653
#: serverguide/C/installation.xml:47(para)
19654
msgid "128 megabytes"
19655
msgstr ""
19656
19657
#: serverguide/C/installation.xml:48(para)
19658
msgid "500 megabytes"
19659
msgstr ""
19660
19661
#: serverguide/C/installation.xml:49(para)
19662
msgid "1 gigabyte"
19663
msgstr ""
19664
19665
#: serverguide/C/installation.xml:54(para)
19666
msgid ""
19667
"The Server Edition provides a common base for all sorts of server "
19668
"applications. It is a minimalist design providing a platform for the desired "
19669
"services, such as file/print services, web hosting, email hosting, etc."
19670
msgstr ""
19671
19672
#: serverguide/C/installation.xml:60(para)
19673
msgid ""
19674
"The requirements for UEC are slightly different for Front End requirements "
19675
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19676
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19677
msgstr ""
19678
19679
#: serverguide/C/installation.xml:68(title)
19680
msgid "Server and Desktop Differences"
19681
msgstr ""
19682
19683
#: serverguide/C/installation.xml:69(para)
19684
msgid ""
19685
"There are a few differences between the <emphasis>Ubuntu Server "
19686
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
19687
"should be noted that both editions use the same "
19688
"<application>apt</application> repositories. Making it just as easy to "
19689
"install a <emphasis role=\"italic\">server</emphasis> application on the "
19690
"Desktop Edition as it is on the Server Edition."
19691
msgstr ""
19692
19693
#: serverguide/C/installation.xml:75(para)
19694
msgid ""
19695
"The differences between the two editions are the lack of an X window "
19696
"environment in the Server Edition, the installation process, and different "
19697
"Kernel options."
19698
msgstr ""
19699
19700
#: serverguide/C/installation.xml:82(title)
19701
msgid "Kernel Differences:"
19702
msgstr ""
19703
19704
#: serverguide/C/installation.xml:85(para)
19705
msgid ""
19706
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
19707
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
19708
"Edition."
19709
msgstr ""
19710
19711
#: serverguide/C/installation.xml:91(para)
19712
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
19713
msgstr ""
19714
19715
#: serverguide/C/installation.xml:96(para)
19716
msgid ""
19717
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
19718
"Desktop Edition."
19719
msgstr ""
19720
19721
#: serverguide/C/installation.xml:102(para)
19722
msgid ""
19723
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
19724
"limited by memory addressing space."
19725
msgstr ""
19726
19727
#: serverguide/C/installation.xml:107(para)
19728
msgid ""
19729
"To see all kernel configuration options you can look through "
19730
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
19731
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
19732
"great resource on the options available."
19733
msgstr ""
19734
19735
#: serverguide/C/installation.xml:116(title)
19736
msgid "Backing Up"
19737
msgstr ""
19738
19739
#: serverguide/C/installation.xml:119(para)
19740
msgid ""
19741
"Before installing <application>Ubuntu Server Edition</application> you "
19742
"should make sure all data on the system is backed up. See <xref "
19743
"linkend=\"backups\"/> for backup options."
19744
msgstr ""
19745
19746
#: serverguide/C/installation.xml:123(para)
19747
msgid ""
19748
"If this is not the first time an operating system has been installed on your "
19749
"computer, it is likely you will need to re-partition your disk to make room "
19750
"for Ubuntu."
19751
msgstr ""
19752
19753
#: serverguide/C/installation.xml:127(para)
19754
msgid ""
19755
"Any time you partition your disk, you should be prepared to lose everything "
19756
"on the disk should you make a mistake or something goes wrong during "
19757
"partitioning. The programs used in installation are quite reliable, most "
19758
"have seen years of use, but they also perform destructive actions."
19759
msgstr ""
19760
19761
#: serverguide/C/installation.xml:139(title)
19762
msgid "Installing from CD"
19763
msgstr ""
19764
19765
#: serverguide/C/installation.xml:140(para)
19766
msgid ""
19767
"The basic steps to install Ubuntu Server Edition from CD are the same for "
19768
"installing any operating system from CD. Unlike the <emphasis>Desktop "
19769
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
19770
"a graphical installation program. Instead the Server Edition uses a console "
19771
"menu based process."
19772
msgstr ""
19773
19774
#: serverguide/C/installation.xml:147(para)
19775
msgid ""
19776
"First, download and burn the appropriate ISO file from the <ulink "
19777
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
19778
msgstr ""
19779
19780
#: serverguide/C/installation.xml:153(para)
19781
msgid "Boot the system from the CD-ROM drive."
19782
msgstr ""
19783
19784
#: serverguide/C/installation.xml:158(para)
19785
msgid ""
19786
"At the boot prompt you will be asked to select the language. Afterwards the "
19787
"installation process begins by asking for your keyboard layout."
19788
msgstr ""
19789
19790
#: serverguide/C/installation.xml:164(para)
19791
msgid ""
19792
"From the main boot menu there are some additional options to install Ubuntu "
19793
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19794
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19795
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19796
"will cover the basic Ubuntu Server install."
19797
msgstr ""
19798
19799
#: serverguide/C/installation.xml:172(para)
19800
msgid ""
19801
"The installer then discovers your hardware configuration, and configures the "
19802
"network settings using DHCP. If you do not wish to use DHCP at the next "
19803
"screen choose \"Go Back\", and you have the option to \"Configure the "
19804
"network manually\"."
19805
msgstr ""
19806
19807
#: serverguide/C/installation.xml:179(para)
19808
msgid "Next, the installer asks for the system's hostname and Time Zone."
19809
msgstr ""
19810
19811
#: serverguide/C/installation.xml:184(para)
19812
msgid ""
19813
"You can then choose from several options to configure the hard drive layout. "
19814
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
19815
msgstr ""
19816
19817
#: serverguide/C/installation.xml:190(para)
19818
msgid "The Ubuntu base system is then installed."
19819
msgstr ""
19820
19821
#: serverguide/C/installation.xml:195(para)
19822
msgid ""
19823
"A new user is setup, this user will have <emphasis>root</emphasis> access "
19824
"through the <application>sudo</application> utility."
19825
msgstr ""
19826
19827
#: serverguide/C/installation.xml:201(para)
19828
msgid ""
19829
"After the user is setup, you will be asked to encrypt your <filename "
19830
"role=\"directory\">home</filename> directory."
19831
msgstr ""
19832
19833
#: serverguide/C/installation.xml:207(para)
19834
msgid ""
19835
"The next step in the installation process is to decide how you want to "
19836
"update the system. There are three options:"
19837
msgstr ""
19838
19839
#: serverguide/C/installation.xml:213(para)
19840
msgid ""
19841
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
19842
"log into the machine and manually install updates."
19843
msgstr ""
19844
19845
#: serverguide/C/installation.xml:219(para)
19846
msgid ""
19847
"<emphasis>Install security updates Automatically</emphasis>: will install "
19848
"the <application>unattended-upgrades</application> package, which will "
19849
"install security updates without the intervention of an administrator. For "
19850
"more details see <xref linkend=\"automatic-updates\"/>."
19851
msgstr ""
19852
19853
#: serverguide/C/installation.xml:226(para)
19854
msgid ""
19855
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
19856
"service provided by Canonical to help manage your Ubuntu machines. See the "
19857
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
19858
"site for details."
19859
msgstr ""
19860
19861
#: serverguide/C/installation.xml:235(para)
19862
msgid ""
19863
"You now have the option to install, or not install, several package tasks. "
19864
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
19865
"to launch <application>aptitude</application> to choose specific packages to "
19866
"install. For more information see <xref linkend=\"aptitude\"/>."
19867
msgstr ""
19868
19869
#: serverguide/C/installation.xml:243(para)
19870
msgid "Finally, the last step before rebooting is to set the clock to UTC."
19871
msgstr ""
19872
19873
#: serverguide/C/installation.xml:249(para)
19874
msgid ""
19875
"If at any point during installation you are not satisfied by the default "
19876
"setting, use the \"Go Back\" function at any prompt to be brought to a "
19877
"detailed installation menu that will allow you to modify the default "
19878
"settings."
19879
msgstr ""
19880
19881
#: serverguide/C/installation.xml:254(para)
19882
msgid ""
19883
"At some point during the installation process you may want to read the help "
19884
"screen provided by the installation system. To do this, press F1."
19885
msgstr ""
19886
19887
#: serverguide/C/installation.xml:259(para)
19888
msgid ""
19889
"Once again, for detailed instructions see the <ulink "
19890
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
19891
"Installation Guide</ulink>."
19892
msgstr ""
19893
19894
#: serverguide/C/installation.xml:265(title)
19895
msgid "Package Tasks"
19896
msgstr ""
19897
19898
#: serverguide/C/installation.xml:266(para)
19899
msgid ""
19900
"During the Server Edition installation you have the option of installing "
19901
"additional packages from the CD. The packages are grouped by the type of "
19902
"service they provide."
19903
msgstr ""
19904
19905
#: serverguide/C/installation.xml:272(para)
19906
msgid "Cloud computing: Walrus storage service"
19907
msgstr ""
19908
19909
#: serverguide/C/installation.xml:277(para)
19910
msgid "Cloud computing: all-in-one cluster"
19911
msgstr ""
19912
19913
#: serverguide/C/installation.xml:282(para)
19914
msgid "Cloud computing: Cluster controller"
19915
msgstr ""
19916
19917
#: serverguide/C/installation.xml:287(para)
19918
msgid "Cloud computing: Node controller"
19919
msgstr ""
19920
19921
#: serverguide/C/installation.xml:292(para)
19922
msgid "Cloud computing: Storage controller"
19923
msgstr ""
19924
19925
#: serverguide/C/installation.xml:297(para)
19926
msgid "Cloud computing: top-level cloud controller"
19927
msgstr ""
19928
19929
#: serverguide/C/installation.xml:302(para)
19930
msgid "DNS server: Selects the BIND DNS server and its documentation."
19931
msgstr ""
19932
19933
#: serverguide/C/installation.xml:307(para)
19934
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
19935
msgstr ""
19936
19937
#: serverguide/C/installation.xml:312(para)
19938
msgid ""
19939
"Mail server: This task selects a variety of package useful for a general "
19940
"purpose mail server system."
19941
msgstr ""
19942
19943
#: serverguide/C/installation.xml:317(para)
19944
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
19945
msgstr ""
19946
19947
#: serverguide/C/installation.xml:322(para)
19948
msgid ""
19949
"PostgreSQL database: This task selects client and server packages for the "
19950
"PostgreSQL database."
19951
msgstr ""
19952
19953
#: serverguide/C/installation.xml:327(para)
19954
msgid "Print server: This task sets up your system to be a print server."
19955
msgstr ""
19956
19957
#: serverguide/C/installation.xml:332(para)
19958
msgid ""
19959
"Samba File server: This task sets up your system to be a Samba file server, "
19960
"which is especially suitable in networks with both Windows and Linux systems."
19961
msgstr ""
19962
19963
#: serverguide/C/installation.xml:338(para)
19964
msgid ""
19965
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
19966
"etc."
19967
msgstr ""
19968
19969
#: serverguide/C/installation.xml:343(para)
19970
msgid ""
19971
"Virtual machine host: Includes packages needed to run KVM virtual machines."
19972
msgstr ""
19973
19974
#: serverguide/C/installation.xml:348(para)
19975
msgid ""
19976
"Manually select packages: Executes <application>apptitude</application> "
19977
"allowing you to individually select packages."
19978
msgstr ""
19979
19980
#: serverguide/C/installation.xml:353(para)
19981
msgid ""
19982
"Installing the package groups is accomplished using the "
19983
"<application>tasksel</application> utility. One of the important difference "
19984
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
19985
"installed, a package is also configured to reasonable defaults, eventually "
19986
"prompting you for additional required information. Likewise, when installing "
19987
"a task, the packages are not only installed, but also configured to provided "
19988
"a fully integrated service."
19989
msgstr ""
19990
19991
#: serverguide/C/installation.xml:360(para)
19992
msgid ""
19993
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
19994
"<xref linkend=\"uec\"/>."
19995
msgstr ""
19996
19997
#: serverguide/C/installation.xml:363(para)
19998
msgid ""
19999
"Once the installation process has finished you can view a list of available "
20000
"tasks by entering the following from a terminal prompt:"
20001
msgstr ""
20002
20003
#: serverguide/C/installation.xml:368(command)
20004
msgid "tasksel --list-tasks"
20005
msgstr ""
20006
20007
#: serverguide/C/installation.xml:371(para)
20008
msgid ""
20009
"The output will list tasks from other Ubuntu based distributions such as "
20010
"Kubuntu and Edubuntu. Note that you can also invoke the "
20011
"<command>tasksel</command> command by itself, which will bring up a menu of "
20012
"the different tasks available."
20013
msgstr ""
20014
20015
#: serverguide/C/installation.xml:377(para)
20016
msgid ""
20017
"You can view a list of which packages are installed with each task using the "
20018
"<emphasis>--task-packages</emphasis> option. For example, to list the "
20019
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
20020
"following:"
20021
msgstr ""
20022
20023
#: serverguide/C/installation.xml:382(command)
20024
msgid "tasksel --task-packages dns-server"
20025
msgstr ""
20026
20027
#: serverguide/C/installation.xml:384(para)
20028
msgid "The output of the command should list:"
20029
msgstr ""
20030
20031
#: serverguide/C/installation.xml:387(programlisting)
20032
#, no-wrap
20033
msgid ""
20034
"\n"
20035
"bind9-doc \n"
20036
"bind9utils \n"
20037
"bind9\n"
20038
msgstr ""
20039
20040
#: serverguide/C/installation.xml:392(para)
20041
msgid ""
20042
"Also, if you did not install one of the tasks during the installation "
20043
"process, but for example you decide to make your new LAMP server a DNS "
20044
"server as well. Simply insert the installation CD and from a terminal:"
20045
msgstr ""
20046
20047
#: serverguide/C/installation.xml:397(command)
20048
msgid "sudo tasksel install dns-server"
20049
msgstr ""
20050
20051
#: serverguide/C/installation.xml:402(title)
20052
msgid "Upgrading"
20053
msgstr ""
20054
20055
#: serverguide/C/installation.xml:403(para)
20056
msgid ""
20057
"There are several ways to upgrade from one Ubuntu release to another. This "
20058
"section gives an overview of the recommended upgrade method."
20059
msgstr ""
20060
20061
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
20062
msgid "do-release-upgrade"
20063
msgstr ""
20064
20065
#: serverguide/C/installation.xml:408(para)
20066
msgid ""
20067
"The recommended way to upgrade a Server Edition installation is to use the "
20068
"<application>do-release-upgrade</application> utility. Part of the "
20069
"<emphasis>update-manager-core</emphasis> package, it does not have any "
20070
"graphical dependencies and is installed by default."
20071
msgstr ""
20072
20073
#: serverguide/C/installation.xml:413(para)
20074
msgid ""
20075
"Debian based systems can also be upgraded by using <command>apt-get dist-"
20076
"upgrade</command>. However, using <application>do-release-"
20077
"upgrade</application> is recommended because it has the ability to handle "
20078
"system configuration changes sometimes needed between releases."
20079
msgstr ""
20080
20081
#: serverguide/C/installation.xml:418(para)
20082
msgid "To upgrade to a newer release, from a terminal prompt enter:"
20083
msgstr ""
20084
20085
#: serverguide/C/installation.xml:424(para)
20086
msgid ""
20087
"It is also possible to use <application>do-release-upgrade</application> to "
20088
"upgrade to a development version of Ubuntu. To accomplish this use the "
20089
"<emphasis>-d</emphasis> switch:"
20090
msgstr ""
20091
20092
#: serverguide/C/installation.xml:429(command)
20093
msgid "do-release-upgrade -d"
20094
msgstr ""
20095
20096
#: serverguide/C/installation.xml:432(para)
20097
msgid ""
20098
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
20099
"for production environments."
20100
msgstr ""
20101
20102
#: serverguide/C/installation.xml:439(title)
20103
msgid "Advanced Installation"
20104
msgstr ""
20105
20106
#: serverguide/C/installation.xml:442(title)
20107
msgid "Software RAID"
20108
msgstr ""
20109
20110
#: serverguide/C/installation.xml:444(para)
20111
msgid ""
20112
"RAID is a method of configuring multiple hard drives to act as one, reducing "
20113
"the probability of catastrophic data loss in case of drive failure. RAID is "
20114
"implemented in either software (where the operating system knows about both "
20115
"drives and actively maintains both of them) or hardware (where a special "
20116
"controller makes the OS think there's only one drive and maintains the "
20117
"drives 'invisibly')."
20118
msgstr ""
20119
20120
#: serverguide/C/installation.xml:451(para)
20121
msgid ""
20122
"The RAID software included with current versions of Linux (and Ubuntu) is "
20123
"based on the <application>'mdadm'</application> driver and works very well, "
20124
"better even than many so-called 'hardware' RAID controllers. This section "
20125
"will guide you through installing Ubuntu Server Edition using two RAID1 "
20126
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
20127
"another for <emphasis>swap</emphasis>."
20128
msgstr ""
20129
20130
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
20131
msgid ""
20132
"Follow the installation steps until you get to the <emphasis>Partition "
20133
"disks</emphasis> step, then:"
20134
msgstr ""
20135
20136
#: serverguide/C/installation.xml:468(para)
20137
msgid "Select <emphasis>Manual</emphasis> as the partition method."
20138
msgstr ""
20139
20140
#: serverguide/C/installation.xml:475(para)
20141
msgid ""
20142
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
20143
"partition table on this device?\"</emphasis>."
20144
msgstr ""
20145
20146
#: serverguide/C/installation.xml:479(para)
20147
msgid ""
20148
"Repeat this step for each drive you wish to be part of the RAID array."
20149
msgstr ""
20150
20151
#: serverguide/C/installation.xml:486(para)
20152
msgid ""
20153
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
20154
"select <emphasis>\"Create a new partition\"</emphasis>."
20155
msgstr ""
20156
20157
#: serverguide/C/installation.xml:493(para)
20158
msgid ""
20159
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
20160
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
20161
"size is twice that of RAM. Enter the partition size, then choose "
20162
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
20163
msgstr ""
20164
20165
#: serverguide/C/installation.xml:502(para)
20166
msgid ""
20167
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
20168
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
20169
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
20170
"<emphasis>\"Done setting up partition\"</emphasis>."
20171
msgstr ""
20172
20173
#: serverguide/C/installation.xml:511(para)
20174
msgid ""
20175
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
20176
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
20177
"partition\"</emphasis>."
20178
msgstr ""
20179
20180
#: serverguide/C/installation.xml:519(para)
20181
msgid ""
20182
"Use the rest of the free space on the drive and choose "
20183
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
20184
msgstr ""
20185
20186
#: serverguide/C/installation.xml:526(para)
20187
msgid ""
20188
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
20189
"at the top, changing it to <emphasis>\"physical volume for "
20190
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20191
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20192
"<emphasis>\"Done setting up partition\"</emphasis>."
20193
msgstr ""
20194
20195
#: serverguide/C/installation.xml:536(para)
20196
msgid "Repeat steps three through eight for the other disk and partitions."
20197
msgstr ""
20198
20199
#: serverguide/C/installation.xml:545(title)
20200
msgid "RAID Configuration"
20201
msgstr ""
20202
20203
#: serverguide/C/installation.xml:547(para)
20204
msgid "With the partitions setup the arrays are ready to be configured:"
20205
msgstr ""
20206
20207
#: serverguide/C/installation.xml:554(para)
20208
msgid ""
20209
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
20210
"Software RAID\"</emphasis> at the top."
20211
msgstr ""
20212
20213
#: serverguide/C/installation.xml:561(para)
20214
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
20215
msgstr ""
20216
20217
#: serverguide/C/installation.xml:568(para)
20218
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
20219
msgstr ""
20220
20221
#: serverguide/C/installation.xml:575(para)
20222
msgid ""
20223
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
20224
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
20225
msgstr ""
20226
20227
#: serverguide/C/installation.xml:581(para)
20228
msgid ""
20229
"In order to use <emphasis>RAID5</emphasis> you need at least "
20230
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
20231
"<emphasis>two</emphasis> drives are required."
20232
msgstr ""
20233
20234
#: serverguide/C/installation.xml:590(para)
20235
msgid ""
20236
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
20237
"of hard drives you have, for the array. Then select "
20238
"<emphasis>\"Continue\"</emphasis>."
20239
msgstr ""
20240
20241
#: serverguide/C/installation.xml:598(para)
20242
msgid ""
20243
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
20244
"default, then choose <emphasis>\"Continue\"</emphasis>."
20245
msgstr ""
20246
20247
#: serverguide/C/installation.xml:605(para)
20248
msgid ""
20249
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
20250
"etc. The numbers will usually match and the different letters correspond to "
20251
"different hard drives."
20252
msgstr ""
20253
20254
#: serverguide/C/installation.xml:610(para)
20255
msgid ""
20256
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
20257
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
20258
"go to the next step."
20259
msgstr ""
20260
20261
#: serverguide/C/installation.xml:618(para)
20262
msgid ""
20263
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
20264
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
20265
"and <emphasis>sdb2</emphasis>."
20266
msgstr ""
20267
20268
#: serverguide/C/installation.xml:626(para)
20269
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
20270
msgstr ""
20271
20272
#: serverguide/C/installation.xml:636(title)
20273
msgid "Formatting"
20274
msgstr ""
20275
20276
#: serverguide/C/installation.xml:638(para)
20277
msgid ""
20278
"There should now be a list of hard drives and RAID devices. The next step is "
20279
"to format and set the mount point for the RAID devices. Treat the RAID "
20280
"device as a local hard drive, format and mount accordingly."
20281
msgstr ""
20282
20283
#: serverguide/C/installation.xml:646(para)
20284
msgid ""
20285
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20286
"#0\"</emphasis> partition."
20287
msgstr ""
20288
20289
#: serverguide/C/installation.xml:653(para)
20290
msgid ""
20291
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
20292
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
20293
msgstr ""
20294
20295
#: serverguide/C/installation.xml:661(para)
20296
msgid ""
20297
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20298
"#1\"</emphasis> partition."
20299
msgstr ""
20300
20301
#: serverguide/C/installation.xml:668(para)
20302
msgid ""
20303
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
20304
"journaling file system\"</emphasis>."
20305
msgstr ""
20306
20307
#: serverguide/C/installation.xml:675(para)
20308
msgid ""
20309
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
20310
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
20311
"options as appropriate, then select <emphasis>\"Done setting up "
20312
"partition\"</emphasis>."
20313
msgstr ""
20314
20315
#: serverguide/C/installation.xml:683(para)
20316
msgid ""
20317
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20318
"disk\"</emphasis>."
20319
msgstr ""
20320
20321
#: serverguide/C/installation.xml:690(para)
20322
msgid ""
20323
"If you choose to place the root partition on a RAID array, the installer "
20324
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
20325
"state. See <xref linkend=\"raid-degraded\"/> for further details."
20326
msgstr ""
20327
20328
#: serverguide/C/installation.xml:695(para)
20329
msgid "The installation process will then continue normally."
20330
msgstr ""
20331
20332
#: serverguide/C/installation.xml:701(title)
20333
msgid "Degraded RAID"
20334
msgstr ""
20335
20336
#: serverguide/C/installation.xml:703(para)
20337
msgid ""
20338
"At some point in the life of the computer a disk failure event may occur. "
20339
"When this happens, using Software RAID, the operating system will place the "
20340
"array into what is known as a <emphasis>degraded</emphasis> state."
20341
msgstr ""
20342
20343
#: serverguide/C/installation.xml:708(para)
20344
msgid ""
20345
"If the array has become degraded, due to the chance of data corruption, by "
20346
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
20347
"after thirty seconds. Once the initramfs has booted there is a fifteen "
20348
"second prompt giving you the option to go ahead and boot the system, or "
20349
"attempt manual recover. Booting to the initramfs prompt may or may not be "
20350
"the desired behavior, especially if the machine is in a remote location. "
20351
"Booting to a degraded array can be configured several ways:"
20352
msgstr ""
20353
20354
#: serverguide/C/installation.xml:719(para)
20355
msgid ""
20356
"The <application>dpkg-reconfigure</application> utility can be used to "
20357
"configure the default behavior, and during the process you will be queried "
20358
"about additional settings related to the array. Such as monitoring, email "
20359
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
20360
"following:"
20361
msgstr ""
20362
20363
#: serverguide/C/installation.xml:726(command)
20364
msgid "sudo dpkg-reconfigure mdadm"
20365
msgstr ""
20366
20367
#: serverguide/C/installation.xml:732(para)
20368
msgid ""
20369
"The <command>dpkg-reconfigure mdadm</command> process will change the "
20370
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
20371
"The file has the advantage of being able to pre-configure the system's "
20372
"behavior, and can also be manually edited:"
20373
msgstr ""
20374
20375
#: serverguide/C/installation.xml:738(programlisting)
20376
#, no-wrap
20377
msgid ""
20378
"\n"
20379
"BOOT_DEGRADED=true\n"
20380
msgstr ""
20381
20382
#: serverguide/C/installation.xml:743(para)
20383
msgid "The configuration file can be overridden by using a Kernel argument."
20384
msgstr ""
20385
20386
#: serverguide/C/installation.xml:751(para)
20387
msgid ""
20388
"Using a Kernel argument will allow the system to boot to a degraded array as "
20389
"well:"
20390
msgstr ""
20391
20392
#: serverguide/C/installation.xml:757(para)
20393
msgid ""
20394
"When the server is booting press <keycap>Shift</keycap> to open the "
20395
"<application>Grub</application> menu."
20396
msgstr ""
20397
20398
#: serverguide/C/installation.xml:762(para)
20399
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20400
msgstr ""
20401
20402
#: serverguide/C/installation.xml:767(para)
20403
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20404
msgstr ""
20405
20406
#: serverguide/C/installation.xml:772(para)
20407
msgid ""
20408
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
20409
"end of the line."
20410
msgstr ""
20411
20412
#: serverguide/C/installation.xml:777(para)
20413
msgid ""
20414
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20415
"the system."
20416
msgstr ""
20417
20418
#: serverguide/C/installation.xml:786(para)
20419
msgid ""
20420
"Once the system has booted you can either repair the array see <xref "
20421
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
20422
"another machine due to major hardware failure."
20423
msgstr ""
20424
20425
#: serverguide/C/installation.xml:793(title)
20426
msgid "RAID Maintenance"
20427
msgstr ""
20428
20429
#: serverguide/C/installation.xml:795(para)
20430
msgid ""
20431
"The <application>mdadm</application> utility can be used to view the status "
20432
"of an array, add disks to an array, remove disks, etc:"
20433
msgstr ""
20434
20435
#: serverguide/C/installation.xml:802(para)
20436
msgid "To view the status of an array, from a terminal prompt enter:"
20437
msgstr ""
20438
20439
#: serverguide/C/installation.xml:806(command)
20440
msgid "sudo mdadm -D /dev/md0"
20441
msgstr ""
20442
20443
#: serverguide/C/installation.xml:809(para)
20444
msgid ""
20445
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
20446
"display <emphasis>detailed</emphasis> information about the "
20447
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
20448
"with the appropriate RAID device."
20449
msgstr ""
20450
20451
#: serverguide/C/installation.xml:815(para)
20452
msgid "To view the status of a disk in an array:"
20453
msgstr ""
20454
20455
#: serverguide/C/installation.xml:819(command)
20456
msgid "sudo mdadm -E /dev/sda1"
20457
msgstr ""
20458
20459
#: serverguide/C/installation.xml:821(para)
20460
msgid ""
20461
"The output if very similar to the <command>mdadm -D</command> command, "
20462
"adjust <filename>/dev/sda1</filename> for each disk."
20463
msgstr ""
20464
20465
#: serverguide/C/installation.xml:826(para)
20466
msgid "If a disk fails and needs to be removed from an array enter:"
20467
msgstr ""
20468
20469
#: serverguide/C/installation.xml:830(command)
20470
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
20471
msgstr ""
20472
20473
#: serverguide/C/installation.xml:832(para)
20474
msgid ""
20475
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
20476
"the appropriate RAID device and disk."
20477
msgstr ""
20478
20479
#: serverguide/C/installation.xml:837(para)
20480
msgid "Similarly, to add a new disk:"
20481
msgstr ""
20482
20483
#: serverguide/C/installation.xml:841(command)
20484
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
20485
msgstr ""
20486
20487
#: serverguide/C/installation.xml:846(para)
20488
msgid ""
20489
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
20490
"though there is nothing physically wrong with the drive. It is usually "
20491
"worthwhile to remove the drive from the array then re-add it. This will "
20492
"cause the drive to re-sync with the array. If the drive will not sync with "
20493
"the array, it is a good indication of hardware failure."
20494
msgstr ""
20495
20496
#: serverguide/C/installation.xml:852(para)
20497
msgid ""
20498
"The <filename>/proc/mdstat</filename> file also contains useful information "
20499
"about the system's RAID devices:"
20500
msgstr ""
20501
20502
#: serverguide/C/installation.xml:857(command)
20503
msgid "cat /proc/mdstat"
20504
msgstr ""
20505
20506
#: serverguide/C/installation.xml:858(computeroutput)
20507
#, no-wrap
20508
msgid ""
20509
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
20510
"[raid10] \n"
20511
"md0 : active raid1 sda1[0] sdb1[1]\n"
20512
" 10016384 blocks [2/2] [UU]\n"
20513
" \n"
20514
"unused devices: <none>"
20515
msgstr ""
20516
20517
#: serverguide/C/installation.xml:865(para)
20518
msgid ""
20519
"The following command is great for watching the status of a syncing drive:"
20520
msgstr ""
20521
20522
#: serverguide/C/installation.xml:870(command)
20523
msgid "watch -n1 cat /proc/mdstat"
20524
msgstr ""
20525
20526
#: serverguide/C/installation.xml:873(para)
20527
msgid ""
20528
"Press <emphasis>Ctrl+c</emphasis> to stop the "
20529
"<application>watch</application> command."
20530
msgstr ""
20531
20532
#: serverguide/C/installation.xml:877(para)
20533
msgid ""
20534
"If you do need to replace a faulty drive, after the drive has been replaced "
20535
"and synced, <application>grub</application> will need to be installed. To "
20536
"install <application>grub</application> on the new drive, enter the "
20537
"following:"
20538
msgstr ""
20539
20540
#: serverguide/C/installation.xml:883(command)
20541
msgid "sudo grub-install /dev/md0"
20542
msgstr ""
20543
20544
#: serverguide/C/installation.xml:886(para)
20545
msgid ""
20546
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
20547
msgstr ""
20548
20549
#: serverguide/C/installation.xml:894(para)
20550
msgid ""
20551
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
20552
"can be configured. Please see the following links for more information:"
20553
msgstr ""
20554
20555
#: serverguide/C/installation.xml:901(para)
20556
msgid ""
20557
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20558
"Wiki Articles on RAID</ulink>."
20559
msgstr ""
20560
20561
#: serverguide/C/installation.xml:907(ulink)
20562
msgid "Software RAID HOWTO"
20563
msgstr ""
20564
20565
#: serverguide/C/installation.xml:912(ulink)
20566
msgid "Managing RAID on Linux"
20567
msgstr ""
20568
20569
#: serverguide/C/installation.xml:919(title)
20570
msgid "Logical Volume Manager (LVM)"
20571
msgstr ""
20572
20573
#: serverguide/C/installation.xml:921(para)
20574
msgid ""
20575
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
20576
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
20577
"hard disks. LVM volumes can be created on both software RAID partitions and "
20578
"standard partitions residing on a single disk. Volumes can also be extended, "
20579
"giving greater flexibility to systems as requirements change."
20580
msgstr ""
20581
20582
#: serverguide/C/installation.xml:930(para)
20583
msgid ""
20584
"A side effect of LVM's power and flexibility is a greater degree of "
20585
"complication. Before diving into the LVM installation process, it is best to "
20586
"get familiar with some terms."
20587
msgstr ""
20588
20589
#: serverguide/C/installation.xml:937(para)
20590
msgid ""
20591
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
20592
"Volumes (LV)."
20593
msgstr ""
20594
20595
#: serverguide/C/installation.xml:942(para)
20596
msgid ""
20597
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
20598
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
20599
"which resides the actual EXT3, XFS, JFS, etc filesystem."
20600
msgstr ""
20601
20602
#: serverguide/C/installation.xml:948(para)
20603
msgid ""
20604
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
20605
"RAID partition. The Volume Group can be extended by adding more PVs."
20606
msgstr ""
20607
20608
#: serverguide/C/installation.xml:959(para)
20609
msgid ""
20610
"As an example this section covers installing Ubuntu Server Edition with "
20611
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
20612
"the initial install only one Physical Volume (PV) will be part of the Volume "
20613
"Group (VG). Another PV will be added after install to demonstrate how a VG "
20614
"can be extended."
20615
msgstr ""
20616
20617
#: serverguide/C/installation.xml:965(para)
20618
msgid ""
20619
"There are several installation options for LVM, <emphasis>\"Guided - use the "
20620
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
20621
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
20622
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
20623
"partitions and configure LVM. At this time the only way to configure a "
20624
"system with both LVM and standard partitions, during installation, is to use "
20625
"the Manual approach."
20626
msgstr ""
20627
20628
#: serverguide/C/installation.xml:982(para)
20629
msgid ""
20630
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
20631
"<emphasis>\"Manual\"</emphasis>."
20632
msgstr ""
20633
20634
#: serverguide/C/installation.xml:989(para)
20635
msgid ""
20636
"Select the hard disk and on the next screen choose \"yes\" to "
20637
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
20638
msgstr ""
20639
20640
#: serverguide/C/installation.xml:996(para)
20641
msgid ""
20642
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
20643
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
20644
msgstr ""
20645
20646
#: serverguide/C/installation.xml:1004(para)
20647
msgid ""
20648
"For the LVM <emphasis>/srv</emphasis>, create a new "
20649
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
20650
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
20651
"<emphasis>\"Done setting up the partition\"</emphasis>."
20652
msgstr ""
20653
20654
#: serverguide/C/installation.xml:1012(para)
20655
msgid ""
20656
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
20657
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
20658
"disk."
20659
msgstr ""
20660
20661
#: serverguide/C/installation.xml:1020(para)
20662
msgid ""
20663
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
20664
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
20665
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
20666
"After entering a name, select the partition configured for LVM, and choose "
20667
"<emphasis>\"Continue\"</emphasis>."
20668
msgstr ""
20669
20670
#: serverguide/C/installation.xml:1029(para)
20671
msgid ""
20672
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
20673
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
20674
"volume group, and enter a name for the new LV, for example "
20675
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
20676
"a size, which may be the full partition because it can always be extended "
20677
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
20678
"main <emphasis>\"Partition Disks\"</emphasis> screen."
20679
msgstr ""
20680
20681
#: serverguide/C/installation.xml:1039(para)
20682
msgid ""
20683
"Now add a filesystem to the new LVM. Select the partition under "
20684
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
20685
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
20686
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
20687
"select <emphasis>\"Done setting up the partition\"</emphasis>."
20688
msgstr ""
20689
20690
#: serverguide/C/installation.xml:1048(para)
20691
msgid ""
20692
"Finally, select <emphasis>\"Finish partitioning and write changes to "
20693
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
20694
"the installation."
20695
msgstr ""
20696
20697
#: serverguide/C/installation.xml:1056(para)
20698
msgid "There are some useful utilities to view information about LVM:"
20699
msgstr ""
20700
20701
#: serverguide/C/installation.xml:1061(para)
20702
msgid ""
20703
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
20704
msgstr ""
20705
20706
#: serverguide/C/installation.xml:1062(para)
20707
msgid ""
20708
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
20709
msgstr ""
20710
20711
#: serverguide/C/installation.xml:1063(para)
20712
msgid ""
20713
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
20714
"Physical Volumes."
20715
msgstr ""
20716
20717
#: serverguide/C/installation.xml:1068(title)
20718
msgid "Extending Volume Groups"
20719
msgstr ""
20720
20721
#: serverguide/C/installation.xml:1070(para)
20722
msgid ""
20723
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
20724
"section covers adding a second hard disk, creating a Physical Volume (PV), "
20725
"adding it to the volume group (VG), extending the logical volume <filename "
20726
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
20727
"example assumes a second hard disk has been added to the system. This hard "
20728
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
20729
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
20730
"before issuing the commands below. You could lose some data if you issue "
20731
"those commands on a non-empty disk. In our example we will use the entire "
20732
"disk as a physical volume (you could choose to create partitions and use "
20733
"them as different physical volumes)"
20734
msgstr ""
20735
20736
#: serverguide/C/installation.xml:1082(para)
20737
msgid "First, create the physical volume, in a terminal execute:"
20738
msgstr ""
20739
20740
#: serverguide/C/installation.xml:1087(command)
20741
msgid "sudo pvcreate /dev/sdb"
20742
msgstr ""
20743
20744
#: serverguide/C/installation.xml:1093(para)
20745
msgid "Now extend the Volume Group (VG):"
20746
msgstr ""
20747
20748
#: serverguide/C/installation.xml:1098(command)
20749
msgid "sudo vgextend vg01 /dev/sdb"
20750
msgstr ""
20751
20752
#: serverguide/C/installation.xml:1104(para)
20753
msgid ""
20754
"Use <application>vgdisplay</application> to find out the free physical "
20755
"extents - Free PE / size (the size you can allocate). We will assume a free "
20756
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
20757
"whole free space available. Use your own PE and/or free space."
20758
msgstr ""
20759
20760
#: serverguide/C/installation.xml:1110(para)
20761
msgid ""
20762
"The Logical Volume (LV) can now be extended by different methods, we will "
20763
"only see how to use the PE to extend the LV:"
20764
msgstr ""
20765
20766
#: serverguide/C/installation.xml:1115(command)
20767
msgid "sudo lvextend /dev/vg01/srv -l +511"
20768
msgstr ""
20769
20770
#: serverguide/C/installation.xml:1118(para)
20771
msgid ""
20772
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
20773
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
20774
"Gig, Tera, etc bytes."
20775
msgstr ""
20776
20777
#: serverguide/C/installation.xml:1126(para)
20778
msgid ""
20779
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
20780
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
20781
"pratice to unmount it anyway and check the filesystem, so that you don't "
20782
"mess up the day you want to reduce a logical volume (in that case unmounting "
20783
"first is compulsory)."
20784
msgstr ""
20785
20786
#: serverguide/C/installation.xml:1132(para)
20787
msgid ""
20788
"The following commands are for an <emphasis>EXT3</emphasis> or "
20789
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
20790
"there may be other utilities available."
20791
msgstr ""
20792
20793
#: serverguide/C/installation.xml:1139(command)
20794
msgid "sudo e2fsck -f /dev/vg01/srv"
20795
msgstr ""
20796
20797
#: serverguide/C/installation.xml:1142(para)
20798
msgid ""
20799
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
20800
"forces checking even if the system seems clean."
20801
msgstr ""
20802
20803
#: serverguide/C/installation.xml:1149(para)
20804
msgid "Finally, resize the filesystem:"
20805
msgstr ""
20806
20807
#: serverguide/C/installation.xml:1154(command)
20808
msgid "sudo resize2fs /dev/vg01/srv"
20809
msgstr ""
20810
20811
#: serverguide/C/installation.xml:1160(para)
20812
msgid "Now mount the partition and check its size."
20813
msgstr ""
20814
20815
#: serverguide/C/installation.xml:1165(command)
20816
msgid "mount /dev/vg01/srv /srv && df -h /srv"
20817
msgstr ""
20818
20819
#: serverguide/C/installation.xml:1177(para)
20820
msgid ""
20821
"See the <ulink "
20822
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20823
"Articles</ulink>."
20824
msgstr ""
20825
20826
#: serverguide/C/installation.xml:1182(para)
20827
msgid ""
20828
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
20829
"HOWTO</ulink> for more information."
20830
msgstr ""
20831
20832
#: serverguide/C/installation.xml:1187(para)
20833
msgid ""
20834
"Another good article is <ulink "
20835
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
20836
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
20837
"linuxdevcenter.com site."
20838
msgstr ""
20839
20840
#: serverguide/C/installation.xml:1194(para)
20841
msgid ""
20842
"For more information on <application>fdisk</application> see the <ulink "
20843
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
20844
"man page</ulink>."
20845
msgstr ""
20846
20847
#: serverguide/C/file-server.xml:13(title)
20848
msgid "File Servers"
20849
msgstr ""
20850
20851
#: serverguide/C/file-server.xml:15(para)
20852
msgid ""
20853
"If you have more than one computer on a single network. At some point you "
20854
"will probably need to share files between them. In this section we cover "
20855
"installing and configuring FTP, NFS, and CUPS."
20856
msgstr ""
20857
20858
#: serverguide/C/file-server.xml:22(title)
20859
msgid "FTP Server"
20860
msgstr ""
20861
20862
#: serverguide/C/file-server.xml:24(para)
20863
msgid ""
20864
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
20865
"files between computers. FTP works on a client/server model. The server "
20866
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
20867
"listens for FTP requests from remote clients. When a request is received, it "
20868
"manages the login and sets up the connection. For the duration of the "
20869
"session it executes any of commands sent by the FTP client."
20870
msgstr ""
20871
20872
#: serverguide/C/file-server.xml:33(para)
20873
msgid "Access to an FTP server can be managed in two ways:"
20874
msgstr ""
20875
20876
#: serverguide/C/file-server.xml:37(para)
20877
msgid "Anonymous"
20878
msgstr ""
20879
20880
#: serverguide/C/file-server.xml:40(para)
20881
msgid "Authenticated"
20882
msgstr ""
20883
20884
#: serverguide/C/file-server.xml:43(para)
20885
msgid ""
20886
"In the Anonymous mode, remote clients can access the FTP server by using the "
20887
"default user account called \"anonymous\" or \"ftp\" and sending an email "
20888
"address as the password. In the Authenticated mode a user must have an "
20889
"account and a password. User access to the FTP server directories and files "
20890
"is dependent on the permissions defined for the account used at login. As a "
20891
"general rule, the FTP daemon will hide the root directory of the FTP server "
20892
"and change it to the FTP Home directory. This hides the rest of the file "
20893
"system from remote sessions."
20894
msgstr ""
20895
20896
#: serverguide/C/file-server.xml:55(title)
20897
msgid "vsftpd - FTP Server Installation"
20898
msgstr ""
20899
20900
#: serverguide/C/file-server.xml:57(para)
20901
msgid ""
20902
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
20903
"and maintain. To install <application>vsftpd</application> you can run the "
20904
"following command:"
20905
msgstr ""
20906
20907
#: serverguide/C/file-server.xml:65(command)
20908
msgid "sudo apt-get install vsftpd"
20909
msgstr ""
20910
20911
#: serverguide/C/file-server.xml:71(title)
20912
msgid "Anonymous FTP Configuration"
20913
msgstr ""
20914
20915
#: serverguide/C/file-server.xml:73(para)
20916
msgid ""
20917
"By default <application>vsftpd</application> is configured to only allow "
20918
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
20919
"created with a home directory of <filename>/home/ftp</filename>. This is the "
20920
"default FTP directory."
20921
msgstr ""
20922
20923
#: serverguide/C/file-server.xml:80(para)
20924
msgid ""
20925
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
20926
"example, simply create a directory in another location and change the "
20927
"<emphasis>ftp</emphasis> user's home directory:"
20928
msgstr ""
20929
20930
#: serverguide/C/file-server.xml:87(command)
20931
msgid "sudo mkdir /srv/ftp"
20932
msgstr ""
20933
20934
#: serverguide/C/file-server.xml:88(command)
20935
msgid "sudo usermod -d /srv/ftp ftp"
20936
msgstr ""
20937
20938
#: serverguide/C/file-server.xml:91(para)
20939
msgid "After making the change restart <application>vsftpd</application>:"
20940
msgstr ""
20941
20942
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
20943
msgid "sudo /etc/init.d/vsftpd restart"
20944
msgstr ""
20945
20946
#: serverguide/C/file-server.xml:99(para)
20947
msgid ""
20948
"Finally, copy any files and directories you would like to make available "
20949
"through anonymous FTP to <filename>/srv/ftp</filename>."
20950
msgstr ""
20951
20952
#: serverguide/C/file-server.xml:106(title)
20953
msgid "User Authenticated FTP Configuration"
20954
msgstr ""
20955
20956
#: serverguide/C/file-server.xml:108(para)
20957
msgid ""
20958
"To configure <application>vsftpd</application> to authenticate system users "
20959
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
20960
msgstr ""
20961
20962
#: serverguide/C/file-server.xml:114(programlisting)
20963
#, no-wrap
20964
msgid ""
20965
"\n"
20966
"local_enable=YES\n"
20967
"write_enable=YES\n"
20968
msgstr ""
20969
20970
#: serverguide/C/file-server.xml:119(para)
20971
msgid "Now restart <application>vsftpd</application>:"
20972
msgstr ""
20973
20974
#: serverguide/C/file-server.xml:127(para)
20975
msgid ""
20976
"Now when system users login to FTP they will start in their "
20977
"<emphasis>home</emphasis> directories where they can download, upload, "
20978
"create directories, etc."
20979
msgstr ""
20980
20981
#: serverguide/C/file-server.xml:133(para)
20982
msgid ""
20983
"Similarly, by default, the anonymous users are not allowed to upload files "
20984
"to FTP server. To change this setting, you should uncomment the following "
20985
"line, and restart <application>vsftpd</application>:"
20986
msgstr ""
20987
20988
#: serverguide/C/file-server.xml:140(programlisting)
20989
#, no-wrap
20990
msgid ""
20991
"\n"
20992
"anon_upload_enable=YES\n"
20993
msgstr ""
20994
20995
#: serverguide/C/file-server.xml:145(para)
20996
msgid ""
20997
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
20998
"not enable anonymous upload on servers accessed directly from the Internet."
20999
msgstr ""
21000
21001
#: serverguide/C/file-server.xml:151(para)
21002
msgid ""
21003
"The configuration file consists of many configuration parameters. The "
21004
"information about each parameter is available in the configuration file. "
21005
"Alternatively, you can refer to the man page, <command>man 5 "
21006
"vsftpd.conf</command> for details of each parameter."
21007
msgstr ""
21008
21009
#: serverguide/C/file-server.xml:162(title)
21010
msgid "Securing FTP"
21011
msgstr ""
21012
21013
#: serverguide/C/file-server.xml:164(para)
21014
msgid ""
21015
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
21016
"<application>vsftpd</application> more secure. For example users can be "
21017
"limited to their home directories by uncommenting:"
21018
msgstr ""
21019
21020
#: serverguide/C/file-server.xml:170(programlisting)
21021
#, no-wrap
21022
msgid ""
21023
"\n"
21024
"chroot_local_user=YES\n"
21025
msgstr ""
21026
21027
#: serverguide/C/file-server.xml:174(para)
21028
msgid ""
21029
"You can also limit a specific list of users to just their home directories:"
21030
msgstr ""
21031
21032
#: serverguide/C/file-server.xml:178(programlisting)
21033
#, no-wrap
21034
msgid ""
21035
"\n"
21036
"chroot_list_enable=YES\n"
21037
"chroot_list_file=/etc/vsftpd.chroot_list\n"
21038
msgstr ""
21039
21040
#: serverguide/C/file-server.xml:183(para)
21041
msgid ""
21042
"After uncommenting the above options, create a "
21043
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
21044
"per line. Then restart <application>vsftpd</application>:"
21045
msgstr ""
21046
21047
#: serverguide/C/file-server.xml:192(para)
21048
msgid ""
21049
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
21050
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
21051
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
21052
"add them to the list."
21053
msgstr ""
21054
21055
#: serverguide/C/file-server.xml:199(para)
21056
msgid ""
21057
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
21058
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
21059
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
21060
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
21061
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
21062
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
21063
"with a shell may not be ideal for some environments, such as a shared web "
21064
"host."
21065
msgstr ""
21066
21067
#: serverguide/C/file-server.xml:208(para)
21068
msgid ""
21069
"To configure <emphasis>FTPS</emphasis>, edit "
21070
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
21071
msgstr ""
21072
21073
#: serverguide/C/file-server.xml:212(programlisting)
21074
#, no-wrap
21075
msgid ""
21076
"\n"
21077
"ssl_enable=Yes\n"
21078
msgstr ""
21079
21080
#: serverguide/C/file-server.xml:216(para)
21081
msgid "Also, notice the certificate and key related options:"
21082
msgstr ""
21083
21084
#: serverguide/C/file-server.xml:220(programlisting)
21085
#, no-wrap
21086
msgid ""
21087
"\n"
21088
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
21089
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
21090
msgstr ""
21091
21092
#: serverguide/C/file-server.xml:225(para)
21093
msgid ""
21094
"By default these options are set the certificate and key provided by the "
21095
"<application>ssl-cert</application> package. In a production environment "
21096
"these should be replaced with a certificate and key generated for the "
21097
"specific host. For more information on certificates see <xref "
21098
"linkend=\"certificates-and-security\"/>."
21099
msgstr ""
21100
21101
#: serverguide/C/file-server.xml:231(para)
21102
msgid ""
21103
"Now restart <application>vsftpd</application>, and non-anonymous users will "
21104
"be forced to use <emphasis>FTPS</emphasis>:"
21105
msgstr ""
21106
21107
#: serverguide/C/file-server.xml:240(para)
21108
msgid ""
21109
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
21110
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
21111
"adding the <emphasis>nologin</emphasis> shell:"
21112
msgstr ""
21113
21114
#: serverguide/C/file-server.xml:245(programlisting)
21115
#, no-wrap
21116
msgid ""
21117
"\n"
21118
"# /etc/shells: valid login shells\n"
21119
"/bin/csh\n"
21120
"/bin/sh\n"
21121
"/usr/bin/es\n"
21122
"/usr/bin/ksh\n"
21123
"/bin/ksh\n"
21124
"/usr/bin/rc\n"
21125
"/usr/bin/tcsh\n"
21126
"/bin/tcsh\n"
21127
"/usr/bin/esh\n"
21128
"/bin/dash\n"
21129
"/bin/bash\n"
21130
"/bin/rbash\n"
21131
"/usr/bin/screen\n"
21132
"/usr/sbin/nologin\n"
21133
msgstr ""
21134
21135
#: serverguide/C/file-server.xml:263(para)
21136
msgid ""
21137
"This is necessary because, by default <application>vsftpd</application> uses "
21138
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
21139
"configuration file contains:"
21140
msgstr ""
21141
21142
#: serverguide/C/file-server.xml:268(programlisting)
21143
#, no-wrap
21144
msgid ""
21145
"\n"
21146
"auth required pam_shells.so\n"
21147
msgstr ""
21148
21149
#: serverguide/C/file-server.xml:272(para)
21150
msgid ""
21151
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
21152
"in the <filename>/etc/shells</filename> file."
21153
msgstr ""
21154
21155
#: serverguide/C/file-server.xml:277(para)
21156
msgid ""
21157
"Most popular FTP clients can be configured connect using FTPS. The "
21158
"<application>lftp</application> command line FTP client has the ability to "
21159
"use FTPS as well."
21160
msgstr ""
21161
21162
#: serverguide/C/file-server.xml:288(para)
21163
msgid ""
21164
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
21165
"website</ulink> for more information."
21166
msgstr ""
21167
21168
#: serverguide/C/file-server.xml:293(para)
21169
msgid ""
21170
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
21171
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
21172
"vsftpd.conf man page</ulink>."
21173
msgstr ""
21174
21175
#: serverguide/C/file-server.xml:299(para)
21176
msgid ""
21177
"The CodeGurus article <ulink "
21178
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
21179
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
21180
"contrasting FTPS and SFTP."
21181
msgstr ""
21182
21183
#: serverguide/C/file-server.xml:305(para)
21184
msgid ""
21185
"Also, for more information see the <ulink "
21186
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21187
"page."
21188
msgstr ""
21189
21190
#: serverguide/C/file-server.xml:315(title)
21191
msgid "Network File System (NFS)"
21192
msgstr ""
21193
21194
#: serverguide/C/file-server.xml:316(para)
21195
msgid ""
21196
"NFS allows a system to share directories and files with others over a "
21197
"network. By using NFS, users and programs can access files on remote systems "
21198
"almost as if they were local files."
21199
msgstr ""
21200
21201
#: serverguide/C/file-server.xml:322(para)
21202
msgid "Some of the most notable benefits that NFS can provide are:"
21203
msgstr ""
21204
21205
#: serverguide/C/file-server.xml:328(para)
21206
msgid ""
21207
"Local workstations use less disk space because commonly used data can be "
21208
"stored on a single machine and still remain accessible to others over the "
21209
"network."
21210
msgstr ""
21211
21212
#: serverguide/C/file-server.xml:333(para)
21213
msgid ""
21214
"There is no need for users to have separate home directories on every "
21215
"network machine. Home directories could be set up on the NFS server and made "
21216
"available throughout the network."
21217
msgstr ""
21218
21219
#: serverguide/C/file-server.xml:339(para)
21220
msgid ""
21221
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
21222
"be used by other machines on the network. This may reduce the number of "
21223
"removable media drives throughout the network."
21224
msgstr ""
21225
21226
#: serverguide/C/file-server.xml:349(para)
21227
msgid ""
21228
"At a terminal prompt enter the following command to install the NFS Server:"
21229
msgstr ""
21230
21231
#: serverguide/C/file-server.xml:355(command)
21232
msgid "sudo apt-get install nfs-kernel-server"
21233
msgstr ""
21234
21235
#: serverguide/C/file-server.xml:361(para)
21236
msgid ""
21237
"You can configure the directories to be exported by adding them to the "
21238
"<filename>/etc/exports</filename> file. For example:"
21239
msgstr ""
21240
21241
#: serverguide/C/file-server.xml:366(screen)
21242
#, no-wrap
21243
msgid ""
21244
"\n"
21245
"/ubuntu *(ro,sync,no_root_squash)\n"
21246
"/home *(rw,sync,no_root_squash)\n"
21247
msgstr ""
21248
21249
#: serverguide/C/file-server.xml:372(para)
21250
msgid ""
21251
"You can replace * with one of the hostname formats. Make the hostname "
21252
"declaration as specific as possible so unwanted systems cannot access the "
21253
"NFS mount."
21254
msgstr ""
21255
21256
#: serverguide/C/file-server.xml:378(para)
21257
msgid ""
21258
"To start the NFS server, you can run the following command at a terminal "
21259
"prompt:"
21260
msgstr ""
21261
21262
#: serverguide/C/file-server.xml:383(command)
21263
msgid "sudo /etc/init.d/nfs-kernel-server start"
21264
msgstr ""
21265
21266
#: serverguide/C/file-server.xml:388(title)
21267
msgid "NFS Client Configuration"
21268
msgstr ""
21269
21270
#: serverguide/C/file-server.xml:389(para)
21271
msgid ""
21272
"Use the <application>mount</application> command to mount a shared NFS "
21273
"directory from another machine, by typing a command line similar to the "
21274
"following at a terminal prompt:"
21275
msgstr ""
21276
21277
#: serverguide/C/file-server.xml:395(command)
21278
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
21279
msgstr ""
21280
21281
#: serverguide/C/file-server.xml:399(para)
21282
msgid ""
21283
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
21284
"There should be no files or subdirectories in the "
21285
"<filename>/local/ubuntu</filename> directory."
21286
msgstr ""
21287
21288
#: serverguide/C/file-server.xml:406(para)
21289
msgid ""
21290
"An alternate way to mount an NFS share from another machine is to add a line "
21291
"to the <filename>/etc/fstab</filename> file. The line must state the "
21292
"hostname of the NFS server, the directory on the server being exported, and "
21293
"the directory on the local machine where the NFS share is to be mounted."
21294
msgstr ""
21295
21296
#: serverguide/C/file-server.xml:414(para)
21297
msgid ""
21298
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
21299
"as follows:"
21300
msgstr ""
21301
21302
#: serverguide/C/file-server.xml:420(programlisting)
21303
#, no-wrap
21304
msgid ""
21305
"\n"
21306
"example.hostname.com:/ubuntu /local/ubuntu nfs "
21307
"rsize=8192,wsize=8192,timeo=14,intr\n"
21308
msgstr ""
21309
21310
#: serverguide/C/file-server.xml:424(para)
21311
msgid ""
21312
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
21313
"common</application> package is installed on your client. To install "
21314
"<application>nfs-common</application> enter the following command at the "
21315
"terminal prompt: <screen>\n"
21316
"<command>sudo apt-get install nfs-common</command>\n"
21317
"</screen>"
21318
msgstr ""
21319
21320
#: serverguide/C/file-server.xml:437(ulink)
21321
msgid "Linux NFS faq"
21322
msgstr ""
21323
21324
#: serverguide/C/file-server.xml:439(ulink)
21325
msgid "Ubuntu Wiki NFS Howto"
21326
msgstr ""
21327
21328
#: serverguide/C/file-server.xml:445(title)
21329
msgid "CUPS - Print Server"
21330
msgstr ""
21331
21332
#: serverguide/C/file-server.xml:446(para)
21333
msgid ""
21334
"The primary mechanism for Ubuntu printing and print services is the "
21335
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
21336
"printing system is a freely available, portable printing layer which has "
21337
"become the new standard for printing in most Linux distributions."
21338
msgstr ""
21339
21340
#: serverguide/C/file-server.xml:453(para)
21341
msgid ""
21342
"CUPS manages print jobs and queues and provides network printing using the "
21343
"standard Internet Printing Protocol (IPP), while offering support for a very "
21344
"large range of printers, from dot-matrix to laser and many in between. CUPS "
21345
"also supports PostScript Printer Description (PPD) and auto-detection of "
21346
"network printers, and features a simple web-based configuration and "
21347
"administration tool."
21348
msgstr ""
21349
21350
#: serverguide/C/file-server.xml:463(para)
21351
msgid ""
21352
"To install CUPS on your Ubuntu computer, simply use "
21353
"<application>sudo</application> with the <application>apt-get</application> "
21354
"command and give the packages to install as the first parameter. A complete "
21355
"CUPS install has many package dependencies, but they may all be specified on "
21356
"the same command line. Enter the following at a terminal prompt to install "
21357
"CUPS:"
21358
msgstr ""
21359
21360
#: serverguide/C/file-server.xml:468(command)
21361
msgid "sudo apt-get install cups"
21362
msgstr ""
21363
21364
#: serverguide/C/file-server.xml:471(para)
21365
msgid ""
21366
"Upon authenticating with your user password, the packages should be "
21367
"downloaded and installed without error. Upon the conclusion of installation, "
21368
"the CUPS server will be started automatically."
21369
msgstr ""
21370
21371
#: serverguide/C/file-server.xml:476(para)
21372
msgid ""
21373
"For troubleshooting purposes, you can access CUPS server errors via the "
21374
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
21375
"error log does not show enough information to troubleshoot any problems you "
21376
"encounter, the verbosity of the CUPS log can be increased by changing the "
21377
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
21378
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
21379
"everything, from the default of \"info\". If you make this change, remember "
21380
"to change it back once you've solved your problem, to prevent the log file "
21381
"from becoming overly large."
21382
msgstr ""
21383
21384
#: serverguide/C/file-server.xml:489(para)
21385
msgid ""
21386
"The Common UNIX Printing System server's behavior is configured through the "
21387
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
21388
"The CUPS configuration file follows the same syntax as the primary "
21389
"configuration file for the Apache HTTP server, so users familiar with "
21390
"editing Apache's configuration file should feel at ease when editing the "
21391
"CUPS configuration file. Some examples of settings you may wish to change "
21392
"initially will be presented here."
21393
msgstr ""
21394
21395
#: serverguide/C/file-server.xml:499(para)
21396
msgid ""
21397
"Prior to editing the configuration file, you should make a copy of the "
21398
"original file and protect it from writing, so you will have the original "
21399
"settings as a reference, and to reuse as necessary."
21400
msgstr ""
21401
21402
#: serverguide/C/file-server.xml:503(para)
21403
msgid ""
21404
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
21405
"writing with the following commands, issued at a terminal prompt:"
21406
msgstr ""
21407
21408
#: serverguide/C/file-server.xml:509(command)
21409
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
21410
msgstr ""
21411
21412
#: serverguide/C/file-server.xml:510(command)
21413
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
21414
msgstr ""
21415
21416
#: serverguide/C/file-server.xml:515(para)
21417
msgid ""
21418
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
21419
"address of the designated administrator of the CUPS server, simply edit the "
21420
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
21421
"preferred text editor, and add or modify the <emphasis "
21422
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
21423
"you are the Administrator for the CUPS server, and your e-mail address is "
21424
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
21425
"as such:"
21426
msgstr ""
21427
21428
#: serverguide/C/file-server.xml:526(screen)
21429
#, no-wrap
21430
msgid ""
21431
"\n"
21432
"ServerAdmin bjoy@somebigco.com\n"
21433
msgstr ""
21434
21435
#: serverguide/C/file-server.xml:532(para)
21436
msgid ""
21437
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
21438
"server installation listens only on the loopback interface at IP address "
21439
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
21440
"listen on an actual network adapter's IP address, you must specify either a "
21441
"hostname, the IP address, or optionally, an IP address/port pairing via the "
21442
"addition of a Listen directive. For example, if your CUPS server resides on "
21443
"a local network at the IP address <emphasis "
21444
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
21445
"accessible to the other systems on this subnetwork, you would edit the "
21446
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
21447
"such:"
21448
msgstr ""
21449
21450
#: serverguide/C/file-server.xml:546(screen)
21451
#, no-wrap
21452
msgid ""
21453
"\n"
21454
"Listen 127.0.0.1:631 # existing loopback Listen\n"
21455
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
21456
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
21457
"(IPP)\n"
21458
msgstr ""
21459
21460
#: serverguide/C/file-server.xml:552(para)
21461
msgid ""
21462
"In the example above, you may comment out or remove the reference to the "
21463
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
21464
"</application> to listen on that interface, but would rather have it only "
21465
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
21466
"listening for all network interfaces for which a certain hostname is bound, "
21467
"including the Loopback, you could create a Listen entry for the hostname "
21468
"<emphasis>socrates</emphasis> as such:"
21469
msgstr ""
21470
21471
#: serverguide/C/file-server.xml:562(screen)
21472
#, no-wrap
21473
msgid ""
21474
"\n"
21475
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
21476
msgstr ""
21477
21478
#: serverguide/C/file-server.xml:566(para)
21479
msgid ""
21480
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
21481
"instead, as in:"
21482
msgstr ""
21483
21484
#: serverguide/C/file-server.xml:568(screen)
21485
#, no-wrap
21486
msgid ""
21487
"\n"
21488
"Port 631 # Listen on port 631 on all interfaces\n"
21489
msgstr ""
21490
21491
#: serverguide/C/file-server.xml:575(para)
21492
msgid ""
21493
"For more examples of configuration directives in the CUPS server "
21494
"configuration file, view the associated system manual page by entering the "
21495
"following command at a terminal prompt:"
21496
msgstr ""
21497
21498
#: serverguide/C/file-server.xml:582(command)
21499
msgid "man cupsd.conf"
21500
msgstr ""
21501
21502
#: serverguide/C/file-server.xml:586(para)
21503
msgid ""
21504
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
21505
"configuration file, you'll need to restart the CUPS server by typing the "
21506
"following command at a terminal prompt:"
21507
msgstr ""
21508
21509
#: serverguide/C/file-server.xml:592(command)
21510
msgid "sudo /etc/init.d/cups restart"
21511
msgstr ""
21512
21513
#: serverguide/C/file-server.xml:598(title)
21514
msgid "Web Interface"
21515
msgstr ""
21516
21517
#: serverguide/C/file-server.xml:600(para)
21518
msgid ""
21519
"CUPS can be configured and monitored using a web interface, which by default "
21520
"is available at <ulink "
21521
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
21522
"web interface can be used to perform all printer management tasks."
21523
msgstr ""
21524
21525
#: serverguide/C/file-server.xml:604(para)
21526
msgid ""
21527
"In order to perform administrative tasks via the web interface, you must "
21528
"either have the root account enabled on your server, or authenticate as a "
21529
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
21530
"reasons, CUPS won't authenticate a user that doesn't have a password."
21531
msgstr ""
21532
21533
#: serverguide/C/file-server.xml:607(para)
21534
msgid ""
21535
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
21536
"at the terminal prompt: <screen>\n"
21537
"<command>sudo usermod -aG lpadmin username</command>\n"
21538
"</screen>"
21539
msgstr ""
21540
21541
#: serverguide/C/file-server.xml:613(para)
21542
msgid ""
21543
"Further documentation is available in the <emphasis "
21544
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
21545
msgstr ""
21546
21547
#: serverguide/C/file-server.xml:621(ulink)
21548
msgid "CUPS Website"
21549
msgstr ""
21550
21551
#: serverguide/C/file-server.xml:624(ulink)
21552
msgid "Ubuntu Wiki CUPS page"
21553
msgstr ""
21554
21555
#: serverguide/C/dns.xml:13(title)
21556
msgid "Domain Name Service (DNS)"
21557
msgstr ""
21558
21559
#: serverguide/C/dns.xml:14(para)
21560
msgid ""
21561
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
21562
"fully qualified domain names (FQDN) to one another. In this way, DNS "
21563
"alleviates the need to remember IP addresses. Computers that run DNS are "
21564
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
21565
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
21566
"common program used for maintaining a name server on Linux."
21567
msgstr ""
21568
21569
#: serverguide/C/dns.xml:24(para)
21570
msgid ""
21571
"At a terminal prompt, enter the following command to install "
21572
"<application>dns</application>:"
21573
msgstr ""
21574
21575
#: serverguide/C/dns.xml:28(command)
21576
msgid "sudo apt-get install bind9"
21577
msgstr ""
21578
21579
#: serverguide/C/dns.xml:30(para)
21580
msgid ""
21581
"A very useful package for testing and troubleshooting DNS issues is the "
21582
"dnsutils package. To install <application>dnsutils</application> enter the "
21583
"following:"
21584
msgstr ""
21585
21586
#: serverguide/C/dns.xml:35(command)
21587
msgid "sudo apt-get install dnsutils"
21588
msgstr ""
21589
21590
#: serverguide/C/dns.xml:40(para)
21591
msgid ""
21592
"There a many ways to configure <application>BIND9</application>. Some of the "
21593
"most common configurations are a caching nameserver, primary master, and a "
21594
"as a secondary master."
21595
msgstr ""
21596
21597
#: serverguide/C/dns.xml:46(para)
21598
msgid ""
21599
"When configured as a caching nameserver BIND9 will find the answer to name "
21600
"queries and remember the answer when the domain is queried again."
21601
msgstr ""
21602
21603
#: serverguide/C/dns.xml:52(para)
21604
msgid ""
21605
"As a primary master server BIND9 reads the data for a zone from a file on "
21606
"it's host and is authoritative for that zone."
21607
msgstr ""
21608
21609
#: serverguide/C/dns.xml:57(para)
21610
msgid ""
21611
"In a secondary master configuration BIND9 gets the zone data from another "
21612
"nameserver authoritative for the zone."
21613
msgstr ""
21614
21615
#: serverguide/C/dns.xml:65(para)
21616
msgid ""
21617
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
21618
"directory. The primary configuration file is "
21619
"<filename>/etc/bind/named.conf</filename>."
21620
msgstr ""
21621
21622
#: serverguide/C/dns.xml:72(para)
21623
msgid ""
21624
"The <emphasis>include</emphasis> line specifies the filename which contains "
21625
"the DNS options. The <emphasis>directory</emphasis> line in the "
21626
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
21627
"look for files. All files BIND uses will be relative to this directory."
21628
msgstr ""
21629
21630
#: serverguide/C/dns.xml:80(para)
21631
msgid ""
21632
"The file named <filename>/etc/bind/db.root</filename> describes the root "
21633
"nameservers in the world. The servers change over time, so the "
21634
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
21635
"This is usually done as updates to the <application>bind9</application> "
21636
"package. The <emphasis>zone</emphasis> section defines a master server, and "
21637
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
21638
msgstr ""
21639
21640
#: serverguide/C/dns.xml:90(para)
21641
msgid ""
21642
"It is possible to configure the same server to be a caching name server, "
21643
"primary master, and secondary master. A server can be the Start of Authority "
21644
"(SOA) for one zone, while providing secondary service for another zone. All "
21645
"the while providing caching services for hosts on the local LAN."
21646
msgstr ""
21647
21648
#: serverguide/C/dns.xml:98(title)
21649
msgid "Caching Nameserver"
21650
msgstr ""
21651
21652
#: serverguide/C/dns.xml:99(para)
21653
msgid ""
21654
"The default configuration is setup to act as a caching server. All that is "
21655
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
21656
"uncomment and edit the following in "
21657
"<filename>/etc/bind/named.conf.options</filename>:"
21658
msgstr ""
21659
21660
#: serverguide/C/dns.xml:103(programlisting)
21661
#, no-wrap
21662
msgid ""
21663
"\n"
21664
"forwarders {\n"
21665
" 1.2.3.4;\n"
21666
" 5.6.7.8;\n"
21667
" };\n"
21668
msgstr ""
21669
21670
#: serverguide/C/dns.xml:110(para)
21671
msgid ""
21672
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
21673
"the IP Adresses of actual nameservers."
21674
msgstr ""
21675
21676
#: serverguide/C/dns.xml:114(para)
21677
msgid ""
21678
"Now restart the DNS server, to enable the new configuration. From a terminal "
21679
"prompt:"
21680
msgstr ""
21681
21682
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
21683
msgid "sudo /etc/init.d/bind9 restart"
21684
msgstr ""
21685
21686
#: serverguide/C/dns.xml:120(para)
21687
msgid ""
21688
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
21689
"DNS server."
21690
msgstr ""
21691
21692
#: serverguide/C/dns.xml:125(title)
21693
msgid "Primary Master"
21694
msgstr ""
21695
21696
#: serverguide/C/dns.xml:126(para)
21697
msgid ""
21698
"In this section <application>BIND9</application> will be configured as the "
21699
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
21700
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
21701
"(Fully Qualified Domain Name)."
21702
msgstr ""
21703
21704
#: serverguide/C/dns.xml:132(title)
21705
msgid "Forward Zone File"
21706
msgstr ""
21707
21708
#: serverguide/C/dns.xml:133(para)
21709
msgid ""
21710
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
21711
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
21712
msgstr ""
21713
21714
#: serverguide/C/dns.xml:137(programlisting)
21715
#, no-wrap
21716
msgid ""
21717
"\n"
21718
"zone \"example.com\" {\n"
21719
"\ttype master;\n"
21720
" file \"/etc/bind/db.example.com\";\n"
21721
"};\n"
21722
msgstr ""
21723
21724
#: serverguide/C/dns.xml:143(para)
21725
msgid ""
21726
"Now use an existing zone file as a template to create the "
21727
"<filename>/etc/bind/db.example.com</filename> file:"
21728
msgstr ""
21729
21730
#: serverguide/C/dns.xml:147(command)
21731
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
21732
msgstr ""
21733
21734
#: serverguide/C/dns.xml:149(para)
21735
msgid ""
21736
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
21737
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
21738
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
21739
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
21740
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
21741
"leaving the \".\" at the end."
21742
msgstr ""
21743
21744
#: serverguide/C/dns.xml:155(para)
21745
msgid ""
21746
"Also, create an <emphasis>A record</emphasis> for <emphasis "
21747
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
21748
msgstr ""
21749
21750
#: serverguide/C/dns.xml:159(programlisting)
21751
#, no-wrap
21752
msgid ""
21753
"\n"
21754
";\n"
21755
"; BIND data file for local loopback interface\n"
21756
";\n"
21757
"$TTL 604800\n"
21758
"@ IN SOA ns.example.com. root.example.com. (\n"
21759
" 2 ; Serial\n"
21760
" 604800 ; Refresh\n"
21761
" 86400 ; Retry\n"
21762
" 2419200 ; Expire\n"
21763
" 604800 ) ; Negative Cache TTL\n"
21764
";\n"
21765
"@ IN NS ns.example.com.\n"
21766
"@ IN A 127.0.0.1\n"
21767
"@ IN AAAA ::1\n"
21768
"ns IN A 192.168.1.10\n"
21769
msgstr ""
21770
21771
#: serverguide/C/dns.xml:176(para)
21772
msgid ""
21773
"You must increment the <emphasis>Serial Number</emphasis> every time you "
21774
"make changes to the zone file. If you make multiple changes before "
21775
"restarting BIND9, simply increment the Serial once."
21776
msgstr ""
21777
21778
#: serverguide/C/dns.xml:180(para)
21779
msgid ""
21780
"Now, you can add DNS records to the bottom of the zone file. See <xref "
21781
"linkend=\"dns-record-types\"/> for details."
21782
msgstr ""
21783
21784
#: serverguide/C/dns.xml:184(para)
21785
msgid ""
21786
"Many admins like to use the last date edited as the serial of a zone, such "
21787
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
21788
"<emphasis>ss</emphasis> is the Serial Number)"
21789
msgstr ""
21790
21791
#: serverguide/C/dns.xml:189(para)
21792
msgid ""
21793
"Once you have made a change to the zone file "
21794
"<application>BIND9</application> will need to be restarted for the changes "
21795
"to take effect:"
21796
msgstr ""
21797
21798
#: serverguide/C/dns.xml:198(title)
21799
msgid "Reverse Zone File"
21800
msgstr ""
21801
21802
#: serverguide/C/dns.xml:199(para)
21803
msgid ""
21804
"Now that the zone is setup and resolving names to IP Adresses a "
21805
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
21806
"DNS to resolve an address to a name."
21807
msgstr ""
21808
21809
#: serverguide/C/dns.xml:203(para)
21810
msgid "Edit /etc/bind/named.conf.local and add the following:"
21811
msgstr ""
21812
21813
#: serverguide/C/dns.xml:206(programlisting)
21814
#, no-wrap
21815
msgid ""
21816
"\n"
21817
"zone \"1.168.192.in-addr.arpa\" {\n"
21818
" type master;\n"
21819
" notify no;\n"
21820
" file \"/etc/bind/db.192\";\n"
21821
"};\n"
21822
msgstr ""
21823
21824
#: serverguide/C/dns.xml:214(para)
21825
msgid ""
21826
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
21827
"whatever network you are using. Also, name the zone file "
21828
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
21829
"first octet of your network."
21830
msgstr ""
21831
21832
#: serverguide/C/dns.xml:219(para)
21833
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
21834
msgstr ""
21835
21836
#: serverguide/C/dns.xml:223(command)
21837
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
21838
msgstr ""
21839
21840
#: serverguide/C/dns.xml:225(para)
21841
msgid ""
21842
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
21843
"same options as <filename>/etc/bind/db.example.com</filename>:"
21844
msgstr ""
21845
21846
#: serverguide/C/dns.xml:229(programlisting)
21847
#, no-wrap
21848
msgid ""
21849
"\n"
21850
";\n"
21851
"; BIND reverse data file for local loopback interface\n"
21852
";\n"
21853
"$TTL 604800\n"
21854
"@ IN SOA ns.example.com. root.example.com. (\n"
21855
" 2 ; Serial\n"
21856
" 604800 ; Refresh\n"
21857
" 86400 ; Retry\n"
21858
" 2419200 ; Expire\n"
21859
" 604800 ) ; Negative Cache TTL\n"
21860
";\n"
21861
"@ IN NS ns.\n"
21862
"10 IN PTR ns.example.com.\n"
21863
msgstr ""
21864
21865
#: serverguide/C/dns.xml:244(para)
21866
msgid ""
21867
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
21868
"incremented on each changes as well. For each <emphasis>A record</emphasis> "
21869
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
21870
"create a <emphasis>PTR record</emphasis> in "
21871
"<filename>/etc/bind/db.192</filename>."
21872
msgstr ""
21873
21874
#: serverguide/C/dns.xml:249(para)
21875
msgid ""
21876
"After creating the reverse zone file restart "
21877
"<application>BIND9</application>:"
21878
msgstr ""
21879
21880
#: serverguide/C/dns.xml:258(title)
21881
msgid "Secondary Master"
21882
msgstr ""
21883
21884
#: serverguide/C/dns.xml:259(para)
21885
msgid ""
21886
"Once a <emphasis>Primary Master</emphasis> has been configured a "
21887
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
21888
"availability of the domain should the Primary become unavailable."
21889
msgstr ""
21890
21891
#: serverguide/C/dns.xml:263(para)
21892
msgid ""
21893
"First, on the Primary Master server, the zone transfer needs to be allowed. "
21894
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
21895
"and Reverse zone definitions in "
21896
"<filename>/etc/bind/named.conf.local</filename>:"
21897
msgstr ""
21898
21899
#: serverguide/C/dns.xml:267(programlisting)
21900
#, no-wrap
21901
msgid ""
21902
"\n"
21903
"zone \"example.com\" {\n"
21904
" type master;\n"
21905
"\tfile \"/etc/bind/db.example.com\";\n"
21906
" allow-transfer { 192.168.1.11; };\n"
21907
"};\n"
21908
"\n"
21909
"zone \"1.168.192.in-addr.arpa\" {\n"
21910
" type master;\n"
21911
" notify no;\n"
21912
" file \"/etc/bind/db.192\";\n"
21913
"\tallow-transfer { 192.168.1.11; };\n"
21914
"};\n"
21915
msgstr ""
21916
21917
#: serverguide/C/dns.xml:282(para)
21918
msgid ""
21919
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
21920
"Secondary nameserver."
21921
msgstr ""
21922
21923
#: serverguide/C/dns.xml:286(para)
21924
msgid ""
21925
"Next, on the Secondary Master, install the <application>bind9</application> "
21926
"package the same way as on the Primary. Then edit the "
21927
"<filename>/etc/bind/named.conf.local</filename> and add the following "
21928
"declarations for the Forward and Reverse zones:"
21929
msgstr ""
21930
21931
#: serverguide/C/dns.xml:290(programlisting)
21932
#, no-wrap
21933
msgid ""
21934
"\n"
21935
"zone \"example.com\" {\n"
21936
"\ttype slave;\n"
21937
" file \"/var/cache/bind/db.example.com\";\n"
21938
" masters { 192.168.1.10; };\n"
21939
"}; \n"
21940
" \n"
21941
"zone \"1.168.192.in-addr.arpa\" {\n"
21942
"\ttype slave;\n"
21943
" file \"/var/cache/bind/db.192\";\n"
21944
" masters { 192.168.1.10; };\n"
21945
"};\n"
21946
msgstr ""
21947
21948
#: serverguide/C/dns.xml:304(para)
21949
msgid ""
21950
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
21951
"Primary nameserver."
21952
msgstr ""
21953
21954
#: serverguide/C/dns.xml:308(para)
21955
msgid "Restart <application>BIND9</application> on the Secondary Master:"
21956
msgstr ""
21957
21958
#: serverguide/C/dns.xml:314(para)
21959
msgid ""
21960
"In <filename>/var/log/syslog</filename> you should see something similar to:"
21961
msgstr ""
21962
21963
#: serverguide/C/dns.xml:317(programlisting)
21964
#, no-wrap
21965
msgid ""
21966
"\n"
21967
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
21968
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
21969
msgstr ""
21970
21971
#: serverguide/C/dns.xml:322(para)
21972
msgid ""
21973
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
21974
"on the Primary is larger than the one on the Secondary."
21975
msgstr ""
21976
21977
#: serverguide/C/dns.xml:328(para)
21978
msgid ""
21979
"The default directory for non-authoritative zone files is "
21980
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
21981
"<application>AppArmor</application> to allow the "
21982
"<application>named</application> daemon to write to. For more information on "
21983
"AppArmor see <xref linkend=\"apparmor\"/>."
21984
msgstr ""
21985
21986
#: serverguide/C/dns.xml:339(para)
21987
msgid ""
21988
"This section covers ways to help determine the cause when problems happen "
21989
"with DNS and <application>BIND9</application>."
21990
msgstr ""
21991
21992
#: serverguide/C/dns.xml:345(title)
21993
msgid "resolv.conf"
21994
msgstr ""
21995
21996
#: serverguide/C/dns.xml:346(para)
21997
msgid ""
21998
"The first step in testing <application>BIND9</application> is to add the "
21999
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
22000
"be configured as well as another host to double check things. Simply edit "
22001
"<filename>/etc/resolv.conf</filename> and add the following:"
22002
msgstr ""
22003
22004
#: serverguide/C/dns.xml:351(programlisting)
22005
#, no-wrap
22006
msgid ""
22007
"\n"
22008
"nameserver\t192.168.1.10\n"
22009
"nameserver\t192.168.1.11\n"
22010
msgstr ""
22011
22012
#: serverguide/C/dns.xml:356(para)
22013
msgid ""
22014
"You should also add the IP Address of the Secondary nameserver in case the "
22015
"Primary becomes unavailable."
22016
msgstr ""
22017
22018
#: serverguide/C/dns.xml:362(title)
22019
msgid "dig"
22020
msgstr ""
22021
22022
#: serverguide/C/dns.xml:363(para)
22023
msgid ""
22024
"If you installed the <application>dnsutils</application> package you can "
22025
"test your setup using the DNS lookup utility <application>dig</application>:"
22026
msgstr ""
22027
22028
#: serverguide/C/dns.xml:369(para)
22029
msgid ""
22030
"After installing <application>BIND9</application> use "
22031
"<application>dig</application> against the loopback interface to make sure "
22032
"it is listening on port 53. From a terminal prompt:"
22033
msgstr ""
22034
22035
#: serverguide/C/dns.xml:374(command)
22036
msgid "dig -x 127.0.0.1"
22037
msgstr ""
22038
22039
#: serverguide/C/dns.xml:376(para)
22040
msgid "You should see lines similar to the following in the command output:"
22041
msgstr ""
22042
22043
#: serverguide/C/dns.xml:379(programlisting)
22044
#, no-wrap
22045
msgid ""
22046
"\n"
22047
";; Query time: 1 msec\n"
22048
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
22049
msgstr ""
22050
22051
#: serverguide/C/dns.xml:385(para)
22052
msgid ""
22053
"If you have configured <application>BIND9</application> as a "
22054
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
22055
"the query time:"
22056
msgstr ""
22057
22058
#: serverguide/C/dns.xml:390(command)
22059
msgid "dig ubuntu.com"
22060
msgstr ""
22061
22062
#: serverguide/C/dns.xml:392(para)
22063
msgid "Note the query time toward the end of the command output:"
22064
msgstr ""
22065
22066
#: serverguide/C/dns.xml:395(programlisting)
22067
#, no-wrap
22068
msgid ""
22069
"\n"
22070
";; Query time: 49 msec\n"
22071
msgstr ""
22072
22073
#: serverguide/C/dns.xml:398(para)
22074
msgid "After a second dig there should be improvement:"
22075
msgstr ""
22076
22077
#: serverguide/C/dns.xml:401(programlisting)
22078
#, no-wrap
22079
msgid ""
22080
"\n"
22081
";; Query time: 1 msec\n"
22082
msgstr ""
22083
22084
#: serverguide/C/dns.xml:408(title)
22085
msgid "ping"
22086
msgstr ""
22087
22088
#: serverguide/C/dns.xml:410(para)
22089
msgid ""
22090
"Now to demonstrate how applications make use of DNS to resolve a host name "
22091
"use the <application>ping</application> utility to send an ICMP echo "
22092
"request. From a terminal prompt enter:"
22093
msgstr ""
22094
22095
#: serverguide/C/dns.xml:416(command)
22096
msgid "ping example.com"
22097
msgstr ""
22098
22099
#: serverguide/C/dns.xml:418(para)
22100
msgid ""
22101
"This tests if the nameserver can resolve the name "
22102
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
22103
"should resemble:"
22104
msgstr ""
22105
22106
#: serverguide/C/dns.xml:422(programlisting)
22107
#, no-wrap
22108
msgid ""
22109
"\n"
22110
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
22111
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
22112
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
22113
msgstr ""
22114
22115
#: serverguide/C/dns.xml:429(title)
22116
msgid "named-checkzone"
22117
msgstr ""
22118
22119
#: serverguide/C/dns.xml:430(para)
22120
msgid ""
22121
"A great way to test your zone files is by using the <application>named-"
22122
"checkzone</application> utility installed with the "
22123
"<application>bind9</application> package. This utility allows you to make "
22124
"sure the configuration is correct before restarting "
22125
"<application>BIND9</application> and making the changes live."
22126
msgstr ""
22127
22128
#: serverguide/C/dns.xml:437(para)
22129
msgid ""
22130
"To test our example Forward zone file enter the following from a command "
22131
"prompt:"
22132
msgstr ""
22133
22134
#: serverguide/C/dns.xml:441(command)
22135
msgid "named-checkzone example.com /etc/bind/db.example.com"
22136
msgstr ""
22137
22138
#: serverguide/C/dns.xml:443(para)
22139
msgid ""
22140
"If everything is configured correctly you should see output similar to:"
22141
msgstr ""
22142
22143
#: serverguide/C/dns.xml:446(programlisting)
22144
#, no-wrap
22145
msgid ""
22146
"\n"
22147
"zone example.com/IN: loaded serial 6\n"
22148
"OK\n"
22149
msgstr ""
22150
22151
#: serverguide/C/dns.xml:452(para)
22152
msgid "Similarly, to test the Reverse zone file enter the following:"
22153
msgstr ""
22154
22155
#: serverguide/C/dns.xml:456(command)
22156
msgid "named-checkzone example.com /etc/bind/db.192"
22157
msgstr ""
22158
22159
#: serverguide/C/dns.xml:458(para)
22160
msgid "The output should be similar to:"
22161
msgstr ""
22162
22163
#: serverguide/C/dns.xml:461(programlisting)
22164
#, no-wrap
22165
msgid ""
22166
"\n"
22167
"zone example.com/IN: loaded serial 3\n"
22168
"OK\n"
22169
msgstr ""
22170
22171
#: serverguide/C/dns.xml:468(para)
22172
msgid ""
22173
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
22174
"different."
22175
msgstr ""
22176
22177
#: serverguide/C/dns.xml:475(title)
22178
msgid "Logging"
22179
msgstr ""
22180
22181
#: serverguide/C/dns.xml:476(para)
22182
msgid ""
22183
"<application>BIND9</application> has a wide variety of logging configuration "
22184
"options available. There are two main options. The "
22185
"<emphasis>channel</emphasis> option configures where logs go, and the "
22186
"<emphasis>category</emphasis> option determines what information to log."
22187
msgstr ""
22188
22189
#: serverguide/C/dns.xml:480(para)
22190
msgid "If no logging option is configured the default option is:"
22191
msgstr ""
22192
22193
#: serverguide/C/dns.xml:483(programlisting)
22194
#, no-wrap
22195
msgid ""
22196
"\n"
22197
"logging {\n"
22198
" category default { default_syslog; default_debug; };\n"
22199
" category unmatched { null; };\n"
22200
"};\n"
22201
msgstr ""
22202
22203
#: serverguide/C/dns.xml:489(para)
22204
msgid ""
22205
"This section covers configuring <application>BIND9</application> to send "
22206
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
22207
"file."
22208
msgstr ""
22209
22210
#: serverguide/C/dns.xml:494(para)
22211
msgid ""
22212
"First, we need to configure a channel to specify which file to send the "
22213
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
22214
"the following:"
22215
msgstr ""
22216
22217
#: serverguide/C/dns.xml:498(programlisting)
22218
#, no-wrap
22219
msgid ""
22220
"\n"
22221
"logging {\n"
22222
" channel query.log { \n"
22223
" file \"/var/log/query.log\";\n"
22224
" severity debug 3; \n"
22225
" }; \n"
22226
"};\n"
22227
msgstr ""
22228
22229
#: serverguide/C/dns.xml:508(para)
22230
msgid "Next, configure a category to send all DNS queries to the query file:"
22231
msgstr ""
22232
22233
#: serverguide/C/dns.xml:511(programlisting)
22234
#, no-wrap
22235
msgid ""
22236
"\n"
22237
"logging {\n"
22238
" channel query.log { \n"
22239
" file \"/var/log/query.log\"; \n"
22240
" severity debug 3; \n"
22241
" }; \n"
22242
" <emphasis>category queries { query.log; };</emphasis> \n"
22243
"};\n"
22244
msgstr ""
22245
22246
#: serverguide/C/dns.xml:523(para)
22247
msgid ""
22248
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
22249
"level isn't specified level 1 is the default."
22250
msgstr ""
22251
22252
#: serverguide/C/dns.xml:529(para)
22253
msgid ""
22254
"Since the <emphasis>named daemon</emphasis> runs as the "
22255
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
22256
"file must be created and the ownership changed:"
22257
msgstr ""
22258
22259
#: serverguide/C/dns.xml:534(command)
22260
msgid "sudo touch /var/log/query.log"
22261
msgstr ""
22262
22263
#: serverguide/C/dns.xml:535(command)
22264
msgid "sudo chown bind /var/log/query.log"
22265
msgstr ""
22266
22267
#: serverguide/C/dns.xml:539(para)
22268
msgid ""
22269
"Before <application>named</application> daemon can write to the new log file "
22270
"the <application>AppArmor</application> profile must be updated. First, edit "
22271
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
22272
msgstr ""
22273
22274
#: serverguide/C/dns.xml:543(programlisting)
22275
#, no-wrap
22276
msgid ""
22277
"\n"
22278
"/var/log/query.log w,\n"
22279
msgstr ""
22280
22281
#: serverguide/C/dns.xml:546(para)
22282
msgid "Next, reload the profile:"
22283
msgstr ""
22284
22285
#: serverguide/C/dns.xml:550(command)
22286
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
22287
msgstr ""
22288
22289
#: serverguide/C/dns.xml:552(para)
22290
msgid ""
22291
"For more information on <application>AppArmor</application> see <xref "
22292
"linkend=\"apparmor\"/>"
22293
msgstr ""
22294
22295
#: serverguide/C/dns.xml:557(para)
22296
msgid ""
22297
"Now restart <application>BIND9</application> for the changes to take effect:"
22298
msgstr ""
22299
"ឥឡូវ ផ្តើមឡើងវិញ <application>BIND9</application> សំរាប់បំលាស់ប្តូរ ទទួលផល ៖"
22300
22301
#: serverguide/C/dns.xml:565(para)
22302
msgid ""
22303
"You should see the file <filename>/var/log/query.log</filename> fill with "
22304
"query information. This is a simple example of the "
22305
"<application>BIND9</application> logging options. For coverage of advanced "
22306
"options see <xref linkend=\"dns-more-info\"/>."
22307
msgstr ""
22308
22309
#: serverguide/C/dns.xml:574(title)
22310
msgid "Common Record Types"
22311
msgstr ""
22312
22313
#: serverguide/C/dns.xml:575(para)
22314
msgid "This section covers some of the most common DNS record types."
22315
msgstr ""
22316
22317
#: serverguide/C/dns.xml:580(para)
22318
msgid ""
22319
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
22320
msgstr ""
22321
22322
#: serverguide/C/dns.xml:583(programlisting)
22323
#, no-wrap
22324
msgid ""
22325
"\n"
22326
"www IN A 192.168.1.12\n"
22327
msgstr ""
22328
22329
#: serverguide/C/dns.xml:588(para)
22330
msgid ""
22331
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
22332
"record. You cannot create a CNAME record pointing to another CNAME record."
22333
msgstr ""
22334
22335
#: serverguide/C/dns.xml:591(programlisting)
22336
#, no-wrap
22337
msgid ""
22338
"\n"
22339
"web IN CNAME www\n"
22340
msgstr ""
22341
22342
#: serverguide/C/dns.xml:596(para)
22343
msgid ""
22344
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
22345
"to. Must point to an A record, not a CNAME."
22346
msgstr ""
22347
22348
#: serverguide/C/dns.xml:599(programlisting)
22349
#, no-wrap
22350
msgid ""
22351
"\n"
22352
" IN MX 1 mail.example.com.\n"
22353
"mail IN A 192.168.1.13\n"
22354
msgstr ""
22355
22356
#: serverguide/C/dns.xml:605(para)
22357
msgid ""
22358
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
22359
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
22360
"Secondary servers are defined."
22361
msgstr ""
22362
22363
#: serverguide/C/dns.xml:609(programlisting)
22364
#, no-wrap
22365
msgid ""
22366
"\n"
22367
" IN NS ns.example.com.\n"
22368
"\tIN NS ns2.example.com.\n"
22369
"ns IN A 192.168.1.10\n"
22370
"ns2\tIN A\t 192.168.1.11\n"
22371
msgstr ""
22372
22373
#: serverguide/C/dns.xml:622(para)
22374
msgid ""
22375
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
22376
"HOWTO</ulink> explains more advanced options for configuring BIND9."
22377
msgstr ""
22378
22379
#: serverguide/C/dns.xml:627(para)
22380
msgid ""
22381
"For in depth coverage of <emphasis>DNS</emphasis> and "
22382
"<application>BIND9</application> see <ulink "
22383
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
22384
msgstr ""
22385
22386
#: serverguide/C/dns.xml:632(para)
22387
msgid ""
22388
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
22389
"BIND</ulink> is a popular book now in it's fifth edition."
22390
msgstr ""
22391
22392
#: serverguide/C/dns.xml:637(para)
22393
msgid ""
22394
"A great place to ask for <application>BIND9</application> assistance, and "
22395
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
22396
"server</emphasis> IRC channel on <ulink "
22397
"url=\"http://freenode.net\">freenode</ulink>."
22398
msgstr ""
22399
22400
#: serverguide/C/dns.xml:643(para)
22401
msgid ""
22402
"Also, see the <ulink "
22403
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22404
"HOWTO</ulink> in the Ubuntu Wiki."
22405
msgstr ""
22406
22407
#: serverguide/C/databases.xml:13(title)
22408
msgid "Databases"
22409
msgstr ""
22410
22411
#: serverguide/C/databases.xml:14(para)
22412
msgid "Ubuntu provides two popular database servers. They are:"
22413
msgstr ""
22414
22415
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
22416
msgid "PostgreSQL"
22417
msgstr ""
22418
22419
#: serverguide/C/databases.xml:25(para)
22420
msgid ""
22421
"They are available in the main repository. This section explains how to "
22422
"install and configure these database servers."
22423
msgstr ""
22424
22425
#: serverguide/C/databases.xml:32(para)
22426
msgid ""
22427
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
22428
"It is intended for mission-critical, heavy-load production systems as well "
22429
"as for embedding into mass-deployed software."
22430
msgstr ""
22431
22432
#: serverguide/C/databases.xml:41(para)
22433
msgid "To install MySQL, run the following command from a terminal prompt:"
22434
msgstr ""
22435
22436
#: serverguide/C/databases.xml:46(command)
22437
msgid "sudo apt-get install mysql-server"
22438
msgstr ""
22439
22440
#: serverguide/C/databases.xml:48(para)
22441
msgid ""
22442
"During the installation process you will be prompted to enter a password for "
22443
"the <application>MySQL</application> root user."
22444
msgstr ""
22445
22446
#: serverguide/C/databases.xml:53(para)
22447
msgid ""
22448
"Once the installation is complete, the MySQL server should be started "
22449
"automatically. You can run the following command from a terminal prompt to "
22450
"check whether the MySQL server is running:"
22451
msgstr ""
22452
22453
#: serverguide/C/databases.xml:61(command)
22454
msgid "sudo netstat -tap | grep mysql"
22455
msgstr ""
22456
22457
#: serverguide/C/databases.xml:70(programlisting)
22458
#, no-wrap
22459
msgid ""
22460
"\n"
22461
"tcp 0 0 localhost:mysql *:* LISTEN "
22462
" 2556/mysqld\n"
22463
msgstr ""
22464
22465
#: serverguide/C/databases.xml:74(para)
22466
msgid ""
22467
"If the server is not running correctly, you can type the following command "
22468
"to start it:"
22469
msgstr ""
22470
22471
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
22472
msgid "sudo /etc/init.d/mysql restart"
22473
msgstr ""
22474
22475
#: serverguide/C/databases.xml:85(para)
22476
msgid ""
22477
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
22478
"the basic settings -- log file, port number, etc. For example, to configure "
22479
"<application>MySQL</application> to listen for connections from network "
22480
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
22481
"server's IP address:"
22482
msgstr ""
22483
22484
#: serverguide/C/databases.xml:91(programlisting)
22485
#, no-wrap
22486
msgid ""
22487
"\n"
22488
"bind-address = 192.168.0.5\n"
22489
msgstr ""
22490
22491
#: serverguide/C/databases.xml:95(para)
22492
msgid "Replace 192.168.0.5 with the appropriate address."
22493
msgstr ""
22494
22495
#: serverguide/C/databases.xml:99(para)
22496
msgid ""
22497
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
22498
"<application>mysql</application> daemon will need to be restarted:"
22499
msgstr ""
22500
22501
#: serverguide/C/databases.xml:107(para)
22502
msgid ""
22503
"If you would like to change the "
22504
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
22505
"terminal enter:"
22506
msgstr ""
22507
22508
#: serverguide/C/databases.xml:113(command)
22509
msgid "sudo dpkg-reconfigure mysql-server-5.1"
22510
msgstr ""
22511
22512
#: serverguide/C/databases.xml:116(para)
22513
msgid ""
22514
"The <application>mysql</application> daemon will be stopped, and you will be "
22515
"prompted to enter a new password."
22516
msgstr ""
22517
22518
#: serverguide/C/databases.xml:125(para)
22519
msgid ""
22520
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
22521
"more information."
22522
msgstr ""
22523
22524
#: serverguide/C/databases.xml:130(para)
22525
msgid ""
22526
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
22527
"<application>mysql-doc-5.0</application> package. To install the package "
22528
"enter the following in a terminal:"
22529
msgstr ""
22530
22531
#: serverguide/C/databases.xml:135(command)
22532
msgid "sudo apt-get install mysql-doc-5.0"
22533
msgstr ""
22534
22535
#: serverguide/C/databases.xml:137(para)
22536
msgid ""
22537
"The documentation is in HTML format, to view them enter "
22538
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
22539
"chapter/index.html</command> in your browser's address bar."
22540
msgstr ""
22541
22542
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
22543
msgid ""
22544
"For general SQL information see <ulink "
22545
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
22546
"Special Edition</ulink> by Rafe Colburn."
22547
msgstr ""
22548
22549
#: serverguide/C/databases.xml:149(para)
22550
msgid ""
22551
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22552
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22553
msgstr ""
22554
22555
#: serverguide/C/databases.xml:158(para)
22556
msgid ""
22557
"PostgreSQL is an object-relational database system that has the features of "
22558
"traditional commercial database systems with enhancements to be found in "
22559
"next-generation DBMS systems."
22560
msgstr ""
22561
22562
#: serverguide/C/databases.xml:165(para)
22563
msgid ""
22564
"To install PostgreSQL, run the following command in the command prompt:"
22565
msgstr ""
22566
22567
#: serverguide/C/databases.xml:172(command)
22568
msgid "sudo apt-get install postgresql"
22569
msgstr ""
22570
22571
#: serverguide/C/databases.xml:176(para)
22572
msgid ""
22573
"Once the installation is complete, you should configure the PostgreSQL "
22574
"server based on your needs, although the default configuration is viable."
22575
msgstr ""
22576
22577
#: serverguide/C/databases.xml:184(para)
22578
msgid ""
22579
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
22580
"client authentication methods. By default, IDENT authentication method is "
22581
"used for <application>postgres</application> and local users. Please refer "
22582
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
22583
"PostgreSQL Administrator's Guide</ulink>."
22584
msgstr ""
22585
22586
#: serverguide/C/databases.xml:191(para)
22587
msgid ""
22588
"The following discussion assumes that you wish to enable TCP/IP connections "
22589
"and use the MD5 method for client authentication. PostgreSQL configuration "
22590
"files are stored in the "
22591
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
22592
"example, if you install PostgreSQL 8.4, the configuration files are stored "
22593
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
22594
msgstr ""
22595
22596
#: serverguide/C/databases.xml:201(para)
22597
msgid ""
22598
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
22599
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
22600
msgstr ""
22601
22602
#: serverguide/C/databases.xml:208(para)
22603
msgid ""
22604
"To enable TCP/IP connections, edit the file "
22605
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
22606
msgstr ""
22607
22608
#: serverguide/C/databases.xml:210(para)
22609
msgid ""
22610
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
22611
"change it to:"
22612
msgstr ""
22613
22614
#: serverguide/C/databases.xml:213(programlisting)
22615
#, no-wrap
22616
msgid ""
22617
"\n"
22618
"listen_addresses = 'localhost'\n"
22619
msgstr ""
22620
22621
#: serverguide/C/databases.xml:217(para)
22622
msgid ""
22623
"To allow other computers to connect to your "
22624
"<application>PostgreSQL</application> server replace 'localhost' with the "
22625
"<emphasis>IP Address</emphasis> of your server."
22626
msgstr ""
22627
22628
#: serverguide/C/databases.xml:222(para)
22629
msgid ""
22630
"You may also edit all other parameters, if you know what you are doing! For "
22631
"details, refer to the configuration file or to the PostgreSQL documentation."
22632
msgstr ""
22633
22634
#: serverguide/C/databases.xml:227(para)
22635
msgid ""
22636
"Now that we can connect to our <application>PostgreSQL</application> server, "
22637
"the next step is to set a password for the <emphasis>postgres</emphasis> "
22638
"user. Run the following command at a terminal prompt to connect to the "
22639
"default PostgreSQL template database:"
22640
msgstr ""
22641
22642
#: serverguide/C/databases.xml:234(command)
22643
msgid "sudo -u postgres psql template1"
22644
msgstr ""
22645
22646
#: serverguide/C/databases.xml:236(para)
22647
msgid ""
22648
"The above command connects to PostgreSQL database "
22649
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
22650
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
22651
"run the following SQL command at the <application>psql</application> prompt "
22652
"to configure the password for the user <emphasis "
22653
"role=\"italics\">postgres</emphasis>."
22654
msgstr ""
22655
22656
#: serverguide/C/databases.xml:244(command)
22657
msgid "ALTER USER postgres with encrypted password 'your_password';"
22658
msgstr ""
22659
22660
#: serverguide/C/databases.xml:246(para)
22661
msgid ""
22662
"After configuring the password, edit the file "
22663
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
22664
"<emphasis>MD5</emphasis> authentication with the "
22665
"<emphasis>postgres</emphasis> user:"
22666
msgstr ""
22667
22668
#: serverguide/C/databases.xml:252(programlisting)
22669
#, no-wrap
22670
msgid ""
22671
"\n"
22672
"local all postgres md5\n"
22673
msgstr ""
22674
22675
#: serverguide/C/databases.xml:256(para)
22676
msgid ""
22677
"Finally, you should restart the <application>PostgreSQL</application> "
22678
"service to initialize the new configuration. From a terminal prompt enter "
22679
"the following to restart <application>PostgreSQL</application>:"
22680
msgstr ""
22681
22682
#: serverguide/C/databases.xml:262(command)
22683
msgid "sudo /etc/init.d/postgresql-8.4 restart"
22684
msgstr ""
22685
22686
#: serverguide/C/databases.xml:265(para)
22687
msgid ""
22688
"The above configuration is not complete by any means. Please refer <ulink "
22689
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
22690
"Administrator's Guide</ulink> to configure more parameters."
22691
msgstr ""
22692
22693
#: serverguide/C/databases.xml:276(para)
22694
msgid ""
22695
"As mentioned above the <ulink "
22696
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
22697
"Guide</ulink> is an excellent resource. The guide is also available in the "
22698
"<application>postgresql-doc-8.4</application> package. Execute the following "
22699
"in a terminal to install the package:"
22700
msgstr ""
22701
22702
#: serverguide/C/databases.xml:282(command)
22703
msgid "sudo apt-get install postgresql-doc-8.4"
22704
msgstr ""
22705
22706
#: serverguide/C/databases.xml:284(para)
22707
msgid ""
22708
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
22709
"8.4/html/index.html</command> into the address bar of your browser."
22710
msgstr ""
22711
22712
#: serverguide/C/databases.xml:296(para)
22713
msgid ""
22714
"Also, see the <ulink "
22715
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22716
"Wiki</ulink> page for more information."
22717
msgstr ""
22718
22719
#: serverguide/C/clustering.xml:13(title)
22720
msgid "Clustering"
22721
msgstr ""
22722
22723
#: serverguide/C/clustering.xml:16(title)
22724
msgid "DRBD"
22725
msgstr ""
22726
22727
#: serverguide/C/clustering.xml:18(para)
22728
msgid ""
22729
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
22730
"multiple hosts. The replication is transparent to other applications on the "
22731
"host systems. Any block device hard disks, partitions, RAID devices, logical "
22732
"volumes, etc can be mirrored."
22733
msgstr ""
22734
22735
#: serverguide/C/clustering.xml:24(para)
22736
msgid ""
22737
"To get started using <application>drbd</application>, first install the "
22738
"necessary packages. From a terminal enter:"
22739
msgstr ""
22740
22741
#: serverguide/C/clustering.xml:29(command)
22742
msgid "sudo apt-get install drbd8-utils"
22743
msgstr ""
22744
22745
#: serverguide/C/clustering.xml:33(para)
22746
msgid ""
22747
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
22748
"virtual machine you will need to manually compile the "
22749
"<application>drbd</application> module. It may be easier to install the "
22750
"<application>linux-server</application> package inside the virtual machine."
22751
msgstr ""
22752
22753
#: serverguide/C/clustering.xml:40(para)
22754
msgid ""
22755
"This section covers setting up a <application>drbd</application> to "
22756
"replicate a separate <filename>/srv</filename> partition, with an "
22757
"<application>ext3</application> filesystem between two hosts. The partition "
22758
"size is not particularly relevant, but both partitions need to be the same "
22759
"size."
22760
msgstr ""
22761
22762
#: serverguide/C/clustering.xml:49(para)
22763
msgid ""
22764
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
22765
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
22766
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
22767
"See <xref linkend=\"dns\"/> for details."
22768
msgstr ""
22769
22770
#: serverguide/C/clustering.xml:57(para)
22771
msgid ""
22772
"To configure <application>drbd</application>, on the first host edit "
22773
"<filename>/etc/drbd.conf</filename>:"
22774
msgstr ""
22775
22776
#: serverguide/C/clustering.xml:61(programlisting)
22777
#, no-wrap
22778
msgid ""
22779
"\n"
22780
"global { usage-count no; }\n"
22781
"common { syncer { rate 100M; } }\n"
22782
"resource r0 {\n"
22783
" protocol C;\n"
22784
" startup {\n"
22785
" wfc-timeout 15;\n"
22786
" degr-wfc-timeout 60;\n"
22787
" }\n"
22788
" net {\n"
22789
" cram-hmac-alg sha1;\n"
22790
" shared-secret \"secret\";\n"
22791
" }\n"
22792
" on drbd01 {\n"
22793
" device /dev/drbd0;\n"
22794
" disk /dev/sdb1;\n"
22795
" address 192.168.0.1:7788;\n"
22796
" meta-disk internal;\n"
22797
" }\n"
22798
" on drbd02 {\n"
22799
" device /dev/drbd0;\n"
22800
" disk /dev/sdb1;\n"
22801
" address 192.168.0.2:7788;\n"
22802
" meta-disk internal;\n"
22803
" }\n"
22804
"} \n"
22805
msgstr ""
22806
22807
#: serverguide/C/clustering.xml:90(para)
22808
msgid ""
22809
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
22810
"this example their default values are fine."
22811
msgstr ""
22812
22813
#: serverguide/C/clustering.xml:98(para)
22814
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
22815
msgstr ""
22816
22817
#: serverguide/C/clustering.xml:103(command)
22818
msgid "scp /etc/drbd.conf drbd02:~"
22819
msgstr ""
22820
22821
#: serverguide/C/clustering.xml:109(para)
22822
msgid ""
22823
"And, on <emphasis>drbd02</emphasis> move the file to "
22824
"<filename>/etc</filename>:"
22825
msgstr ""
22826
22827
#: serverguide/C/clustering.xml:114(command)
22828
msgid "sudo mv drbd.conf /etc/"
22829
msgstr ""
22830
22831
#: serverguide/C/clustering.xml:120(para)
22832
msgid ""
22833
"Next, on both hosts, start the <application>drbd</application> daemon:"
22834
msgstr ""
22835
22836
#: serverguide/C/clustering.xml:125(command)
22837
msgid "sudo /etc/init.d/drbd start"
22838
msgstr ""
22839
22840
#: serverguide/C/clustering.xml:131(para)
22841
msgid ""
22842
"Now using the <application>drbdadm</application> utility initialize the meta "
22843
"data storage. On each server execute:"
22844
msgstr ""
22845
22846
#: serverguide/C/clustering.xml:137(command)
22847
msgid "sudo drbdadm create-md r0"
22848
msgstr ""
22849
22850
#: serverguide/C/clustering.xml:143(para)
22851
msgid ""
22852
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
22853
"primary, enter the following:"
22854
msgstr ""
22855
22856
#: serverguide/C/clustering.xml:148(command)
22857
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
22858
msgstr ""
22859
22860
#: serverguide/C/clustering.xml:154(para)
22861
msgid ""
22862
"After executing the above command, the data will start syncing with the "
22863
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
22864
"the following:"
22865
msgstr ""
22866
22867
#: serverguide/C/clustering.xml:160(command)
22868
msgid "watch -n1 cat /proc/drbd"
22869
msgstr ""
22870
22871
#: serverguide/C/clustering.xml:163(para)
22872
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
22873
msgstr ""
22874
22875
#: serverguide/C/clustering.xml:170(para)
22876
msgid ""
22877
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
22878
msgstr ""
22879
22880
#: serverguide/C/clustering.xml:175(command)
22881
msgid "sudo mkfs.ext3 /dev/drbd0"
22882
msgstr ""
22883
22884
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
22885
msgid "sudo mount /dev/drbd0 /srv"
22886
msgstr ""
22887
22888
#: serverguide/C/clustering.xml:186(para)
22889
msgid ""
22890
"To test that the data is actually syncing between the hosts copy some files "
22891
"on the <emphasis>drbd01</emphasis>, the primary, to "
22892
"<filename>/srv</filename>:"
22893
msgstr ""
22894
22895
#: serverguide/C/clustering.xml:195(para)
22896
msgid "Next, unmount <filename>/srv</filename>:"
22897
msgstr ""
22898
22899
#: serverguide/C/clustering.xml:203(para)
22900
msgid ""
22901
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
22902
"<emphasis>secondary</emphasis> role:"
22903
msgstr ""
22904
22905
#: serverguide/C/clustering.xml:208(command)
22906
msgid "sudo drbdadm secondary r0"
22907
msgstr ""
22908
22909
#: serverguide/C/clustering.xml:211(para)
22910
msgid ""
22911
"Now on the <emphasis>secondary</emphasis> server "
22912
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
22913
msgstr ""
22914
22915
#: serverguide/C/clustering.xml:216(command)
22916
msgid "sudo drbdadm primary r0"
22917
msgstr ""
22918
22919
#: serverguide/C/clustering.xml:219(para)
22920
msgid "Lastly, mount the partition:"
22921
msgstr ""
22922
22923
#: serverguide/C/clustering.xml:227(para)
22924
msgid ""
22925
"Using <emphasis>ls</emphasis> you should see "
22926
"<filename>/srv/default</filename> copied from the former "
22927
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
22928
msgstr ""
22929
22930
#: serverguide/C/clustering.xml:238(para)
22931
msgid ""
22932
"For more information on <application>DRBD</application> see the <ulink "
22933
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
22934
msgstr ""
22935
22936
#: serverguide/C/clustering.xml:243(para)
22937
msgid ""
22938
"The <ulink "
22939
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
22940
"bd.conf man page</ulink> contains details on the options not covered in this "
22941
"guide."
22942
msgstr ""
22943
22944
#: serverguide/C/clustering.xml:249(para)
22945
msgid ""
22946
"Also, see the <ulink "
22947
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
22948
"adm man page</ulink>."
22949
msgstr ""
22950
22951
#: serverguide/C/clustering.xml:254(para)
22952
msgid ""
22953
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
22954
"Wiki</ulink> page also has more information."
22955
msgstr ""
22956
22957
#: serverguide/C/chat.xml:13(title)
22958
msgid "Chat Applications"
22959
msgstr ""
22960
22961
#: serverguide/C/chat.xml:19(para)
22962
msgid ""
22963
"In this section, we will discuss how to install and configure a IRC server, "
22964
"<application>ircd-irc2</application>. We will also discuss how to install "
22965
"and configure Jabber, an instance messaging server."
22966
msgstr ""
22967
22968
#: serverguide/C/chat.xml:28(title)
22969
msgid "IRC Server"
22970
msgstr ""
22971
22972
#: serverguide/C/chat.xml:30(para)
22973
msgid ""
22974
"The Ubuntu repository has many Internet Relay Chat servers. This section "
22975
"explains how to install and configure the original IRC server "
22976
"<application>ircd-irc2</application>."
22977
msgstr ""
22978
22979
#: serverguide/C/chat.xml:39(para)
22980
msgid ""
22981
"To install <application>ircd-irc2</application>, run the following command "
22982
"in the command prompt:"
22983
msgstr ""
22984
22985
#: serverguide/C/chat.xml:45(command)
22986
msgid "sudo apt-get install ircd-irc2"
22987
msgstr ""
22988
22989
#: serverguide/C/chat.xml:48(para)
22990
msgid ""
22991
"The configuration files are stored in <filename>/etc/ircd</filename> "
22992
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
22993
"irc2</filename> directory."
22994
msgstr ""
22995
22996
#: serverguide/C/chat.xml:59(para)
22997
msgid ""
22998
"The IRC settings can be done in the configuration file "
22999
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
23000
"this file by editing the following line:"
23001
msgstr ""
23002
23003
#: serverguide/C/chat.xml:64(programlisting)
23004
#, no-wrap
23005
msgid ""
23006
"\n"
23007
"M:irc.localhost::Debian ircd default configuration::000A\n"
23008
msgstr ""
23009
23010
#: serverguide/C/chat.xml:68(para)
23011
msgid ""
23012
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
23013
"you set irc.livecipher.com as IRC host name, please make sure "
23014
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
23015
"name should not be same as the host name."
23016
msgstr ""
23017
23018
#: serverguide/C/chat.xml:75(para)
23019
msgid ""
23020
"The IRC admin details can be configured by editting the following line:"
23021
msgstr ""
23022
23023
#: serverguide/C/chat.xml:80(programlisting)
23024
#, no-wrap
23025
msgid ""
23026
"\n"
23027
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
23028
"Server::IRCnet:\n"
23029
msgstr ""
23030
23031
#: serverguide/C/chat.xml:84(para)
23032
msgid ""
23033
"You should add specific lines to configure the list of IRC ports to listen "
23034
"on, to configure Operator credentials, to configure client authentication, "
23035
"etc. For details, please refer to the example configuration file "
23036
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
23037
msgstr ""
23038
23039
#: serverguide/C/chat.xml:92(para)
23040
msgid ""
23041
"The IRC banner to be displayed in the IRC client, when the user connects to "
23042
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
23043
msgstr ""
23044
23045
#: serverguide/C/chat.xml:97(para)
23046
msgid ""
23047
"After making necessary changes to the configuration file, you can restart "
23048
"the IRC server using following command:"
23049
msgstr ""
23050
23051
#: serverguide/C/chat.xml:101(programlisting)
23052
#, no-wrap
23053
msgid ""
23054
"\n"
23055
"sudo /etc/init.d/ircd-irc2 restart\n"
23056
msgstr ""
23057
23058
#: serverguide/C/chat.xml:109(para)
23059
msgid ""
23060
"You may also be interested to take a look at other IRC servers available in "
23061
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
23062
"<application>ircd-hybrid</application>."
23063
msgstr ""
23064
23065
#: serverguide/C/chat.xml:117(para)
23066
msgid ""
23067
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
23068
"FAQ</ulink> for more details about the IRC Server."
23069
msgstr ""
23070
23071
#: serverguide/C/chat.xml:124(para)
23072
msgid ""
23073
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23074
"IRCD</ulink> page has more information."
23075
msgstr ""
23076
23077
#: serverguide/C/chat.xml:132(title)
23078
msgid "Jabber Instant Messaging Server"
23079
msgstr ""
23080
23081
#: serverguide/C/chat.xml:134(para)
23082
msgid ""
23083
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
23084
"XMPP, an open standard for instant messaging, and used by many popular "
23085
"applications. This section covers setting up a <emphasis>Jabberd "
23086
"2</emphasis> server on a local LAN. This configuration can also be adapted "
23087
"to providing messaging services to users over the Internet."
23088
msgstr ""
23089
23090
#: serverguide/C/chat.xml:143(para)
23091
msgid "To install <application>jabberd2</application>, in a terminal enter:"
23092
msgstr ""
23093
23094
#: serverguide/C/chat.xml:148(command)
23095
msgid "sudo apt-get install jabberd2"
23096
msgstr ""
23097
23098
#: serverguide/C/chat.xml:155(para)
23099
msgid ""
23100
"A couple of XML configuration files will be used to configure "
23101
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
23102
"authentication. This is a very simple form of authentication. However, "
23103
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
23104
"Postgresql, etc for for user authentication."
23105
msgstr ""
23106
23107
#: serverguide/C/chat.xml:162(para)
23108
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
23109
msgstr ""
23110
23111
#: serverguide/C/chat.xml:166(programlisting)
23112
#, no-wrap
23113
msgid ""
23114
"\n"
23115
" <id>jabber.example.com</id>\n"
23116
msgstr ""
23117
23118
#: serverguide/C/chat.xml:171(para)
23119
msgid ""
23120
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
23121
"id, of your server."
23122
msgstr ""
23123
23124
#: serverguide/C/chat.xml:176(para)
23125
msgid "Now in the <storage> section change the <driver> to:"
23126
msgstr ""
23127
23128
#: serverguide/C/chat.xml:180(programlisting)
23129
#, no-wrap
23130
msgid ""
23131
"\n"
23132
" <driver>db</driver>\n"
23133
msgstr ""
23134
23135
#: serverguide/C/chat.xml:184(para)
23136
msgid ""
23137
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
23138
"<emphasis><local></emphasis> section change:"
23139
msgstr ""
23140
23141
#: serverguide/C/chat.xml:188(programlisting)
23142
#, no-wrap
23143
msgid ""
23144
"\n"
23145
" <id>jabber.example.com</id>\n"
23146
msgstr ""
23147
23148
#: serverguide/C/chat.xml:192(para)
23149
msgid ""
23150
"And in the <authreg> section adjust the <module> section to:"
23151
msgstr ""
23152
23153
#: serverguide/C/chat.xml:196(programlisting)
23154
#, no-wrap
23155
msgid ""
23156
"\n"
23157
" <module>db</module>\n"
23158
msgstr ""
23159
23160
#: serverguide/C/chat.xml:200(para)
23161
msgid ""
23162
"Finally, restart <application>jabberd2</application> to enable the new "
23163
"settings:"
23164
msgstr ""
23165
23166
#: serverguide/C/chat.xml:205(command)
23167
msgid "sudo /etc/init.d/jabberd2 restart"
23168
msgstr ""
23169
23170
#: serverguide/C/chat.xml:208(para)
23171
msgid ""
23172
"You should now be able to connect to the server using a Jabber client like "
23173
"<application>Pidgin</application> for example."
23174
msgstr ""
23175
23176
#: serverguide/C/chat.xml:213(para)
23177
msgid ""
23178
"The advantage of using Berkeley DB for user data is that after being "
23179
"configured no additional maintenance is required. If you need more control "
23180
"over user accounts and credentials another authentication method is "
23181
"recommended."
23182
msgstr ""
23183
23184
#: serverguide/C/chat.xml:225(para)
23185
msgid ""
23186
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
23187
"Site</ulink> contains more details on configuring "
23188
"<application>Jabberd2</application>."
23189
msgstr ""
23190
23191
#: serverguide/C/chat.xml:231(para)
23192
msgid ""
23193
"For more authentication options see the <ulink "
23194
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
23195
"Guide</ulink>."
23196
msgstr ""
23197
23198
#: serverguide/C/chat.xml:236(para)
23199
msgid ""
23200
"Also, the <ulink "
23201
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23202
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23203
msgstr ""
23204
23205
#: serverguide/C/backups.xml:13(title)
23206
msgid "Backups"
23207
msgstr ""
23208
23209
#: serverguide/C/backups.xml:14(para)
23210
msgid ""
23211
"There are many ways to backup an Ubuntu installation. The most important "
23212
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
23213
"consisting of what to backup, where to back it up to, and how to restore it."
23214
msgstr ""
23215
23216
#: serverguide/C/backups.xml:18(para)
23217
msgid ""
23218
"The following sections discuss various ways of accomplishing these tasks."
23219
msgstr ""
23220
23221
#: serverguide/C/backups.xml:22(title)
23222
msgid "Shell Scripts"
23223
msgstr ""
23224
23225
#: serverguide/C/backups.xml:23(para)
23226
msgid ""
23227
"One of the simplest ways to backup a system is using a <emphasis>shell "
23228
"script</emphasis>. For example, a script can be used to configure which "
23229
"directories to backup, and use those directories as arguments to the "
23230
"<application>tar</application> utility creating an archive file. The archive "
23231
"file can then be moved or copied to another location. The archive can also "
23232
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
23233
msgstr ""
23234
23235
#: serverguide/C/backups.xml:29(para)
23236
msgid ""
23237
"The <application>tar</application> utility creates one archive file out of "
23238
"many files or directories. <application>tar</application> can also filter "
23239
"the files through compression utilities reducing the size of the archive "
23240
"file."
23241
msgstr ""
23242
23243
#: serverguide/C/backups.xml:35(title)
23244
msgid "Simple Shell Script"
23245
msgstr ""
23246
23247
#: serverguide/C/backups.xml:36(para)
23248
msgid ""
23249
"The following shell script uses <application>tar</application> to create an "
23250
"archive file on a remotely mounted NFS file system. The archive filename is "
23251
"determined using additional command line utilities."
23252
msgstr ""
23253
23254
#: serverguide/C/backups.xml:40(programlisting)
23255
#, no-wrap
23256
msgid ""
23257
"\n"
23258
"#!/bin/sh\n"
23259
"####################################\n"
23260
"#\n"
23261
"# Backup to NFS mount script.\n"
23262
"#\n"
23263
"####################################\n"
23264
"\n"
23265
"# What to backup. \n"
23266
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23267
"\n"
23268
"# Where to backup to.\n"
23269
"dest=\"/mnt/backup\"\n"
23270
"\n"
23271
"# Create archive filename.\n"
23272
"day=$(date +%A)\n"
23273
"hostname=$(hostname -s)\n"
23274
"archive_file=\"$hostname-$day.tgz\"\n"
23275
"\n"
23276
"# Print start status message.\n"
23277
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23278
"date\n"
23279
"echo\n"
23280
"\n"
23281
"# Backup the files using tar.\n"
23282
"tar czf $dest/$archive_file $backup_files\n"
23283
"\n"
23284
"# Print end status message.\n"
23285
"echo\n"
23286
"echo \"Backup finished\"\n"
23287
"date\n"
23288
"\n"
23289
"# Long listing of files in $dest to check file sizes.\n"
23290
"ls -lh $dest\n"
23291
msgstr ""
23292
23293
#: serverguide/C/backups.xml:77(para)
23294
msgid ""
23295
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
23296
"would like to backup. The list should be customized to fit your needs."
23297
msgstr ""
23298
23299
#: serverguide/C/backups.xml:83(para)
23300
msgid ""
23301
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
23302
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
23303
"day of the week, giving a backup history of seven days. There are other ways "
23304
"to accomplish this including other ways using the "
23305
"<application>date</application> utility."
23306
msgstr ""
23307
23308
#: serverguide/C/backups.xml:90(para)
23309
msgid ""
23310
"<emphasis>$hostname:</emphasis> variable containing the "
23311
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
23312
"archive filename gives you the option of placing daily archive files from "
23313
"multiple systems in the same directory."
23314
msgstr ""
23315
23316
#: serverguide/C/backups.xml:97(para)
23317
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
23318
msgstr ""
23319
23320
#: serverguide/C/backups.xml:102(para)
23321
msgid ""
23322
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
23323
"needs to be created and in this case <emphasis>mounted</emphasis> before "
23324
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
23325
"details using <emphasis>NFS</emphasis>."
23326
msgstr ""
23327
23328
#: serverguide/C/backups.xml:109(para)
23329
msgid ""
23330
"<emphasis>status messages:</emphasis> optional messages printed to the "
23331
"console using the <application>echo</application> utility."
23332
msgstr ""
23333
23334
#: serverguide/C/backups.xml:115(para)
23335
msgid ""
23336
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
23337
"<application>tar</application> command used to create the archive file."
23338
msgstr ""
23339
23340
#: serverguide/C/backups.xml:121(para)
23341
msgid "<emphasis>c:</emphasis> creates an archive."
23342
msgstr ""
23343
23344
#: serverguide/C/backups.xml:126(para)
23345
msgid ""
23346
"<emphasis>z:</emphasis> filter the archive through the "
23347
"<application>gzip</application> utility compressing the archive."
23348
msgstr ""
23349
23350
#: serverguide/C/backups.xml:131(para)
23351
msgid ""
23352
"<emphasis>f:</emphasis> use archive file. Otherwise the "
23353
"<application>tar</application> output will be sent to STDOUT."
23354
msgstr ""
23355
23356
#: serverguide/C/backups.xml:138(para)
23357
msgid ""
23358
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
23359
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
23360
"of the destination directory. This is useful for a quick file size check of "
23361
"the archive file. This check should not replace testing the archive file."
23362
msgstr ""
23363
23364
#: serverguide/C/backups.xml:145(para)
23365
msgid ""
23366
"This is a simple example of a backup shell script. There are large amount of "
23367
"options that can be included in a backup script. See <xref linkend=\"backup-"
23368
"shellscript-references\"/> for links to resources providing more in depth "
23369
"shell scripting information."
23370
msgstr ""
23371
23372
#: serverguide/C/backups.xml:152(title)
23373
msgid "Executing the Script"
23374
msgstr ""
23375
23376
#: serverguide/C/backups.xml:154(title)
23377
msgid "Executing from a Terminal"
23378
msgstr ""
23379
23380
#: serverguide/C/backups.xml:155(para)
23381
msgid ""
23382
"The simplest way of executing the above backup script is to copy and paste "
23383
"the contents into a file. <filename>backup.sh</filename> for example. Then "
23384
"from a terminal prompt:"
23385
msgstr ""
23386
23387
#: serverguide/C/backups.xml:160(command)
23388
msgid "sudo bash backup.sh"
23389
msgstr ""
23390
23391
#: serverguide/C/backups.xml:162(para)
23392
msgid ""
23393
"This is a great way to test the script to make sure everything works as "
23394
"expected."
23395
msgstr ""
23396
23397
#: serverguide/C/backups.xml:167(title)
23398
msgid "Executing with cron"
23399
msgstr ""
23400
23401
#: serverguide/C/backups.xml:168(para)
23402
msgid ""
23403
"The <application>cron</application> utility can be used to automate the "
23404
"script execution. The <application>cron</application> daemon allows the "
23405
"execution of scripts, or commands, at a specified time and date."
23406
msgstr ""
23407
23408
#: serverguide/C/backups.xml:172(para)
23409
msgid ""
23410
"<application>cron</application> is configured through entries in a "
23411
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
23412
"separated into fields:"
23413
msgstr ""
23414
23415
#: serverguide/C/backups.xml:176(programlisting)
23416
#, no-wrap
23417
msgid ""
23418
"\n"
23419
"# m h dom mon dow command\n"
23420
msgstr ""
23421
23422
#: serverguide/C/backups.xml:181(para)
23423
msgid ""
23424
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
23425
msgstr ""
23426
23427
#: serverguide/C/backups.xml:186(para)
23428
msgid ""
23429
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
23430
msgstr ""
23431
23432
#: serverguide/C/backups.xml:191(para)
23433
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
23434
msgstr ""
23435
23436
#: serverguide/C/backups.xml:196(para)
23437
msgid ""
23438
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
23439
msgstr ""
23440
23441
#: serverguide/C/backups.xml:201(para)
23442
msgid ""
23443
"<emphasis>dow:</emphasis> the day of the week the command executes on "
23444
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
23445
"valid."
23446
msgstr ""
23447
23448
#: serverguide/C/backups.xml:206(para)
23449
msgid "<emphasis>command:</emphasis> the command to execute."
23450
msgstr ""
23451
23452
#: serverguide/C/backups.xml:211(para)
23453
msgid ""
23454
"To add or change entries in a <filename>crontab</filename> file the "
23455
"<application>crontab -e</application> command should be used. Also, the "
23456
"contents of a <filename>crontab</filename> file can be viewed using the "
23457
"<application>crontab -l</application> command."
23458
msgstr ""
23459
23460
#: serverguide/C/backups.xml:215(para)
23461
msgid ""
23462
"To execute the <application>backup.sh</application> script listed above "
23463
"using <application>cron</application>. Enter the following from a terminal "
23464
"prompt:"
23465
msgstr ""
23466
23467
#: serverguide/C/backups.xml:220(command)
23468
msgid "sudo crontab -e"
23469
msgstr ""
23470
23471
#: serverguide/C/backups.xml:223(para)
23472
msgid ""
23473
"Using <application>sudo</application> with the <application>crontab -"
23474
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
23475
"This is necessary if you are backing up directories only the root user has "
23476
"access to."
23477
msgstr ""
23478
23479
#: serverguide/C/backups.xml:228(para)
23480
msgid "Add the following entry to the <filename>crontab</filename> file:"
23481
msgstr ""
23482
23483
#: serverguide/C/backups.xml:231(programlisting)
23484
#, no-wrap
23485
msgid ""
23486
"\n"
23487
"# m h dom mon dow command\n"
23488
"0 0 * * * bash /usr/local/bin/backup.sh\n"
23489
msgstr ""
23490
23491
#: serverguide/C/backups.xml:235(para)
23492
msgid ""
23493
"The <application>backup.sh</application> script will now be executed every "
23494
"day at 12:00 am."
23495
msgstr ""
23496
23497
#: serverguide/C/backups.xml:239(para)
23498
msgid ""
23499
"The <application>backup.sh</application> script will need to be copied to "
23500
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
23501
"to execute properly. The script can reside anywhere on the file system "
23502
"simply change the script path appropriately."
23503
msgstr ""
23504
23505
#: serverguide/C/backups.xml:244(para)
23506
msgid ""
23507
"For more in depth <application>crontab</application> options see <xref "
23508
"linkend=\"backup-shellscript-references\"/>."
23509
msgstr ""
23510
23511
#: serverguide/C/backups.xml:250(title)
23512
msgid "Restoring from the Archive"
23513
msgstr ""
23514
23515
#: serverguide/C/backups.xml:251(para)
23516
msgid ""
23517
"Once an archive has been created it is important to test the archive. The "
23518
"archive can be tested by listing the files it contains, but the best test is "
23519
"to <emphasis>restore</emphasis> a file from the archive."
23520
msgstr ""
23521
23522
#: serverguide/C/backups.xml:257(para)
23523
msgid "To see a listing of the archive contents. From a terminal prompt:"
23524
msgstr ""
23525
23526
#: serverguide/C/backups.xml:261(command)
23527
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
23528
msgstr ""
23529
23530
#: serverguide/C/backups.xml:265(para)
23531
msgid "To restore a file from the archive to a different directory enter:"
23532
msgstr ""
23533
23534
#: serverguide/C/backups.xml:269(command)
23535
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
23536
msgstr ""
23537
23538
#: serverguide/C/backups.xml:271(para)
23539
msgid ""
23540
"The <emphasis>-C</emphasis> option to <application>tar</application> "
23541
"redirects the extracted files to the specified directory. The above example "
23542
"will extract the <filename>/etc/hosts</filename> file to "
23543
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
23544
"recreates the directory structure that it contains."
23545
msgstr ""
23546
23547
#: serverguide/C/backups.xml:276(para)
23548
msgid ""
23549
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
23550
"the file to restore."
23551
msgstr ""
23552
23553
#: serverguide/C/backups.xml:281(para)
23554
msgid "To restore all files in the archive enter the following:"
23555
msgstr ""
23556
23557
#: serverguide/C/backups.xml:285(command)
23558
msgid "cd /"
23559
msgstr ""
23560
23561
#: serverguide/C/backups.xml:286(command)
23562
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
23563
msgstr ""
23564
23565
#: serverguide/C/backups.xml:291(para)
23566
msgid "This will overwrite the files currently on the file system."
23567
msgstr ""
23568
23569
#: serverguide/C/backups.xml:300(para)
23570
msgid ""
23571
"For more information on shell scripting see the <ulink "
23572
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
23573
msgstr ""
23574
23575
#: serverguide/C/backups.xml:305(para)
23576
msgid ""
23577
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
23578
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
23579
"great resource for shell scripting."
23580
msgstr ""
23581
23582
#: serverguide/C/backups.xml:311(para)
23583
msgid ""
23584
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
23585
"Wiki Page</ulink> contains details on advanced "
23586
"<application>cron</application> options."
23587
msgstr ""
23588
23589
#: serverguide/C/backups.xml:318(para)
23590
msgid ""
23591
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
23592
"tar Manual</ulink> for more <application>tar</application> options."
23593
msgstr ""
23594
23595
#: serverguide/C/backups.xml:324(para)
23596
msgid ""
23597
"The Wikipedia <ulink "
23598
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
23599
"Scheme</ulink> article contains information on other backup rotation schemes."
23600
msgstr ""
23601
23602
#: serverguide/C/backups.xml:330(para)
23603
msgid ""
23604
"The shell script uses <application>tar</application> to create the archive, "
23605
"but there many other command line utilities that can be used. For example:"
23606
msgstr ""
23607
23608
#: serverguide/C/backups.xml:336(para)
23609
msgid ""
23610
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
23611
"files to and from archives."
23612
msgstr ""
23613
23614
#: serverguide/C/backups.xml:341(para)
23615
msgid ""
23616
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
23617
"the <application>coreutils</application> package. A low level utility that "
23618
"can copy data from one format to another"
23619
msgstr ""
23620
23621
#: serverguide/C/backups.xml:347(para)
23622
msgid ""
23623
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
23624
"snap shot utility used to create copies of an entire file system."
23625
msgstr ""
23626
23627
#: serverguide/C/backups.xml:358(title)
23628
msgid "Archive Rotation"
23629
msgstr ""
23630
23631
#: serverguide/C/backups.xml:359(para)
23632
msgid ""
23633
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
23634
"allows for seven different archives. For a server whose data doesn't change "
23635
"often this may be enough. If the server has a large amount of data a more "
23636
"robust rotation scheme should be used."
23637
msgstr ""
23638
23639
#: serverguide/C/backups.xml:365(title)
23640
msgid "Rotating NFS Archives"
23641
msgstr ""
23642
23643
#: serverguide/C/backups.xml:366(para)
23644
msgid ""
23645
"In this section the shell script will be slightly modified to implement a "
23646
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
23647
msgstr ""
23648
23649
#: serverguide/C/backups.xml:372(para)
23650
msgid ""
23651
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
23652
"Friday."
23653
msgstr ""
23654
23655
#: serverguide/C/backups.xml:377(para)
23656
msgid ""
23657
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
23658
"weekly backups a month."
23659
msgstr ""
23660
23661
#: serverguide/C/backups.xml:382(para)
23662
msgid ""
23663
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
23664
"rotating two monthly backups based on if the month is odd or even."
23665
msgstr ""
23666
23667
#: serverguide/C/backups.xml:388(para)
23668
msgid "Here is the new script:"
23669
msgstr ""
23670
23671
#: serverguide/C/backups.xml:391(programlisting)
23672
#, no-wrap
23673
msgid ""
23674
"\n"
23675
"#!/bin/bash\n"
23676
"####################################\n"
23677
"#\n"
23678
"# Backup to NFS mount script with\n"
23679
"# grandfather-father-son rotation.\n"
23680
"#\n"
23681
"####################################\n"
23682
"\n"
23683
"# What to backup. \n"
23684
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23685
"\n"
23686
"# Where to backup to.\n"
23687
"dest=\"/mnt/backup\"\n"
23688
"\n"
23689
"# Setup variables for the archive filename.\n"
23690
"day=$(date +%A)\n"
23691
"hostname=$(hostname -s)\n"
23692
"\n"
23693
"# Find which week of the month 1-4 it is.\n"
23694
"day_num=$(date +%d)\n"
23695
"if (( $day_num <= 7 )); then\n"
23696
" week_file=\"$hostname-week1.tgz\"\n"
23697
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
23698
" week_file=\"$hostname-week2.tgz\"\n"
23699
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
23700
" week_file=\"$hostname-week3.tgz\"\n"
23701
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
23702
" week_file=\"$hostname-week4.tgz\"\n"
23703
"fi\n"
23704
"\n"
23705
"# Find if the Month is odd or even.\n"
23706
"month_num=$(date +%m)\n"
23707
"month=$(expr $month_num % 2)\n"
23708
"if [ $month -eq 0 ]; then\n"
23709
" month_file=\"$hostname-month2.tgz\"\n"
23710
"else\n"
23711
" month_file=\"$hostname-month1.tgz\"\n"
23712
"fi\n"
23713
"\n"
23714
"# Create archive filename.\n"
23715
"if [ $day_num == 1 ]; then\n"
23716
"\tarchive_file=$month_file\n"
23717
"elif [ $day != \"Saturday\" ]; then\n"
23718
" archive_file=\"$hostname-$day.tgz\"\n"
23719
"else \n"
23720
"\tarchive_file=$week_file\n"
23721
"fi\n"
23722
"\n"
23723
"# Print start status message.\n"
23724
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
23725
"date\n"
23726
"echo\n"
23727
"\n"
23728
"# Backup the files using tar.\n"
23729
"tar czf $dest/$archive_file $backup_files\n"
23730
"\n"
23731
"# Print end status message.\n"
23732
"echo\n"
23733
"echo \"Backup finished\"\n"
23734
"date\n"
23735
"\n"
23736
"# Long listing of files in $dest to check file sizes.\n"
23737
"ls -lh $dest/\n"
23738
msgstr ""
23739
23740
#: serverguide/C/backups.xml:456(para)
23741
msgid ""
23742
"The script can be executed using the same methods as in <xref "
23743
"linkend=\"backup-executing-shellscript\"/>."
23744
msgstr ""
23745
23746
#: serverguide/C/backups.xml:459(para)
23747
msgid ""
23748
"It is good practice to take backup media off site in case of a disaster. In "
23749
"the shell script example the backup media is another server providing an NFS "
23750
"share. In all likelihood taking the NFS server to another location would not "
23751
"be practical. Depending upon connection speeds it may be an option to copy "
23752
"the archive file over a WAN link to a server in another location."
23753
msgstr ""
23754
23755
#: serverguide/C/backups.xml:465(para)
23756
msgid ""
23757
"Another option is to copy the archive file to an external hard drive which "
23758
"can then be taken off site. Since the price of external hard drives continue "
23759
"to decrease it may be cost affective to use two drives for each archive "
23760
"level. This would allow you to have one external drive attached to the "
23761
"backup server and one in another location."
23762
msgstr ""
23763
23764
#: serverguide/C/backups.xml:472(title)
23765
msgid "Tape Drives"
23766
msgstr ""
23767
23768
#: serverguide/C/backups.xml:473(para)
23769
msgid ""
23770
"A tape drive attached to the server can be used instead of a NFS share. "
23771
"Using a tape drive simplifies archive rotation, and taking the media off "
23772
"site as well."
23773
msgstr ""
23774
23775
#: serverguide/C/backups.xml:477(para)
23776
msgid ""
23777
"When using a tape drive the filename portions of the script aren't needed "
23778
"because the date is sent directly to the tape device. Some commands to "
23779
"manipulate the tape are needed. This is accomplished using "
23780
"<application>mt</application>, a magnetic tape control utility part of the "
23781
"<application>cpio</application> package."
23782
msgstr ""
23783
23784
#: serverguide/C/backups.xml:482(para)
23785
msgid "Here is the shell script modified to use a tape drive:"
23786
msgstr ""
23787
23788
#: serverguide/C/backups.xml:485(programlisting)
23789
#, no-wrap
23790
msgid ""
23791
"\n"
23792
"#!/bin/bash\n"
23793
"####################################\n"
23794
"#\n"
23795
"# Backup to tape drive script.\n"
23796
"#\n"
23797
"####################################\n"
23798
"\n"
23799
"# What to backup. \n"
23800
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
23801
"\n"
23802
"# Where to backup to.\n"
23803
"dest=\"/dev/st0\"\n"
23804
"\n"
23805
"# Print start status message.\n"
23806
"echo \"Backing up $backup_files to $dest\"\n"
23807
"date\n"
23808
"echo\n"
23809
"\n"
23810
"# Make sure the tape is rewound.\n"
23811
"mt -f $dest rewind\n"
23812
"\n"
23813
"# Backup the files using tar.\n"
23814
"tar czf $dest $backup_files\n"
23815
"\n"
23816
"# Rewind and eject the tape.\n"
23817
"mt -f $dest rewoffl\n"
23818
"\n"
23819
"# Print end status message.\n"
23820
"echo\n"
23821
"echo \"Backup finished\"\n"
23822
"date\n"
23823
msgstr ""
23824
23825
#: serverguide/C/backups.xml:519(para)
23826
msgid ""
23827
"The default device name for a SCSI tape drive is "
23828
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
23829
"system."
23830
msgstr ""
23831
23832
#: serverguide/C/backups.xml:524(para)
23833
msgid ""
23834
"Restoring from a tape drive is basically the same as restoring from a file. "
23835
"Simply rewind the tape and use the device path instead of a file path. For "
23836
"example to restore the <filename>/etc/hosts</filename> file to "
23837
"<filename>/tmp/etc/hosts</filename>:"
23838
msgstr ""
23839
23840
#: serverguide/C/backups.xml:529(command)
23841
msgid "mt -f /dev/st0 rewind"
23842
msgstr ""
23843
23844
#: serverguide/C/backups.xml:530(command)
23845
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
23846
msgstr ""
23847
23848
#: serverguide/C/backups.xml:535(title)
23849
msgid "Bacula"
23850
msgstr ""
23851
23852
#: serverguide/C/backups.xml:536(para)
23853
msgid ""
23854
"<application>Bacula</application> is a backup program enabling you to "
23855
"backup, restore, and verify data across your network. There are Bacula "
23856
"clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
23857
"wide solution."
23858
msgstr ""
23859
23860
#: serverguide/C/backups.xml:542(para)
23861
msgid ""
23862
"<application>Bacula</application> is made up of several components and "
23863
"services used to manage which files to backup and where to back them up to:"
23864
msgstr ""
23865
23866
#: serverguide/C/backups.xml:548(para)
23867
msgid ""
23868
"<application>Bacula Director:</application> a service that controls all "
23869
"backup, restore, verify, and archive operations."
23870
msgstr ""
23871
23872
#: serverguide/C/backups.xml:553(para)
23873
msgid ""
23874
"<application>Bacula Console:</application> an application allowing "
23875
"communication with the Director. There are three versions of the Console:"
23876
msgstr ""
23877
23878
#: serverguide/C/backups.xml:558(para)
23879
msgid "Text based command line version."
23880
msgstr ""
23881
23882
#: serverguide/C/backups.xml:559(para)
23883
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
23884
msgstr ""
23885
23886
#: serverguide/C/backups.xml:560(para)
23887
msgid "wxWidgets GUI interface."
23888
msgstr ""
23889
23890
#: serverguide/C/backups.xml:564(para)
23891
msgid ""
23892
"<application>Bacula File:</application> also known as the "
23893
"<application>Bacula Client</application> program. This application is "
23894
"installed on machines to be backed up, and is responsible for the data "
23895
"requested by the Director."
23896
msgstr ""
23897
23898
#: serverguide/C/backups.xml:570(para)
23899
msgid ""
23900
"<application>Bacula Storage:</application> the programs that perform the "
23901
"storage and recovery of data to the physical media."
23902
msgstr ""
23903
23904
#: serverguide/C/backups.xml:575(para)
23905
msgid ""
23906
"<application>Bacula Catalog:</application> is responsible for maintaining "
23907
"the file indexes and volume databases for all files backed up, enabling "
23908
"quick location and restoration of archived files. The Catalog supports three "
23909
"different databases MySQL, PostgreSQL, and SQLite."
23910
msgstr ""
23911
23912
#: serverguide/C/backups.xml:581(para)
23913
msgid ""
23914
"<application>Bacula Monitor:</application> allows the monitoring of the "
23915
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
23916
"available as a GTK+ GUI application."
23917
msgstr ""
23918
23919
#: serverguide/C/backups.xml:587(para)
23920
msgid ""
23921
"These services and applications can be run on multiple servers and clients, "
23922
"or they can be installed on one machine if backing up a single disk or "
23923
"volume."
23924
msgstr ""
23925
23926
#: serverguide/C/backups.xml:594(para)
23927
msgid ""
23928
"There are multiple packages containing the different "
23929
"<application>Bacula</application> components. To install Bacula, from a "
23930
"terminal prompt enter:"
23931
msgstr ""
23932
23933
#: serverguide/C/backups.xml:599(command)
23934
msgid "sudo apt-get install bacula"
23935
msgstr ""
23936
23937
#: serverguide/C/backups.xml:601(para)
23938
msgid ""
23939
"By default installing the <application>bacula</application> package will use "
23940
"a <application>MySQL</application> database for the Catalog. If you want to "
23941
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
23942
"director-sqlite3</application> or <application>bacula-director-"
23943
"pgsql</application> respectively."
23944
msgstr ""
23945
23946
#: serverguide/C/backups.xml:607(para)
23947
msgid ""
23948
"During the install process you will be asked to supply credentials for the "
23949
"database <emphasis>administrator</emphasis> and the "
23950
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
23951
"database administrator will need to have the appropriate rights to create a "
23952
"database, see <xref linkend=\"mysql\"/> for more information."
23953
msgstr ""
23954
23955
#: serverguide/C/backups.xml:617(para)
23956
msgid ""
23957
"<application>Bacula</application> configuration files are formatted based on "
23958
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
23959
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
23960
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
23961
"directory."
23962
msgstr ""
23963
23964
#: serverguide/C/backups.xml:622(para)
23965
msgid ""
23966
"The various <application>Bacula</application> components must authorize "
23967
"themselves to each other. This is accomplished using the "
23968
"<emphasis>password</emphasis> directive. For example, the "
23969
"<emphasis>Storage</emphasis> resource password in the "
23970
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
23971
"<emphasis>Director</emphasis> resource password in "
23972
"<filename>/etc/bacula/bacula-sd.conf</filename>."
23973
msgstr ""
23974
23975
#: serverguide/C/backups.xml:628(para)
23976
msgid ""
23977
"By default the backup job named <emphasis>Client1</emphasis> is configured "
23978
"to archive the <application>Bacula</application> Catalog. If you plan on "
23979
"using the server to backup more than one client you should change the name "
23980
"of this job to something more descriptive. To change the name edit "
23981
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
23982
msgstr ""
23983
23984
#: serverguide/C/backups.xml:633(programlisting)
23985
#, no-wrap
23986
msgid ""
23987
"\n"
23988
"#\n"
23989
"# Define the main nightly save backup job\n"
23990
"# By default, this job will back up to disk in \n"
23991
"Job {\n"
23992
" Name = \"BackupServer\"\n"
23993
" JobDefs = \"DefaultJob\"\n"
23994
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
23995
"}\n"
23996
msgstr ""
23997
23998
#: serverguide/C/backups.xml:644(para)
23999
msgid ""
24000
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
24001
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
24002
"your appropriate hostname, or other descriptive name."
24003
msgstr ""
24004
24005
#: serverguide/C/backups.xml:649(para)
24006
msgid ""
24007
"The <emphasis>Console</emphasis> can be used to query the "
24008
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
24009
"<emphasis>non-root</emphasis> user, the user needs to be in the "
24010
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
24011
"the following from a terminal:"
24012
msgstr ""
24013
24014
#: serverguide/C/backups.xml:655(command)
24015
msgid "sudo adduser $username bacula"
24016
msgstr ""
24017
24018
#: serverguide/C/backups.xml:658(para)
24019
msgid ""
24020
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
24021
"you are adding the current user to the group you should log out and back in "
24022
"for the new permissions to take effect."
24023
msgstr ""
24024
24025
#: serverguide/C/backups.xml:665(title)
24026
msgid "Localhost Backup"
24027
msgstr ""
24028
24029
#: serverguide/C/backups.xml:666(para)
24030
msgid ""
24031
"This section describes how to backup specified directories on a single host "
24032
"to a local tape drive."
24033
msgstr ""
24034
24035
#: serverguide/C/backups.xml:671(para)
24036
msgid ""
24037
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
24038
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
24039
msgstr ""
24040
24041
#: serverguide/C/backups.xml:674(programlisting)
24042
#, no-wrap
24043
msgid ""
24044
"\n"
24045
"Device {\n"
24046
" Name = \"Tape Drive\"\n"
24047
" Device Type = tape\n"
24048
" Media Type = DDS-4\n"
24049
" Archive Device = /dev/st0\n"
24050
" Hardware end of medium = No;\n"
24051
" AutomaticMount = yes; # when device opened, read it\n"
24052
" AlwaysOpen = Yes;\n"
24053
" RemovableMedia = yes;\n"
24054
" RandomAccess = no;\n"
24055
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
24056
"}\n"
24057
msgstr ""
24058
24059
#: serverguide/C/backups.xml:688(para)
24060
msgid ""
24061
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
24062
"Type and Archive Device to match your hardware."
24063
msgstr ""
24064
24065
#: serverguide/C/backups.xml:691(para)
24066
msgid "You could also uncomment one of the other examples in the file."
24067
msgstr ""
24068
24069
#: serverguide/C/backups.xml:696(para)
24070
msgid ""
24071
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
24072
"<application>Storage</application> daemon will need to be restarted:"
24073
msgstr ""
24074
24075
#: serverguide/C/backups.xml:701(command)
24076
msgid "sudo /etc/init.d/bacula-sd restart"
24077
msgstr ""
24078
24079
#: serverguide/C/backups.xml:705(para)
24080
msgid ""
24081
"Now add a <emphasis>Storage</emphasis> resource in "
24082
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
24083
msgstr ""
24084
24085
#: serverguide/C/backups.xml:708(programlisting)
24086
#, no-wrap
24087
msgid ""
24088
"\n"
24089
"# Definition of \"Tape Drive\" storage device\n"
24090
"Storage {\n"
24091
" Name = TapeDrive\n"
24092
" # Do not use \"localhost\" here \n"
24093
" Address = backupserver # N.B. Use a fully qualified name "
24094
"here\n"
24095
" SDPort = 9103\n"
24096
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
24097
" Device = \"Tape Drive\"\n"
24098
" Media Type = tape\n"
24099
"}\n"
24100
msgstr ""
24101
24102
#: serverguide/C/backups.xml:720(para)
24103
msgid ""
24104
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
24105
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
24106
"to the actual host name."
24107
msgstr ""
24108
24109
#: serverguide/C/backups.xml:724(para)
24110
msgid ""
24111
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
24112
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
24113
msgstr ""
24114
24115
#: serverguide/C/backups.xml:730(para)
24116
msgid ""
24117
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
24118
"directories to backup, by adding:"
24119
msgstr ""
24120
24121
#: serverguide/C/backups.xml:733(programlisting)
24122
#, no-wrap
24123
msgid ""
24124
"\n"
24125
"# LocalhostBacup FileSet.\n"
24126
"FileSet {\n"
24127
" Name = \"LocalhostFiles\"\n"
24128
" Include {\n"
24129
" Options {\n"
24130
" signature = MD5\n"
24131
" compression=GZIP\n"
24132
" }\n"
24133
" File = /etc\n"
24134
" File = /home\n"
24135
" }\n"
24136
"}\n"
24137
msgstr ""
24138
24139
#: serverguide/C/backups.xml:747(para)
24140
msgid ""
24141
"This <emphasis>FileSet</emphasis> will backup the <filename "
24142
"role=\"directory\">/etc</filename> and <filename "
24143
"role=\"directory\">/home</filename> directories. The "
24144
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
24145
"create a MD5 signature for each file backed up, and to compress the files "
24146
"using GZIP."
24147
msgstr ""
24148
24149
#: serverguide/C/backups.xml:754(para)
24150
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
24151
msgstr ""
24152
24153
#: serverguide/C/backups.xml:757(programlisting)
24154
#, no-wrap
24155
msgid ""
24156
"\n"
24157
"# LocalhostBackup Schedule -- Daily.\n"
24158
"Schedule {\n"
24159
" Name = \"LocalhostDaily\"\n"
24160
" Run = Full daily at 00:01\n"
24161
"}\n"
24162
msgstr ""
24163
24164
#: serverguide/C/backups.xml:764(para)
24165
msgid ""
24166
"The job will run every day at 00:01 or 12:01 am. There are many other "
24167
"scheduling options available."
24168
msgstr ""
24169
24170
#: serverguide/C/backups.xml:769(para)
24171
msgid "Finally create the <emphasis>Job</emphasis>:"
24172
msgstr ""
24173
24174
#: serverguide/C/backups.xml:772(programlisting)
24175
#, no-wrap
24176
msgid ""
24177
"\n"
24178
"# Localhost backup.\n"
24179
"Job {\n"
24180
" Name = \"LocalhostBackup\"\n"
24181
" JobDefs = \"DefaultJob\"\n"
24182
" Enabled = yes\n"
24183
" Level = Full\n"
24184
" FileSet = \"LocalhostFiles\"\n"
24185
" Schedule = \"LocalhostDaily\"\n"
24186
" Storage = TapeDrive\n"
24187
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
24188
"} \n"
24189
msgstr ""
24190
24191
#: serverguide/C/backups.xml:785(para)
24192
msgid ""
24193
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
24194
"drive."
24195
msgstr ""
24196
24197
#: serverguide/C/backups.xml:790(para)
24198
msgid ""
24199
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
24200
"current tape does not have a label <application>Bacula</application> will "
24201
"send an email letting you know. To label a tape using the "
24202
"<application>Console</application> enter the following from a terminal:"
24203
msgstr ""
24204
24205
#: serverguide/C/backups.xml:796(command)
24206
msgid "bconsole"
24207
msgstr ""
24208
24209
#: serverguide/C/backups.xml:800(para)
24210
msgid "At the Bacula Console prompt enter:"
24211
msgstr ""
24212
24213
#: serverguide/C/backups.xml:804(command)
24214
msgid "label"
24215
msgstr "ប្លាកសញ្ញា"
24216
24217
#: serverguide/C/backups.xml:808(para)
24218
msgid ""
24219
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
24220
msgstr ""
24221
24222
#: serverguide/C/backups.xml:818(userinput)
24223
#, no-wrap
24224
msgid "2"
24225
msgstr ""
24226
24227
#: serverguide/C/backups.xml:812(computeroutput)
24228
#, no-wrap
24229
msgid ""
24230
"\n"
24231
"Automatically selected Catalog: MyCatalog\n"
24232
"Using Catalog \"MyCatalog\"\n"
24233
"The defined Storage resources are:\n"
24234
" 1: File\n"
24235
" 2: TapeDrive\n"
24236
"Select Storage resource (1-2):<placeholder-1/>\n"
24237
msgstr ""
24238
24239
#: serverguide/C/backups.xml:823(para)
24240
msgid "Enter the new <emphasis>Volume</emphasis> name:"
24241
msgstr ""
24242
24243
#: serverguide/C/backups.xml:828(userinput)
24244
#, no-wrap
24245
msgid "Sunday"
24246
msgstr "ថ្ងៃ អាទិត្យ"
24247
24248
#: serverguide/C/backups.xml:827(computeroutput)
24249
#, no-wrap
24250
msgid ""
24251
"\n"
24252
"Enter new Volume name: <placeholder-1/>\n"
24253
"Defined Pools:\n"
24254
" 1: Default\n"
24255
" 2: Scratch"
24256
msgstr ""
24257
24258
#: serverguide/C/backups.xml:833(para)
24259
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
24260
msgstr ""
24261
24262
#: serverguide/C/backups.xml:838(para)
24263
msgid "Now, select the <emphasis>Pool</emphasis>:"
24264
msgstr ""
24265
24266
#: serverguide/C/backups.xml:843(userinput)
24267
#, no-wrap
24268
msgid "1"
24269
msgstr ""
24270
24271
#: serverguide/C/backups.xml:842(computeroutput)
24272
#, no-wrap
24273
msgid ""
24274
"\n"
24275
"Select the Pool (1-2): <placeholder-1/>\n"
24276
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
24277
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
24278
msgstr ""
24279
24280
#: serverguide/C/backups.xml:850(para)
24281
msgid ""
24282
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
24283
"backup the localhost to an attached tape drive."
24284
msgstr ""
24285
24286
#: serverguide/C/backups.xml:858(para)
24287
msgid ""
24288
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
24289
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
24290
"Manual</ulink>"
24291
msgstr ""
24292
24293
#: serverguide/C/backups.xml:864(para)
24294
msgid ""
24295
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
24296
"the latest Bacula news and developments."
24297
msgstr ""
24298
24299
#: serverguide/C/backups.xml:869(para)
24300
msgid ""
24301
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24302
"Ubuntu Wiki</ulink> page."
24303
msgstr ""
24304
24305
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
24306
#: serverguide/C/backups.xml:0(None)
24307
msgid "translator-credits"
24308
msgstr ""
Loggerhead is a web-based interface for Breezy
Version: 2.0.1