« back to all changes in this revision
Viewing changes to serverguide/po/nb.po
- browse files at revision 91
- compare with another revision
- download diff
- download tarball
- view history from revision 91
- Committer: Bazaar Package Importer
- Author(s): Matthew East
- Date: 2010-04-18 21:06:41 UTC
- Revision ID: james.westby@ubuntu.com-20100418210641-ee4gokf3dfkak6j8
Tags: 10.04.3
* Import translations from Rosetta
* Replace old Ubuntu logo with new one from wiki:Brand (LP: #551058)
* Replace old Ubuntu logo with new one from wiki:Brand (LP: #551058)
- files added:
- about-ubuntu/po/om.po
- files modified:
- about-ubuntu/po/about-ubuntu.pot
added
removed
serverguide/po/nb.po
7
7
msgstr ""
8
8
"Project-Id-Version: ubuntu-docs\n"
9
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2009-10-04 21:24+0100\n"
11
"PO-Revision-Date: 2009-10-15 00:42+0000\n"
12
"Last-Translator: Launchpad Translations Administrators "
13
"<rosetta@launchpad.net>\n"
10
"POT-Creation-Date: 2010-03-29 08:26+0100\n"
11
"PO-Revision-Date: 2010-04-11 14:34+0000\n"
12
"Last-Translator: Kjetil Birkeland Moe <kjetilbi@stud.ntnu.no>\n"
14
13
"Language-Team: Norwegian Bokmål <nb@li.org>\n"
15
14
"MIME-Version: 1.0\n"
16
15
"Content-Type: text/plain; charset=UTF-8\n"
17
16
"Content-Transfer-Encoding: 8bit\n"
18
"X-Launchpad-Export-Date: 2009-10-16 07:29+0000\n"
17
"X-Launchpad-Export-Date: 2010-04-17 14:51+0000\n"
19
18
"X-Generator: Launchpad (build Unknown)\n"
20
19
21
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
24
23
25
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
26
25
msgid "Ubuntu Server Guide"
27
msgstr ""
26
msgstr "Ubuntu Serverguide"
28
27
29
28
#: serverguide/C/serverguide-C.omf:9(date)
30
29
msgid "2007-09-30"
31
msgstr "2007-09-30"
30
msgstr "30.09.2007"
32
31
33
32
#: serverguide/C/windows-networking.xml:13(title)
34
33
msgid "Windows Networking"
46
45
"network resources with Windows computers."
47
46
msgstr ""
48
47
49
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:397(title) serverguide/C/security.xml:412(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
48
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:402(title) serverguide/C/security.xml:354(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
50
49
msgid "Introduction"
51
50
msgstr "Innledning"
52
51
99
98
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
100
99
"website</ulink>."
101
100
msgstr ""
101
"Denne delen av <phrase>Ubuntu</phrase> Serverguiden vil introdusere noen av "
102
"de vanlige bruksmåtene for Samba, og hvordan installere og konfigurere de "
103
"nødvendige pakkene. Detaljert dokumentasjon og informasjon om Samba kan "
104
"finnes på <ulink url=\"http://www.Samba.org\">Samba-websiden</ulink>"
102
105
103
106
#: serverguide/C/windows-networking.xml:70(title)
104
107
msgid "Samba File Server"
117
120
"without prompting for a password. If your environment requires stricter "
118
121
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
119
122
msgstr ""
123
"Serveren vil bli konfigurert til å dele filer med alle klienter på "
124
"nettverket uten å spørre etter passord. Hvis ditt miljø krever strengere "
125
"Adgangskontroll, se <xref linkend=\"samba-fileprint-security\"/>"
120
126
121
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:282(title) serverguide/C/windows-networking.xml:1279(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:669(title) serverguide/C/web-servers.xml:804(title) serverguide/C/web-servers.xml:925(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:1341(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:402(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:220(title) serverguide/C/network-config.xml:603(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1244(title) serverguide/C/network-auth.xml:1749(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:423(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:478(title) serverguide/C/mail.xml:651(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1284(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:282(title) serverguide/C/lamp-applications.xml:398(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:908(title) serverguide/C/file-server.xml:342(title) serverguide/C/file-server.xml:454(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:159(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:593(title)
127
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:287(title) serverguide/C/windows-networking.xml:1302(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:675(title) serverguide/C/web-servers.xml:816(title) serverguide/C/web-servers.xml:940(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:2014(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:405(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:233(title) serverguide/C/network-config.xml:937(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1581(title) serverguide/C/network-auth.xml:2092(title) serverguide/C/network-auth.xml:2483(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:428(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:496(title) serverguide/C/mail.xml:674(title) serverguide/C/mail.xml:823(title) serverguide/C/mail.xml:1315(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:287(title) serverguide/C/lamp-applications.xml:423(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:957(title) serverguide/C/file-server.xml:347(title) serverguide/C/file-server.xml:462(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:164(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:141(title) serverguide/C/backups.xml:593(title)
122
128
msgid "Installation"
123
129
msgstr "Installasjon"
124
130
130
136
"Første steg er å installére <application>samba</application>-pakken. Skriv "
131
137
"følgende i et terminal-vindu:"
132
138
133
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:294(command)
139
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:299(command)
134
140
msgid "sudo apt-get install samba"
135
141
msgstr "sudo apt-get install samba"
136
142
142
148
"Det er alt som skal til; du er nå klar til å stille inn Samba til å dele "
143
149
"filer."
144
150
145
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:299(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:720(title) serverguide/C/web-servers.xml:815(title) serverguide/C/web-servers.xml:952(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/vpn.xml:137(title) serverguide/C/virtualization.xml:1226(title) serverguide/C/virtualization.xml:1415(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:420(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:245(title) serverguide/C/package-management.xml:365(title) serverguide/C/network-config.xml:625(title) serverguide/C/network-auth.xml:88(title) serverguide/C/network-auth.xml:1788(title) serverguide/C/network-auth.xml:2161(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:449(title) serverguide/C/mail.xml:487(title) serverguide/C/mail.xml:661(title) serverguide/C/mail.xml:880(title) serverguide/C/mail.xml:1309(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:309(title) serverguide/C/lamp-applications.xml:428(title) serverguide/C/file-server.xml:355(title) serverguide/C/file-server.xml:480(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:178(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:616(title)
151
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:304(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:726(title) serverguide/C/web-servers.xml:827(title) serverguide/C/web-servers.xml:967(title) serverguide/C/web-servers.xml:1067(title) serverguide/C/vpn.xml:138(title) serverguide/C/virtualization.xml:2088(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:423(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:258(title) serverguide/C/package-management.xml:387(title) serverguide/C/network-config.xml:959(title) serverguide/C/network-auth.xml:2131(title) serverguide/C/network-auth.xml:2504(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:454(title) serverguide/C/mail.xml:505(title) serverguide/C/mail.xml:684(title) serverguide/C/mail.xml:908(title) serverguide/C/mail.xml:1344(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:314(title) serverguide/C/lamp-applications.xml:453(title) serverguide/C/file-server.xml:360(title) serverguide/C/file-server.xml:488(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:183(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:153(title) serverguide/C/backups.xml:616(title)
146
152
msgid "Configuration"
147
msgstr "Konfigurasjon"
153
msgstr "Innstilling"
148
154
149
155
#: serverguide/C/windows-networking.xml:101(para)
150
156
msgid ""
153
159
"a significant amount of comments in order to document various configuration "
154
160
"directives."
155
161
msgstr ""
162
"Hovedinnstillingene til Samba finnes i filen "
163
"<filename>/etc/samba/smb.conf</filename>. Standardinnstillingen har mengder "
164
"av kommentarer for å vise ulike valg."
156
165
157
166
#: serverguide/C/windows-networking.xml:106(para)
158
167
msgid ""
161
170
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
162
171
"Collection/\">Samba HOWTO Collection</ulink> for more details."
163
172
msgstr ""
173
"Det finnes flere valg enn de som vises i standardinnstillingene. Se "
174
"<application>manualsidene</application> til <filename>smb.conf</filename> "
175
"eller <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
176
"Collection/\">Samba-eksempel-samling</ulink> for flere detaljer."
164
177
165
178
#: serverguide/C/windows-networking.xml:116(para)
166
179
msgid ""
168
181
"<emphasis>[global]</emphasis> section of "
169
182
"<filename>/etc/samba/smb.conf</filename>:"
170
183
msgstr ""
184
"Først endre de følgende nøkkel-/verdi-parene i <emphasis>[global]</emphasis>-"
185
"seksjonen av <filename>/etc/samba/smb.conf<filename>:"
171
186
172
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:306(programlisting) serverguide/C/windows-networking.xml:761(programlisting) serverguide/C/windows-networking.xml:975(programlisting)
187
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:311(programlisting) serverguide/C/windows-networking.xml:776(programlisting) serverguide/C/windows-networking.xml:990(programlisting)
173
188
#, no-wrap
174
189
msgid ""
175
190
"\n"
177
192
" ...\n"
178
193
" security = user\n"
179
194
msgstr ""
195
"\n"
196
" workgroup = EKSEMPEL\n"
197
" ...\n"
198
" security = user\n"
180
199
181
200
#: serverguide/C/windows-networking.xml:127(para)
182
201
msgid ""
184
203
"section, and is commented by default. Also, change "
185
204
"<emphasis>EXAMPLE</emphasis> to better match your environment."
186
205
msgstr ""
206
"<emphasis>security</emphasis>-innstillingen er lenger nede under [global]-"
207
"seksjonen, og er omgjort til kommentar som standard. I tillegg bør du endre "
208
"<emphasis>EKSEMPEL</emphasis> til noe som passer bedre."
187
209
188
210
#: serverguide/C/windows-networking.xml:135(para)
189
211
msgid ""
190
212
"Create a new section at the bottom of the file, or uncomment one of the "
191
213
"examples, for the directory to be shared:"
192
214
msgstr ""
215
"Opprett en ny seksjon på slutten av filen eller avkommenter et av eksemplene "
216
"for mappen som skal deles:"
193
217
194
218
#: serverguide/C/windows-networking.xml:139(programlisting)
195
219
#, no-wrap
203
227
" read only = no\n"
204
228
" create mask = 0755\n"
205
229
msgstr ""
230
"\n"
231
"[share]\n"
232
" comment = Ubuntu File Server Share\n"
233
" path = /srv/samba/share\n"
234
" browsable = yes\n"
235
" guest ok = yes\n"
236
" read only = no\n"
237
" create mask = 0755\n"
206
238
207
239
#: serverguide/C/windows-networking.xml:151(para)
208
240
msgid ""
209
241
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
210
242
"fit your needs."
211
243
msgstr ""
244
"<emphasis>comment:</emphasis> en kort kommentar som forklarer delingen. "
245
"Tilpass etter behov."
212
246
213
247
#: serverguide/C/windows-networking.xml:156(para)
214
248
msgid "<emphasis>path:</emphasis> the path to the directory to share."
215
msgstr ""
249
msgstr "<emphasis>path:</emphasis> banen til mappen som skal deles."
216
250
217
251
#: serverguide/C/windows-networking.xml:159(para)
218
252
msgid ""
256
290
"Now that <application>Samba</application> is configured, the directory needs "
257
291
"to be created and the permissions changed. From a terminal enter:"
258
292
msgstr ""
293
"Nå når <application>Samba</application> er konfigurert, må mappen bli "
294
"opprettet og tillatelsene endret. Skriv inn følgende i et terminalvindu:"
259
295
260
296
#: serverguide/C/windows-networking.xml:199(command)
261
297
msgid "sudo mkdir -p /srv/samba/share"
262
msgstr ""
298
msgstr "sudo mkdir -p /srv/samba/share"
263
299
264
300
#: serverguide/C/windows-networking.xml:200(command)
265
301
msgid "sudo chown nobody.nogroup /srv/samba/share/"
266
msgstr ""
302
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
267
303
268
304
#: serverguide/C/windows-networking.xml:204(para)
269
305
msgid ""
271
307
"directory tree if it doesn't exist. Change the share name to fit your "
272
308
"environment."
273
309
msgstr ""
310
"<emphasis>-p</emphasis> -bryteren forteller mkdir å lage hele mappetreet "
311
"hvis det ikke eksisterer. Endre navnet etter eget ønske."
274
312
275
313
#: serverguide/C/windows-networking.xml:213(para)
276
314
msgid ""
277
315
"Finally, restart the <application>samba</application> services to enable the "
278
316
"new configuration:"
279
317
msgstr ""
318
"Til slutt, start <application>samba</application>-tjenestene på nytt for å "
319
"aktivere den nye konfigurasjonen:"
280
320
281
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:326(command) serverguide/C/windows-networking.xml:458(command) serverguide/C/windows-networking.xml:557(command) serverguide/C/windows-networking.xml:922(command) serverguide/C/windows-networking.xml:1032(command) serverguide/C/windows-networking.xml:1142(command) serverguide/C/network-auth.xml:1523(command)
321
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:331(command) serverguide/C/windows-networking.xml:468(command) serverguide/C/windows-networking.xml:567(command) serverguide/C/windows-networking.xml:937(command) serverguide/C/windows-networking.xml:1047(command) serverguide/C/windows-networking.xml:1162(command) serverguide/C/network-auth.xml:1860(command)
282
322
msgid "sudo /etc/init.d/samba restart"
283
323
msgstr "sudo /etc/init.d/samba restart"
284
324
304
344
"share actually exists and the permissions are correct."
305
345
msgstr ""
306
346
307
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:336(title) serverguide/C/windows-networking.xml:686(title) serverguide/C/windows-networking.xml:1051(title) serverguide/C/windows-networking.xml:1253(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1163(title) serverguide/C/remote-administration.xml:478(title) serverguide/C/network-config.xml:247(title) serverguide/C/network-config.xml:490(title) serverguide/C/network-auth.xml:1199(title) serverguide/C/network-auth.xml:1638(title) serverguide/C/network-auth.xml:2236(title) serverguide/C/network-auth.xml:2739(title) serverguide/C/installation.xml:848(title) serverguide/C/installation.xml:1124(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:268(title) serverguide/C/backups.xml:855(title)
347
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:341(title) serverguide/C/windows-networking.xml:696(title) serverguide/C/windows-networking.xml:1066(title) serverguide/C/windows-networking.xml:1273(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1168(title) serverguide/C/reporting-bugs.xml:304(title) serverguide/C/remote-administration.xml:491(title) serverguide/C/network-config.xml:569(title) serverguide/C/network-config.xml:824(title) serverguide/C/network-auth.xml:1531(title) serverguide/C/network-auth.xml:1975(title) serverguide/C/network-auth.xml:2579(title) serverguide/C/network-auth.xml:3087(title) serverguide/C/installation.xml:892(title) serverguide/C/installation.xml:1173(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:273(title) serverguide/C/backups.xml:855(title)
308
348
msgid "Resources"
309
349
msgstr ""
310
350
311
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:340(para) serverguide/C/windows-networking.xml:690(para) serverguide/C/windows-networking.xml:1055(para)
351
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:345(para) serverguide/C/windows-networking.xml:700(para) serverguide/C/windows-networking.xml:1070(para)
312
352
msgid ""
313
353
"For in depth Samba configurations see the <ulink "
314
354
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
315
355
"Collection</ulink>"
316
356
msgstr ""
317
357
318
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:346(para) serverguide/C/windows-networking.xml:696(para) serverguide/C/windows-networking.xml:1061(para)
358
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:351(para) serverguide/C/windows-networking.xml:706(para) serverguide/C/windows-networking.xml:1076(para)
319
359
msgid ""
320
360
"The guide is also available in <ulink "
321
361
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
322
362
"format</ulink>."
323
363
msgstr ""
324
364
325
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:352(para)
365
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:357(para)
326
366
msgid ""
327
367
"O'Reilly's <ulink "
328
368
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
329
369
"another good reference."
330
370
msgstr ""
331
371
332
#: serverguide/C/windows-networking.xml:269(title)
372
#: serverguide/C/windows-networking.xml:265(para) serverguide/C/windows-networking.xml:368(para) serverguide/C/windows-networking.xml:731(para) serverguide/C/windows-networking.xml:1100(para) serverguide/C/windows-networking.xml:1286(para)
373
msgid ""
374
"The <ulink url=\"https://help.ubuntu.com/community/Samba\">Ubuntu Wiki Samba "
375
"</ulink> page."
376
msgstr ""
377
378
#: serverguide/C/windows-networking.xml:274(title)
333
379
msgid "Samba Print Server"
334
380
msgstr ""
335
381
336
#: serverguide/C/windows-networking.xml:271(para)
382
#: serverguide/C/windows-networking.xml:276(para)
337
383
msgid ""
338
384
"Another common use of Samba is to configure it to share printers installed, "
339
385
"either locally or over the network, on an Ubuntu server. Similar to <xref "
342
388
"prompting for a username and password."
343
389
msgstr ""
344
390
345
#: serverguide/C/windows-networking.xml:277(para)
391
#: serverguide/C/windows-networking.xml:282(para)
346
392
msgid ""
347
393
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
348
394
"security\"/>."
349
395
msgstr ""
350
396
351
#: serverguide/C/windows-networking.xml:284(para)
397
#: serverguide/C/windows-networking.xml:289(para)
352
398
msgid ""
353
399
"Before installing and configuring Samba it is best to already have a working "
354
400
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
355
401
"for details."
356
402
msgstr ""
357
403
358
#: serverguide/C/windows-networking.xml:289(para)
404
#: serverguide/C/windows-networking.xml:294(para)
359
405
msgid ""
360
406
"To install the <application>samba</application> package, from a terminal "
361
407
"enter:"
362
408
msgstr ""
363
409
364
#: serverguide/C/windows-networking.xml:300(para)
410
#: serverguide/C/windows-networking.xml:305(para)
365
411
msgid ""
366
412
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
367
413
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
369
415
"role=\"italic\">share</emphasis>:"
370
416
msgstr ""
371
417
372
#: serverguide/C/windows-networking.xml:312(para)
418
#: serverguide/C/windows-networking.xml:317(para)
373
419
msgid ""
374
420
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
375
421
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
376
422
msgstr ""
377
423
378
#: serverguide/C/windows-networking.xml:316(programlisting)
424
#: serverguide/C/windows-networking.xml:321(programlisting)
379
425
#, no-wrap
380
426
msgid ""
381
427
"\n"
383
429
" guest ok = yes\n"
384
430
msgstr ""
385
431
386
#: serverguide/C/windows-networking.xml:321(para)
432
#: serverguide/C/windows-networking.xml:326(para)
387
433
msgid "After editing <filename>smb.conf</filename> restart Samba:"
388
434
msgstr ""
389
435
390
#: serverguide/C/windows-networking.xml:329(para)
436
#: serverguide/C/windows-networking.xml:334(para)
391
437
msgid ""
392
438
"The default Samba configuration will automatically share any printers "
393
439
"installed. Simply install the printer locally on your Windows clients."
394
440
msgstr ""
395
441
396
#: serverguide/C/windows-networking.xml:358(para)
442
#: serverguide/C/windows-networking.xml:363(para)
397
443
msgid ""
398
444
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
399
445
"more information on configuring CUPS."
400
446
msgstr ""
401
447
402
#: serverguide/C/windows-networking.xml:367(title)
448
#: serverguide/C/windows-networking.xml:377(title)
403
449
msgid "Securing a Samba File and Print Server"
404
450
msgstr ""
405
451
406
#: serverguide/C/windows-networking.xml:370(title)
452
#: serverguide/C/windows-networking.xml:380(title)
407
453
msgid "Samba Security Modes"
408
454
msgstr ""
409
455
410
#: serverguide/C/windows-networking.xml:372(para)
456
#: serverguide/C/windows-networking.xml:382(para)
411
457
msgid ""
412
458
"There are two security levels available to the Common Internet Filesystem "
413
459
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
416
462
"security and one way to implement share-level:"
417
463
msgstr ""
418
464
419
#: serverguide/C/windows-networking.xml:381(para)
465
#: serverguide/C/windows-networking.xml:391(para)
420
466
msgid ""
421
467
"<emphasis>security = user:</emphasis> requires clients to supply a username "
422
468
"and password to connect to shares. Samba user accounts are separate from "
424
470
"will sync system users and passwords with the Samba user database."
425
471
msgstr ""
426
472
427
#: serverguide/C/windows-networking.xml:388(para)
473
#: serverguide/C/windows-networking.xml:398(para)
428
474
msgid ""
429
475
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
430
476
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
432
478
"linkend=\"samba-dc\"/> for further information."
433
479
msgstr ""
434
480
435
#: serverguide/C/windows-networking.xml:395(para)
481
#: serverguide/C/windows-networking.xml:405(para)
436
482
msgid ""
437
483
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
438
484
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
439
485
"integration\"/> for details."
440
486
msgstr ""
441
487
442
#: serverguide/C/windows-networking.xml:401(para)
488
#: serverguide/C/windows-networking.xml:411(para)
443
489
msgid ""
444
490
"<emphasis>security = server:</emphasis> this mode is left over from before "
445
491
"Samba could become a member server, and due to some security issues should "
448
494
"of the Samba guide for more details."
449
495
msgstr ""
450
496
451
#: serverguide/C/windows-networking.xml:409(para)
497
#: serverguide/C/windows-networking.xml:419(para)
452
498
msgid ""
453
499
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
454
500
"without supplying a username and password."
455
501
msgstr ""
456
502
457
#: serverguide/C/windows-networking.xml:416(para)
503
#: serverguide/C/windows-networking.xml:426(para)
458
504
msgid ""
459
505
"The security mode you choose will depend on your environment and what you "
460
506
"need the Samba server to accomplish."
461
507
msgstr ""
462
508
463
#: serverguide/C/windows-networking.xml:422(title)
509
#: serverguide/C/windows-networking.xml:432(title)
464
510
msgid "Security = User"
465
511
msgstr ""
466
512
467
#: serverguide/C/windows-networking.xml:424(para)
513
#: serverguide/C/windows-networking.xml:434(para)
468
514
msgid ""
469
515
"This section will reconfigure the Samba file and print server, from <xref "
470
516
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
471
517
"require authentication."
472
518
msgstr ""
473
519
474
#: serverguide/C/windows-networking.xml:429(para)
520
#: serverguide/C/windows-networking.xml:439(para)
475
521
msgid ""
476
522
"First, install the <application>libpam-smbpass</application> package which "
477
523
"will sync the system users to the Samba user database:"
478
524
msgstr ""
479
525
480
#: serverguide/C/windows-networking.xml:435(command)
526
#: serverguide/C/windows-networking.xml:445(command)
481
527
msgid "sudo apt-get install libpam-smbpass"
482
528
msgstr ""
483
529
484
#: serverguide/C/windows-networking.xml:439(para)
530
#: serverguide/C/windows-networking.xml:449(para)
485
531
msgid ""
486
532
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
487
533
"<application>libpam-smbpass</application> is already installed."
488
534
msgstr ""
489
535
490
#: serverguide/C/windows-networking.xml:445(para)
536
#: serverguide/C/windows-networking.xml:455(para)
491
537
msgid ""
492
538
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
493
539
"<emphasis>[share]</emphasis> section change:"
494
540
msgstr ""
495
541
496
#: serverguide/C/windows-networking.xml:449(programlisting)
542
#: serverguide/C/windows-networking.xml:459(programlisting)
497
543
#, no-wrap
498
544
msgid ""
499
545
"\n"
500
546
" guest ok = no\n"
501
547
msgstr ""
502
548
503
#: serverguide/C/windows-networking.xml:453(para)
549
#: serverguide/C/windows-networking.xml:463(para)
504
550
msgid "Finally, restart Samba for the new settings to take effect:"
505
551
msgstr ""
552
"Til slutt starter du Samba på nytt for at endringene skal tre i kraft:"
506
553
507
#: serverguide/C/windows-networking.xml:461(para)
554
#: serverguide/C/windows-networking.xml:471(para)
508
555
msgid ""
509
556
"Now when connecting to the shared directories or printers you should be "
510
557
"prompted for a username and password."
511
558
msgstr ""
512
559
513
#: serverguide/C/windows-networking.xml:466(para)
560
#: serverguide/C/windows-networking.xml:476(para)
514
561
msgid ""
515
562
"If you choose to map a network drive to the share you can check the "
516
563
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
517
564
"enter the username and password once, at least until the password changes."
518
565
msgstr ""
519
566
520
#: serverguide/C/windows-networking.xml:474(title)
567
#: serverguide/C/windows-networking.xml:484(title)
521
568
msgid "Share Security"
522
569
msgstr ""
523
570
524
#: serverguide/C/windows-networking.xml:476(para)
571
#: serverguide/C/windows-networking.xml:486(para)
525
572
msgid ""
526
573
"There are several options available to increase the security for each "
527
574
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
528
575
"this section will cover some common options."
529
576
msgstr ""
530
577
531
#: serverguide/C/windows-networking.xml:482(title)
578
#: serverguide/C/windows-networking.xml:492(title)
532
579
msgid "Groups"
533
580
msgstr "Grupper"
534
581
535
#: serverguide/C/windows-networking.xml:484(para)
582
#: serverguide/C/windows-networking.xml:494(para)
536
583
msgid ""
537
584
"Groups define a collection of computers or users which have a common level "
538
585
"of access to particular network resources and offer a level of granularity "
554
601
"have only access to resources explicitly allowing the group they are part of."
555
602
msgstr ""
556
603
557
#: serverguide/C/windows-networking.xml:498(para)
604
#: serverguide/C/windows-networking.xml:508(para)
558
605
msgid ""
559
606
"By default Samba looks for the local system groups defined in "
560
607
"<filename>/etc/group</filename> to determine which users belong to which "
562
609
"<xref linkend=\"adding-deleting-users\"/>."
563
610
msgstr ""
564
611
565
#: serverguide/C/windows-networking.xml:504(para)
612
#: serverguide/C/windows-networking.xml:514(para)
566
613
msgid ""
567
614
"When defining groups in the Samba configuration file, "
568
615
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
573
620
"role=\"bold\">@sysadmin</emphasis>."
574
621
msgstr ""
575
622
576
#: serverguide/C/windows-networking.xml:513(title)
623
#: serverguide/C/windows-networking.xml:523(title)
577
624
msgid "File Permissions"
578
625
msgstr "Filtilganger"
579
626
580
#: serverguide/C/windows-networking.xml:515(para)
627
#: serverguide/C/windows-networking.xml:525(para)
581
628
msgid ""
582
629
"File Permissions define the explicit rights a computer or user has to a "
583
630
"particular directory, file, or set of files. Such permissions may be defined "
585
632
"the explicit permissions of a defined file share."
586
633
msgstr ""
587
634
588
#: serverguide/C/windows-networking.xml:521(para)
635
#: serverguide/C/windows-networking.xml:531(para)
589
636
msgid ""
590
637
"For example, if you have defined a Samba share called "
591
638
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
597
644
"under the <emphasis>[share]</emphasis> entry:"
598
645
msgstr ""
599
646
600
#: serverguide/C/windows-networking.xml:530(programlisting)
647
#: serverguide/C/windows-networking.xml:540(programlisting)
601
648
#, no-wrap
602
649
msgid ""
603
650
"\n"
605
652
" write list = @sysadmin, vincent\n"
606
653
msgstr ""
607
654
608
#: serverguide/C/windows-networking.xml:535(para)
655
#: serverguide/C/windows-networking.xml:545(para)
609
656
msgid ""
610
657
"Another possible Samba permission is to declare "
611
658
"<emphasis>administrative</emphasis> permissions to a particular shared "
614
661
"administrative permissions to."
615
662
msgstr ""
616
663
617
#: serverguide/C/windows-networking.xml:541(para)
664
#: serverguide/C/windows-networking.xml:551(para)
618
665
msgid ""
619
666
"For example, if you wanted to give the user <emphasis "
620
667
"role=\"italic\">melissa</emphasis> administrative permissions to the "
623
670
"under the <emphasis>[share]</emphasis> entry:"
624
671
msgstr ""
625
672
626
#: serverguide/C/windows-networking.xml:548(programlisting)
673
#: serverguide/C/windows-networking.xml:558(programlisting)
627
674
#, no-wrap
628
675
msgid ""
629
676
"\n"
630
677
" admin users = melissa\n"
631
678
msgstr ""
632
679
633
#: serverguide/C/windows-networking.xml:552(para)
680
#: serverguide/C/windows-networking.xml:562(para)
634
681
msgid ""
635
682
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
636
683
"the changes to take effect:"
637
684
msgstr ""
685
"Etter du har endret filename>/etc/samba/smb.conf</filename>, start Samba på "
686
"nytt for at endringene skal tre i kraft:"
638
687
639
#: serverguide/C/windows-networking.xml:561(para)
688
#: serverguide/C/windows-networking.xml:571(para)
640
689
msgid ""
641
690
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
642
691
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
643
692
"<emphasis role=\"italic\">security = share</emphasis>"
644
693
msgstr ""
645
694
646
#: serverguide/C/windows-networking.xml:567(para)
695
#: serverguide/C/windows-networking.xml:577(para)
647
696
msgid ""
648
697
"Now that Samba has been configured to limit which groups have access to the "
649
698
"shared directory, the filesystem permissions need to be updated."
650
699
msgstr ""
651
700
652
#: serverguide/C/windows-networking.xml:572(para)
701
#: serverguide/C/windows-networking.xml:582(para)
653
702
msgid ""
654
703
"Traditional Linux file permissions do not map well to Windows NT Access "
655
704
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
658
707
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
659
708
msgstr ""
660
709
661
#: serverguide/C/windows-networking.xml:579(programlisting)
710
#: serverguide/C/windows-networking.xml:589(programlisting)
662
711
#, no-wrap
663
712
msgid ""
664
713
"\n"
666
715
"0 1\n"
667
716
msgstr ""
668
717
669
#: serverguide/C/windows-networking.xml:583(para)
718
#: serverguide/C/windows-networking.xml:593(para)
670
719
msgid "Then remount the partition:"
671
720
msgstr ""
672
721
673
#: serverguide/C/windows-networking.xml:588(command)
722
#: serverguide/C/windows-networking.xml:598(command)
674
723
msgid "sudo mount -v -o remount /srv"
675
724
msgstr ""
676
725
677
#: serverguide/C/windows-networking.xml:592(para)
726
#: serverguide/C/windows-networking.xml:602(para)
678
727
msgid ""
679
728
"The above example assumes <filename>/srv</filename> on a separate partition. "
680
729
"If <filename>/srv</filename>, or wherever you have configured your share "
682
731
"required."
683
732
msgstr ""
684
733
685
#: serverguide/C/windows-networking.xml:599(para)
734
#: serverguide/C/windows-networking.xml:609(para)
686
735
msgid ""
687
736
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
688
737
"group will be given read, write, and execute permissions to "
691
740
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
692
741
msgstr ""
693
742
694
#: serverguide/C/windows-networking.xml:607(command)
743
#: serverguide/C/windows-networking.xml:617(command)
695
744
msgid "sudo chown -R melissa /srv/samba/share/"
696
745
msgstr ""
697
746
698
#: serverguide/C/windows-networking.xml:608(command)
747
#: serverguide/C/windows-networking.xml:618(command)
699
748
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
700
749
msgstr ""
701
750
702
#: serverguide/C/windows-networking.xml:609(command)
751
#: serverguide/C/windows-networking.xml:619(command)
703
752
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
704
753
msgstr ""
705
754
706
#: serverguide/C/windows-networking.xml:613(para)
755
#: serverguide/C/windows-networking.xml:623(para)
707
756
msgid ""
708
757
"The <application>setfacl</application> command above gives "
709
758
"<emphasis>execute</emphasis> permissions to all files in the "
711
760
"want."
712
761
msgstr ""
713
762
714
#: serverguide/C/windows-networking.xml:619(para)
763
#: serverguide/C/windows-networking.xml:629(para)
715
764
msgid ""
716
765
"Now from a Windows client you should notice the new file permissions are "
717
766
"implemented. See the <application>acl</application> and "
719
768
"ACLs."
720
769
msgstr ""
721
770
722
#: serverguide/C/windows-networking.xml:627(title)
771
#: serverguide/C/windows-networking.xml:637(title)
723
772
msgid "Samba AppArmor Profile"
724
773
msgstr ""
725
774
726
#: serverguide/C/windows-networking.xml:629(para)
775
#: serverguide/C/windows-networking.xml:639(para)
727
776
msgid ""
728
777
"Ubuntu comes with the <application>AppArmor</application> security module, "
729
778
"which provides mandatory access controls. The default AppArmor profile for "
731
780
"using AppArmor see <xref linkend=\"apparmor\"/>."
732
781
msgstr ""
733
782
734
#: serverguide/C/windows-networking.xml:635(para)
783
#: serverguide/C/windows-networking.xml:645(para)
735
784
msgid ""
736
785
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
737
786
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
739
788
"package, from a terminal prompt enter:"
740
789
msgstr ""
741
790
742
#: serverguide/C/windows-networking.xml:642(command) serverguide/C/security.xml:978(command)
791
#: serverguide/C/windows-networking.xml:652(command) serverguide/C/security.xml:925(command)
743
792
msgid "sudo apt-get install apparmor-profiles"
744
793
msgstr ""
745
794
746
#: serverguide/C/windows-networking.xml:646(para)
795
#: serverguide/C/windows-networking.xml:656(para)
747
796
msgid "This package contains profiles for several other binaries."
748
797
msgstr ""
749
798
750
#: serverguide/C/windows-networking.xml:651(para)
799
#: serverguide/C/windows-networking.xml:661(para)
751
800
msgid ""
752
801
"By default the profiles for <application>smbd</application> and "
753
802
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
757
806
"profile will need to be modified to reflect any directories that are shared."
758
807
msgstr ""
759
808
760
#: serverguide/C/windows-networking.xml:658(para)
809
#: serverguide/C/windows-networking.xml:668(para)
761
810
msgid ""
762
811
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
763
812
"for <emphasis>[share]</emphasis> from the file server example:"
764
813
msgstr ""
765
814
766
#: serverguide/C/windows-networking.xml:663(programlisting)
815
#: serverguide/C/windows-networking.xml:673(programlisting)
767
816
#, no-wrap
768
817
msgid ""
769
818
"\n"
771
820
" /srv/samba/share/** rwkix,\n"
772
821
msgstr ""
773
822
774
#: serverguide/C/windows-networking.xml:668(para)
823
#: serverguide/C/windows-networking.xml:678(para)
775
824
msgid ""
776
825
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
777
826
msgstr ""
778
827
779
#: serverguide/C/windows-networking.xml:673(command)
828
#: serverguide/C/windows-networking.xml:683(command)
780
829
msgid "sudo aa-enforce /usr/sbin/smbd"
781
830
msgstr ""
782
831
783
#: serverguide/C/windows-networking.xml:674(command)
832
#: serverguide/C/windows-networking.xml:684(command)
784
833
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
785
834
msgstr ""
786
835
787
#: serverguide/C/windows-networking.xml:677(para)
836
#: serverguide/C/windows-networking.xml:687(para)
788
837
msgid ""
789
838
"You should now be able to read, write, and execute files in the shared "
790
839
"directory as normal, and the <application>smbd</application> binary will "
793
842
"will be logged to <filename>/var/log/syslog</filename>."
794
843
msgstr ""
795
844
796
#: serverguide/C/windows-networking.xml:702(para) serverguide/C/windows-networking.xml:1067(para)
845
#: serverguide/C/windows-networking.xml:712(para) serverguide/C/windows-networking.xml:1082(para)
797
846
msgid ""
798
847
"O'Reilly's <ulink "
799
848
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
800
849
"also a good reference."
801
850
msgstr ""
802
851
803
#: serverguide/C/windows-networking.xml:708(para)
852
#: serverguide/C/windows-networking.xml:718(para)
804
853
msgid ""
805
854
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
806
855
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
807
856
"security."
808
857
msgstr ""
809
858
810
#: serverguide/C/windows-networking.xml:714(para)
859
#: serverguide/C/windows-networking.xml:724(para)
811
860
msgid ""
812
861
"For more information on Samba and ACLs see the <ulink "
813
862
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
814
863
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
815
864
msgstr ""
816
865
817
#: serverguide/C/windows-networking.xml:725(title)
866
#: serverguide/C/windows-networking.xml:740(title)
818
867
msgid "Samba as a Domain Controller"
819
868
msgstr ""
820
869
821
#: serverguide/C/windows-networking.xml:727(para)
870
#: serverguide/C/windows-networking.xml:742(para)
822
871
msgid ""
823
872
"Although it cannot act as an Active Directory Primary Domain Controller "
824
873
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
827
876
"backends to store the user information."
828
877
msgstr ""
829
878
830
#: serverguide/C/windows-networking.xml:734(title)
879
#: serverguide/C/windows-networking.xml:749(title)
831
880
msgid "Primary Domain Controller"
832
881
msgstr ""
833
882
834
#: serverguide/C/windows-networking.xml:736(para)
883
#: serverguide/C/windows-networking.xml:751(para)
835
884
msgid ""
836
885
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
837
886
"using the default smbpasswd backend."
838
887
msgstr ""
839
888
840
#: serverguide/C/windows-networking.xml:743(para)
889
#: serverguide/C/windows-networking.xml:758(para)
841
890
msgid ""
842
891
"First, install Samba, and <application>libpam-smbpass</application> to sync "
843
892
"the user accounts, by entering the following in a terminal prompt:"
844
893
msgstr ""
845
894
846
#: serverguide/C/windows-networking.xml:749(command) serverguide/C/windows-networking.xml:965(command)
895
#: serverguide/C/windows-networking.xml:764(command) serverguide/C/windows-networking.xml:980(command)
847
896
msgid "sudo apt-get install samba libpam-smbpass"
848
897
msgstr ""
849
898
850
#: serverguide/C/windows-networking.xml:755(para)
899
#: serverguide/C/windows-networking.xml:770(para)
851
900
msgid ""
852
901
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
853
902
"The <emphasis>security</emphasis> mode should be set to <emphasis "
855
904
"should relate to your organization:"
856
905
msgstr ""
857
906
858
#: serverguide/C/windows-networking.xml:770(para)
907
#: serverguide/C/windows-networking.xml:785(para)
859
908
msgid ""
860
909
"In the commented <quote>Domains</quote> section add or uncomment the "
861
910
"following:"
862
911
msgstr ""
863
912
864
#: serverguide/C/windows-networking.xml:774(programlisting)
913
#: serverguide/C/windows-networking.xml:789(programlisting)
865
914
#, no-wrap
866
915
msgid ""
867
916
"\n"
874
923
"/var/lib/samba -s /bin/false %u\n"
875
924
msgstr ""
876
925
877
#: serverguide/C/windows-networking.xml:785(para)
926
#: serverguide/C/windows-networking.xml:800(para)
878
927
msgid ""
879
928
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
880
929
"Samba to act as a domain controller."
881
930
msgstr ""
882
931
883
#: serverguide/C/windows-networking.xml:790(para)
932
#: serverguide/C/windows-networking.xml:805(para)
884
933
msgid ""
885
934
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
886
935
"their home directory. It is also possible to configure a "
888
937
"directory."
889
938
msgstr ""
890
939
891
#: serverguide/C/windows-networking.xml:796(para)
940
#: serverguide/C/windows-networking.xml:811(para)
892
941
msgid ""
893
942
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
894
943
msgstr ""
895
944
896
#: serverguide/C/windows-networking.xml:801(para)
945
#: serverguide/C/windows-networking.xml:816(para)
897
946
msgid ""
898
947
"<emphasis>logon home:</emphasis> specifies the home directory location."
899
948
msgstr ""
900
949
901
#: serverguide/C/windows-networking.xml:806(para)
950
#: serverguide/C/windows-networking.xml:821(para)
902
951
msgid ""
903
952
"<emphasis>logon script:</emphasis> determines the script to be run locally "
904
953
"once a user has logged in. The script needs to be placed in the "
905
954
"<emphasis>[netlogon]</emphasis> share."
906
955
msgstr ""
907
956
908
#: serverguide/C/windows-networking.xml:812(para)
957
#: serverguide/C/windows-networking.xml:827(para)
909
958
msgid ""
910
959
"<emphasis>add machine script:</emphasis> a script that will automatically "
911
960
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
912
961
"workstation to join the domain."
913
962
msgstr ""
914
963
915
#: serverguide/C/windows-networking.xml:816(para)
964
#: serverguide/C/windows-networking.xml:831(para)
916
965
msgid ""
917
966
"In this example the <emphasis>machines</emphasis> group will need to be "
918
967
"created using the <application>addgroup</application> utility see <xref "
919
968
"linkend=\"adding-deleting-users\"/> for details."
920
969
msgstr ""
921
970
922
#: serverguide/C/windows-networking.xml:824(para)
971
#: serverguide/C/windows-networking.xml:839(para)
923
972
msgid ""
924
973
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
925
974
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
926
975
"commented."
927
976
msgstr ""
928
977
929
#: serverguide/C/windows-networking.xml:833(para)
978
#: serverguide/C/windows-networking.xml:848(para)
930
979
msgid ""
931
980
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
932
981
"role=\"italic\">logon home</emphasis> to be mapped:"
933
982
msgstr ""
934
983
935
#: serverguide/C/windows-networking.xml:838(programlisting)
984
#: serverguide/C/windows-networking.xml:853(programlisting)
936
985
#, no-wrap
937
986
msgid ""
938
987
"\n"
945
994
" valid users = %S\n"
946
995
msgstr ""
947
996
948
#: serverguide/C/windows-networking.xml:851(para)
997
#: serverguide/C/windows-networking.xml:866(para)
949
998
msgid ""
950
999
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
951
1000
"share needs to be configured. To enable the share, uncomment:"
952
1001
msgstr ""
953
1002
954
#: serverguide/C/windows-networking.xml:856(programlisting)
1003
#: serverguide/C/windows-networking.xml:871(programlisting)
955
1004
#, no-wrap
956
1005
msgid ""
957
1006
"\n"
963
1012
" share modes = no\n"
964
1013
msgstr ""
965
1014
966
#: serverguide/C/windows-networking.xml:866(para)
1015
#: serverguide/C/windows-networking.xml:881(para)
967
1016
msgid ""
968
1017
"The original <emphasis>netlogon</emphasis> share path is "
969
1018
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
972
1021
"location for site-specific data provided by the system."
973
1022
msgstr ""
974
1023
975
#: serverguide/C/windows-networking.xml:877(para)
1024
#: serverguide/C/windows-networking.xml:892(para)
976
1025
msgid ""
977
1026
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
978
1027
"and an empty (for now) <filename>logon.cmd</filename> script file:"
979
1028
msgstr ""
980
1029
981
#: serverguide/C/windows-networking.xml:883(command)
1030
#: serverguide/C/windows-networking.xml:898(command)
982
1031
msgid "sudo mkdir -p /srv/samba/netlogon"
983
1032
msgstr ""
984
1033
985
#: serverguide/C/windows-networking.xml:884(command)
1034
#: serverguide/C/windows-networking.xml:899(command)
986
1035
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
987
1036
msgstr ""
988
1037
989
#: serverguide/C/windows-networking.xml:887(para)
1038
#: serverguide/C/windows-networking.xml:902(para)
990
1039
msgid ""
991
1040
"You can enter any normal Windows logon script commands in "
992
1041
"<filename>logon.cmd</filename> to customize the client's environment."
993
1042
msgstr ""
994
1043
995
#: serverguide/C/windows-networking.xml:895(para)
1044
#: serverguide/C/windows-networking.xml:910(para)
996
1045
msgid ""
997
1046
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
998
1047
"workstation to the domain, a system group needs to be mapped to the Windows "
1000
1049
"<application>net</application> utility, from a terminal enter:"
1001
1050
msgstr ""
1002
1051
1003
#: serverguide/C/windows-networking.xml:902(command)
1052
#: serverguide/C/windows-networking.xml:917(command)
1004
1053
msgid ""
1005
1054
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1006
1055
"type=d"
1007
1056
msgstr ""
1008
1057
1009
#: serverguide/C/windows-networking.xml:906(para)
1058
#: serverguide/C/windows-networking.xml:921(para)
1010
1059
msgid ""
1011
1060
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1012
1061
"prefer. Also, the user used to join the domain needs to be a member of the "
1015
1064
"allows <application>sudo</application> use."
1016
1065
msgstr ""
1017
1066
1018
#: serverguide/C/windows-networking.xml:917(para)
1067
#: serverguide/C/windows-networking.xml:932(para)
1019
1068
msgid "Finally, restart Samba to enable the new domain controller:"
1020
1069
msgstr ""
1021
1070
1022
#: serverguide/C/windows-networking.xml:928(para)
1071
#: serverguide/C/windows-networking.xml:943(para)
1023
1072
msgid ""
1024
1073
"You should now be able to join Windows clients to the Domain in the same "
1025
1074
"manner as joining them to an NT4 domain running on a Windows server."
1026
1075
msgstr ""
1027
1076
1028
#: serverguide/C/windows-networking.xml:938(title)
1077
#: serverguide/C/windows-networking.xml:953(title)
1029
1078
msgid "Backup Domain Controller"
1030
1079
msgstr ""
1031
1080
1032
#: serverguide/C/windows-networking.xml:940(para)
1081
#: serverguide/C/windows-networking.xml:955(para)
1033
1082
msgid ""
1034
1083
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1035
1084
"Backup Domain Controller (BDC) as well. This will allow clients to "
1036
1085
"authenticate in case the PDC becomes unavailable."
1037
1086
msgstr ""
1038
1087
1039
#: serverguide/C/windows-networking.xml:945(para)
1088
#: serverguide/C/windows-networking.xml:960(para)
1040
1089
msgid ""
1041
1090
"When configuring Samba as a BDC you need a way to sync account information "
1042
1091
"with the PDC. There are multiple ways of accomplishing this "
1045
1094
"backend</emphasis>."
1046
1095
msgstr ""
1047
1096
1048
#: serverguide/C/windows-networking.xml:951(para)
1097
#: serverguide/C/windows-networking.xml:966(para)
1049
1098
msgid ""
1050
1099
"Using LDAP is the most robust way to sync account information, because both "
1051
1100
"domain controllers can use the same information in real time. However, "
1053
1102
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1054
1103
msgstr ""
1055
1104
1056
#: serverguide/C/windows-networking.xml:960(para)
1105
#: serverguide/C/windows-networking.xml:975(para)
1057
1106
msgid ""
1058
1107
"First, install <application>samba</application> and <application>libpam-"
1059
1108
"smbpass</application>. From a terminal enter:"
1060
1109
msgstr ""
1061
1110
1062
#: serverguide/C/windows-networking.xml:971(para)
1111
#: serverguide/C/windows-networking.xml:986(para)
1063
1112
msgid ""
1064
1113
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1065
1114
"following in the <emphasis>[global]</emphasis>:"
1066
1115
msgstr ""
1067
1116
1068
#: serverguide/C/windows-networking.xml:984(para)
1117
#: serverguide/C/windows-networking.xml:999(para)
1069
1118
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1070
1119
msgstr ""
1071
1120
1072
#: serverguide/C/windows-networking.xml:988(programlisting)
1121
#: serverguide/C/windows-networking.xml:1003(programlisting)
1073
1122
#, no-wrap
1074
1123
msgid ""
1075
1124
"\n"
1077
1126
" domain master = no\n"
1078
1127
msgstr ""
1079
1128
1080
#: serverguide/C/windows-networking.xml:996(para)
1129
#: serverguide/C/windows-networking.xml:1011(para)
1081
1130
msgid ""
1082
1131
"Make sure a user has rights to read the files in "
1083
1132
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1085
1134
"files, enter:"
1086
1135
msgstr ""
1087
1136
1088
#: serverguide/C/windows-networking.xml:1002(command)
1137
#: serverguide/C/windows-networking.xml:1017(command)
1089
1138
msgid "sudo chgrp -R admin /var/lib/samba"
1090
1139
msgstr ""
1091
1140
1092
#: serverguide/C/windows-networking.xml:1008(para)
1141
#: serverguide/C/windows-networking.xml:1023(para)
1093
1142
msgid ""
1094
1143
"Next, sync the user accounts, using <application>scp</application> to copy "
1095
1144
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1096
1145
msgstr ""
1097
1146
1098
#: serverguide/C/windows-networking.xml:1014(command)
1147
#: serverguide/C/windows-networking.xml:1029(command)
1099
1148
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1100
1149
msgstr ""
1101
1150
1102
#: serverguide/C/windows-networking.xml:1018(para)
1151
#: serverguide/C/windows-networking.xml:1033(para)
1103
1152
msgid ""
1104
1153
"Replace <emphasis>username</emphasis> with a valid username and "
1105
1154
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1106
1155
msgstr ""
1107
1156
1108
#: serverguide/C/windows-networking.xml:1027(para)
1157
#: serverguide/C/windows-networking.xml:1042(para)
1109
1158
msgid "Finally, restart <application>samba</application>:"
1110
1159
msgstr ""
1111
1160
1112
#: serverguide/C/windows-networking.xml:1038(para)
1161
#: serverguide/C/windows-networking.xml:1053(para)
1113
1162
msgid ""
1114
1163
"You can test that your Backup Domain controller is working by stopping the "
1115
1164
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1116
1165
"the domain."
1117
1166
msgstr ""
1118
1167
1119
#: serverguide/C/windows-networking.xml:1043(para)
1168
#: serverguide/C/windows-networking.xml:1058(para)
1120
1169
msgid ""
1121
1170
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1122
1171
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1125
1174
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1126
1175
msgstr ""
1127
1176
1128
#: serverguide/C/windows-networking.xml:1073(para)
1177
#: serverguide/C/windows-networking.xml:1088(para)
1129
1178
msgid ""
1130
1179
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1131
1180
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1132
1181
"up a Primary Domain Controller."
1133
1182
msgstr ""
1134
1183
1135
#: serverguide/C/windows-networking.xml:1079(para)
1184
#: serverguide/C/windows-networking.xml:1094(para)
1136
1185
msgid ""
1137
1186
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1138
1187
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1139
1188
"explains setting up a Backup Domain Controller."
1140
1189
msgstr ""
1141
1190
1142
#: serverguide/C/windows-networking.xml:1089(title)
1191
#: serverguide/C/windows-networking.xml:1109(title)
1143
1192
msgid "Samba Active Directory Integration"
1144
1193
msgstr ""
1145
1194
1146
#: serverguide/C/windows-networking.xml:1092(title)
1195
#: serverguide/C/windows-networking.xml:1112(title)
1147
1196
msgid "Accessing a Samba Share"
1148
1197
msgstr ""
1149
1198
1150
#: serverguide/C/windows-networking.xml:1094(para)
1199
#: serverguide/C/windows-networking.xml:1114(para)
1151
1200
msgid ""
1152
1201
"Another, use for Samba is to integrate into an existing Windows network. "
1153
1202
"Once part of an Active Directory domain, Samba can provide file and print "
1154
1203
"services to AD users."
1155
1204
msgstr ""
1156
1205
1157
#: serverguide/C/windows-networking.xml:1099(para)
1206
#: serverguide/C/windows-networking.xml:1119(para)
1158
1207
msgid ""
1159
1208
"The simplest way to join an AD domain is to use <application>Likewise-"
1160
1209
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1161
1210
"open\"/>."
1162
1211
msgstr ""
1163
1212
1164
#: serverguide/C/windows-networking.xml:1104(para)
1165
msgid "Once part of the domain, install the following packages:"
1213
#: serverguide/C/windows-networking.xml:1124(para)
1214
msgid ""
1215
"Once part of the domain, enter the following command in the terminal prompt:"
1166
1216
msgstr ""
1167
1217
1168
#: serverguide/C/windows-networking.xml:1109(command)
1218
#: serverguide/C/windows-networking.xml:1129(command)
1169
1219
msgid "sudo apt-get install samba smbfs smbclient"
1170
1220
msgstr ""
1171
1221
1172
#: serverguide/C/windows-networking.xml:1112(para)
1222
#: serverguide/C/windows-networking.xml:1132(para)
1173
1223
msgid ""
1174
1224
"Since the <application>likewise-open</application> and "
1175
1225
"<application>samba</application> packages use separate "
1177
1227
"<filename role=\"directory\">/var/lib/samba</filename>:"
1178
1228
msgstr ""
1179
1229
1180
#: serverguide/C/windows-networking.xml:1118(command)
1230
#: serverguide/C/windows-networking.xml:1138(command)
1181
1231
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1182
1232
msgstr ""
1183
1233
1184
#: serverguide/C/windows-networking.xml:1119(command)
1234
#: serverguide/C/windows-networking.xml:1139(command)
1185
1235
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1186
1236
msgstr ""
1187
1237
1188
#: serverguide/C/windows-networking.xml:1122(para)
1238
#: serverguide/C/windows-networking.xml:1142(para)
1189
1239
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1190
1240
msgstr ""
1191
1241
1192
#: serverguide/C/windows-networking.xml:1126(programlisting)
1242
#: serverguide/C/windows-networking.xml:1146(programlisting)
1193
1243
#, no-wrap
1194
1244
msgid ""
1195
1245
"\n"
1203
1253
" idmap gid = 50-9999999999\n"
1204
1254
msgstr ""
1205
1255
1206
#: serverguide/C/windows-networking.xml:1137(para)
1256
#: serverguide/C/windows-networking.xml:1157(para)
1207
1257
msgid ""
1208
1258
"Restart <application>samba</application> for the new settings to take effect:"
1209
1259
msgstr ""
1210
1260
1211
#: serverguide/C/windows-networking.xml:1145(para)
1261
#: serverguide/C/windows-networking.xml:1165(para)
1212
1262
msgid ""
1213
1263
"You should now be able to access any <application>Samba</application> shares "
1214
1264
"from a Windows client. However, be sure to give the appropriate AD users or "
1216
1266
"security\"/> for more details."
1217
1267
msgstr ""
1218
1268
1219
#: serverguide/C/windows-networking.xml:1153(title)
1269
#: serverguide/C/windows-networking.xml:1173(title)
1220
1270
msgid "Accessing a Windows Share"
1221
1271
msgstr ""
1222
1272
1223
#: serverguide/C/windows-networking.xml:1155(para)
1273
#: serverguide/C/windows-networking.xml:1175(para)
1224
1274
msgid ""
1225
1275
"Now that the Samba server is part of the Active Directory domain you can "
1226
1276
"access any Windows server shares:"
1227
1277
msgstr ""
1228
1278
1229
#: serverguide/C/windows-networking.xml:1162(para)
1279
#: serverguide/C/windows-networking.xml:1182(para)
1230
1280
msgid ""
1231
1281
"To mount a Windows file share enter the following in a terminal prompt:"
1232
1282
msgstr ""
1233
1283
1234
#: serverguide/C/windows-networking.xml:1166(command)
1284
#: serverguide/C/windows-networking.xml:1186(command)
1235
1285
msgid "mount.cifs //fs01.example.com/share mount_point"
1236
1286
msgstr ""
1237
1287
1238
#: serverguide/C/windows-networking.xml:1169(para)
1288
#: serverguide/C/windows-networking.xml:1189(para)
1239
1289
msgid ""
1240
1290
"It is also possible to access shares on computers not part of an AD domain, "
1241
1291
"but a username and password will need to be provided."
1242
1292
msgstr ""
1243
1293
1244
#: serverguide/C/windows-networking.xml:1177(para)
1294
#: serverguide/C/windows-networking.xml:1197(para)
1245
1295
msgid ""
1246
1296
"To mount the share during boot place an entry in "
1247
1297
"<filename>/etc/fstab</filename>, for example:"
1248
1298
msgstr ""
1249
1299
1250
#: serverguide/C/windows-networking.xml:1181(programlisting)
1300
#: serverguide/C/windows-networking.xml:1201(programlisting)
1251
1301
#, no-wrap
1252
1302
msgid ""
1253
1303
"\n"
1255
1305
"0 0\n"
1256
1306
msgstr ""
1257
1307
1258
#: serverguide/C/windows-networking.xml:1188(para)
1308
#: serverguide/C/windows-networking.xml:1208(para)
1259
1309
msgid ""
1260
1310
"Another way to copy files from a Windows server is to use the "
1261
1311
"<application>smbclient</application> utility. To list the files in a Windows "
1262
1312
"share:"
1263
1313
msgstr ""
1264
1314
1265
#: serverguide/C/windows-networking.xml:1194(command)
1315
#: serverguide/C/windows-networking.xml:1214(command)
1266
1316
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1267
1317
msgstr ""
1268
1318
1269
#: serverguide/C/windows-networking.xml:1200(para)
1319
#: serverguide/C/windows-networking.xml:1220(para)
1270
1320
msgid "To copy a file from the share, enter:"
1271
1321
msgstr ""
1272
1322
1273
#: serverguide/C/windows-networking.xml:1205(command)
1323
#: serverguide/C/windows-networking.xml:1225(command)
1274
1324
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1275
1325
msgstr ""
1276
1326
1277
#: serverguide/C/windows-networking.xml:1208(para)
1327
#: serverguide/C/windows-networking.xml:1228(para)
1278
1328
msgid ""
1279
1329
"This will copy the <filename>file.txt</filename> into the current directory."
1280
1330
msgstr ""
1281
1331
1282
#: serverguide/C/windows-networking.xml:1215(para)
1332
#: serverguide/C/windows-networking.xml:1235(para)
1283
1333
msgid "And to copy a file to the share:"
1284
1334
msgstr ""
1285
1335
1286
#: serverguide/C/windows-networking.xml:1220(command)
1336
#: serverguide/C/windows-networking.xml:1240(command)
1287
1337
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1288
1338
msgstr ""
1289
1339
1290
#: serverguide/C/windows-networking.xml:1223(para)
1340
#: serverguide/C/windows-networking.xml:1243(para)
1291
1341
msgid ""
1292
1342
"This will copy the <filename>/etc/hosts</filename> to "
1293
1343
"<filename>//fs01.example.com/share/hosts</filename>."
1294
1344
msgstr ""
1295
1345
1296
#: serverguide/C/windows-networking.xml:1230(para)
1346
#: serverguide/C/windows-networking.xml:1250(para)
1297
1347
msgid ""
1298
1348
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1299
1349
"<application>smbclient</application> command all at once. This is useful for "
1302
1352
"and directory commands, simply execute:"
1303
1353
msgstr ""
1304
1354
1305
#: serverguide/C/windows-networking.xml:1237(command)
1355
#: serverguide/C/windows-networking.xml:1257(command)
1306
1356
msgid "smbclient //fs01.example.com/share -k"
1307
1357
msgstr ""
1308
1358
1309
#: serverguide/C/windows-networking.xml:1244(para)
1359
#: serverguide/C/windows-networking.xml:1264(para)
1310
1360
msgid ""
1311
1361
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1312
1362
"<emphasis>//192.168.0.5/share</emphasis>, "
1315
1365
"file name, and an actual username and password with rights to the share."
1316
1366
msgstr ""
1317
1367
1318
#: serverguide/C/windows-networking.xml:1255(para)
1368
#: serverguide/C/windows-networking.xml:1275(para)
1319
1369
msgid ""
1320
1370
"For more <application>smbclient</application> options see the man page: "
1321
1371
"<command>man smbclient</command>, also available <ulink "
1322
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1323
"nline</ulink>."
1372
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/smbclient.1.html\">on"
1373
"line</ulink>."
1324
1374
msgstr ""
1325
1375
1326
#: serverguide/C/windows-networking.xml:1260(para)
1376
#: serverguide/C/windows-networking.xml:1280(para)
1327
1377
msgid ""
1328
1378
"The <application>mount.cifs</application><ulink "
1329
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1330
"man page</ulink> is also useful for more detailed information."
1379
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/mount.cifs.8.html\">m"
1380
"an page</ulink> is also useful for more detailed information."
1331
1381
msgstr ""
1332
1382
1333
#: serverguide/C/windows-networking.xml:1270(title)
1383
#: serverguide/C/windows-networking.xml:1293(title)
1334
1384
msgid "Likewise Open"
1335
1385
msgstr ""
1336
1386
1337
#: serverguide/C/windows-networking.xml:1272(para)
1387
#: serverguide/C/windows-networking.xml:1295(para)
1338
1388
msgid ""
1339
1389
"<application>Likewise Open</application> simplifies the necessary "
1340
1390
"configuration needed to authenticate a Linux machine to an Active Directory "
1348
1398
"bygger på <application>winbind</application>, og tar seg av arbeidet med å "
1349
1399
"få Ubuntu integrért i et Windows-nettverk."
1350
1400
1351
#: serverguide/C/windows-networking.xml:1281(para)
1401
#: serverguide/C/windows-networking.xml:1304(para)
1352
1402
msgid ""
1353
1403
"There are two ways to use Likewise Open, <application>likewise-"
1354
1404
"open</application> the command line utility and <application>likewise-open-"
1358
1408
"<application>likewise-open</application> og programmet <application>likewise-"
1359
1409
"open-gui</application>. Dette avsnittet tar for seg kommandolinjeverktøyet."
1360
1410
1361
#: serverguide/C/windows-networking.xml:1286(para)
1411
#: serverguide/C/windows-networking.xml:1309(para)
1362
1412
msgid ""
1363
1413
"To install the <application>likewise-open</application> package, open a "
1364
1414
"terminal prompt and enter:"
1366
1416
"For å installére <application>likewise-open</application>-pakken, skriv "
1367
1417
"følgende i et terminal-vindu:"
1368
1418
1369
#: serverguide/C/windows-networking.xml:1291(command)
1419
#: serverguide/C/windows-networking.xml:1314(command)
1370
1420
msgid "sudo apt-get install likewise-open"
1371
1421
msgstr "sudo apt-get install likewise-open"
1372
1422
1373
#: serverguide/C/windows-networking.xml:1294(para)
1374
msgid ""
1375
"With Ubuntu 9.04 <application>Likewise Open 5.0</application> is available "
1376
"in the <emphasis>Universe</emphasis> repository. However, since upgrading "
1377
"from <application>Likewise Open 4.1</application> currently requires the "
1378
"system to leave the domain and re-join, a separate package for version five "
1379
"was created."
1380
msgstr ""
1381
1382
#: serverguide/C/windows-networking.xml:1300(para)
1383
msgid "To install <application>Likewise Open 5.0</application> enter:"
1384
msgstr ""
1385
1386
#: serverguide/C/windows-networking.xml:1305(command)
1387
msgid "sudo apt-get install likewise-open5"
1388
msgstr ""
1389
1390
#: serverguide/C/windows-networking.xml:1309(para)
1391
msgid ""
1392
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1393
"will replace it. You will have to rejoin the domain after install."
1394
msgstr ""
1395
1396
#: serverguide/C/windows-networking.xml:1317(title)
1423
#: serverguide/C/windows-networking.xml:1319(title)
1397
1424
msgid "Joining a Domain"
1398
1425
msgstr "Koble til et domene"
1399
1426
1400
#: serverguide/C/windows-networking.xml:1319(para)
1427
#: serverguide/C/windows-networking.xml:1321(para)
1401
1428
msgid ""
1402
1429
"The main executable file of the <application>likewise-open</application> "
1403
1430
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1405
1432
"make sure you have:"
1406
1433
msgstr ""
1407
1434
1408
#: serverguide/C/windows-networking.xml:1327(para)
1435
#: serverguide/C/windows-networking.xml:1329(para)
1409
1436
msgid ""
1410
1437
"Access to an Active Directory user with appropriate rights to join the "
1411
1438
"domain."
1412
1439
msgstr ""
1413
1440
1414
#: serverguide/C/windows-networking.xml:1332(para)
1441
#: serverguide/C/windows-networking.xml:1334(para)
1415
1442
msgid ""
1416
1443
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1417
1444
"you want to join. If your AD domain does not match a valid domain such as "
1419
1446
"the form of <emphasis>domainname.local</emphasis>."
1420
1447
msgstr ""
1421
1448
1422
#: serverguide/C/windows-networking.xml:1339(para)
1449
#: serverguide/C/windows-networking.xml:1341(para)
1423
1450
msgid ""
1424
1451
"DNS for the domain setup properly. In a production AD environment this "
1425
1452
"should be the case. Proper Microsoft DNS is needed so that client "
1426
1453
"workstations can determine the Active Directory domain is available."
1427
1454
msgstr ""
1428
1455
1429
#: serverguide/C/windows-networking.xml:1343(para)
1456
#: serverguide/C/windows-networking.xml:1345(para)
1430
1457
msgid ""
1431
1458
"If you don't have a Windows DNS server on your network, see <xref "
1432
1459
"linkend=\"likewise-open-ms-dns\"/> for details."
1433
1460
msgstr ""
1434
1461
1435
#: serverguide/C/windows-networking.xml:1350(para)
1462
#: serverguide/C/windows-networking.xml:1352(para)
1436
1463
msgid "To join a domain, from a terminal prompt enter:"
1437
1464
msgstr "For å slutte seg til et domene, skriv følgende i kommandolinje:"
1438
1465
1439
#: serverguide/C/windows-networking.xml:1355(command)
1466
#: serverguide/C/windows-networking.xml:1357(command)
1440
1467
msgid "sudo domainjoin-cli join example.com Administrator"
1441
1468
msgstr ""
1442
1469
1443
#: serverguide/C/windows-networking.xml:1359(para)
1470
#: serverguide/C/windows-networking.xml:1361(para)
1444
1471
msgid ""
1445
1472
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1446
1473
"<emphasis>Administrator</emphasis> with the appropriate user name."
1447
1474
msgstr ""
1448
1475
1449
#: serverguide/C/windows-networking.xml:1365(para)
1476
#: serverguide/C/windows-networking.xml:1367(para)
1450
1477
msgid ""
1451
1478
"You will then be prompted for the user's password. If all goes well a "
1452
1479
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1454
1481
"Du vil bli spurt om brukerens passord. Om alt går bra vil en "
1455
1482
"<emphasis>SUCCESS</emphasis>-melding dukke opp i terminalen."
1456
1483
1457
#: serverguide/C/windows-networking.xml:1371(para)
1484
#: serverguide/C/windows-networking.xml:1373(para)
1458
1485
msgid ""
1459
1486
"After joining the domain, it is necessary to reboot before attempting to "
1460
1487
"authenticate against the domain."
1461
1488
msgstr ""
1462
1489
1463
#: serverguide/C/windows-networking.xml:1377(para)
1490
#: serverguide/C/windows-networking.xml:1379(para)
1464
1491
msgid ""
1465
1492
"After successfully joining an Ubuntu machine to an Active Directory domain "
1466
1493
"you can authenticate using any valid AD user. To login you will need to "
1468
1495
"joined to the domain enter:"
1469
1496
msgstr ""
1470
1497
1471
#: serverguide/C/windows-networking.xml:1384(command)
1498
#: serverguide/C/windows-networking.xml:1386(command)
1472
1499
msgid "ssh 'example\\steve'@hostname"
1473
1500
msgstr ""
1474
1501
1475
#: serverguide/C/windows-networking.xml:1388(para)
1502
#: serverguide/C/windows-networking.xml:1390(para)
1476
1503
msgid ""
1477
1504
"If configuring a Desktop the user name will need to be prefixed with "
1478
1505
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1479
1506
msgstr ""
1480
1507
1481
#: serverguide/C/windows-networking.xml:1394(para)
1508
#: serverguide/C/windows-networking.xml:1396(para)
1482
1509
msgid ""
1483
1510
"To make likewise-open use a default domain, you can add the following "
1484
1511
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1485
1512
msgstr ""
1486
1513
1487
#: serverguide/C/windows-networking.xml:1398(programlisting)
1514
#: serverguide/C/windows-networking.xml:1400(programlisting)
1488
1515
#, no-wrap
1489
1516
msgid ""
1490
1517
"\n"
1491
1518
"winbind use default domain = yes\n"
1492
1519
msgstr ""
1493
1520
1494
#: serverguide/C/windows-networking.xml:1402(para)
1521
#: serverguide/C/windows-networking.xml:1404(para)
1495
1522
msgid "Then restart the <application>likewise-open</application> daemons:"
1496
1523
msgstr ""
1497
1524
1498
#: serverguide/C/windows-networking.xml:1407(command)
1525
#: serverguide/C/windows-networking.xml:1409(command)
1499
1526
msgid "sudo /etc/init.d/likewise-open restart"
1500
1527
msgstr ""
1501
1528
1502
#: serverguide/C/windows-networking.xml:1411(para)
1529
#: serverguide/C/windows-networking.xml:1413(para)
1503
1530
msgid ""
1504
1531
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1505
1532
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1506
1533
"using only their username."
1507
1534
msgstr ""
1508
1535
1509
#: serverguide/C/windows-networking.xml:1417(para)
1536
#: serverguide/C/windows-networking.xml:1419(para)
1510
1537
msgid ""
1511
1538
"The <application>domainjoin-cli</application> utility can also be used to "
1512
1539
"leave the domain. From a terminal:"
1514
1541
"<application>domainjoin-cli</application>-verktøyet kan også brukes til å "
1515
1542
"forlate et domene. I en terminal:"
1516
1543
1517
#: serverguide/C/windows-networking.xml:1422(command)
1544
#: serverguide/C/windows-networking.xml:1424(command)
1518
1545
msgid "sudo domainjoin-cli leave"
1519
1546
msgstr "sudo domainjoin-cli leave"
1520
1547
1521
#: serverguide/C/windows-networking.xml:1427(title) serverguide/C/security.xml:1830(title)
1548
#: serverguide/C/windows-networking.xml:1429(title) serverguide/C/security.xml:1777(title)
1522
1549
msgid "Other Utilities"
1523
1550
msgstr "Andre verktøy"
1524
1551
1525
#: serverguide/C/windows-networking.xml:1429(para)
1552
#: serverguide/C/windows-networking.xml:1431(para)
1526
1553
msgid ""
1527
1554
"The <application>likewise-open</application> package comes with a few other "
1528
1555
"utilities that may be useful for gathering information about the Active "
1531
1558
"common</application> and <application>winbind</application> packages:"
1532
1559
msgstr ""
1533
1560
1534
#: serverguide/C/windows-networking.xml:1438(para)
1561
#: serverguide/C/windows-networking.xml:1440(para)
1535
1562
msgid ""
1536
1563
"<application>lwinet</application>: Returns information about the network and "
1537
1564
"the domain."
1538
1565
msgstr ""
1539
1566
"<application>lwinet</application>: Viser informasjon om nettverk og domene."
1540
1567
1541
#: serverguide/C/windows-networking.xml:1443(para)
1568
#: serverguide/C/windows-networking.xml:1445(para)
1542
1569
msgid ""
1543
1570
"<application>lwimsg</application>: Allows interaction with the "
1544
1571
"<application>likewise-winbindd</application> daemon."
1545
1572
msgstr ""
1546
1573
1547
#: serverguide/C/windows-networking.xml:1448(para)
1574
#: serverguide/C/windows-networking.xml:1450(para)
1548
1575
msgid ""
1549
1576
"<application>lwiinfo</application>: Displays information about various parts "
1550
1577
"of the Domain."
1551
1578
msgstr ""
1552
1579
1553
#: serverguide/C/windows-networking.xml:1454(para)
1580
#: serverguide/C/windows-networking.xml:1456(para)
1554
1581
msgid "Please refer to each utility's man page specific for details."
1555
1582
msgstr ""
1556
1583
1557
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:336(title) serverguide/C/mail.xml:1563(title) serverguide/C/dns.xml:338(title)
1584
#: serverguide/C/windows-networking.xml:1462(title) serverguide/C/mail.xml:351(title) serverguide/C/mail.xml:1598(title) serverguide/C/dns.xml:338(title)
1558
1585
msgid "Troubleshooting"
1559
msgstr ""
1586
msgstr "Feilsøking"
1560
1587
1561
#: serverguide/C/windows-networking.xml:1464(para)
1588
#: serverguide/C/windows-networking.xml:1466(para)
1562
1589
msgid ""
1563
1590
"If the client has trouble joining the domain, double check that the "
1564
1591
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1565
1592
"example:"
1566
1593
msgstr ""
1567
1594
1568
#: serverguide/C/windows-networking.xml:1469(programlisting)
1595
#: serverguide/C/windows-networking.xml:1471(programlisting)
1569
1596
#, no-wrap
1570
1597
msgid ""
1571
1598
"\n"
1572
1599
"nameserver 192.168.0.1\n"
1573
1600
msgstr ""
1574
1601
1575
#: serverguide/C/windows-networking.xml:1474(para)
1602
#: serverguide/C/windows-networking.xml:1476(para)
1576
1603
msgid ""
1577
1604
"For more information when joining a domain, use the <emphasis>--loglevel "
1578
1605
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1579
1606
"<application>domainjoin-cli</application> utility:"
1580
1607
msgstr ""
1581
1608
1582
#: serverguide/C/windows-networking.xml:1480(command)
1609
#: serverguide/C/windows-networking.xml:1482(command)
1583
1610
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1584
1611
msgstr ""
1585
1612
1586
#: serverguide/C/windows-networking.xml:1484(para)
1613
#: serverguide/C/windows-networking.xml:1486(para)
1587
1614
msgid ""
1588
1615
"If an Active Directory user has trouble logging in, check the "
1589
1616
"<filename>/var/log/auth.log</filename> for details."
1590
1617
msgstr ""
1591
1618
1592
#: serverguide/C/windows-networking.xml:1489(para)
1619
#: serverguide/C/windows-networking.xml:1491(para)
1593
1620
msgid ""
1594
1621
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1595
1622
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1596
1623
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1597
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1598
"option. For example:"
1624
"<emphasis>\"mdns4\"</emphasis> entry should be removed from the "
1625
"<emphasis>hosts</emphasis> option. For example:"
1599
1626
msgstr ""
1600
1627
1601
#: serverguide/C/windows-networking.xml:1495(programlisting)
1628
#: serverguide/C/windows-networking.xml:1497(programlisting)
1602
1629
#, no-wrap
1603
1630
msgid ""
1604
1631
"\n"
1605
1632
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1606
1633
msgstr ""
1607
1634
1608
#: serverguide/C/windows-networking.xml:1499(para)
1635
#: serverguide/C/windows-networking.xml:1501(para)
1609
1636
msgid "Change the above to:"
1610
1637
msgstr ""
1611
1638
1612
#: serverguide/C/windows-networking.xml:1503(programlisting)
1639
#: serverguide/C/windows-networking.xml:1505(programlisting)
1613
1640
#, no-wrap
1614
1641
msgid ""
1615
1642
"\n"
1616
1643
"hosts: files dns [NOTFOUND=return]\n"
1617
1644
msgstr ""
1618
1645
1619
#: serverguide/C/windows-networking.xml:1507(para)
1646
#: serverguide/C/windows-networking.xml:1509(para)
1620
1647
msgid "Then restart networking by entering:"
1621
1648
msgstr ""
1622
1649
1623
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1650
#: serverguide/C/windows-networking.xml:1514(command) serverguide/C/network-config.xml:559(command)
1624
1651
msgid "sudo /etc/init.d/networking restart"
1625
1652
msgstr ""
1626
1653
1627
#: serverguide/C/windows-networking.xml:1515(para)
1654
#: serverguide/C/windows-networking.xml:1517(para)
1628
1655
msgid "You should now be able to join the Active Directory domain."
1629
1656
msgstr ""
1630
1657
1631
#: serverguide/C/windows-networking.xml:1523(title)
1658
#: serverguide/C/windows-networking.xml:1525(title)
1632
1659
msgid "Microsoft DNS"
1633
1660
msgstr ""
1634
1661
1635
#: serverguide/C/windows-networking.xml:1525(para)
1662
#: serverguide/C/windows-networking.xml:1527(para)
1636
1663
msgid ""
1637
1664
"The following are instructions for installing DNS on an Active Directory "
1638
1665
"domain controller running Windows Server 2003, but the instructions should "
1639
1666
"be similar for other versions:"
1640
1667
msgstr ""
1641
1668
1642
#: serverguide/C/windows-networking.xml:1532(para)
1669
#: serverguide/C/windows-networking.xml:1536(para)
1643
1670
msgid ""
1644
1671
"Click "
1645
1672
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1646
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1673
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1647
1674
"This will open the <application>Server Role Mangement</application> utility."
1648
1675
msgstr ""
1649
1676
1650
#: serverguide/C/windows-networking.xml:1540(para)
1651
msgid "Click Add or remove a role"
1677
#: serverguide/C/windows-networking.xml:1544(para)
1678
msgid "Click <guilabel>Add or remove a role</guilabel>"
1652
1679
msgstr ""
1653
1680
1654
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1681
#: serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1547(para) serverguide/C/windows-networking.xml:1550(para)
1655
1682
msgid "Click Next"
1656
msgstr ""
1683
msgstr "Trykk neste"
1657
1684
1658
#: serverguide/C/windows-networking.xml:1542(para)
1685
#: serverguide/C/windows-networking.xml:1546(para)
1659
1686
msgid "Select \"DNS Server\""
1660
1687
msgstr ""
1661
1688
1662
#: serverguide/C/windows-networking.xml:1544(para)
1663
msgid "Next"
1689
#: serverguide/C/windows-networking.xml:1548(para)
1690
msgid "Click Next again to proceed"
1664
1691
msgstr ""
1665
1692
1666
#: serverguide/C/windows-networking.xml:1545(para)
1693
#: serverguide/C/windows-networking.xml:1549(para)
1667
1694
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1668
1695
msgstr ""
1669
1696
1670
#: serverguide/C/windows-networking.xml:1547(para)
1697
#: serverguide/C/windows-networking.xml:1551(para)
1671
1698
msgid ""
1672
1699
"Make sure \"This server maintains the zone\" is selected and click Next."
1673
1700
msgstr ""
1674
1701
1675
#: serverguide/C/windows-networking.xml:1548(para)
1702
#: serverguide/C/windows-networking.xml:1552(para)
1676
1703
msgid "Enter your domain name and click Next"
1677
msgstr ""
1704
msgstr "Fyll inn domenenavnet ditt og trykk neste"
1678
1705
1679
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1706
#: serverguide/C/windows-networking.xml:1553(para)
1680
1707
msgid "Click Next to \"Allow only secure dynamic updates\""
1681
1708
msgstr ""
1682
1709
1683
#: serverguide/C/windows-networking.xml:1552(para)
1710
#: serverguide/C/windows-networking.xml:1555(para)
1684
1711
msgid ""
1685
1712
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1686
1713
"should not forward queries\" and click Next."
1687
1714
msgstr ""
1688
1715
1689
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1716
#: serverguide/C/windows-networking.xml:1559(para) serverguide/C/windows-networking.xml:1560(para)
1690
1717
msgid "Click Finish"
1691
msgstr ""
1718
msgstr "Trykk fullfør"
1692
1719
1693
#: serverguide/C/windows-networking.xml:1559(para)
1720
#: serverguide/C/windows-networking.xml:1562(para)
1694
1721
msgid ""
1695
1722
"DNS is now installed and can be further configured using the "
1696
1723
"<application>Microsoft Management Console</application> DNS snap-in."
1697
1724
msgstr ""
1698
1725
1699
#: serverguide/C/windows-networking.xml:1567(para)
1726
#: serverguide/C/windows-networking.xml:1570(para)
1700
1727
msgid "Click Start"
1701
1728
msgstr ""
1702
1729
1703
#: serverguide/C/windows-networking.xml:1568(para)
1730
#: serverguide/C/windows-networking.xml:1571(para)
1704
1731
msgid "Control Panel"
1705
msgstr ""
1732
msgstr "Kontrollpanel"
1706
1733
1707
#: serverguide/C/windows-networking.xml:1569(para)
1734
#: serverguide/C/windows-networking.xml:1572(para)
1708
1735
msgid "Network Connections"
1709
1736
msgstr ""
1710
1737
1711
#: serverguide/C/windows-networking.xml:1570(para)
1738
#: serverguide/C/windows-networking.xml:1573(para)
1712
1739
msgid "Right Click \"Local Area Connection\""
1713
1740
msgstr ""
1714
1741
1715
#: serverguide/C/windows-networking.xml:1571(para)
1742
#: serverguide/C/windows-networking.xml:1574(para)
1716
1743
msgid "Click Properties"
1717
1744
msgstr ""
1718
1745
1719
#: serverguide/C/windows-networking.xml:1572(para)
1746
#: serverguide/C/windows-networking.xml:1575(para)
1720
1747
msgid "Double click \"Internet Protocol (TCP/IP)\""
1721
1748
msgstr ""
1722
1749
1723
#: serverguide/C/windows-networking.xml:1573(para)
1750
#: serverguide/C/windows-networking.xml:1576(para)
1724
1751
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1725
1752
msgstr ""
1726
1753
1727
#: serverguide/C/windows-networking.xml:1574(para)
1754
#: serverguide/C/windows-networking.xml:1577(para)
1728
1755
msgid "Click Ok"
1729
1756
msgstr ""
1730
1757
1731
#: serverguide/C/windows-networking.xml:1575(para)
1758
#: serverguide/C/windows-networking.xml:1578(para)
1732
1759
msgid "Click Ok again to save the settings"
1733
1760
msgstr ""
1734
1761
1735
#: serverguide/C/windows-networking.xml:1564(para)
1762
#: serverguide/C/windows-networking.xml:1567(para)
1736
1763
msgid ""
1737
1764
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1738
1765
msgstr ""
1739
1766
1740
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1767
#: serverguide/C/windows-networking.xml:1585(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:772(title) serverguide/C/web-servers.xml:922(title) serverguide/C/web-servers.xml:1017(title) serverguide/C/web-servers.xml:1239(title) serverguide/C/vpn.xml:303(title) serverguide/C/virtualization.xml:1840(title) serverguide/C/virtualization.xml:2165(title) serverguide/C/vcs.xml:539(title) serverguide/C/security.xml:877(title) serverguide/C/security.xml:1211(title) serverguide/C/security.xml:1626(title) serverguide/C/security.xml:1817(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:454(title) serverguide/C/other-apps.xml:330(title) serverguide/C/network-config.xml:1006(title) serverguide/C/network-config.xml:1107(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:527(title) serverguide/C/mail.xml:459(title) serverguide/C/mail.xml:643(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1217(title) serverguide/C/mail.xml:1646(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:388(title) serverguide/C/lamp-applications.xml:496(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:436(title) serverguide/C/file-server.xml:619(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:221(title) serverguide/C/backups.xml:297(title)
1741
1768
msgid "References"
1742
1769
msgstr "Referanser"
1743
1770
1744
#: serverguide/C/windows-networking.xml:1584(para)
1771
#: serverguide/C/windows-networking.xml:1587(para)
1745
1772
msgid ""
1746
1773
"Please refer to the <ulink "
1747
1774
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1748
1775
"further information."
1749
1776
msgstr ""
1750
1777
1751
#: serverguide/C/windows-networking.xml:1588(para)
1778
#: serverguide/C/windows-networking.xml:1591(para)
1752
1779
msgid ""
1753
1780
"For more <application>domainjoin-cli</application> options see the man page: "
1754
1781
"<command>man domainjoin-cli</command>."
1755
1782
msgstr ""
1756
1783
1784
#: serverguide/C/windows-networking.xml:1595(para)
1785
msgid ""
1786
"Also, see the <ulink "
1787
"url=\"https://help.ubuntu.com/community/LikewiseOpen\">Ubuntu Wiki "
1788
"LikewiseOpen</ulink> page."
1789
msgstr ""
1790
1757
1791
#: serverguide/C/web-servers.xml:13(title)
1758
1792
msgid "Web Servers"
1759
1793
msgstr ""
1811
1845
1812
1846
#: serverguide/C/web-servers.xml:42(para)
1813
1847
msgid ""
1814
"The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
1848
"The <application>Apache2</application> web server is available in Ubuntu "
1849
"Linux. To install Apache2:"
1815
1850
msgstr ""
1816
1851
1817
1852
#: serverguide/C/web-servers.xml:48(para)
1825
1860
#: serverguide/C/web-servers.xml:63(para)
1826
1861
msgid ""
1827
1862
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1828
"text configuration files. The configuration files are separated between the "
1829
"following files and directories:"
1863
"text configuration files. These <emphasis>directives</emphasis> are "
1864
"separated between the following files and directories:"
1830
1865
msgstr ""
1831
1866
1832
1867
#: serverguide/C/web-servers.xml:71(para)
1838
1873
#: serverguide/C/web-servers.xml:77(para)
1839
1874
msgid ""
1840
1875
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1841
"<emphasis>globally</emphasis> to Apache. Other packages that use Apache2 to "
1876
"<emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to "
1842
1877
"serve content may add files, or symlinks, to this directory."
1843
1878
msgstr ""
1844
1879
1880
1915
#: serverguide/C/web-servers.xml:113(para)
1881
1916
msgid ""
1882
1917
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1883
"for Apache <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1918
"for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1884
1919
"to be configured for multiple sites that have separate configurations."
1885
1920
msgstr ""
1886
1921
1889
1924
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1890
1925
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1891
1926
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1892
"a configuration file in sites-available is symlinked it will be active once "
1893
"Apache is restarted."
1927
"a configuration file in sites-available is symlinked, the site configured by "
1928
"it will be active once Apache2 is restarted."
1894
1929
msgstr ""
1895
1930
1896
1931
#: serverguide/C/web-servers.xml:127(para)
2020
2055
2021
2056
#: serverguide/C/web-servers.xml:242(para)
2022
2057
msgid ""
2023
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache "
2058
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 "
2024
2059
"should look for the files that make up the site. The default value is "
2025
2060
"/var/www. No site is configured there, but if you uncomment the "
2026
2061
"<emphasis>RedirectMatch</emphasis> directive in "
2040
2075
#: serverguide/C/web-servers.xml:260(para)
2041
2076
msgid ""
2042
2077
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2043
"<application>a2ensite</application> utility and restart Apache:"
2078
"<application>a2ensite</application> utility and restart Apache2:"
2044
2079
msgstr ""
2045
2080
2046
2081
#: serverguide/C/web-servers.xml:266(command)
2047
2082
msgid "sudo a2ensite mynewsite"
2048
2083
msgstr ""
2049
2084
2050
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:904(command) serverguide/C/lamp-applications.xml:228(command)
2085
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:932(command) serverguide/C/lamp-applications.xml:228(command)
2051
2086
msgid "sudo /etc/init.d/apache2 restart"
2052
2087
msgstr "sudo /etc/init.d/apache2 restart"
2053
2088
2096
2131
"does not and the Indexes option is specified, or a Permission Denied page if "
2097
2132
"neither is true. The server will try to find one of the files listed in the "
2098
2133
"DirectoryIndex directive and will return the first one it finds. If it does "
2099
"not find any of these files and if Options Indexes is set for that "
2100
"directory, the server will generate and return a list, in HTML format, of "
2101
"the subdirectories and files in the directory. The default value, found in "
2102
"<filename>/etc/apache2/apache2.conf</filename> is \" index.html index.cgi "
2103
"index.pl index.php index.xhtml\". Thus, if Apache2 finds a file in a "
2104
"requested directory matching any of these names, the first will be displayed."
2134
"not find any of these files and if <emphasis>Options Indexes</emphasis> is "
2135
"set for that directory, the server will generate and return a list, in HTML "
2136
"format, of the subdirectories and files in the directory. The default value, "
2137
"found in <filename>/etc/apache2/mods-available/dir.conf</filename> is "
2138
"\"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if "
2139
"Apache2 finds a file in a requested directory matching any of these names, "
2140
"the first will be displayed."
2105
2141
msgstr ""
2106
2142
2107
2143
#: serverguide/C/web-servers.xml:332(para)
2108
2144
msgid ""
2109
2145
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2110
"file for Apache to use for specific error events. For example, if a user "
2146
"file for Apache2 to use for specific error events. For example, if a user "
2111
2147
"requests a resource that does not exist, a 404 error will occur, and per "
2112
2148
"Apache2's default configuration, the file "
2113
2149
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2277
2313
msgstr ""
2278
2314
2279
2315
#: serverguide/C/web-servers.xml:496(title)
2280
msgid "Apache Modules"
2316
msgid "Apache2 Modules"
2281
2317
msgstr ""
2282
2318
2283
2319
#: serverguide/C/web-servers.xml:498(para)
2284
2320
msgid ""
2285
"Apache is a modular server. This implies that only the most basic "
2321
"Apache2 is a modular server. This implies that only the most basic "
2286
2322
"functionality is included in the core server. Extended features are "
2287
"available through modules which can be loaded into Apache. By default, a "
2323
"available through modules which can be loaded into Apache2. By default, a "
2288
2324
"base set of modules is included in the server at compile-time. If the server "
2289
2325
"is compiled to use dynamically loaded modules, then modules can be compiled "
2290
2326
"separately, and added at any time using the LoadModule directive. Otherwise, "
2291
"Apache must be recompiled to add or remove modules."
2327
"Apache2 must be recompiled to add or remove modules."
2292
2328
msgstr ""
2293
2329
2294
2330
#: serverguide/C/web-servers.xml:510(para)
2362
2398
msgid ""
2363
2399
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2364
2400
"available/default-ssl</filename>. In order for "
2365
"<application>Apache</application> to provide HTTPS, a "
2401
"<application>Apache2</application> to provide HTTPS, a "
2366
2402
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2367
2403
"needed. The default HTTPS configuration will use a certificate and key "
2368
2404
"generated by the <application>ssl-cert</application> package. They are good "
2374
2410
2375
2411
#: serverguide/C/web-servers.xml:584(para)
2376
2412
msgid ""
2377
"To configure <application>Apache</application> for HTTPS, enter the "
2413
"To configure <application>Apache2</application> for HTTPS, enter the "
2378
2414
"following:"
2379
2415
msgstr ""
2380
2416
2393
2429
2394
2430
#: serverguide/C/web-servers.xml:600(para)
2395
2431
msgid ""
2396
"With Apache now configured for HTTPS, restart the service to enable the new "
2432
"With Apache2 now configured for HTTPS, restart the service to enable the new "
2397
2433
"settings:"
2398
2434
msgstr ""
2399
2435
2400
2436
#: serverguide/C/web-servers.xml:611(para)
2401
2437
msgid ""
2402
2438
"Depending on how you obtained your certificate you may need to enter a "
2403
"passphrase when <application>Apache</application> starts."
2439
"passphrase when <application>Apache2</application> starts."
2404
2440
msgstr ""
2405
2441
2406
2442
#: serverguide/C/web-servers.xml:617(para)
2437
2473
"url=\"http://freenode.net/\">freenode.net</ulink>."
2438
2474
msgstr ""
2439
2475
2440
#: serverguide/C/web-servers.xml:658(title)
2476
#: serverguide/C/web-servers.xml:653(para)
2477
msgid ""
2478
"Usually integrated with PHP and MySQL the <ulink "
2479
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2480
"Ubuntu Wiki </ulink> page is a good resource."
2481
msgstr ""
2482
2483
#: serverguide/C/web-servers.xml:664(title)
2441
2484
msgid "PHP5 - Scripting Language"
2442
2485
msgstr ""
2443
2486
2444
#: serverguide/C/web-servers.xml:659(para)
2487
#: serverguide/C/web-servers.xml:665(para)
2445
2488
msgid ""
2446
2489
"PHP is a general-purpose scripting language suited for Web development. The "
2447
2490
"PHP script can be embedded into HTML. This section explains how to install "
2448
2491
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2449
2492
msgstr ""
2450
2493
2451
#: serverguide/C/web-servers.xml:663(para)
2494
#: serverguide/C/web-servers.xml:669(para)
2452
2495
msgid ""
2453
"This section assumes you have installed and configured Apache 2 Web Server "
2454
"and MySQL Database Server. You can refer to Apache 2 section and MySQL "
2455
"sections in this document to install and configure Apache 2 and MySQL "
2496
"This section assumes you have installed and configured Apache2 Web Server "
2497
"and MySQL Database Server. You can refer to Apache2 section and MySQL "
2498
"sections in this document to install and configure Apache2 and MySQL "
2456
2499
"respectively."
2457
2500
msgstr ""
2458
2501
2459
#: serverguide/C/web-servers.xml:670(para)
2502
#: serverguide/C/web-servers.xml:676(para)
2460
2503
msgid "The PHP5 is available in Ubuntu Linux."
2461
2504
msgstr ""
2462
2505
2463
#: serverguide/C/web-servers.xml:672(para)
2506
#: serverguide/C/web-servers.xml:678(para)
2464
2507
msgid ""
2465
2508
"To install PHP5 you can enter the following command in the terminal prompt: "
2466
2509
"<screen>\n"
2468
2511
"</screen>"
2469
2512
msgstr ""
2470
2513
2471
#: serverguide/C/web-servers.xml:681(para)
2514
#: serverguide/C/web-servers.xml:687(para)
2472
2515
msgid ""
2473
2516
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2474
2517
"line you should install <application>php5-cli</application> package. To "
2478
2521
"</screen>"
2479
2522
msgstr ""
2480
2523
2481
#: serverguide/C/web-servers.xml:690(para)
2524
#: serverguide/C/web-servers.xml:696(para)
2482
2525
msgid ""
2483
2526
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2484
2527
"accomplish this, you should install <application>php5-cgi</application> "
2488
2531
"</screen>"
2489
2532
msgstr ""
2490
2533
2491
#: serverguide/C/web-servers.xml:700(para)
2534
#: serverguide/C/web-servers.xml:706(para)
2492
2535
msgid ""
2493
2536
"To use <application>MySQL</application> with PHP5 you should install "
2494
2537
"<application>php5-mysql</application> package. To install <application>php5-"
2498
2541
"</screen>"
2499
2542
msgstr ""
2500
2543
2501
#: serverguide/C/web-servers.xml:708(para)
2544
#: serverguide/C/web-servers.xml:714(para)
2502
2545
msgid ""
2503
2546
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2504
2547
"install <application>php5-pgsql</application> package. To install "
2508
2551
"</screen>"
2509
2552
msgstr ""
2510
2553
2511
#: serverguide/C/web-servers.xml:721(para)
2554
#: serverguide/C/web-servers.xml:727(para)
2512
2555
msgid ""
2513
2556
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2514
2557
"you have installed <application>php5-cli</application> package, you can run "
2515
2558
"PHP5 scripts from your command prompt."
2516
2559
msgstr ""
2517
2560
2518
#: serverguide/C/web-servers.xml:728(para)
2561
#: serverguide/C/web-servers.xml:734(para)
2519
2562
msgid ""
2520
2563
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2521
2564
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2526
2569
"command."
2527
2570
msgstr ""
2528
2571
2529
#: serverguide/C/web-servers.xml:739(para)
2572
#: serverguide/C/web-servers.xml:745(para)
2530
2573
msgid ""
2531
2574
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2532
2575
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2534
2577
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2535
2578
msgstr ""
2536
2579
2537
#: serverguide/C/web-servers.xml:747(title) serverguide/C/mail.xml:305(title) serverguide/C/mail.xml:1534(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2580
#: serverguide/C/web-servers.xml:753(title) serverguide/C/mail.xml:320(title) serverguide/C/mail.xml:1569(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2538
2581
msgid "Testing"
2539
2582
msgstr ""
2540
2583
2541
#: serverguide/C/web-servers.xml:748(para)
2584
#: serverguide/C/web-servers.xml:754(para)
2542
2585
msgid ""
2543
2586
"To verify your installation, you can run following PHP5 phpinfo script:"
2544
2587
msgstr ""
2545
2588
2546
#: serverguide/C/web-servers.xml:751(programlisting)
2589
#: serverguide/C/web-servers.xml:757(programlisting)
2547
2590
#, no-wrap
2548
2591
msgid ""
2549
2592
"\n"
2552
2595
"?>\n"
2553
2596
msgstr ""
2554
2597
2555
#: serverguide/C/web-servers.xml:756(para)
2598
#: serverguide/C/web-servers.xml:762(para)
2556
2599
msgid ""
2557
2600
"You can save the content in a file <filename>phpinfo.php</filename> and "
2558
2601
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2561
2604
"various PHP5 configuration parameters."
2562
2605
msgstr ""
2563
2606
2564
#: serverguide/C/web-servers.xml:770(para)
2607
#: serverguide/C/web-servers.xml:776(para)
2565
2608
msgid ""
2566
2609
"For more in depth information see <ulink "
2567
2610
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2568
2611
msgstr ""
2569
2612
2570
#: serverguide/C/web-servers.xml:775(para)
2613
#: serverguide/C/web-servers.xml:781(para)
2571
2614
msgid ""
2572
2615
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2573
2616
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2575
2618
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2576
2619
msgstr ""
2577
2620
2578
#: serverguide/C/web-servers.xml:787(title)
2621
#: serverguide/C/web-servers.xml:788(para)
2622
msgid ""
2623
"Also, see the <ulink "
2624
"url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache MySQL PHP "
2625
"Ubuntu Wiki</ulink> page for more information."
2626
msgstr ""
2627
2628
#: serverguide/C/web-servers.xml:799(title)
2579
2629
msgid "Squid - Proxy Server"
2580
2630
msgstr ""
2581
2631
2582
#: serverguide/C/web-servers.xml:788(para)
2632
#: serverguide/C/web-servers.xml:800(para)
2583
2633
msgid ""
2584
2634
"Squid is a full-featured web proxy cache server application which provides "
2585
2635
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2592
2642
"Protocol. (WCCP)"
2593
2643
msgstr ""
2594
2644
2595
#: serverguide/C/web-servers.xml:796(para)
2645
#: serverguide/C/web-servers.xml:808(para)
2596
2646
msgid ""
2597
2647
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2598
2648
"and caching server needs, and scales from the branch office to enterprise "
2604
2654
"increased performance."
2605
2655
msgstr ""
2606
2656
2607
#: serverguide/C/web-servers.xml:805(para)
2657
#: serverguide/C/web-servers.xml:817(para)
2608
2658
msgid ""
2609
2659
"At a terminal prompt, enter the following command to install the Squid "
2610
2660
"server:"
2611
2661
msgstr ""
2612
2662
2613
#: serverguide/C/web-servers.xml:810(command)
2663
#: serverguide/C/web-servers.xml:822(command)
2614
2664
msgid "sudo apt-get install squid"
2615
2665
msgstr ""
2616
2666
2617
#: serverguide/C/web-servers.xml:816(para)
2667
#: serverguide/C/web-servers.xml:828(para)
2618
2668
msgid ""
2619
2669
"Squid is configured by editing the directives contained within the "
2620
2670
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2623
2673
"see the References section."
2624
2674
msgstr ""
2625
2675
2626
#: serverguide/C/web-servers.xml:822(para)
2676
#: serverguide/C/web-servers.xml:834(para)
2627
2677
msgid ""
2628
2678
"Prior to editing the configuration file, you should make a copy of the "
2629
2679
"original file and protect it from writing so you will have the original "
2630
2680
"settings as a reference, and to re-use as necessary."
2631
2681
msgstr ""
2632
2682
2633
#: serverguide/C/web-servers.xml:825(para)
2683
#: serverguide/C/web-servers.xml:837(para)
2634
2684
msgid ""
2635
2685
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2636
2686
"writing with the following commands entered at a terminal prompt:"
2637
2687
msgstr ""
2638
2688
2639
#: serverguide/C/web-servers.xml:830(command)
2689
#: serverguide/C/web-servers.xml:842(command)
2640
2690
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2641
2691
msgstr ""
2642
2692
2643
#: serverguide/C/web-servers.xml:831(command)
2693
#: serverguide/C/web-servers.xml:843(command)
2644
2694
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2645
2695
msgstr ""
2646
2696
2647
#: serverguide/C/web-servers.xml:837(para)
2697
#: serverguide/C/web-servers.xml:849(para)
2648
2698
msgid ""
2649
2699
"To set your Squid server to listen on TCP port 8888 instead of the default "
2650
2700
"TCP port 3128, change the http_port directive as such:"
2651
2701
msgstr ""
2652
2702
2653
#: serverguide/C/web-servers.xml:841(programlisting)
2703
#: serverguide/C/web-servers.xml:853(programlisting)
2654
2704
#, no-wrap
2655
2705
msgid ""
2656
2706
"\n"
2657
2707
"http_port 8888\n"
2658
2708
msgstr ""
2659
2709
2660
#: serverguide/C/web-servers.xml:846(para)
2710
#: serverguide/C/web-servers.xml:858(para)
2661
2711
msgid ""
2662
2712
"Change the visible_hostname directive in order to give the Squid server a "
2663
2713
"specific hostname. This hostname does not necessarily need to be the "
2664
2714
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2665
2715
msgstr ""
2666
2716
2667
#: serverguide/C/web-servers.xml:850(programlisting)
2717
#: serverguide/C/web-servers.xml:862(programlisting)
2668
2718
#, no-wrap
2669
2719
msgid ""
2670
2720
"\n"
2671
2721
"visible_hostname weezie\n"
2672
2722
msgstr ""
2673
2723
2674
#: serverguide/C/web-servers.xml:855(para)
2724
#: serverguide/C/web-servers.xml:867(para)
2675
2725
msgid ""
2676
"Again, Using Squid's access control, you may configure use of Internet "
2677
"services proxied by Squid to be available only users with certain Internet "
2678
"Protocol (IP) addresses. For example, we will illustrate access by users of "
2679
"the 192.168.42.0/24 subnetwork only:"
2726
"Using Squid's access control, you may configure use of Internet services "
2727
"proxied by Squid to be available only users with certain Internet Protocol "
2728
"(IP) addresses. For example, we will illustrate access by users of the "
2729
"192.168.42.0/24 subnetwork only:"
2680
2730
msgstr ""
2681
2731
2682
#: serverguide/C/web-servers.xml:860(para) serverguide/C/web-servers.xml:880(para)
2732
#: serverguide/C/web-servers.xml:872(para) serverguide/C/web-servers.xml:892(para)
2683
2733
msgid ""
2684
2734
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2685
2735
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2686
2736
msgstr ""
2687
2737
2688
#: serverguide/C/web-servers.xml:863(programlisting)
2738
#: serverguide/C/web-servers.xml:875(programlisting)
2689
2739
#, no-wrap
2690
2740
msgid ""
2691
2741
"\n"
2692
2742
"acl fortytwo_network src 192.168.42.0/24\n"
2693
2743
msgstr ""
2694
2744
2695
#: serverguide/C/web-servers.xml:866(para) serverguide/C/web-servers.xml:887(para)
2745
#: serverguide/C/web-servers.xml:878(para) serverguide/C/web-servers.xml:899(para)
2696
2746
msgid ""
2697
2747
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2698
2748
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2699
2749
msgstr ""
2700
2750
2701
#: serverguide/C/web-servers.xml:870(programlisting)
2751
#: serverguide/C/web-servers.xml:882(programlisting)
2702
2752
#, no-wrap
2703
2753
msgid ""
2704
2754
"\n"
2705
2755
"http_access allow fortytwo_network\n"
2706
2756
msgstr ""
2707
2757
2708
#: serverguide/C/web-servers.xml:875(para)
2758
#: serverguide/C/web-servers.xml:887(para)
2709
2759
msgid ""
2710
2760
"Using the excellent access control features of Squid, you may configure use "
2711
2761
"of Internet services proxied by Squid to be available only during normal "
2714
2764
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2715
2765
msgstr ""
2716
2766
2717
#: serverguide/C/web-servers.xml:883(programlisting)
2767
#: serverguide/C/web-servers.xml:895(programlisting)
2718
2768
#, no-wrap
2719
2769
msgid ""
2720
2770
"\n"
2722
2772
"acl biz_hours time M T W T F 9:00-17:00\n"
2723
2773
msgstr ""
2724
2774
2725
#: serverguide/C/web-servers.xml:891(programlisting)
2775
#: serverguide/C/web-servers.xml:903(programlisting)
2726
2776
#, no-wrap
2727
2777
msgid ""
2728
2778
"\n"
2729
2779
"http_access allow biz_network biz_hours\n"
2730
2780
msgstr ""
2731
2781
2732
#: serverguide/C/web-servers.xml:898(para)
2782
#: serverguide/C/web-servers.xml:910(para)
2733
2783
msgid ""
2734
2784
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2735
2785
"save the file and restart the <application>squid</application> server "
2737
2787
"terminal prompt:"
2738
2788
msgstr ""
2739
2789
2740
#: serverguide/C/web-servers.xml:905(command)
2790
#: serverguide/C/web-servers.xml:917(command)
2741
2791
msgid "sudo /etc/init.d/squid restart"
2742
2792
msgstr ""
2743
2793
2744
#: serverguide/C/web-servers.xml:912(ulink)
2794
#: serverguide/C/web-servers.xml:924(ulink)
2745
2795
msgid "Squid Website"
2746
2796
msgstr ""
2747
2797
2748
#: serverguide/C/web-servers.xml:918(title)
2798
#: serverguide/C/web-servers.xml:926(para)
2799
msgid ""
2800
"<ulink url=\"https://help.ubuntu.com/community/Squid\">Ubuntu Wiki "
2801
"Squid</ulink> page."
2802
msgstr ""
2803
2804
#: serverguide/C/web-servers.xml:933(title)
2749
2805
msgid "Ruby on Rails"
2750
2806
msgstr ""
2751
2807
2752
#: serverguide/C/web-servers.xml:919(para)
2808
#: serverguide/C/web-servers.xml:934(para)
2753
2809
msgid ""
2754
2810
"Ruby on Rails is an open source web framework for developing database backed "
2755
2811
"web applications. It is optimized for sustainable productivity of the "
2757
2813
"convention over configuration."
2758
2814
msgstr ""
2759
2815
2760
#: serverguide/C/web-servers.xml:926(para)
2816
#: serverguide/C/web-servers.xml:941(para)
2761
2817
msgid ""
2762
2818
"Before installing <application>Rails</application> you should install "
2763
2819
"<application>Apache</application> and <application>MySQL</application>. To "
2766
2822
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2767
2823
msgstr ""
2768
2824
2769
#: serverguide/C/web-servers.xml:934(para)
2825
#: serverguide/C/web-servers.xml:949(para)
2770
2826
msgid ""
2771
2827
"Once you have <application>Apache</application> and "
2772
2828
"<application>MySQL</application> packages installed, you are ready to "
2773
2829
"install <application>Ruby on Rails</application> package."
2774
2830
msgstr ""
2775
2831
2776
#: serverguide/C/web-servers.xml:941(para)
2832
#: serverguide/C/web-servers.xml:956(para)
2777
2833
msgid ""
2778
2834
"To install the <application>Ruby</application> base packages and "
2779
2835
"<application>Ruby on Rails</application>, you can enter the following "
2780
2836
"command in the terminal prompt:"
2781
2837
msgstr ""
2782
2838
2783
#: serverguide/C/web-servers.xml:947(command)
2839
#: serverguide/C/web-servers.xml:962(command)
2784
2840
msgid "sudo apt-get install rails"
2785
2841
msgstr ""
2786
2842
2787
#: serverguide/C/web-servers.xml:953(para)
2843
#: serverguide/C/web-servers.xml:968(para)
2788
2844
msgid ""
2789
2845
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2790
2846
"configuration file to setup your domains."
2791
2847
msgstr ""
2792
2848
2793
#: serverguide/C/web-servers.xml:957(para)
2849
#: serverguide/C/web-servers.xml:972(para)
2794
2850
msgid ""
2795
2851
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2796
2852
msgstr ""
2797
2853
2798
#: serverguide/C/web-servers.xml:961(programlisting)
2854
#: serverguide/C/web-servers.xml:976(programlisting)
2799
2855
#, no-wrap
2800
2856
msgid ""
2801
2857
"\n"
2802
2858
"DocumentRoot /path/to/rails/application/public\n"
2803
2859
msgstr ""
2804
2860
2805
#: serverguide/C/web-servers.xml:964(para)
2861
#: serverguide/C/web-servers.xml:979(para)
2806
2862
msgid ""
2807
2863
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2808
2864
"directive:"
2809
2865
msgstr ""
2810
2866
2811
#: serverguide/C/web-servers.xml:968(programlisting)
2867
#: serverguide/C/web-servers.xml:983(programlisting)
2812
2868
#, no-wrap
2813
2869
msgid ""
2814
2870
"\n"
2821
2877
"</Directory>\n"
2822
2878
msgstr ""
2823
2879
2824
#: serverguide/C/web-servers.xml:978(para)
2880
#: serverguide/C/web-servers.xml:993(para)
2825
2881
msgid ""
2826
2882
"You should also enable the <application>mod_rewrite</application> module for "
2827
2883
"Apache. To enable <application>mod_rewrite</application> module, please "
2828
2884
"enter the following command in a terminal prompt:"
2829
2885
msgstr ""
2830
2886
2831
#: serverguide/C/web-servers.xml:984(command)
2887
#: serverguide/C/web-servers.xml:999(command)
2832
2888
msgid "sudo a2enmod rewrite"
2833
2889
msgstr ""
2834
2890
2835
#: serverguide/C/web-servers.xml:987(para)
2891
#: serverguide/C/web-servers.xml:1002(para)
2836
2892
msgid ""
2837
2893
"Finally you will need to change the ownership of the "
2838
2894
"<filename>/path/to/rails/application/public</filename> and "
2840
2896
"used to run the <application>Apache</application> process:"
2841
2897
msgstr ""
2842
2898
2843
#: serverguide/C/web-servers.xml:993(command)
2899
#: serverguide/C/web-servers.xml:1008(command)
2844
2900
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2845
2901
msgstr ""
2846
2902
2847
#: serverguide/C/web-servers.xml:994(command)
2903
#: serverguide/C/web-servers.xml:1009(command)
2848
2904
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2849
2905
msgstr ""
2850
2906
2851
#: serverguide/C/web-servers.xml:997(para)
2907
#: serverguide/C/web-servers.xml:1012(para)
2852
2908
msgid ""
2853
2909
"That's it! Now you have your Server ready for your <application>Ruby on "
2854
2910
"Rails</application> applications."
2855
2911
msgstr ""
2856
2912
2857
#: serverguide/C/web-servers.xml:1006(para)
2913
#: serverguide/C/web-servers.xml:1021(para)
2858
2914
msgid ""
2859
2915
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2860
2916
"for more information."
2861
2917
msgstr ""
2862
2918
2863
#: serverguide/C/web-servers.xml:1011(para)
2919
#: serverguide/C/web-servers.xml:1026(para)
2864
2920
msgid ""
2865
2921
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2866
2922
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2867
2923
"resource."
2868
2924
msgstr ""
2869
2925
2870
#: serverguide/C/web-servers.xml:1022(title)
2926
#: serverguide/C/web-servers.xml:1032(para)
2927
msgid ""
2928
"Another place for more information is the <ulink "
2929
"url=\"https://help.ubuntu.com/community/RubyOnRails\">Ruby on Rails Ubuntu "
2930
"Wiki</ulink> page."
2931
msgstr ""
2932
2933
#: serverguide/C/web-servers.xml:1043(title)
2871
2934
msgid "Apache Tomcat"
2872
2935
msgstr ""
2873
2936
2874
#: serverguide/C/web-servers.xml:1023(para)
2937
#: serverguide/C/web-servers.xml:1044(para)
2875
2938
msgid ""
2876
2939
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2877
2940
"JSP (Java Server Pages) web applications."
2878
2941
msgstr ""
2879
2942
2880
#: serverguide/C/web-servers.xml:1025(para)
2943
#: serverguide/C/web-servers.xml:1046(para)
2881
2944
msgid ""
2882
2945
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2883
2946
"different ways of running Tomcat. You can install them as a classic unique "
2889
2952
"instances."
2890
2953
msgstr ""
2891
2954
2892
#: serverguide/C/web-servers.xml:1035(title)
2955
#: serverguide/C/web-servers.xml:1056(title)
2893
2956
msgid "System-wide installation"
2894
2957
msgstr ""
2895
2958
2896
#: serverguide/C/web-servers.xml:1036(para)
2959
#: serverguide/C/web-servers.xml:1057(para)
2897
2960
msgid ""
2898
2961
"To install the <application>Tomcat</application> server, you can enter the "
2899
2962
"following command in the terminal prompt:"
2900
2963
msgstr ""
2901
2964
2902
#: serverguide/C/web-servers.xml:1039(command)
2965
#: serverguide/C/web-servers.xml:1060(command)
2903
2966
msgid "sudo apt-get install tomcat6"
2904
2967
msgstr ""
2905
2968
2906
#: serverguide/C/web-servers.xml:1041(para)
2969
#: serverguide/C/web-servers.xml:1062(para)
2907
2970
msgid ""
2908
2971
"This will install a Tomcat server with just a default ROOT webapp that "
2909
2972
"displays a minimal \"It works\" page by default."
2910
2973
msgstr ""
2911
2974
2912
#: serverguide/C/web-servers.xml:1047(para)
2975
#: serverguide/C/web-servers.xml:1068(para)
2913
2976
msgid ""
2914
2977
"Tomcat configuration files can be found in "
2915
2978
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2918
2981
"documentation</ulink> for more."
2919
2982
msgstr ""
2920
2983
2921
#: serverguide/C/web-servers.xml:1053(title)
2984
#: serverguide/C/web-servers.xml:1074(title)
2922
2985
msgid "Changing default ports"
2923
2986
msgstr ""
2924
2987
2925
#: serverguide/C/web-servers.xml:1054(para)
2988
#: serverguide/C/web-servers.xml:1075(para)
2926
2989
msgid ""
2927
2990
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2928
2991
"connector on port 8009. You might want to change those default ports to "
2930
2993
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2931
2994
msgstr ""
2932
2995
2933
#: serverguide/C/web-servers.xml:1059(programlisting)
2996
#: serverguide/C/web-servers.xml:1080(programlisting)
2934
2997
#, no-wrap
2935
2998
msgid ""
2936
2999
"\n"
2942
3005
"/>\n"
2943
3006
msgstr ""
2944
3007
2945
#: serverguide/C/web-servers.xml:1068(title)
3008
#: serverguide/C/web-servers.xml:1089(title)
2946
3009
msgid "Changing JVM used"
2947
3010
msgstr ""
2948
3011
2949
#: serverguide/C/web-servers.xml:1069(para)
3012
#: serverguide/C/web-servers.xml:1090(para)
2950
3013
msgid ""
2951
3014
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2952
3015
"then try some other JVMs. If you have various JVMs installed, you can set "
2954
3017
"<filename>/etc/default/tomcat6</filename>:"
2955
3018
msgstr ""
2956
3019
2957
#: serverguide/C/web-servers.xml:1073(programlisting)
3020
#: serverguide/C/web-servers.xml:1094(programlisting)
2958
3021
#, no-wrap
2959
3022
msgid ""
2960
3023
"\n"
2961
3024
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2962
3025
msgstr ""
2963
3026
2964
#: serverguide/C/web-servers.xml:1078(title)
3027
#: serverguide/C/web-servers.xml:1099(title)
2965
3028
msgid "Declaring users and roles"
2966
3029
msgstr ""
2967
3030
2968
#: serverguide/C/web-servers.xml:1079(para)
3031
#: serverguide/C/web-servers.xml:1100(para)
2969
3032
msgid ""
2970
3033
"Usernames, passwords and roles (groups) can be defined centrally in a "
2971
3034
"Servlet container. In Tomcat 6.0 this is done in the "
2972
3035
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2973
3036
msgstr ""
2974
3037
2975
#: serverguide/C/web-servers.xml:1082(programlisting)
3038
#: serverguide/C/web-servers.xml:1103(programlisting)
2976
3039
#, no-wrap
2977
3040
msgid ""
2978
3041
"\n"
2980
3043
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2981
3044
msgstr ""
2982
3045
2983
#: serverguide/C/web-servers.xml:1090(title)
3046
#: serverguide/C/web-servers.xml:1111(title)
2984
3047
msgid "Using Tomcat standard webapps"
2985
3048
msgstr ""
2986
3049
2987
#: serverguide/C/web-servers.xml:1091(para)
3050
#: serverguide/C/web-servers.xml:1112(para)
2988
3051
msgid ""
2989
3052
"Tomcat is shipped with webapps that you can install for documentation, "
2990
3053
"administration or demo purposes."
2991
3054
msgstr ""
2992
3055
2993
#: serverguide/C/web-servers.xml:1094(title)
3056
#: serverguide/C/web-servers.xml:1115(title)
2994
3057
msgid "Tomcat documentation"
2995
3058
msgstr ""
2996
3059
2997
#: serverguide/C/web-servers.xml:1095(para)
3060
#: serverguide/C/web-servers.xml:1116(para)
2998
3061
msgid ""
2999
3062
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
3000
3063
"documentation, packaged as a webapp that you can access by default at "
3002
3065
"command in the terminal prompt:"
3003
3066
msgstr ""
3004
3067
3005
#: serverguide/C/web-servers.xml:1100(command)
3068
#: serverguide/C/web-servers.xml:1121(command)
3006
3069
msgid "sudo apt-get install tomcat6-docs"
3007
3070
msgstr ""
3008
3071
3009
#: serverguide/C/web-servers.xml:1104(title)
3072
#: serverguide/C/web-servers.xml:1125(title)
3010
3073
msgid "Tomcat administration webapps"
3011
3074
msgstr ""
3012
3075
3013
#: serverguide/C/web-servers.xml:1105(para)
3076
#: serverguide/C/web-servers.xml:1126(para)
3014
3077
msgid ""
3015
3078
"The <application>tomcat6-admin</application> package contains two webapps "
3016
3079
"that can be used to administer the Tomcat server using a web interface. You "
3017
3080
"can install them by entering the following command in the terminal prompt:"
3018
3081
msgstr ""
3019
3082
3020
#: serverguide/C/web-servers.xml:1110(command)
3083
#: serverguide/C/web-servers.xml:1131(command)
3021
3084
msgid "sudo apt-get install tomcat6-admin"
3022
3085
msgstr ""
3023
3086
3024
#: serverguide/C/web-servers.xml:1112(para)
3087
#: serverguide/C/web-servers.xml:1133(para)
3025
3088
msgid ""
3026
3089
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3027
3090
"access by default at http://yourserver:8080/manager/html. It is primarily "
3028
3091
"used to get server status and restart webapps."
3029
3092
msgstr ""
3030
3093
3031
#: serverguide/C/web-servers.xml:1115(para)
3094
#: serverguide/C/web-servers.xml:1136(para)
3032
3095
msgid ""
3033
3096
"Access to the <emphasis>manager</emphasis> application is protected by "
3034
3097
"default: you need to define a user with the role \"manager\" in "
3035
3098
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3036
3099
msgstr ""
3037
3100
3038
#: serverguide/C/web-servers.xml:1119(para)
3101
#: serverguide/C/web-servers.xml:1140(para)
3039
3102
msgid ""
3040
3103
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3041
3104
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3042
3105
"used to create virtual hosts dynamically."
3043
3106
msgstr ""
3044
3107
3045
#: serverguide/C/web-servers.xml:1123(para)
3108
#: serverguide/C/web-servers.xml:1144(para)
3046
3109
msgid ""
3047
3110
"Access to the <emphasis>host-manager</emphasis> application is also "
3048
3111
"protected by default: you need to define a user with the role \"admin\" in "
3049
3112
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3050
3113
msgstr ""
3051
3114
3052
#: serverguide/C/web-servers.xml:1128(para)
3115
#: serverguide/C/web-servers.xml:1149(para)
3053
3116
msgid ""
3054
3117
"For security reasons, the tomcat6 user cannot write to the "
3055
3118
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3058
3121
"the following, to give users in the tomcat6 group the necessary rights:"
3059
3122
msgstr ""
3060
3123
3061
#: serverguide/C/web-servers.xml:1135(command)
3124
#: serverguide/C/web-servers.xml:1156(command)
3062
3125
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3063
3126
msgstr ""
3064
3127
3065
#: serverguide/C/web-servers.xml:1136(command)
3128
#: serverguide/C/web-servers.xml:1157(command)
3066
3129
msgid "sudo chmod -R g+w /etc/tomcat6"
3067
3130
msgstr ""
3068
3131
3069
#: serverguide/C/web-servers.xml:1141(title)
3132
#: serverguide/C/web-servers.xml:1162(title)
3070
3133
msgid "Tomcat examples webapps"
3071
3134
msgstr ""
3072
3135
3073
#: serverguide/C/web-servers.xml:1142(para)
3136
#: serverguide/C/web-servers.xml:1163(para)
3074
3137
msgid ""
3075
3138
"The <application>tomcat6-examples</application> package contains two webapps "
3076
3139
"that can be used to test or demonstrate Servlets and JSP features, which you "
3078
3141
"install them by entering the following command in the terminal prompt:"
3079
3142
msgstr ""
3080
3143
3081
#: serverguide/C/web-servers.xml:1148(command)
3144
#: serverguide/C/web-servers.xml:1169(command)
3082
3145
msgid "sudo apt-get install tomcat6-examples"
3083
3146
msgstr ""
3084
3147
3085
#: serverguide/C/web-servers.xml:1154(title)
3148
#: serverguide/C/web-servers.xml:1175(title)
3086
3149
msgid "Using private instances"
3087
3150
msgstr ""
3088
3151
3089
#: serverguide/C/web-servers.xml:1155(para)
3152
#: serverguide/C/web-servers.xml:1176(para)
3090
3153
msgid ""
3091
3154
"Tomcat is heavily used in development and testing scenarios where using a "
3092
3155
"single system-wide instance doesn't meet the requirements of multiple users "
3096
3159
"using the system-installed libraries."
3097
3160
msgstr ""
3098
3161
3099
#: serverguide/C/web-servers.xml:1162(para)
3162
#: serverguide/C/web-servers.xml:1183(para)
3100
3163
msgid ""
3101
3164
"It is possible to run the system-wide instance and the private instances in "
3102
3165
"parallel, as long as they do not use the same TCP ports."
3103
3166
msgstr ""
3104
3167
3105
#: serverguide/C/web-servers.xml:1166(title)
3168
#: serverguide/C/web-servers.xml:1187(title)
3106
3169
msgid "Installing private instance support"
3107
3170
msgstr ""
3108
3171
3109
#: serverguide/C/web-servers.xml:1167(para)
3172
#: serverguide/C/web-servers.xml:1188(para)
3110
3173
msgid ""
3111
3174
"You can install everything necessary to run private instances by entering "
3112
3175
"the following command in the terminal prompt:"
3113
3176
msgstr ""
3114
3177
3115
#: serverguide/C/web-servers.xml:1170(command)
3178
#: serverguide/C/web-servers.xml:1191(command)
3116
3179
msgid "sudo apt-get install tomcat6-user"
3117
3180
msgstr ""
3118
3181
3119
#: serverguide/C/web-servers.xml:1174(title)
3182
#: serverguide/C/web-servers.xml:1195(title)
3120
3183
msgid "Creating a private instance"
3121
3184
msgstr ""
3122
3185
3123
#: serverguide/C/web-servers.xml:1175(para)
3186
#: serverguide/C/web-servers.xml:1196(para)
3124
3187
msgid ""
3125
3188
"You can create a private instance directory by entering the following "
3126
3189
"command in the terminal prompt:"
3127
3190
msgstr ""
3128
3191
3129
#: serverguide/C/web-servers.xml:1178(command)
3192
#: serverguide/C/web-servers.xml:1199(command)
3130
3193
msgid "tomcat6-instance-create my-instance"
3131
3194
msgstr ""
3132
3195
3133
#: serverguide/C/web-servers.xml:1180(para)
3196
#: serverguide/C/web-servers.xml:1201(para)
3134
3197
msgid ""
3135
3198
"This will create a new <filename>my-instance</filename> directory with all "
3136
3199
"the necessary subdirectories and scripts. You can for example install your "
3139
3202
"are deployed by default."
3140
3203
msgstr ""
3141
3204
3142
#: serverguide/C/web-servers.xml:1188(title)
3205
#: serverguide/C/web-servers.xml:1209(title)
3143
3206
msgid "Configuring your private instance"
3144
3207
msgstr ""
3145
3208
3146
#: serverguide/C/web-servers.xml:1189(para)
3209
#: serverguide/C/web-servers.xml:1210(para)
3147
3210
msgid ""
3148
3211
"You will find the classic Tomcat configuration files for your private "
3149
3212
"instance in the <filename>conf/</filename> subdirectory. You should for "
3152
3215
"conflict with other instances that might be running."
3153
3216
msgstr ""
3154
3217
3155
#: serverguide/C/web-servers.xml:1197(title)
3218
#: serverguide/C/web-servers.xml:1218(title)
3156
3219
msgid "Starting/stopping your private instance"
3157
3220
msgstr ""
3158
3221
3159
#: serverguide/C/web-servers.xml:1198(para)
3222
#: serverguide/C/web-servers.xml:1219(para)
3160
3223
msgid ""
3161
3224
"You can start your private instance by entering the following command in the "
3162
3225
"terminal prompt (supposing your instance is located in the <filename>my-"
3163
3226
"instance</filename> directory):"
3164
3227
msgstr ""
3165
3228
3166
#: serverguide/C/web-servers.xml:1202(command)
3229
#: serverguide/C/web-servers.xml:1223(command)
3167
3230
msgid "my-instance/bin/startup.sh"
3168
3231
msgstr ""
3169
3232
3170
#: serverguide/C/web-servers.xml:1204(para)
3233
#: serverguide/C/web-servers.xml:1225(para)
3171
3234
msgid ""
3172
3235
"You should check the <filename>logs/</filename> subdirectory for any error. "
3173
3236
"If you have a <emphasis>java.net.BindException: Address already in "
3175
3238
"is already taken and that you should change it."
3176
3239
msgstr ""
3177
3240
3178
#: serverguide/C/web-servers.xml:1209(para)
3241
#: serverguide/C/web-servers.xml:1230(para)
3179
3242
msgid ""
3180
3243
"You can stop your instance by entering the following command in the terminal "
3181
3244
"prompt (supposing your instance is located in the <filename>my-"
3182
3245
"instance</filename> directory):"
3183
3246
msgstr ""
3184
3247
3185
#: serverguide/C/web-servers.xml:1213(command)
3248
#: serverguide/C/web-servers.xml:1234(command)
3186
3249
msgid "my-instance/bin/shutdown.sh"
3187
3250
msgstr ""
3188
3251
3189
#: serverguide/C/web-servers.xml:1222(para)
3252
#: serverguide/C/web-servers.xml:1243(para)
3190
3253
msgid ""
3191
3254
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3192
3255
"website for more information."
3193
3256
msgstr ""
3194
3257
3195
#: serverguide/C/web-servers.xml:1227(para)
3258
#: serverguide/C/web-servers.xml:1248(para)
3196
3259
msgid ""
3197
3260
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3198
3261
"Definitive Guide</ulink> is a good resource for building web applications "
3199
3262
"with Tomcat."
3200
3263
msgstr ""
3201
3264
3202
#: serverguide/C/web-servers.xml:1233(para)
3265
#: serverguide/C/web-servers.xml:1254(para)
3203
3266
msgid ""
3204
3267
"For additional books see the <ulink "
3205
3268
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3206
3269
"page."
3207
3270
msgstr ""
3208
3271
3272
#: serverguide/C/web-servers.xml:1259(para)
3273
msgid ""
3274
"Also, see the<ulink "
3275
"url=\"https://help.ubuntu.com/community/ApacheTomcat5\">Ubuntu Wiki Apache "
3276
"Tomcat</ulink> page."
3277
msgstr ""
3278
3209
3279
#: serverguide/C/vpn.xml:13(title)
3210
3280
msgid "VPN"
3211
3281
msgstr ""
3237
3307
msgid "To install <application>openvpn</application> in a terminal enter:"
3238
3308
msgstr ""
3239
3309
3240
#: serverguide/C/vpn.xml:41(command)
3310
#: serverguide/C/vpn.xml:41(command) serverguide/C/vpn.xml:257(command)
3241
3311
msgid "sudo apt-get install openvpn"
3242
3312
msgstr ""
3243
3313
3255
3325
msgid ""
3256
3326
"First, copy the <filename>easy-rsa</filename> directory to "
3257
3327
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3258
"scripts will not be lost when the package is updated. From a terminal enter:"
3328
"scripts will not be lost when the package is updated. You will also need to "
3329
"adjust permissions in the <filename>easy-rsa</filename> directory to allow "
3330
"the current user permission to create files. From a terminal enter:"
3259
3331
msgstr ""
3260
3332
3261
#: serverguide/C/vpn.xml:58(command)
3333
#: serverguide/C/vpn.xml:59(command)
3262
3334
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3263
3335
msgstr ""
3264
3336
3265
#: serverguide/C/vpn.xml:59(command)
3337
#: serverguide/C/vpn.xml:60(command)
3266
3338
msgid ""
3267
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/"
3268
msgstr ""
3269
3270
#: serverguide/C/vpn.xml:62(para)
3339
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-"
3340
"rsa/"
3341
msgstr ""
3342
3343
#: serverguide/C/vpn.xml:61(command)
3344
msgid "sudo chown -R $USER /etc/openvpn/easy-rsa/"
3345
msgstr ""
3346
3347
#: serverguide/C/vpn.xml:64(para)
3271
3348
msgid ""
3272
3349
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3273
3350
"following to your environment:"
3274
3351
msgstr ""
3275
3352
3276
#: serverguide/C/vpn.xml:66(programlisting)
3353
#: serverguide/C/vpn.xml:68(programlisting)
3277
3354
#, no-wrap
3278
3355
msgid ""
3279
3356
"\n"
3284
3361
"export KEY_EMAIL=\"steve@example.com\"\n"
3285
3362
msgstr ""
3286
3363
3287
#: serverguide/C/vpn.xml:74(para)
3364
#: serverguide/C/vpn.xml:76(para)
3288
3365
msgid "Enter the following to create the server certificates:"
3289
3366
msgstr ""
3290
3367
3291
#: serverguide/C/vpn.xml:79(command)
3292
msgid "cd /etc/openvpn/easy-rsa/easy-rsa"
3368
#: serverguide/C/vpn.xml:81(command) serverguide/C/vpn.xml:102(command)
3369
msgid "cd /etc/openvpn/easy-rsa/"
3293
3370
msgstr ""
3294
3371
3295
#: serverguide/C/vpn.xml:80(command) serverguide/C/vpn.xml:101(command)
3372
#: serverguide/C/vpn.xml:82(command) serverguide/C/vpn.xml:103(command)
3296
3373
msgid "source vars"
3297
3374
msgstr ""
3298
3375
3299
#: serverguide/C/vpn.xml:81(command)
3376
#: serverguide/C/vpn.xml:83(command)
3300
3377
msgid "./clean-all"
3301
3378
msgstr ""
3302
3379
3303
#: serverguide/C/vpn.xml:82(command)
3380
#: serverguide/C/vpn.xml:84(command)
3304
3381
msgid "./build-dh"
3305
3382
msgstr ""
3306
3383
3307
#: serverguide/C/vpn.xml:83(command)
3384
#: serverguide/C/vpn.xml:85(command)
3308
3385
msgid "./pkitool --initca"
3309
3386
msgstr ""
3310
3387
3311
#: serverguide/C/vpn.xml:84(command)
3388
#: serverguide/C/vpn.xml:86(command)
3312
3389
msgid "./pkitool --server server"
3313
3390
msgstr ""
3314
3391
3315
#: serverguide/C/vpn.xml:85(command)
3392
#: serverguide/C/vpn.xml:87(command)
3316
3393
msgid "cd keys"
3317
3394
msgstr ""
3318
3395
3319
#: serverguide/C/vpn.xml:86(command)
3396
#: serverguide/C/vpn.xml:88(command)
3320
3397
msgid "openvpn --genkey --secret ta.key"
3321
3398
msgstr ""
3322
3399
3323
#: serverguide/C/vpn.xml:87(command)
3400
#: serverguide/C/vpn.xml:89(command)
3324
3401
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3325
3402
msgstr ""
3326
3403
3327
#: serverguide/C/vpn.xml:92(title)
3404
#: serverguide/C/vpn.xml:94(title)
3328
3405
msgid "Client Certificates"
3329
3406
msgstr ""
3330
3407
3331
#: serverguide/C/vpn.xml:94(para)
3408
#: serverguide/C/vpn.xml:96(para)
3332
3409
msgid ""
3333
3410
"The VPN client will also need a certificate to authenticate itself to the "
3334
3411
"server. To create the certificate, enter the following in a terminal:"
3335
3412
msgstr ""
3336
3413
3337
#: serverguide/C/vpn.xml:100(command)
3338
msgid "cd /etc/openvpn/easy-rsa/"
3339
msgstr ""
3340
3341
#: serverguide/C/vpn.xml:102(command)
3414
#: serverguide/C/vpn.xml:104(command)
3342
3415
msgid "./pkitool hostname"
3343
3416
msgstr ""
3344
3417
3345
#: serverguide/C/vpn.xml:106(para)
3418
#: serverguide/C/vpn.xml:108(para)
3346
3419
msgid ""
3347
3420
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3348
3421
"machine connecting to the VPN."
3349
3422
msgstr ""
3350
3423
3351
#: serverguide/C/vpn.xml:111(para)
3424
#: serverguide/C/vpn.xml:113(para)
3352
3425
msgid "Copy the following files to the client:"
3353
3426
msgstr ""
3354
3427
3355
#: serverguide/C/vpn.xml:116(para)
3356
msgid "/etc/openvpn/easy-rsa/hostname.ovpn"
3357
msgstr ""
3358
3359
#: serverguide/C/vpn.xml:117(para)
3360
msgid "/etc/openvpn/easy-rsa/ca.crt"
3361
msgstr ""
3362
3363
3428
#: serverguide/C/vpn.xml:118(para)
3364
msgid "/etc/openvpn/easy-rsa/hostname.crt"
3429
msgid "/etc/openvpn/ca.crt"
3365
3430
msgstr ""
3366
3431
3367
3432
#: serverguide/C/vpn.xml:119(para)
3368
msgid "/etc/openvpn/easy-rsa/hostname.key"
3433
msgid "/etc/openvpn/easy-rsa/keys/hostname.crt"
3369
3434
msgstr ""
3370
3435
3371
3436
#: serverguide/C/vpn.xml:120(para)
3372
msgid "/etc/openvpn/easy-rsa/ta.key"
3373
msgstr ""
3374
3375
#: serverguide/C/vpn.xml:124(para)
3437
msgid "/etc/openvpn/easy-rsa/keys/hostname.key"
3438
msgstr ""
3439
3440
#: serverguide/C/vpn.xml:121(para)
3441
msgid "/etc/openvpn/ta.key"
3442
msgstr ""
3443
3444
#: serverguide/C/vpn.xml:125(para)
3376
3445
msgid ""
3377
3446
"Remember to adjust the above file names for your client machine's "
3378
3447
"<emphasis>hostname</emphasis>."
3379
3448
msgstr ""
3380
3449
3381
#: serverguide/C/vpn.xml:129(para)
3450
#: serverguide/C/vpn.xml:130(para)
3382
3451
msgid ""
3383
3452
"It is best to use a secure method to copy the certificate and key files. The "
3384
3453
"<application>scp</application> utility is a good choice, but copying the "
3385
3454
"files to removable media then to the client, also works well."
3386
3455
msgstr ""
3387
3456
3388
#: serverguide/C/vpn.xml:140(title) serverguide/C/vcs.xml:107(title)
3457
#: serverguide/C/vpn.xml:141(title) serverguide/C/vcs.xml:107(title)
3389
3458
msgid "Server Configuration"
3390
3459
msgstr ""
3391
3460
3392
#: serverguide/C/vpn.xml:142(para)
3461
#: serverguide/C/vpn.xml:143(para)
3393
3462
msgid ""
3394
3463
"Now configure the <application>openvpn</application> server by creating "
3395
3464
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3396
3465
"terminal enter:"
3397
3466
msgstr ""
3398
3467
3399
#: serverguide/C/vpn.xml:148(command)
3468
#: serverguide/C/vpn.xml:149(command)
3400
3469
msgid ""
3401
3470
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3402
3471
"/etc/openvpn/"
3403
3472
msgstr ""
3404
3473
3405
#: serverguide/C/vpn.xml:149(command)
3474
#: serverguide/C/vpn.xml:150(command)
3406
3475
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3407
3476
msgstr ""
3408
3477
3409
#: serverguide/C/vpn.xml:152(para)
3478
#: serverguide/C/vpn.xml:153(para)
3410
3479
msgid ""
3411
"Edit <filename>etc/openvpn/server.conf</filename> changing the following "
3480
"Edit <filename>/etc/openvpn/server.conf</filename> changing the following "
3412
3481
"options to:"
3413
3482
msgstr ""
3414
3483
3415
#: serverguide/C/vpn.xml:156(programlisting)
3484
#: serverguide/C/vpn.xml:157(programlisting)
3416
3485
#, no-wrap
3417
3486
msgid ""
3418
3487
"\n"
3419
3488
"local 172.18.100.101\n"
3420
3489
"dev tap0\n"
3490
"up \"/etc/openvpn/up.sh br0\"\n"
3491
"down \"/etc/openvpn/down.sh br0\"\n"
3492
";server 10.8.0.0 255.255.255.0\n"
3421
3493
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3422
3494
"push \"route 172.18.100.1 255.255.255.0\"\n"
3423
3495
"push \"dhcp-option DNS 172.18.100.20\"\n"
3427
3499
"group nogroup\n"
3428
3500
msgstr ""
3429
3501
3430
#: serverguide/C/vpn.xml:170(para)
3502
#: serverguide/C/vpn.xml:174(para)
3431
3503
msgid ""
3432
3504
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3433
3505
msgstr ""
3434
3506
3435
#: serverguide/C/vpn.xml:175(para)
3507
#: serverguide/C/vpn.xml:179(para)
3436
3508
msgid ""
3437
3509
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3438
3510
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3441
3513
"to clients."
3442
3514
msgstr ""
3443
3515
3444
#: serverguide/C/vpn.xml:182(para)
3516
#: serverguide/C/vpn.xml:186(para)
3445
3517
msgid ""
3446
3518
"<emphasis>push</emphasis>: are directives to add networking options for "
3447
3519
"clients."
3448
3520
msgstr ""
3449
3521
3450
#: serverguide/C/vpn.xml:187(para)
3522
#: serverguide/C/vpn.xml:191(para)
3451
3523
msgid ""
3452
3524
"<emphasis>user and group</emphasis>: configure which user and group the "
3453
3525
"<application>openvpn</application> daemon executes as."
3454
3526
msgstr ""
3455
3527
3456
#: serverguide/C/vpn.xml:194(para)
3528
#: serverguide/C/vpn.xml:198(para)
3457
3529
msgid ""
3458
3530
"Replace all IP addresses and domain names above with those of your network."
3459
3531
msgstr ""
3460
3532
3461
#: serverguide/C/vpn.xml:199(para)
3533
#: serverguide/C/vpn.xml:203(para)
3462
3534
msgid ""
3463
3535
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3464
3536
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3465
3537
msgstr ""
3466
3538
3467
#: serverguide/C/vpn.xml:203(programlisting)
3539
#: serverguide/C/vpn.xml:207(programlisting)
3468
3540
#, no-wrap
3469
3541
msgid ""
3470
3542
"\n"
3477
3549
"/usr/sbin/brctl addif $BR $DEV\n"
3478
3550
msgstr ""
3479
3551
3480
#: serverguide/C/vpn.xml:213(para)
3552
#: serverguide/C/vpn.xml:217(para)
3481
3553
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3482
3554
msgstr ""
3483
3555
3484
#: serverguide/C/vpn.xml:217(programlisting)
3556
#: serverguide/C/vpn.xml:221(programlisting)
3485
3557
#, no-wrap
3486
3558
msgid ""
3487
3559
"\n"
3494
3566
"/sbin/ifconfig $DEV down\n"
3495
3567
msgstr ""
3496
3568
3497
#: serverguide/C/vpn.xml:227(para)
3569
#: serverguide/C/vpn.xml:231(para)
3498
3570
msgid "Then make them executable:"
3499
3571
msgstr ""
3500
3572
3501
#: serverguide/C/vpn.xml:232(command)
3573
#: serverguide/C/vpn.xml:236(command)
3502
3574
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3503
3575
msgstr ""
3504
3576
3505
#: serverguide/C/vpn.xml:233(command)
3577
#: serverguide/C/vpn.xml:237(command)
3506
3578
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3507
3579
msgstr ""
3508
3580
3509
#: serverguide/C/vpn.xml:236(para)
3581
#: serverguide/C/vpn.xml:240(para)
3510
3582
msgid ""
3511
3583
"After configuring the server, restart <application>openvpn</application> by "
3512
3584
"entering:"
3513
3585
msgstr ""
3514
3586
3515
#: serverguide/C/vpn.xml:241(command) serverguide/C/vpn.xml:281(command)
3587
#: serverguide/C/vpn.xml:245(command) serverguide/C/vpn.xml:293(command)
3516
3588
msgid "sudo /etc/init.d/openvpn restart"
3517
3589
msgstr ""
3518
3590
3519
#: serverguide/C/vpn.xml:246(title)
3591
#: serverguide/C/vpn.xml:250(title)
3520
3592
msgid "Client Configuration"
3521
3593
msgstr ""
3522
3594
3523
#: serverguide/C/vpn.xml:248(para)
3595
#: serverguide/C/vpn.xml:252(para)
3596
msgid "First, install <application>openvpn</application> on the client:"
3597
msgstr ""
3598
3599
#: serverguide/C/vpn.xml:260(para)
3524
3600
msgid ""
3525
"With the server configured and the client certificates copied over, create a "
3526
"client configuration file by copying the example. In a terminal on the "
3527
"client machine enter:"
3601
"Then with the server configured and the client certificates copied to the "
3602
"<filename>/etc/openvpn/</filename> directory, create a client configuration "
3603
"file by copying the example. In a terminal on the client machine enter:"
3528
3604
msgstr ""
3529
3605
3530
#: serverguide/C/vpn.xml:254(command)
3606
#: serverguide/C/vpn.xml:266(command)
3531
3607
msgid ""
3532
3608
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3533
3609
"/etc/openvpn"
3534
3610
msgstr ""
3535
3611
3536
#: serverguide/C/vpn.xml:257(para)
3612
#: serverguide/C/vpn.xml:269(para)
3537
3613
msgid ""
3538
3614
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3539
3615
"following options:"
3540
3616
msgstr ""
3541
3617
3542
#: serverguide/C/vpn.xml:261(programlisting)
3618
#: serverguide/C/vpn.xml:273(programlisting)
3543
3619
#, no-wrap
3544
3620
msgid ""
3545
3621
"\n"
3550
3626
"tls-auth ta.key 1\n"
3551
3627
msgstr ""
3552
3628
3553
#: serverguide/C/vpn.xml:270(para)
3629
#: serverguide/C/vpn.xml:282(para)
3554
3630
msgid ""
3555
3631
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3556
3632
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3557
3633
"key filenames."
3558
3634
msgstr ""
3559
3635
3560
#: serverguide/C/vpn.xml:276(para)
3636
#: serverguide/C/vpn.xml:288(para)
3561
3637
msgid "Finally, restart <application>openvpn</application>:"
3562
3638
msgstr ""
3563
3639
3564
#: serverguide/C/vpn.xml:284(para)
3640
#: serverguide/C/vpn.xml:296(para)
3565
3641
msgid "You should now be able to connect to the remote LAN through the VPN."
3566
3642
msgstr ""
3567
3643
3568
#: serverguide/C/vpn.xml:295(para)
3644
#: serverguide/C/vpn.xml:307(para)
3569
3645
msgid ""
3570
3646
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3571
3647
"additional information."
3572
3648
msgstr ""
3573
3649
3574
#: serverguide/C/vpn.xml:300(para)
3650
#: serverguide/C/vpn.xml:312(para)
3575
3651
msgid ""
3576
3652
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3577
3653
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3578
3654
msgstr ""
3579
3655
3656
#: serverguide/C/vpn.xml:318(para)
3657
msgid ""
3658
"Another source of further information is the <ulink "
3659
"url=\"https://help.ubuntu.com/community/OpenVPN\">Ubuntu Wiki "
3660
"OpenVPN</ulink> page."
3661
msgstr ""
3662
3580
3663
#: serverguide/C/virtualization.xml:13(title)
3581
3664
msgid "Virtualization"
3582
3665
msgstr ""
3613
3696
"<application>KVM</application>. Enter the following from a terminal prompt:"
3614
3697
msgstr ""
3615
3698
3616
#: serverguide/C/virtualization.xml:34(command)
3617
msgid "egrep '(vmx|svm)' /proc/cpuinfo"
3699
#: serverguide/C/virtualization.xml:35(command)
3700
msgid "kvm-ok"
3618
3701
msgstr ""
3619
3702
3620
#: serverguide/C/virtualization.xml:36(para)
3703
#: serverguide/C/virtualization.xml:37(para)
3621
3704
msgid ""
3622
"If nothing is printed, it means that your cpu does <emphasis>not</emphasis> "
3623
"support hardware virtualization."
3705
"A message will be printed informing you if your CPU "
3706
"<emphasis>does</emphasis> or <emphasis>does not</emphasis> support hardware "
3707
"virtualization."
3624
3708
msgstr ""
3625
3709
3626
#: serverguide/C/virtualization.xml:40(para)
3710
#: serverguide/C/virtualization.xml:41(para)
3627
3711
msgid ""
3628
3712
"On most computer whose processor supports virtualization, it is necessary to "
3629
"activate an option in the bios to enable it. The method described above does "
3630
"not show the status of it's activation."
3713
"activate an option in the BIOS to enable it."
3631
3714
msgstr ""
3632
3715
3633
3716
#: serverguide/C/virtualization.xml:47(title)
3703
3786
msgid ""
3704
3787
"There are several ways to automate the Ubuntu installation process, for "
3705
3788
"example using preseeds, kickstart, etc. Refer to the <ulink "
3706
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
3707
"Guide</ulink> for details."
3789
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
3790
"Installation Guide</ulink> for details."
3708
3791
msgstr ""
3709
3792
3710
3793
#: serverguide/C/virtualization.xml:98(para)
4069
4152
"technology in Ubuntu."
4070
4153
msgstr ""
4071
4154
4072
#: serverguide/C/virtualization.xml:394(title)
4155
#: serverguide/C/virtualization.xml:391(para)
4156
msgid ""
4157
"Another good resource is the <ulink "
4158
"url=\"https://help.ubuntu.com/community/KVM\">Ubuntu Wiki KVM</ulink> page."
4159
msgstr ""
4160
4161
#: serverguide/C/virtualization.xml:399(title)
4073
4162
msgid "JeOS and vmbuilder"
4074
4163
msgstr ""
4075
4164
4076
#: serverguide/C/virtualization.xml:400(title)
4165
#: serverguide/C/virtualization.xml:405(title)
4077
4166
msgid "What is JeOS"
4078
4167
msgstr ""
4079
4168
4080
#: serverguide/C/virtualization.xml:402(para)
4169
#: serverguide/C/virtualization.xml:407(para)
4081
4170
msgid ""
4082
4171
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4083
4172
"variant of the Ubuntu Server operating system, configured specifically for "
4085
4174
"only as an option either:"
4086
4175
msgstr ""
4087
4176
4088
#: serverguide/C/virtualization.xml:409(para)
4177
#: serverguide/C/virtualization.xml:414(para)
4089
4178
msgid ""
4090
4179
"While installing from the Server Edition ISO (pressing "
4091
4180
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4092
4181
"installation\", which is the package selection equivalent to JeOS)."
4093
4182
msgstr ""
4094
4183
4095
#: serverguide/C/virtualization.xml:415(para)
4184
#: serverguide/C/virtualization.xml:420(para)
4096
4185
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4097
4186
msgstr ""
4098
4187
4099
#: serverguide/C/virtualization.xml:421(para)
4188
#: serverguide/C/virtualization.xml:426(para)
4100
4189
msgid ""
4101
4190
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4102
4191
"kernel that only contains the base elements needed to run within a "
4103
4192
"virtualized environment."
4104
4193
msgstr ""
4105
4194
4106
#: serverguide/C/virtualization.xml:426(para)
4195
#: serverguide/C/virtualization.xml:431(para)
4107
4196
msgid ""
4108
4197
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4109
4198
"in the latest virtualization products from VMware. This combination of "
4112
4201
"deployments."
4113
4202
msgstr ""
4114
4203
4115
#: serverguide/C/virtualization.xml:432(para)
4204
#: serverguide/C/virtualization.xml:437(para)
4116
4205
msgid ""
4117
4206
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4118
4207
"can configure their supporting OS exactly as they require. They have the "
4123
4212
"than they would have had to with a standard full installation of a server."
4124
4213
msgstr ""
4125
4214
4126
#: serverguide/C/virtualization.xml:441(title)
4215
#: serverguide/C/virtualization.xml:446(title)
4127
4216
msgid "What is vmbuilder"
4128
4217
msgstr ""
4129
4218
4130
#: serverguide/C/virtualization.xml:443(para)
4219
#: serverguide/C/virtualization.xml:448(para)
4131
4220
msgid ""
4132
4221
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4133
"will fetch the various package and build a virtual machine tailored for our "
4134
"need in about a minute for us. Vmbuilder is a Script that automates the "
4135
"process of creating a ready to use Linux based VM. The currently supported "
4136
"hypervisors are KVM and Xen."
4222
"will fetch the various package and build a virtual machine tailored for your "
4223
"needs in about a minute. vmbuilder is a script that automates the process of "
4224
"creating a ready to use Linux based VM. The currently supported hypervisors "
4225
"are KVM and Xen."
4137
4226
msgstr ""
4138
4227
4139
#: serverguide/C/virtualization.xml:449(para)
4228
#: serverguide/C/virtualization.xml:454(para)
4140
4229
msgid ""
4141
4230
"You can pass command line options to add extra packages, remove packages, "
4142
4231
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4144
4233
"a local mirror, you can bootstrap a VM in less than a minute."
4145
4234
msgstr ""
4146
4235
4147
#: serverguide/C/virtualization.xml:455(para)
4236
#: serverguide/C/virtualization.xml:460(para)
4148
4237
msgid ""
4149
"First introduced as a shell script in Ubuntu 8.04LTS, <application>ubuntu-vm-"
4150
"builder</application> started with little emphasis as a hack to help "
4238
"First introduced as a shell script in Ubuntu 8.04 LTS, <application>ubuntu-"
4239
"vm-builder</application> started with little emphasis as a hack to help "
4151
4240
"developers test their new code in a virtual machine without having to "
4152
4241
"restart from scratch each time. As a few Ubuntu administrators started to "
4153
4242
"notice this script, a few of them went on improving it and adapting it for "
4156
4245
"scratch for Intrepid as a python script with a few new design goals:"
4157
4246
msgstr ""
4158
4247
4159
#: serverguide/C/virtualization.xml:465(para)
4248
#: serverguide/C/virtualization.xml:470(para)
4160
4249
msgid "Develop it so that it can be reused by other distributions."
4161
4250
msgstr ""
4162
4251
4163
#: serverguide/C/virtualization.xml:470(para)
4252
#: serverguide/C/virtualization.xml:475(para)
4164
4253
msgid ""
4165
4254
"Use a plugin mechanisms for all virtualization interactions so that others "
4166
4255
"can easily add logic for other virtualization environments."
4167
4256
msgstr ""
4168
4257
4169
#: serverguide/C/virtualization.xml:475(para)
4258
#: serverguide/C/virtualization.xml:480(para)
4170
4259
msgid ""
4171
4260
"Provide an easy to maintain web interface as an option to the command line "
4172
4261
"interface."
4173
4262
msgstr ""
4174
4263
4175
#: serverguide/C/virtualization.xml:481(para)
4264
#: serverguide/C/virtualization.xml:486(para)
4176
4265
msgid "But the general principles and commands remain the same."
4177
4266
msgstr ""
4178
4267
4179
#: serverguide/C/virtualization.xml:488(title)
4268
#: serverguide/C/virtualization.xml:493(title)
4180
4269
msgid "Initial Setup"
4181
4270
msgstr ""
4182
4271
4183
#: serverguide/C/virtualization.xml:490(para)
4272
#: serverguide/C/virtualization.xml:495(para)
4184
4273
msgid ""
4185
4274
"It is assumed that you have installed and configured "
4186
4275
"<application>libvirt</application> and <application>KVM</application> "
4188
4277
"please refer to:"
4189
4278
msgstr ""
4190
4279
4191
#: serverguide/C/virtualization.xml:502(para)
4280
#: serverguide/C/virtualization.xml:507(para)
4192
4281
msgid ""
4193
4282
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4194
4283
"page."
4195
4284
msgstr ""
4196
4285
4197
#: serverguide/C/virtualization.xml:508(para)
4286
#: serverguide/C/virtualization.xml:513(para)
4198
4287
msgid ""
4199
4288
"We also assume that you know how to use a text based text editor such as "
4200
4289
"nano or vi. If you have not used any of them before, you can get an overview "
4204
4293
"principle should remain on other virtualization technologies."
4205
4294
msgstr ""
4206
4295
4207
#: serverguide/C/virtualization.xml:516(title)
4296
#: serverguide/C/virtualization.xml:521(title)
4208
4297
msgid "Install vmbuilder"
4209
4298
msgstr ""
4210
4299
4211
#: serverguide/C/virtualization.xml:518(para)
4300
#: serverguide/C/virtualization.xml:523(para)
4212
4301
msgid ""
4213
4302
"The name of the package that we need to install is <application>python-vm-"
4214
4303
"builder</application>. In a terminal prompt enter:"
4215
4304
msgstr ""
4216
4305
4217
#: serverguide/C/virtualization.xml:523(command)
4306
#: serverguide/C/virtualization.xml:528(command)
4218
4307
msgid "sudo apt-get install python-vm-builder"
4219
4308
msgstr ""
4220
4309
4221
#: serverguide/C/virtualization.xml:527(para)
4310
#: serverguide/C/virtualization.xml:532(para)
4222
4311
msgid ""
4223
4312
"If you are running Hardy, you can still perform most of this using the older "
4224
4313
"version of the package named <application>ubuntu-vm-builder</application>, "
4225
4314
"there are only a few changes to the syntax of the tool."
4226
4315
msgstr ""
4227
4316
4228
#: serverguide/C/virtualization.xml:536(title)
4317
#: serverguide/C/virtualization.xml:541(title)
4229
4318
msgid "Defining Your Virtual Machine"
4230
4319
msgstr ""
4231
4320
4232
#: serverguide/C/virtualization.xml:538(para)
4321
#: serverguide/C/virtualization.xml:543(para)
4233
4322
msgid ""
4234
4323
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4235
4324
"are a few thing to consider:"
4236
4325
msgstr ""
4237
4326
4238
#: serverguide/C/virtualization.xml:544(para)
4327
#: serverguide/C/virtualization.xml:549(para)
4239
4328
msgid ""
4240
4329
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4241
4330
"will know how to extend disk size to fit their need, so either plan for a "
4244
4333
"a good idea to store data on some separate external storage."
4245
4334
msgstr ""
4246
4335
4247
#: serverguide/C/virtualization.xml:551(para)
4336
#: serverguide/C/virtualization.xml:556(para)
4248
4337
msgid ""
4249
4338
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4250
4339
"whatever you think is a safe minimum for your appliance."
4251
4340
msgstr ""
4252
4341
4253
#: serverguide/C/virtualization.xml:557(para)
4342
#: serverguide/C/virtualization.xml:562(para)
4254
4343
msgid ""
4255
4344
"The <application>vmbuilder</application> command has 2 main parameters: the "
4256
4345
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4258
4347
"and can be found using the following command:"
4259
4348
msgstr ""
4260
4349
4261
#: serverguide/C/virtualization.xml:563(command)
4350
#: serverguide/C/virtualization.xml:568(command)
4262
4351
msgid "vmbuilder --help"
4263
4352
msgstr ""
4264
4353
4265
#: serverguide/C/virtualization.xml:567(title)
4354
#: serverguide/C/virtualization.xml:572(title)
4266
4355
msgid "Base Parameters"
4267
4356
msgstr ""
4268
4357
4269
#: serverguide/C/virtualization.xml:569(para)
4358
#: serverguide/C/virtualization.xml:574(para)
4270
4359
msgid ""
4271
"As this example is based on <application>KVM</application> and Ubuntu 9.10 "
4272
"(Karmic Koala), and we are likely to rebuild the same virtual machine "
4360
"As this example is based on <application>KVM</application> and Ubuntu 10.04 "
4361
"LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine "
4273
4362
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4274
4363
msgstr ""
4275
4364
4276
#: serverguide/C/virtualization.xml:575(command)
4365
#: serverguide/C/virtualization.xml:580(command)
4277
4366
msgid ""
4278
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4367
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4279
4368
"libvirt qemu:///system"
4280
4369
msgstr ""
4281
4370
4282
#: serverguide/C/virtualization.xml:578(para)
4371
#: serverguide/C/virtualization.xml:583(para)
4283
4372
msgid ""
4284
4373
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4285
4374
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4290
4379
"add the resulting VM to the list of available machines."
4291
4380
msgstr ""
4292
4381
4293
#: serverguide/C/virtualization.xml:586(para)
4382
#: serverguide/C/virtualization.xml:591(para)
4294
4383
msgid "Notes:"
4295
4384
msgstr ""
4296
4385
4297
#: serverguide/C/virtualization.xml:592(para)
4386
#: serverguide/C/virtualization.xml:597(para)
4298
4387
msgid ""
4299
4388
"Because of the nature of operations performed by vmbuilder, it needs to have "
4300
4389
"root privilege, hence the use of sudo."
4301
4390
msgstr ""
4302
4391
4303
#: serverguide/C/virtualization.xml:597(para)
4392
#: serverguide/C/virtualization.xml:602(para)
4304
4393
msgid ""
4305
4394
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4306
4395
"a 64 bit machine (--arch amd64)."
4307
4396
msgstr ""
4308
4397
4309
#: serverguide/C/virtualization.xml:602(para)
4398
#: serverguide/C/virtualization.xml:607(para)
4310
4399
msgid ""
4311
4400
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4312
4401
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4313
4402
"use <emphasis>--flavour</emphasis> server instead."
4314
4403
msgstr ""
4315
4404
4316
#: serverguide/C/virtualization.xml:610(title)
4405
#: serverguide/C/virtualization.xml:615(title)
4317
4406
msgid "JeOS Installation Parameters"
4318
4407
msgstr ""
4319
4408
4320
#: serverguide/C/virtualization.xml:613(title)
4409
#: serverguide/C/virtualization.xml:618(title)
4321
4410
msgid "JeOS Networking"
4322
4411
msgstr ""
4323
4412
4324
#: serverguide/C/virtualization.xml:616(title)
4413
#: serverguide/C/virtualization.xml:621(title)
4325
4414
msgid "Assigning a fixed IP address"
4326
4415
msgstr ""
4327
4416
4328
#: serverguide/C/virtualization.xml:618(para)
4417
#: serverguide/C/virtualization.xml:623(para)
4329
4418
msgid ""
4330
4419
"As a virtual appliance that may be deployed on various very different "
4331
4420
"networks, it is very difficult to know what the actual network will look "
4336
4425
"192.168.0.0/255 is usually a good choice."
4337
4426
msgstr ""
4338
4427
4339
#: serverguide/C/virtualization.xml:625(para)
4428
#: serverguide/C/virtualization.xml:630(para)
4340
4429
msgid "To do this we'll use the following parameters:"
4341
4430
msgstr ""
4342
4431
4343
#: serverguide/C/virtualization.xml:631(para)
4432
#: serverguide/C/virtualization.xml:636(para)
4344
4433
msgid ""
4345
4434
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4346
4435
"dhcp if not specified)"
4347
4436
msgstr ""
4348
4437
4349
#: serverguide/C/virtualization.xml:636(para)
4438
#: serverguide/C/virtualization.xml:641(para)
4350
4439
msgid ""
4351
4440
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4352
4441
"255.255.255.0)"
4353
4442
msgstr ""
4354
4443
4355
#: serverguide/C/virtualization.xml:641(para)
4444
#: serverguide/C/virtualization.xml:646(para)
4356
4445
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4357
4446
msgstr ""
4358
4447
4359
#: serverguide/C/virtualization.xml:646(para)
4448
#: serverguide/C/virtualization.xml:651(para)
4360
4449
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4361
4450
msgstr ""
4362
4451
4363
#: serverguide/C/virtualization.xml:651(para)
4452
#: serverguide/C/virtualization.xml:656(para)
4364
4453
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4365
4454
msgstr ""
4366
4455
4367
#: serverguide/C/virtualization.xml:656(para)
4456
#: serverguide/C/virtualization.xml:661(para)
4368
4457
msgid ""
4369
4458
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4370
4459
msgstr ""
4371
4460
4372
#: serverguide/C/virtualization.xml:662(para)
4461
#: serverguide/C/virtualization.xml:667(para)
4373
4462
msgid ""
4374
4463
"We assume for now that default values are good enough, so the resulting "
4375
4464
"invocation becomes:"
4376
4465
msgstr ""
4377
4466
4378
#: serverguide/C/virtualization.xml:667(command)
4467
#: serverguide/C/virtualization.xml:672(command)
4379
4468
msgid ""
4380
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4469
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --"
4381
4470
"libvirt qemu:///system --ip 192.168.0.100"
4382
4471
msgstr ""
4383
4472
4384
#: serverguide/C/virtualization.xml:672(title)
4473
#: serverguide/C/virtualization.xml:677(title)
4385
4474
msgid "Modifying the libvirt Template to use Bridging"
4386
4475
msgstr ""
4387
4476
4388
#: serverguide/C/virtualization.xml:674(para)
4477
#: serverguide/C/virtualization.xml:679(para)
4389
4478
msgid ""
4390
4479
"Because our appliance will be likely to need to be accessed by remote hosts, "
4391
4480
"we need to configure libvirt so that the appliance uses bridge networking. "
4392
4481
"To do this we use vmbuilder template mechanism to modify the default one."
4393
4482
msgstr ""
4394
4483
4395
#: serverguide/C/virtualization.xml:679(para)
4484
#: serverguide/C/virtualization.xml:684(para)
4396
4485
msgid ""
4397
4486
"In our working directory we create the template hierarchy and copy the "
4398
4487
"default template:"
4399
4488
msgstr ""
4400
4489
4401
#: serverguide/C/virtualization.xml:684(command)
4490
#: serverguide/C/virtualization.xml:689(command)
4402
4491
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4403
4492
msgstr ""
4404
4493
4405
#: serverguide/C/virtualization.xml:685(command)
4494
#: serverguide/C/virtualization.xml:690(command)
4406
4495
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4407
4496
msgstr ""
4408
4497
4409
#: serverguide/C/virtualization.xml:688(para)
4498
#: serverguide/C/virtualization.xml:693(para)
4410
4499
msgid ""
4411
4500
"We can then edit "
4412
4501
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4413
4502
"change:"
4414
4503
msgstr ""
4415
4504
4416
#: serverguide/C/virtualization.xml:692(programlisting)
4505
#: serverguide/C/virtualization.xml:697(programlisting)
4417
4506
#, no-wrap
4418
4507
msgid ""
4419
4508
"\n"
4422
4511
" </interface>\n"
4423
4512
msgstr ""
4424
4513
4425
#: serverguide/C/virtualization.xml:698(para)
4514
#: serverguide/C/virtualization.xml:703(para)
4426
4515
msgid "To:"
4427
4516
msgstr ""
4428
4517
4429
#: serverguide/C/virtualization.xml:702(programlisting)
4518
#: serverguide/C/virtualization.xml:707(programlisting)
4430
4519
#, no-wrap
4431
4520
msgid ""
4432
4521
"\n"
4435
4524
" </interface>\n"
4436
4525
msgstr ""
4437
4526
4438
#: serverguide/C/virtualization.xml:712(title) serverguide/C/installation.xml:407(title)
4527
#: serverguide/C/virtualization.xml:717(title) serverguide/C/installation.xml:459(title)
4439
4528
msgid "Partitioning"
4440
4529
msgstr ""
4441
4530
4442
#: serverguide/C/virtualization.xml:714(para)
4531
#: serverguide/C/virtualization.xml:719(para)
4443
4532
msgid ""
4444
4533
"Partitioning of the virtual appliance will have to take into consideration "
4445
4534
"what you are planning to do with is. Because most appliances want to have a "
4447
4536
"make sense."
4448
4537
msgstr ""
4449
4538
4450
#: serverguide/C/virtualization.xml:719(para)
4539
#: serverguide/C/virtualization.xml:724(para)
4451
4540
msgid ""
4452
4541
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4453
4542
msgstr ""
4454
4543
4455
#: serverguide/C/virtualization.xml:723(programlisting)
4544
#: serverguide/C/virtualization.xml:728(programlisting)
4456
4545
#, no-wrap
4457
4546
msgid ""
4458
4547
"\n"
4459
4548
"--part PATH\n"
4460
" Allows to specify a partition table in partfile each line of partfile "
4461
"should specify\n"
4549
" Allows you to specify a partition table in a partition file, located at "
4550
"PATH. Each line of the partition file should specify\n"
4462
4551
" (root first):\n"
4463
4552
" mountpoint size\n"
4464
4553
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4472
4561
" /log 1500\n"
4473
4562
msgstr ""
4474
4563
4475
#: serverguide/C/virtualization.xml:738(para)
4564
#: serverguide/C/virtualization.xml:743(para)
4476
4565
msgid ""
4477
4566
"In our case we will define a text file name "
4478
4567
"<filename>vmbuilder.partition</filename> which will contain the following:"
4479
4568
msgstr ""
4480
4569
4481
#: serverguide/C/virtualization.xml:742(programlisting)
4570
#: serverguide/C/virtualization.xml:747(programlisting)
4482
4571
#, no-wrap
4483
4572
msgid ""
4484
4573
"\n"
4488
4577
"/var 20000\n"
4489
4578
msgstr ""
4490
4579
4491
#: serverguide/C/virtualization.xml:750(para)
4580
#: serverguide/C/virtualization.xml:755(para)
4492
4581
msgid ""
4493
4582
"Note that as we are using virtual disk images, the actual sizes that we put "
4494
4583
"here are maximum sizes for these volumes."
4495
4584
msgstr ""
4496
4585
4497
#: serverguide/C/virtualization.xml:755(para)
4586
#: serverguide/C/virtualization.xml:760(para)
4498
4587
msgid "Our command line now looks like:"
4499
4588
msgstr ""
4500
4589
4501
#: serverguide/C/virtualization.xml:760(command)
4590
#: serverguide/C/virtualization.xml:765(command)
4502
4591
msgid ""
4503
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 \\ -o "
4504
"--libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4592
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4593
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4505
4594
msgstr ""
4506
4595
4507
#: serverguide/C/virtualization.xml:765(para)
4596
#: serverguide/C/virtualization.xml:770(para)
4508
4597
msgid ""
4509
4598
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4510
4599
"next line."
4511
4600
msgstr ""
4512
4601
4513
#: serverguide/C/virtualization.xml:772(title)
4602
#: serverguide/C/virtualization.xml:777(title)
4514
4603
msgid "User and Password"
4515
4604
msgstr ""
4516
4605
4517
#: serverguide/C/virtualization.xml:774(para)
4606
#: serverguide/C/virtualization.xml:779(para)
4518
4607
msgid ""
4519
4608
"Again setting up a virtual appliance, you will need to provide a default "
4520
4609
"user and password that is generic so that you can include it in your "
4525
4614
"as my user name, and <emphasis>'default'</emphasis> as the password."
4526
4615
msgstr ""
4527
4616
4528
#: serverguide/C/virtualization.xml:782(para)
4617
#: serverguide/C/virtualization.xml:787(para)
4529
4618
msgid "To do this we use the following optional parameters:"
4530
4619
msgstr ""
4531
4620
4532
#: serverguide/C/virtualization.xml:788(para)
4621
#: serverguide/C/virtualization.xml:793(para)
4533
4622
msgid ""
4534
4623
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4535
4624
"Default: ubuntu."
4536
4625
msgstr ""
4537
4626
4538
#: serverguide/C/virtualization.xml:793(para)
4627
#: serverguide/C/virtualization.xml:798(para)
4539
4628
msgid ""
4540
4629
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4541
4630
"added. Default: Ubuntu."
4542
4631
msgstr ""
4543
4632
4544
#: serverguide/C/virtualization.xml:798(para)
4633
#: serverguide/C/virtualization.xml:803(para)
4545
4634
msgid ""
4546
4635
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4547
4636
"Default: ubuntu."
4548
4637
msgstr ""
4549
4638
4550
#: serverguide/C/virtualization.xml:804(para)
4639
#: serverguide/C/virtualization.xml:809(para)
4551
4640
msgid "Our resulting command line becomes:"
4552
4641
msgstr ""
4553
4642
4554
#: serverguide/C/virtualization.xml:809(command)
4643
#: serverguide/C/virtualization.xml:814(command)
4555
4644
msgid ""
4556
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
4557
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4558
"-user user --name user --pass default"
4645
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o -"
4646
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --"
4647
"user user --name user --pass default"
4559
4648
msgstr ""
4560
4649
4561
#: serverguide/C/virtualization.xml:817(title)
4650
#: serverguide/C/virtualization.xml:822(title)
4562
4651
msgid "Installing Required Packages"
4563
4652
msgstr ""
4564
4653
4565
#: serverguide/C/virtualization.xml:819(para)
4654
#: serverguide/C/virtualization.xml:824(para)
4566
4655
msgid ""
4567
4656
"In this example we will be installing a package "
4568
4657
"<application>(Limesurvey)</application> that accesses a "
4570
4659
"therefore require our OS to provide us with:"
4571
4660
msgstr ""
4572
4661
4573
#: serverguide/C/virtualization.xml:826(para)
4662
#: serverguide/C/virtualization.xml:831(para)
4574
4663
msgid "Apache"
4575
4664
msgstr ""
4576
4665
4577
#: serverguide/C/virtualization.xml:827(para)
4666
#: serverguide/C/virtualization.xml:832(para)
4578
4667
msgid "PHP"
4579
4668
msgstr ""
4580
4669
4581
#: serverguide/C/virtualization.xml:828(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4670
#: serverguide/C/virtualization.xml:833(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4582
4671
msgid "MySQL"
4583
4672
msgstr ""
4584
4673
4585
#: serverguide/C/virtualization.xml:829(para) serverguide/C/remote-administration.xml:20(title)
4674
#: serverguide/C/virtualization.xml:834(para) serverguide/C/remote-administration.xml:20(title)
4586
4675
msgid "OpenSSH Server"
4587
4676
msgstr ""
4588
4677
4589
#: serverguide/C/virtualization.xml:830(para)
4678
#: serverguide/C/virtualization.xml:835(para)
4590
4679
msgid "Limesurvey (as an example application that we have packaged)"
4591
4680
msgstr ""
4592
4681
4593
#: serverguide/C/virtualization.xml:833(para)
4682
#: serverguide/C/virtualization.xml:838(para)
4594
4683
msgid ""
4595
"This is done using vmbuilder by specifying the --addpkg command multiple "
4684
"This is done using vmbuilder by specifying the --addpkg option multiple "
4596
4685
"times:"
4597
4686
msgstr ""
4598
4687
4599
#: serverguide/C/virtualization.xml:837(programlisting)
4688
#: serverguide/C/virtualization.xml:842(programlisting)
4600
4689
#, no-wrap
4601
4690
msgid ""
4602
4691
"\n"
4604
4693
" Install PKG into the guest (can be specfied multiple times)\n"
4605
4694
msgstr ""
4606
4695
4607
#: serverguide/C/virtualization.xml:842(para)
4696
#: serverguide/C/virtualization.xml:847(para)
4608
4697
msgid ""
4609
4698
"However, due to the way vmbuilder operates, packages that have to ask "
4610
4699
"questions to the user during the post install phase are not supported and "
4612
4701
"of Limesurvey, which we will have to install later, once the user logs in."
4613
4702
msgstr ""
4614
4703
4615
#: serverguide/C/virtualization.xml:848(para)
4704
#: serverguide/C/virtualization.xml:853(para)
4616
4705
msgid ""
4617
4706
"Other packages that ask simple debconf question, such as <application>mysql-"
4618
4707
"server</application> asking to set a password, the package can be installed "
4620
4709
"in."
4621
4710
msgstr ""
4622
4711
4623
#: serverguide/C/virtualization.xml:854(para)
4712
#: serverguide/C/virtualization.xml:859(para)
4624
4713
msgid ""
4625
4714
"If some packages that we need to install are not in main, we need to enable "
4626
4715
"the additional repositories using --comp and --ppa:"
4627
4716
msgstr ""
4628
4717
4629
#: serverguide/C/virtualization.xml:858(programlisting)
4718
#: serverguide/C/virtualization.xml:863(programlisting)
4630
4719
#, no-wrap
4631
4720
msgid ""
4632
4721
"\n"
4637
4726
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4638
4727
msgstr ""
4639
4728
4640
#: serverguide/C/virtualization.xml:865(para)
4729
#: serverguide/C/virtualization.xml:870(para)
4641
4730
msgid ""
4642
4731
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4643
4732
"PPA (personal package archive) address so that it is added to the VM "
4645
4734
"to the command line:"
4646
4735
msgstr ""
4647
4736
4648
#: serverguide/C/virtualization.xml:871(command)
4737
#: serverguide/C/virtualization.xml:876(command)
4649
4738
msgid ""
4650
4739
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4651
4740
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4654
4743
"server --ppa nijaba"
4655
4744
msgstr ""
4656
4745
4657
#: serverguide/C/virtualization.xml:878(title)
4746
#: serverguide/C/virtualization.xml:883(title)
4658
4747
msgid "OpenSSH"
4659
4748
msgstr ""
4660
4749
4661
#: serverguide/C/virtualization.xml:880(para)
4750
#: serverguide/C/virtualization.xml:885(para)
4662
4751
msgid ""
4663
4752
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4664
4753
"it will allow our admins to access the appliance remotely. However, pushing "
4672
4761
"interaction."
4673
4762
msgstr ""
4674
4763
4675
#: serverguide/C/virtualization.xml:892(title)
4764
#: serverguide/C/virtualization.xml:897(title)
4676
4765
msgid "Speed Considerations"
4677
4766
msgstr ""
4678
4767
4679
#: serverguide/C/virtualization.xml:895(title)
4768
#: serverguide/C/virtualization.xml:900(title)
4680
4769
msgid "Package Caching"
4681
4770
msgstr ""
4682
4771
4683
#: serverguide/C/virtualization.xml:897(para)
4772
#: serverguide/C/virtualization.xml:902(para)
4684
4773
msgid ""
4685
4774
"When vmbuilder creates builds your system, it has to go fetch each one of "
4686
4775
"the packages that composes it over the network to one of the official "
4688
4777
"load of the mirror, can have a big impact on the actual build time. In order "
4689
4778
"to reduce this, it is recommended to either have a local repository (which "
4690
4779
"can be created using <application>apt-mirror</application>) or using a "
4691
"caching proxy such as <application>apt-cache</application>. The later option "
4780
"caching proxy such as <application>apt-proxy</application>. The later option "
4692
4781
"being much simpler to implement and requiring less disk space, it is the one "
4693
4782
"we will pick in this tutorial. To install it, simply type:"
4694
4783
msgstr ""
4695
4784
4696
#: serverguide/C/virtualization.xml:907(command)
4785
#: serverguide/C/virtualization.xml:912(command)
4697
4786
msgid "sudo apt-get install apt-proxy"
4698
4787
msgstr ""
4699
4788
4700
#: serverguide/C/virtualization.xml:910(para)
4789
#: serverguide/C/virtualization.xml:915(para)
4701
4790
msgid ""
4702
4791
"Once this is complete, your (empty) proxy is ready for use on "
4703
4792
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4705
4794
"option:"
4706
4795
msgstr ""
4707
4796
4708
#: serverguide/C/virtualization.xml:915(programlisting)
4797
#: serverguide/C/virtualization.xml:920(programlisting)
4709
4798
#, no-wrap
4710
4799
msgid ""
4711
4800
"\n"
4715
4804
" otherwise\n"
4716
4805
msgstr ""
4717
4806
4718
#: serverguide/C/virtualization.xml:922(para)
4807
#: serverguide/C/virtualization.xml:927(para)
4719
4808
msgid "So we add to the command line:"
4720
4809
msgstr ""
4721
4810
4722
#: serverguide/C/virtualization.xml:927(command)
4811
#: serverguide/C/virtualization.xml:932(command)
4723
4812
msgid "--mirror http://mirroraddress:9999/ubuntu"
4724
4813
msgstr ""
4725
4814
4726
#: serverguide/C/virtualization.xml:931(para)
4815
#: serverguide/C/virtualization.xml:936(para)
4727
4816
msgid ""
4728
4817
"The mirror address specified here will also be used in the "
4729
"<filename>/etc/apt/source.list</filename> of the newly created guest, so it "
4730
"is usefull to specify here an address that can be resolved by the guest or "
4731
"to plan on reseting this address later on, such as in a <emphasis>--"
4818
"<filename>/etc/apt/sources.list</filename> of the newly created guest, so it "
4819
"is useful to specify here an address that can be resolved by the guest or to "
4820
"plan on reseting this address later on, such as in a <emphasis>--"
4732
4821
"firstboot</emphasis> script."
4733
4822
msgstr ""
4734
4823
4735
#: serverguide/C/virtualization.xml:940(title)
4824
#: serverguide/C/virtualization.xml:945(title)
4736
4825
msgid "Install a Local Mirror"
4737
4826
msgstr ""
4738
4827
4739
#: serverguide/C/virtualization.xml:942(para)
4828
#: serverguide/C/virtualization.xml:947(para)
4740
4829
msgid ""
4741
4830
"If we are in a larger environment, it may make sense to setup a local mirror "
4742
4831
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4744
4833
"about 20 gigabyte of free space per supported release and architecture."
4745
4834
msgstr ""
4746
4835
4747
#: serverguide/C/virtualization.xml:948(para)
4836
#: serverguide/C/virtualization.xml:953(para)
4748
4837
msgid ""
4749
4838
"By default, <application>apt-mirror</application> uses the configuration "
4750
4839
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4755
4844
"archives as well, you will have:"
4756
4845
msgstr ""
4757
4846
4758
#: serverguide/C/virtualization.xml:955(programlisting)
4847
#: serverguide/C/virtualization.xml:960(programlisting)
4759
4848
#, no-wrap
4760
4849
msgid ""
4761
4850
"\n"
4762
"deb http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4851
"deb http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4763
4852
"multiverse \n"
4764
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4853
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe "
4765
4854
"multiverse\n"
4766
4855
"\n"
4767
"deb http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4768
"universe multiverse \n"
4769
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4770
"universe multiverse \n"
4771
"\n"
4772
"deb http://archive.ubuntu.com/ubuntu/ karmic-backports main restricted "
4773
"universe multiverse \n"
4774
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-backports main restricted "
4775
"universe multiverse \n"
4776
"\n"
4777
"deb http://security.ubuntu.com/ubuntu karmic-security main restricted "
4778
"universe multiverse \n"
4779
"/deb-i386 http://security.ubuntu.com/ubuntu karmic-security main restricted "
4780
"universe multiverse \n"
4781
"\n"
4782
"deb http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4856
"deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe "
4857
"multiverse \n"
4858
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted "
4859
"universe multiverse \n"
4860
"\n"
4861
"deb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted "
4862
"universe multiverse \n"
4863
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted "
4864
"universe multiverse \n"
4865
"\n"
4866
"deb http://security.ubuntu.com/ubuntu lucid-security main restricted "
4867
"universe multiverse \n"
4868
"/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted "
4869
"universe multiverse \n"
4870
"\n"
4871
"deb http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4783
4872
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4784
4873
"installer \n"
4785
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4874
"/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer "
4786
4875
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4787
4876
"installer \n"
4788
4877
msgstr ""
4789
4878
4790
#: serverguide/C/virtualization.xml:972(para)
4879
#: serverguide/C/virtualization.xml:977(para)
4791
4880
msgid ""
4792
4881
"Notice that the source packages are not mirrored as they are seldom used "
4793
4882
"compared to the binaries and they do take a lot more space, but they can be "
4794
4883
"easily added to the list."
4795
4884
msgstr ""
4796
4885
4797
#: serverguide/C/virtualization.xml:977(para)
4886
#: serverguide/C/virtualization.xml:982(para)
4798
4887
msgid ""
4799
4888
"Once the mirror has finished replicating (and this can be quite long), you "
4800
4889
"need to configure Apache so that your mirror files (in "
4803
4892
"Apache see <xref linkend=\"httpd\"/>."
4804
4893
msgstr ""
4805
4894
4806
#: serverguide/C/virtualization.xml:986(title)
4895
#: serverguide/C/virtualization.xml:991(title)
4807
4896
msgid "Installing in a RAM Disk"
4808
4897
msgstr ""
4809
4898
4810
#: serverguide/C/virtualization.xml:988(para)
4899
#: serverguide/C/virtualization.xml:993(para)
4811
4900
msgid ""
4812
4901
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4813
4902
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4815
4904
"-tmpfs</emphasis> will help you do just that:"
4816
4905
msgstr ""
4817
4906
4818
#: serverguide/C/virtualization.xml:994(programlisting)
4907
#: serverguide/C/virtualization.xml:999(programlisting)
4819
4908
#, no-wrap
4820
4909
msgid ""
4821
4910
"\n"
4823
4912
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4824
4913
msgstr ""
4825
4914
4826
#: serverguide/C/virtualization.xml:999(para)
4915
#: serverguide/C/virtualization.xml:1004(para)
4827
4916
msgid ""
4828
4917
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4829
4918
"have 1G of free ram."
4830
4919
msgstr ""
4831
4920
4832
#: serverguide/C/virtualization.xml:1006(title)
4921
#: serverguide/C/virtualization.xml:1011(title)
4833
4922
msgid "Package the Application"
4834
4923
msgstr ""
4835
4924
4836
#: serverguide/C/virtualization.xml:1008(para)
4925
#: serverguide/C/virtualization.xml:1013(para)
4837
4926
msgid "Two option are available to us:"
4838
4927
msgstr ""
4839
4928
4840
#: serverguide/C/virtualization.xml:1014(para)
4929
#: serverguide/C/virtualization.xml:1019(para)
4841
4930
msgid ""
4842
4931
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4843
4932
"package. Since this is outside of the scope of this tutorial, we will not "
4850
4939
"a tutorial on this."
4851
4940
msgstr ""
4852
4941
4853
#: serverguide/C/virtualization.xml:1023(para)
4942
#: serverguide/C/virtualization.xml:1028(para)
4854
4943
msgid ""
4855
4944
"Manually install the application under <filename>/opt</filename> as "
4856
4945
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4857
4946
"guidelines</ulink>."
4858
4947
msgstr ""
4859
4948
4860
#: serverguide/C/virtualization.xml:1030(para)
4949
#: serverguide/C/virtualization.xml:1035(para)
4861
4950
msgid ""
4862
4951
"In our case we'll use <application>Limesurvey</application> as example web "
4863
4952
"application for which we wish to provide a virtual appliance. As noted "
4865
4954
"Package Archive)."
4866
4955
msgstr ""
4867
4956
4868
#: serverguide/C/virtualization.xml:1037(title)
4957
#: serverguide/C/virtualization.xml:1042(title)
4869
4958
msgid "Finishing Install"
4870
4959
msgstr ""
4871
4960
4872
#: serverguide/C/virtualization.xml:1040(title)
4961
#: serverguide/C/virtualization.xml:1045(title)
4873
4962
msgid "First Boot"
4874
4963
msgstr ""
4875
4964
4876
#: serverguide/C/virtualization.xml:1042(para)
4965
#: serverguide/C/virtualization.xml:1047(para)
4877
4966
msgid ""
4878
4967
"As we mentioned earlier, the first time the machine boots we'll need to "
4879
4968
"install <application>openssh-server</application> so that the key generated "
4881
4970
"<filename>boot.sh</filename> as follows:"
4882
4971
msgstr ""
4883
4972
4884
#: serverguide/C/virtualization.xml:1048(programlisting)
4973
#: serverguide/C/virtualization.xml:1053(programlisting)
4885
4974
#, no-wrap
4886
4975
msgid ""
4887
4976
"\n"
4892
4981
"apt-get install -qqy --force-yes openssh-server\n"
4893
4982
msgstr ""
4894
4983
4895
#: serverguide/C/virtualization.xml:1056(para)
4984
#: serverguide/C/virtualization.xml:1061(para)
4896
4985
msgid ""
4897
4986
"And we add the <command>--firstboot boot.sh</command> option to our command "
4898
4987
"line."
4899
4988
msgstr ""
4900
4989
4901
#: serverguide/C/virtualization.xml:1062(title)
4990
#: serverguide/C/virtualization.xml:1067(title)
4902
4991
msgid "First Login"
4903
4992
msgstr ""
4904
4993
4905
#: serverguide/C/virtualization.xml:1064(para)
4994
#: serverguide/C/virtualization.xml:1069(para)
4906
4995
msgid ""
4907
4996
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4908
4997
"set them up the first time a user logs in using a script named login.sh. "
4909
4998
"We'll also use this script to let the user specify:"
4910
4999
msgstr ""
4911
5000
4912
#: serverguide/C/virtualization.xml:1070(para)
5001
#: serverguide/C/virtualization.xml:1075(para)
4913
5002
msgid "His own password"
4914
5003
msgstr ""
4915
5004
4916
#: serverguide/C/virtualization.xml:1071(para)
5005
#: serverguide/C/virtualization.xml:1076(para)
4917
5006
msgid "Define the keyboard and other locale info he wants to use"
4918
5007
msgstr ""
4919
5008
4920
#: serverguide/C/virtualization.xml:1074(para)
5009
#: serverguide/C/virtualization.xml:1079(para)
4921
5010
msgid "So we'll define <filename>login.sh</filename> as follows:"
4922
5011
msgstr ""
4923
5012
4924
#: serverguide/C/virtualization.xml:1078(programlisting)
5013
#: serverguide/C/virtualization.xml:1083(programlisting)
4925
5014
#, no-wrap
4926
5015
msgid ""
4927
5016
"\n"
4946
5035
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4947
5036
msgstr ""
4948
5037
4949
#: serverguide/C/virtualization.xml:1100(para)
5038
#: serverguide/C/virtualization.xml:1105(para)
4950
5039
msgid ""
4951
5040
"And we add the <command>--firstlogin login.sh</command> option to our "
4952
5041
"command line."
4953
5042
msgstr ""
4954
5043
4955
#: serverguide/C/virtualization.xml:1107(title)
5044
#: serverguide/C/virtualization.xml:1112(title)
4956
5045
msgid "Useful Additions"
4957
5046
msgstr ""
4958
5047
4959
#: serverguide/C/virtualization.xml:1110(title)
5048
#: serverguide/C/virtualization.xml:1115(title)
4960
5049
msgid "Configuring Automatic Updates"
4961
5050
msgstr ""
4962
5051
4963
#: serverguide/C/virtualization.xml:1112(para)
5052
#: serverguide/C/virtualization.xml:1117(para)
4964
5053
msgid ""
4965
5054
"To have your system be configured to update itself on a regular basis, we "
4966
5055
"will just install <application>unattended-upgrades</application>, so we add "
4967
5056
"the following option to our command line:"
4968
5057
msgstr ""
4969
5058
4970
#: serverguide/C/virtualization.xml:1118(command)
5059
#: serverguide/C/virtualization.xml:1123(command)
4971
5060
msgid "--addpkg unattended-upgrades"
4972
5061
msgstr ""
4973
5062
4974
#: serverguide/C/virtualization.xml:1121(para)
5063
#: serverguide/C/virtualization.xml:1126(para)
4975
5064
msgid ""
4976
5065
"As we have put our application package in a PPA, the process will update not "
4977
5066
"only the system, but also the application each time we update the version in "
4978
5067
"the PPA."
4979
5068
msgstr ""
4980
5069
4981
#: serverguide/C/virtualization.xml:1128(title)
5070
#: serverguide/C/virtualization.xml:1133(title)
4982
5071
msgid "ACPI Event Handling"
4983
5072
msgstr ""
4984
5073
4985
#: serverguide/C/virtualization.xml:1130(para)
5074
#: serverguide/C/virtualization.xml:1135(para)
4986
5075
msgid ""
4987
5076
"For your virtual machine to be able to handle restart and shutdown events it "
4988
5077
"is being sent, it is a good idea to install the acpid package as well. To do "
4989
5078
"this we just add the following option:"
4990
5079
msgstr ""
4991
5080
4992
#: serverguide/C/virtualization.xml:1136(command)
5081
#: serverguide/C/virtualization.xml:1141(command)
4993
5082
msgid "--addpkg acpid"
4994
5083
msgstr ""
4995
5084
4996
#: serverguide/C/virtualization.xml:1142(title)
5085
#: serverguide/C/virtualization.xml:1147(title)
4997
5086
msgid "Final Command"
4998
5087
msgstr ""
4999
5088
5000
#: serverguide/C/virtualization.xml:1144(para)
5089
#: serverguide/C/virtualization.xml:1149(para)
5001
5090
msgid "Here is the command with all the options discussed above:"
5002
5091
msgstr ""
5003
5092
5004
#: serverguide/C/virtualization.xml:1149(command)
5093
#: serverguide/C/virtualization.xml:1154(command)
5005
5094
msgid ""
5006
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
5007
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
5008
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
5009
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5095
"sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o \\ -"
5096
"-libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user "
5097
"user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-"
5098
"prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
5010
5099
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
5011
5100
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
5012
5101
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
5015
5104
"firstlogin login.sh es"
5016
5105
msgstr ""
5017
5106
5018
#: serverguide/C/virtualization.xml:1164(para)
5107
#: serverguide/C/virtualization.xml:1169(para)
5019
5108
msgid ""
5020
5109
"If you are interested in learning more, have questions or suggestions, "
5021
5110
"please contact the Ubuntu Server Team at:"
5022
5111
msgstr ""
5023
5112
5024
#: serverguide/C/virtualization.xml:1169(para)
5113
#: serverguide/C/virtualization.xml:1174(para)
5025
5114
msgid "IRC: #ubuntu-server on freenode"
5026
5115
msgstr ""
5027
5116
5028
#: serverguide/C/virtualization.xml:1174(para)
5117
#: serverguide/C/virtualization.xml:1179(para)
5029
5118
msgid ""
5030
5119
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5031
5120
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5032
5121
msgstr ""
5033
5122
5034
#: serverguide/C/virtualization.xml:1182(title)
5035
msgid "Eucalyptus"
5036
msgstr ""
5037
5038
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5123
#: serverguide/C/virtualization.xml:1184(para)
5124
msgid ""
5125
"Also, see the <ulink "
5126
"url=\"https://help.ubuntu.com/community/JeOSVMBuilder\">JeOSVMBuilder Ubuntu "
5127
"Wiki</ulink> page."
5128
msgstr ""
5129
5130
#: serverguide/C/virtualization.xml:1192(title)
5131
msgid "UEC"
5132
msgstr ""
5133
5134
#: serverguide/C/virtualization.xml:1195(title) serverguide/C/network-auth.xml:2026(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:928(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5039
5135
msgid "Overview"
5040
5136
msgstr ""
5041
5137
5042
#: serverguide/C/virtualization.xml:1187(para)
5043
msgid ""
5044
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5045
"for implementing \"cloud computing\" on your own clusters. "
5046
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5047
"computing environment in order to maximize computing resources and provide a "
5048
"cloud computing environment to your users."
5049
msgstr ""
5050
5051
#: serverguide/C/virtualization.xml:1193(para)
5052
msgid ""
5053
"This section will cover setting up a Cloud Computing environment using "
5054
"<application>Eucalyptus</application> with <application>KVM</application>. "
5055
"For more information on KVM see <xref linkend=\"libvirt\"/>."
5056
msgstr ""
5057
5058
#: serverguide/C/virtualization.xml:1198(para)
5059
msgid ""
5060
"The Cloud Computing environment will consist of three components, typically "
5061
"installed on at least two separate machines (termed the 'front-end' and "
5062
"'node(s)' for the rest of this document):"
5063
msgstr ""
5064
5065
#: serverguide/C/virtualization.xml:1205(para)
5066
msgid ""
5067
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5068
"Web configuration interface, and a Cluster Controller, which determines "
5069
"where virtual machines (VMs) will be housed and manages cluster level VM "
5070
"networking."
5071
msgstr ""
5072
5073
#: serverguide/C/virtualization.xml:1211(para)
5074
msgid ""
5075
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5076
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5077
"a host for VMs."
5138
#: serverguide/C/virtualization.xml:1197(para)
5139
msgid ""
5140
"This tutorial covers <application>UEC</application> installation from the "
5141
"Ubuntu 10.04 LTS Server Edition CD, and assumes a basic network topology, "
5142
"with a single system serving as the <emphasis>\"all-in-one "
5143
"controller\"</emphasis>, and one or more nodes attached."
5144
msgstr ""
5145
5146
#: serverguide/C/virtualization.xml:1202(para)
5147
msgid ""
5148
"From this Tutorial you will learn how to install, configure, register and "
5149
"perform several operations on a basic <application>UEC</application> setup "
5150
"that results in a cloud with a one controller <emphasis>\"front-"
5151
"end\"</emphasis> and one or several node(s) for running Virtual Machine (VM) "
5152
"instances. You will also use examples to help get you started using your own "
5153
"private compute cloud."
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:1210(title)
5157
msgid "Prerequisites"
5158
msgstr ""
5159
5160
#: serverguide/C/virtualization.xml:1212(para)
5161
msgid ""
5162
"To deploy a minimal cloud infrastructure, you’ll need at least "
5163
"<emphasis>two</emphasis> dedicated systems:"
5078
5164
msgstr ""
5079
5165
5080
5166
#: serverguide/C/virtualization.xml:1218(para)
5081
msgid ""
5082
"The simple <emphasis>System</emphasis> networking option will be used by "
5083
"default. This network method allows virtual machine instances, to obtain IP "
5084
"addresses from the local LAN, assuming that a DHCP server is properly "
5085
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5086
"Each node will be configured for bridge networking. For more details see "
5087
"<xref linkend=\"bridging\"/>."
5088
msgstr ""
5089
5090
#: serverguide/C/virtualization.xml:1228(para)
5091
msgid ""
5092
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5093
"packages. In a terminal prompt on the Front-End enter:"
5094
msgstr ""
5095
5096
#: serverguide/C/virtualization.xml:1233(command)
5097
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
5167
msgid "A front end."
5168
msgstr ""
5169
5170
#: serverguide/C/virtualization.xml:1223(para)
5171
msgid "One or more node(s)."
5172
msgstr ""
5173
5174
#: serverguide/C/virtualization.xml:1229(para)
5175
msgid ""
5176
"The following are recommendations, rather than fixed requirements. However, "
5177
"our experience in developing this documentation indicated the following "
5178
"suggestions."
5179
msgstr ""
5180
5181
#: serverguide/C/virtualization.xml:1234(title)
5182
msgid "Front End Requirements"
5098
5183
msgstr ""
5099
5184
5100
5185
#: serverguide/C/virtualization.xml:1236(para)
5101
msgid ""
5102
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5103
"controller package. In a terminal prompt on each Compute Node enter:"
5104
msgstr ""
5105
5106
#: serverguide/C/virtualization.xml:1241(command)
5107
msgid "sudo apt-get install eucalyptus-nc"
5186
msgid "Use the following table for a system that will run one or more of:"
5187
msgstr ""
5188
5189
#: serverguide/C/virtualization.xml:1241(para)
5190
msgid "Cloud Controller (CLC)"
5191
msgstr ""
5192
5193
#: serverguide/C/virtualization.xml:1242(para)
5194
msgid "Cluster Controller (CC)"
5195
msgstr ""
5196
5197
#: serverguide/C/virtualization.xml:1243(para)
5198
msgid "Walrus (the S3-like storage service)"
5108
5199
msgstr ""
5109
5200
5110
5201
#: serverguide/C/virtualization.xml:1244(para)
5111
msgid ""
5112
"Once the installation is complete, and it may take a while, in a browser go "
5113
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5114
"administration interface using the default username and password of "
5115
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5116
"password, configure an email address for the admin user, and set the storage "
5117
"URL."
5118
msgstr ""
5119
5120
#: serverguide/C/virtualization.xml:1250(para)
5121
msgid ""
5122
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5123
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5124
"configuration, the cluster controller is on the same system as the cloud "
5125
"controller, so entering 'localhost' as the cluster hostname is correct). "
5126
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5127
"button."
5128
msgstr ""
5129
5130
#: serverguide/C/virtualization.xml:1256(para)
5131
msgid ""
5132
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5133
"cluster:"
5134
msgstr ""
5135
5136
#: serverguide/C/virtualization.xml:1261(command)
5137
msgid "sudo euca_conf -addnode hostname_of_node"
5138
msgstr ""
5139
5140
#: serverguide/C/virtualization.xml:1264(para)
5141
msgid ""
5142
"You will then be prompted to log into your Node, install the "
5143
"<application>eucalyptus-nc</application> package, and add the "
5144
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5145
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5146
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5147
"synchronizing the eucalyptus component keys and node registration is "
5148
"complete."
5149
msgstr ""
5150
5151
#: serverguide/C/virtualization.xml:1270(para)
5152
msgid ""
5153
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5154
"configuration file will need editing to use your node's bridge interface "
5155
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5156
msgstr ""
5157
5158
#: serverguide/C/virtualization.xml:1275(programlisting)
5159
#, no-wrap
5160
msgid ""
5161
"\n"
5162
"VNET_INTERFACE=\"br0\"\n"
5163
"...\n"
5164
"VNET_BRIDGE=\"br0\"\n"
5165
msgstr ""
5166
5167
#: serverguide/C/virtualization.xml:1281(para)
5168
msgid "Finally, restart <application>eucalyptus-nc</application>:"
5169
msgstr ""
5170
5171
#: serverguide/C/virtualization.xml:1286(command)
5172
msgid "sudo /etc/init.d/eucalyptus-nc restart"
5173
msgstr ""
5174
5175
#: serverguide/C/virtualization.xml:1291(para)
5176
msgid ""
5177
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5178
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5179
"hostnames."
5180
msgstr ""
5181
5182
#: serverguide/C/virtualization.xml:1297(para)
5183
msgid ""
5184
"<application>Eucalyptus</application> is now ready to host images on the "
5185
"cloud."
5186
msgstr ""
5187
5188
#: serverguide/C/virtualization.xml:1307(para)
5189
msgid ""
5190
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5191
"website</ulink> for more information."
5192
msgstr ""
5193
5194
#: serverguide/C/virtualization.xml:1312(para)
5202
msgid "Storage Controller (SC)"
5203
msgstr ""
5204
5205
#: serverguide/C/virtualization.xml:1248(title)
5206
msgid "UEC Front End Requirements"
5207
msgstr ""
5208
5209
#: serverguide/C/virtualization.xml:1256(para) serverguide/C/virtualization.xml:1318(para)
5210
msgid "Hardware"
5211
msgstr ""
5212
5213
#: serverguide/C/virtualization.xml:1257(para) serverguide/C/virtualization.xml:1319(para)
5214
msgid "Minimum"
5215
msgstr ""
5216
5217
#: serverguide/C/virtualization.xml:1258(para) serverguide/C/virtualization.xml:1320(para)
5218
msgid "Suggested"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:1259(para) serverguide/C/virtualization.xml:1321(para)
5222
msgid "Notes"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:1264(para) serverguide/C/virtualization.xml:1326(para)
5226
msgid "CPU"
5227
msgstr ""
5228
5229
#: serverguide/C/virtualization.xml:1265(para)
5230
msgid "1 GHz"
5231
msgstr ""
5232
5233
#: serverguide/C/virtualization.xml:1266(para)
5234
msgid "2 x 2 GHz"
5235
msgstr ""
5236
5237
#: serverguide/C/virtualization.xml:1267(para)
5238
msgid ""
5239
"For an <emphasis>all-in-one</emphasis> front end, it helps to have at least "
5240
"a dual core processor."
5241
msgstr ""
5242
5243
#: serverguide/C/virtualization.xml:1270(para) serverguide/C/virtualization.xml:1332(para)
5244
msgid "Memory"
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:1271(para)
5248
msgid "512 MB"
5249
msgstr ""
5250
5251
#: serverguide/C/virtualization.xml:1272(para)
5252
msgid "2 GB"
5253
msgstr ""
5254
5255
#: serverguide/C/virtualization.xml:1273(para)
5256
msgid "The Java web front end benefits from lots of available memory."
5257
msgstr ""
5258
5259
#: serverguide/C/virtualization.xml:1276(para) serverguide/C/virtualization.xml:1338(para)
5260
msgid "Disk"
5261
msgstr ""
5262
5263
#: serverguide/C/virtualization.xml:1277(para) serverguide/C/virtualization.xml:1339(para)
5264
msgid "5400 RPM IDE"
5265
msgstr ""
5266
5267
#: serverguide/C/virtualization.xml:1278(para)
5268
msgid "7200 RPM SATA"
5269
msgstr ""
5270
5271
#: serverguide/C/virtualization.xml:1279(para)
5272
msgid ""
5273
"Slower disks will work, but will yield much longer instance startup times."
5274
msgstr ""
5275
5276
#: serverguide/C/virtualization.xml:1282(para) serverguide/C/virtualization.xml:1344(para)
5277
msgid "Disk Space"
5278
msgstr ""
5279
5280
#: serverguide/C/virtualization.xml:1283(para) serverguide/C/virtualization.xml:1345(para)
5281
msgid "40 GB"
5282
msgstr ""
5283
5284
#: serverguide/C/virtualization.xml:1284(para)
5285
msgid "200 GB"
5286
msgstr ""
5287
5288
#: serverguide/C/virtualization.xml:1285(para)
5289
msgid ""
5290
"40GB is only enough space for only a single image, cache, etc., Eucalyptus "
5291
"does not like to run out of disk space."
5292
msgstr ""
5293
5294
#: serverguide/C/virtualization.xml:1288(para) serverguide/C/virtualization.xml:1350(para) serverguide/C/network-config.xml:13(title)
5295
msgid "Networking"
5296
msgstr ""
5297
5298
#: serverguide/C/virtualization.xml:1289(para) serverguide/C/virtualization.xml:1351(para)
5299
msgid "100 Mbps"
5300
msgstr ""
5301
5302
#: serverguide/C/virtualization.xml:1290(para) serverguide/C/virtualization.xml:1352(para)
5303
msgid "1000 Mbps"
5304
msgstr ""
5305
5306
#: serverguide/C/virtualization.xml:1291(para) serverguide/C/virtualization.xml:1353(para)
5307
msgid ""
5308
"Machine images are hundreds of MB, and need to be copied over the network to "
5309
"nodes."
5310
msgstr ""
5311
5312
#: serverguide/C/virtualization.xml:1299(title)
5313
msgid "Node Requirements"
5314
msgstr ""
5315
5316
#: serverguide/C/virtualization.xml:1301(para)
5317
msgid "The other system(s) are <emphasis>nodes</emphasis>, which will run::"
5318
msgstr ""
5319
5320
#: serverguide/C/virtualization.xml:1306(para)
5321
msgid "the Node Controller (NC)"
5322
msgstr ""
5323
5324
#: serverguide/C/virtualization.xml:1310(title)
5325
msgid "UEC Node Requirements"
5326
msgstr ""
5327
5328
#: serverguide/C/virtualization.xml:1327(para)
5329
msgid "VT Extensions"
5330
msgstr ""
5331
5332
#: serverguide/C/virtualization.xml:1328(para)
5333
msgid "VT, 64-bit, Multicore"
5334
msgstr ""
5335
5336
#: serverguide/C/virtualization.xml:1329(para)
5337
msgid ""
5338
"64-bit can run both i386, and amd64 instances; by default, Eucalyptus will "
5339
"only run 1 VM per CPU core on a Node."
5340
msgstr ""
5341
5342
#: serverguide/C/virtualization.xml:1333(para)
5343
msgid "1 GB"
5344
msgstr ""
5345
5346
#: serverguide/C/virtualization.xml:1334(para)
5347
msgid "4 GB"
5348
msgstr ""
5349
5350
#: serverguide/C/virtualization.xml:1335(para)
5351
msgid "Additional memory means more, and larger guests."
5352
msgstr ""
5353
5354
#: serverguide/C/virtualization.xml:1340(para)
5355
msgid "7200 RPM SATA or SCSI"
5356
msgstr ""
5357
5358
#: serverguide/C/virtualization.xml:1341(para)
5359
msgid ""
5360
"Eucalyptus nodes are disk-intensive; I/O wait will likely be the performance "
5361
"bottleneck."
5362
msgstr ""
5363
5364
#: serverguide/C/virtualization.xml:1346(para)
5365
msgid "100 GB"
5366
msgstr ""
5367
5368
#: serverguide/C/virtualization.xml:1347(para)
5369
msgid ""
5370
"Images will be cached locally, Eucalyptus does not like to run out of disk "
5371
"space."
5372
msgstr ""
5373
5374
#: serverguide/C/virtualization.xml:1363(title)
5375
msgid "Installing the Cloud/Cluster/Storage/Walrus Front End Server"
5376
msgstr ""
5377
5378
#: serverguide/C/virtualization.xml:1367(para)
5379
msgid "Download the Ubuntu 10.04 LTS Server ISO file, and burn it to a CD."
5380
msgstr ""
5381
5382
#: serverguide/C/virtualization.xml:1372(para) serverguide/C/virtualization.xml:1418(para)
5383
msgid ""
5384
"When you boot, select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5385
msgstr ""
5386
5387
#: serverguide/C/virtualization.xml:1377(para)
5388
msgid ""
5389
"When asked whether you want a <emphasis>“Cluster”</emphasis> or a "
5390
"<emphasis>“Node”</emphasis> install, select <emphasis>“Cluster”</emphasis>."
5391
msgstr ""
5392
5393
#: serverguide/C/virtualization.xml:1383(para)
5394
msgid ""
5395
"It will ask two other cloud-specific questions during the course of the "
5396
"install:"
5397
msgstr ""
5398
5399
#: serverguide/C/virtualization.xml:1388(para)
5400
msgid "Name of your cluster."
5401
msgstr ""
5402
5403
#: serverguide/C/virtualization.xml:1391(para)
5404
msgid "e.g. <emphasis>cluster1</emphasis>."
5405
msgstr ""
5406
5407
#: serverguide/C/virtualization.xml:1394(para)
5408
msgid ""
5409
"A range of public IP addresses on the LAN that the cloud can allocate to "
5410
"instances."
5411
msgstr ""
5412
5413
#: serverguide/C/virtualization.xml:1397(para)
5414
msgid "e.g. <emphasis>192.168.1.200-192.168.1.249</emphasis>."
5415
msgstr ""
5416
5417
#: serverguide/C/virtualization.xml:1405(title)
5418
msgid "Installing the Node Controller(s)"
5419
msgstr ""
5420
5421
#: serverguide/C/virtualization.xml:1407(para)
5422
msgid ""
5423
"The node controller install is even simpler. Just make sure that you are "
5424
"connected to the network on which the cloud/cluster controller is already "
5425
"running."
5426
msgstr ""
5427
5428
#: serverguide/C/virtualization.xml:1413(para)
5429
msgid "Boot from the same ISO on the node(s)."
5430
msgstr ""
5431
5432
#: serverguide/C/virtualization.xml:1423(para)
5433
msgid "Select <emphasis>“Install Ubuntu Enterprise Cloud”</emphasis>."
5434
msgstr ""
5435
5436
#: serverguide/C/virtualization.xml:1428(para)
5437
msgid ""
5438
"It should detect the Cluster and preselect <emphasis>“Node”</emphasis> "
5439
"install for you."
5440
msgstr ""
5441
5442
#: serverguide/C/virtualization.xml:1433(para)
5443
msgid "Confirm the partitioning scheme."
5444
msgstr ""
5445
5446
#: serverguide/C/virtualization.xml:1438(para)
5447
msgid ""
5448
"The rest of the installation should proceed uninterrupted; complete the "
5449
"installation and reboot the node."
5450
msgstr ""
5451
5452
#: serverguide/C/virtualization.xml:1446(title)
5453
msgid "Register the Node(s)"
5454
msgstr ""
5455
5456
#: serverguide/C/virtualization.xml:1448(para)
5457
msgid ""
5458
"Nodes are the physical systems within <application>UEC</application> that "
5459
"actually run the virtual machine instances of the cloud."
5460
msgstr ""
5461
5462
#: serverguide/C/virtualization.xml:1452(para)
5463
msgid ""
5464
"Once one or more Ubuntu Server node(s) are installed and running the "
5465
"<application>eucalyptus-nc</application> service, log onto the "
5466
"<emphasis>Cloud Controller (CLC)</emphasis> and run:"
5467
msgstr ""
5468
5469
#: serverguide/C/virtualization.xml:1458(command)
5470
msgid "sudo euca_conf --no-rsync --discover-nodes"
5471
msgstr ""
5472
5473
#: serverguide/C/virtualization.xml:1461(para)
5474
msgid ""
5475
"This will discover the systems on the network running the "
5476
"<application>eucalyptus-nc</application> service, and the administrator can "
5477
"confirm the registration of each node by its IP address."
5478
msgstr ""
5479
5480
#: serverguide/C/virtualization.xml:1467(para)
5481
msgid ""
5482
"If you get prompted for passwords, or receive errors from scp, you may need "
5483
"to revisit the key synchronization instructions at <ulink "
5484
"url=\"https://help.ubuntu.com/community/UEC/NodeInstallation\">UEC/NodeInstal"
5485
"lation</ulink>."
5486
msgstr ""
5487
5488
#: serverguide/C/virtualization.xml:1475(title)
5489
msgid "Obtain Credentials"
5490
msgstr ""
5491
5492
#: serverguide/C/virtualization.xml:1477(para)
5493
msgid ""
5494
"After installing and booting the <emphasis>Cloud Controller</emphasis>, "
5495
"users of the cloud will need to retrieve their credentials. This can be done "
5496
"either through a web browser, or at the command line."
5497
msgstr ""
5498
5499
#: serverguide/C/virtualization.xml:1483(title)
5500
msgid "From a Web Browser"
5501
msgstr ""
5502
5503
#: serverguide/C/virtualization.xml:1487(para)
5504
msgid ""
5505
"From your web browser (either remotely or on your Ubuntu server) access the "
5506
"following URL:"
5507
msgstr ""
5508
5509
#: serverguide/C/virtualization.xml:1490(programlisting) serverguide/C/virtualization.xml:1743(programlisting)
5510
#, no-wrap
5511
msgid ""
5512
"\n"
5513
"https://<cloud-controller-ip-address>:8443/\n"
5514
msgstr ""
5515
5516
#: serverguide/C/virtualization.xml:1495(para)
5517
msgid ""
5518
"You must use a secure connection, so make sure you use \"https\" not "
5519
"\"http\" in your URL. You will get a security certificate warning. You will "
5520
"have to add an exception to view the page. If you do not accept it you will "
5521
"not be able to view the Eucalyptus configuration page."
5522
msgstr ""
5523
5524
#: serverguide/C/virtualization.xml:1503(para)
5525
msgid ""
5526
"Use username <emphasis>'admin'</emphasis> and password "
5527
"<emphasis>'admin'</emphasis> for the first time login (you will be prompted "
5528
"to change your password)."
5529
msgstr ""
5530
5531
#: serverguide/C/virtualization.xml:1509(para)
5532
msgid ""
5533
"Then follow the on-screen instructions to update the admin password and "
5534
"email address."
5535
msgstr ""
5536
5537
#: serverguide/C/virtualization.xml:1514(para)
5538
msgid ""
5539
"Once the first time configuration process is completed, click the "
5540
"<emphasis>'credentials'</emphasis> tab located in the top-left portion of "
5541
"the screen."
5542
msgstr ""
5543
5544
#: serverguide/C/virtualization.xml:1520(para)
5545
msgid ""
5546
"Click the <emphasis>'Download Credentials'</emphasis> button to get your "
5547
"certificates."
5548
msgstr ""
5549
5550
#: serverguide/C/virtualization.xml:1525(para)
5551
msgid "Save them to <filename>~/.euca</filename>."
5552
msgstr ""
5553
5554
#: serverguide/C/virtualization.xml:1530(para)
5555
msgid ""
5556
"Unzip the downloaded zip file into a safe location "
5557
"(<filename>~/.euca</filename>)."
5558
msgstr ""
5559
5560
#: serverguide/C/virtualization.xml:1534(command)
5561
msgid "unzip -d ~/.euca mycreds.zip"
5562
msgstr ""
5563
5564
#: serverguide/C/virtualization.xml:1541(title)
5565
msgid "From a Command Line"
5566
msgstr ""
5567
5568
#: serverguide/C/virtualization.xml:1545(para)
5569
msgid ""
5570
"Alternatively, if you are on the command line of the <emphasis>Cloud "
5571
"Controller</emphasis>, you can run:"
5572
msgstr ""
5573
5574
#: serverguide/C/virtualization.xml:1549(command)
5575
msgid "mkdir -p ~/.euca"
5576
msgstr ""
5577
5578
#: serverguide/C/virtualization.xml:1550(command)
5579
msgid "chmod 700 ~/.euca"
5580
msgstr ""
5581
5582
#: serverguide/C/virtualization.xml:1551(command)
5583
msgid "cd ~/.euca"
5584
msgstr ""
5585
5586
#: serverguide/C/virtualization.xml:1552(command)
5587
msgid "sudo euca_conf --get-credentials mycreds.zip"
5588
msgstr ""
5589
5590
#: serverguide/C/virtualization.xml:1553(command)
5591
msgid "unzip mycreds.zip"
5592
msgstr ""
5593
5594
#: serverguide/C/virtualization.xml:1554(command)
5595
msgid "cd -"
5596
msgstr ""
5597
5598
#: serverguide/C/virtualization.xml:1561(title)
5599
msgid "Extracting and Using Your Credentials"
5600
msgstr ""
5601
5602
#: serverguide/C/virtualization.xml:1563(para)
5603
msgid ""
5604
"Now you will need to setup EC2 API and AMI tools on your server using X.509 "
5605
"certificates."
5606
msgstr ""
5607
5608
#: serverguide/C/virtualization.xml:1569(para)
5609
msgid ""
5610
"Source the included <emphasis>\"eucarc\"</emphasis> file to set up your "
5611
"Eucalyptus environment:"
5612
msgstr ""
5613
5614
#: serverguide/C/virtualization.xml:1573(command) serverguide/C/virtualization.xml:1600(command)
5615
msgid ". ~/.euca/eucarc"
5616
msgstr ""
5617
5618
#: serverguide/C/virtualization.xml:1577(para)
5619
msgid ""
5620
"You may additionally wish to add this command to your "
5621
"<filename>~/.bashrc</filename> file so that your Eucalyptus environment is "
5622
"set up automatically when you log in. Eucalyptus treats this set of "
5623
"credentials as <emphasis>'administrator'</emphasis> credentials that allow "
5624
"the holder global privileges across the cloud. As such, they should be "
5625
"protected in the same way that other elevated-priority access is protected "
5626
"(e.g. should not be made visible to the general user population)."
5627
msgstr ""
5628
5629
#: serverguide/C/virtualization.xml:1584(command)
5630
msgid ""
5631
"echo \"[ -r ~/.euca/eucarc ] && . ~/.euca/eucarc\" >> ~/.bashrc"
5632
msgstr ""
5633
5634
#: serverguide/C/virtualization.xml:1588(para)
5635
msgid "Install the required cloud user tools:"
5636
msgstr ""
5637
5638
#: serverguide/C/virtualization.xml:1592(command)
5639
msgid "sudo apt-get install euca2ools"
5640
msgstr ""
5641
5642
#: serverguide/C/virtualization.xml:1596(para)
5643
msgid ""
5644
"To validate that everything is working correctly, get the local cluster "
5645
"availability details:"
5646
msgstr ""
5647
5648
#: serverguide/C/virtualization.xml:1601(command)
5649
msgid "euca-describe-availability-zones verbose"
5650
msgstr ""
5651
5652
#: serverguide/C/virtualization.xml:1602(computeroutput)
5653
#, no-wrap
5654
msgid ""
5655
"AVAILABILITYZONE myowncloud 192.168.1.1\n"
5656
"AVAILABILITYZONE |- vm types free / max cpu ram disk\n"
5657
"AVAILABILITYZONE |- m1.small 0004 / 0004 1 128 2\n"
5658
"AVAILABILITYZONE |- c1.medium 0004 / 0004 1 256 5\n"
5659
"AVAILABILITYZONE |- m1.large 0002 / 0002 2 512 10\n"
5660
"AVAILABILITYZONE |- m1.xlarge 0002 / 0002 2 1024 20\n"
5661
"AVAILABILITYZONE |- c1.xlarge 0001 / 0001 4 2048 20"
5662
msgstr ""
5663
5664
#: serverguide/C/virtualization.xml:1612(para)
5665
msgid "Your output from the above command will vary."
5666
msgstr ""
5667
5668
#: serverguide/C/virtualization.xml:1622(title)
5669
msgid "Running an Image"
5670
msgstr ""
5671
5672
#: serverguide/C/virtualization.xml:1624(para)
5673
msgid "There are multiple ways to instantiate an image in UEC:"
5674
msgstr ""
5675
5676
#: serverguide/C/virtualization.xml:1629(para)
5677
msgid "Use the command line."
5678
msgstr ""
5679
5680
#: serverguide/C/virtualization.xml:1630(para)
5681
msgid ""
5682
"Use one of the UEC compatible management tools such as "
5683
"<emphasis>Landscape</emphasis>."
5684
msgstr ""
5685
5686
#: serverguide/C/virtualization.xml:1632(para)
5687
msgid ""
5688
"Use the <ulink "
5689
"url=\"https://help.ubuntu.com/community/UEC/ElasticFox\">ElasticFox</ulink> "
5690
"extension to Firefox."
5691
msgstr ""
5692
5693
#: serverguide/C/virtualization.xml:1638(para)
5694
msgid "Here we will describe the process from the command line:"
5695
msgstr ""
5696
5697
#: serverguide/C/virtualization.xml:1644(para)
5698
msgid ""
5699
"Before running an instance of your image, you should first create a "
5700
"<emphasis>keypair</emphasis> (ssh key) that you can use to log into your "
5701
"instance as root, once it boots. The key is stored, so you will only have to "
5702
"do this once."
5703
msgstr ""
5704
5705
#: serverguide/C/virtualization.xml:1648(para)
5706
msgid "Run the following command:"
5707
msgstr ""
5708
5709
#: serverguide/C/virtualization.xml:1651(programlisting)
5710
#, no-wrap
5711
msgid ""
5712
"\n"
5713
"if [ ! -e ~/.euca/mykey.priv ]; then\n"
5714
" touch ~/.euca/mykey.priv\n"
5715
" chmod 0600 ~/.euca/mykey.priv\n"
5716
" euca-add-keypair mykey > ~/.euca/mykey.priv\n"
5717
"fi\n"
5718
msgstr ""
5719
5720
#: serverguide/C/virtualization.xml:1659(para)
5721
msgid ""
5722
"You can call your key whatever you like (in this example, the key is called "
5723
"<emphasis>'mykey'</emphasis>), but remember what it is called. If you "
5724
"forget, you can always run <command>euca-describe-keypairs</command> to get "
5725
"a list of created keys stored in the system."
5726
msgstr ""
5727
5728
#: serverguide/C/virtualization.xml:1666(para)
5729
msgid "You must also allow access to port 22 in your instances:"
5730
msgstr ""
5731
5732
#: serverguide/C/virtualization.xml:1670(command)
5733
msgid "euca-describe-groups"
5734
msgstr ""
5735
5736
#: serverguide/C/virtualization.xml:1671(command)
5737
msgid "euca-authorize default -P tcp -p 22 -s 0.0.0.0/0"
5738
msgstr ""
5739
5740
#: serverguide/C/virtualization.xml:1675(para)
5741
msgid "Next, you can create instances of your registered image:"
5742
msgstr ""
5743
5744
#: serverguide/C/virtualization.xml:1679(command)
5745
msgid "euca-run-instances $EMI -k mykey -t c1.medium"
5746
msgstr ""
5747
5748
#: serverguide/C/virtualization.xml:1682(para)
5749
msgid ""
5750
"If you receive an error regarding <emphasis>image_id</emphasis>, you may "
5751
"find it by viewing Images page or click <emphasis>\"How to Run\"</emphasis> "
5752
"on the <emphasis>Store</emphasis> page to see the sample command."
5753
msgstr ""
5754
5755
#: serverguide/C/virtualization.xml:1689(para)
5756
msgid ""
5757
"The first time you run an instance, the system will be setting up caches for "
5758
"the image from which it will be created. This can often take some time the "
5759
"first time an instance is run given that VM images are usually quite large."
5760
msgstr ""
5761
5762
#: serverguide/C/virtualization.xml:1693(para)
5763
msgid "To monitor the state of your instance, run:"
5764
msgstr ""
5765
5766
#: serverguide/C/virtualization.xml:1697(command)
5767
msgid "watch -n5 euca-describe-instances"
5768
msgstr ""
5769
5770
#: serverguide/C/virtualization.xml:1699(para)
5771
msgid ""
5772
"In the output, you should see information about the instance, including its "
5773
"state. While first-time caching is being performed, the instance's state "
5774
"will be <emphasis>'pending'</emphasis>."
5775
msgstr ""
5776
5777
#: serverguide/C/virtualization.xml:1705(para)
5778
msgid ""
5779
"When the instance is fully started, the above state will become "
5780
"<emphasis>'running'</emphasis>. Look at the IP address assigned to your "
5781
"instance in the output, then connect to it:"
5782
msgstr ""
5783
5784
#: serverguide/C/virtualization.xml:1710(command)
5785
msgid ""
5786
"IPADDR=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | awk "
5787
"'{print $4}')"
5788
msgstr ""
5789
5790
#: serverguide/C/virtualization.xml:1711(command)
5791
msgid "ssh -i ~/.euca/mykey.priv ubuntu@$IPADDR"
5792
msgstr ""
5793
5794
#: serverguide/C/virtualization.xml:1715(para)
5795
msgid ""
5796
"And when you are done with this instance, exit your SSH connection, then "
5797
"terminate your instance:"
5798
msgstr ""
5799
5800
#: serverguide/C/virtualization.xml:1719(command)
5801
msgid ""
5802
"INSTANCEID=$(euca-describe-instances | grep $EMI | grep running | tail -n1 | "
5803
"awk '{print $2}')"
5804
msgstr ""
5805
5806
#: serverguide/C/virtualization.xml:1720(command)
5807
msgid "euca-terminate-instances $INSTANCEID"
5808
msgstr ""
5809
5810
#: serverguide/C/virtualization.xml:1727(title)
5811
msgid "Install an Image from the Store"
5812
msgstr ""
5813
5814
#: serverguide/C/virtualization.xml:1729(para)
5815
msgid ""
5816
"The following is by far the simplest way to install an image. However, "
5817
"advanced users may be interested in learning how to <ulink "
5818
"url=\"https://help.ubuntu.com/community/UEC/BundlingImages\">Bundle their "
5819
"own image</ulink>."
5820
msgstr ""
5821
5822
#: serverguide/C/virtualization.xml:1734(para)
5823
msgid ""
5824
"The simplest way to add an image to <application>UEC</application> is to "
5825
"install it from the Image Store on the UEC web interface."
5826
msgstr ""
5827
5828
#: serverguide/C/virtualization.xml:1740(para)
5829
msgid ""
5830
"Access the web interface at the following URL (Make sure you specify https):"
5831
msgstr ""
5832
5833
#: serverguide/C/virtualization.xml:1748(para)
5834
msgid ""
5835
"Enter your login and password (if requested, as you may still be logged in "
5836
"from earlier)."
5837
msgstr ""
5838
5839
#: serverguide/C/virtualization.xml:1753(para)
5840
msgid "Click on the <emphasis>Store</emphasis> tab."
5841
msgstr ""
5842
5843
#: serverguide/C/virtualization.xml:1758(para)
5844
msgid "Browse available images."
5845
msgstr ""
5846
5847
#: serverguide/C/virtualization.xml:1763(para)
5848
msgid "Click on <emphasis>install</emphasis> for the image you want."
5849
msgstr ""
5850
5851
#: serverguide/C/virtualization.xml:1769(para)
5852
msgid ""
5853
"Once the image has been downloaded and installed, you can click on "
5854
"<emphasis>\"How to run?\"</emphasis> that will be displayed below the image "
5855
"button to view the command to execute to instantiate (start) this image. The "
5856
"image will also appear on the list given on the <emphasis>Image</emphasis> "
5857
"tab."
5858
msgstr ""
5859
5860
#: serverguide/C/virtualization.xml:1777(title) serverguide/C/dns.xml:619(title)
5861
msgid "More Information"
5862
msgstr ""
5863
5864
#: serverguide/C/virtualization.xml:1779(para)
5865
msgid ""
5866
"How to use the <ulink "
5867
"url=\"https://help.ubuntu.com/community/UEC/StorageController\">Storage "
5868
"Controller</ulink>"
5869
msgstr ""
5870
5871
#: serverguide/C/virtualization.xml:1783(para)
5872
msgid "Controlling eucalyptus services:"
5873
msgstr ""
5874
5875
#: serverguide/C/virtualization.xml:1788(para)
5876
msgid ""
5877
"sudo service eucalyptus [start|stop|restart] (on the CLC/CC/SC/Walrus side)"
5878
msgstr ""
5879
5880
#: serverguide/C/virtualization.xml:1789(para)
5881
msgid "sudo service eucalyptus-nc [start|stop|restart] (on the Node side)"
5882
msgstr ""
5883
5884
#: serverguide/C/virtualization.xml:1792(para)
5885
msgid "Locations of some important files:"
5886
msgstr ""
5887
5888
#: serverguide/C/virtualization.xml:1799(emphasis)
5889
msgid "Log files:"
5890
msgstr ""
5891
5892
#: serverguide/C/virtualization.xml:1802(para)
5893
msgid "/var/log/eucalyptus"
5894
msgstr ""
5895
5896
#: serverguide/C/virtualization.xml:1807(emphasis)
5897
msgid "Configuration files:"
5898
msgstr ""
5899
5900
#: serverguide/C/virtualization.xml:1810(para)
5901
msgid "/etc/eucalyptus"
5902
msgstr ""
5903
5904
#: serverguide/C/virtualization.xml:1815(emphasis)
5905
msgid "Database:"
5906
msgstr ""
5907
5908
#: serverguide/C/virtualization.xml:1818(para)
5909
msgid "/var/lib/eucalyptus/db"
5910
msgstr ""
5911
5912
#: serverguide/C/virtualization.xml:1823(emphasis)
5913
msgid "Keys:"
5914
msgstr ""
5915
5916
#: serverguide/C/virtualization.xml:1826(para)
5917
msgid "/var/lib/eucalyptus"
5918
msgstr ""
5919
5920
#: serverguide/C/virtualization.xml:1827(para)
5921
msgid "/var/lib/eucalyptus/.ssh"
5922
msgstr ""
5923
5924
#: serverguide/C/virtualization.xml:1833(para)
5925
msgid ""
5926
"Don't forget to source your <filename>~/.euca/eucarc</filename> before "
5927
"running the client tools."
5928
msgstr ""
5929
5930
#: serverguide/C/virtualization.xml:1844(para)
5195
5931
msgid ""
5196
5932
"For information on loading instances see the <ulink "
5197
5933
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5198
5934
"page."
5199
5935
msgstr ""
5200
5936
5201
#: serverguide/C/virtualization.xml:1317(para)
5937
#: serverguide/C/virtualization.xml:1849(para)
5938
msgid ""
5939
"<ulink url=\"http://open.eucalyptus.com/\">Eucalyptus Project Site (forums, "
5940
"documentation, downloads)</ulink>."
5941
msgstr ""
5942
5943
#: serverguide/C/virtualization.xml:1854(para)
5944
msgid ""
5945
"<ulink url=\"https://launchpad.net/eucalyptus/\">Eucalyptus on Launchpad "
5946
"(bugs, code)</ulink>."
5947
msgstr ""
5948
5949
#: serverguide/C/virtualization.xml:1859(para)
5950
msgid ""
5951
"<ulink "
5952
"url=\"http://open.eucalyptus.com/wiki/EucalyptusTroubleshooting_v1.5\">Eucaly"
5953
"ptus Troubleshooting (1.5)</ulink>."
5954
msgstr ""
5955
5956
#: serverguide/C/virtualization.xml:1864(para)
5957
msgid ""
5958
"<ulink url=\"http://support.rightscale.com/2._References/02-"
5959
"Cloud_Infrastructures/Eucalyptus/03-"
5960
"Administration_Guide/Register_with_RightScale\"> Register your cloud with "
5961
"RightScale</ulink>."
5962
msgstr ""
5963
5964
#: serverguide/C/virtualization.xml:1870(para)
5202
5965
msgid ""
5203
5966
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5204
5967
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5205
5968
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5206
5969
msgstr ""
5207
5970
5208
#: serverguide/C/virtualization.xml:1327(title)
5971
#: serverguide/C/virtualization.xml:1879(title)
5972
msgid "Glossary"
5973
msgstr ""
5974
5975
#: serverguide/C/virtualization.xml:1881(para)
5976
msgid ""
5977
"The Ubuntu Enterprise Cloud documentation uses terminology that might be "
5978
"unfamiliar to some readers. This page is intended to provide a glossary of "
5979
"such terms and acronyms."
5980
msgstr ""
5981
5982
#: serverguide/C/virtualization.xml:1888(para)
5983
msgid ""
5984
"<emphasis>Cloud</emphasis> - A federated set of physical machines that offer "
5985
"computing resources through virtual machines, provisioned and recollected "
5986
"dynamically."
5987
msgstr ""
5988
5989
#: serverguide/C/virtualization.xml:1894(para)
5990
msgid ""
5991
"<emphasis>Cloud Controller (CLC)</emphasis> - Eucalyptus component that "
5992
"provides the web UI (an https server on port 8443), and implements the "
5993
"Amazon EC2 API. There should be only one Cloud Controller in an installation "
5994
"of UEC. This service is provided by the Ubuntu <application>eucalyptus-"
5995
"cloud</application> package."
5996
msgstr ""
5997
5998
#: serverguide/C/virtualization.xml:1901(para)
5999
msgid ""
6000
"<emphasis>Cluster</emphasis> - A collection of nodes, associated with a "
6001
"Cluster Controller. There can be more than one Cluster in an installation of "
6002
"UEC. Clusters are sometimes physically separate sets of nodes. (e.g. floor1, "
6003
"floor2, floor2)."
6004
msgstr ""
6005
6006
#: serverguide/C/virtualization.xml:1907(para)
6007
msgid ""
6008
"<emphasis>Cluster Controller (CC)</emphasis> - Eucalyptus component that "
6009
"manages collections of node resources. This service is provided by the "
6010
"Ubuntu <application>eucalyptus-cc</application> package."
6011
msgstr ""
6012
6013
#: serverguide/C/virtualization.xml:1913(para)
6014
msgid "<emphasis>EBS</emphasis> - Elastic Block Storage."
6015
msgstr ""
6016
6017
#: serverguide/C/virtualization.xml:1918(para)
6018
msgid ""
6019
"<emphasis>EC2</emphasis> - Elastic Compute Cloud. Amazon's pay-by-the-hour, "
6020
"pay-by-the-gigabyte public cloud computing offering."
6021
msgstr ""
6022
6023
#: serverguide/C/virtualization.xml:1923(para)
6024
msgid "<emphasis>EKI</emphasis> - Eucalyptus Kernel Image."
6025
msgstr ""
6026
6027
#: serverguide/C/virtualization.xml:1928(para)
6028
msgid "<emphasis>EMI</emphasis> - Eucalyptus Machine Image."
6029
msgstr ""
6030
6031
#: serverguide/C/virtualization.xml:1933(para)
6032
msgid "<emphasis>ERI</emphasis> - Eucalyptus Ramdisk Image."
6033
msgstr ""
6034
6035
#: serverguide/C/virtualization.xml:1938(para)
6036
msgid ""
6037
"<emphasis>Eucalyptus</emphasis> - Elastic Utility Computing Architecture for "
6038
"Linking Your Programs To Useful Systems. An open source project originally "
6039
"from the University of California at Santa Barbara, now supported by "
6040
"Eucalyptus Systems, a Canonical Partner."
6041
msgstr ""
6042
6043
#: serverguide/C/virtualization.xml:1945(para)
6044
msgid ""
6045
"<emphasis>Front-end</emphasis> - Physical machine hosting one (or more) of "
6046
"the high level Eucalyptus components (cloud, walrus, storage controller, "
6047
"cluster controller)."
6048
msgstr ""
6049
6050
#: serverguide/C/virtualization.xml:1951(para)
6051
msgid ""
6052
"<emphasis>Node</emphasis> - A node is a physical machine that's capable of "
6053
"running virtual machines, running a node controller. Within Ubuntu, this "
6054
"generally means that the CPU has VT extensions, and can run the KVM "
6055
"hypervisor."
6056
msgstr ""
6057
6058
#: serverguide/C/virtualization.xml:1957(para)
6059
msgid ""
6060
"<emphasis>Node Controller (NC)</emphasis> - Eucalyptus component that runs "
6061
"on nodes which host the virtual machines that comprise the cloud. This "
6062
"service is provided by the Ubuntu package <application>eucalyptus-"
6063
"nc</application>."
6064
msgstr ""
6065
6066
#: serverguide/C/virtualization.xml:1963(para)
6067
msgid ""
6068
"<emphasis>S3</emphasis> - Simple Storage Service. Amazon's pay-by-the-"
6069
"gigabyte persistent storage solution for EC2."
6070
msgstr ""
6071
6072
#: serverguide/C/virtualization.xml:1968(para)
6073
msgid ""
6074
"<emphasis>Storage Controller (SC)</emphasis> - Eucalyptus component that "
6075
"manages dynamic block storage services (EBS). Each 'cluster' in a Eucalyptus "
6076
"installation can have its own Storage Controller. This component is provided "
6077
"by the <application>eucalyptus-sc</application> package."
6078
msgstr ""
6079
6080
#: serverguide/C/virtualization.xml:1975(para)
6081
msgid ""
6082
"<emphasis>UEC</emphasis> - Ubuntu Enterprise Cloud. Ubuntu's cloud computing "
6083
"solution, based on Eucalyptus."
6084
msgstr ""
6085
6086
#: serverguide/C/virtualization.xml:1980(para)
6087
msgid "<emphasis>VM</emphasis> - Virtual Machine."
6088
msgstr ""
6089
6090
#: serverguide/C/virtualization.xml:1985(para)
6091
msgid ""
6092
"<emphasis>VT</emphasis> - Virtualization Technology. An optional feature of "
6093
"some modern CPUs, allowing for accelerated virtual machine hosting."
6094
msgstr ""
6095
6096
#: serverguide/C/virtualization.xml:1990(para)
6097
msgid ""
6098
"<emphasis>Walrus</emphasis> - Eucalyptus component that implements the "
6099
"Amazon S3 API, used for storing VM images and user storage using S3 bucket "
6100
"put/get abstractions."
6101
msgstr ""
6102
6103
#: serverguide/C/virtualization.xml:2000(title)
5209
6104
msgid "OpenNebula"
5210
6105
msgstr ""
5211
6106
5212
#: serverguide/C/virtualization.xml:1329(para)
6107
#: serverguide/C/virtualization.xml:2002(para)
5213
6108
msgid ""
5214
6109
"<application>OpenNebula</application> allows virtual machines to be placed "
5215
6110
"and re-placed dynamically on a pool of physical resources. This allows a "
5216
6111
"virtual machine to be hosted from any location available."
5217
6112
msgstr ""
5218
6113
5219
#: serverguide/C/virtualization.xml:1334(para)
6114
#: serverguide/C/virtualization.xml:2007(para)
5220
6115
msgid ""
5221
6116
"This section will detail configuring an OpenNebula cluster using three "
5222
6117
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
5225
6120
"local network. For details see <xref linkend=\"bridging\"/>."
5226
6121
msgstr ""
5227
6122
5228
#: serverguide/C/virtualization.xml:1343(para)
6123
#: serverguide/C/virtualization.xml:2016(para)
5229
6124
msgid "First, from a terminal on the Front-End enter:"
5230
6125
msgstr ""
5231
6126
5232
#: serverguide/C/virtualization.xml:1348(command)
6127
#: serverguide/C/virtualization.xml:2021(command)
5233
6128
msgid "sudo apt-get install opennebula"
5234
6129
msgstr ""
5235
6130
5236
#: serverguide/C/virtualization.xml:1351(para)
6131
#: serverguide/C/virtualization.xml:2024(para)
5237
6132
msgid "On each Compute Node install:"
5238
6133
msgstr ""
5239
6134
5240
#: serverguide/C/virtualization.xml:1356(command)
6135
#: serverguide/C/virtualization.xml:2029(command)
5241
6136
msgid "sudo apt-get install opennebula-node"
5242
6137
msgstr ""
5243
6138
5244
#: serverguide/C/virtualization.xml:1359(para)
6139
#: serverguide/C/virtualization.xml:2032(para)
5245
6140
msgid ""
5246
6141
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
5247
6142
"to have a password. On each machine execute:"
5248
6143
msgstr ""
5249
6144
5250
#: serverguide/C/virtualization.xml:1364(command)
6145
#: serverguide/C/virtualization.xml:2037(command)
5251
6146
msgid "sudo passwd oneadmin"
5252
6147
msgstr ""
5253
6148
5254
#: serverguide/C/virtualization.xml:1367(para)
6149
#: serverguide/C/virtualization.xml:2040(para)
5255
6150
msgid ""
5256
6151
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
5257
6152
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
5258
6153
msgstr ""
5259
6154
5260
#: serverguide/C/virtualization.xml:1372(command)
6155
#: serverguide/C/virtualization.xml:2045(command)
5261
6156
msgid ""
5262
6157
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5263
6158
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
5264
6159
msgstr ""
5265
6160
5266
#: serverguide/C/virtualization.xml:1373(command)
6161
#: serverguide/C/virtualization.xml:2046(command)
5267
6162
msgid ""
5268
6163
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5269
6164
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
5270
6165
msgstr ""
5271
6166
5272
#: serverguide/C/virtualization.xml:1374(command)
6167
#: serverguide/C/virtualization.xml:2047(command)
5273
6168
msgid ""
5274
6169
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
5275
6170
"/var/lib/one/.ssh/authorized_keys\""
5276
6171
msgstr ""
5277
6172
5278
#: serverguide/C/virtualization.xml:1377(para)
6173
#: serverguide/C/virtualization.xml:2050(para)
5279
6174
msgid ""
5280
6175
"The SSH key for the Compute Nodes needs to be added to the "
5281
6176
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
5286
6181
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
5287
6182
msgstr ""
5288
6183
5289
#: serverguide/C/virtualization.xml:1384(command)
6184
#: serverguide/C/virtualization.xml:2057(command)
5290
6185
msgid ""
5291
6186
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
5292
6187
"/etc/ssh/ssh_known_hosts\""
5293
6188
msgstr ""
5294
6189
5295
#: serverguide/C/virtualization.xml:1385(command)
6190
#: serverguide/C/virtualization.xml:2058(command)
5296
6191
msgid ""
5297
6192
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
5298
6193
"/etc/ssh/ssh_known_hosts\""
5299
6194
msgstr ""
5300
6195
5301
#: serverguide/C/virtualization.xml:1389(para)
6196
#: serverguide/C/virtualization.xml:2062(para)
5302
6197
msgid ""
5303
6198
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
5304
6199
"appropriate host names."
5305
6200
msgstr ""
5306
6201
5307
#: serverguide/C/virtualization.xml:1394(para)
6202
#: serverguide/C/virtualization.xml:2067(para)
5308
6203
msgid ""
5309
6204
"This allows the <emphasis>oneadmin</emphasis> to use "
5310
6205
"<application>scp</application>, without a password or manual intervention, "
5311
6206
"to deploy an image to the Compute Nodes."
5312
6207
msgstr ""
5313
6208
5314
#: serverguide/C/virtualization.xml:1399(para)
6209
#: serverguide/C/virtualization.xml:2072(para)
5315
6210
msgid ""
5316
6211
"On the Front-End create a directory to store the VM images, giving the "
5317
6212
"<emphasis>oneadmin</emphasis> user access to the directory:"
5318
6213
msgstr ""
5319
6214
5320
#: serverguide/C/virtualization.xml:1404(command)
6215
#: serverguide/C/virtualization.xml:2077(command)
5321
6216
msgid "sudo mkdir /var/lib/one/images"
5322
6217
msgstr ""
5323
6218
5324
#: serverguide/C/virtualization.xml:1405(command)
6219
#: serverguide/C/virtualization.xml:2078(command)
5325
6220
msgid "sudo chown oneadmin /var/lib/one/images/"
5326
6221
msgstr ""
5327
6222
5328
#: serverguide/C/virtualization.xml:1408(para)
6223
#: serverguide/C/virtualization.xml:2081(para)
5329
6224
msgid ""
5330
6225
"Finally, copy a virtual machine disk file into "
5331
6226
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
5333
6228
"and-vmbuilder\"/> for details."
5334
6229
msgstr ""
5335
6230
5336
#: serverguide/C/virtualization.xml:1417(para)
6231
#: serverguide/C/virtualization.xml:2090(para)
5337
6232
msgid ""
5338
6233
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
5339
6234
"and virtual machines added to the cluster."
5340
6235
msgstr ""
5341
6236
5342
#: serverguide/C/virtualization.xml:1421(para)
6237
#: serverguide/C/virtualization.xml:2094(para)
5343
6238
msgid "From a terminal prompt enter:"
5344
6239
msgstr ""
5345
6240
5346
#: serverguide/C/virtualization.xml:1426(command)
6241
#: serverguide/C/virtualization.xml:2099(command)
5347
6242
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
5348
6243
msgstr ""
5349
6244
5350
#: serverguide/C/virtualization.xml:1427(command)
6245
#: serverguide/C/virtualization.xml:2100(command)
5351
6246
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
5352
6247
msgstr ""
5353
6248
5354
#: serverguide/C/virtualization.xml:1430(para)
6249
#: serverguide/C/virtualization.xml:2103(para)
5355
6250
msgid ""
5356
6251
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
5357
6252
"<filename>vnet01.template</filename>:"
5358
6253
msgstr ""
5359
6254
5360
#: serverguide/C/virtualization.xml:1434(programlisting)
6255
#: serverguide/C/virtualization.xml:2107(programlisting)
5361
6256
#, no-wrap
5362
6257
msgid ""
5363
6258
"\n"
5368
6263
"NETWORK_ADDRESS = 192.168.0.0\n"
5369
6264
msgstr ""
5370
6265
5371
#: serverguide/C/virtualization.xml:1443(para)
6266
#: serverguide/C/virtualization.xml:2116(para)
5372
6267
msgid ""
5373
6268
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
5374
6269
msgstr ""
5375
6270
5376
#: serverguide/C/virtualization.xml:1448(para)
6271
#: serverguide/C/virtualization.xml:2121(para)
5377
6272
msgid ""
5378
6273
"Using the <application>onevnet</application> utility, add the virtual "
5379
6274
"network to OpenNebula:"
5380
6275
msgstr ""
5381
6276
5382
#: serverguide/C/virtualization.xml:1453(command)
6277
#: serverguide/C/virtualization.xml:2126(command)
5383
6278
msgid "onevnet create vnet01.template"
5384
6279
msgstr ""
5385
6280
5386
#: serverguide/C/virtualization.xml:1456(para)
6281
#: serverguide/C/virtualization.xml:2129(para)
5387
6282
msgid ""
5388
6283
"Now create a <emphasis>VM Template</emphasis> file named "
5389
6284
"<filename>vm01.template</filename>:"
5390
6285
msgstr ""
5391
6286
5392
#: serverguide/C/virtualization.xml:1460(programlisting)
6287
#: serverguide/C/virtualization.xml:2133(programlisting)
5393
6288
#, no-wrap
5394
6289
msgid ""
5395
6290
"\n"
5409
6304
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
5410
6305
msgstr ""
5411
6306
5412
#: serverguide/C/virtualization.xml:1477(para)
6307
#: serverguide/C/virtualization.xml:2150(para)
5413
6308
msgid "Start the virtual machine using <application>onevm</application>:"
5414
6309
msgstr ""
5415
6310
5416
#: serverguide/C/virtualization.xml:1482(command)
6311
#: serverguide/C/virtualization.xml:2155(command)
5417
6312
msgid "onevm submit vm01.template"
5418
6313
msgstr ""
5419
6314
5420
#: serverguide/C/virtualization.xml:1485(para)
6315
#: serverguide/C/virtualization.xml:2158(para)
5421
6316
msgid ""
5422
6317
"Use the <application>onevm list</application> option to view information "
5423
6318
"about virtual machines. Also, the <application>onevm show vm01</application> "
5424
6319
"option will display more details about a specific virtual machine."
5425
6320
msgstr ""
5426
6321
5427
#: serverguide/C/virtualization.xml:1496(para)
6322
#: serverguide/C/virtualization.xml:2169(para)
5428
6323
msgid ""
5429
6324
"See the <ulink "
5430
6325
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
5431
6326
"> for more information."
5432
6327
msgstr ""
5433
6328
5434
#: serverguide/C/virtualization.xml:1501(para)
6329
#: serverguide/C/virtualization.xml:2174(para)
5435
6330
msgid ""
5436
6331
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
5437
6332
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
5438
6333
"url=\"http://freenode.net\">Freenode</ulink>."
5439
6334
msgstr ""
5440
6335
6336
#: serverguide/C/virtualization.xml:2180(para)
6337
msgid ""
6338
"Also, the <ulink "
6339
"url=\"https://help.ubuntu.com/community/OpenNebula\">OpenNebula Ubuntu "
6340
"Wiki</ulink> page has more details."
6341
msgstr ""
6342
5441
6343
#: serverguide/C/vcs.xml:13(title)
5442
6344
msgid "Version Control System"
5443
6345
msgstr ""
5697
6599
#: serverguide/C/vcs.xml:206(para)
5698
6600
msgid ""
5699
6601
"To access the Subversion repository via WebDAV protocol, you must configure "
5700
"your Apache 2 web server. You must add the following snippet in your "
5701
"<filename>/etc/apache2/apache2.conf</filename> file:"
6602
"your Apache 2 web server. Add the following snippet between the "
6603
"<emphasis><VirtualHost></emphasis> and "
6604
"<emphasis></VirtualHost></emphasis> elements in "
6605
"<filename>/etc/apache2/sites-available/default</filename>, or another "
6606
"VirtualHost file:"
5702
6607
msgstr ""
5703
6608
5704
#: serverguide/C/vcs.xml:208(programlisting)
6609
#: serverguide/C/vcs.xml:212(programlisting)
5705
6610
#, no-wrap
5706
6611
msgid ""
5707
6612
"\n"
5708
6613
" <Location /svn>\n"
5709
6614
" DAV svn\n"
5710
" SVNParentPath /home/svn\n"
6615
" SVNPath /home/svn\n"
5711
6616
" AuthType Basic\n"
5712
6617
" AuthName \"Your repository name\"\n"
5713
6618
" AuthUserFile /etc/subversion/passwd\n"
5715
6620
" </Location> \n"
5716
6621
msgstr ""
5717
6622
5718
#: serverguide/C/vcs.xml:219(para)
6623
#: serverguide/C/vcs.xml:223(para)
5719
6624
msgid ""
5720
6625
"The above configuration snippet assumes that Subversion repositories are "
5721
6626
"created under <filename>/home/svn/</filename> directory using "
5722
6627
"<command>svnadmin</command> command. They can be accessible using "
5723
"<command>htpp://hostname/svn/repos_name</command> url."
6628
"<command>http://hostname/svn/repos_name</command> url."
5724
6629
msgstr ""
5725
6630
5726
#: serverguide/C/vcs.xml:225(para)
6631
#: serverguide/C/vcs.xml:229(para)
5727
6632
msgid ""
5728
6633
"To import or commit files to your Subversion repository over HTTP, the "
5729
6634
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
5731
6636
"repository files enter the following command from terminal prompt:"
5732
6637
msgstr ""
5733
6638
5734
#: serverguide/C/vcs.xml:234(command)
6639
#: serverguide/C/vcs.xml:238(command)
5735
6640
msgid "sudo chown -R www-data:www-data /path/to/repos"
5736
6641
msgstr ""
5737
6642
5738
#: serverguide/C/vcs.xml:237(para)
6643
#: serverguide/C/vcs.xml:241(para)
5739
6644
msgid ""
5740
6645
"By changing the ownership of repository as <command>www-data</command> you "
5741
6646
"will not be able to import or commit files into the repository by running "
5743
6648
"<command>www-data</command>."
5744
6649
msgstr ""
5745
6650
5746
#: serverguide/C/vcs.xml:246(para)
6651
#: serverguide/C/vcs.xml:250(para)
5747
6652
msgid ""
5748
6653
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5749
6654
"that will contain user authentication details. To create a file issue the "
5751
6656
"the first user):"
5752
6657
msgstr ""
5753
6658
5754
#: serverguide/C/vcs.xml:252(command)
6659
#: serverguide/C/vcs.xml:256(command)
5755
6660
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5756
6661
msgstr ""
5757
6662
5758
#: serverguide/C/vcs.xml:255(para)
6663
#: serverguide/C/vcs.xml:259(para)
5759
6664
msgid ""
5760
6665
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5761
6666
"option replaces the old file. Instead use this form:"
5762
6667
msgstr ""
5763
6668
5764
#: serverguide/C/vcs.xml:260(command)
6669
#: serverguide/C/vcs.xml:264(command)
5765
6670
msgid "sudo htpasswd /etc/subversion/password user_name"
5766
6671
msgstr ""
5767
6672
5768
#: serverguide/C/vcs.xml:264(para)
6673
#: serverguide/C/vcs.xml:268(para)
5769
6674
msgid ""
5770
6675
"This command will prompt you to enter the password. Once you enter the "
5771
6676
"password, the user is added. Now, to access the repository you can run the "
5772
6677
"following command:"
5773
6678
msgstr ""
5774
6679
5775
#: serverguide/C/vcs.xml:265(command)
6680
#: serverguide/C/vcs.xml:269(command)
5776
6681
msgid "svn co http://servername/svn"
5777
6682
msgstr ""
5778
6683
5779
#: serverguide/C/vcs.xml:267(para)
6684
#: serverguide/C/vcs.xml:271(para)
5780
6685
msgid ""
5781
6686
"The password is transmitted as plain text. If you are worried about password "
5782
6687
"snooping, you are advised to use SSL encryption. For details, please refer "
5783
6688
"next section."
5784
6689
msgstr ""
5785
6690
5786
#: serverguide/C/vcs.xml:273(title)
6691
#: serverguide/C/vcs.xml:277(title)
5787
6692
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5788
6693
msgstr ""
5789
6694
5790
#: serverguide/C/vcs.xml:274(para)
6695
#: serverguide/C/vcs.xml:278(para)
5791
6696
msgid ""
5792
6697
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5793
6698
"(https://) is similar to http:// except that you must install and configure "
5798
6703
"configuration\"/>."
5799
6704
msgstr ""
5800
6705
5801
#: serverguide/C/vcs.xml:283(para)
6706
#: serverguide/C/vcs.xml:287(para)
5802
6707
msgid ""
5803
6708
"You can install a digital certificate issued by a signing authority. "
5804
6709
"Alternatively, you can install your own self-signed certificate."
5805
6710
msgstr ""
5806
6711
5807
#: serverguide/C/vcs.xml:288(para)
6712
#: serverguide/C/vcs.xml:292(para)
5808
6713
msgid ""
5809
6714
"This step assumes you have installed and configured a digital certificate in "
5810
6715
"your Apache 2 web server. Now, to access the Subversion repository, please "
5812
6717
"the protocol. You must use https:// to access the Subversion repository."
5813
6718
msgstr ""
5814
6719
5815
#: serverguide/C/vcs.xml:298(title)
6720
#: serverguide/C/vcs.xml:302(title)
5816
6721
msgid "Access via custom protocol (svn://)"
5817
6722
msgstr ""
5818
6723
5819
#: serverguide/C/vcs.xml:299(para)
6724
#: serverguide/C/vcs.xml:303(para)
5820
6725
msgid ""
5821
6726
"Once the Subversion repository is created, you can configure the access "
5822
6727
"control. You can edit the <filename> "
5825
6730
"following lines in the configuration file:"
5826
6731
msgstr ""
5827
6732
5828
#: serverguide/C/vcs.xml:306(programlisting)
6733
#: serverguide/C/vcs.xml:310(programlisting)
5829
6734
#, no-wrap
5830
6735
msgid ""
5831
6736
"# [general]\n"
5832
6737
"# password-db = passwd"
5833
6738
msgstr ""
5834
6739
5835
#: serverguide/C/vcs.xml:309(para)
6740
#: serverguide/C/vcs.xml:313(para)
5836
6741
msgid ""
5837
6742
"After uncommenting the above lines, you can maintain the user list in the "
5838
6743
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5839
6744
"directory and add the new user. The syntax is as follows:"
5840
6745
msgstr ""
5841
6746
5842
#: serverguide/C/vcs.xml:315(programlisting)
6747
#: serverguide/C/vcs.xml:319(programlisting)
5843
6748
#, no-wrap
5844
6749
msgid "username = password"
5845
6750
msgstr ""
5846
6751
5847
#: serverguide/C/vcs.xml:316(para)
6752
#: serverguide/C/vcs.xml:320(para)
5848
6753
msgid "For more details, please refer to the file."
5849
6754
msgstr ""
5850
6755
5851
#: serverguide/C/vcs.xml:320(para)
6756
#: serverguide/C/vcs.xml:324(para)
5852
6757
msgid ""
5853
6758
"Now, to access Subversion via the svn:// custom protocol, either from the "
5854
6759
"same machine or a different machine, you can run svnserver using svnserve "
5855
6760
"command. The syntax is as follows:"
5856
6761
msgstr ""
5857
6762
5858
#: serverguide/C/vcs.xml:325(programlisting)
6763
#: serverguide/C/vcs.xml:329(programlisting)
5859
6764
#, no-wrap
5860
6765
msgid ""
5861
6766
"$ svnserve -d --foreground -r /path/to/repos\n"
5867
6772
"$ svnserve --help"
5868
6773
msgstr ""
5869
6774
5870
#: serverguide/C/vcs.xml:333(para)
6775
#: serverguide/C/vcs.xml:337(para)
5871
6776
msgid ""
5872
6777
"Once you run this command, Subversion starts listening on default port "
5873
6778
"(3690). To access the project repository, you must run the following command "
5874
6779
"from a terminal prompt:"
5875
6780
msgstr ""
5876
6781
5877
#: serverguide/C/vcs.xml:336(command)
6782
#: serverguide/C/vcs.xml:340(command)
5878
6783
msgid "svn co svn://hostname/project project --username user_name"
5879
6784
msgstr ""
5880
6785
5881
#: serverguide/C/vcs.xml:339(para)
6786
#: serverguide/C/vcs.xml:343(para)
5882
6787
msgid ""
5883
6788
"Based on server configuration, it prompts for password. Once you are "
5884
6789
"authenticated, it checks out the code from Subversion repository. To "
5887
6792
"a terminal prompt, is as follows:"
5888
6793
msgstr ""
5889
6794
5890
#: serverguide/C/vcs.xml:347(command)
6795
#: serverguide/C/vcs.xml:351(command)
5891
6796
msgid "cd project_dir ; svn update"
5892
6797
msgstr ""
5893
6798
5894
#: serverguide/C/vcs.xml:350(para)
6799
#: serverguide/C/vcs.xml:354(para)
5895
6800
msgid ""
5896
6801
"For more details about using each Subversion sub-command, you can refer to "
5897
6802
"the manual. For example, to learn more about the co (checkout) command, "
5898
6803
"please run the following command from a terminal prompt:"
5899
6804
msgstr ""
5900
6805
5901
#: serverguide/C/vcs.xml:354(command)
6806
#: serverguide/C/vcs.xml:358(command)
5902
6807
msgid "svn co help"
5903
6808
msgstr ""
5904
6809
5905
#: serverguide/C/vcs.xml:358(title)
6810
#: serverguide/C/vcs.xml:362(title)
5906
6811
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
5907
6812
msgstr ""
5908
6813
5909
#: serverguide/C/vcs.xml:359(para)
6814
#: serverguide/C/vcs.xml:363(para)
5910
6815
msgid ""
5911
6816
"The configuration and server process is same as in the svn:// method. For "
5912
6817
"details, please refer to the above section. This step assumes you have "
5914
6819
"<application>svnserve</application> command."
5915
6820
msgstr ""
5916
6821
5917
#: serverguide/C/vcs.xml:365(para)
6822
#: serverguide/C/vcs.xml:369(para)
5918
6823
msgid ""
5919
6824
"It is also assumed that the ssh server is running on that machine and that "
5920
6825
"it is allowing incoming connections. To confirm, please try to login to that "
5922
6827
"login, please address it before continuing further."
5923
6828
msgstr ""
5924
6829
5925
#: serverguide/C/vcs.xml:371(para)
6830
#: serverguide/C/vcs.xml:375(para)
5926
6831
msgid ""
5927
6832
"The svn+ssh:// protocol is used to access the Subversion repository using "
5928
6833
"SSL encryption. The data transfer is encrypted using this method. To access "
5930
6835
"following command syntax:"
5931
6836
msgstr ""
5932
6837
5933
#: serverguide/C/vcs.xml:378(command)
6838
#: serverguide/C/vcs.xml:382(command)
5934
6839
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
5935
6840
msgstr ""
5936
6841
5937
#: serverguide/C/vcs.xml:382(para)
6842
#: serverguide/C/vcs.xml:386(para)
5938
6843
msgid ""
5939
6844
"You must use the full path (/path/to/repos/project) to access the Subversion "
5940
6845
"repository using this access method."
5941
6846
msgstr ""
5942
6847
5943
#: serverguide/C/vcs.xml:385(para)
6848
#: serverguide/C/vcs.xml:389(para)
5944
6849
msgid ""
5945
6850
"Based on server configuration, it prompts for password. You must enter the "
5946
6851
"password you use to login via ssh. Once you are authenticated, it checks out "
5947
6852
"the code from the Subversion repository."
5948
6853
msgstr ""
5949
6854
5950
#: serverguide/C/vcs.xml:396(title)
6855
#: serverguide/C/vcs.xml:399(title)
5951
6856
msgid "CVS Server"
5952
6857
msgstr ""
5953
6858
5954
#: serverguide/C/vcs.xml:397(para)
6859
#: serverguide/C/vcs.xml:400(para)
5955
6860
msgid ""
5956
6861
"CVS is a version control system. You can use it to record the history of "
5957
6862
"source files."
5958
6863
msgstr ""
5959
6864
5960
#: serverguide/C/vcs.xml:403(para)
6865
#: serverguide/C/vcs.xml:406(para)
5961
6866
msgid ""
5962
6867
"To install <application>CVS</application>, run the following command from a "
5963
6868
"terminal prompt: <screen>\n"
5970
6875
"</screen>"
5971
6876
msgstr ""
5972
6877
5973
#: serverguide/C/vcs.xml:436(programlisting)
6878
#: serverguide/C/vcs.xml:439(programlisting)
5974
6879
#, no-wrap
5975
6880
msgid ""
5976
6881
"\n"
5988
6893
"}\n"
5989
6894
msgstr ""
5990
6895
5991
#: serverguide/C/vcs.xml:452(para)
6896
#: serverguide/C/vcs.xml:455(para)
5992
6897
msgid ""
5993
6898
"Be sure to edit the repository if you have changed the default repository "
5994
6899
"(<application>/var/lib/cvs</application>) directory."
5995
6900
msgstr ""
5996
6901
5997
#: serverguide/C/vcs.xml:421(para)
6902
#: serverguide/C/vcs.xml:424(para)
5998
6903
msgid ""
5999
6904
"Once you install cvs, the repository will be automatically initialized. By "
6000
6905
"default, the repository resides under the "
6011
6916
"</screen>"
6012
6917
msgstr ""
6013
6918
6014
#: serverguide/C/vcs.xml:465(para)
6919
#: serverguide/C/vcs.xml:468(para)
6015
6920
msgid ""
6016
6921
"You can confirm that the CVS server is running by issuing the following "
6017
6922
"command:"
6018
6923
msgstr ""
6019
6924
6020
#: serverguide/C/vcs.xml:472(command)
6925
#: serverguide/C/vcs.xml:475(command)
6021
6926
msgid "sudo netstat -tap | grep cvs"
6022
6927
msgstr ""
6023
6928
6024
#: serverguide/C/vcs.xml:476(para) serverguide/C/databases.xml:65(para)
6929
#: serverguide/C/vcs.xml:479(para) serverguide/C/databases.xml:65(para)
6025
6930
msgid ""
6026
6931
"When you run this command, you should see the following line or something "
6027
6932
"similar:"
6028
6933
msgstr ""
6029
6934
6030
#: serverguide/C/vcs.xml:481(programlisting)
6935
#: serverguide/C/vcs.xml:484(programlisting)
6031
6936
#, no-wrap
6032
6937
msgid ""
6033
6938
"\n"
6034
6939
"tcp 0 0 *:cvspserver *:* LISTEN \n"
6035
6940
msgstr ""
6036
6941
6037
#: serverguide/C/vcs.xml:485(para)
6942
#: serverguide/C/vcs.xml:488(para)
6038
6943
msgid ""
6039
6944
"From here you can continue to add users, add new projects, and manage the "
6040
6945
"CVS server."
6041
6946
msgstr ""
6042
6947
6043
#: serverguide/C/vcs.xml:490(para)
6948
#: serverguide/C/vcs.xml:493(para)
6044
6949
msgid ""
6045
6950
"CVS allows the user to add users independently of the underlying OS "
6046
6951
"installation. Probably the easiest way is to use the Linux Users for CVS, "
6048
6953
"for details."
6049
6954
msgstr ""
6050
6955
6051
#: serverguide/C/vcs.xml:500(title)
6956
#: serverguide/C/vcs.xml:503(title)
6052
6957
msgid "Add Projects"
6053
6958
msgstr ""
6054
6959
6055
#: serverguide/C/vcs.xml:512(para)
6960
#: serverguide/C/vcs.xml:515(para)
6056
6961
msgid ""
6057
6962
"You can use the CVSROOT environment variable to store the CVS root "
6058
6963
"directory. Once you export the CVSROOT environment variable, you can avoid "
6059
6964
"using -d option in the above cvs command."
6060
6965
msgstr ""
6061
6966
6062
#: serverguide/C/vcs.xml:524(para)
6967
#: serverguide/C/vcs.xml:527(para)
6063
6968
msgid ""
6064
6969
"When you add a new project, the CVS user you use must have write access to "
6065
6970
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
6068
6973
"manage projects in the CVS repository."
6069
6974
msgstr ""
6070
6975
6071
#: serverguide/C/vcs.xml:501(para)
6976
#: serverguide/C/vcs.xml:504(para)
6072
6977
msgid ""
6073
6978
"This section explains how to add new project to the CVS repository. Create "
6074
6979
"the directory and add necessary document and source files to the directory. "
6083
6988
"<placeholder-2/>"
6084
6989
msgstr ""
6085
6990
6086
#: serverguide/C/vcs.xml:537(ulink)
6991
#: serverguide/C/vcs.xml:540(ulink)
6087
6992
msgid "Bazaar Home Page"
6088
6993
msgstr ""
6089
6994
6090
#: serverguide/C/vcs.xml:538(ulink)
6995
#: serverguide/C/vcs.xml:541(ulink)
6091
6996
msgid "Launchpad"
6092
6997
msgstr ""
6093
6998
6094
#: serverguide/C/vcs.xml:539(ulink)
6999
#: serverguide/C/vcs.xml:542(ulink)
6095
7000
msgid "Subversion Home Page"
6096
7001
msgstr ""
6097
7002
6098
#: serverguide/C/vcs.xml:540(ulink)
7003
#: serverguide/C/vcs.xml:543(ulink)
6099
7004
msgid "Subversion Book"
6100
7005
msgstr ""
6101
7006
6102
#: serverguide/C/vcs.xml:542(ulink)
7007
#: serverguide/C/vcs.xml:545(ulink)
6103
7008
msgid "CVS Manual"
6104
7009
msgstr ""
6105
7010
7011
#: serverguide/C/vcs.xml:546(ulink)
7012
msgid "Easy Bazaar Ubuntu Wiki page"
7013
msgstr ""
7014
7015
#: serverguide/C/vcs.xml:547(ulink)
7016
msgid "Ubuntu Wiki Subversion page"
7017
msgstr ""
7018
6106
7019
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
6107
7020
msgid "Credits and License"
6108
7021
msgstr ""
6180
7093
#: serverguide/C/security.xml:17(para)
6181
7094
msgid ""
6182
7095
"This chapter provides an overview of security related topics as they pertain "
6183
"to Ubuntu 9.10 Server Edition, and outlines simple measures you may use to "
6184
"protect your server and network from any number of potential security "
7096
"to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use "
7097
"to protect your server and network from any number of potential security "
6185
7098
"threats."
6186
7099
msgstr ""
6187
7100
6748
7661
"To disable the reboot action taken by pressing the "
6749
7662
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6750
7663
"eycombo> key combination, comment out the following line in the file "
6751
"<filename>/etc/event.d/control-alt-delete</filename>."
7664
"<filename>/etc/init/control-alt-delete.conf</filename>."
6752
7665
msgstr ""
6753
7666
6754
7667
#: serverguide/C/security.xml:343(programlisting)
6755
7668
#, no-wrap
6756
7669
msgid ""
6757
7670
"\n"
6758
"#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
6759
msgstr ""
6760
6761
#: serverguide/C/security.xml:350(title)
6762
msgid "GRUB Password Security"
6763
msgstr ""
6764
6765
#: serverguide/C/security.xml:351(para)
6766
msgid ""
6767
"Ubuntu installs GNU GRUB as its default boot loader, which allows for great "
6768
"flexibility and recovery options. For example, when you install additional "
6769
"kernel images, these are automatically added as available boot options in "
6770
"the <application>grub</application> menu. Also, by default, alternate boot "
6771
"options are available for each kernel entry that may be used for system "
6772
"recovery, aptly labeled (recovery mode). Recovery mode simply boots the "
6773
"corresponding kernel image into single user mode (init 1), which lands the "
6774
"administrator at a root prompt without the need for any password."
6775
msgstr ""
6776
6777
#: serverguide/C/security.xml:354(para)
6778
msgid ""
6779
"Therefore, it is important to control who may edit the "
6780
"<application>grub</application> menu items which, would otherwise allow for "
6781
"someone to perform the following dangerous actions:"
6782
msgstr ""
6783
6784
#: serverguide/C/security.xml:359(para)
6785
msgid "Pass kernel options at boot up."
6786
msgstr ""
6787
6788
#: serverguide/C/security.xml:364(para)
6789
msgid "Boot the server into single user mode."
6790
msgstr ""
6791
6792
#: serverguide/C/security.xml:369(para)
6793
msgid ""
6794
"You can prevent these actions by adding a password to GRUB's configuration "
6795
"file of <filename>/boot/grub/menu.lst</filename>, which will be required to "
6796
"unlock GRUB's more advanced features prior to use."
6797
msgstr ""
6798
6799
#: serverguide/C/security.xml:374(para)
6800
msgid ""
6801
"To add a password for use with <application>grub</application>, first you "
6802
"must generate an md5 password hash using the <application>grub-md5-"
6803
"crypt</application> utility:"
6804
msgstr ""
6805
6806
#: serverguide/C/security.xml:378(command)
6807
msgid "grub-md5-crypt"
6808
msgstr ""
6809
6810
#: serverguide/C/security.xml:380(para)
6811
msgid ""
6812
"The command will ask you to enter a password and offer a resulting hash "
6813
"value as shown below:"
6814
msgstr ""
6815
6816
#: serverguide/C/security.xml:383(userinput)
6817
#, no-wrap
6818
msgid "(enter new password)"
6819
msgstr ""
6820
6821
#: serverguide/C/security.xml:384(userinput)
6822
#, no-wrap
6823
msgid "(repeat password)"
6824
msgstr ""
6825
6826
#: serverguide/C/security.xml:383(computeroutput)
6827
#, no-wrap
6828
msgid ""
6829
"Password: <placeholder-1/>\n"
6830
"Retype password: <placeholder-2/>\n"
6831
"$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6832
msgstr ""
6833
6834
#: serverguide/C/security.xml:389(para)
6835
msgid ""
6836
"Add the resulting hash value to the file "
6837
"<filename>/boot/grub/menu.lst</filename> in the following format:"
6838
msgstr ""
6839
6840
#: serverguide/C/security.xml:392(programlisting)
6841
#, no-wrap
6842
msgid "password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6843
msgstr ""
6844
6845
#: serverguide/C/security.xml:395(para)
6846
msgid ""
6847
"To require use of the password for entering single user mode, change the "
6848
"value of the <varname>lockalternative</varname> variable in the file "
6849
"<filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as "
6850
"shown in the following example."
6851
msgstr ""
6852
6853
#: serverguide/C/security.xml:398(programlisting)
6854
#, no-wrap
6855
msgid "# lockalternative=true"
6856
msgstr ""
6857
6858
#: serverguide/C/security.xml:402(para)
6859
msgid ""
6860
"This does not prevent someone from booting the server from alternate media. "
6861
"A determined attacker would simply boot into an alternate environment, "
6862
"overwrite your master boot record, mount or copy your physical volumes, "
6863
"destroy your data, or anything else they can imagine. Please explore other "
6864
"countermeasures that may help you with these types of attacks."
6865
msgstr ""
6866
6867
#: serverguide/C/security.xml:410(title)
7671
"#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
7672
msgstr ""
7673
7674
#: serverguide/C/security.xml:352(title)
6868
7675
msgid "Firewall"
6869
7676
msgstr ""
6870
7677
6871
#: serverguide/C/security.xml:413(para)
7678
#: serverguide/C/security.xml:355(para)
6872
7679
msgid ""
6873
7680
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6874
7681
"which is used to manipulate or decide the fate of network traffic headed "
6876
7683
"system for packet filtering."
6877
7684
msgstr ""
6878
7685
6879
#: serverguide/C/security.xml:418(para)
7686
#: serverguide/C/security.xml:360(para)
6880
7687
msgid ""
6881
7688
"The kernel's packet filtering system would be of little use to "
6882
7689
"administrators without a userspace interface to manage it. This is the "
6887
7694
"but many frontends are available to simplify the task."
6888
7695
msgstr ""
6889
7696
6890
#: serverguide/C/security.xml:428(title)
7697
#: serverguide/C/security.xml:370(title)
6891
7698
msgid "ufw - Uncomplicated Firewall"
6892
7699
msgstr ""
6893
7700
6894
#: serverguide/C/security.xml:429(para)
7701
#: serverguide/C/security.xml:371(para)
6895
7702
msgid ""
6896
7703
"The default firewall configuration tool for Ubuntu is "
6897
7704
"<application>ufw</application>. Developed to ease iptables firewall "
6899
7706
"to create an IPv4 or IPv6 host-based firewall."
6900
7707
msgstr ""
6901
7708
6902
#: serverguide/C/security.xml:433(para)
7709
#: serverguide/C/security.xml:375(para)
6903
7710
msgid ""
6904
7711
"<application>ufw</application> by default is initially disabled. From the "
6905
7712
"<application>ufw</application> man page:"
6906
7713
msgstr ""
6907
7714
6908
#: serverguide/C/security.xml:437(quote)
7715
#: serverguide/C/security.xml:379(quote)
6909
7716
msgid ""
6910
7717
"ufw is not intended to provide complete firewall functionality via its "
6911
7718
"command interface, but instead provides an easy way to add or remove simple "
6912
7719
"rules. It is currently mainly used for host-based firewalls."
6913
7720
msgstr ""
6914
7721
6915
#: serverguide/C/security.xml:441(para)
7722
#: serverguide/C/security.xml:383(para)
6916
7723
msgid ""
6917
7724
"The following are some examples of how to use <application>ufw</application>:"
6918
7725
msgstr ""
6919
7726
6920
#: serverguide/C/security.xml:446(para)
7727
#: serverguide/C/security.xml:388(para)
6921
7728
msgid ""
6922
7729
"First, <application>ufw</application> needs to be enabled. From a terminal "
6923
7730
"prompt enter:"
6924
7731
msgstr ""
6925
7732
6926
#: serverguide/C/security.xml:450(command)
7733
#: serverguide/C/security.xml:392(command)
6927
7734
msgid "sudo ufw enable"
6928
7735
msgstr ""
6929
7736
6930
#: serverguide/C/security.xml:454(para)
7737
#: serverguide/C/security.xml:396(para)
6931
7738
msgid "To open a port (ssh in this example):"
6932
7739
msgstr ""
6933
7740
6934
#: serverguide/C/security.xml:458(command)
7741
#: serverguide/C/security.xml:400(command)
6935
7742
msgid "sudo ufw allow 22"
6936
7743
msgstr ""
6937
7744
6938
#: serverguide/C/security.xml:462(para)
7745
#: serverguide/C/security.xml:404(para)
6939
7746
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6940
7747
msgstr ""
6941
7748
6942
#: serverguide/C/security.xml:466(command)
7749
#: serverguide/C/security.xml:408(command)
6943
7750
msgid "sudo ufw insert 1 allow 80"
6944
7751
msgstr ""
6945
7752
6946
#: serverguide/C/security.xml:470(para)
7753
#: serverguide/C/security.xml:412(para)
6947
7754
msgid "Similarly, to close an opened port:"
6948
7755
msgstr ""
6949
7756
6950
#: serverguide/C/security.xml:474(command)
7757
#: serverguide/C/security.xml:416(command)
6951
7758
msgid "sudo ufw deny 22"
6952
7759
msgstr ""
6953
7760
6954
#: serverguide/C/security.xml:478(para)
7761
#: serverguide/C/security.xml:420(para)
6955
7762
msgid "To remove a rule, use delete followed by the rule:"
6956
7763
msgstr ""
6957
7764
6958
#: serverguide/C/security.xml:482(command)
7765
#: serverguide/C/security.xml:424(command)
6959
7766
msgid "sudo ufw delete deny 22"
6960
7767
msgstr ""
6961
7768
6962
#: serverguide/C/security.xml:486(para)
7769
#: serverguide/C/security.xml:428(para)
6963
7770
msgid ""
6964
7771
"It is also possible to allow access from specific hosts or networks to a "
6965
7772
"port. The following example allows ssh access from host 192.168.0.2 to any "
6966
7773
"ip address on this host:"
6967
7774
msgstr ""
6968
7775
6969
#: serverguide/C/security.xml:491(command)
7776
#: serverguide/C/security.xml:433(command)
6970
7777
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6971
7778
msgstr ""
6972
7779
6973
#: serverguide/C/security.xml:493(para)
7780
#: serverguide/C/security.xml:435(para)
6974
7781
msgid ""
6975
7782
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6976
7783
"subnet."
6977
7784
msgstr ""
6978
7785
6979
#: serverguide/C/security.xml:499(para)
7786
#: serverguide/C/security.xml:441(para)
6980
7787
msgid ""
6981
7788
"Adding the <emphasis>--dry-run</emphasis> option to a "
6982
7789
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6984
7791
"the HTTP port:"
6985
7792
msgstr ""
6986
7793
6987
#: serverguide/C/security.xml:505(command)
7794
#: serverguide/C/security.xml:447(command)
6988
7795
msgid "sudo ufw --dry-run allow http"
6989
7796
msgstr ""
6990
7797
6991
#: serverguide/C/security.xml:509(computeroutput)
7798
#: serverguide/C/security.xml:451(computeroutput)
6992
7799
#, no-wrap
6993
7800
msgid ""
6994
7801
"*filter\n"
7014
7821
"Rules updated"
7015
7822
msgstr ""
7016
7823
7017
#: serverguide/C/security.xml:533(para)
7824
#: serverguide/C/security.xml:475(para)
7018
7825
msgid "<application>ufw</application> can be disabled by:"
7019
7826
msgstr ""
7020
7827
7021
#: serverguide/C/security.xml:537(command)
7828
#: serverguide/C/security.xml:479(command)
7022
7829
msgid "sudo ufw disable"
7023
7830
msgstr ""
7024
7831
7025
#: serverguide/C/security.xml:541(para)
7832
#: serverguide/C/security.xml:483(para)
7026
7833
msgid "To see the firewall status, enter:"
7027
7834
msgstr ""
7028
7835
7029
#: serverguide/C/security.xml:545(command)
7836
#: serverguide/C/security.xml:487(command)
7030
7837
msgid "sudo ufw status"
7031
7838
msgstr ""
7032
7839
7033
#: serverguide/C/security.xml:549(para)
7840
#: serverguide/C/security.xml:491(para)
7034
7841
msgid "And for more verbose status information use:"
7035
7842
msgstr ""
7036
7843
7037
#: serverguide/C/security.xml:553(command)
7844
#: serverguide/C/security.xml:495(command)
7038
7845
msgid "sudo ufw status verbose"
7039
7846
msgstr ""
7040
7847
7041
#: serverguide/C/security.xml:557(para)
7848
#: serverguide/C/security.xml:499(para)
7042
7849
msgid "To view the <emphasis>numbered</emphasis> format:"
7043
7850
msgstr ""
7044
7851
7045
#: serverguide/C/security.xml:561(command)
7852
#: serverguide/C/security.xml:503(command)
7046
7853
msgid "sudo ufw status numbered"
7047
7854
msgstr ""
7048
7855
7049
#: serverguide/C/security.xml:566(para)
7856
#: serverguide/C/security.xml:508(para)
7050
7857
msgid ""
7051
7858
"If the port you want to open or close is defined in "
7052
7859
"<filename>/etc/services</filename>, you can use the port name instead of the "
7054
7861
"<emphasis>ssh</emphasis>."
7055
7862
msgstr ""
7056
7863
7057
#: serverguide/C/security.xml:572(para)
7864
#: serverguide/C/security.xml:514(para)
7058
7865
msgid ""
7059
7866
"This is a quick introduction to using <application>ufw</application>. Please "
7060
7867
"refer to the <application>ufw</application> man page for more information."
7061
7868
msgstr ""
7062
7869
7063
#: serverguide/C/security.xml:578(title)
7870
#: serverguide/C/security.xml:520(title)
7064
7871
msgid "ufw Application Integration"
7065
7872
msgstr ""
7066
7873
7067
#: serverguide/C/security.xml:580(para)
7874
#: serverguide/C/security.xml:522(para)
7068
7875
msgid ""
7069
7876
"Applications that open ports can include an <application>ufw</application> "
7070
7877
"profile, which details the ports needed for the application to function "
7073
7880
"the default ports have been changed."
7074
7881
msgstr ""
7075
7882
7076
#: serverguide/C/security.xml:589(para)
7883
#: serverguide/C/security.xml:531(para)
7077
7884
msgid ""
7078
7885
"To view which applications have installed a profile, enter the following in "
7079
7886
"a terminal:"
7080
7887
msgstr ""
7081
7888
7082
#: serverguide/C/security.xml:594(command)
7889
#: serverguide/C/security.xml:536(command)
7083
7890
msgid "sudo ufw app list"
7084
7891
msgstr ""
7085
7892
7086
#: serverguide/C/security.xml:600(para)
7893
#: serverguide/C/security.xml:542(para)
7087
7894
msgid ""
7088
7895
"Similar to allowing traffic to a port, using an application profile is "
7089
7896
"accomplished by entering:"
7090
7897
msgstr ""
7091
7898
7092
#: serverguide/C/security.xml:605(command)
7899
#: serverguide/C/security.xml:547(command)
7093
7900
msgid "sudo ufw allow Samba"
7094
7901
msgstr ""
7095
7902
7096
#: serverguide/C/security.xml:611(para)
7903
#: serverguide/C/security.xml:553(para)
7097
7904
msgid "An extended syntax is available as well:"
7098
7905
msgstr ""
7099
7906
7100
#: serverguide/C/security.xml:616(command)
7907
#: serverguide/C/security.xml:558(command)
7101
7908
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7102
7909
msgstr ""
7103
7910
7104
#: serverguide/C/security.xml:619(para)
7911
#: serverguide/C/security.xml:561(para)
7105
7912
msgid ""
7106
7913
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7107
7914
"with the application profile you are using and the IP range for your network."
7108
7915
msgstr ""
7109
7916
7110
#: serverguide/C/security.xml:625(para)
7917
#: serverguide/C/security.xml:567(para)
7111
7918
msgid ""
7112
7919
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7113
7920
"application, because that information is detailed in the profile. Also, note "
7115
7922
"<emphasis>port</emphasis> number."
7116
7923
msgstr ""
7117
7924
7118
#: serverguide/C/security.xml:634(para)
7925
#: serverguide/C/security.xml:576(para)
7119
7926
msgid ""
7120
7927
"To view details about which ports, protocols, etc are defined for an "
7121
7928
"application, enter:"
7122
7929
msgstr ""
7123
7930
7124
#: serverguide/C/security.xml:639(command)
7931
#: serverguide/C/security.xml:581(command)
7125
7932
msgid "sudo ufw app info Samba"
7126
7933
msgstr ""
7127
7934
7128
#: serverguide/C/security.xml:645(para)
7935
#: serverguide/C/security.xml:587(para)
7129
7936
msgid ""
7130
7937
"Not all applications that require opening a network port come with "
7131
7938
"<application>ufw</application> profiles, but if you have profiled an "
7134
7941
"url=\"https://launchpad.net/\">Launchpad</ulink>."
7135
7942
msgstr ""
7136
7943
7137
#: serverguide/C/security.xml:654(title)
7944
#: serverguide/C/security.xml:596(title)
7138
7945
msgid "IP Masquerading"
7139
7946
msgstr ""
7140
7947
7141
#: serverguide/C/security.xml:655(para)
7948
#: serverguide/C/security.xml:597(para)
7142
7949
msgid ""
7143
7950
"The purpose of IP Masquerading is to allow machines with private, non-"
7144
7951
"routable IP addresses on your network to access the Internet through the "
7155
7962
"to in Microsoft documentation as Internet Connection Sharing."
7156
7963
msgstr ""
7157
7964
7158
#: serverguide/C/security.xml:671(title)
7965
#: serverguide/C/security.xml:613(title)
7159
7966
msgid "ufw Masquerading"
7160
7967
msgstr ""
7161
7968
7162
#: serverguide/C/security.xml:672(para)
7969
#: serverguide/C/security.xml:614(para)
7163
7970
msgid ""
7164
7971
"IP Masquerading can be achieved using custom <application>ufw</application> "
7165
7972
"rules. This is possible because the current back-end for "
7170
7977
"that are more network gateway or bridge related."
7171
7978
msgstr ""
7172
7979
7173
#: serverguide/C/security.xml:678(para)
7980
#: serverguide/C/security.xml:620(para)
7174
7981
msgid ""
7175
7982
"The rules are split into two different files, rules that should be executed "
7176
7983
"before <application>ufw</application> command line rules, and rules that are "
7177
7984
"executed after <application>ufw</application> command line rules."
7178
7985
msgstr ""
7179
7986
7180
#: serverguide/C/security.xml:684(para)
7987
#: serverguide/C/security.xml:626(para)
7181
7988
msgid ""
7182
7989
"First, packet forwarding needs to be enabled in "
7183
7990
"<application>ufw</application>. Two configuration files will need to be "
7185
7992
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
7186
7993
msgstr ""
7187
7994
7188
#: serverguide/C/security.xml:688(programlisting)
7995
#: serverguide/C/security.xml:630(programlisting)
7189
7996
#, no-wrap
7190
7997
msgid ""
7191
7998
"\n"
7192
7999
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
7193
8000
msgstr ""
7194
8001
7195
#: serverguide/C/security.xml:691(para)
8002
#: serverguide/C/security.xml:633(para)
7196
8003
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
7197
8004
msgstr ""
7198
8005
7199
#: serverguide/C/security.xml:694(programlisting)
8006
#: serverguide/C/security.xml:636(programlisting)
7200
8007
#, no-wrap
7201
8008
msgid ""
7202
8009
"\n"
7203
8010
"net/ipv4/ip_forward=1\n"
7204
8011
msgstr ""
7205
8012
7206
#: serverguide/C/security.xml:697(para)
8013
#: serverguide/C/security.xml:639(para)
7207
8014
msgid "Similarly, for IPv6 forwarding uncomment:"
7208
8015
msgstr ""
7209
8016
7210
#: serverguide/C/security.xml:700(programlisting)
8017
#: serverguide/C/security.xml:642(programlisting)
7211
8018
#, no-wrap
7212
8019
msgid ""
7213
8020
"\n"
7214
8021
"net/ipv6/conf/default/forwarding=1\n"
7215
8022
msgstr ""
7216
8023
7217
#: serverguide/C/security.xml:705(para)
8024
#: serverguide/C/security.xml:647(para)
7218
8025
msgid ""
7219
8026
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
7220
8027
"file. The default rules only configure the <emphasis>filter</emphasis> "
7223
8030
"the header comments:"
7224
8031
msgstr ""
7225
8032
7226
#: serverguide/C/security.xml:710(programlisting)
8033
#: serverguide/C/security.xml:652(programlisting)
7227
8034
#, no-wrap
7228
8035
msgid ""
7229
8036
"\n"
7239
8046
"COMMIT\n"
7240
8047
msgstr ""
7241
8048
7242
#: serverguide/C/security.xml:721(para)
8049
#: serverguide/C/security.xml:663(para)
7243
8050
msgid ""
7244
8051
"The comments are not strictly necessary, but it is considered good practice "
7245
8052
"to document your configuration. Also, when modifying any of the "
7248
8055
"line for each table modified:"
7249
8056
msgstr ""
7250
8057
7251
#: serverguide/C/security.xml:727(programlisting)
8058
#: serverguide/C/security.xml:669(programlisting)
7252
8059
#, no-wrap
7253
8060
msgid ""
7254
8061
"\n"
7256
8063
"COMMIT\n"
7257
8064
msgstr ""
7258
8065
7259
#: serverguide/C/security.xml:732(para)
8066
#: serverguide/C/security.xml:674(para)
7260
8067
msgid ""
7261
8068
"For each <emphasis>Table</emphasis> a corresponding "
7262
8069
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
7265
8072
"<emphasis>mangle</emphasis> tables."
7266
8073
msgstr ""
7267
8074
7268
#: serverguide/C/security.xml:739(para)
8075
#: serverguide/C/security.xml:681(para)
7269
8076
msgid ""
7270
8077
"In the above example replace <emphasis>eth0</emphasis>, "
7271
8078
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
7272
8079
"appropriate interfaces and IP range for your network."
7273
8080
msgstr ""
7274
8081
7275
#: serverguide/C/security.xml:747(para)
8082
#: serverguide/C/security.xml:689(para)
7276
8083
msgid ""
7277
8084
"Finally, disable and re-enable <application>ufw</application> to apply the "
7278
8085
"changes:"
7279
8086
msgstr ""
7280
8087
7281
#: serverguide/C/security.xml:751(command)
8088
#: serverguide/C/security.xml:693(command)
7282
8089
msgid "sudo ufw disable && sudo ufw enable"
7283
8090
msgstr ""
7284
8091
7285
#: serverguide/C/security.xml:755(para)
8092
#: serverguide/C/security.xml:697(para)
7286
8093
msgid ""
7287
8094
"IP Masquerading should now be enabled. You can also add any additional "
7288
8095
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
7290
8097
"forward</emphasis> chain."
7291
8098
msgstr ""
7292
8099
7293
#: serverguide/C/security.xml:762(title)
8100
#: serverguide/C/security.xml:704(title)
7294
8101
msgid "iptables Masquerading"
7295
8102
msgstr ""
7296
8103
7297
#: serverguide/C/security.xml:763(para)
8104
#: serverguide/C/security.xml:705(para)
7298
8105
msgid ""
7299
8106
"<application>iptables</application> can also be used to enable masquerading."
7300
8107
msgstr ""
7301
8108
7302
#: serverguide/C/security.xml:768(para)
8109
#: serverguide/C/security.xml:710(para)
7303
8110
msgid ""
7304
8111
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
7305
8112
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
7306
8113
"uncomment the following line"
7307
8114
msgstr ""
7308
8115
7309
#: serverguide/C/security.xml:772(programlisting)
8116
#: serverguide/C/security.xml:714(programlisting)
7310
8117
#, no-wrap
7311
8118
msgid ""
7312
8119
"\n"
7313
8120
"net.ipv4.ip_forward=1\n"
7314
8121
msgstr ""
7315
8122
7316
#: serverguide/C/security.xml:775(para)
8123
#: serverguide/C/security.xml:717(para)
7317
8124
msgid "If you wish to enable IPv6 forwarding also uncomment:"
7318
8125
msgstr ""
7319
8126
7320
#: serverguide/C/security.xml:778(programlisting)
8127
#: serverguide/C/security.xml:720(programlisting)
7321
8128
#, no-wrap
7322
8129
msgid ""
7323
8130
"\n"
7324
8131
"net.ipv6.conf.default.forwarding=1\n"
7325
8132
msgstr ""
7326
8133
7327
#: serverguide/C/security.xml:783(para)
8134
#: serverguide/C/security.xml:725(para)
7328
8135
msgid ""
7329
8136
"Next, execute the <application>sysctl</application> command to enable the "
7330
8137
"new settings in the configuration file:"
7331
8138
msgstr ""
7332
8139
7333
#: serverguide/C/security.xml:787(command)
8140
#: serverguide/C/security.xml:729(command)
7334
8141
msgid "sudo sysctl -p"
7335
8142
msgstr ""
7336
8143
7337
#: serverguide/C/security.xml:791(para)
8144
#: serverguide/C/security.xml:733(para)
7338
8145
msgid ""
7339
8146
"IP Masquerading can now be accomplished with a single iptables rule, which "
7340
8147
"may differ slightly based on your network configuration:"
7341
8148
msgstr ""
7342
8149
7343
#: serverguide/C/security.xml:794(screen)
8150
#: serverguide/C/security.xml:736(screen)
7344
8151
#, no-wrap
7345
8152
msgid ""
7346
8153
"\n"
7347
8154
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7348
8155
msgstr ""
7349
8156
7350
#: serverguide/C/security.xml:797(para)
8157
#: serverguide/C/security.xml:739(para)
7351
8158
msgid ""
7352
8159
"The above command assumes that your private address space is 192.168.0.0/16 "
7353
8160
"and that your Internet-facing device is ppp0. The syntax is broken down as "
7354
8161
"follows:"
7355
8162
msgstr ""
7356
8163
7357
#: serverguide/C/security.xml:802(para)
8164
#: serverguide/C/security.xml:744(para)
7358
8165
msgid "-t nat -- the rule is to go into the nat table"
7359
8166
msgstr ""
7360
8167
7361
#: serverguide/C/security.xml:803(para)
8168
#: serverguide/C/security.xml:745(para)
7362
8169
msgid ""
7363
8170
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
7364
8171
msgstr ""
7365
8172
7366
#: serverguide/C/security.xml:804(para)
8173
#: serverguide/C/security.xml:746(para)
7367
8174
msgid ""
7368
8175
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
7369
8176
"specified address space"
7370
8177
msgstr ""
7371
8178
7372
#: serverguide/C/security.xml:805(para)
8179
#: serverguide/C/security.xml:747(para)
7373
8180
msgid ""
7374
8181
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
7375
8182
"specified network device"
7376
8183
msgstr ""
7377
8184
7378
#: serverguide/C/security.xml:807(para)
8185
#: serverguide/C/security.xml:749(para)
7379
8186
msgid ""
7380
8187
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
7381
8188
"MASQUERADE target to be manipulated as described above"
7382
8189
msgstr ""
7383
8190
7384
#: serverguide/C/security.xml:815(para)
8191
#: serverguide/C/security.xml:757(para)
7385
8192
msgid ""
7386
8193
"Also, each chain in the filter table (the default table, and where most or "
7387
8194
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7391
8198
"above rule to work:"
7392
8199
msgstr ""
7393
8200
7394
#: serverguide/C/security.xml:822(screen)
8201
#: serverguide/C/security.xml:764(screen)
7395
8202
#, no-wrap
7396
8203
msgid ""
7397
8204
"\n"
7400
8207
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
7401
8208
msgstr ""
7402
8209
7403
#: serverguide/C/security.xml:826(para)
8210
#: serverguide/C/security.xml:768(para)
7404
8211
msgid ""
7405
8212
"The above commands will allow all connections from your local network to the "
7406
8213
"Internet and all traffic related to those connections to return to the "
7407
8214
"machine that initiated them."
7408
8215
msgstr ""
7409
8216
7410
#: serverguide/C/security.xml:833(para)
8217
#: serverguide/C/security.xml:775(para)
7411
8218
msgid ""
7412
8219
"If you want masquerading to be enabled on reboot, which you probably do, "
7413
8220
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
7414
8221
"example add the first command with no filtering:"
7415
8222
msgstr ""
7416
8223
7417
#: serverguide/C/security.xml:837(screen)
8224
#: serverguide/C/security.xml:779(screen)
7418
8225
#, no-wrap
7419
8226
msgid ""
7420
8227
"\n"
7421
8228
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7422
8229
msgstr ""
7423
8230
7424
#: serverguide/C/security.xml:845(title)
8231
#: serverguide/C/security.xml:787(title)
7425
8232
msgid "Logs"
7426
8233
msgstr ""
7427
8234
7428
#: serverguide/C/security.xml:846(para)
8235
#: serverguide/C/security.xml:788(para)
7429
8236
msgid ""
7430
8237
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7431
8238
"firewall rules, and noticing unusual activity on your network. You must "
7435
8242
"REJECT)."
7436
8243
msgstr ""
7437
8244
7438
#: serverguide/C/security.xml:853(para)
8245
#: serverguide/C/security.xml:795(para)
7439
8246
msgid ""
7440
8247
"If you are using <application>ufw</application>, you can turn on logging by "
7441
8248
"entering the following in a terminal:"
7442
8249
msgstr ""
7443
8250
7444
#: serverguide/C/security.xml:857(command)
8251
#: serverguide/C/security.xml:799(command)
7445
8252
msgid "sudo ufw logging on"
7446
8253
msgstr ""
7447
8254
7448
#: serverguide/C/security.xml:859(para)
8255
#: serverguide/C/security.xml:801(para)
7449
8256
msgid ""
7450
8257
"To turn logging off in <application>ufw</application>, simply replace "
7451
8258
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7452
8259
"role=\"italic\">off</emphasis> in the above command."
7453
8260
msgstr ""
7454
8261
7455
#: serverguide/C/security.xml:862(para)
8262
#: serverguide/C/security.xml:804(para)
7456
8263
msgid ""
7457
8264
"If using <application>iptables</application> instead of "
7458
8265
"<application>ufw</application>, enter:"
7459
8266
msgstr ""
7460
8267
7461
#: serverguide/C/security.xml:865(screen)
8268
#: serverguide/C/security.xml:807(screen)
7462
8269
#, no-wrap
7463
8270
msgid ""
7464
8271
"\n"
7466
8273
"prefix \"NEW_HTTP_CONN: \"\n"
7467
8274
msgstr ""
7468
8275
7469
#: serverguide/C/security.xml:868(para)
8276
#: serverguide/C/security.xml:810(para)
7470
8277
msgid ""
7471
8278
"A request on port 80 from the local machine, then, would generate a log in "
7472
8279
"dmesg that looks like this:"
7473
8280
msgstr ""
7474
8281
7475
#: serverguide/C/security.xml:873(programlisting)
8282
#: serverguide/C/security.xml:815(programlisting)
7476
8283
#, no-wrap
7477
8284
msgid ""
7478
8285
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
7481
8288
"WINDOW=32767 RES=0x00 SYN URGP=0"
7482
8289
msgstr ""
7483
8290
7484
#: serverguide/C/security.xml:875(para)
8291
#: serverguide/C/security.xml:817(para)
7485
8292
msgid ""
7486
8293
"The above log will also appear in <filename>/var/log/messages</filename>, "
7487
8294
"<filename>/var/log/syslog</filename>, and "
7497
8304
"<application> fwlogwatch</application>, or <application>lire</application>."
7498
8305
msgstr ""
7499
8306
7500
#: serverguide/C/security.xml:890(title)
8307
#: serverguide/C/security.xml:832(title)
7501
8308
msgid "Other Tools"
7502
8309
msgstr ""
7503
8310
7504
#: serverguide/C/security.xml:891(para)
8311
#: serverguide/C/security.xml:833(para)
7505
8312
msgid ""
7506
8313
"There are many tools available to help you construct a complete firewall "
7507
8314
"without intimate knowledge of iptables. For the GUI-inclined:"
7508
8315
msgstr ""
7509
8316
7510
#: serverguide/C/security.xml:897(para)
8317
#: serverguide/C/security.xml:839(para)
7511
8318
msgid ""
7512
8319
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
7513
8320
"popular and easy to use."
7514
8321
msgstr ""
7515
8322
7516
#: serverguide/C/security.xml:902(para)
8323
#: serverguide/C/security.xml:844(para)
7517
8324
msgid ""
7518
8325
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7519
8326
"and will look familiar to an administrator who has used a commercial "
7520
8327
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7521
8328
msgstr ""
7522
8329
7523
#: serverguide/C/security.xml:908(para)
8330
#: serverguide/C/security.xml:850(para)
7524
8331
msgid ""
7525
8332
"If you prefer a command-line tool with plain-text configuration files:"
7526
8333
msgstr ""
7527
8334
7528
#: serverguide/C/security.xml:913(para)
8335
#: serverguide/C/security.xml:855(para)
7529
8336
msgid ""
7530
8337
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7531
8338
"powerful solution to help you configure an advanced firewall for any network."
7532
8339
msgstr ""
7533
8340
7534
#: serverguide/C/security.xml:919(para)
8341
#: serverguide/C/security.xml:861(para)
7535
8342
msgid ""
7536
8343
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
7537
8344
"a working firewall \"out of the box\" with zero configuration, and will "
7539
8346
"documented configuration files."
7540
8347
msgstr ""
7541
8348
7542
#: serverguide/C/security.xml:926(para)
8349
#: serverguide/C/security.xml:868(para)
7543
8350
msgid ""
7544
8351
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
7545
8352
"designed to be a desktop firewall application. It is made up of a server "
7547
8354
"like many popular interactive firewall applications for Windows."
7548
8355
msgstr ""
7549
8356
7550
#: serverguide/C/security.xml:938(para)
8357
#: serverguide/C/security.xml:880(para)
7551
8358
msgid ""
7552
8359
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
7553
8360
"Firewall</ulink> wiki page contains information on the development of "
7554
8361
"<application>ufw</application>."
7555
8362
msgstr ""
7556
8363
7557
#: serverguide/C/security.xml:944(para)
8364
#: serverguide/C/security.xml:886(para)
7558
8365
msgid ""
7559
8366
"Also, the <application>ufw</application> manual page contains some very "
7560
8367
"useful information: <command>man ufw</command>."
7561
8368
msgstr ""
7562
8369
7563
#: serverguide/C/security.xml:949(para)
8370
#: serverguide/C/security.xml:891(para)
7564
8371
msgid ""
7565
8372
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7566
8373
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7567
8374
"on using <application>iptables</application>."
7568
8375
msgstr ""
7569
8376
7570
#: serverguide/C/security.xml:955(para)
8377
#: serverguide/C/security.xml:897(para)
7571
8378
msgid ""
7572
8379
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7573
8380
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7574
8381
msgstr ""
7575
8382
7576
#: serverguide/C/security.xml:964(title)
8383
#: serverguide/C/security.xml:903(para)
8384
msgid ""
8385
"The <ulink url=\"https://help.ubuntu.com/community/IptablesHowTo\">IPTables "
8386
"HowTo</ulink> in the Ubuntu wiki is a great resource."
8387
msgstr ""
8388
8389
#: serverguide/C/security.xml:911(title)
7577
8390
msgid "AppArmor"
7578
8391
msgstr ""
7579
8392
7580
#: serverguide/C/security.xml:965(para)
8393
#: serverguide/C/security.xml:912(para)
7581
8394
msgid ""
7582
8395
"<application>AppArmor</application> is a Linux Security Module "
7583
8396
"implementation of name-based mandatory access controls. AppArmor confines "
7585
8398
"capabilities."
7586
8399
msgstr ""
7587
8400
7588
#: serverguide/C/security.xml:969(para)
8401
#: serverguide/C/security.xml:916(para)
7589
8402
msgid ""
7590
8403
"<application>AppArmor</application> is installed and loaded by default. It "
7591
8404
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7594
8407
"<application>apparmor-profiles</application> package."
7595
8408
msgstr ""
7596
8409
7597
#: serverguide/C/security.xml:974(para)
8410
#: serverguide/C/security.xml:921(para)
7598
8411
msgid ""
7599
8412
"To install the <application>apparmor-profiles</application> package from a "
7600
8413
"terminal prompt:"
7601
8414
msgstr ""
7602
8415
7603
#: serverguide/C/security.xml:980(para)
8416
#: serverguide/C/security.xml:927(para)
7604
8417
msgid "AppArmor profiles have two modes of execution:"
7605
8418
msgstr ""
7606
8419
7607
#: serverguide/C/security.xml:985(para)
8420
#: serverguide/C/security.xml:932(para)
7608
8421
msgid ""
7609
8422
"Complaining/Learning: profile violations are permitted and logged. Useful "
7610
8423
"for testing and developing new profiles."
7611
8424
msgstr ""
7612
8425
7613
#: serverguide/C/security.xml:990(para)
8426
#: serverguide/C/security.xml:937(para)
7614
8427
msgid ""
7615
8428
"Enforced/Confined: enforces profile policy as well as logging the violation."
7616
8429
msgstr ""
7617
8430
7618
#: serverguide/C/security.xml:996(title)
8431
#: serverguide/C/security.xml:943(title)
7619
8432
msgid "Using AppArmor"
7620
8433
msgstr ""
7621
8434
7622
#: serverguide/C/security.xml:997(para)
8435
#: serverguide/C/security.xml:944(para)
7623
8436
msgid ""
7624
8437
"The <application>apparmor-utils</application> package contains command line "
7625
8438
"utilities that you can use to change the <application>AppArmor</application> "
7626
8439
"execution mode, find the status of a profile, create new profiles, etc."
7627
8440
msgstr ""
7628
8441
7629
#: serverguide/C/security.xml:1003(para)
8442
#: serverguide/C/security.xml:950(para)
7630
8443
msgid ""
7631
8444
"<application>apparmor_status</application> is used to view the current "
7632
8445
"status of AppArmor profiles."
7633
8446
msgstr ""
7634
8447
7635
#: serverguide/C/security.xml:1007(command)
8448
#: serverguide/C/security.xml:954(command)
7636
8449
msgid "sudo apparmor_status"
7637
8450
msgstr ""
7638
8451
7639
#: serverguide/C/security.xml:1011(para)
8452
#: serverguide/C/security.xml:958(para)
7640
8453
msgid ""
7641
8454
"<application>aa-complain</application> places a profile into "
7642
8455
"<emphasis>complain</emphasis> mode."
7643
8456
msgstr ""
7644
8457
7645
#: serverguide/C/security.xml:1015(command)
8458
#: serverguide/C/security.xml:962(command)
7646
8459
msgid "sudo aa-complain /path/to/bin"
7647
8460
msgstr ""
7648
8461
7649
#: serverguide/C/security.xml:1019(para)
8462
#: serverguide/C/security.xml:966(para)
7650
8463
msgid ""
7651
8464
"<application>aa-enforce</application> places a profile into "
7652
8465
"<emphasis>enforce</emphasis> mode."
7653
8466
msgstr ""
7654
8467
7655
#: serverguide/C/security.xml:1023(command)
8468
#: serverguide/C/security.xml:970(command)
7656
8469
msgid "sudo aa-enforce /path/to/bin"
7657
8470
msgstr ""
7658
8471
7659
#: serverguide/C/security.xml:1027(para)
8472
#: serverguide/C/security.xml:974(para)
7660
8473
msgid ""
7661
8474
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7662
8475
"profiles are located. It can be used to manipulate the "
7663
8476
"<emphasis>mode</emphasis> of all profiles."
7664
8477
msgstr ""
7665
8478
7666
#: serverguide/C/security.xml:1031(para)
8479
#: serverguide/C/security.xml:978(para)
7667
8480
msgid "Enter the following to place all profiles into complain mode:"
7668
8481
msgstr ""
7669
8482
7670
#: serverguide/C/security.xml:1035(command)
8483
#: serverguide/C/security.xml:982(command)
7671
8484
msgid "sudo aa-complain /etc/apparmor.d/*"
7672
8485
msgstr ""
7673
8486
7674
#: serverguide/C/security.xml:1037(para)
8487
#: serverguide/C/security.xml:984(para)
7675
8488
msgid "To place all profiles in enforce mode:"
7676
8489
msgstr ""
7677
8490
7678
#: serverguide/C/security.xml:1041(command)
8491
#: serverguide/C/security.xml:988(command)
7679
8492
msgid "sudo aa-enforce /etc/apparmor.d/*"
7680
8493
msgstr ""
7681
8494
7682
#: serverguide/C/security.xml:1045(para)
8495
#: serverguide/C/security.xml:992(para)
7683
8496
msgid ""
7684
8497
"<application>apparmor_parser</application> is used to load a profile into "
7685
8498
"the kernel. It can also be used to reload a currently loaded profile using "
7686
8499
"the <emphasis>-r</emphasis> option. To load a profile:"
7687
8500
msgstr ""
7688
8501
7689
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
8502
#: serverguide/C/security.xml:997(command) serverguide/C/security.xml:1029(command)
7690
8503
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7691
8504
msgstr ""
7692
8505
7693
#: serverguide/C/security.xml:1052(para)
8506
#: serverguide/C/security.xml:999(para)
7694
8507
msgid "To reload a profile:"
7695
8508
msgstr ""
7696
8509
7697
#: serverguide/C/security.xml:1056(command)
8510
#: serverguide/C/security.xml:1003(command)
7698
8511
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7699
8512
msgstr ""
7700
8513
7701
#: serverguide/C/security.xml:1060(para)
8514
#: serverguide/C/security.xml:1007(para)
7702
8515
msgid ""
7703
8516
"<filename>/etc/init.d/apparmor</filename> can be used to "
7704
8517
"<emphasis>reload</emphasis> all profiles:"
7705
8518
msgstr ""
7706
8519
7707
#: serverguide/C/security.xml:1064(command)
8520
#: serverguide/C/security.xml:1011(command) serverguide/C/network-auth.xml:632(command)
7708
8521
msgid "sudo /etc/init.d/apparmor reload"
7709
8522
msgstr ""
7710
8523
7711
#: serverguide/C/security.xml:1068(para)
8524
#: serverguide/C/security.xml:1015(para)
7712
8525
msgid ""
7713
8526
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7714
8527
"with the <application>apparmor_parser -R</application> option to "
7715
8528
"<emphasis>disable</emphasis> a profile."
7716
8529
msgstr ""
7717
8530
7718
#: serverguide/C/security.xml:1073(command)
8531
#: serverguide/C/security.xml:1020(command)
7719
8532
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7720
8533
msgstr ""
7721
8534
7722
#: serverguide/C/security.xml:1074(command)
8535
#: serverguide/C/security.xml:1021(command)
7723
8536
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7724
8537
msgstr ""
7725
8538
7726
#: serverguide/C/security.xml:1076(para)
8539
#: serverguide/C/security.xml:1023(para)
7727
8540
msgid ""
7728
8541
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7729
8542
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7730
8543
"load the profile using the <emphasis>-a</emphasis> option."
7731
8544
msgstr ""
7732
8545
7733
#: serverguide/C/security.xml:1081(command)
8546
#: serverguide/C/security.xml:1028(command)
7734
8547
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7735
8548
msgstr ""
7736
8549
7737
#: serverguide/C/security.xml:1086(para)
8550
#: serverguide/C/security.xml:1033(para)
7738
8551
msgid ""
7739
8552
"<application>AppArmor</application> can be disabled, and the kernel module "
7740
8553
"unloaded by entering the following:"
7741
8554
msgstr ""
7742
8555
7743
#: serverguide/C/security.xml:1090(command)
8556
#: serverguide/C/security.xml:1037(command)
7744
8557
msgid "sudo /etc/init.d/apparmor stop"
7745
8558
msgstr ""
7746
8559
7747
#: serverguide/C/security.xml:1091(command)
8560
#: serverguide/C/security.xml:1038(command)
7748
8561
msgid "sudo update-rc.d -f apparmor remove"
7749
8562
msgstr ""
7750
8563
7751
#: serverguide/C/security.xml:1095(para)
8564
#: serverguide/C/security.xml:1042(para)
7752
8565
msgid "To re-enable <application>AppArmor</application> enter:"
7753
8566
msgstr ""
7754
8567
7755
#: serverguide/C/security.xml:1099(command)
8568
#: serverguide/C/security.xml:1046(command)
7756
8569
msgid "sudo /etc/init.d/apparmor start"
7757
8570
msgstr ""
7758
8571
7759
#: serverguide/C/security.xml:1100(command)
8572
#: serverguide/C/security.xml:1047(command)
7760
8573
msgid "sudo update-rc.d apparmor defaults"
7761
8574
msgstr ""
7762
8575
7763
#: serverguide/C/security.xml:1105(para)
8576
#: serverguide/C/security.xml:1052(para)
7764
8577
msgid ""
7765
8578
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7766
8579
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7768
8581
"<application>ping</application> command use <filename>/bin/ping</filename>"
7769
8582
msgstr ""
7770
8583
7771
#: serverguide/C/security.xml:1113(title)
8584
#: serverguide/C/security.xml:1060(title)
7772
8585
msgid "Profiles"
7773
8586
msgstr ""
7774
8587
7775
#: serverguide/C/security.xml:1114(para)
8588
#: serverguide/C/security.xml:1061(para)
7776
8589
msgid ""
7777
8590
"<application>AppArmor</application> profiles are simple text files located "
7778
8591
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7781
8594
"profile for the <filename>/bin/ping</filename> command."
7782
8595
msgstr ""
7783
8596
7784
#: serverguide/C/security.xml:1120(para)
8597
#: serverguide/C/security.xml:1067(para)
7785
8598
msgid "There are two main type of rules used in profiles:"
7786
8599
msgstr ""
7787
8600
7788
#: serverguide/C/security.xml:1125(para)
8601
#: serverguide/C/security.xml:1072(para)
7789
8602
msgid ""
7790
8603
"<emphasis>Path entries:</emphasis> which detail which files an application "
7791
8604
"can access in the file system."
7792
8605
msgstr ""
7793
8606
7794
#: serverguide/C/security.xml:1130(para)
8607
#: serverguide/C/security.xml:1077(para)
7795
8608
msgid ""
7796
8609
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7797
8610
"confined process is allowed to use."
7798
8611
msgstr ""
7799
8612
7800
#: serverguide/C/security.xml:1135(para)
8613
#: serverguide/C/security.xml:1082(para)
7801
8614
msgid ""
7802
8615
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7803
8616
msgstr ""
7804
8617
7805
#: serverguide/C/security.xml:1138(programlisting)
8618
#: serverguide/C/security.xml:1085(programlisting)
7806
8619
#, no-wrap
7807
8620
msgid ""
7808
8621
"\n"
7821
8634
"}\n"
7822
8635
msgstr ""
7823
8636
7824
#: serverguide/C/security.xml:1155(para)
8637
#: serverguide/C/security.xml:1102(para)
7825
8638
msgid ""
7826
8639
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7827
8640
"from other files. This allows statements pertaining to multiple applications "
7828
8641
"to be placed in a common file."
7829
8642
msgstr ""
7830
8643
7831
#: serverguide/C/security.xml:1161(para)
8644
#: serverguide/C/security.xml:1108(para)
7832
8645
msgid ""
7833
8646
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7834
8647
"program, also setting the mode to <emphasis>complain</emphasis>."
7835
8648
msgstr ""
7836
8649
7837
#: serverguide/C/security.xml:1167(para)
8650
#: serverguide/C/security.xml:1114(para)
7838
8651
msgid ""
7839
8652
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7840
8653
"the CAP_NET_RAW Posix.1e capability."
7841
8654
msgstr ""
7842
8655
7843
#: serverguide/C/security.xml:1172(para)
8656
#: serverguide/C/security.xml:1119(para)
7844
8657
msgid ""
7845
8658
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7846
8659
"execute access to the file."
7847
8660
msgstr ""
7848
8661
7849
#: serverguide/C/security.xml:1178(para)
8662
#: serverguide/C/security.xml:1125(para)
7850
8663
msgid ""
7851
8664
"After editing a profile file the profile must be reloaded. See <xref "
7852
8665
"linkend=\"apparmor-usage\"/> for details."
7853
8666
msgstr ""
7854
8667
7855
#: serverguide/C/security.xml:1183(title)
8668
#: serverguide/C/security.xml:1130(title)
7856
8669
msgid "Creating a Profile"
7857
8670
msgstr ""
7858
8671
7859
#: serverguide/C/security.xml:1186(para)
8672
#: serverguide/C/security.xml:1133(para)
7860
8673
msgid ""
7861
8674
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7862
8675
"application should be exercised. The test plan should be divided into small "
7864
8677
"steps to follow."
7865
8678
msgstr ""
7866
8679
7867
#: serverguide/C/security.xml:1190(para)
8680
#: serverguide/C/security.xml:1137(para)
7868
8681
msgid "Some standard test cases are:"
7869
8682
msgstr ""
7870
8683
7871
#: serverguide/C/security.xml:1195(para)
8684
#: serverguide/C/security.xml:1142(para)
7872
8685
msgid "Starting the program."
7873
8686
msgstr ""
7874
8687
7875
#: serverguide/C/security.xml:1200(para)
8688
#: serverguide/C/security.xml:1147(para)
7876
8689
msgid "Stopping the program."
7877
8690
msgstr ""
7878
8691
7879
#: serverguide/C/security.xml:1205(para)
8692
#: serverguide/C/security.xml:1152(para)
7880
8693
msgid "Reloading the program."
7881
8694
msgstr ""
7882
8695
7883
#: serverguide/C/security.xml:1210(para)
8696
#: serverguide/C/security.xml:1157(para)
7884
8697
msgid "Testing all the commands supported by the init script."
7885
8698
msgstr ""
7886
8699
7887
#: serverguide/C/security.xml:1217(para)
8700
#: serverguide/C/security.xml:1164(para)
7888
8701
msgid ""
7889
8702
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7890
8703
"genprof</application> to generate a new profile. From a terminal:"
7891
8704
msgstr ""
7892
8705
7893
#: serverguide/C/security.xml:1222(command)
8706
#: serverguide/C/security.xml:1169(command)
7894
8707
msgid "sudo aa-genprof executable"
7895
8708
msgstr ""
7896
8709
7897
#: serverguide/C/security.xml:1224(para)
8710
#: serverguide/C/security.xml:1171(para)
7898
8711
msgid "For example:"
7899
8712
msgstr ""
7900
8713
7901
#: serverguide/C/security.xml:1228(command)
8714
#: serverguide/C/security.xml:1175(command)
7902
8715
msgid "sudo aa-genprof slapd"
7903
8716
msgstr ""
7904
8717
7905
#: serverguide/C/security.xml:1232(para)
8718
#: serverguide/C/security.xml:1179(para)
7906
8719
msgid ""
7907
8720
"To get your new profile included in the <application>apparmor-"
7908
8721
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7911
8724
"/ulink> package:"
7912
8725
msgstr ""
7913
8726
7914
#: serverguide/C/security.xml:1239(para)
8727
#: serverguide/C/security.xml:1186(para)
7915
8728
msgid "Include your test plan and test cases."
7916
8729
msgstr ""
7917
8730
7918
#: serverguide/C/security.xml:1244(para)
8731
#: serverguide/C/security.xml:1191(para)
7919
8732
msgid "Attach your new profile to the bug."
7920
8733
msgstr ""
7921
8734
7922
#: serverguide/C/security.xml:1253(title)
8735
#: serverguide/C/security.xml:1200(title)
7923
8736
msgid "Updating Profiles"
7924
8737
msgstr ""
7925
8738
7926
#: serverguide/C/security.xml:1254(para)
8739
#: serverguide/C/security.xml:1201(para)
7927
8740
msgid ""
7928
8741
"When the program is misbehaving, audit messages are sent to the log files. "
7929
8742
"The program <application>aa-logprof</application> can be used to scan log "
7931
8744
"and update the profiles. From a terminal:"
7932
8745
msgstr ""
7933
8746
7934
#: serverguide/C/security.xml:1259(command)
8747
#: serverguide/C/security.xml:1206(command)
7935
8748
msgid "sudo aa-logprof"
7936
8749
msgstr ""
7937
8750
7938
#: serverguide/C/security.xml:1267(para)
8751
#: serverguide/C/security.xml:1214(para)
7939
8752
msgid ""
7940
8753
"See the <ulink "
7941
8754
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7944
8757
"configuration options."
7945
8758
msgstr ""
7946
8759
7947
#: serverguide/C/security.xml:1274(para)
8760
#: serverguide/C/security.xml:1221(para)
7948
8761
msgid ""
7949
8762
"For details using AppArmor with other Ubuntu releases see the <ulink "
7950
8763
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7951
8764
"Wiki</ulink> page."
7952
8765
msgstr ""
7953
8766
7954
#: serverguide/C/security.xml:1282(para)
8767
#: serverguide/C/security.xml:1229(para)
7955
8768
msgid ""
7956
8769
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
7957
8770
"page is another introduction to AppArmor."
7958
8771
msgstr ""
7959
8772
7960
#: serverguide/C/security.xml:1289(para)
8773
#: serverguide/C/security.xml:1236(para)
7961
8774
msgid ""
7962
8775
"A great place to ask for <application>AppArmor</application> assistance, and "
7963
8776
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7965
8778
"url=\"http://freenode.net\">freenode</ulink>."
7966
8779
msgstr ""
7967
8780
7968
#: serverguide/C/security.xml:1299(title)
8781
#: serverguide/C/security.xml:1246(title)
7969
8782
msgid "Certificates"
7970
8783
msgstr ""
7971
8784
7972
#: serverguide/C/security.xml:1300(para)
8785
#: serverguide/C/security.xml:1247(para)
7973
8786
msgid ""
7974
8787
"One of the most common forms of cryptography today is <emphasis>public-"
7975
8788
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7979
8792
"the private key."
7980
8793
msgstr ""
7981
8794
7982
#: serverguide/C/security.xml:1306(para)
8795
#: serverguide/C/security.xml:1253(para)
7983
8796
msgid ""
7984
8797
"A common use for public-key cryptography is encrypting application traffic "
7985
8798
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7988
8801
"encrypt traffic using a protocol that does not itself provide encryption."
7989
8802
msgstr ""
7990
8803
7991
#: serverguide/C/security.xml:1311(para)
8804
#: serverguide/C/security.xml:1258(para)
7992
8805
msgid ""
7993
8806
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7994
8807
"<emphasis>public key</emphasis> and other information about a server and the "
7998
8811
"certificate is accurate."
7999
8812
msgstr ""
8000
8813
8001
#: serverguide/C/security.xml:1318(title)
8814
#: serverguide/C/security.xml:1265(title)
8002
8815
msgid "Types of Certificates"
8003
8816
msgstr ""
8004
8817
8005
#: serverguide/C/security.xml:1319(para)
8818
#: serverguide/C/security.xml:1266(para)
8006
8819
msgid ""
8007
8820
"To set up a secure server using public-key cryptography, in most cases, you "
8008
8821
"send your certificate request (including your public key), proof of your "
8012
8825
"signed</emphasis> certificate."
8013
8826
msgstr ""
8014
8827
8015
#: serverguide/C/security.xml:1329(para)
8828
#: serverguide/C/security.xml:1276(para)
8016
8829
msgid ""
8017
8830
"Note, that self-signed certificates should not be used in most production "
8018
8831
"environments."
8019
8832
msgstr ""
8020
8833
8021
#: serverguide/C/security.xml:1333(para)
8834
#: serverguide/C/security.xml:1280(para)
8022
8835
msgid ""
8023
8836
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8024
8837
"capabilities that a self-signed certificate does not:"
8025
8838
msgstr ""
8026
8839
8027
#: serverguide/C/security.xml:1340(para)
8840
#: serverguide/C/security.xml:1287(para)
8028
8841
msgid ""
8029
8842
"Browsers (usually) automatically recognize the certificate and allow a "
8030
8843
"secure connection to be made without prompting the user."
8031
8844
msgstr ""
8032
8845
8033
#: serverguide/C/security.xml:1347(para)
8846
#: serverguide/C/security.xml:1294(para)
8034
8847
msgid ""
8035
8848
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8036
8849
"the organization that is providing the web pages to the browser."
8037
8850
msgstr ""
8038
8851
8039
#: serverguide/C/security.xml:1355(para)
8852
#: serverguide/C/security.xml:1302(para)
8040
8853
msgid ""
8041
8854
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8042
8855
"certificates they automatically accept. If a browser encounters a "
8045
8858
"may generate an error message when using a self-singed certificate."
8046
8859
msgstr ""
8047
8860
8048
#: serverguide/C/security.xml:1363(para)
8861
#: serverguide/C/security.xml:1310(para)
8049
8862
msgid ""
8050
8863
"The process of getting a certificate from a CA is fairly easy. A quick "
8051
8864
"overview is as follows:"
8052
8865
msgstr ""
8053
8866
8054
#: serverguide/C/security.xml:1370(para)
8867
#: serverguide/C/security.xml:1317(para)
8055
8868
msgid "Create a private and public encryption key pair."
8056
8869
msgstr ""
8057
8870
8058
#: serverguide/C/security.xml:1373(para)
8871
#: serverguide/C/security.xml:1320(para)
8059
8872
msgid ""
8060
8873
"Create a certificate request based on the public key. The certificate "
8061
8874
"request contains information about your server and the company hosting it."
8062
8875
msgstr ""
8063
8876
8064
#: serverguide/C/security.xml:1378(para)
8877
#: serverguide/C/security.xml:1325(para)
8065
8878
msgid ""
8066
8879
"Send the certificate request, along with documents proving your identity, to "
8067
8880
"a CA. We cannot tell you which certificate authority to choose. Your "
8069
8882
"your friends or colleagues, or purely on monetary factors."
8070
8883
msgstr ""
8071
8884
8072
#: serverguide/C/security.xml:1384(para)
8885
#: serverguide/C/security.xml:1331(para)
8073
8886
msgid ""
8074
8887
"Once you have decided upon a CA, you need to follow the instructions they "
8075
8888
"provide on how to obtain a certificate from them."
8076
8889
msgstr ""
8077
8890
8078
#: serverguide/C/security.xml:1389(para)
8891
#: serverguide/C/security.xml:1336(para)
8079
8892
msgid ""
8080
8893
"When the CA is satisfied that you are indeed who you claim to be, they send "
8081
8894
"you a digital certificate."
8082
8895
msgstr ""
8083
8896
8084
#: serverguide/C/security.xml:1393(para)
8897
#: serverguide/C/security.xml:1340(para)
8085
8898
msgid ""
8086
8899
"Install this certificate on your secure server, and configure the "
8087
8900
"appropriate applications to use the certificate."
8088
8901
msgstr ""
8089
8902
8090
#: serverguide/C/security.xml:1402(title)
8903
#: serverguide/C/security.xml:1349(title)
8091
8904
msgid "Generating a Certificate Signing Request (CSR)"
8092
8905
msgstr ""
8093
8906
8094
#: serverguide/C/security.xml:1404(para)
8907
#: serverguide/C/security.xml:1351(para)
8095
8908
msgid ""
8096
8909
"Whether you are getting a certificate from a CA or generating your own self-"
8097
8910
"signed certificate, the first step is to generate a key."
8098
8911
msgstr ""
8099
8912
8100
#: serverguide/C/security.xml:1409(para)
8913
#: serverguide/C/security.xml:1356(para)
8101
8914
msgid ""
8102
8915
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8103
8916
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8105
8918
"the preferred way to start a daemon."
8106
8919
msgstr ""
8107
8920
8108
#: serverguide/C/security.xml:1415(para)
8921
#: serverguide/C/security.xml:1362(para)
8109
8922
msgid ""
8110
8923
"This section will cover generating a key with a passphrase, and one without. "
8111
8924
"The non-passphrase key will then be used to generate a certificate that can "
8112
8925
"be used with various service daemons."
8113
8926
msgstr ""
8114
8927
8115
#: serverguide/C/security.xml:1421(para)
8928
#: serverguide/C/security.xml:1368(para)
8116
8929
msgid ""
8117
8930
"Running your secure service without a passphrase is convenient because you "
8118
8931
"will not need to enter the passphrase every time you start your secure "
8120
8933
"of the server as well."
8121
8934
msgstr ""
8122
8935
8123
#: serverguide/C/security.xml:1428(para)
8936
#: serverguide/C/security.xml:1375(para)
8124
8937
msgid ""
8125
8938
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
8126
8939
"Request (CSR) run the following command from a terminal prompt:"
8127
8940
msgstr ""
8128
8941
8129
#: serverguide/C/security.xml:1434(command)
8942
#: serverguide/C/security.xml:1381(command)
8130
8943
msgid "openssl genrsa -des3 -out server.key 1024"
8131
8944
msgstr ""
8132
8945
8133
#: serverguide/C/security.xml:1437(programlisting)
8946
#: serverguide/C/security.xml:1384(programlisting)
8134
8947
#, no-wrap
8135
8948
msgid ""
8136
8949
"\n"
8142
8955
"Enter pass phrase for server.key:\n"
8143
8956
msgstr ""
8144
8957
8145
#: serverguide/C/security.xml:1446(para)
8958
#: serverguide/C/security.xml:1393(para)
8146
8959
msgid ""
8147
8960
"You can now enter your passphrase. For best security, it should at least "
8148
8961
"contain eight characters. The minimum length when specifying -des3 is four "
8150
8963
"in a dictionary. Also remember that your passphrase is case-sensitive."
8151
8964
msgstr ""
8152
8965
8153
#: serverguide/C/security.xml:1454(para)
8966
#: serverguide/C/security.xml:1401(para)
8154
8967
msgid ""
8155
8968
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
8156
8969
"server key is generated and stored in the <filename>server.key</filename> "
8157
8970
"file."
8158
8971
msgstr ""
8159
8972
8160
#: serverguide/C/security.xml:1460(para)
8973
#: serverguide/C/security.xml:1407(para)
8161
8974
msgid ""
8162
8975
"Now create the insecure key, the one without a passphrase, and shuffle the "
8163
8976
"key names:"
8164
8977
msgstr ""
8165
8978
8166
#: serverguide/C/security.xml:1466(command)
8979
#: serverguide/C/security.xml:1413(command)
8167
8980
msgid "openssl rsa -in server.key -out server.key.insecure"
8168
8981
msgstr ""
8169
8982
8170
#: serverguide/C/security.xml:1467(command)
8983
#: serverguide/C/security.xml:1414(command)
8171
8984
msgid "mv server.key server.key.secure"
8172
8985
msgstr ""
8173
8986
8174
#: serverguide/C/security.xml:1468(command)
8987
#: serverguide/C/security.xml:1415(command)
8175
8988
msgid "mv server.key.insecure server.key"
8176
8989
msgstr ""
8177
8990
8178
#: serverguide/C/security.xml:1471(para)
8991
#: serverguide/C/security.xml:1418(para)
8179
8992
msgid ""
8180
8993
"The insecure key is now named <filename>server.key</filename>, and you can "
8181
8994
"use this file to generate the CSR without passphrase."
8182
8995
msgstr ""
8183
8996
8184
#: serverguide/C/security.xml:1476(para)
8997
#: serverguide/C/security.xml:1423(para)
8185
8998
msgid "To create the CSR, run the following command at a terminal prompt:"
8186
8999
msgstr ""
8187
9000
8188
#: serverguide/C/security.xml:1481(command)
9001
#: serverguide/C/security.xml:1428(command)
8189
9002
msgid "openssl req -new -key server.key -out server.csr"
8190
9003
msgstr ""
8191
9004
8192
#: serverguide/C/security.xml:1484(para)
9005
#: serverguide/C/security.xml:1431(para)
8193
9006
msgid ""
8194
9007
"It will prompt you enter the passphrase. If you enter the correct "
8195
"passphrase, it will prompt you to enter Company Name, Once you enter all "
8196
"these details, your CSR will be created and it will be stored in the "
8197
"<filename>server.csr</filename> file. Site Name, Email Id, etc."
9008
"passphrase, it will prompt you to enter Company Name, Site Name, Email Id, "
9009
"etc. Once you enter all these details, your CSR will be created and it will "
9010
"be stored in the <filename>server.csr</filename> file."
8198
9011
msgstr ""
8199
9012
8200
#: serverguide/C/security.xml:1492(para)
9013
#: serverguide/C/security.xml:1439(para)
8201
9014
msgid ""
8202
9015
"You can now submit this CSR file to a CA for processing. The CA will use "
8203
9016
"this CSR file and issue the certificate. On the other hand, you can create "
8204
9017
"self-signed certificate using this CSR."
8205
9018
msgstr ""
8206
9019
8207
#: serverguide/C/security.xml:1500(title)
9020
#: serverguide/C/security.xml:1447(title)
8208
9021
msgid "Creating a Self-Signed Certificate"
8209
9022
msgstr ""
8210
9023
8211
#: serverguide/C/security.xml:1501(para)
9024
#: serverguide/C/security.xml:1448(para)
8212
9025
msgid ""
8213
9026
"To create the self-signed certificate, run the following command at a "
8214
9027
"terminal prompt:"
8215
9028
msgstr ""
8216
9029
8217
#: serverguide/C/security.xml:1506(command)
9030
#: serverguide/C/security.xml:1453(command)
8218
9031
msgid ""
8219
9032
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8220
9033
"server.crt"
8221
9034
msgstr ""
8222
9035
8223
#: serverguide/C/security.xml:1509(para)
9036
#: serverguide/C/security.xml:1456(para)
8224
9037
msgid ""
8225
9038
"The above command will prompt you to enter the passphrase. Once you enter "
8226
9039
"the correct passphrase, your certificate will be created and it will be "
8227
9040
"stored in the <filename>server.crt</filename> file."
8228
9041
msgstr ""
8229
9042
8230
#: serverguide/C/security.xml:1514(para)
9043
#: serverguide/C/security.xml:1461(para)
8231
9044
msgid ""
8232
9045
"If your secure server is to be used in a production environment, you "
8233
9046
"probably need a CA-signed certificate. It is not recommended to use self-"
8234
9047
"signed certificate."
8235
9048
msgstr ""
8236
9049
8237
#: serverguide/C/security.xml:1522(title)
9050
#: serverguide/C/security.xml:1469(title)
8238
9051
msgid "Installing the Certificate"
8239
9052
msgstr ""
8240
9053
8241
#: serverguide/C/security.xml:1524(para)
9054
#: serverguide/C/security.xml:1471(para)
8242
9055
msgid ""
8243
9056
"You can install the key file <filename>server.key</filename> and certificate "
8244
9057
"file <filename>server.crt</filename>, or the certificate file issued by your "
8245
9058
"CA, by running following commands at a terminal prompt:"
8246
9059
msgstr ""
8247
9060
8248
#: serverguide/C/security.xml:1530(command)
9061
#: serverguide/C/security.xml:1477(command)
8249
9062
msgid "sudo cp server.crt /etc/ssl/certs"
8250
9063
msgstr ""
8251
9064
8252
#: serverguide/C/security.xml:1531(command)
9065
#: serverguide/C/security.xml:1478(command)
8253
9066
msgid "sudo cp server.key /etc/ssl/private"
8254
9067
msgstr ""
8255
9068
8256
#: serverguide/C/security.xml:1533(para)
9069
#: serverguide/C/security.xml:1480(para)
8257
9070
msgid ""
8258
9071
"Now simply configure any applications, with the ability to use public-key "
8259
9072
"cryptography, to use the <emphasis>certificate</emphasis> and "
8262
9075
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
8263
9076
msgstr ""
8264
9077
8265
#: serverguide/C/security.xml:1540(title)
9078
#: serverguide/C/security.xml:1487(title)
8266
9079
msgid "Certification Authority"
8267
9080
msgstr ""
8268
9081
8269
#: serverguide/C/security.xml:1542(para)
9082
#: serverguide/C/security.xml:1489(para)
8270
9083
msgid ""
8271
9084
"If the services on your network require more than a few self-signed "
8272
9085
"certificates it may be worth the additional effort to setup your own "
8276
9089
"the same CA."
8277
9090
msgstr ""
8278
9091
8279
#: serverguide/C/security.xml:1552(para)
9092
#: serverguide/C/security.xml:1499(para)
8280
9093
msgid ""
8281
9094
"First, create the directories to hold the CA certificate and related files:"
8282
9095
msgstr ""
8283
9096
8284
#: serverguide/C/security.xml:1557(command)
9097
#: serverguide/C/security.xml:1504(command)
8285
9098
msgid "sudo mkdir /etc/ssl/CA"
8286
9099
msgstr ""
8287
9100
8288
#: serverguide/C/security.xml:1558(command)
9101
#: serverguide/C/security.xml:1505(command)
8289
9102
msgid "sudo mkdir /etc/ssl/newcerts"
8290
9103
msgstr ""
8291
9104
8292
#: serverguide/C/security.xml:1564(para)
9105
#: serverguide/C/security.xml:1511(para)
8293
9106
msgid ""
8294
9107
"The CA needs a few additional files to operate, one to keep track of the "
8295
9108
"last serial number used by the CA, each certificate must have a unique "
8297
9110
"issued:"
8298
9111
msgstr ""
8299
9112
8300
#: serverguide/C/security.xml:1571(command)
9113
#: serverguide/C/security.xml:1518(command)
8301
9114
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
8302
9115
msgstr ""
8303
9116
8304
#: serverguide/C/security.xml:1572(command)
9117
#: serverguide/C/security.xml:1519(command)
8305
9118
msgid "sudo touch /etc/ssl/CA/index.txt"
8306
9119
msgstr ""
8307
9120
8308
#: serverguide/C/security.xml:1578(para)
9121
#: serverguide/C/security.xml:1525(para)
8309
9122
msgid ""
8310
9123
"The third file is a CA configuration file. Though not strictly necessary, it "
8311
9124
"is very convenient when issuing multiple certificates. Edit "
8313
9126
"]</emphasis> change:"
8314
9127
msgstr ""
8315
9128
8316
#: serverguide/C/security.xml:1584(programlisting)
9129
#: serverguide/C/security.xml:1531(programlisting)
8317
9130
#, no-wrap
8318
9131
msgid ""
8319
9132
"\n"
8324
9137
"private_key = $dir/private/cakey.pem# The private key\n"
8325
9138
msgstr ""
8326
9139
8327
#: serverguide/C/security.xml:1595(para)
9140
#: serverguide/C/security.xml:1542(para)
8328
9141
msgid "Next, create the self-singed root certificate:"
8329
9142
msgstr ""
8330
9143
8331
#: serverguide/C/security.xml:1600(command)
9144
#: serverguide/C/security.xml:1547(command)
8332
9145
msgid ""
8333
9146
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
8334
9147
"days 3650"
8335
9148
msgstr ""
8336
9149
8337
#: serverguide/C/security.xml:1603(para)
9150
#: serverguide/C/security.xml:1550(para)
8338
9151
msgid "You will then be asked to enter the details about the certificate."
8339
9152
msgstr ""
8340
9153
8341
#: serverguide/C/security.xml:1610(para)
9154
#: serverguide/C/security.xml:1557(para)
8342
9155
msgid "Now install the root certificate and key:"
8343
9156
msgstr ""
8344
9157
8345
#: serverguide/C/security.xml:1615(command)
9158
#: serverguide/C/security.xml:1562(command)
8346
9159
msgid "sudo mv cakey.pem /etc/ssl/private/"
8347
9160
msgstr ""
8348
9161
8349
#: serverguide/C/security.xml:1616(command)
9162
#: serverguide/C/security.xml:1563(command)
8350
9163
msgid "sudo mv cacert.pem /etc/ssl/certs/"
8351
9164
msgstr ""
8352
9165
8353
#: serverguide/C/security.xml:1622(para)
9166
#: serverguide/C/security.xml:1569(para)
8354
9167
msgid ""
8355
9168
"You are now ready to start signing certificates. The first item needed is a "
8356
9169
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
8358
9171
"certificate signed by the CA:"
8359
9172
msgstr ""
8360
9173
8361
#: serverguide/C/security.xml:1629(command)
9174
#: serverguide/C/security.xml:1576(command)
8362
9175
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
8363
9176
msgstr ""
8364
9177
8365
#: serverguide/C/security.xml:1632(para)
9178
#: serverguide/C/security.xml:1579(para)
8366
9179
msgid ""
8367
9180
"After entering the password for the CA key, you will be prompted to sign the "
8368
9181
"certificate, and again to commit the new certificate. You should then see a "
8369
9182
"somewhat large amount of output related to the certificate creation."
8370
9183
msgstr ""
8371
9184
8372
#: serverguide/C/security.xml:1641(para)
9185
#: serverguide/C/security.xml:1588(para)
8373
9186
msgid ""
8374
9187
"There should now be a new file, "
8375
9188
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
8380
9193
"descriptive name."
8381
9194
msgstr ""
8382
9195
8383
#: serverguide/C/security.xml:1649(para)
9196
#: serverguide/C/security.xml:1596(para)
8384
9197
msgid ""
8385
9198
"Subsequent certificates will be named <filename>02.pem</filename>, "
8386
9199
"<filename>03.pem</filename>, etc."
8387
9200
msgstr ""
8388
9201
8389
#: serverguide/C/security.xml:1654(para)
9202
#: serverguide/C/security.xml:1601(para)
8390
9203
msgid ""
8391
9204
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
8392
9205
"name."
8393
9206
msgstr ""
8394
9207
8395
#: serverguide/C/security.xml:1662(para)
9208
#: serverguide/C/security.xml:1609(para)
8396
9209
msgid ""
8397
9210
"Finally, copy the new certificate to the host that needs it, and configure "
8398
9211
"the appropriate applications to use it. The default location to install "
8401
9214
"complicated file permissions."
8402
9215
msgstr ""
8403
9216
8404
#: serverguide/C/security.xml:1668(para)
9217
#: serverguide/C/security.xml:1615(para)
8405
9218
msgid ""
8406
9219
"For applications that can be configured to use a CA certificate, you should "
8407
9220
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
8409
9222
"server."
8410
9223
msgstr ""
8411
9224
8412
#: serverguide/C/security.xml:1682(para)
9225
#: serverguide/C/security.xml:1629(para)
8413
9226
msgid ""
8414
9227
"For more detailed instructions on using cryptography see the <ulink "
8415
9228
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
8416
9229
"Certificates HOWTO</ulink> by tlpd.org"
8417
9230
msgstr ""
8418
9231
8419
#: serverguide/C/security.xml:1688(para)
9232
#: serverguide/C/security.xml:1635(para)
8420
9233
msgid ""
8421
9234
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
8422
9235
"of Certificate Authorities."
8423
9236
msgstr ""
8424
9237
8425
#: serverguide/C/security.xml:1693(para)
9238
#: serverguide/C/security.xml:1640(para)
8426
9239
msgid ""
8427
9240
"The Wikipedia <ulink "
8428
9241
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8429
9242
"information regarding HTTPS."
8430
9243
msgstr ""
8431
9244
8432
#: serverguide/C/security.xml:1698(para)
9245
#: serverguide/C/security.xml:1645(para)
8433
9246
msgid ""
8434
9247
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8435
9248
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8436
9249
msgstr ""
8437
9250
8438
#: serverguide/C/security.xml:1703(para)
9251
#: serverguide/C/security.xml:1650(para)
8439
9252
msgid ""
8440
9253
"Also, O'Reilly's <ulink "
8441
9254
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8442
9255
"OpenSSL</ulink> is a good in depth reference."
8443
9256
msgstr ""
8444
9257
8445
#: serverguide/C/security.xml:1712(title)
9258
#: serverguide/C/security.xml:1659(title)
8446
9259
msgid "eCryptfs"
8447
9260
msgstr ""
8448
9261
8449
#: serverguide/C/security.xml:1714(para)
9262
#: serverguide/C/security.xml:1661(para)
8450
9263
msgid ""
8451
9264
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
8452
9265
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
8454
9267
"filesystem, partition type, etc."
8455
9268
msgstr ""
8456
9269
8457
#: serverguide/C/security.xml:1720(para)
9270
#: serverguide/C/security.xml:1667(para)
8458
9271
msgid ""
8459
9272
"During installation there is an option to encrypt the <filename "
8460
9273
"role=\"directory\">/home</filename> partition. This will automatically "
8461
9274
"configure everything needed to encrypt and mount the partition."
8462
9275
msgstr ""
8463
9276
8464
#: serverguide/C/security.xml:1725(para)
9277
#: serverguide/C/security.xml:1672(para)
8465
9278
msgid ""
8466
9279
"As an example, this section will cover configuring <filename "
8467
9280
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
8468
9281
msgstr ""
8469
9282
8470
#: serverguide/C/security.xml:1730(title)
9283
#: serverguide/C/security.xml:1677(title)
8471
9284
msgid "Using eCryptfs"
8472
9285
msgstr ""
8473
9286
8474
#: serverguide/C/security.xml:1732(para)
9287
#: serverguide/C/security.xml:1679(para)
8475
9288
msgid "First, install the necessary packages. From a terminal prompt enter:"
8476
9289
msgstr ""
8477
9290
8478
#: serverguide/C/security.xml:1737(command)
9291
#: serverguide/C/security.xml:1684(command)
8479
9292
msgid "sudo apt-get install ecryptfs-utils"
8480
9293
msgstr ""
8481
9294
8482
#: serverguide/C/security.xml:1740(para)
9295
#: serverguide/C/security.xml:1687(para)
8483
9296
msgid "Now mount the partition to be encrypted:"
8484
9297
msgstr ""
8485
9298
8486
#: serverguide/C/security.xml:1745(command)
9299
#: serverguide/C/security.xml:1692(command)
8487
9300
msgid "sudo mount -t ecryptfs /srv /srv"
8488
9301
msgstr ""
8489
9302
8490
#: serverguide/C/security.xml:1748(para)
9303
#: serverguide/C/security.xml:1695(para)
8491
9304
msgid ""
8492
9305
"You will then be prompted for some details on how "
8493
9306
"<application>ecryptfs</application> should encrypt the data."
8494
9307
msgstr ""
8495
9308
8496
#: serverguide/C/security.xml:1752(para)
9309
#: serverguide/C/security.xml:1699(para)
8497
9310
msgid ""
8498
9311
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8499
9312
"copy the <filename>/etc/default</filename> folder to "
8500
9313
"<filename>/srv</filename>:"
8501
9314
msgstr ""
8502
9315
8503
#: serverguide/C/security.xml:1758(command) serverguide/C/clustering.xml:192(command)
9316
#: serverguide/C/security.xml:1705(command) serverguide/C/clustering.xml:192(command)
8504
9317
msgid "sudo cp -r /etc/default /srv"
8505
9318
msgstr ""
8506
9319
8507
#: serverguide/C/security.xml:1761(para)
9320
#: serverguide/C/security.xml:1708(para)
8508
9321
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8509
9322
msgstr ""
8510
9323
8511
#: serverguide/C/security.xml:1766(command) serverguide/C/installation.xml:1089(command) serverguide/C/clustering.xml:200(command)
9324
#: serverguide/C/security.xml:1713(command) serverguide/C/installation.xml:1138(command) serverguide/C/clustering.xml:200(command)
8512
9325
msgid "sudo umount /srv"
8513
9326
msgstr ""
8514
9327
8515
#: serverguide/C/security.xml:1767(command)
9328
#: serverguide/C/security.xml:1714(command)
8516
9329
msgid "cat /srv/default/cron"
8517
9330
msgstr ""
8518
9331
8519
#: serverguide/C/security.xml:1770(para)
9332
#: serverguide/C/security.xml:1717(para)
8520
9333
msgid ""
8521
9334
"Remounting <filename>/srv</filename> using "
8522
9335
"<application>ecryptfs</application> will make the data viewable once again."
8523
9336
msgstr ""
8524
9337
8525
#: serverguide/C/security.xml:1776(title)
9338
#: serverguide/C/security.xml:1723(title)
8526
9339
msgid "Automatically Mounting Encrypted Partitions"
8527
9340
msgstr ""
8528
9341
8529
#: serverguide/C/security.xml:1778(para)
9342
#: serverguide/C/security.xml:1725(para)
8530
9343
msgid ""
8531
9344
"There are a couple of ways to automatically mount an "
8532
9345
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8534
9347
"mount options, along with a passphrase file residing on a USB key."
8535
9348
msgstr ""
8536
9349
8537
#: serverguide/C/security.xml:1784(para)
9350
#: serverguide/C/security.xml:1731(para)
8538
9351
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8539
9352
msgstr ""
8540
9353
8541
#: serverguide/C/security.xml:1788(programlisting)
9354
#: serverguide/C/security.xml:1735(programlisting)
8542
9355
#, no-wrap
8543
9356
msgid ""
8544
9357
"\n"
8550
9363
"ecryptfs_enable_filename_crypto=n\n"
8551
9364
msgstr ""
8552
9365
8553
#: serverguide/C/security.xml:1798(para)
9366
#: serverguide/C/security.xml:1745(para)
8554
9367
msgid ""
8555
9368
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8556
9369
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8557
9370
msgstr ""
8558
9371
8559
#: serverguide/C/security.xml:1803(para)
9372
#: serverguide/C/security.xml:1750(para)
8560
9373
msgid ""
8561
9374
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8562
9375
"file:"
8563
9376
msgstr ""
8564
9377
8565
#: serverguide/C/security.xml:1807(programlisting)
9378
#: serverguide/C/security.xml:1754(programlisting)
8566
9379
#, no-wrap
8567
9380
msgid ""
8568
9381
"\n"
8569
9382
"passphrase_passwd=[secrets]\n"
8570
9383
msgstr ""
8571
9384
8572
#: serverguide/C/security.xml:1811(para)
9385
#: serverguide/C/security.xml:1758(para)
8573
9386
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8574
9387
msgstr ""
8575
9388
8576
#: serverguide/C/security.xml:1815(programlisting)
9389
#: serverguide/C/security.xml:1762(programlisting)
8577
9390
#, no-wrap
8578
9391
msgid ""
8579
9392
"\n"
8581
9394
"/srv /srv ecryptfs defaults 0 0\n"
8582
9395
msgstr ""
8583
9396
8584
#: serverguide/C/security.xml:1820(para)
9397
#: serverguide/C/security.xml:1767(para)
8585
9398
msgid "Make sure the USB drive is mounted before the encrypted partition."
8586
9399
msgstr ""
8587
9400
8588
#: serverguide/C/security.xml:1824(para)
9401
#: serverguide/C/security.xml:1771(para)
8589
9402
msgid ""
8590
9403
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8591
9404
"ecryptfs."
8592
9405
msgstr ""
8593
9406
8594
#: serverguide/C/security.xml:1832(para)
9407
#: serverguide/C/security.xml:1779(para)
8595
9408
msgid ""
8596
9409
"The <application>ecryptfs-utils</application> package includes several other "
8597
9410
"useful utilities:"
8598
9411
msgstr ""
8599
9412
8600
#: serverguide/C/security.xml:1838(para)
9413
#: serverguide/C/security.xml:1785(para)
8601
9414
msgid ""
8602
9415
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8603
9416
"<filename>~/Private</filename> directory to contain encrypted information. "
8605
9418
"other users on the system."
8606
9419
msgstr ""
8607
9420
8608
#: serverguide/C/security.xml:1845(para)
9421
#: serverguide/C/security.xml:1792(para)
8609
9422
msgid ""
8610
9423
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8611
9424
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8612
9425
"directory."
8613
9426
msgstr ""
8614
9427
8615
#: serverguide/C/security.xml:1851(para)
9428
#: serverguide/C/security.xml:1798(para)
8616
9429
msgid ""
8617
9430
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8618
9431
"kernel keyring."
8619
9432
msgstr ""
8620
9433
8621
#: serverguide/C/security.xml:1856(para)
9434
#: serverguide/C/security.xml:1803(para)
8622
9435
msgid ""
8623
9436
"<emphasis>ecryptfs-manager:</emphasis> manages "
8624
9437
"<application>eCryptfs</application> objects such as keys."
8625
9438
msgstr ""
8626
9439
8627
#: serverguide/C/security.xml:1861(para)
9440
#: serverguide/C/security.xml:1808(para)
8628
9441
msgid ""
8629
9442
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8630
9443
"<application>ecryptfs</application> meta information for a file."
8631
9444
msgstr ""
8632
9445
8633
#: serverguide/C/security.xml:1874(para)
9446
#: serverguide/C/security.xml:1821(para)
8634
9447
msgid ""
8635
9448
"For more information on eCryptfs see the <ulink "
8636
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
9449
"url=\"https://launchpad.net/ecryptfs\">Launchpad project page</ulink>."
8637
9450
msgstr ""
8638
9451
8639
#: serverguide/C/security.xml:1879(para)
9452
#: serverguide/C/security.xml:1826(para)
8640
9453
msgid ""
8641
9454
"There is also a <ulink "
8642
9455
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8643
9456
"article covering eCryptfs."
8644
9457
msgstr ""
8645
9458
8646
#: serverguide/C/security.xml:1884(para)
9459
#: serverguide/C/security.xml:1831(para)
8647
9460
msgid ""
8648
9461
"Also, for more <application>ecryptfs</application> options see the <ulink "
8649
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8650
"ryptfs man page</ulink>."
9462
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/ecryptfs.7.html\">ecr"
9463
"yptfs man page</ulink>."
9464
msgstr ""
9465
9466
#: serverguide/C/security.xml:1837(para)
9467
msgid ""
9468
"The <ulink url=\"https://help.ubuntu.com/community/eCryptfs\">eCryptfs "
9469
"Ubuntu Wiki</ulink> page also has more details."
9470
msgstr ""
9471
9472
#: serverguide/C/reporting-bugs.xml:13(title)
9473
msgid "Appendix"
9474
msgstr ""
9475
9476
#: serverguide/C/reporting-bugs.xml:16(title)
9477
msgid "Reporting Bugs in Ubuntu Server Edition"
9478
msgstr ""
9479
9480
#: serverguide/C/reporting-bugs.xml:18(para)
9481
msgid ""
9482
"While the Ubuntu Project attempts to release software with as few bugs as "
9483
"possible, they do occur. You can help fix these bugs by reporting ones that "
9484
"you find to the project. The Ubuntu Project uses <ulink "
9485
"url=\"https://launchpad.net/\">Launchpad</ulink> to track its bug reports. "
9486
"In order to file a bug about Ubuntu Server on Launchpad, you will need to "
9487
"<ulink url=\"https://help.launchpad.net/YourAccount/NewAccount\">create an "
9488
"account</ulink>."
9489
msgstr ""
9490
9491
#: serverguide/C/reporting-bugs.xml:30(title)
9492
msgid "Reporting Bugs With ubuntu-bug"
9493
msgstr ""
9494
9495
#: serverguide/C/reporting-bugs.xml:32(para)
9496
msgid ""
9497
"The preferred way to report a bug is with the <application>ubuntu-"
9498
"bug</application> command. The ubuntu-bug tool gathers information about the "
9499
"system useful to developers in diagnosing the reported problem that will "
9500
"then be included in the bug report filed on Launchpad. Bug reports in Ubuntu "
9501
"need to be filed against a specific software package, thus the name of the "
9502
"package that the bug occurs in needs to be given to ubuntu-bug:"
9503
msgstr ""
9504
9505
#: serverguide/C/reporting-bugs.xml:43(command)
9506
msgid "ubuntu-bug PACKAGENAME"
9507
msgstr ""
9508
9509
#: serverguide/C/reporting-bugs.xml:46(para)
9510
msgid ""
9511
"For example, to file a bug against the openssh-server package, you would do:"
9512
msgstr ""
9513
9514
#: serverguide/C/reporting-bugs.xml:51(command)
9515
msgid "ubuntu-bug openssh-server"
9516
msgstr ""
9517
9518
#: serverguide/C/reporting-bugs.xml:54(para)
9519
msgid ""
9520
"You can specify either a binary package or the source package for ubuntu-"
9521
"bug. Again using openssh-server as an example, you could also generate the "
9522
"report against the source package for openssh-server, openssh:"
9523
msgstr ""
9524
9525
#: serverguide/C/reporting-bugs.xml:62(command)
9526
msgid "ubuntu-bug openssh"
9527
msgstr ""
9528
9529
#: serverguide/C/reporting-bugs.xml:66(para)
9530
msgid ""
9531
"See <xref linkend=\"package-management\"/> for more information about "
9532
"packages in Ubuntu."
9533
msgstr ""
9534
9535
#: serverguide/C/reporting-bugs.xml:72(para)
9536
msgid ""
9537
"The ubuntu-bug command will gather information about the system in question, "
9538
"possibly including information specific to the specified package, and then "
9539
"ask you what you would like to do with collected information:"
9540
msgstr ""
9541
9542
#: serverguide/C/reporting-bugs.xml:80(command)
9543
msgid "ubuntu-bug postgresql"
9544
msgstr ""
9545
9546
#: serverguide/C/reporting-bugs.xml:79(screen)
9547
#, no-wrap
9548
msgid ""
9549
"\n"
9550
"<placeholder-1/>\n"
9551
"\n"
9552
"*** Collecting problem information\n"
9553
"\n"
9554
"The collected information can be sent to the developers to improve the\n"
9555
"application. This might take a few minutes.\n"
9556
"..........\n"
9557
"\n"
9558
"*** Send problem report to the developers?\n"
9559
"\n"
9560
"After the problem report has been sent, please fill out the form in the\n"
9561
"automatically opened web browser.\n"
9562
"\n"
9563
"What would you like to do? Your options are:\n"
9564
" S: Send report (1.7 KiB)\n"
9565
" V: View report\n"
9566
" K: Keep report file for sending later or copying to somewhere else\n"
9567
" C: Cancel\n"
9568
"Please choose (S/V/K/C):\n"
9569
msgstr ""
9570
9571
#: serverguide/C/reporting-bugs.xml:101(para)
9572
msgid "The options available are:"
9573
msgstr ""
9574
9575
#: serverguide/C/reporting-bugs.xml:108(para)
9576
msgid ""
9577
"<emphasis role=\"bold\">Send Report</emphasis> Selecting Send Report submits "
9578
"the collected information to Launchpad as part of the the process of filing "
9579
"a bug report. You will be given the opportunity to describe the situation "
9580
"that led up to the occurrance of the bug."
9581
msgstr ""
9582
9583
#: serverguide/C/reporting-bugs.xml:115(screen)
9584
#, no-wrap
9585
msgid ""
9586
"\n"
9587
"*** Uploading problem information\n"
9588
"\n"
9589
"The collected information is being sent to the bug tracking system.\n"
9590
"This might take a few minutes.\n"
9591
"91%\n"
9592
"\n"
9593
"*** To continue, you must visit the following URL:\n"
9594
"\n"
9595
" https://bugs.launchpad.net/ubuntu/+source/postgresql-"
9596
"8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ?\n"
9597
"\n"
9598
"You can launch a browser now, or copy this URL into a browser on another\n"
9599
"computer.\n"
9600
"\n"
9601
"Choices:\n"
9602
" 1: Launch a browser now\n"
9603
" C: Cancel\n"
9604
"Please choose (1/C):\n"
9605
msgstr ""
9606
9607
#: serverguide/C/reporting-bugs.xml:135(para)
9608
msgid ""
9609
"If you choose to start a browser, by default the text based web browser "
9610
"<application>w3m</application> will be used to finish filing the bug report. "
9611
"Alternately, you can copy the given URL to a currently running web browser."
9612
msgstr ""
9613
9614
#: serverguide/C/reporting-bugs.xml:144(para)
9615
msgid ""
9616
"<emphasis role=\"bold\">View Report</emphasis> Selecting View Report causes "
9617
"the collected information to be displayed to the terminal for review."
9618
msgstr ""
9619
9620
#: serverguide/C/reporting-bugs.xml:150(screen)
9621
#, no-wrap
9622
msgid ""
9623
"\n"
9624
"Package: postgresql 8.4.2-2\n"
9625
"PackageArchitecture: all\n"
9626
"Tags: lucid\n"
9627
"ProblemType: Bug\n"
9628
"ProcEnviron:\n"
9629
" LANG=en_US.UTF-8\n"
9630
" SHELL=/bin/bash\n"
9631
"Uname: Linux 2.6.32-16-server x86_64\n"
9632
"Dependencies:\n"
9633
" adduser 3.112ubuntu1\n"
9634
" base-files 5.0.0ubuntu10\n"
9635
" base-passwd 3.5.22\n"
9636
" coreutils 7.4-2ubuntu2\n"
9637
"...\n"
9638
msgstr ""
9639
9640
#: serverguide/C/reporting-bugs.xml:167(para)
9641
msgid ""
9642
"After viewing the report, you will be brought back to the same menu asking "
9643
"what you would like to do with the report."
9644
msgstr ""
9645
9646
#: serverguide/C/reporting-bugs.xml:174(para)
9647
msgid ""
9648
"<emphasis role=\"bold\">Keep Report File</emphasis> Selecting Keep Report "
9649
"File causes the gathered information to be written to a file. This file can "
9650
"then be used to later file a bug report or transferred to a different Ubuntu "
9651
"system for reporting. To submit the report file, simply give it as an "
9652
"argument to the ubuntu-bug command:"
9653
msgstr ""
9654
9655
#: serverguide/C/reporting-bugs.xml:189(userinput)
9656
#, no-wrap
9657
msgid "k"
9658
msgstr ""
9659
9660
#: serverguide/C/reporting-bugs.xml:192(command)
9661
msgid "ubuntu-bug /tmp/apport.postgresql.v4MQas.apport"
9662
msgstr ""
9663
9664
#: serverguide/C/reporting-bugs.xml:183(screen)
9665
#, no-wrap
9666
msgid ""
9667
"\n"
9668
"What would you like to do? Your options are:\n"
9669
" S: Send report (1.7 KiB)\n"
9670
" V: View report\n"
9671
" K: Keep report file for sending later or copying to somewhere else\n"
9672
" C: Cancel\n"
9673
"Please choose (S/V/K/C): <placeholder-1/>\n"
9674
"Problem report file: /tmp/apport.postgresql.v4MQas.apport\n"
9675
"\n"
9676
"<placeholder-2/>\n"
9677
"\n"
9678
"*** Send problem report to the developers?\n"
9679
"...\n"
9680
msgstr ""
9681
9682
#: serverguide/C/reporting-bugs.xml:200(para)
9683
msgid ""
9684
"<emphasis role=\"bold\">Cancel</emphasis> Selecting Cancel causes the "
9685
"collected information to be discarded."
9686
msgstr ""
9687
9688
#: serverguide/C/reporting-bugs.xml:210(title)
9689
msgid "Reporting Application Crashes"
9690
msgstr ""
9691
9692
#: serverguide/C/reporting-bugs.xml:212(para)
9693
msgid ""
9694
"The software package that provides the ubuntu-bug utility, "
9695
"<application>apport</application>, can be configured to trigger when "
9696
"applications crash. This is disabled by default, as capturing a crash can be "
9697
"resource intensive depending on how much memory the application that crashed "
9698
"was using as apport captures and processes the core dump."
9699
msgstr ""
9700
9701
#: serverguide/C/reporting-bugs.xml:221(para)
9702
msgid ""
9703
"Configuring apport to capture information about crashing applications "
9704
"requires a couple of steps. First, <application>gdb</application> needs to "
9705
"be installed; it is not installed by default in Ubuntu Server Edition."
9706
msgstr ""
9707
9708
#: serverguide/C/reporting-bugs.xml:229(command)
9709
msgid "sudo apt-get install gdb"
9710
msgstr ""
9711
9712
#: serverguide/C/reporting-bugs.xml:232(para)
9713
msgid ""
9714
"See <xref linkend=\"package-management\"/> for more information about "
9715
"managing packages in Ubuntu."
9716
msgstr ""
9717
9718
#: serverguide/C/reporting-bugs.xml:237(para)
9719
msgid ""
9720
"Once you have ensured that gdb is installed, open the file "
9721
"<filename>/etc/default/apport</filename> in your text editor, and change the "
9722
"<emphasis>enabled</emphasis> setting to be <emphasis "
9723
"role=\"bold\">1</emphasis> like so:"
9724
msgstr ""
9725
9726
#: serverguide/C/reporting-bugs.xml:244(programlisting)
9727
#, no-wrap
9728
msgid ""
9729
"\n"
9730
"# set this to 0 to disable apport, or to 1 to enable it\n"
9731
"# you can temporarily override this with\n"
9732
"# sudo service apport start force_start=1\n"
9733
"enabled=<userinput>1</userinput>\n"
9734
"\n"
9735
"# set maximum core dump file size (default: 209715200 bytes == 200 MB)\n"
9736
"maxsize=209715200\n"
9737
msgstr ""
9738
9739
#: serverguide/C/reporting-bugs.xml:254(para)
9740
msgid ""
9741
"Once you have completed editing <filename>/etc/default/apport</filename>, "
9742
"start the apport service:"
9743
msgstr ""
9744
9745
#: serverguide/C/reporting-bugs.xml:261(command)
9746
msgid "sudo start apport"
9747
msgstr ""
9748
9749
#: serverguide/C/reporting-bugs.xml:264(para)
9750
msgid ""
9751
"After an application crashes, use the <application>apport-cli</application> "
9752
"command to search for the existing saved crash report information:"
9753
msgstr ""
9754
9755
#: serverguide/C/reporting-bugs.xml:271(command)
9756
msgid "apport-cli"
9757
msgstr ""
9758
9759
#: serverguide/C/reporting-bugs.xml:270(screen)
9760
#, no-wrap
9761
msgid ""
9762
"\n"
9763
"<placeholder-1/>\n"
9764
"\n"
9765
"*** dash closed unexpectedly on 2010-03-11 at 21:40:59.\n"
9766
"\n"
9767
"If you were not doing anything confidential (entering passwords or other\n"
9768
"private information), you can help to improve the application by\n"
9769
"reporting\n"
9770
"the problem.\n"
9771
"\n"
9772
"What would you like to do? Your options are:\n"
9773
" R: Report Problem...\n"
9774
" I: Cancel and ignore future crashes of this program version\n"
9775
" C: Cancel\n"
9776
"Please choose (R/I/C):\n"
9777
msgstr ""
9778
9779
#: serverguide/C/reporting-bugs.xml:287(para)
9780
msgid ""
9781
"Selecting <emphasis>Report Problem</emphasis> will walk you through similar "
9782
"steps as when using ubuntu-bug. One important difference is that a crash "
9783
"report will be marked as private when filed on Launchpad, meaning that it "
9784
"will be visible to only a limited set of bug triagers. These triagers will "
9785
"review the gathered data for private information before making the bug "
9786
"report publicly visible."
9787
msgstr ""
9788
9789
#: serverguide/C/reporting-bugs.xml:307(para)
9790
msgid ""
9791
"See the <ulink "
9792
"url=\"https://help.ubuntu.com/community/ReportingBugs\">Reporting "
9793
"Bugs</ulink> Ubuntu wiki page."
9794
msgstr ""
9795
9796
#: serverguide/C/reporting-bugs.xml:313(para)
9797
msgid ""
9798
"Also, the <ulink url=\"https://wiki.ubuntu.com/Apport\">Apport</ulink> page "
9799
"has some useful information. Though some of it pertains to using a GUI."
8651
9800
msgstr ""
8652
9801
8653
9802
#: serverguide/C/remote-administration.xml:13(title)
8884
10033
msgstr ""
8885
10034
8886
10035
#: serverguide/C/remote-administration.xml:196(command)
8887
msgid "chmod 644 .ssh/authorized_keys"
10036
msgid "chmod 600 .ssh/authorized_keys"
8888
10037
msgstr ""
8889
10038
8890
10039
#: serverguide/C/remote-administration.xml:198(para)
8893
10042
"password."
8894
10043
msgstr ""
8895
10044
8896
#: serverguide/C/remote-administration.xml:205(ulink)
10045
#: serverguide/C/remote-administration.xml:207(para)
10046
msgid ""
10047
"<ulink url=\"https://help.ubuntu.com/community/SSH\">Ubuntu Wiki SSH</ulink> "
10048
"page."
10049
msgstr ""
10050
10051
#: serverguide/C/remote-administration.xml:213(ulink)
8897
10052
msgid "OpenSSH Website"
8898
10053
msgstr ""
8899
10054
8900
#: serverguide/C/remote-administration.xml:208(ulink)
10055
#: serverguide/C/remote-administration.xml:218(ulink)
8901
10056
msgid "Advanced OpenSSH Wiki Page"
8902
10057
msgstr ""
8903
10058
8904
#: serverguide/C/remote-administration.xml:213(title)
10059
#: serverguide/C/remote-administration.xml:226(title)
8905
10060
msgid "eBox"
8906
10061
msgstr ""
8907
10062
8908
#: serverguide/C/remote-administration.xml:214(para)
10063
#: serverguide/C/remote-administration.xml:227(para)
8909
10064
msgid ""
8910
10065
"<application>eBox</application> is a web framework used to manage server "
8911
10066
"application configuration. The modular design of eBox allows you to pick and "
8912
10067
"choose which services you want to configure using eBox."
8913
10068
msgstr ""
8914
10069
8915
#: serverguide/C/remote-administration.xml:221(para)
10070
#: serverguide/C/remote-administration.xml:234(para)
8916
10071
msgid ""
8917
10072
"The different <application>eBox</application> modules are split into "
8918
10073
"different packages, allowing you to only install those necessary. One way to "
8919
10074
"view the available packages is to enter the following from a terminal:"
8920
10075
msgstr ""
8921
10076
8922
#: serverguide/C/remote-administration.xml:227(command)
10077
#: serverguide/C/remote-administration.xml:240(command)
8923
10078
msgid "apt-cache rdepends ebox | uniq"
8924
10079
msgstr ""
8925
10080
8926
#: serverguide/C/remote-administration.xml:229(para)
10081
#: serverguide/C/remote-administration.xml:242(para)
8927
10082
msgid ""
8928
10083
"To install the <application>ebox</application> package, which contains the "
8929
10084
"default modules, enter the following:"
8930
10085
msgstr ""
8931
10086
8932
#: serverguide/C/remote-administration.xml:234(command)
10087
#: serverguide/C/remote-administration.xml:247(command)
8933
10088
msgid "sudo apt-get install ebox"
8934
10089
msgstr ""
8935
10090
8936
#: serverguide/C/remote-administration.xml:237(para)
10091
#: serverguide/C/remote-administration.xml:250(para)
8937
10092
msgid ""
8938
10093
"During the installation you will be asked to supply a password for the ebox "
8939
10094
"user. After installing eBox the web interface can be accessed from: "
8940
10095
"<emphasis>https://yourserver/ebox</emphasis>."
8941
10096
msgstr ""
8942
10097
8943
#: serverguide/C/remote-administration.xml:246(para)
10098
#: serverguide/C/remote-administration.xml:259(para)
8944
10099
msgid ""
8945
10100
"An important thing to remember when using <application>eBox</application> is "
8946
10101
"that when configuring most modules there is a <emphasis>Change</emphasis> "
8950
10105
"<quote>Save changes</quote> link in the top right hand corner."
8951
10106
msgstr ""
8952
10107
8953
#: serverguide/C/remote-administration.xml:254(para)
10108
#: serverguide/C/remote-administration.xml:267(para)
8954
10109
msgid ""
8955
10110
"Once you make a change that requires a Save, the link will change from green "
8956
10111
"to red."
8957
10112
msgstr ""
8958
10113
8959
#: serverguide/C/remote-administration.xml:260(title)
10114
#: serverguide/C/remote-administration.xml:273(title)
8960
10115
msgid "eBox Modules"
8961
10116
msgstr ""
8962
10117
8963
#: serverguide/C/remote-administration.xml:261(para)
10118
#: serverguide/C/remote-administration.xml:274(para)
8964
10119
msgid ""
8965
10120
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
8966
10121
"new module is installed it will not be automatically enabled."
8967
10122
msgstr ""
8968
10123
8969
#: serverguide/C/remote-administration.xml:265(para)
10124
#: serverguide/C/remote-administration.xml:278(para)
8970
10125
msgid ""
8971
10126
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
8972
10127
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
8974
10129
"link."
8975
10130
msgstr ""
8976
10131
8977
#: serverguide/C/remote-administration.xml:271(title)
10132
#: serverguide/C/remote-administration.xml:284(title)
8978
10133
msgid "Default Modules"
8979
10134
msgstr ""
8980
10135
8981
#: serverguide/C/remote-administration.xml:272(para)
10136
#: serverguide/C/remote-administration.xml:285(para)
8982
10137
msgid ""
8983
10138
"This section provides a quick summary of the default "
8984
10139
"<application>eBox</application> modules."
8985
10140
msgstr ""
8986
10141
8987
#: serverguide/C/remote-administration.xml:278(para)
10142
#: serverguide/C/remote-administration.xml:291(para)
8988
10143
msgid ""
8989
10144
"<emphasis>System:</emphasis> contains options allowing configuration of "
8990
10145
"general eBox items."
8991
10146
msgstr ""
8992
10147
8993
#: serverguide/C/remote-administration.xml:284(para)
10148
#: serverguide/C/remote-administration.xml:297(para)
8994
10149
msgid ""
8995
10150
"<emphasis>General:</emphasis> allows you to set the language, port number, "
8996
10151
"and contains a change password form."
8997
10152
msgstr ""
8998
10153
8999
#: serverguide/C/remote-administration.xml:290(para)
10154
#: serverguide/C/remote-administration.xml:303(para)
9000
10155
msgid ""
9001
10156
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
9002
10157
"about disk usage."
9003
10158
msgstr ""
9004
10159
9005
#: serverguide/C/remote-administration.xml:296(para)
10160
#: serverguide/C/remote-administration.xml:309(para)
9006
10161
msgid ""
9007
10162
"<emphasis>Backup:</emphasis> is used to backup "
9008
10163
"<application>eBox</application> configuration information, and the "
9011
10166
"such as log files."
9012
10167
msgstr ""
9013
10168
9014
#: serverguide/C/remote-administration.xml:304(para)
10169
#: serverguide/C/remote-administration.xml:317(para)
9015
10170
msgid ""
9016
10171
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
9017
10172
msgstr ""
9018
10173
9019
#: serverguide/C/remote-administration.xml:309(para)
10174
#: serverguide/C/remote-administration.xml:322(para)
9020
10175
msgid ""
9021
10176
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
9022
10177
"when reporting bugs to the eBox developers."
9023
10178
msgstr ""
9024
10179
9025
#: serverguide/C/remote-administration.xml:317(para)
10180
#: serverguide/C/remote-administration.xml:330(para)
9026
10181
msgid ""
9027
10182
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9028
10183
"queried depending on the purge time configured."
9029
10184
msgstr ""
9030
10185
9031
#: serverguide/C/remote-administration.xml:323(para)
10186
#: serverguide/C/remote-administration.xml:336(para)
9032
10187
msgid ""
9033
10188
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9034
10189
"through rss, jabber, and log file."
9035
10190
msgstr ""
9036
10191
9037
#: serverguide/C/remote-administration.xml:330(emphasis)
10192
#: serverguide/C/remote-administration.xml:343(emphasis)
9038
10193
msgid "Available Events:"
9039
10194
msgstr ""
9040
10195
9041
#: serverguide/C/remote-administration.xml:334(para)
10196
#: serverguide/C/remote-administration.xml:347(para)
9042
10197
msgid ""
9043
10198
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9044
10199
"drops below a configured percentage, 10% by default."
9045
10200
msgstr ""
9046
10201
9047
#: serverguide/C/remote-administration.xml:340(para)
10202
#: serverguide/C/remote-administration.xml:353(para)
9048
10203
msgid ""
9049
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9050
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
10204
"<emphasis>Log Observer:</emphasis> sends an alert when a configured logger "
10205
"has logged something."
9051
10206
msgstr ""
9052
10207
9053
#: serverguide/C/remote-administration.xml:346(para)
10208
#: serverguide/C/remote-administration.xml:359(para)
9054
10209
msgid ""
9055
10210
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9056
10211
"any issues arise."
9057
10212
msgstr ""
9058
10213
9059
#: serverguide/C/remote-administration.xml:352(para)
10214
#: serverguide/C/remote-administration.xml:365(para)
9060
10215
msgid ""
9061
10216
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9062
10217
"times in a short time period."
9063
10218
msgstr ""
9064
10219
9065
#: serverguide/C/remote-administration.xml:358(para)
10220
#: serverguide/C/remote-administration.xml:371(para)
9066
10221
msgid ""
9067
10222
"<emphasis>State:</emphasis> alerts on the state of "
9068
10223
"<application>eBox</application>, either up or down."
9069
10224
msgstr ""
9070
10225
9071
#: serverguide/C/remote-administration.xml:367(emphasis)
10226
#: serverguide/C/remote-administration.xml:380(emphasis)
9072
10227
msgid "Dispatchers:"
9073
10228
msgstr ""
9074
10229
9075
#: serverguide/C/remote-administration.xml:371(para)
10230
#: serverguide/C/remote-administration.xml:384(para)
9076
10231
msgid ""
9077
10232
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9078
10233
"<application>eBox</application> log file "
9079
10234
"<filename>/var/log/ebox/ebox.log</filename>."
9080
10235
msgstr ""
9081
10236
9082
#: serverguide/C/remote-administration.xml:378(para)
10237
#: serverguide/C/remote-administration.xml:391(para)
9083
10238
msgid ""
9084
10239
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9085
10240
"configure it by clicking on the <quote>Configure</quote> icon."
9086
10241
msgstr ""
9087
10242
9088
#: serverguide/C/remote-administration.xml:384(para)
10243
#: serverguide/C/remote-administration.xml:397(para)
9089
10244
msgid ""
9090
10245
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9091
10246
"subscribe to the link in order to view event alerts."
9092
10247
msgstr ""
9093
10248
9094
#: serverguide/C/remote-administration.xml:397(title)
10249
#: serverguide/C/remote-administration.xml:410(title)
9095
10250
msgid "Additional Modules"
9096
10251
msgstr ""
9097
10252
9098
#: serverguide/C/remote-administration.xml:398(para)
10253
#: serverguide/C/remote-administration.xml:411(para)
9099
10254
msgid ""
9100
10255
"Here is a quick description of other available "
9101
10256
"<application>eBox</application> modules:"
9102
10257
msgstr ""
9103
10258
9104
#: serverguide/C/remote-administration.xml:403(para)
10259
#: serverguide/C/remote-administration.xml:416(para)
9105
10260
msgid ""
9106
10261
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9107
10262
"options through eBox."
9108
10263
msgstr ""
9109
10264
9110
#: serverguide/C/remote-administration.xml:409(para)
10265
#: serverguide/C/remote-administration.xml:422(para)
9111
10266
msgid ""
9112
10267
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9113
10268
msgstr ""
9114
10269
9115
#: serverguide/C/remote-administration.xml:414(para)
10270
#: serverguide/C/remote-administration.xml:427(para)
9116
10271
msgid ""
9117
10272
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9118
10273
"groups contained in an <application>OpenLDAP</application> LDAP directory."
9119
10274
msgstr ""
9120
10275
9121
#: serverguide/C/remote-administration.xml:420(para)
10276
#: serverguide/C/remote-administration.xml:433(para)
9122
10277
msgid ""
9123
10278
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9124
10279
"server."
9125
10280
msgstr ""
9126
10281
9127
#: serverguide/C/remote-administration.xml:425(para)
10282
#: serverguide/C/remote-administration.xml:438(para)
9128
10283
msgid ""
9129
10284
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9130
10285
"server configuration options."
9131
10286
msgstr ""
9132
10287
9133
#: serverguide/C/remote-administration.xml:431(para)
10288
#: serverguide/C/remote-administration.xml:444(para)
9134
10289
msgid ""
9135
10290
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9136
10291
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9137
10292
"group of IPs."
9138
10293
msgstr ""
9139
10294
9140
#: serverguide/C/remote-administration.xml:438(para)
10295
#: serverguide/C/remote-administration.xml:451(para)
9141
10296
msgid ""
9142
10297
"<emphasis>Services:</emphasis> displays configuration information for "
9143
10298
"services that are available to the network."
9144
10299
msgstr ""
9145
10300
9146
#: serverguide/C/remote-administration.xml:444(para)
10301
#: serverguide/C/remote-administration.xml:457(para)
9147
10302
msgid ""
9148
10303
"<emphasis>Squid:</emphasis> configuration options for the "
9149
10304
"<application>Squid</application> proxy server."
9150
10305
msgstr ""
9151
10306
9152
#: serverguide/C/remote-administration.xml:450(para)
10307
#: serverguide/C/remote-administration.xml:463(para)
9153
10308
msgid ""
9154
10309
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9155
10310
msgstr ""
9156
10311
9157
#: serverguide/C/remote-administration.xml:455(para)
10312
#: serverguide/C/remote-administration.xml:468(para)
9158
10313
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
9159
10314
msgstr ""
9160
10315
9161
#: serverguide/C/remote-administration.xml:460(para)
10316
#: serverguide/C/remote-administration.xml:473(para)
9162
10317
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
9163
10318
msgstr ""
9164
10319
9165
#: serverguide/C/remote-administration.xml:465(para)
10320
#: serverguide/C/remote-administration.xml:478(para)
9166
10321
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
9167
10322
msgstr ""
9168
10323
9169
#: serverguide/C/remote-administration.xml:470(para)
10324
#: serverguide/C/remote-administration.xml:483(para)
9170
10325
msgid ""
9171
10326
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9172
10327
"Network application."
9173
10328
msgstr ""
9174
10329
9175
#: serverguide/C/remote-administration.xml:481(para)
9176
msgid ""
9177
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9178
"Home Page</ulink>."
10330
#: serverguide/C/remote-administration.xml:494(para)
10331
msgid ""
10332
"The <ulink url=\"https://help.ubuntu.com/community/eBox\">eBox Ubuntu "
10333
"Wiki</ulink> page has more details."
10334
msgstr ""
10335
10336
#: serverguide/C/remote-administration.xml:499(para)
10337
msgid ""
10338
"For more information also see the <ulink url=\"http://ebox-"
10339
"platform.com/\">eBox Home Page</ulink>."
9179
10340
msgstr ""
9180
10341
9181
10342
#: serverguide/C/package-management.xml:13(title)
9636
10797
msgid ""
9637
10798
"\n"
9638
10799
"Unattended-Upgrade::Allowed-Origins {\n"
9639
" \"Ubuntu karmic-security\";\n"
9640
"// \"Ubuntu karmic-updates\";\n"
10800
" \"Ubuntu lucid-security\";\n"
10801
"// \"Ubuntu lucid-updates\";\n"
9641
10802
"};\n"
9642
10803
msgstr ""
9643
10804
9668
10829
9669
10830
#: serverguide/C/package-management.xml:328(para)
9670
10831
msgid ""
10832
"To enable automatic updates, edit "
10833
"<filename>/etc/apt/apt.conf.d/10periodic</filename> and set the appropriate "
10834
"<application>apt</application> configuration options:"
10835
msgstr ""
10836
10837
#: serverguide/C/package-management.xml:332(programlisting)
10838
#, no-wrap
10839
msgid ""
10840
"\n"
10841
"APT::Periodic::Update-Package-Lists \"1\";\n"
10842
"APT::Periodic::Download-Upgradeable-Packages \"1\";\n"
10843
"APT::Periodic::AutocleanInterval \"7\";\n"
10844
"APT::Periodic::Unattended-Upgrade \"1\";\n"
10845
msgstr ""
10846
10847
#: serverguide/C/package-management.xml:339(para)
10848
msgid ""
10849
"The above configuration updates the package list, downloads, and installs "
10850
"available upgrades every day. The local download archive is cleaned every "
10851
"week."
10852
msgstr ""
10853
10854
#: serverguide/C/package-management.xml:345(para)
10855
msgid ""
10856
"You can read more about <application>apt</application> Periodic "
10857
"configuration options in the <filename>/etc/cron.daily/apt</filename> script "
10858
"header."
10859
msgstr ""
10860
10861
#: serverguide/C/package-management.xml:350(para)
10862
msgid ""
9671
10863
"The results of <application>unattended-upgrades</application> will be logged "
9672
10864
"to <filename>/var/log/unattended-upgrades</filename>."
9673
10865
msgstr ""
9674
10866
9675
#: serverguide/C/package-management.xml:333(title)
10867
#: serverguide/C/package-management.xml:355(title)
9676
10868
msgid "Notifications"
9677
10869
msgstr ""
9678
10870
9679
#: serverguide/C/package-management.xml:335(para)
10871
#: serverguide/C/package-management.xml:357(para)
9680
10872
msgid ""
9681
10873
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
9682
10874
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
9684
10876
"detailing any packages that need upgrading or have problems."
9685
10877
msgstr ""
9686
10878
9687
#: serverguide/C/package-management.xml:340(para)
10879
#: serverguide/C/package-management.xml:362(para)
9688
10880
msgid ""
9689
10881
"Another useful package is <application>apticron</application>. "
9690
10882
"<application>apticron</application> will configure a "
9691
10883
"<application>cron</application> job to email an administrator information "
9692
"about any packages on the system that need updated as well as a summary of "
9693
"changes in each package."
10884
"about any packages on the system that have updates available, as well as a "
10885
"summary of changes in each package."
9694
10886
msgstr ""
9695
10887
9696
#: serverguide/C/package-management.xml:346(para)
10888
#: serverguide/C/package-management.xml:368(para)
9697
10889
msgid ""
9698
10890
"To install the <application>apticron</application> package, in a terminal "
9699
10891
"enter:"
9700
10892
msgstr ""
9701
10893
9702
#: serverguide/C/package-management.xml:351(command)
10894
#: serverguide/C/package-management.xml:373(command)
9703
10895
msgid "sudo apt-get install apticron"
9704
10896
msgstr ""
9705
10897
9706
#: serverguide/C/package-management.xml:354(para)
10898
#: serverguide/C/package-management.xml:376(para)
9707
10899
msgid ""
9708
10900
"Once the package is installed edit "
9709
10901
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
9710
10902
"and other options:"
9711
10903
msgstr ""
9712
10904
9713
#: serverguide/C/package-management.xml:358(programlisting)
10905
#: serverguide/C/package-management.xml:380(programlisting)
9714
10906
#, no-wrap
9715
10907
msgid ""
9716
10908
"\n"
9717
10909
"EMAIL=\"root@example.com\"\n"
9718
10910
msgstr ""
9719
10911
9720
#: serverguide/C/package-management.xml:367(para)
10912
#: serverguide/C/package-management.xml:389(para)
9721
10913
msgid ""
9722
10914
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
9723
10915
"system repositories is stored in the /etc/apt/sources.list configuration "
9725
10917
"adding or removing repository references from the file."
9726
10918
msgstr ""
9727
10919
9728
#: serverguide/C/package-management.xml:373(para)
10920
#: serverguide/C/package-management.xml:395(para)
9729
10921
msgid ""
9730
10922
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
9731
10923
"typical <filename>/etc/apt/sources.list</filename> file."
9732
10924
msgstr ""
9733
10925
9734
#: serverguide/C/package-management.xml:377(para)
10926
#: serverguide/C/package-management.xml:399(para)
9735
10927
msgid ""
9736
10928
"You may edit the file to enable repositories or disable them. For example, "
9737
10929
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
9739
10931
"which appears at the top of the file:"
9740
10932
msgstr ""
9741
10933
9742
#: serverguide/C/package-management.xml:382(screen)
10934
#: serverguide/C/package-management.xml:404(screen)
9743
10935
#, no-wrap
9744
10936
msgid ""
9745
10937
"\n"
9746
10938
"# no more prompting for CD-ROM please\n"
9747
"# deb cdrom:[Ubuntu 9.10_Karmic_Koala - Release i386 (20070419.1)]/ karmic "
10939
"# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid "
9748
10940
"main restricted\n"
9749
10941
msgstr ""
9750
10942
9751
#: serverguide/C/package-management.xml:388(title)
10943
#: serverguide/C/package-management.xml:410(title)
9752
10944
msgid "Extra Repositories"
9753
10945
msgstr ""
9754
10946
9755
#: serverguide/C/package-management.xml:389(para)
10947
#: serverguide/C/package-management.xml:411(para)
9756
10948
msgid ""
9757
10949
"In addition to the officially supported package repositories available for "
9758
10950
"Ubuntu, there exist additional community-maintained repositories which add "
9763
10955
"which are safe for use with your Ubuntu computer."
9764
10956
msgstr ""
9765
10957
9766
#: serverguide/C/package-management.xml:392(para)
10958
#: serverguide/C/package-management.xml:414(para)
9767
10959
msgid ""
9768
10960
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
9769
10961
"licensing issues that prevent them from being distributed with a free "
9770
10962
"operating system, and they may be illegal in your locality."
9771
10963
msgstr ""
9772
10964
9773
#: serverguide/C/package-management.xml:394(para)
10965
#: serverguide/C/package-management.xml:416(para)
9774
10966
msgid ""
9775
10967
"Be advised that neither the <emphasis>Universe</emphasis> or "
9776
10968
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
9778
10970
"packages."
9779
10971
msgstr ""
9780
10972
9781
#: serverguide/C/package-management.xml:398(para)
10973
#: serverguide/C/package-management.xml:420(para)
9782
10974
msgid ""
9783
10975
"Many other package sources are available, sometimes even offering only one "
9784
10976
"package, as in the case of package sources provided by the developer of a "
9789
10981
"functional in some respects."
9790
10982
msgstr ""
9791
10983
9792
#: serverguide/C/package-management.xml:401(para)
10984
#: serverguide/C/package-management.xml:423(para)
9793
10985
msgid ""
9794
10986
"By default, the <emphasis>Universe</emphasis> and "
9795
10987
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
9797
10989
"comment the following lines:"
9798
10990
msgstr ""
9799
10991
9800
#: serverguide/C/package-management.xml:408(programlisting)
10992
#: serverguide/C/package-management.xml:430(programlisting)
9801
10993
#, no-wrap
9802
10994
msgid ""
9803
10995
"\n"
9804
"deb http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9805
"deb-src http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9806
"\n"
9807
"deb http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9808
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9809
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9810
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9811
"\n"
9812
"deb http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9813
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9814
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9815
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9816
"\n"
9817
"deb http://security.ubuntu.com/ubuntu karmic-security universe\n"
9818
"deb-src http://security.ubuntu.com/ubuntu karmic-security universe\n"
9819
"deb http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
9820
"deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
10996
"deb http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
10997
"deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n"
10998
"\n"
10999
"deb http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
11000
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\n"
11001
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
11002
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n"
11003
"\n"
11004
"deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
11005
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\n"
11006
"deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
11007
"deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n"
11008
"\n"
11009
"deb http://security.ubuntu.com/ubuntu lucid-security universe\n"
11010
"deb-src http://security.ubuntu.com/ubuntu lucid-security universe\n"
11011
"deb http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
11012
"deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
9821
11013
msgstr ""
9822
11014
9823
#: serverguide/C/package-management.xml:434(para)
11015
#: serverguide/C/package-management.xml:456(para)
9824
11016
msgid ""
9825
11017
"Most of the material covered in this chapter is available in "
9826
11018
"<application>man</application> pages, many of which are available online."
9827
11019
msgstr ""
9828
11020
9829
#: serverguide/C/package-management.xml:441(para)
11021
#: serverguide/C/package-management.xml:463(para)
11022
msgid ""
11023
"The <ulink "
11024
"url=\"https://help.ubuntu.com/community/InstallingSoftware\">InstallingSoftwa"
11025
"re</ulink> Ubuntu wiki page has more information."
11026
msgstr ""
11027
11028
#: serverguide/C/package-management.xml:468(para)
9830
11029
msgid ""
9831
11030
"For more <application>dpkg</application> details see the <ulink "
9832
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/dpkg.1.html\">dpkg "
11031
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/dpkg.1.html\">dpkg "
9833
11032
"man page</ulink>."
9834
11033
msgstr ""
9835
11034
9836
#: serverguide/C/package-management.xml:447(para)
11035
#: serverguide/C/package-management.xml:474(para)
9837
11036
msgid ""
9838
11037
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
9839
11038
"HOWTO</ulink> and <ulink "
9840
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/apt-"
9841
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
9842
"<application>apt-get</application> usage."
11039
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/apt-get.8.html\">apt-"
11040
"get man page</ulink> contain useful information regarding <application>apt-"
11041
"get</application> usage."
9843
11042
msgstr ""
9844
11043
9845
#: serverguide/C/package-management.xml:454(para)
11044
#: serverguide/C/package-management.xml:481(para)
9846
11045
msgid ""
9847
11046
"See the <ulink "
9848
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man8/aptitude.8.html\">aptit"
9849
"ude man page</ulink> for more <application>aptitude</application> options."
11047
"url=\"http://manpages.ubuntu.com/manpages/lucid/man8/aptitude.8.html\">aptitu"
11048
"de man page</ulink> for more <application>aptitude</application> options."
9850
11049
msgstr ""
9851
11050
9852
#: serverguide/C/package-management.xml:460(para)
11051
#: serverguide/C/package-management.xml:487(para)
9853
11052
msgid ""
9854
11053
"The <ulink "
9855
11054
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
9871
11070
msgstr ""
9872
11071
9873
11072
#: serverguide/C/other-apps.xml:23(title)
9874
msgid "Update MOTD"
11073
msgid "pam_motd"
9875
11074
msgstr ""
9876
11075
9877
11076
#: serverguide/C/other-apps.xml:25(para)
9892
11091
9893
11092
#: serverguide/C/other-apps.xml:40(para)
9894
11093
msgid ""
9895
"<emphasis>update-motd:</emphasis> is used to automatically update the MOTD "
9896
"via <application>cron</application>."
11094
"<emphasis>update-notifier-common:</emphasis> is used to automatically update "
11095
"the MOTD via <application>pam_motd</application> module."
9897
11096
msgstr ""
9898
11097
9899
11098
#: serverguide/C/other-apps.xml:46(para)
9900
11099
msgid ""
9901
"The <application>update-motd</application> utility has several options to "
9902
"further customize the MOTD:"
11100
"<application>pam_motd</application> executes the scripts in "
11101
"<filename>/etc/update-motd.d</filename> in order based on the number "
11102
"prepended to the script. The output of the scripts is written to "
11103
"<filename>/var/run/motd</filename>, keeping the numerical order, then "
11104
"concatenated with <filename>/etc/motd.tail</filename>."
9903
11105
msgstr ""
9904
11106
9905
11107
#: serverguide/C/other-apps.xml:52(para)
9906
11108
msgid ""
9907
"<emphasis>--disable:</emphasis> prevents automatic updates of the MOTD. "
9908
"Using this option creates the <filename>/var/lib/update-"
9909
"motd/disabled</filename> file, which if present stops <application>update-"
9910
"motd</application> from modifying <filename>/etc/motd</filename>."
9911
msgstr ""
9912
9913
#: serverguide/C/other-apps.xml:59(para)
9914
msgid ""
9915
"<emphasis>--enable:</emphasis> enables the automatic MOTD updates. If "
9916
"<filename>/var/lib/update-motd</filename> is present it will be removed."
9917
msgstr ""
9918
9919
#: serverguide/C/other-apps.xml:65(para)
9920
msgid ""
9921
"<emphasis>--force:</emphasis> does a one time update of "
9922
"<filename>/etc/motd</filename>, overriding <application>update-"
9923
"motd</application> if it has been disabled."
9924
msgstr ""
9925
9926
#: serverguide/C/other-apps.xml:71(para)
9927
msgid ""
9928
"<emphasis>d, hourly, weekly, monthly:</emphasis> option will run the scripts "
9929
"in <filename>/etc/update-motd.d/</filename> (default), <filename>/etc/update-"
9930
"motd.d/hourly</filename>, <filename>/etc/update-motd.d/weekly</filename>, or "
9931
"<filename>/etc/update-motd.d/monthly</filename> respectively."
9932
msgstr ""
9933
9934
#: serverguide/C/other-apps.xml:79(para)
9935
msgid ""
9936
"<application>update-motd</application> executes the scripts in "
9937
"<filename>/etc/update-motd.d</filename> in order based on the number "
9938
"prepended to the script. Separate <application>cron</application> scripts "
9939
"execute every ten minutes, hourly, weekly, and monthly running the "
9940
"corresponding scripts in <filename>/etc/update-motd.d</filename>. The output "
9941
"of the scripts is written to <filename>/var/run/update-motd/</filename>, "
9942
"keeping the numerical order, then concatenated with "
9943
"<filename>/etc/motd.tail</filename> and written to "
9944
"<filename>/etc/motd</filename>."
9945
msgstr ""
9946
9947
#: serverguide/C/other-apps.xml:87(para)
9948
msgid ""
9949
11109
"You can add your own dynamic information to the MOTD. For example, to add "
9950
11110
"local weather information:"
9951
11111
msgstr ""
9952
11112
9953
#: serverguide/C/other-apps.xml:93(para)
11113
#: serverguide/C/other-apps.xml:58(para)
9954
11114
msgid "First, install the <application>weather-util</application> package:"
9955
11115
msgstr ""
9956
11116
9957
#: serverguide/C/other-apps.xml:98(command)
11117
#: serverguide/C/other-apps.xml:63(command)
9958
11118
msgid "sudo apt-get install weather-util"
9959
11119
msgstr ""
9960
11120
9961
#: serverguide/C/other-apps.xml:103(para)
11121
#: serverguide/C/other-apps.xml:68(para)
9962
11122
msgid ""
9963
11123
"The <application>weather</application> utility uses METAR data from the "
9964
11124
"National Oceanic and Atmospheric Administration and forecasts from the "
9968
11128
"Weather Service</ulink> site."
9969
11129
msgstr ""
9970
11130
9971
#: serverguide/C/other-apps.xml:110(para)
11131
#: serverguide/C/other-apps.xml:75(para)
9972
11132
msgid ""
9973
11133
"Although the National Weather Service is a United States government agency "
9974
11134
"there are weather stations available world wide. However, local weather "
9975
11135
"information for all locations outside the U.S. may not be available."
9976
11136
msgstr ""
9977
11137
9978
#: serverguide/C/other-apps.xml:116(para)
11138
#: serverguide/C/other-apps.xml:81(para)
9979
11139
msgid ""
9980
11140
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
9981
11141
"script to use <application>weather</application> with your local ICAO "
9982
11142
"indicator:"
9983
11143
msgstr ""
9984
11144
9985
#: serverguide/C/other-apps.xml:121(programlisting)
11145
#: serverguide/C/other-apps.xml:86(programlisting)
9986
11146
#, no-wrap
9987
11147
msgid ""
9988
11148
"\n"
9989
11149
"#!/bin/sh\n"
9990
"##########################################################################\n"
9991
"#\n"
9992
"# Prints the local weather to /var/run/update-motd/60-local-weather \n"
9993
"# for update-motd.\n"
9994
"#\n"
9995
"##########################################################################\n"
11150
"#\n"
11151
"#\n"
11152
"# Prints the local weather information for the MOTD.\n"
11153
"#\n"
11154
"#\n"
9996
11155
"\n"
9997
11156
"# Replace KINT with your local weather station.\n"
9998
11157
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
9999
11158
"\n"
10000
"echo \"\" > /var/run/update-motd/60-local-weather\n"
10001
"weather -i KINT >> /var/run/update-motd/60-local-weather\n"
11159
"echo\n"
11160
"weather -i KINT\n"
11161
"echo\n"
10002
11162
"\n"
10003
11163
msgstr ""
10004
11164
10005
#: serverguide/C/other-apps.xml:139(para)
11165
#: serverguide/C/other-apps.xml:104(para)
10006
11166
msgid "Make the script executable:"
10007
11167
msgstr ""
10008
11168
10009
#: serverguide/C/other-apps.xml:144(command)
11169
#: serverguide/C/other-apps.xml:109(command)
10010
11170
msgid "sudo chmod 755 /usr/local/bin/local-weather"
10011
11171
msgstr ""
10012
11172
10013
#: serverguide/C/other-apps.xml:148(para)
11173
#: serverguide/C/other-apps.xml:113(para)
10014
11174
msgid ""
10015
"Next, create a symlink to <filename>/etc/update-motd.d/60-local-"
11175
"Next, create a symlink to <filename>/etc/update-motd.d/98-local-"
10016
11176
"weather</filename>:"
10017
11177
msgstr ""
10018
11178
10019
#: serverguide/C/other-apps.xml:153(command)
11179
#: serverguide/C/other-apps.xml:118(command)
10020
11180
msgid ""
10021
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
10022
msgstr ""
10023
10024
#: serverguide/C/other-apps.xml:157(para)
10025
msgid "Finally, update the MOTD:"
10026
msgstr ""
10027
10028
#: serverguide/C/other-apps.xml:162(command)
10029
msgid "sudo update-motd"
10030
msgstr ""
10031
10032
#: serverguide/C/other-apps.xml:167(para)
11181
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/98-local-weather"
11182
msgstr ""
11183
11184
#: serverguide/C/other-apps.xml:122(para)
11185
msgid "Finally, exit the server and re-login to view the new MOTD."
11186
msgstr ""
11187
11188
#: serverguide/C/other-apps.xml:128(para)
10033
11189
msgid ""
10034
11190
"You should now be greeted with some useful information, and some information "
10035
11191
"about the local weather that may not be quite so useful. Hopefully the "
10036
11192
"<application>local-weather</application> example demonstrates the "
10037
"flexibility of <application>update-motd</application>."
11193
"flexibility of <application>pam_motd</application>."
10038
11194
msgstr ""
10039
11195
10040
#: serverguide/C/other-apps.xml:175(title)
11196
#: serverguide/C/other-apps.xml:136(title)
10041
11197
msgid "etckeeper"
10042
11198
msgstr ""
10043
11199
10044
#: serverguide/C/other-apps.xml:177(para)
11200
#: serverguide/C/other-apps.xml:138(para)
10045
11201
msgid ""
10046
11202
"<application>etckeeper</application> allows the contents of <filename "
10047
11203
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10053
11209
"possible."
10054
11210
msgstr ""
10055
11211
10056
#: serverguide/C/other-apps.xml:185(para)
11212
#: serverguide/C/other-apps.xml:146(para)
10057
11213
msgid ""
10058
11214
"Install <application>etckeeper</application> by entering the following in a "
10059
11215
"terminal:"
10060
11216
msgstr ""
10061
11217
10062
#: serverguide/C/other-apps.xml:190(command)
11218
#: serverguide/C/other-apps.xml:151(command)
10063
11219
msgid "sudo apt-get install etckeeper"
10064
11220
msgstr ""
10065
11221
10066
#: serverguide/C/other-apps.xml:193(para)
11222
#: serverguide/C/other-apps.xml:154(para)
10067
11223
msgid ""
10068
11224
"The main configuration file, "
10069
11225
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
10074
11230
"installation. It is possible to undo this by entering the following command:"
10075
11231
msgstr ""
10076
11232
10077
#: serverguide/C/other-apps.xml:203(command)
11233
#: serverguide/C/other-apps.xml:164(command)
10078
11234
msgid "sudo etckeeper uninit"
10079
11235
msgstr ""
10080
11236
10081
#: serverguide/C/other-apps.xml:206(para)
11237
#: serverguide/C/other-apps.xml:167(para)
10082
11238
msgid ""
10083
11239
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
10084
11240
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
10087
11243
"commit your changes manually, together with a commit message, using:"
10088
11244
msgstr ""
10089
11245
10090
#: serverguide/C/other-apps.xml:215(command)
11246
#: serverguide/C/other-apps.xml:176(command)
10091
11247
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
10092
11248
msgstr ""
10093
11249
10094
#: serverguide/C/other-apps.xml:218(para)
11250
#: serverguide/C/other-apps.xml:179(para)
10095
11251
msgid ""
10096
11252
"Using the VCS commands you can view log information about files in "
10097
11253
"<filename>/etc</filename>:"
10098
11254
msgstr ""
10099
11255
10100
#: serverguide/C/other-apps.xml:223(command)
11256
#: serverguide/C/other-apps.xml:184(command)
10101
11257
msgid "sudo bzr log /etc/passwd"
10102
11258
msgstr ""
10103
11259
10104
#: serverguide/C/other-apps.xml:226(para)
11260
#: serverguide/C/other-apps.xml:187(para)
10105
11261
msgid ""
10106
11262
"To demonstrate the integration with the package management system, install "
10107
11263
"<application>postfix</application>:"
10108
11264
msgstr ""
10109
11265
10110
#: serverguide/C/other-apps.xml:231(command) serverguide/C/mail.xml:45(command)
11266
#: serverguide/C/other-apps.xml:192(command) serverguide/C/mail.xml:45(command)
10111
11267
msgid "sudo apt-get install postfix"
10112
11268
msgstr ""
10113
11269
10114
#: serverguide/C/other-apps.xml:234(para)
11270
#: serverguide/C/other-apps.xml:195(para)
10115
11271
msgid ""
10116
11272
"When the installation is finished, all the "
10117
11273
"<application>postfix</application> configuration files should be committed "
10118
11274
"to the repository:"
10119
11275
msgstr ""
10120
11276
10121
#: serverguide/C/other-apps.xml:240(computeroutput)
11277
#: serverguide/C/other-apps.xml:201(computeroutput)
10122
11278
#, no-wrap
10123
11279
msgid ""
10124
11280
"Committing to: /etc/\n"
10161
11317
"Committed revision 2."
10162
11318
msgstr ""
10163
11319
10164
#: serverguide/C/other-apps.xml:280(para)
11320
#: serverguide/C/other-apps.xml:241(para)
10165
11321
msgid ""
10166
11322
"For an example of how <application>etckeeper</application> tracks manual "
10167
11323
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10168
11324
"<application>bzr</application> you can see which files have been modified:"
10169
11325
msgstr ""
10170
11326
10171
#: serverguide/C/other-apps.xml:286(command)
11327
#: serverguide/C/other-apps.xml:247(command)
10172
11328
msgid "sudo bzr status /etc/"
10173
11329
msgstr ""
10174
11330
10175
#: serverguide/C/other-apps.xml:287(computeroutput)
11331
#: serverguide/C/other-apps.xml:248(computeroutput)
10176
11332
#, no-wrap
10177
11333
msgid ""
10178
11334
"modified:\n"
10179
11335
" hosts"
10180
11336
msgstr ""
10181
11337
10182
#: serverguide/C/other-apps.xml:291(para)
11338
#: serverguide/C/other-apps.xml:252(para)
10183
11339
msgid "Now commit the changes:"
10184
11340
msgstr ""
10185
11341
10186
#: serverguide/C/other-apps.xml:296(command)
11342
#: serverguide/C/other-apps.xml:257(command)
10187
11343
msgid "sudo etckeeper commit \"new host\""
10188
11344
msgstr ""
10189
11345
10190
#: serverguide/C/other-apps.xml:299(para)
11346
#: serverguide/C/other-apps.xml:260(para)
10191
11347
msgid ""
10192
11348
"For more information on <application>bzr</application> see <xref "
10193
11349
"linkend=\"bazaar\"/>."
10194
11350
msgstr ""
10195
11351
10196
#: serverguide/C/other-apps.xml:305(title)
10197
msgid "Screen Profiles"
11352
#: serverguide/C/other-apps.xml:266(title)
11353
msgid "Byobu"
10198
11354
msgstr ""
10199
11355
10200
#: serverguide/C/other-apps.xml:307(para)
11356
#: serverguide/C/other-apps.xml:268(para)
10201
11357
msgid ""
10202
11358
"One of the most useful applications for any system administrator is "
10203
11359
"<application>screen</application>. It allows the execution of multiple "
10204
11360
"shells in one terminal. To make some of the advanced "
10205
11361
"<application>screen</application> features more user friendly, and provide "
10206
"some useful information about the system, the <application>screen-"
10207
"profiles</application> package was created."
11362
"some useful information about the system, the "
11363
"<application>byobu</application> package was created."
10208
11364
msgstr ""
10209
11365
10210
#: serverguide/C/other-apps.xml:314(para)
11366
#: serverguide/C/other-apps.xml:275(para)
10211
11367
msgid ""
10212
"When executing <application>screen</application> for the first time you will "
10213
"be presented with the <application>screen-profiles-helper</application> "
10214
"menu. This menu will allow you to:"
11368
"When executing <application>byobu</application> pressing the "
11369
"<emphasis>F9</emphasis> key will bring up the "
11370
"<application>Configuration</application> menu. This menu will allow you to:"
10215
11371
msgstr ""
10216
11372
10217
#: serverguide/C/other-apps.xml:320(para)
11373
#: serverguide/C/other-apps.xml:281(para)
10218
11374
msgid "View the Help menu"
10219
11375
msgstr ""
10220
11376
10221
#: serverguide/C/other-apps.xml:321(para)
11377
#: serverguide/C/other-apps.xml:282(para)
11378
msgid "Change Byobu's background color"
11379
msgstr ""
11380
11381
#: serverguide/C/other-apps.xml:283(para)
11382
msgid "Change Byobu's foreground color"
11383
msgstr ""
11384
11385
#: serverguide/C/other-apps.xml:284(para)
11386
msgid "Toggle status notifications"
11387
msgstr ""
11388
11389
#: serverguide/C/other-apps.xml:285(para)
10222
11390
msgid "Change the key binding set"
10223
11391
msgstr ""
10224
11392
10225
#: serverguide/C/other-apps.xml:322(para)
10226
msgid "Change screen profiles"
10227
msgstr ""
10228
10229
#: serverguide/C/other-apps.xml:323(para)
11393
#: serverguide/C/other-apps.xml:286(para)
10230
11394
msgid "Change the escape sequence"
10231
11395
msgstr ""
10232
11396
10233
#: serverguide/C/other-apps.xml:324(para)
10234
msgid "Create new screen windows"
11397
#: serverguide/C/other-apps.xml:287(para)
11398
msgid "Create new windows"
10235
11399
msgstr ""
10236
11400
10237
#: serverguide/C/other-apps.xml:325(para)
11401
#: serverguide/C/other-apps.xml:288(para)
10238
11402
msgid "Manage the default windows"
10239
11403
msgstr ""
10240
11404
10241
#: serverguide/C/other-apps.xml:326(para)
10242
msgid "Install screen by default at login"
11405
#: serverguide/C/other-apps.xml:289(para)
11406
msgid "Byobu currently does not launch at login (toggle on)"
10243
11407
msgstr ""
10244
11408
10245
#: serverguide/C/other-apps.xml:329(para)
11409
#: serverguide/C/other-apps.xml:292(para)
10246
11410
msgid ""
10247
11411
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10248
11412
"sequence, new window, change window, etc. There are two key binding sets to "
10249
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10250
"you wish to use the original key bindings choose the "
11413
"choose from <emphasis>f-keys</emphasis> and <emphasis>screen-escape-"
11414
"keys</emphasis>. If you wish to use the original key bindings choose the "
10251
11415
"<emphasis>none</emphasis> set."
10252
11416
msgstr ""
10253
11417
10254
#: serverguide/C/other-apps.xml:335(para)
10255
msgid ""
10256
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10257
"displays the Ubuntu release, processor information, memory information, and "
10258
"the time and date. The effect is similar to a desktop menu. When a profile "
10259
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10260
"<application>select-screen-profile</application> utility can also be used to "
10261
"change profiles, in a terminal enter:"
10262
msgstr ""
10263
10264
#: serverguide/C/other-apps.xml:343(command)
10265
msgid "select-screen-profile -s ubuntu-light"
10266
msgstr ""
10267
10268
#: serverguide/C/other-apps.xml:346(para)
10269
msgid ""
10270
"The <emphasis>plain</emphasis> profile will change "
10271
"<application>screen</application> back to the defaults, which does not "
10272
"include the information menu at the bottom."
10273
msgstr ""
10274
10275
#: serverguide/C/other-apps.xml:351(para)
10276
msgid ""
10277
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10278
"will cause screen to be executed any time a terminal is opened. Changes made "
10279
"to <application>screen</application> are on a per user basis, and will not "
11418
#: serverguide/C/other-apps.xml:298(para)
11419
msgid ""
11420
"<application>byobu</application> provides a menu which displays the Ubuntu "
11421
"release, processor information, memory information, and the time and date. "
11422
"The effect is similar to a desktop menu."
11423
msgstr ""
11424
11425
#: serverguide/C/other-apps.xml:303(para)
11426
msgid ""
11427
"Using the <emphasis>\"Byobu currently does not launch at login (toggle "
11428
"on)\"</emphasis> option will cause <application>byobu</application> to be "
11429
"executed any time a terminal is opened. Changes made to "
11430
"<application>byobu</application> are on a per user basis, and will not "
10280
11431
"affect other users on the system."
10281
11432
msgstr ""
10282
11433
10283
#: serverguide/C/other-apps.xml:356(para)
11434
#: serverguide/C/other-apps.xml:309(para)
10284
11435
msgid ""
10285
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10286
"mode. If you are using one of the Ubuntu profiles press the "
10287
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10288
"scrollback mode. Scrollback mode allows you to navigate past output using "
10289
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
10290
"commands:"
11436
"One difference when using byobu is the <emphasis>scrollback</emphasis> mode. "
11437
"Press the <emphasis>F7</emphasis> key to enter scrollback mode. Scrollback "
11438
"mode allows you to navigate past output using <emphasis>vi</emphasis> like "
11439
"commands. Here is a quick list of movement commands:"
10291
11440
msgstr ""
10292
11441
10293
#: serverguide/C/other-apps.xml:363(para)
11442
#: serverguide/C/other-apps.xml:316(para)
10294
11443
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
10295
11444
msgstr ""
10296
11445
10297
#: serverguide/C/other-apps.xml:364(para)
11446
#: serverguide/C/other-apps.xml:317(para)
10298
11447
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
10299
11448
msgstr ""
10300
11449
10301
#: serverguide/C/other-apps.xml:365(para)
11450
#: serverguide/C/other-apps.xml:318(para)
10302
11451
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
10303
11452
msgstr ""
10304
11453
10305
#: serverguide/C/other-apps.xml:366(para)
11454
#: serverguide/C/other-apps.xml:319(para)
10306
11455
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
10307
11456
msgstr ""
10308
11457
10309
#: serverguide/C/other-apps.xml:367(para)
11458
#: serverguide/C/other-apps.xml:320(para)
10310
11459
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
10311
11460
msgstr ""
10312
11461
10313
#: serverguide/C/other-apps.xml:368(para)
11462
#: serverguide/C/other-apps.xml:321(para)
10314
11463
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
10315
11464
msgstr ""
10316
11465
10317
#: serverguide/C/other-apps.xml:369(para)
11466
#: serverguide/C/other-apps.xml:322(para)
10318
11467
msgid ""
10319
11468
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10320
11469
"the buffer)"
10321
11470
msgstr ""
10322
11471
10323
#: serverguide/C/other-apps.xml:370(para)
10324
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
10325
msgstr ""
10326
10327
#: serverguide/C/other-apps.xml:371(para)
10328
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
10329
msgstr ""
10330
10331
#: serverguide/C/other-apps.xml:372(para)
10332
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
10333
msgstr ""
10334
10335
#: serverguide/C/other-apps.xml:373(para)
10336
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
10337
msgstr ""
10338
10339
#: serverguide/C/other-apps.xml:374(para)
11472
#: serverguide/C/other-apps.xml:323(para)
10340
11473
msgid "<emphasis>/</emphasis> - Search forward"
10341
11474
msgstr ""
10342
11475
10343
#: serverguide/C/other-apps.xml:375(para)
11476
#: serverguide/C/other-apps.xml:324(para)
10344
11477
msgid "<emphasis>?</emphasis> - Search backward"
10345
11478
msgstr ""
10346
11479
10347
#: serverguide/C/other-apps.xml:376(para)
11480
#: serverguide/C/other-apps.xml:325(para)
10348
11481
msgid ""
10349
11482
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10350
11483
msgstr ""
10351
11484
10352
#: serverguide/C/other-apps.xml:385(para)
11485
#: serverguide/C/other-apps.xml:334(para)
10353
11486
msgid ""
10354
11487
"See the <ulink "
10355
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10356
"motd.1.html\">update-motd man page</ulink> for more options available to "
11488
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man1/update-motd.1.html\">"
11489
"update-motd man page</ulink> for more options available to "
10357
11490
"<application>update-motd</application>."
10358
11491
msgstr ""
10359
11492
10360
#: serverguide/C/other-apps.xml:391(para)
11493
#: serverguide/C/other-apps.xml:340(para)
10361
11494
msgid ""
10362
11495
"The Debian Package of the Day <ulink "
10363
11496
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10365
11498
"details about using the <application>weather</application>utility."
10366
11499
msgstr ""
10367
11500
10368
#: serverguide/C/other-apps.xml:398(para)
11501
#: serverguide/C/other-apps.xml:347(para)
10369
11502
msgid ""
10370
11503
"See the <ulink "
10371
11504
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
10372
11505
"more details on using <application>etckeeper</application>."
10373
11506
msgstr ""
10374
11507
10375
#: serverguide/C/other-apps.xml:404(para)
11508
#: serverguide/C/other-apps.xml:353(para)
11509
msgid ""
11510
"The <ulink url=\"https://help.ubuntu.com/community/etckeeper\">etckeeper "
11511
"Ubuntu Wiki</ulink> page."
11512
msgstr ""
11513
11514
#: serverguide/C/other-apps.xml:358(para)
10376
11515
msgid ""
10377
11516
"For the latest news and information about <application>bzr</application> see "
10378
11517
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
10379
11518
msgstr ""
10380
11519
10381
#: serverguide/C/other-apps.xml:409(para)
11520
#: serverguide/C/other-apps.xml:363(para)
10382
11521
msgid ""
10383
11522
"For more information on <application>screen</application> see the <ulink "
10384
11523
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
10385
11524
msgstr ""
10386
11525
10387
#: serverguide/C/other-apps.xml:414(para)
10388
msgid ""
10389
"Also, see the <application>screen-profiles</application><ulink "
10390
"url=\"https://launchpad.net/screen-profiles\">project page</ulink> for more "
11526
#: serverguide/C/other-apps.xml:368(para)
11527
msgid ""
11528
"And the <ulink url=\"https://help.ubuntu.com/community/Screen\">Ubuntu Wiki "
11529
"screen</ulink> page."
11530
msgstr ""
11531
11532
#: serverguide/C/other-apps.xml:373(para)
11533
msgid ""
11534
"Also, see the <application>byobu</application><ulink "
11535
"url=\"https://launchpad.net/byobu\">project page</ulink> for more "
10391
11536
"information."
10392
11537
msgstr ""
10393
11538
10394
#: serverguide/C/network-config.xml:13(title)
10395
msgid "Networking"
10396
msgstr ""
10397
10398
11539
#: serverguide/C/network-config.xml:14(para)
10399
11540
msgid ""
10400
11541
"Networks consist of two or more devices, such as computer systems, printers, "
10410
11551
"discussion of popular network protocols."
10411
11552
msgstr ""
10412
11553
10413
#: serverguide/C/network-config.xml:26(title)
11554
#: serverguide/C/network-config.xml:27(title)
10414
11555
msgid "Network Configuration"
10415
11556
msgstr ""
10416
11557
10417
#: serverguide/C/network-config.xml:27(para)
11558
#: serverguide/C/network-config.xml:28(para)
10418
11559
msgid ""
10419
11560
"Ubuntu ships with a number of graphical utilities to configure your network "
10420
11561
"devices. This document is geared toward server administrators and will focus "
10421
11562
"on managing your network on the command line."
10422
11563
msgstr ""
10423
11564
10424
#: serverguide/C/network-config.xml:33(title)
10425
msgid "Ethernet"
10426
msgstr ""
10427
10428
#: serverguide/C/network-config.xml:34(para)
10429
msgid ""
10430
"Most Ethernet configuration is centralized in a single file, "
10431
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10432
"devices, only the loopback interface will appear in this file, and it will "
10433
"look something like this:"
10434
msgstr ""
10435
10436
#: serverguide/C/network-config.xml:40(programlisting)
10437
#, no-wrap
10438
msgid ""
10439
"\n"
10440
"# This file describes the network interfaces available on your system\n"
10441
"# and how to activate them. For more information, see interfaces(5).\n"
10442
"\n"
10443
"# The loopback network interface\n"
10444
"auto lo\n"
10445
"iface lo inet loopback\n"
10446
"address 127.0.0.1\n"
10447
"netmask 255.0.0.0\n"
10448
msgstr ""
10449
10450
#: serverguide/C/network-config.xml:50(para)
10451
msgid ""
10452
"If you have only one Ethernet device, eth0, and it gets its configuration "
10453
"from a DHCP server, and it should come up automatically at boot, only two "
10454
"additional lines are required:"
10455
msgstr ""
10456
10457
#: serverguide/C/network-config.xml:55(programlisting)
11565
#: serverguide/C/network-config.xml:35(title)
11566
msgid "Ethernet Interfaces"
11567
msgstr ""
11568
11569
#: serverguide/C/network-config.xml:36(para)
11570
msgid ""
11571
"Ethernet interfaces are identified by the system using the naming convention "
11572
"of <emphasis role=\"italix\">ethX</emphasis>, where <emphasis "
11573
"role=\"italic\">X</emphasis> represents a numeric value. The first Ethernet "
11574
"interface is typically identified as <emphasis "
11575
"role=\"italic\">eth0</emphasis>, the second as <emphasis "
11576
"role=\"italic\">eth1</emphasis>, and all others should move up in numerical "
11577
"order."
11578
msgstr ""
11579
11580
#: serverguide/C/network-config.xml:46(title)
11581
msgid "Identify Ethernet Interfaces"
11582
msgstr ""
11583
11584
#: serverguide/C/network-config.xml:47(para)
11585
msgid ""
11586
"To quickly identify all available Ethernet interfaces, you can use the "
11587
"<application>ifconfig</application> command as shown below."
11588
msgstr ""
11589
11590
#: serverguide/C/network-config.xml:52(userinput)
11591
#, no-wrap
11592
msgid "ifconfig -a | grep eth"
11593
msgstr ""
11594
11595
#: serverguide/C/network-config.xml:51(screen)
11596
#, no-wrap
11597
msgid ""
11598
"\n"
11599
"<placeholder-1/>\n"
11600
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a\n"
11601
msgstr ""
11602
11603
#: serverguide/C/network-config.xml:55(para)
11604
msgid ""
11605
"Another application that can help identify all network interfaces available "
11606
"to your system is the <application>lshw</application> command. In the "
11607
"example below, <application>lshw</application> shows a single Ethernet "
11608
"interface with the logical name of <emphasis role=\"italic\">eth0</emphasis> "
11609
"along with bus information, driver details and all supported capabilities."
11610
msgstr ""
11611
11612
#: serverguide/C/network-config.xml:62(userinput)
11613
#, no-wrap
11614
msgid "sudo lshw -class network"
11615
msgstr ""
11616
11617
#: serverguide/C/network-config.xml:61(screen)
11618
#, no-wrap
11619
msgid ""
11620
"\n"
11621
"<placeholder-1/>\n"
11622
" *-network\n"
11623
" description: Ethernet interface\n"
11624
" product: BCM4401-B0 100Base-TX\n"
11625
" vendor: Broadcom Corporation\n"
11626
" physical id: 0\n"
11627
" bus info: pci@0000:03:00.0\n"
11628
" logical name: eth0\n"
11629
" version: 02\n"
11630
" serial: 00:15:c5:4a:16:5a\n"
11631
" size: 10MB/s\n"
11632
" capacity: 100MB/s\n"
11633
" width: 32 bits\n"
11634
" clock: 33MHz\n"
11635
" capabilities: (snipped for brevity)\n"
11636
" configuration: (snipped for brevity)\n"
11637
" resources: irq:17 memory:ef9fe000-ef9fffff\n"
11638
msgstr ""
11639
11640
#: serverguide/C/network-config.xml:83(title)
11641
msgid "Ethernet Interface Logical Names"
11642
msgstr ""
11643
11644
#: serverguide/C/network-config.xml:84(para)
11645
msgid ""
11646
"Interface logical names are configured in the file "
11647
"<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would "
11648
"like control which interface receives a particular logical name, find the "
11649
"line matching the interfaces physical MAC address and modify the value of "
11650
"<emphasis role=\"italic\">NAME=ethX</emphasis> to the desired logical name. "
11651
"Reboot the system to commit your changes."
11652
msgstr ""
11653
11654
#: serverguide/C/network-config.xml:92(programlisting)
11655
#, no-wrap
11656
msgid ""
11657
"\n"
11658
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11659
"ATTR{address}==\"00:15:c5:4a:16:5a\", ATTR{dev_id}==\"0x0\", "
11660
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth0\"\n"
11661
"SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", "
11662
"ATTR{address}==\"00:15:c5:4a:16:5b\", ATTR{dev_id}==\"0x0\", "
11663
"ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth1\"\n"
11664
msgstr ""
11665
11666
#: serverguide/C/network-config.xml:99(title)
11667
msgid "Ethernet Interface Settings"
11668
msgstr ""
11669
11670
#: serverguide/C/network-config.xml:100(para)
11671
msgid ""
11672
"<application>ethtool</application> is a program that displays and changes "
11673
"Ethernet card settings such as auto-negotiation, port speed, duplex mode, "
11674
"and Wake-on-LAN. It is not installed by default, but is available for "
11675
"installation in the repositories."
11676
msgstr ""
11677
11678
#: serverguide/C/network-config.xml:106(userinput)
11679
#, no-wrap
11680
msgid "sudo apt-get install ethtool"
11681
msgstr ""
11682
11683
#: serverguide/C/network-config.xml:108(para)
11684
msgid ""
11685
"The following is an example of how to view supported features and configured "
11686
"settings of an Ethernet interface."
11687
msgstr ""
11688
11689
#: serverguide/C/network-config.xml:113(userinput)
11690
#, no-wrap
11691
msgid "sudo ethtool eth0"
11692
msgstr ""
11693
11694
#: serverguide/C/network-config.xml:112(screen)
11695
#, no-wrap
11696
msgid ""
11697
"\n"
11698
"<placeholder-1/>\n"
11699
"Settings for eth0:\n"
11700
" Supported ports: [ TP ]\n"
11701
" Supported link modes: 10baseT/Half 10baseT/Full \n"
11702
" 100baseT/Half 100baseT/Full \n"
11703
" 1000baseT/Half 1000baseT/Full \n"
11704
" Supports auto-negotiation: Yes\n"
11705
" Advertised link modes: 10baseT/Half 10baseT/Full \n"
11706
" 100baseT/Half 100baseT/Full \n"
11707
" 1000baseT/Half 1000baseT/Full \n"
11708
" Advertised auto-negotiation: Yes\n"
11709
" Speed: 1000Mb/s\n"
11710
" Duplex: Full\n"
11711
" Port: Twisted Pair\n"
11712
" PHYAD: 1\n"
11713
" Transceiver: internal\n"
11714
" Auto-negotiation: on\n"
11715
" Supports Wake-on: g\n"
11716
" Wake-on: d\n"
11717
" Current message level: 0x000000ff (255)\n"
11718
" Link detected: yes\n"
11719
msgstr ""
11720
11721
#: serverguide/C/network-config.xml:135(para)
11722
msgid ""
11723
"Changes made with the <application>ethtool</application> command are "
11724
"temporary and will be lost after a reboot. If you would like to retain "
11725
"settings, simply add the desired <application>ethtool</application> command "
11726
"to a <emphasis role=\"italic\">pre-up</emphasis> statement in the interface "
11727
"configuration file <filename>/etc/network/interfaces</filename>."
11728
msgstr ""
11729
11730
#: serverguide/C/network-config.xml:141(para)
11731
msgid ""
11732
"The following is an example of how the interface identified as <emphasis "
11733
"role=\"italic\">eth0</emphasis> could be permanently configured with a port "
11734
"speed of 1000Mb/s running in full duplex mode."
11735
msgstr ""
11736
11737
#: serverguide/C/network-config.xml:145(programlisting)
11738
#, no-wrap
11739
msgid ""
11740
"\n"
11741
"auto eth0\n"
11742
"iface eth0 inet static\n"
11743
"pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full\n"
11744
msgstr ""
11745
11746
#: serverguide/C/network-config.xml:151(para)
11747
msgid ""
11748
"Although the example above shows the interface configured to use the "
11749
"<emphasis role=\"italic\">static</emphasis> method, it actually works with "
11750
"other methods as well, such as DHCP. The example is meant to demonstrate "
11751
"only proper placement of the <emphasis role=\"italic\">pre-up</emphasis> "
11752
"statement in relation to the rest of the interface configuration."
11753
msgstr ""
11754
11755
#: serverguide/C/network-config.xml:163(title)
11756
msgid "IP Addressing"
11757
msgstr ""
11758
11759
#: serverguide/C/network-config.xml:164(para)
11760
msgid ""
11761
"The following section describes the process of configuring your systems IP "
11762
"address and default gateway needed for communicating on a local area network "
11763
"and the Internet."
11764
msgstr ""
11765
11766
#: serverguide/C/network-config.xml:171(title)
11767
msgid "Temporary IP Address Assignment"
11768
msgstr ""
11769
11770
#: serverguide/C/network-config.xml:172(para)
11771
msgid ""
11772
"For temporary network configurations, you can use standard commands such as "
11773
"<application>ip</application>, <application>ifconfig</application> and "
11774
"<application>route</application>, which are also found on most other "
11775
"GNU/Linux operating systems. These commands allow you to configure settings "
11776
"which take effect immediately, however they are not persistent and will be "
11777
"lost after a reboot."
11778
msgstr ""
11779
11780
#: serverguide/C/network-config.xml:180(para)
11781
msgid ""
11782
"To temporarily configure an IP address, you can use the "
11783
"<application>ifconfig</application> command in the following manner. Just "
11784
"modify the IP address and subnet mask to match your network requirements."
11785
msgstr ""
11786
11787
#: serverguide/C/network-config.xml:186(userinput)
11788
#, no-wrap
11789
msgid "sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0"
11790
msgstr ""
11791
11792
#: serverguide/C/network-config.xml:188(para)
11793
msgid ""
11794
"To verify the IP address configuration of <application>eth0</application>, "
11795
"you can use the <application>ifconfig</application> command in the following "
11796
"manner."
11797
msgstr ""
11798
11799
#: serverguide/C/network-config.xml:193(userinput)
11800
#, no-wrap
11801
msgid "ifconfig eth0"
11802
msgstr ""
11803
11804
#: serverguide/C/network-config.xml:192(screen)
11805
#, no-wrap
11806
msgid ""
11807
"\n"
11808
"<placeholder-1/>\n"
11809
"eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a \n"
11810
" inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0\n"
11811
" inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link\n"
11812
" UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n"
11813
" RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0\n"
11814
" TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0\n"
11815
" collisions:0 txqueuelen:1000 \n"
11816
" RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)\n"
11817
" Interrupt:16 \n"
11818
msgstr ""
11819
11820
#: serverguide/C/network-config.xml:204(para)
11821
msgid ""
11822
"To configure a default gateway, you can use the "
11823
"<application>route</application> command in the following manner. Modify the "
11824
"default gateway address to match your network requirements."
11825
msgstr ""
11826
11827
#: serverguide/C/network-config.xml:210(userinput)
11828
#, no-wrap
11829
msgid "sudo route add default gw 10.0.0.1 eth0"
11830
msgstr ""
11831
11832
#: serverguide/C/network-config.xml:212(para)
11833
msgid ""
11834
"To verify your default gateway configuration, you can use the "
11835
"<application>route</application> command in the following manner."
11836
msgstr ""
11837
11838
#: serverguide/C/network-config.xml:217(userinput)
11839
#, no-wrap
11840
msgid "route -n"
11841
msgstr ""
11842
11843
#: serverguide/C/network-config.xml:216(screen)
11844
#, no-wrap
11845
msgid ""
11846
"\n"
11847
"<placeholder-1/>\n"
11848
"Kernel IP routing table\n"
11849
"Destination Gateway Genmask Flags Metric Ref Use "
11850
"Iface\n"
11851
"10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 "
11852
"eth0\n"
11853
"0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 "
11854
"eth0\n"
11855
msgstr ""
11856
11857
#: serverguide/C/network-config.xml:223(para)
11858
msgid ""
11859
"If you require DNS for your temporary network configuration, you can add DNS "
11860
"server IP addresses in the file <filename>/etc/resolv.conf</filename>. The "
11861
"example below shows how to enter two DNS servers to "
11862
"<filename>/etc/resolv.conf</filename>, which should be changed to servers "
11863
"appropriate for your network. A more lengthy description of DNS client "
11864
"configuration is in a following section."
11865
msgstr ""
11866
11867
#: serverguide/C/network-config.xml:230(programlisting)
11868
#, no-wrap
11869
msgid ""
11870
"\n"
11871
"nameserver 8.8.8.8\n"
11872
"nameserver 8.8.4.4\n"
11873
msgstr ""
11874
11875
#: serverguide/C/network-config.xml:234(para)
11876
msgid ""
11877
"If you no longer need this configuration and wish to purge all IP "
11878
"configuration from an interface, you can use the "
11879
"<application>ip</application> command with the flush option as shown below."
11880
msgstr ""
11881
11882
#: serverguide/C/network-config.xml:240(userinput)
11883
#, no-wrap
11884
msgid "ip addr flush eth0"
11885
msgstr ""
11886
11887
#: serverguide/C/network-config.xml:243(para)
11888
msgid ""
11889
"Flushing the IP configuration using the <application>ip</application> "
11890
"command does not clear the contents of "
11891
"<filename>/etc/resolv.conf</filename>. You must remove or modify those "
11892
"entries manually."
11893
msgstr ""
11894
11895
#: serverguide/C/network-config.xml:251(title)
11896
msgid "Dynamic IP Address Assignment (DHCP Client)"
11897
msgstr ""
11898
11899
#: serverguide/C/network-config.xml:252(para)
11900
msgid ""
11901
"To configure your server to use DHCP for dynamic address assignment, add the "
11902
"<emphasis role=\"italic\">dhcp</emphasis> method to the inet address family "
11903
"statement for the appropriate interface in the file "
11904
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11905
"are configuring your first Ethernet interface identified as <emphasis "
11906
"role=\"italic\">eth0</emphasis>."
11907
msgstr ""
11908
11909
#: serverguide/C/network-config.xml:259(programlisting)
10458
11910
#, no-wrap
10459
11911
msgid ""
10460
11912
"\n"
10462
11914
"iface eth0 inet dhcp\n"
10463
11915
msgstr ""
10464
11916
10465
#: serverguide/C/network-config.xml:59(para)
10466
msgid ""
10467
"The first line specifies that the eth0 device should come up automatically "
10468
"when you boot. The second line means that interface (<quote>iface</quote>) "
10469
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10470
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10471
"configuration automatically from DHCP. Assuming your network and DHCP server "
10472
"are properly configured, this machine's network should need no further "
10473
"configuration to operate properly. The DHCP server will provide the default "
10474
"gateway (implemented via the <application>route</application> command), the "
10475
"device's IP address (implemented via the <application>ifconfig</application> "
10476
"command), and DNS servers used on the network (implemented in the "
10477
"<filename>/etc/resolv.conf</filename> file.)"
10478
msgstr ""
10479
10480
#: serverguide/C/network-config.xml:72(para)
10481
msgid ""
10482
"To configure your Ethernet device with a static IP address and custom "
10483
"configuration, some more information will be required. Suppose you want to "
10484
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10485
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10486
"You would enter something like this into "
10487
"<filename>/etc/network/interfaces</filename>:"
10488
msgstr ""
10489
10490
#: serverguide/C/network-config.xml:79(programlisting)
10491
#, no-wrap
10492
msgid ""
10493
"\n"
10494
"iface eth1 inet static\n"
10495
"\taddress 192.168.0.2\n"
10496
"\tnetmask 255.255.255.0\n"
10497
"\tgateway 192.168.0.1\n"
10498
msgstr ""
10499
10500
#: serverguide/C/network-config.xml:85(para)
10501
msgid ""
10502
"In this case, you will need to specify your DNS servers manually in "
10503
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10504
msgstr ""
10505
10506
#: serverguide/C/network-config.xml:89(programlisting)
10507
#, no-wrap
10508
msgid ""
10509
"\n"
10510
"search mydomain.example\n"
10511
"nameserver 192.168.0.1\n"
10512
"nameserver 4.2.2.2\n"
10513
msgstr ""
10514
10515
#: serverguide/C/network-config.xml:94(para)
10516
msgid ""
10517
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10518
"mydomain.example to hostname queries in an attempt to resolve names to your "
10519
"network. For example, if your network's domain is mydomain.example and you "
10520
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10521
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10522
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10523
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10524
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10525
"and secondary DNS servers to use, and enter them into "
10526
"<filename>/etc/resolv.conf</filename> as shown above."
10527
msgstr ""
10528
10529
#: serverguide/C/network-config.xml:106(para)
10530
msgid ""
10531
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10532
"networking, VPN devices, etc. Refer to <application>man 5 "
10533
"interfaces</application> for more information and supported options. "
10534
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10535
"<application>ifup</application>/<application>ifdown</application> scripts as "
10536
"a higher level configuration scheme than may be used in some other Linux "
10537
"distributions, and that the traditional, lower level utilities such as "
10538
"<application>ifconfig</application>, <application>route</application>, and "
10539
"<application>dhclient</application> are still available to you for ad hoc "
10540
"configurations."
10541
msgstr ""
10542
10543
#: serverguide/C/network-config.xml:120(title)
10544
msgid "Managing DNS Entries"
10545
msgstr ""
10546
10547
#: serverguide/C/network-config.xml:121(para)
10548
msgid ""
10549
"This section explains how to configure which nameserver to use when "
10550
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10551
"to configure the system as a name server."
10552
msgstr ""
10553
10554
#: serverguide/C/network-config.xml:126(para)
10555
msgid ""
10556
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10557
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10558
msgstr ""
10559
10560
#: serverguide/C/network-config.xml:130(programlisting)
10561
#, no-wrap
10562
msgid ""
10563
"\n"
10564
"search com\n"
10565
"nameserver 204.11.126.131\n"
10566
"nameserver 64.125.134.133\n"
10567
"nameserver 64.125.134.132\n"
10568
"nameserver 208.185.179.218\n"
10569
msgstr ""
10570
10571
#: serverguide/C/network-config.xml:138(para)
10572
msgid ""
10573
"The <application>search</application> key specifies the string which will be "
10574
"appended to an incomplete hostname. Here, we have configured it to "
10575
"<application>com</application>. So, when we run: <command>ping "
10576
"ubuntu</command> it would be interpreted as <command>ping "
10577
"ubuntu.com</command>."
10578
msgstr ""
10579
10580
#: serverguide/C/network-config.xml:146(para)
10581
msgid ""
10582
"The <application>nameserver</application> key specifies the nameserver IP "
10583
"address. It will be used to resolve a given IP address or hostname. This "
10584
"file can have multiple nameserver entries. The nameservers will be used by "
10585
"the network query in the same order."
10586
msgstr ""
10587
10588
#: serverguide/C/network-config.xml:155(para)
10589
msgid ""
10590
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10591
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10592
"will be overwritten."
10593
msgstr ""
10594
10595
#: serverguide/C/network-config.xml:164(title)
10596
msgid "Managing Hosts"
10597
msgstr ""
10598
10599
#: serverguide/C/network-config.xml:165(para)
10600
msgid ""
10601
"To manage hosts, you can add, edit, or remove hosts from "
10602
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10603
"their corresponding hostnames. When your system tries to resolve a hostname "
10604
"to an IP address or determine the hostname for an IP address, it refers to "
10605
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10606
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10607
"name servers are not used. This behavior can be modified by editing "
10608
"<filename>/etc/nsswitch.conf</filename> at your peril."
10609
msgstr ""
10610
10611
#: serverguide/C/network-config.xml:178(para)
10612
msgid ""
10613
"If your network contains computers whose IP addresses are not listed in DNS, "
10614
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10615
"file."
10616
msgstr ""
10617
10618
#: serverguide/C/network-config.xml:186(title)
11917
#: serverguide/C/network-config.xml:263(para)
11918
msgid ""
11919
"By adding an interface configuration as shown above, you can manually enable "
11920
"the interface through the <application>ifup</application> command which "
11921
"initiates the DHCP process via <application>dhclient</application>."
11922
msgstr ""
11923
11924
#: serverguide/C/network-config.xml:269(userinput) serverguide/C/network-config.xml:304(userinput)
11925
#, no-wrap
11926
msgid "sudo ifup eth0"
11927
msgstr ""
11928
11929
#: serverguide/C/network-config.xml:271(para)
11930
msgid ""
11931
"To manually disable the interface, you can use the "
11932
"<application>ifdown</application> command, which in turn will initiate the "
11933
"DHCP release process and shut down the interface."
11934
msgstr ""
11935
11936
#: serverguide/C/network-config.xml:277(userinput) serverguide/C/network-config.xml:311(userinput)
11937
#, no-wrap
11938
msgid "sudo ifdown eth0"
11939
msgstr ""
11940
11941
#: serverguide/C/network-config.xml:282(title)
11942
msgid "Static IP Address Assignment"
11943
msgstr ""
11944
11945
#: serverguide/C/network-config.xml:283(para)
11946
msgid ""
11947
"To configure your system to use a static IP address assignment, add the "
11948
"<emphasis role=\"italic\">static</emphasis> method to the inet address "
11949
"family statement for the appropriate interface in the file "
11950
"<filename>/etc/network/interfaces</filename>. The example below assumes you "
11951
"are configuring your first Ethernet interface identified as <emphasis "
11952
"role=\"italic\">eth0</emphasis>. Change the <emphasis "
11953
"role=\"italic\">address</emphasis>, <emphasis "
11954
"role=\"italic\">netmask</emphasis>, and <emphasis "
11955
"role=\"italic\">gateway</emphasis> values to meet the requirements of your "
11956
"network."
11957
msgstr ""
11958
11959
#: serverguide/C/network-config.xml:292(programlisting)
11960
#, no-wrap
11961
msgid ""
11962
"\n"
11963
"auto eth0\n"
11964
"iface eth0 inet static\n"
11965
"address 10.0.0.100\n"
11966
"netmask 255.255.255.0\n"
11967
"gateway 10.0.0.1\n"
11968
msgstr ""
11969
11970
#: serverguide/C/network-config.xml:299(para)
11971
msgid ""
11972
"By adding an interface configuration as shown above, you can manually enable "
11973
"the interface through the <application>ifup</application> command."
11974
msgstr ""
11975
11976
#: serverguide/C/network-config.xml:306(para)
11977
msgid ""
11978
"To manually disable the interface, you can use the "
11979
"<application>ifdown</application> command."
11980
msgstr ""
11981
11982
#: serverguide/C/network-config.xml:316(title)
11983
msgid "Loopback Interface"
11984
msgstr ""
11985
11986
#: serverguide/C/network-config.xml:317(para)
11987
msgid ""
11988
"The loopback interface is identified by the system as <emphasis "
11989
"role=\"italic\">lo</emphasis> and has a default IP address of 127.0.0.1. It "
11990
"can be viewed using the ifconfig command."
11991
msgstr ""
11992
11993
#: serverguide/C/network-config.xml:322(userinput)
11994
#, no-wrap
11995
msgid "ifconfig lo"
11996
msgstr ""
11997
11998
#: serverguide/C/network-config.xml:321(screen)
11999
#, no-wrap
12000
msgid ""
12001
"\n"
12002
"<placeholder-1/>\n"
12003
"lo Link encap:Local Loopback \n"
12004
" inet addr:127.0.0.1 Mask:255.0.0.0\n"
12005
" inet6 addr: ::1/128 Scope:Host\n"
12006
" UP LOOPBACK RUNNING MTU:16436 Metric:1\n"
12007
" RX packets:2718 errors:0 dropped:0 overruns:0 frame:0\n"
12008
" TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0\n"
12009
" collisions:0 txqueuelen:0 \n"
12010
" RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)\n"
12011
msgstr ""
12012
12013
#: serverguide/C/network-config.xml:332(para)
12014
msgid ""
12015
"By default, there should be two lines in "
12016
"<filename>/etc/network/interfaces</filename> responsible for automatically "
12017
"configuring your loopback interface. It is recommended that you keep the "
12018
"default settings unless you have a specific purpose for changing them. An "
12019
"example of the two default lines are shown below."
12020
msgstr ""
12021
12022
#: serverguide/C/network-config.xml:338(programlisting)
12023
#, no-wrap
12024
msgid ""
12025
"\n"
12026
"auto lo\n"
12027
"iface lo inet loopback\n"
12028
msgstr ""
12029
12030
#: serverguide/C/network-config.xml:347(title)
12031
msgid "Name Resolution"
12032
msgstr ""
12033
12034
#: serverguide/C/network-config.xml:348(para)
12035
msgid ""
12036
"Name resolution as it relates to IP networking is the process of mapping IP "
12037
"addresses to hostnames, making it easier to identify resources on a network. "
12038
"The following section will explain how to properly configure your system for "
12039
"name resolution using DNS and static hostname records."
12040
msgstr ""
12041
12042
#: serverguide/C/network-config.xml:356(title)
12043
msgid "DNS Client Configuration"
12044
msgstr ""
12045
12046
#: serverguide/C/network-config.xml:357(para)
12047
msgid ""
12048
"To configure your system to use DNS for name resolution, add the IP "
12049
"addresses of the DNS servers that are appropriate for your network in the "
12050
"file <filename>/etc/resolv.conf</filename>. You can also add an optional DNS "
12051
"suffix search-lists to match your network domain names."
12052
msgstr ""
12053
12054
#: serverguide/C/network-config.xml:362(para)
12055
msgid ""
12056
"Below is an example of a typical configuration of "
12057
"<filename>/etc/resolv.conf</filename> for a server on the domain \"<emphasis "
12058
"role=\"italic\">example.com</emphasis>\" and using two public DNS servers."
12059
msgstr ""
12060
12061
#: serverguide/C/network-config.xml:367(programlisting)
12062
#, no-wrap
12063
msgid ""
12064
"\n"
12065
"search example.com\n"
12066
"nameserver 8.8.8.8\n"
12067
"nameserver 8.8.4.4\n"
12068
msgstr ""
12069
12070
#: serverguide/C/network-config.xml:372(para)
12071
msgid ""
12072
"The <emphasis role=\"italic\">search</emphasis> option can also be used with "
12073
"multiple domain names so that DNS queries will be appended in the order in "
12074
"which they are entered. For example, your network may have multiple sub-"
12075
"domains to search; a parent domain of <emphasis "
12076
"role=\"italic\">example.com</emphasis>, and two sub-domains, <emphasis "
12077
"role=\"italic\">sales.example.com</emphasis> and <emphasis "
12078
"role=\"italic\">dev.example.com</emphasis>."
12079
msgstr ""
12080
12081
#: serverguide/C/network-config.xml:380(para)
12082
msgid ""
12083
"If you have multiple domains you wish to search, your configuration might "
12084
"look like the following."
12085
msgstr ""
12086
12087
#: serverguide/C/network-config.xml:383(programlisting)
12088
#, no-wrap
12089
msgid ""
12090
"\n"
12091
"search example.com sales.example.com dev.example.com\n"
12092
"nameserver 8.8.8.8\n"
12093
"nameserver 8.8.4.4\n"
12094
msgstr ""
12095
12096
#: serverguide/C/network-config.xml:388(para)
12097
msgid ""
12098
"If you try to ping a host with the name of <emphasis "
12099
"role=\"italic\">server1</emphasis>, your system will automatically query DNS "
12100
"for its Fully Qualified Domain Name (FQDN) in the following order:"
12101
msgstr ""
12102
12103
#: serverguide/C/network-config.xml:394(para)
12104
msgid "server1<emphasis role=\"bold\">.example.com</emphasis>"
12105
msgstr ""
12106
12107
#: serverguide/C/network-config.xml:399(para)
12108
msgid "server1<emphasis role=\"bold\">.sales.example.com</emphasis>"
12109
msgstr ""
12110
12111
#: serverguide/C/network-config.xml:404(para)
12112
msgid "server1<emphasis role=\"bold\">.dev.example.com</emphasis>"
12113
msgstr ""
12114
12115
#: serverguide/C/network-config.xml:409(para)
12116
msgid ""
12117
"If no matches are found, the DNS server will provide a result of <emphasis "
12118
"role=\"italic\">notfound</emphasis> and the DNS query will fail."
12119
msgstr ""
12120
12121
#: serverguide/C/network-config.xml:416(title)
12122
msgid "Static Hostnames"
12123
msgstr ""
12124
12125
#: serverguide/C/network-config.xml:417(para)
12126
msgid ""
12127
"Static hostnames are locally defined hostname-to-IP mappings located in the "
12128
"file <filename>/etc/hosts</filename>. Entries in the "
12129
"<filename>hosts</filename> file will have precedence over DNS by default. "
12130
"This means that if your system tries to resolve a hostname and it matches an "
12131
"entry in /etc/hosts, it will not attempt to look up the record in DNS. In "
12132
"some configurations, especially when Internet access is not required, "
12133
"servers that communicate with a limited number of resources can be "
12134
"conveniently set to use static hostnames instead of DNS."
12135
msgstr ""
12136
12137
#: serverguide/C/network-config.xml:424(para)
12138
msgid ""
12139
"The following is an example of a <filename>hosts</filename> file where a "
12140
"number of local servers have been identified by simple hostnames, aliases "
12141
"and their equivalent Fully Qualified Domain Names (FQDN's)."
12142
msgstr ""
12143
12144
#: serverguide/C/network-config.xml:428(programlisting)
12145
#, no-wrap
12146
msgid ""
12147
"\n"
12148
"127.0.0.1\tlocalhost\n"
12149
"127.0.1.1\tubuntu-server\n"
12150
"10.0.0.11\tserver1 vpn server1.example.com\n"
12151
"10.0.0.12\tserver2 mail server2.example.com\n"
12152
"10.0.0.13\tserver3 www server3.example.com\n"
12153
"10.0.0.14\tserver4 file server4.example.com\n"
12154
msgstr ""
12155
12156
#: serverguide/C/network-config.xml:437(para)
12157
msgid ""
12158
"In the above example, notice that each of the servers have been given "
12159
"aliases in addition to their proper names and FQDN's. <emphasis "
12160
"role=\"italic\">Server1</emphasis> has been mapped to the name <emphasis "
12161
"role=\"italic\">vpn</emphasis>, <emphasis role=\"italic\">server2</emphasis> "
12162
"is referred to as <emphasis role=\"italic\">mail</emphasis>, <emphasis "
12163
"role=\"italic\">server3</emphasis> as <emphasis "
12164
"role=\"italic\">www</emphasis>, and <emphasis "
12165
"role=\"italic\">server4</emphasis> as <emphasis "
12166
"role=\"italic\">file</emphasis>."
12167
msgstr ""
12168
12169
#: serverguide/C/network-config.xml:449(title)
12170
msgid "Name Service Switch Configuration"
12171
msgstr ""
12172
12173
#: serverguide/C/network-config.xml:450(para)
12174
msgid ""
12175
"The order in which your system selects a method of resolving hostnames to IP "
12176
"addresses is controlled by the Name Service Switch (NSS) configuration file "
12177
"<filename>/etc/nsswitch.conf</filename>. As mentioned in the previous "
12178
"section, typically static hostnames defined in the systems "
12179
"<filename>/etc/hosts</filename> file have precedence over names resolved "
12180
"from DNS. The following is an example of the line responsible for this order "
12181
"of hostname lookups in the file <filename>/etc/nsswitch.conf</filename>."
12182
msgstr ""
12183
12184
#: serverguide/C/network-config.xml:458(programlisting)
12185
#, no-wrap
12186
msgid ""
12187
"\n"
12188
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
12189
msgstr ""
12190
12191
#: serverguide/C/network-config.xml:464(para)
12192
msgid ""
12193
"<emphasis role=\"bold\">files</emphasis> first tries to resolve static "
12194
"hostnames located in <filename>/etc/hosts</filename>."
12195
msgstr ""
12196
12197
#: serverguide/C/network-config.xml:470(para)
12198
msgid ""
12199
"<emphasis role=\"bold\">mdns4_minimal</emphasis> attempts to resolve the "
12200
"name using Multicast DNS."
12201
msgstr ""
12202
12203
#: serverguide/C/network-config.xml:475(para)
12204
msgid ""
12205
"<emphasis role=\"bold\">[NOTFOUND=return]</emphasis> means that any response "
12206
"of <emphasis role=\"italic\">notfound</emphasis> by the preceeding <emphasis "
12207
"role=\"italic\">mdns4_minimal</emphasis> process should be treated as "
12208
"authoritative and that the system should not try to continue hunting for an "
12209
"answer."
12210
msgstr ""
12211
12212
#: serverguide/C/network-config.xml:483(para)
12213
msgid ""
12214
"<emphasis role=\"bold\">dns</emphasis> represents a legacy unicast DNS query."
12215
msgstr ""
12216
12217
#: serverguide/C/network-config.xml:488(para)
12218
msgid ""
12219
"<emphasis role=\"bold\">mdns4</emphasis> represents a Multicast DNS query."
12220
msgstr ""
12221
12222
#: serverguide/C/network-config.xml:494(para)
12223
msgid ""
12224
"To modify the order of the above mentioned name resolution methods, you can "
12225
"simply change the <emphasis role=\"italic\">hosts:</emphasis> string to the "
12226
"value of your choosing. For example, if you prefer to use legacy Unicast DNS "
12227
"versus Multicast DNS, you can change the string in "
12228
"<filename>/etc/nsswitch.conf</filename> as shown below."
12229
msgstr ""
12230
12231
#: serverguide/C/network-config.xml:501(programlisting)
12232
#, no-wrap
12233
msgid ""
12234
"\n"
12235
"hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4\n"
12236
msgstr ""
12237
12238
#: serverguide/C/network-config.xml:508(title)
10619
12239
msgid "Bridging"
10620
12240
msgstr ""
10621
12241
10622
#: serverguide/C/network-config.xml:188(para)
12242
#: serverguide/C/network-config.xml:510(para)
10623
12243
msgid ""
10624
12244
"Bridging multiple interfaces is a more advanced configuration, but is very "
10625
12245
"useful in multiple scenarios. One scenario is setting up a bridge with "
10629
12249
"The following example covers the latter scenario."
10630
12250
msgstr ""
10631
12251
10632
#: serverguide/C/network-config.xml:195(para)
12252
#: serverguide/C/network-config.xml:517(para)
10633
12253
msgid ""
10634
12254
"Before configuring a bridge you will need to install the <application>bridge-"
10635
12255
"utils</application> package. To install the package, in a terminal enter:"
10636
12256
msgstr ""
10637
12257
10638
#: serverguide/C/network-config.xml:201(command)
12258
#: serverguide/C/network-config.xml:523(command)
10639
12259
msgid "sudo apt-get install bridge-utils"
10640
12260
msgstr ""
10641
12261
10642
#: serverguide/C/network-config.xml:204(para)
12262
#: serverguide/C/network-config.xml:526(para)
10643
12263
msgid ""
10644
12264
"Next, configure the bridge by editing "
10645
12265
"<filename>/etc/network/interfaces</filename>:"
10646
12266
msgstr ""
10647
12267
10648
#: serverguide/C/network-config.xml:208(programlisting)
12268
#: serverguide/C/network-config.xml:530(programlisting)
10649
12269
#, no-wrap
10650
12270
msgid ""
10651
12271
"\n"
10666
12286
" bridge_stp off\n"
10667
12287
msgstr ""
10668
12288
10669
#: serverguide/C/network-config.xml:227(para)
12289
#: serverguide/C/network-config.xml:549(para)
10670
12290
msgid "Enter the appropriate values for your physical interface and network."
10671
12291
msgstr ""
10672
12292
10673
#: serverguide/C/network-config.xml:232(para)
12293
#: serverguide/C/network-config.xml:554(para)
10674
12294
msgid "Now restart networking to enable the bridge interface:"
10675
12295
msgstr ""
10676
12296
10677
#: serverguide/C/network-config.xml:239(para)
12297
#: serverguide/C/network-config.xml:561(para)
10678
12298
msgid ""
10679
12299
"The new bridge interface should now be up and running. The "
10680
12300
"<application>brctl</application> provides useful information about the state "
10682
12302
"<command>man brctl</command> for more information."
10683
12303
msgstr ""
10684
12304
10685
#: serverguide/C/network-config.xml:255(para)
12305
#: serverguide/C/network-config.xml:577(para)
12306
msgid ""
12307
"The <ulink url=\"https://help.ubuntu.com/community/Network\">Ubuntu Wiki "
12308
"Network page</ulink> has links to articles covering more advanced network "
12309
"configuration."
12310
msgstr ""
12311
12312
#: serverguide/C/network-config.xml:583(para)
10686
12313
msgid ""
10687
12314
"The <ulink "
10688
"url=\"http://manpages.ubuntu.com/manpages/karmic/en/man5/interfaces.5.html\">"
10689
"interfaces man page</ulink> has details on more options for "
12315
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">i"
12316
"nterfaces man page</ulink> has details on more options for "
10690
12317
"<filename>/etc/network/interfaces</filename>."
10691
12318
msgstr ""
10692
12319
10693
#: serverguide/C/network-config.xml:261(para)
12320
#: serverguide/C/network-config.xml:589(para)
12321
msgid ""
12322
"The <ulink "
12323
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/dhclient.8.html\">dhc"
12324
"lient man page</ulink> has details on more options for configuring DHCP "
12325
"client settings."
12326
msgstr ""
12327
12328
#: serverguide/C/network-config.xml:595(para)
10694
12329
msgid ""
10695
12330
"For more information on DNS client configuration see the <ulink "
10696
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/resolver.5.html\">re"
10697
"solver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
12331
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/resolver.5.html\">res"
12332
"olver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
10698
12333
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
10699
12334
"Administrator's Guide</ulink> is a good source of resolver and name service "
10700
12335
"configuration information."
10701
12336
msgstr ""
10702
12337
10703
#: serverguide/C/network-config.xml:269(para)
12338
#: serverguide/C/network-config.xml:603(para)
10704
12339
msgid ""
10705
12340
"For more information on <emphasis>bridging</emphasis> see the <ulink "
10706
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/brctl.8.html\">brctl"
10707
" man page</ulink> and the Linux Foundation's <ulink "
12341
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/brctl.8.html\">brctl "
12342
"man page</ulink> and the Linux Foundation's <ulink "
10708
12343
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
10709
12344
msgstr ""
10710
12345
10711
#: serverguide/C/network-config.xml:280(title)
12346
#: serverguide/C/network-config.xml:614(title)
10712
12347
msgid "TCP/IP"
10713
12348
msgstr ""
10714
12349
10715
#: serverguide/C/network-config.xml:281(para)
12350
#: serverguide/C/network-config.xml:615(para)
10716
12351
msgid ""
10717
12352
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
10718
12353
"standard set of protocols developed in the late 1970s by the Defense "
10722
12357
"network protocols on Earth."
10723
12358
msgstr ""
10724
12359
10725
#: serverguide/C/network-config.xml:289(title)
12360
#: serverguide/C/network-config.xml:623(title)
10726
12361
msgid "TCP/IP Introduction"
10727
12362
msgstr ""
10728
12363
10729
#: serverguide/C/network-config.xml:290(para)
12364
#: serverguide/C/network-config.xml:624(para)
10730
12365
msgid ""
10731
12366
"The two protocol components of TCP/IP deal with different aspects of "
10732
12367
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
10741
12376
"host."
10742
12377
msgstr ""
10743
12378
10744
#: serverguide/C/network-config.xml:303(title)
12379
#: serverguide/C/network-config.xml:637(title)
10745
12380
msgid "TCP/IP Configuration"
10746
12381
msgstr ""
10747
12382
10748
#: serverguide/C/network-config.xml:304(para)
12383
#: serverguide/C/network-config.xml:638(para)
10749
12384
msgid ""
10750
12385
"The TCP/IP protocol configuration consists of several elements which must be "
10751
12386
"set by editing the appropriate configuration files, or deploying solutions "
10756
12391
"system."
10757
12392
msgstr ""
10758
12393
10759
#: serverguide/C/network-config.xml:316(para)
12394
#: serverguide/C/network-config.xml:650(para)
10760
12395
msgid ""
10761
12396
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
10762
12397
"identifying string expressed as four decimal numbers ranging from zero (0) "
10766
12401
"<emphasis>dotted quad notation</emphasis>."
10767
12402
msgstr ""
10768
12403
10769
#: serverguide/C/network-config.xml:326(para)
12404
#: serverguide/C/network-config.xml:660(para)
10770
12405
msgid ""
10771
12406
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
10772
12407
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
10777
12412
"remain available for specifying hosts on the subnetwork."
10778
12413
msgstr ""
10779
12414
10780
#: serverguide/C/network-config.xml:337(para)
12415
#: serverguide/C/network-config.xml:671(para)
10781
12416
msgid ""
10782
12417
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
10783
12418
"represents the bytes comprising the network portion of an IP address. For "
10790
12425
"network and a zero (0) for all the possible hosts on the network."
10791
12426
msgstr ""
10792
12427
10793
#: serverguide/C/network-config.xml:350(para)
12428
#: serverguide/C/network-config.xml:684(para)
10794
12429
msgid ""
10795
12430
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
10796
12431
"is an IP address which allows network data to be sent simultaneously to all "
10804
12439
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
10805
12440
msgstr ""
10806
12441
10807
#: serverguide/C/network-config.xml:363(para)
12442
#: serverguide/C/network-config.xml:697(para)
10808
12443
msgid ""
10809
12444
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
10810
12445
"IP address through which a particular network, or host on a network, may be "
10817
12452
"not be able to reach any hosts beyond those on the same network."
10818
12453
msgstr ""
10819
12454
10820
#: serverguide/C/network-config.xml:374(para)
12455
#: serverguide/C/network-config.xml:708(para)
10821
12456
msgid ""
10822
12457
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
10823
12458
"represent the IP addresses of Domain Name Service (DNS) systems, which "
10833
12468
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
10834
12469
msgstr ""
10835
12470
10836
#: serverguide/C/network-config.xml:388(para)
12471
#: serverguide/C/network-config.xml:722(para)
10837
12472
msgid ""
10838
12473
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
10839
12474
"Address are typically specified via the appropriate directives in the file "
10845
12480
"typed at a terminal prompt:"
10846
12481
msgstr ""
10847
12482
10848
#: serverguide/C/network-config.xml:395(para)
12483
#: serverguide/C/network-config.xml:729(para)
10849
12484
msgid ""
10850
12485
"Access the system manual page for <filename>interfaces</filename> with the "
10851
12486
"following command:"
10852
12487
msgstr ""
10853
12488
10854
#: serverguide/C/network-config.xml:400(command)
12489
#: serverguide/C/network-config.xml:734(command)
10855
12490
msgid "man interfaces"
10856
12491
msgstr ""
10857
12492
10858
#: serverguide/C/network-config.xml:403(para)
12493
#: serverguide/C/network-config.xml:737(para)
10859
12494
msgid ""
10860
12495
"Access the system manual page for <filename>resolv.conf</filename> with the "
10861
12496
"following command:"
10862
12497
msgstr ""
10863
12498
10864
#: serverguide/C/network-config.xml:407(command)
12499
#: serverguide/C/network-config.xml:741(command)
10865
12500
msgid "man resolv.conf"
10866
12501
msgstr ""
10867
12502
10868
#: serverguide/C/network-config.xml:312(para)
12503
#: serverguide/C/network-config.xml:646(para)
10869
12504
msgid ""
10870
12505
"The common configuration elements of TCP/IP and their purposes are as "
10871
12506
"follows: <placeholder-1/>"
10872
12507
msgstr ""
10873
12508
10874
#: serverguide/C/network-config.xml:414(title)
12509
#: serverguide/C/network-config.xml:748(title)
10875
12510
msgid "IP Routing"
10876
12511
msgstr ""
10877
12512
10878
#: serverguide/C/network-config.xml:415(para)
12513
#: serverguide/C/network-config.xml:749(para)
10879
12514
msgid ""
10880
12515
"IP routing is a means of specifying and discovering paths in a TCP/IP "
10881
12516
"network along which network data may be sent. Routing uses a set of "
10886
12521
"<emphasis>Dynamic Routing.</emphasis>"
10887
12522
msgstr ""
10888
12523
10889
#: serverguide/C/network-config.xml:424(para)
12524
#: serverguide/C/network-config.xml:758(para)
10890
12525
msgid ""
10891
12526
"Static routing involves manually adding IP routes to the system's routing "
10892
12527
"table, and this is usually done by manipulating the routing table with the "
10901
12536
"and failures along the route due to the fixed nature of the route."
10902
12537
msgstr ""
10903
12538
10904
#: serverguide/C/network-config.xml:434(para)
12539
#: serverguide/C/network-config.xml:768(para)
10905
12540
msgid ""
10906
12541
"Dynamic routing depends on large networks with multiple possible IP routes "
10907
12542
"from a source to a destination and makes use of special routing protocols, "
10918
12553
"immediately benefit the end users, but still consumes network bandwidth."
10919
12554
msgstr ""
10920
12555
10921
#: serverguide/C/network-config.xml:448(title)
12556
#: serverguide/C/network-config.xml:782(title)
10922
12557
msgid "TCP and UDP"
10923
12558
msgstr ""
10924
12559
10925
#: serverguide/C/network-config.xml:449(para)
12560
#: serverguide/C/network-config.xml:783(para)
10926
12561
msgid ""
10927
12562
"TCP is a connection-based protocol, offering error correction and guaranteed "
10928
12563
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
10933
12568
"important information such as database transactions."
10934
12569
msgstr ""
10935
12570
10936
#: serverguide/C/network-config.xml:457(para)
12571
#: serverguide/C/network-config.xml:791(para)
10937
12572
msgid ""
10938
12573
"The User Datagram Protocol (UDP), on the other hand, is a "
10939
12574
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
10944
12579
"loss of a few packets is not generally catastrophic."
10945
12580
msgstr ""
10946
12581
10947
#: serverguide/C/network-config.xml:467(title)
12582
#: serverguide/C/network-config.xml:801(title)
10948
12583
msgid "ICMP"
10949
12584
msgstr ""
10950
12585
10951
#: serverguide/C/network-config.xml:468(para)
12586
#: serverguide/C/network-config.xml:802(para)
10952
12587
msgid ""
10953
12588
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
10954
12589
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
10961
12596
"<emphasis>Time Exceeded</emphasis>."
10962
12597
msgstr ""
10963
12598
10964
#: serverguide/C/network-config.xml:478(title)
12599
#: serverguide/C/network-config.xml:812(title)
10965
12600
msgid "Daemons"
10966
12601
msgstr ""
10967
12602
10968
#: serverguide/C/network-config.xml:479(para)
12603
#: serverguide/C/network-config.xml:813(para)
10969
12604
msgid ""
10970
12605
"Daemons are special system applications which typically execute continuously "
10971
12606
"in the background and await requests for the functions they provide from "
10979
12614
"Daemon</emphasis> (imapd), which provides E-Mail services."
10980
12615
msgstr ""
10981
12616
10982
#: serverguide/C/network-config.xml:494(para)
12617
#: serverguide/C/network-config.xml:828(para)
10983
12618
msgid ""
10984
12619
"There are man pages for <ulink "
10985
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/tcp.7.html\">TCP</ul"
10986
"ink> and <ulink "
10987
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man7/ip.7.html\">IP</ulink> "
12620
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man7/tcp.7.html\">TCP</uli"
12621
"nk> and <ulink "
12622
"url=\"http://manpages.ubuntu.com/manpages/lucid/man7/ip.7.html\">IP</ulink> "
10988
12623
"that contain more useful information."
10989
12624
msgstr ""
10990
12625
10991
#: serverguide/C/network-config.xml:500(para)
12626
#: serverguide/C/network-config.xml:834(para)
10992
12627
msgid ""
10993
12628
"Also, see the <ulink "
10994
12629
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
10995
12630
"and Technical Overview</ulink> IBM Redbook."
10996
12631
msgstr ""
10997
12632
10998
#: serverguide/C/network-config.xml:506(para)
12633
#: serverguide/C/network-config.xml:840(para)
10999
12634
msgid ""
11000
12635
"Another resource is O'Reilly's <ulink "
11001
12636
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
11002
12637
"Administration</ulink>."
11003
12638
msgstr ""
11004
12639
11005
#: serverguide/C/network-config.xml:515(title)
12640
#: serverguide/C/network-config.xml:849(title)
11006
12641
msgid "Dynamic Host Configuration Protocol (DHCP)"
11007
12642
msgstr ""
11008
12643
11009
#: serverguide/C/network-config.xml:516(para)
12644
#: serverguide/C/network-config.xml:850(para)
11010
12645
msgid ""
11011
12646
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
11012
12647
"enables host computers to be automatically assigned settings from a server "
11015
12650
"DHCP server, and the configuration is transparent to the computer's user."
11016
12651
msgstr ""
11017
12652
11018
#: serverguide/C/network-config.xml:523(para)
12653
#: serverguide/C/network-config.xml:857(para)
11019
12654
msgid ""
11020
12655
"The most common settings provided by a DHCP server to DHCP clients include:"
11021
12656
msgstr ""
11022
12657
11023
#: serverguide/C/network-config.xml:528(para)
12658
#: serverguide/C/network-config.xml:862(para)
11024
12659
msgid "IP-Address and Netmask"
11025
12660
msgstr ""
11026
12661
11027
#: serverguide/C/network-config.xml:531(para)
12662
#: serverguide/C/network-config.xml:865(para)
11028
12663
msgid "DNS"
11029
12664
msgstr ""
11030
12665
11031
#: serverguide/C/network-config.xml:534(para)
12666
#: serverguide/C/network-config.xml:868(para)
11032
12667
msgid "WINS"
11033
12668
msgstr ""
11034
12669
11035
#: serverguide/C/network-config.xml:537(para)
12670
#: serverguide/C/network-config.xml:871(para)
11036
12671
msgid ""
11037
12672
"However, a DHCP server can also supply configuration properties such as:"
11038
12673
msgstr ""
11039
12674
11040
#: serverguide/C/network-config.xml:542(para)
12675
#: serverguide/C/network-config.xml:876(para)
11041
12676
msgid "Host Name"
11042
12677
msgstr ""
11043
12678
11044
#: serverguide/C/network-config.xml:545(para)
12679
#: serverguide/C/network-config.xml:879(para)
11045
12680
msgid "Domain Name"
11046
12681
msgstr ""
11047
12682
11048
#: serverguide/C/network-config.xml:548(para)
12683
#: serverguide/C/network-config.xml:882(para)
11049
12684
msgid "Default Gateway"
11050
12685
msgstr ""
11051
12686
11052
#: serverguide/C/network-config.xml:551(para)
12687
#: serverguide/C/network-config.xml:885(para)
11053
12688
msgid "Time Server"
11054
12689
msgstr ""
11055
12690
11056
#: serverguide/C/network-config.xml:554(para)
12691
#: serverguide/C/network-config.xml:888(para)
11057
12692
msgid "Print Server"
11058
12693
msgstr ""
11059
12694
11060
#: serverguide/C/network-config.xml:557(para)
12695
#: serverguide/C/network-config.xml:891(para)
11061
12696
msgid ""
11062
12697
"The advantage of using DHCP is that changes to the network, for example a "
11063
12698
"change in the address of the DNS server, need only be changed at the DHCP "
11068
12703
"also reduced."
11069
12704
msgstr ""
11070
12705
11071
#: serverguide/C/network-config.xml:565(para)
12706
#: serverguide/C/network-config.xml:899(para)
11072
12707
msgid "A DHCP server can provide configuration settings using two methods:"
11073
12708
msgstr ""
11074
12709
11075
#: serverguide/C/network-config.xml:570(term)
12710
#: serverguide/C/network-config.xml:904(term)
11076
12711
msgid "MAC Address"
11077
12712
msgstr ""
11078
12713
11079
#: serverguide/C/network-config.xml:572(para)
12714
#: serverguide/C/network-config.xml:906(para)
11080
12715
msgid ""
11081
12716
"This method entails using DHCP to identify the unique hardware address of "
11082
12717
"each network card connected to the network and then continually supplying a "
11084
12719
"server using that network device."
11085
12720
msgstr ""
11086
12721
11087
#: serverguide/C/network-config.xml:581(term)
12722
#: serverguide/C/network-config.xml:915(term)
11088
12723
msgid "Address Pool"
11089
12724
msgstr ""
11090
12725
11091
#: serverguide/C/network-config.xml:583(para)
12726
#: serverguide/C/network-config.xml:917(para)
11092
12727
msgid ""
11093
12728
"This method entails defining a pool (sometimes also called a range or scope) "
11094
12729
"of IP addresses from which DHCP clients are supplied their configuration "
11098
12733
"other DHCP Clients."
11099
12734
msgstr ""
11100
12735
11101
#: serverguide/C/network-config.xml:594(para)
12736
#: serverguide/C/network-config.xml:928(para)
11102
12737
msgid ""
11103
12738
"Ubuntu is shipped with both DHCP server and client. The server is "
11104
12739
"<application>dhcpd</application> (dynamic host configuration protocol "
11108
12743
"and configure and will be automatically started at system boot."
11109
12744
msgstr ""
11110
12745
11111
#: serverguide/C/network-config.xml:604(para)
12746
#: serverguide/C/network-config.xml:938(para)
11112
12747
msgid ""
11113
12748
"At a terminal prompt, enter the following command to install "
11114
12749
"<application>dhcpd</application>:"
11115
12750
msgstr ""
11116
12751
11117
#: serverguide/C/network-config.xml:609(command)
12752
#: serverguide/C/network-config.xml:943(command)
11118
12753
msgid "sudo apt-get install dhcp3-server"
11119
12754
msgstr ""
11120
12755
11121
#: serverguide/C/network-config.xml:611(para)
12756
#: serverguide/C/network-config.xml:945(para)
11122
12757
msgid ""
11123
12758
"You will probably need to change the default configuration by editing "
11124
12759
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
11125
12760
msgstr ""
11126
12761
11127
#: serverguide/C/network-config.xml:615(para)
12762
#: serverguide/C/network-config.xml:949(para)
11128
12763
msgid ""
11129
12764
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
11130
12765
"dhcpd should listen to. By default it listens to eth0."
11131
12766
msgstr ""
11132
12767
11133
#: serverguide/C/network-config.xml:619(para)
12768
#: serverguide/C/network-config.xml:953(para)
11134
12769
msgid ""
11135
12770
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
11136
12771
"messages."
11137
12772
msgstr ""
11138
12773
11139
#: serverguide/C/network-config.xml:626(para)
12774
#: serverguide/C/network-config.xml:960(para)
11140
12775
msgid ""
11141
12776
"The error message the installation ends with might be a little confusing, "
11142
12777
"but the following steps will help you configure the service:"
11143
12778
msgstr ""
11144
12779
11145
#: serverguide/C/network-config.xml:630(para)
12780
#: serverguide/C/network-config.xml:964(para)
11146
12781
msgid ""
11147
12782
"Most commonly, what you want to do is assign an IP address randomly. This "
11148
12783
"can be done with settings as follows:"
11149
12784
msgstr ""
11150
12785
11151
#: serverguide/C/network-config.xml:634(programlisting)
12786
#: serverguide/C/network-config.xml:968(programlisting)
11152
12787
#, no-wrap
11153
12788
msgid ""
11154
12789
"\n"
11168
12803
"} \n"
11169
12804
msgstr ""
11170
12805
11171
#: serverguide/C/network-config.xml:650(para)
12806
#: serverguide/C/network-config.xml:984(para)
11172
12807
msgid ""
11173
12808
"This will result in the DHCP server giving a client an IP address from the "
11174
12809
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
11179
12814
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
11180
12815
msgstr ""
11181
12816
11182
#: serverguide/C/network-config.xml:659(para)
12817
#: serverguide/C/network-config.xml:993(para)
11183
12818
msgid ""
11184
12819
"If you need to specify a WINS server for your Windows clients, you will need "
11185
12820
"to include the netbios-name-servers option, e.g."
11186
12821
msgstr ""
11187
12822
11188
#: serverguide/C/network-config.xml:663(programlisting)
12823
#: serverguide/C/network-config.xml:997(programlisting)
11189
12824
#, no-wrap
11190
12825
msgid ""
11191
12826
"\n"
11192
12827
"option netbios-name-servers 192.168.1.1; \n"
11193
12828
msgstr ""
11194
12829
11195
#: serverguide/C/network-config.xml:666(para)
12830
#: serverguide/C/network-config.xml:1000(para)
11196
12831
msgid ""
11197
12832
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
11198
12833
"be found <ulink "
11199
12834
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
11200
12835
msgstr ""
11201
12836
11202
#: serverguide/C/network-config.xml:676(para)
12837
#: serverguide/C/network-config.xml:1010(para)
12838
msgid ""
12839
"The <ulink url=\"https://help.ubuntu.com/community/dhcp3-server\">dhcp3-"
12840
"server Ubuntu Wiki</ulink> page has more information."
12841
msgstr ""
12842
12843
#: serverguide/C/network-config.xml:1015(para)
11203
12844
msgid ""
11204
12845
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
11205
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/dhcpd.conf.5.html\">"
11206
"dhcpd.conf man page</ulink>."
12846
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/dhcpd.conf.5.html\">d"
12847
"hcpd.conf man page</ulink>."
11207
12848
msgstr ""
11208
12849
11209
#: serverguide/C/network-config.xml:682(para)
12850
#: serverguide/C/network-config.xml:1021(para)
11210
12851
msgid ""
11211
12852
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
11212
12853
"FAQ</ulink>"
11213
12854
msgstr ""
11214
12855
11215
#: serverguide/C/network-config.xml:692(title)
12856
#: serverguide/C/network-config.xml:1031(title)
11216
12857
msgid "Time Synchronisation with NTP"
11217
12858
msgstr ""
11218
12859
11219
#: serverguide/C/network-config.xml:693(para)
12860
#: serverguide/C/network-config.xml:1032(para)
11220
12861
msgid ""
11221
12862
"This page describes methods for keeping your computer's time accurate. This "
11222
12863
"is useful for servers, but is not necessary (or desirable) for desktop "
11223
12864
"machines."
11224
12865
msgstr ""
11225
12866
11226
#: serverguide/C/network-config.xml:696(para)
12867
#: serverguide/C/network-config.xml:1035(para)
11227
12868
msgid ""
11228
12869
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
11229
12870
"client requests the current time from a server, and uses it to set its own "
11230
12871
"clock."
11231
12872
msgstr ""
11232
12873
11233
#: serverguide/C/network-config.xml:699(para)
12874
#: serverguide/C/network-config.xml:1038(para)
11234
12875
msgid ""
11235
12876
"Behind this simple description, there is a lot of complexity - there are "
11236
12877
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
11242
12883
"from you!"
11243
12884
msgstr ""
11244
12885
11245
#: serverguide/C/network-config.xml:702(para)
12886
#: serverguide/C/network-config.xml:1041(para)
11246
12887
msgid ""
11247
12888
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
11248
12889
msgstr ""
11249
12890
11250
#: serverguide/C/network-config.xml:707(title)
12891
#: serverguide/C/network-config.xml:1046(title)
11251
12892
msgid "ntpdate"
11252
12893
msgstr ""
11253
12894
11254
#: serverguide/C/network-config.xml:708(para)
12895
#: serverguide/C/network-config.xml:1047(para)
11255
12896
msgid ""
11256
12897
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
11257
12898
"set up your time according to Ubuntu's NTP server. However, a server's clock "
11261
12902
"<code>/etc/cron.daily/ntpdate</code> containing:"
11262
12903
msgstr ""
11263
12904
11264
#: serverguide/C/network-config.xml:713(screen)
12905
#: serverguide/C/network-config.xml:1052(screen)
11265
12906
#, no-wrap
11266
12907
msgid "ntpdate ntp.ubuntu.com\n"
11267
12908
msgstr ""
11268
12909
11269
#: serverguide/C/network-config.xml:715(para)
12910
#: serverguide/C/network-config.xml:1054(para)
11270
12911
msgid ""
11271
12912
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
11272
12913
msgstr ""
11273
12914
11274
#: serverguide/C/network-config.xml:718(screen)
12915
#: serverguide/C/network-config.xml:1057(screen)
11275
12916
#, no-wrap
11276
12917
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
11277
12918
msgstr ""
11278
12919
11279
#: serverguide/C/network-config.xml:722(title)
12920
#: serverguide/C/network-config.xml:1061(title)
11280
12921
msgid "ntpd"
11281
12922
msgstr ""
11282
12923
11283
#: serverguide/C/network-config.xml:723(para)
12924
#: serverguide/C/network-config.xml:1062(para)
11284
12925
msgid ""
11285
12926
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
11286
12927
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
11290
12931
"server this is negligible."
11291
12932
msgstr ""
11292
12933
11293
#: serverguide/C/network-config.xml:726(para)
12934
#: serverguide/C/network-config.xml:1065(para)
11294
12935
msgid "To set up ntpd:"
11295
12936
msgstr ""
11296
12937
11297
#: serverguide/C/network-config.xml:727(screen)
12938
#: serverguide/C/network-config.xml:1066(screen)
11298
12939
#, no-wrap
11299
12940
msgid "sudo apt-get install ntp\n"
11300
12941
msgstr ""
11301
12942
11302
#: serverguide/C/network-config.xml:732(title)
12943
#: serverguide/C/network-config.xml:1071(title)
11303
12944
msgid "Changing Time Servers"
11304
12945
msgstr ""
11305
12946
11306
#: serverguide/C/network-config.xml:733(para)
12947
#: serverguide/C/network-config.xml:1072(para)
11307
12948
msgid ""
11308
12949
"In both cases above, your system will use Ubuntu's NTP server at "
11309
12950
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
11312
12953
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
11313
12954
msgstr ""
11314
12955
11315
#: serverguide/C/network-config.xml:740(screen)
12956
#: serverguide/C/network-config.xml:1079(screen)
11316
12957
#, no-wrap
11317
12958
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
11318
12959
msgstr ""
11319
12960
11320
#: serverguide/C/network-config.xml:742(para)
12961
#: serverguide/C/network-config.xml:1081(para)
11321
12962
msgid ""
11322
12963
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
11323
12964
"lines:"
11324
12965
msgstr ""
11325
12966
11326
#: serverguide/C/network-config.xml:747(screen)
12967
#: serverguide/C/network-config.xml:1086(screen)
11327
12968
#, no-wrap
11328
12969
msgid ""
11329
12970
"server ntp.ubuntu.com\n"
11330
12971
"server pool.ntp.org\n"
11331
12972
msgstr ""
11332
12973
11333
#: serverguide/C/network-config.xml:750(para)
12974
#: serverguide/C/network-config.xml:1089(para)
11334
12975
msgid ""
11335
12976
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
11336
12977
"really good idea which uses round-robin DNS to return an NTP server from a "
11342
12983
"details."
11343
12984
msgstr ""
11344
12985
11345
#: serverguide/C/network-config.xml:761(para)
12986
#: serverguide/C/network-config.xml:1100(para)
11346
12987
msgid ""
11347
12988
"You can also Google for NTP servers in your region, and add these to your "
11348
12989
"configuration. To test that a server works, just type <code>sudo ntpdate "
11349
12990
"ntp.server.name</code> and see what happens."
11350
12991
msgstr ""
11351
12992
11352
#: serverguide/C/network-config.xml:769(title)
11353
msgid "Related Pages"
12993
#: serverguide/C/network-config.xml:1111(para)
12994
msgid ""
12995
"See the <ulink url=\"https://help.ubuntu.com/community/UbuntuTime\">Ubuntu "
12996
"Time</ulink> wiki page for more information."
11354
12997
msgstr ""
11355
12998
11356
#: serverguide/C/network-config.xml:773(ulink)
12999
#: serverguide/C/network-config.xml:1117(ulink)
11357
13000
msgid "NTP Support"
11358
13001
msgstr ""
11359
13002
11360
#: serverguide/C/network-config.xml:778(ulink)
13003
#: serverguide/C/network-config.xml:1122(ulink)
11361
13004
msgid "The NTP FAQ and HOWTO"
11362
13005
msgstr ""
11363
13006
11419
13062
11420
13063
#: serverguide/C/network-auth.xml:63(para)
11421
13064
msgid ""
11422
"The installation process will prompt you for the LDAP directory admin "
11423
"password and confirmation."
13065
"By default <application>slapd</application> is configured with minimal "
13066
"options needed to run the <application>slapd</application> daemon."
11424
13067
msgstr ""
11425
13068
11426
13069
#: serverguide/C/network-auth.xml:68(para)
11427
13070
msgid ""
11428
"By default the directory suffix will match the domain name of the server. "
11429
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11430
"ldap.example.com, the default suffix will be "
11431
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11432
"the directory can be reconfigured using <application>dpkg-"
11433
"reconfigure</application>. Enter the following in a terminal prompt:"
11434
msgstr ""
11435
11436
#: serverguide/C/network-auth.xml:78(command)
11437
msgid "sudo dpkg-reconfigure slapd"
11438
msgstr ""
11439
11440
#: serverguide/C/network-auth.xml:81(para)
11441
msgid ""
11442
"You will then be taken through a menu based configuration dialog, allowing "
11443
"you to configure various <application>slapd</application> options."
11444
msgstr ""
11445
11446
#: serverguide/C/network-auth.xml:90(para)
11447
msgid ""
11448
"<application>OpenLDAP</application> uses a separate database which contains "
13071
"The configuration example in the following sections will match the domain "
13072
"name of the server. For example, if the machine's Fully Qualified Domain "
13073
"Name (FQDN) is ldap.example.com, the default suffix will be "
13074
"<emphasis>dc=example,dc=com</emphasis>."
13075
msgstr ""
13076
13077
#: serverguide/C/network-auth.xml:76(title)
13078
msgid "Populating LDAP"
13079
msgstr ""
13080
13081
#: serverguide/C/network-auth.xml:78(para)
13082
msgid ""
13083
"<application>OpenLDAP</application> uses a separate directory which contains "
11449
13084
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11450
13085
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11451
13086
"<application>slapd</application> daemon, allowing the modification of schema "
11452
13087
"definitions, indexes, ACLs, etc without stopping the service."
11453
13088
msgstr ""
11454
13089
11455
#: serverguide/C/network-auth.xml:98(para)
11456
msgid ""
11457
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11458
"utilities in the <application>ldap-utils</application> package. For example:"
11459
msgstr ""
11460
11461
#: serverguide/C/network-auth.xml:106(para)
11462
msgid ""
11463
"Use <application>ldapsearch</application> to view the tree, entering the "
11464
"admin password set during installation or reconfiguration:"
11465
msgstr ""
11466
11467
#: serverguide/C/network-auth.xml:112(command)
11468
msgid ""
11469
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11470
msgstr ""
11471
11472
#: serverguide/C/network-auth.xml:116(computeroutput)
11473
#, no-wrap
11474
msgid ""
11475
"Enter LDAP Password: \n"
11476
"dn: olcDatabase={1}hdb,cn=config\n"
11477
"objectClass: olcDatabaseConfig\n"
11478
"objectClass: olcHdbConfig\n"
11479
"olcDatabase: {1}hdb\n"
11480
"olcDbDirectory: /var/lib/ldap\n"
11481
"olcSuffix: dc=example,dc=com\n"
11482
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11483
"dn=\"cn=admin,dc=exampl\n"
11484
" e,dc=com\" write by anonymous auth by self write by * none\n"
11485
"olcAccess: {1}to dn.base=\"\" by * read\n"
11486
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11487
"olcLastMod: TRUE\n"
11488
"olcDbCheckpoint: 512 30\n"
11489
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11490
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11491
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11492
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11493
"olcDbIndex: objectClass eq\n"
11494
msgstr ""
11495
11496
#: serverguide/C/network-auth.xml:137(para)
11497
msgid ""
11498
"The output above is the current configuration options for the "
11499
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11500
"<emphasis>dc=example,dc=com</emphasis> suffix."
11501
msgstr ""
11502
11503
#: serverguide/C/network-auth.xml:146(para)
11504
msgid ""
11505
"Refine the search by supplying a <emphasis "
11506
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11507
"are indexed:"
11508
msgstr ""
11509
11510
#: serverguide/C/network-auth.xml:152(command)
11511
msgid ""
11512
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11513
"olcDbIndex"
11514
msgstr ""
11515
11516
#: serverguide/C/network-auth.xml:156(computeroutput)
11517
#, no-wrap
11518
msgid ""
11519
"Enter LDAP Password: \n"
11520
"dn: olcDatabase={1}hdb,cn=config\n"
11521
"olcDbIndex: objectClass eq\n"
11522
msgstr ""
11523
11524
#: serverguide/C/network-auth.xml:165(para)
11525
msgid ""
11526
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11527
"another attribute to the index list using "
11528
"<application>ldapmodify</application>:"
11529
msgstr ""
11530
11531
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11532
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11533
msgstr ""
11534
11535
#: serverguide/C/network-auth.xml:175(userinput)
11536
#, no-wrap
11537
msgid ""
11538
"\n"
11539
"dn: olcDatabase={1}hdb,cn=config\n"
11540
"add: olcDbIndex\n"
11541
"olcDbIndex: entryUUID eq"
11542
msgstr ""
11543
11544
#: serverguide/C/network-auth.xml:175(computeroutput)
11545
#, no-wrap
11546
msgid ""
11547
"Enter LDAP Password:<placeholder-1/>\n"
11548
"\n"
11549
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11550
msgstr ""
11551
11552
#: serverguide/C/network-auth.xml:184(para)
11553
msgid ""
11554
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11555
"exit the utility."
11556
msgstr ""
11557
11558
#: serverguide/C/network-auth.xml:191(para)
11559
msgid ""
11560
"<application>ldapmodify</application> can also read the changes from a file. "
11561
"Copy and paste the following into a file named "
11562
"<filename>uid_index.ldif</filename>:"
11563
msgstr ""
11564
11565
#: serverguide/C/network-auth.xml:196(programlisting)
11566
#, no-wrap
11567
msgid ""
11568
"\n"
11569
"dn: olcDatabase={1}hdb,cn=config\n"
11570
"add: olcDbIndex\n"
11571
"olcDbIndex: uid eq,pres,sub\n"
11572
msgstr ""
11573
11574
#: serverguide/C/network-auth.xml:202(para)
11575
msgid "Then execute <application>ldapmodify</application>:"
11576
msgstr ""
11577
11578
#: serverguide/C/network-auth.xml:207(command)
11579
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11580
msgstr ""
11581
11582
#: serverguide/C/network-auth.xml:211(computeroutput)
11583
#, no-wrap
11584
msgid ""
11585
"Enter LDAP Password: \n"
11586
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11587
msgstr ""
11588
11589
#: serverguide/C/network-auth.xml:216(para)
11590
msgid "The file method is very useful for large changes."
11591
msgstr ""
11592
11593
#: serverguide/C/network-auth.xml:223(para)
11594
msgid ""
11595
"Adding additional <emphasis>schemas</emphasis> to "
11596
"<application>slapd</application> requires the schema to be converted to LDIF "
11597
"format. Fortunately, the <application>slapd</application> program can be "
11598
"used to automate the conversion. The following example will add the "
11599
"<emphasis>misc.schema</emphasis>:"
11600
msgstr ""
11601
11602
#: serverguide/C/network-auth.xml:231(para)
11603
msgid ""
11604
"First, create a conversion <filename>schema_convert.conf</filename> file "
11605
"containing the following lines:"
11606
msgstr ""
11607
11608
#: serverguide/C/network-auth.xml:236(programlisting)
11609
#, no-wrap
11610
msgid ""
11611
"\n"
11612
"include /etc/ldap/schema/core.schema\n"
11613
"include /etc/ldap/schema/collective.schema\n"
11614
"include /etc/ldap/schema/corba.schema\n"
11615
"include /etc/ldap/schema/cosine.schema\n"
11616
"include /etc/ldap/schema/duaconf.schema\n"
11617
"include /etc/ldap/schema/dyngroup.schema\n"
11618
"include /etc/ldap/schema/inetorgperson.schema\n"
11619
"include /etc/ldap/schema/java.schema\n"
11620
"include /etc/ldap/schema/misc.schema\n"
11621
"include /etc/ldap/schema/nis.schema\n"
11622
"include /etc/ldap/schema/openldap.schema\n"
11623
"include /etc/ldap/schema/ppolicy.schema\n"
11624
msgstr ""
11625
11626
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
11627
msgid "Next, create a temporary directory to hold the output:"
11628
msgstr ""
11629
11630
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
11631
msgid "mkdir /tmp/ldif_output"
11632
msgstr ""
11633
11634
#: serverguide/C/network-auth.xml:265(para)
11635
msgid ""
11636
"Now using <application>slapcat</application> convert the schema files to "
11637
"LDIF:"
11638
msgstr ""
11639
11640
#: serverguide/C/network-auth.xml:270(command)
11641
msgid ""
11642
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11643
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11644
msgstr ""
11645
11646
#: serverguide/C/network-auth.xml:273(para)
11647
msgid ""
11648
"Adjust the configuration file name and temporary directory names if yours "
11649
"are different. Also, it may be worthwhile to keep the "
11650
"<filename>ldif_output</filename> directory around in case you want to add "
11651
"additional schemas in the future."
11652
msgstr ""
11653
11654
#: serverguide/C/network-auth.xml:282(para)
11655
msgid ""
11656
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11657
"following attributes:"
11658
msgstr ""
11659
11660
#: serverguide/C/network-auth.xml:286(programlisting)
11661
#, no-wrap
11662
msgid ""
11663
"\n"
11664
"dn: cn=misc,cn=schema,cn=config\n"
11665
"...\n"
11666
"cn: misc\n"
11667
msgstr ""
11668
11669
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
11670
msgid "And remove the following lines from the bottom of the file:"
11671
msgstr ""
11672
11673
#: serverguide/C/network-auth.xml:296(programlisting)
11674
#, no-wrap
11675
msgid ""
11676
"\n"
11677
"structuralObjectClass: olcSchemaConfig\n"
11678
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11679
"creatorsName: cn=config\n"
11680
"createTimestamp: 20080826021140Z\n"
11681
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11682
"modifiersName: cn=config\n"
11683
"modifyTimestamp: 20080826021140Z\n"
11684
msgstr ""
11685
11686
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11687
msgid ""
11688
"The attribute values will vary, just be sure the attributes are removed."
11689
msgstr ""
11690
11691
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11692
msgid ""
11693
"Finally, using the <application>ldapadd</application> utility, add the new "
11694
"schema to the directory:"
11695
msgstr ""
11696
11697
#: serverguide/C/network-auth.xml:321(command)
11698
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11699
msgstr ""
11700
11701
#: serverguide/C/network-auth.xml:327(para)
11702
msgid ""
11703
"There should now be a <emphasis>dn: "
11704
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11705
msgstr ""
11706
11707
#: serverguide/C/network-auth.xml:336(title)
11708
msgid "Populating LDAP"
11709
msgstr ""
11710
11711
#: serverguide/C/network-auth.xml:338(para)
11712
msgid ""
11713
"The directory has been created during installation and reconfiguration, and "
11714
"now it is time to populate it. It will be populated with a \"classical\" "
11715
"scheme that will be compatible with address book applications and with Unix "
11716
"Posix accounts. Posix accounts will allow authentication to various "
11717
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11718
"applications, etc."
11719
msgstr ""
11720
11721
#: serverguide/C/network-auth.xml:347(para)
13090
#: serverguide/C/network-auth.xml:86(para)
13091
msgid ""
13092
"The backend <emphasis>cn=config</emphasis> directory has only a minimal "
13093
"configuration and will need additional configuration options in order to "
13094
"populate the frontend directory. The frontend will be populated with a "
13095
"\"classical\" scheme that will be compatible with address book applications "
13096
"and with Unix Posix accounts. Posix accounts will allow authentication to "
13097
"various applications, such as web applications, email Mail Transfer Agent "
13098
"(MTA) applications, etc."
13099
msgstr ""
13100
13101
#: serverguide/C/network-auth.xml:95(para)
11722
13102
msgid ""
11723
13103
"For external applications to authenticate using LDAP they will each need to "
11724
13104
"be specifically configured to do so. Refer to the individual application "
11725
13105
"documentation for details."
11726
13106
msgstr ""
11727
13107
11728
#: serverguide/C/network-auth.xml:354(para)
11729
msgid ""
11730
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11731
"Format) files. Copy the following example LDIF file, naming it "
11732
"<filename>example.com.ldif</filename>, somewhere on your system:"
11733
msgstr ""
11734
11735
#: serverguide/C/network-auth.xml:360(programlisting)
11736
#, no-wrap
11737
msgid ""
13108
#: serverguide/C/network-auth.xml:103(para)
13109
msgid ""
13110
"Remember to change <emphasis>dc=example,dc=com</emphasis> in the following "
13111
"examples to match your LDAP configuration."
13112
msgstr ""
13113
13114
#: serverguide/C/network-auth.xml:108(para)
13115
msgid ""
13116
"First, some additional schema files need to be loaded. In a terminal enter:"
13117
msgstr ""
13118
13119
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:702(command)
13120
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
13121
msgstr ""
13122
13123
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:703(command)
13124
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
13125
msgstr ""
13126
13127
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:704(command)
13128
msgid ""
13129
"sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
13130
msgstr ""
13131
13132
#: serverguide/C/network-auth.xml:118(para)
13133
msgid ""
13134
"Next, copy the following example LDIF file, naming it "
13135
"<filename>backend.example.com.ldif</filename>, somewhere on your system:"
13136
msgstr ""
13137
13138
#: serverguide/C/network-auth.xml:123(programlisting)
13139
#, no-wrap
13140
msgid ""
13141
"\n"
13142
"# Load dynamic backend modules\n"
13143
"dn: cn=module,cn=config\n"
13144
"objectClass: olcModuleList\n"
13145
"cn: module\n"
13146
"olcModulepath: /usr/lib/ldap\n"
13147
"olcModuleload: back_hdb\n"
13148
"\n"
13149
"# Database settings\n"
13150
"dn: olcDatabase=hdb,cn=config\n"
13151
"objectClass: olcDatabaseConfig\n"
13152
"objectClass: olcHdbConfig\n"
13153
"olcDatabase: {1}hdb\n"
13154
"olcSuffix: dc=example,dc=com\n"
13155
"olcDbDirectory: /var/lib/ldap\n"
13156
"olcRootDN: cn=admin,dc=example,dc=com\n"
13157
"olcRootPW: secret\n"
13158
"olcDbConfig: set_cachesize 0 2097152 0\n"
13159
"olcDbConfig: set_lk_max_objects 1500\n"
13160
"olcDbConfig: set_lk_max_locks 1500\n"
13161
"olcDbConfig: set_lk_max_lockers 1500\n"
13162
"olcDbIndex: objectClass eq\n"
13163
"olcLastMod: TRUE\n"
13164
"olcDbCheckpoint: 512 30\n"
13165
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13166
"by anonymous auth by self write by * none\n"
13167
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13168
"olcAccess: to dn.base=\"\" by * read\n"
13169
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13170
"\n"
13171
msgstr ""
13172
13173
#: serverguide/C/network-auth.xml:155(para)
13174
msgid ""
13175
"Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
13176
msgstr ""
13177
13178
#: serverguide/C/network-auth.xml:160(para)
13179
msgid "Now add the LDIF to the directory:"
13180
msgstr ""
13181
13182
#: serverguide/C/network-auth.xml:165(command) serverguide/C/network-auth.xml:746(command)
13183
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
13184
msgstr ""
13185
13186
#: serverguide/C/network-auth.xml:168(para)
13187
msgid ""
13188
"The frontend directory is now ready to be populated. Create a "
13189
"<filename>frontend.example.com.ldif</filename> with the following contents:"
13190
msgstr ""
13191
13192
#: serverguide/C/network-auth.xml:173(programlisting)
13193
#, no-wrap
13194
msgid ""
13195
"\n"
13196
"# Create top-level object in domain\n"
13197
"dn: dc=example,dc=com\n"
13198
"objectClass: top\n"
13199
"objectClass: dcObject\n"
13200
"objectclass: organization\n"
13201
"o: Example Organization\n"
13202
"dc: Example\n"
13203
"description: LDAP Example \n"
13204
"\n"
13205
"# Admin user.\n"
13206
"dn: cn=admin,dc=example,dc=com\n"
13207
"objectClass: simpleSecurityObject\n"
13208
"objectClass: organizationalRole\n"
13209
"cn: admin\n"
13210
"description: LDAP administrator\n"
13211
"userPassword: secret\n"
11738
13212
"\n"
11739
13213
"dn: ou=people,dc=example,dc=com\n"
11740
13214
"objectClass: organizationalUnit\n"
11781
13255
"gidNumber: 10000\n"
11782
13256
msgstr ""
11783
13257
11784
#: serverguide/C/network-auth.xml:406(para)
13258
#: serverguide/C/network-auth.xml:236(para)
11785
13259
msgid ""
11786
13260
"In this example the directory structure, a user, and a group have been "
11787
13261
"setup. In other examples you might see the <emphasis>objectClass: "
11789
13263
"you do not have to add it explicitly."
11790
13264
msgstr ""
11791
13265
11792
#: serverguide/C/network-auth.xml:413(para)
11793
msgid ""
11794
"To add the entries to the LDAP directory use the "
11795
"<application>ldapadd</application> utility:"
11796
msgstr ""
11797
11798
#: serverguide/C/network-auth.xml:419(command)
11799
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
11800
msgstr ""
11801
11802
#: serverguide/C/network-auth.xml:422(para)
11803
msgid ""
11804
"We can check that the content has been correctly added with the tools from "
11805
"the <application>ldap-utils</application> package. In order to execute a "
11806
"search of the LDAP directory:"
11807
msgstr ""
11808
11809
#: serverguide/C/network-auth.xml:429(command)
13266
#: serverguide/C/network-auth.xml:243(para)
13267
msgid "Add the entries to the LDAP directory:"
13268
msgstr ""
13269
13270
#: serverguide/C/network-auth.xml:249(command) serverguide/C/network-auth.xml:757(command)
13271
msgid ""
13272
"sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
13273
msgstr ""
13274
13275
#: serverguide/C/network-auth.xml:252(para)
13276
msgid ""
13277
"We can check that the content has been correctly added with the "
13278
"<application>ldapsearch</application> utility. Execute a search of the LDAP "
13279
"directory:"
13280
msgstr ""
13281
13282
#: serverguide/C/network-auth.xml:258(command)
11810
13283
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
11811
13284
msgstr ""
11812
13285
11813
#: serverguide/C/network-auth.xml:430(computeroutput)
13286
#: serverguide/C/network-auth.xml:259(computeroutput)
11814
13287
#, no-wrap
11815
13288
msgid ""
11816
13289
"\n"
11820
13293
"givenName: John\n"
11821
13294
msgstr ""
11822
13295
11823
#: serverguide/C/network-auth.xml:438(para)
13296
#: serverguide/C/network-auth.xml:267(para)
11824
13297
msgid "Just a quick explanation:"
11825
13298
msgstr ""
11826
13299
11827
#: serverguide/C/network-auth.xml:444(para)
13300
#: serverguide/C/network-auth.xml:273(para)
11828
13301
msgid ""
11829
13302
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11830
13303
"the default."
11831
13304
msgstr ""
11832
13305
13306
#: serverguide/C/network-auth.xml:279(para)
13307
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
13308
msgstr ""
13309
13310
#: serverguide/C/network-auth.xml:287(title)
13311
msgid "Further Configuration"
13312
msgstr ""
13313
13314
#: serverguide/C/network-auth.xml:290(para)
13315
msgid ""
13316
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
13317
"utilities in the <application>ldap-utils</application> package. For example:"
13318
msgstr ""
13319
13320
#: serverguide/C/network-auth.xml:298(para)
13321
msgid ""
13322
"Use <application>ldapsearch</application> to view the tree, entering the "
13323
"admin password set during installation or reconfiguration:"
13324
msgstr ""
13325
13326
#: serverguide/C/network-auth.xml:304(command)
13327
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
13328
msgstr ""
13329
13330
#: serverguide/C/network-auth.xml:308(computeroutput)
13331
#, no-wrap
13332
msgid ""
13333
"\n"
13334
"SASL/EXTERNAL authentication started\n"
13335
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13336
"SASL SSF: 0\n"
13337
"dn: cn=config\n"
13338
"\n"
13339
"dn: cn=module{0},cn=config\n"
13340
"\n"
13341
"dn: cn=schema,cn=config\n"
13342
"\n"
13343
"dn: cn={0}core,cn=schema,cn=config\n"
13344
"\n"
13345
"dn: cn={1}cosine,cn=schema,cn=config\n"
13346
"\n"
13347
"dn: cn={2}nis,cn=schema,cn=config\n"
13348
"\n"
13349
"dn: cn={3}inetorgperson,cn=schema,cn=config\n"
13350
"\n"
13351
"dn: olcDatabase={-1}frontend,cn=config\n"
13352
"\n"
13353
"dn: olcDatabase={0}config,cn=config\n"
13354
"\n"
13355
"dn: olcDatabase={1}hdb,cn=config\n"
13356
msgstr ""
13357
13358
#: serverguide/C/network-auth.xml:334(para)
13359
msgid ""
13360
"The output above is the current configuration options for the "
13361
"<emphasis>cn=config</emphasis> backend database. Your output may be vary."
13362
msgstr ""
13363
13364
#: serverguide/C/network-auth.xml:342(para)
13365
msgid ""
13366
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
13367
"another attribute to the index list using "
13368
"<application>ldapmodify</application>:"
13369
msgstr ""
13370
13371
#: serverguide/C/network-auth.xml:348(command) serverguide/C/network-auth.xml:984(command) serverguide/C/network-auth.xml:1155(command) serverguide/C/network-auth.xml:1191(command)
13372
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
13373
msgstr ""
13374
13375
#: serverguide/C/network-auth.xml:356(userinput)
13376
#, no-wrap
13377
msgid ""
13378
"dn: olcDatabase={1}hdb,cn=config\n"
13379
"add: olcDbIndex\n"
13380
"olcDbIndex: uidNumber eq"
13381
msgstr ""
13382
13383
#: serverguide/C/network-auth.xml:352(computeroutput)
13384
#, no-wrap
13385
msgid ""
13386
"\n"
13387
"SASL/EXTERNAL authentication started\n"
13388
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13389
"SASL SSF: 0\n"
13390
"<placeholder-1/>\n"
13391
"\n"
13392
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13393
msgstr ""
13394
13395
#: serverguide/C/network-auth.xml:364(para)
13396
msgid ""
13397
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
13398
"exit the utility."
13399
msgstr ""
13400
13401
#: serverguide/C/network-auth.xml:371(para)
13402
msgid ""
13403
"<application>ldapmodify</application> can also read the changes from a file. "
13404
"Copy and paste the following into a file named "
13405
"<filename>uid_index.ldif</filename>:"
13406
msgstr ""
13407
13408
#: serverguide/C/network-auth.xml:376(programlisting)
13409
#, no-wrap
13410
msgid ""
13411
"\n"
13412
"dn: olcDatabase={1}hdb,cn=config\n"
13413
"add: olcDbIndex\n"
13414
"olcDbIndex: uid eq,pres,sub\n"
13415
msgstr ""
13416
13417
#: serverguide/C/network-auth.xml:382(para)
13418
msgid "Then execute <application>ldapmodify</application>:"
13419
msgstr ""
13420
13421
#: serverguide/C/network-auth.xml:387(command)
13422
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
13423
msgstr ""
13424
13425
#: serverguide/C/network-auth.xml:391(computeroutput)
13426
#, no-wrap
13427
msgid ""
13428
"\n"
13429
"SASL/EXTERNAL authentication started\n"
13430
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
13431
"SASL SSF: 0\n"
13432
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13433
msgstr ""
13434
13435
#: serverguide/C/network-auth.xml:399(para)
13436
msgid "The file method is very useful for large changes."
13437
msgstr ""
13438
13439
#: serverguide/C/network-auth.xml:406(para)
13440
msgid ""
13441
"Adding additional <emphasis>schemas</emphasis> to "
13442
"<application>slapd</application> requires the schema to be converted to LDIF "
13443
"format. The <filename role=\"directory\">/etc/ldap/schema</filename> "
13444
"directory contains some schema files already converted to LDIF format as "
13445
"demonstrated in the previous section. Fortunately, the "
13446
"<application>slapd</application> program can be used to automate the "
13447
"conversion. The following example will add the "
13448
"<emphasis>dyngoup.schema</emphasis>:"
13449
msgstr ""
13450
13451
#: serverguide/C/network-auth.xml:416(para)
13452
msgid ""
13453
"First, create a conversion <filename>schema_convert.conf</filename> file "
13454
"containing the following lines:"
13455
msgstr ""
13456
13457
#: serverguide/C/network-auth.xml:421(programlisting)
13458
#, no-wrap
13459
msgid ""
13460
"\n"
13461
"include /etc/ldap/schema/core.schema\n"
13462
"include /etc/ldap/schema/collective.schema\n"
13463
"include /etc/ldap/schema/corba.schema\n"
13464
"include /etc/ldap/schema/cosine.schema\n"
13465
"include /etc/ldap/schema/duaconf.schema\n"
13466
"include /etc/ldap/schema/dyngroup.schema\n"
13467
"include /etc/ldap/schema/inetorgperson.schema\n"
13468
"include /etc/ldap/schema/java.schema\n"
13469
"include /etc/ldap/schema/misc.schema\n"
13470
"include /etc/ldap/schema/nis.schema\n"
13471
"include /etc/ldap/schema/openldap.schema\n"
13472
"include /etc/ldap/schema/ppolicy.schema\n"
13473
msgstr ""
13474
13475
#: serverguide/C/network-auth.xml:439(para) serverguide/C/network-auth.xml:1655(para)
13476
msgid "Next, create a temporary directory to hold the output:"
13477
msgstr ""
13478
13479
#: serverguide/C/network-auth.xml:444(command) serverguide/C/network-auth.xml:1660(command) serverguide/C/network-auth.xml:2695(command)
13480
msgid "mkdir /tmp/ldif_output"
13481
msgstr ""
13482
11833
13483
#: serverguide/C/network-auth.xml:450(para)
11834
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11835
msgstr ""
11836
11837
#: serverguide/C/network-auth.xml:459(title)
11838
msgid "LDAP replication"
11839
msgstr ""
11840
11841
#: serverguide/C/network-auth.xml:461(para)
13484
msgid ""
13485
"Now using <application>slapcat</application> convert the schema files to "
13486
"LDIF:"
13487
msgstr ""
13488
13489
#: serverguide/C/network-auth.xml:455(command)
13490
msgid ""
13491
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13492
"\"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
13493
msgstr ""
13494
13495
#: serverguide/C/network-auth.xml:458(para)
13496
msgid ""
13497
"Adjust the configuration file name and temporary directory names if yours "
13498
"are different. Also, it may be worthwhile to keep the "
13499
"<filename>ldif_output</filename> directory around in case you want to add "
13500
"additional schemas in the future."
13501
msgstr ""
13502
13503
#: serverguide/C/network-auth.xml:467(para)
13504
msgid ""
13505
"Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the "
13506
"following attributes:"
13507
msgstr ""
13508
13509
#: serverguide/C/network-auth.xml:471(programlisting)
13510
#, no-wrap
13511
msgid ""
13512
"\n"
13513
"dn: cn=dyngroup,cn=schema,cn=config\n"
13514
"...\n"
13515
"cn: dyngroup\n"
13516
msgstr ""
13517
13518
#: serverguide/C/network-auth.xml:477(para) serverguide/C/network-auth.xml:1691(para)
13519
msgid "And remove the following lines from the bottom of the file:"
13520
msgstr ""
13521
13522
#: serverguide/C/network-auth.xml:481(programlisting)
13523
#, no-wrap
13524
msgid ""
13525
"\n"
13526
"structuralObjectClass: olcSchemaConfig\n"
13527
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
13528
"creatorsName: cn=config\n"
13529
"createTimestamp: 20080826021140Z\n"
13530
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
13531
"modifiersName: cn=config\n"
13532
"modifyTimestamp: 20080826021140Z\n"
13533
msgstr ""
13534
13535
#: serverguide/C/network-auth.xml:492(para) serverguide/C/network-auth.xml:1706(para) serverguide/C/network-auth.xml:2741(para)
13536
msgid ""
13537
"The attribute values will vary, just be sure the attributes are removed."
13538
msgstr ""
13539
13540
#: serverguide/C/network-auth.xml:500(para) serverguide/C/network-auth.xml:1714(para)
13541
msgid ""
13542
"Finally, using the <application>ldapadd</application> utility, add the new "
13543
"schema to the directory:"
13544
msgstr ""
13545
13546
#: serverguide/C/network-auth.xml:506(command)
13547
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
13548
msgstr ""
13549
13550
#: serverguide/C/network-auth.xml:512(para)
13551
msgid ""
13552
"There should now be a <emphasis>dn: "
13553
"cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
13554
msgstr ""
13555
13556
#: serverguide/C/network-auth.xml:522(title)
13557
msgid "LDAP Replication"
13558
msgstr ""
13559
13560
#: serverguide/C/network-auth.xml:524(para)
11842
13561
msgid ""
11843
13562
"LDAP often quickly becomes a highly critical service to the network. "
11844
13563
"Multiple systems will come to depend on LDAP for authentication, "
11846
13565
"system through replication."
11847
13566
msgstr ""
11848
13567
11849
#: serverguide/C/network-auth.xml:467(para)
13568
#: serverguide/C/network-auth.xml:530(para)
11850
13569
msgid ""
11851
13570
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11852
"Syncrepl allows the directory to be synced using either a "
11853
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11854
"push based configuration a <quote>primary</quote> server will push directory "
11855
"updates to <quote>secondary</quote> servers, while a pull based approach "
11856
"allows replication servers to sync on a time based interval."
11857
msgstr ""
11858
11859
#: serverguide/C/network-auth.xml:475(para)
11860
msgid ""
11861
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11862
"configuration. In this configuration each OpenLDAP server is configured for "
11863
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11864
msgstr ""
11865
11866
#: serverguide/C/network-auth.xml:483(para)
11867
msgid ""
11868
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11869
"database. Copy the following to a file named <filename>syncrepl_cn-"
11870
"config.ldif</filename>:"
11871
msgstr ""
11872
11873
#: serverguide/C/network-auth.xml:488(programlisting)
13571
"Syncrepl allows the changes to be synced using a "
13572
"<emphasis>consumer</emphasis>, <emphasis>provider</emphasis> model. A "
13573
"provider sends directory changes to consumers."
13574
msgstr ""
13575
13576
#: serverguide/C/network-auth.xml:537(title)
13577
msgid "Provider Configuration"
13578
msgstr ""
13579
13580
#: serverguide/C/network-auth.xml:539(para)
13581
msgid ""
13582
"The following is an example of a <emphasis>Single-Master</emphasis> "
13583
"configuration. In this configuration one OpenLDAP server is configured as a "
13584
"<emphasis>provider</emphasis> and another as a <emphasis>consumer</emphasis>."
13585
msgstr ""
13586
13587
#: serverguide/C/network-auth.xml:547(para)
13588
msgid ""
13589
"First, configure the provider server. Copy the following to a file named "
13590
"<filename>provider_sync.ldif</filename>:"
13591
msgstr ""
13592
13593
#: serverguide/C/network-auth.xml:552(programlisting)
11874
13594
#, no-wrap
11875
13595
msgid ""
11876
13596
"\n"
13597
"# Add indexes to the frontend db.\n"
13598
"dn: olcDatabase={1}hdb,cn=config\n"
13599
"changetype: modify\n"
13600
"add: olcDbIndex\n"
13601
"olcDbIndex: entryCSN eq\n"
13602
"-\n"
13603
"add: olcDbIndex\n"
13604
"olcDbIndex: entryUUID eq\n"
13605
"\n"
13606
"#Load the syncprov and accesslog modules.\n"
11877
13607
"dn: cn=module{0},cn=config\n"
11878
13608
"changetype: modify\n"
11879
13609
"add: olcModuleLoad\n"
11880
13610
"olcModuleLoad: syncprov\n"
11881
"\n"
11882
"dn: cn=config\n"
11883
"changetype: modify\n"
11884
"replace: olcServerID\n"
11885
"olcServerID: 1 ldap://ldap01.example.com\n"
11886
"olcServerID: 2 ldap://ldap02.example.com\n"
11887
"\n"
11888
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
13611
"-\n"
13612
"add: olcModuleLoad\n"
13613
"olcModuleLoad: accesslog\n"
13614
"\n"
13615
"# Accesslog database definitions\n"
13616
"dn: olcDatabase={2}hdb,cn=config\n"
13617
"objectClass: olcDatabaseConfig\n"
13618
"objectClass: olcHdbConfig\n"
13619
"olcDatabase: {2}hdb\n"
13620
"olcDbDirectory: /var/lib/ldap/accesslog\n"
13621
"olcSuffix: cn=accesslog\n"
13622
"olcRootDN: cn=admin,dc=example,dc=com\n"
13623
"olcDbIndex: default eq\n"
13624
"olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart\n"
13625
"\n"
13626
"# Accesslog db syncprov.\n"
13627
"dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config\n"
11889
13628
"changetype: add\n"
11890
13629
"objectClass: olcOverlayConfig\n"
11891
13630
"objectClass: olcSyncProvConfig\n"
11892
13631
"olcOverlay: syncprov\n"
11893
"\n"
11894
"dn: olcDatabase={0}config,cn=config\n"
11895
"changetype: modify\n"
11896
"add: olcSyncRepl\n"
11897
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11898
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11899
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11900
" retry=\"5 5 300 5\" timeout=1\n"
11901
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11902
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11903
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11904
" retry=\"5 5 300 5\" timeout=1\n"
11905
"-\n"
11906
"add: olcMirrorMode\n"
11907
"olcMirrorMode: TRUE\n"
11908
msgstr ""
11909
11910
#: serverguide/C/network-auth.xml:523(para)
11911
msgid "Edit the file changing:"
11912
msgstr ""
11913
11914
#: serverguide/C/network-auth.xml:529(para)
11915
msgid ""
11916
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11917
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11918
"servers."
11919
msgstr ""
11920
11921
#: serverguide/C/network-auth.xml:534(para)
11922
msgid ""
11923
"You can have more than two LDAP servers, and when a change is made to one of "
11924
"them it will by synced to the rest. Be sure to increment the "
11925
"<emphasis>olcServerID</emphasis> for each server, and the "
11926
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11927
msgstr ""
11928
11929
#: serverguide/C/network-auth.xml:542(para)
11930
msgid ""
11931
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11932
"password."
11933
msgstr ""
11934
11935
#: serverguide/C/network-auth.xml:552(para)
11936
msgid ""
11937
"Next, add the LDIF file using the <application>ldapmodify</application> "
11938
"utility:"
11939
msgstr ""
11940
11941
#: serverguide/C/network-auth.xml:557(command)
11942
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11943
msgstr ""
11944
11945
#: serverguide/C/network-auth.xml:563(para)
11946
msgid ""
11947
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11948
"server and repeat the <application>ldapmodify</application> command above."
11949
msgstr ""
11950
11951
#: serverguide/C/network-auth.xml:571(para)
11952
msgid ""
11953
"Because a new module has been added, the <application>slapd</application> "
11954
"daemon, on all replicated servers, needs to be restarted:"
11955
msgstr ""
11956
11957
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
11958
msgid "sudo /etc/init.d/slapd restart"
11959
msgstr ""
11960
11961
#: serverguide/C/network-auth.xml:583(para)
11962
msgid ""
11963
"Now that the configuration database is synced between servers, the "
11964
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11965
"paste the following into another LDIF file named "
11966
"<filename>syncrepl_backend.ldif</filename>:"
11967
msgstr ""
11968
11969
#: serverguide/C/network-auth.xml:589(programlisting)
11970
#, no-wrap
11971
msgid ""
11972
"\n"
11973
"dn: olcDatabase={1}hdb,cn=config\n"
11974
"changetype: modify\n"
11975
"add: olcRootDN\n"
11976
"olcRootDN: cn=admin,dc=example,dc=com\n"
11977
"-\n"
11978
"add: olcSyncRepl\n"
11979
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11980
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11981
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11982
"type=refreshOnly \n"
11983
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11984
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11985
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11986
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11987
"type=refreshOnly \n"
11988
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11989
"-\n"
11990
"add: olcMirrorMode\n"
11991
"olcMirrorMode: TRUE\n"
11992
"\n"
13632
"olcSpNoPresent: TRUE\n"
13633
"olcSpReloadHint: TRUE\n"
13634
"\n"
13635
"# syncrepl Provider for primary db\n"
11993
13636
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11994
13637
"changetype: add\n"
11995
13638
"objectClass: olcOverlayConfig\n"
11996
13639
"objectClass: olcSyncProvConfig\n"
11997
13640
"olcOverlay: syncprov\n"
11998
msgstr ""
11999
12000
#: serverguide/C/network-auth.xml:616(para)
12001
msgid "Like the previous LDIF file, edit this one changing:"
12002
msgstr ""
12003
12004
#: serverguide/C/network-auth.xml:622(para)
12005
msgid ""
12006
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
12007
"searchbase."
12008
msgstr ""
12009
12010
#: serverguide/C/network-auth.xml:627(para)
12011
msgid ""
12012
"If you use a different admin user, change "
12013
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
12014
msgstr ""
12015
12016
#: serverguide/C/network-auth.xml:632(para)
12017
msgid ""
12018
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
12019
"password."
12020
msgstr ""
12021
12022
#: serverguide/C/network-auth.xml:641(para)
12023
msgid "Add the LDIF file:"
12024
msgstr ""
12025
12026
#: serverguide/C/network-auth.xml:646(command)
12027
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12028
msgstr ""
12029
12030
#: serverguide/C/network-auth.xml:649(para)
12031
msgid ""
12032
"Because the servers' configuration is already synced there is no need to "
12033
"copy this LDIF file to the other servers."
13641
"olcSpNoPresent: TRUE\n"
13642
"\n"
13643
"# accesslog overlay definitions for primary db\n"
13644
"dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config\n"
13645
"objectClass: olcOverlayConfig\n"
13646
"objectClass: olcAccessLogConfig\n"
13647
"olcOverlay: accesslog\n"
13648
"olcAccessLogDB: cn=accesslog\n"
13649
"olcAccessLogOps: writes\n"
13650
"olcAccessLogSuccess: TRUE\n"
13651
"# scan the accesslog DB every day, and purge entries older than 7 days\n"
13652
"olcAccessLogPurge: 07+00:00 01+00:00\n"
13653
msgstr ""
13654
13655
#: serverguide/C/network-auth.xml:614(para)
13656
msgid ""
13657
"The <application>AppArmor</application> profile for "
13658
"<application>slapd</application> will need to be adjusted for the accesslog "
13659
"database location. Edit <filename>/etc/apparmor.d/usr.sbin.slapd</filename> "
13660
"adding:"
13661
msgstr ""
13662
13663
#: serverguide/C/network-auth.xml:619(programlisting)
13664
#, no-wrap
13665
msgid ""
13666
"\n"
13667
" /var/lib/ldap/accesslog/ r,\n"
13668
" /var/lib/ldap/accesslog/** rwk,\n"
13669
msgstr ""
13670
13671
#: serverguide/C/network-auth.xml:624(para)
13672
msgid ""
13673
"Then create the directory, reload the <application>apparmor</application> "
13674
"profile, and copy the <filename>DB_CONFIG</filename> file:"
13675
msgstr ""
13676
13677
#: serverguide/C/network-auth.xml:630(command)
13678
msgid "sudo -u openldap mkdir /var/lib/ldap/accesslog"
13679
msgstr ""
13680
13681
#: serverguide/C/network-auth.xml:631(command)
13682
msgid "sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/"
13683
msgstr ""
13684
13685
#: serverguide/C/network-auth.xml:636(para)
13686
msgid ""
13687
"Using the <emphasis>-u openldap</emphasis> option with the "
13688
"<application>sudo</application> commands above removes the need to adjust "
13689
"permissions for the new directory later."
13690
msgstr ""
13691
13692
#: serverguide/C/network-auth.xml:645(para)
13693
msgid ""
13694
"Edit the file and change the <emphasis>olcRootDN</emphasis> to match your "
13695
"directory:"
13696
msgstr ""
13697
13698
#: serverguide/C/network-auth.xml:649(programlisting)
13699
#, no-wrap
13700
msgid ""
13701
"\n"
13702
"olcRootDN: cn=admin,dc=example,dc=com\n"
12034
13703
msgstr ""
12035
13704
12036
13705
#: serverguide/C/network-auth.xml:657(para)
12037
13706
msgid ""
12038
"The configuration and backend databases should now sycnc to the other "
12039
"servers. You can add additional servers using the "
12040
"<application>ldapmodify</application> utility as the need arises. See <xref "
12041
"linkend=\"openldap-configuration\"/> for details."
12042
msgstr ""
12043
12044
#: serverguide/C/network-auth.xml:667(programlisting)
13707
"Next, add the LDIF file using the <application>ldapadd</application> utility:"
13708
msgstr ""
13709
13710
#: serverguide/C/network-auth.xml:662(command)
13711
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif"
13712
msgstr ""
13713
13714
#: serverguide/C/network-auth.xml:669(para)
13715
msgid "Restart <application>slapd</application>:"
13716
msgstr ""
13717
13718
#: serverguide/C/network-auth.xml:674(command) serverguide/C/network-auth.xml:1040(command) serverguide/C/network-auth.xml:1227(command)
13719
msgid "sudo /etc/init.d/slapd restart"
13720
msgstr ""
13721
13722
#: serverguide/C/network-auth.xml:680(para)
13723
msgid ""
13724
"The <emphasis>Provider</emphasis> server is now configured, and it is time "
13725
"to configure a <emphasis>Consumer</emphasis> server."
13726
msgstr ""
13727
13728
#: serverguide/C/network-auth.xml:687(title)
13729
msgid "Consumer Configuration"
13730
msgstr ""
13731
13732
#: serverguide/C/network-auth.xml:692(para)
13733
msgid ""
13734
"On the <emphasis>Consumer</emphasis> server configure it the same as the "
13735
"<emphasis>Provider</emphasis> except for the <emphasis>Syncrepl</emphasis> "
13736
"configuration steps."
13737
msgstr ""
13738
13739
#: serverguide/C/network-auth.xml:697(para)
13740
msgid "Add the additional schema files:"
13741
msgstr ""
13742
13743
#: serverguide/C/network-auth.xml:707(para)
13744
msgid ""
13745
"Also, create, or copy from the provider server, the "
13746
"<filename>backend.example.com.ldif</filename>"
13747
msgstr ""
13748
13749
#: serverguide/C/network-auth.xml:711(programlisting)
13750
#, no-wrap
13751
msgid ""
13752
"\n"
13753
"# Load dynamic backend modules\n"
13754
"dn: cn=module,cn=config\n"
13755
"objectClass: olcModuleList\n"
13756
"cn: module\n"
13757
"olcModulepath: /usr/lib/ldap\n"
13758
"olcModuleload: back_hdb\n"
13759
"\n"
13760
"# Database settings\n"
13761
"dn: olcDatabase=hdb,cn=config\n"
13762
"objectClass: olcDatabaseConfig\n"
13763
"objectClass: olcHdbConfig\n"
13764
"olcDatabase: {1}hdb\n"
13765
"olcSuffix: dc=example,dc=com\n"
13766
"olcDbDirectory: /var/lib/ldap\n"
13767
"olcRootDN: cn=admin,dc=example,dc=com\n"
13768
"olcRootPW: secret\n"
13769
"olcDbConfig: set_cachesize 0 2097152 0\n"
13770
"olcDbConfig: set_lk_max_objects 1500\n"
13771
"olcDbConfig: set_lk_max_locks 1500\n"
13772
"olcDbConfig: set_lk_max_lockers 1500\n"
13773
"olcDbIndex: objectClass eq\n"
13774
"olcLastMod: TRUE\n"
13775
"olcDbCheckpoint: 512 30\n"
13776
"olcAccess: to attrs=userPassword by dn=\"cn=admin,dc=example,dc=com\" write "
13777
"by anonymous auth by self write by * none\n"
13778
"olcAccess: to attrs=shadowLastChange by self write by * read\n"
13779
"olcAccess: to dn.base=\"\" by * read\n"
13780
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
13781
msgstr ""
13782
13783
#: serverguide/C/network-auth.xml:741(para)
13784
msgid "And add the LDIF by entering:"
13785
msgstr ""
13786
13787
#: serverguide/C/network-auth.xml:752(para)
13788
msgid ""
13789
"Do the same with the <filename>frontend.example.com.ldif</filename> file "
13790
"listed above, and add it:"
13791
msgstr ""
13792
13793
#: serverguide/C/network-auth.xml:760(para)
13794
msgid ""
13795
"The two severs should now have the same configuration except for the "
13796
"<emphasis>Syncrepl</emphasis> options."
13797
msgstr ""
13798
13799
#: serverguide/C/network-auth.xml:768(para)
13800
msgid ""
13801
"Now create a file named <filename>consumer_sync.ldif</filename> containing:"
13802
msgstr ""
13803
13804
#: serverguide/C/network-auth.xml:772(programlisting)
13805
#, no-wrap
13806
msgid ""
13807
"\n"
13808
"#Load the syncprov module.\n"
13809
"dn: cn=module{0},cn=config\n"
13810
"changetype: modify\n"
13811
"add: olcModuleLoad\n"
13812
"olcModuleLoad: syncprov\n"
13813
"\n"
13814
"# syncrepl specific indices\n"
13815
"dn: olcDatabase={1}hdb,cn=config\n"
13816
"changetype: modify\n"
13817
"add: olcDbIndex\n"
13818
"olcDbIndex: entryUUID eq\n"
13819
"-\n"
13820
"add: olcSyncRepl\n"
13821
"olcSyncRepl: rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
13822
"binddn=\"cn=admin,dc=example,dc=com\" \n"
13823
" credentials=secret searchbase=\"dc=example,dc=com\" "
13824
"logbase=\"cn=accesslog\" \n"
13825
" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" "
13826
"schemachecking=on \n"
13827
" type=refreshAndPersist retry=\"60 +\" syncdata=accesslog\n"
13828
"-\n"
13829
"add: olcUpdateRef\n"
13830
"olcUpdateRef: ldap://ldap01.example.com\n"
13831
msgstr ""
13832
13833
#: serverguide/C/network-auth.xml:795(para)
13834
msgid "You will probably want to change the following attributes:"
13835
msgstr ""
13836
13837
#: serverguide/C/network-auth.xml:800(para)
13838
msgid "<emphasis>ldap01.example.com</emphasis> to your server's hostname."
13839
msgstr ""
13840
13841
#: serverguide/C/network-auth.xml:801(emphasis)
13842
msgid "binddn"
13843
msgstr ""
13844
13845
#: serverguide/C/network-auth.xml:802(emphasis)
13846
msgid "credentials"
13847
msgstr ""
13848
13849
#: serverguide/C/network-auth.xml:803(emphasis)
13850
msgid "searchbase"
13851
msgstr ""
13852
13853
#: serverguide/C/network-auth.xml:804(emphasis)
13854
msgid "olcUpdateRef:"
13855
msgstr ""
13856
13857
#: serverguide/C/network-auth.xml:810(para)
13858
msgid "Add the LDIF file to the configuration tree:"
13859
msgstr ""
13860
13861
#: serverguide/C/network-auth.xml:815(command)
13862
msgid "sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif"
13863
msgstr ""
13864
13865
#: serverguide/C/network-auth.xml:821(para)
13866
msgid ""
13867
"The frontend database should now sync between servers. You can add "
13868
"additional servers using the steps above as the need arises."
13869
msgstr ""
13870
13871
#: serverguide/C/network-auth.xml:831(programlisting)
12045
13872
#, no-wrap
12046
13873
msgid "127.0.0.1\tldap01.example.com ldap01"
12047
13874
msgstr ""
12048
13875
12049
#: serverguide/C/network-auth.xml:663(para)
13876
#: serverguide/C/network-auth.xml:827(para)
12050
13877
msgid ""
12051
13878
"The <application>slapd</application> daemon will send log information to "
12052
13879
"<filename>/var/log/syslog</filename> by default. So if all does "
12056
13883
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
12057
13884
msgstr ""
12058
13885
12059
#: serverguide/C/network-auth.xml:674(title)
13886
#: serverguide/C/network-auth.xml:839(title)
12060
13887
msgid "Setting up ACL"
12061
13888
msgstr ""
12062
13889
12063
#: serverguide/C/network-auth.xml:676(para)
13890
#: serverguide/C/network-auth.xml:841(para)
12064
13891
msgid ""
12065
13892
"Authentication requires access to the password field, that should be not "
12066
13893
"accessible by default. Also, in order for users to change their own "
12069
13896
"authenticated."
12070
13897
msgstr ""
12071
13898
12072
#: serverguide/C/network-auth.xml:683(para)
13899
#: serverguide/C/network-auth.xml:848(para)
12073
13900
msgid ""
12074
13901
"To view the Access Control List (ACL), use the "
12075
13902
"<application>ldapsearch</application> utility:"
12076
13903
msgstr ""
12077
13904
12078
#: serverguide/C/network-auth.xml:688(command)
13905
#: serverguide/C/network-auth.xml:853(command)
12079
13906
msgid ""
12080
13907
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
12081
13908
"olcAccess"
12082
13909
msgstr ""
12083
13910
12084
#: serverguide/C/network-auth.xml:692(computeroutput)
13911
#: serverguide/C/network-auth.xml:857(computeroutput)
12085
13912
#, no-wrap
12086
13913
msgid ""
12087
13914
"Enter LDAP Password: \n"
12093
13920
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12094
13921
msgstr ""
12095
13922
12096
#: serverguide/C/network-auth.xml:704(title)
13923
#: serverguide/C/network-auth.xml:869(title)
12097
13924
msgid "TLS and SSL"
12098
13925
msgstr ""
12099
13926
12100
#: serverguide/C/network-auth.xml:706(para)
13927
#: serverguide/C/network-auth.xml:871(para)
12101
13928
msgid ""
12102
13929
"When authenticating to an OpenLDAP server it is best to do so using an "
12103
13930
"encrypted session. This can be accomplished using Transport Layer Security "
12104
13931
"(TLS) and/or Secure Sockets Layer (SSL)."
12105
13932
msgstr ""
12106
13933
12107
#: serverguide/C/network-auth.xml:711(para)
13934
#: serverguide/C/network-auth.xml:876(para)
12108
13935
msgid ""
12109
13936
"The first step in the process is to obtain or create a "
12110
"<emphasis>certificate</emphasis>. See <xref linkend=\"certificates-and-"
12111
"security\"/> and <xref linkend=\"certificate-authority\"/> for details."
12112
msgstr ""
12113
12114
#: serverguide/C/network-auth.xml:716(para)
13937
"<emphasis>certificate</emphasis>. Because <application>slapd</application> "
13938
"is compiled using the <application>gnutls</application> library, the "
13939
"<application>certtool</application> utility will be used to create "
13940
"certificates."
13941
msgstr ""
13942
13943
#: serverguide/C/network-auth.xml:885(para)
13944
msgid ""
13945
"First, install <application>gnutls-bin</application> by entering the "
13946
"following in a terminal:"
13947
msgstr ""
13948
13949
#: serverguide/C/network-auth.xml:890(command)
13950
msgid "sudo apt-get install gnutls-bin"
13951
msgstr ""
13952
13953
#: serverguide/C/network-auth.xml:896(para)
13954
msgid ""
13955
"Next, create a private key for the <emphasis>Certificate "
13956
"Authority</emphasis> (CA):"
13957
msgstr ""
13958
13959
#: serverguide/C/network-auth.xml:901(command)
13960
msgid ""
13961
"sudo sh -c \"certtool --generate-privkey > /etc/ssl/private/cakey.pem\""
13962
msgstr ""
13963
13964
#: serverguide/C/network-auth.xml:907(para)
13965
msgid ""
13966
"Create a <filename>/etc/ssl/ca.info</filename> details file to self-sign the "
13967
"CA certificate containing:"
13968
msgstr ""
13969
13970
#: serverguide/C/network-auth.xml:911(programlisting)
13971
#, no-wrap
13972
msgid ""
13973
"\n"
13974
"cn = Example Company\n"
13975
"ca\n"
13976
"cert_signing_key\n"
13977
msgstr ""
13978
13979
#: serverguide/C/network-auth.xml:920(para)
13980
msgid "Now create the self-signed CA certificate:"
13981
msgstr ""
13982
13983
#: serverguide/C/network-auth.xml:925(command)
13984
msgid ""
13985
"sudo certtool --generate-self-signed --load-privkey "
13986
"/etc/ssl/private/cakey.pem \\ --template /etc/ssl/ca.info --outfile "
13987
"/etc/ssl/certs/cacert.pem"
13988
msgstr ""
13989
13990
#: serverguide/C/network-auth.xml:932(para)
13991
msgid "Make a private key for the server:"
13992
msgstr ""
13993
13994
#: serverguide/C/network-auth.xml:937(command)
13995
msgid ""
13996
"sudo sh -c \"certtool --generate-privkey > "
13997
"/etc/ssl/private/ldap01_slapd_key.pem\""
13998
msgstr ""
13999
14000
#: serverguide/C/network-auth.xml:941(para)
14001
msgid ""
14002
"Replace <emphasis>ldap01</emphasis> in the filename with your server's "
14003
"hostname. Naming the certificate and key for the host and service that will "
14004
"be using them will help keep filenames and paths straight."
14005
msgstr ""
14006
14007
#: serverguide/C/network-auth.xml:950(para)
14008
msgid ""
14009
"To sign the server's certificate with the CA, create the "
14010
"<filename>/etc/ssl/ldap01.info</filename> info file containing:"
14011
msgstr ""
14012
14013
#: serverguide/C/network-auth.xml:954(programlisting)
14014
#, no-wrap
14015
msgid ""
14016
"\n"
14017
"organization = Example Company\n"
14018
"cn = ldap01.example.com\n"
14019
"tls_www_server\n"
14020
"encryption_key\n"
14021
"signing_key\n"
14022
msgstr ""
14023
14024
#: serverguide/C/network-auth.xml:965(para)
14025
msgid "Create the server's certificate:"
14026
msgstr ""
14027
14028
#: serverguide/C/network-auth.xml:970(command)
14029
msgid ""
14030
"sudo certtool --generate-certificate --load-privkey /etc/ssl/private/x01-"
14031
"test_slapd_key.pem \\ --load-ca-certificate /etc/ssl/certs/cacert.pem --load-"
14032
"ca-privkey /etc/ssl/private/cakey.pem \\ --template /etc/ssl/x01-test.info --"
14033
"outfile /etc/ssl/certs/x01-test_slapd_cert.pem"
14034
msgstr ""
14035
14036
#: serverguide/C/network-auth.xml:978(para)
12115
14037
msgid ""
12116
14038
"Once you have a certificate, key, and CA cert installed, use "
12117
14039
"<application>ldapmodify</application> to add the new configuration options:"
12118
14040
msgstr ""
12119
14041
12120
#: serverguide/C/network-auth.xml:727(userinput)
14042
#: serverguide/C/network-auth.xml:989(userinput)
12121
14043
#, no-wrap
12122
14044
msgid ""
12123
14045
"dn: cn=config\n"
12125
14047
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
12126
14048
"-\n"
12127
14049
"add: olcTLSCertificateFile\n"
12128
"olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
14050
"olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem\n"
12129
14051
"-\n"
12130
14052
"add: olcTLSCertificateKeyFile\n"
12131
"olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
14053
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"
12132
14054
msgstr ""
12133
14055
12134
#: serverguide/C/network-auth.xml:726(computeroutput)
14056
#: serverguide/C/network-auth.xml:988(computeroutput) serverguide/C/network-auth.xml:1159(computeroutput)
12135
14057
#, no-wrap
12136
14058
msgid ""
12137
14059
"Enter LDAP Password:\n"
12140
14062
"modifying entry \"cn=config\"\n"
12141
14063
msgstr ""
12142
14064
12143
#: serverguide/C/network-auth.xml:742(para)
14065
#: serverguide/C/network-auth.xml:1004(para)
12144
14066
msgid ""
12145
"Adjust the <filename>server.crt</filename>, <filename>server.key</filename>, "
12146
"and <filename>cacert.pem</filename> names if yours are different. If you "
12147
"have a self-signed certificate, do <emphasis>NOT</emphasis> add the "
12148
"olcTLSCACertificateFile property, as it will cause GnuTLS to fail.."
14067
"Adjust the <filename>ldap01_slapd_cert.pem</filename>, "
14068
"<filename>ldap01_slapd_key.pem</filename>, and "
14069
"<filename>cacert.pem</filename> names if yours are different."
12149
14070
msgstr ""
12150
14071
12151
#: serverguide/C/network-auth.xml:749(para)
14072
#: serverguide/C/network-auth.xml:1010(para)
12152
14073
msgid ""
12153
14074
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
12154
14075
"<emphasis>SLAPD_SERVICES</emphasis> option:"
12155
14076
msgstr ""
12156
14077
12157
#: serverguide/C/network-auth.xml:753(programlisting)
14078
#: serverguide/C/network-auth.xml:1014(programlisting)
12158
14079
#, no-wrap
12159
14080
msgid ""
12160
14081
"\n"
12161
14082
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
12162
14083
msgstr ""
12163
14084
12164
#: serverguide/C/network-auth.xml:757(para)
14085
#: serverguide/C/network-auth.xml:1018(para)
12165
14086
msgid ""
12166
14087
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
12167
14088
msgstr ""
12168
14089
12169
#: serverguide/C/network-auth.xml:762(command)
14090
#: serverguide/C/network-auth.xml:1023(command)
12170
14091
msgid "sudo adduser openldap ssl-cert"
12171
14092
msgstr ""
12172
14093
12173
#: serverguide/C/network-auth.xml:763(command)
12174
msgid "sudo chgrp ssl-cert /etc/ssl/private/server.key"
12175
msgstr ""
12176
12177
#: serverguide/C/network-auth.xml:764(command)
12178
msgid "sudo chmod g+r /etc/ssl/private/server.key"
12179
msgstr ""
12180
12181
#: serverguide/C/network-auth.xml:768(para)
14094
#: serverguide/C/network-auth.xml:1024(command)
14095
msgid "sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem"
14096
msgstr ""
14097
14098
#: serverguide/C/network-auth.xml:1025(command)
14099
msgid "sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem"
14100
msgstr ""
14101
14102
#: serverguide/C/network-auth.xml:1029(para)
12182
14103
msgid ""
12183
14104
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
12184
14105
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
12185
14106
"adjust the commands appropriately."
12186
14107
msgstr ""
12187
14108
12188
#: serverguide/C/network-auth.xml:774(para)
14109
#: serverguide/C/network-auth.xml:1035(para)
12189
14110
msgid "Finally, restart <application>slapd</application>:"
12190
14111
msgstr ""
12191
14112
12192
#: serverguide/C/network-auth.xml:782(para)
14113
#: serverguide/C/network-auth.xml:1043(para)
12193
14114
msgid ""
12194
14115
"The <application>slapd</application> daemon should now be listening for "
12195
14116
"LDAPS connections and be able to use STARTTLS during authentication."
12196
14117
msgstr ""
12197
14118
12198
#: serverguide/C/network-auth.xml:788(para)
14119
#: serverguide/C/network-auth.xml:1049(para)
12199
14120
msgid ""
12200
14121
"If you run into troubles with the server not starting, check the "
12201
14122
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
12204
14125
"group has read permissions on the private key."
12205
14126
msgstr ""
12206
14127
12207
#: serverguide/C/network-auth.xml:800(title)
14128
#: serverguide/C/network-auth.xml:1061(title)
12208
14129
msgid "TLS Replication"
12209
14130
msgstr ""
12210
14131
12211
#: serverguide/C/network-auth.xml:802(para)
14132
#: serverguide/C/network-auth.xml:1063(para)
12212
14133
msgid ""
12213
14134
"If you have setup <application>Syncrepl</application> between servers, it is "
12214
14135
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
12216
14137
"linkend=\"openldap-server-replication\"/>."
12217
14138
msgstr ""
12218
14139
12219
#: serverguide/C/network-auth.xml:808(para)
12220
msgid ""
12221
"After setting up replication, and following the instructions in <xref "
12222
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12223
"be kept in mind:"
12224
msgstr ""
12225
12226
#: serverguide/C/network-auth.xml:815(para)
12227
msgid ""
12228
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12229
"server."
12230
msgstr ""
12231
12232
#: serverguide/C/network-auth.xml:820(para)
12233
msgid ""
12234
"The path names for the <emphasis>certificate</emphasis> and "
12235
"<emphasis>key</emphasis> must be the same on all servers."
12236
msgstr ""
12237
12238
#: serverguide/C/network-auth.xml:827(para)
12239
msgid ""
12240
"So on each replicated server: install a certificate, edit "
12241
"<filename>/etc/default/slapd</filename>, and restart "
12242
"<application>slapd</application>."
12243
msgstr ""
12244
12245
#: serverguide/C/network-auth.xml:832(para)
12246
msgid ""
12247
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12248
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12249
"terminal:"
12250
msgstr ""
12251
12252
#: serverguide/C/network-auth.xml:843(userinput)
12253
#, no-wrap
12254
msgid ""
12255
"dn: olcDatabase={0}config,cn=config\n"
12256
"replace: olcSyncrepl\n"
12257
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12258
"binddn=\"cn=admin,cn\n"
12259
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12260
"type=refre\n"
12261
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12262
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12263
"binddn=\"cn=admin,cn\n"
12264
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12265
"type=refre\n"
12266
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12267
msgstr ""
12268
12269
#: serverguide/C/network-auth.xml:842(computeroutput)
12270
#, no-wrap
12271
msgid ""
12272
"Enter LDAP Password: \n"
12273
"<placeholder-1/>\n"
12274
"\n"
12275
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12276
msgstr ""
12277
12278
#: serverguide/C/network-auth.xml:856(para)
12279
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12280
msgstr ""
12281
12282
#: serverguide/C/network-auth.xml:866(userinput)
12283
#, no-wrap
12284
msgid ""
14140
#: serverguide/C/network-auth.xml:1069(para)
14141
msgid ""
14142
"Assuming you have followed the above instructions and created a CA "
14143
"certificate and server certificate on the <emphasis>Provider</emphasis> "
14144
"server. Follow the following instructions to create a certificate and key "
14145
"for the <emphasis>Consumer</emphasis> server."
14146
msgstr ""
14147
14148
#: serverguide/C/network-auth.xml:1078(para)
14149
msgid "Create a new key for the Consumer server:"
14150
msgstr ""
14151
14152
#: serverguide/C/network-auth.xml:1083(command)
14153
msgid "mkdir ldap02-ssl"
14154
msgstr ""
14155
14156
#: serverguide/C/network-auth.xml:1084(command)
14157
msgid "cd ldap02-ssl"
14158
msgstr ""
14159
14160
#: serverguide/C/network-auth.xml:1085(command)
14161
msgid "certtool --generate-privkey > ldap02_slapd_key.pem"
14162
msgstr ""
14163
14164
#: serverguide/C/network-auth.xml:1089(para)
14165
msgid ""
14166
"Creating a new directory is not strictly necessary, but it will help keep "
14167
"things organized and make it easier to copy the files to the Consumer server."
14168
msgstr ""
14169
14170
#: serverguide/C/network-auth.xml:1098(para)
14171
msgid ""
14172
"Next, create an info file, <filename>ldap02.info</filename> for the Consumer "
14173
"server, changing the attributes to match your locality and server:"
14174
msgstr ""
14175
14176
#: serverguide/C/network-auth.xml:1103(programlisting)
14177
#, no-wrap
14178
msgid ""
14179
"\n"
14180
"country = US\n"
14181
"state = North Carolina\n"
14182
"locality = Winston-Salem\n"
14183
"organization = Example Company\n"
14184
"cn = ldap02.salem.edu\n"
14185
"tls_www_client\n"
14186
"encryption_key\n"
14187
"signing_key\n"
14188
msgstr ""
14189
14190
#: serverguide/C/network-auth.xml:1117(para)
14191
msgid "Create the certificate:"
14192
msgstr ""
14193
14194
#: serverguide/C/network-auth.xml:1122(command)
14195
msgid ""
14196
"sudo certtool --generate-certificate --load-privkey ldap02_slapd_key.pem \\ -"
14197
"-load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey "
14198
"/etc/ssl/private/cakey.pem \\ --template ldap02.info --outfile "
14199
"ldap02_slapd_cert.pem"
14200
msgstr ""
14201
14202
#: serverguide/C/network-auth.xml:1130(para)
14203
msgid "Copy the <filename>cacert.pem</filename> to the dicretory:"
14204
msgstr ""
14205
14206
#: serverguide/C/network-auth.xml:1135(command)
14207
msgid "cp /etc/ssl/certs/cacert.pem ."
14208
msgstr ""
14209
14210
#: serverguide/C/network-auth.xml:1141(para)
14211
msgid ""
14212
"The only thing left is to copy the <filename>ldap02-ssl</filename> directory "
14213
"to the Consumer server, then copy <filename>ldap02_slapd_cert.pem</filename> "
14214
"and <filename>cacert.pem</filename> to <filename>/etc/ssl/certs</filename>, "
14215
"and copy <filename>ldap02_slapd_key.pem</filename> to "
14216
"<filename>/etc/ssl/private</filename>."
14217
msgstr ""
14218
14219
#: serverguide/C/network-auth.xml:1150(para)
14220
msgid ""
14221
"Once the files are in place adjust the <emphasis>cn=config</emphasis> tree "
14222
"by entering:"
14223
msgstr ""
14224
14225
#: serverguide/C/network-auth.xml:1160(userinput)
14226
#, no-wrap
14227
msgid ""
14228
"dn: cn=config\n"
14229
"add: olcTLSCACertificateFile\n"
14230
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
14231
"-\n"
14232
"add: olcTLSCertificateFile\n"
14233
"olcTLSCertificateFile: /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14234
"-\n"
14235
"add: olcTLSCertificateKeyFile\n"
14236
"olcTLSCertificateKeyFile: /etc/ssl/private/ldap02_slapd_key.pem"
14237
msgstr ""
14238
14239
#: serverguide/C/network-auth.xml:1177(para)
14240
msgid ""
14241
"As with the Provider you can now edit "
14242
"<filename>/etc/default/slapd</filename> and add the "
14243
"<emphasis>ldaps:///</emphasis> parameter to the "
14244
"<emphasis>SLAPD_SERVICES</emphasis> option."
14245
msgstr ""
14246
14247
#: serverguide/C/network-auth.xml:1185(para)
14248
msgid ""
14249
"Now that <emphasis>TLS</emphasis> has been setup on each server, once again "
14250
"modify the <emphasis>Consumer</emphasis> server's "
14251
"<emphasis>cn=config</emphasis> tree by entering the following in a terminal:"
14252
msgstr ""
14253
14254
#: serverguide/C/network-auth.xml:1198(userinput)
14255
#, no-wrap
14256
msgid ""
14257
"\n"
12285
14258
"dn: olcDatabase={1}hdb,cn=config\n"
12286
14259
"replace: olcSyncrepl\n"
12287
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12288
"binddn=\"cn=admin,dc=example,dc=\n"
12289
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12290
"type=r\n"
12291
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12292
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12293
"binddn=\"cn=admin,dc=example,dc=\n"
12294
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12295
"type=r\n"
12296
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
14260
"olcSyncrepl: {0}rid=0 provider=ldap://ldap01.example.com bindmethod=simple "
14261
"binddn=\"cn=ad\n"
14262
" min,dc=example,dc=com\" credentials=secret searchbase=\"dc=example,dc=com\" "
14263
"logbas\n"
14264
" e=\"cn=accesslog\" "
14265
"logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" s\n"
14266
" chemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog "
14267
"starttls=yes"
12297
14268
msgstr ""
12298
14269
12299
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
14270
#: serverguide/C/network-auth.xml:1195(computeroutput)
12300
14271
#, no-wrap
12301
14272
msgid ""
12302
"Enter LDAP Password:\n"
14273
"SASL/EXTERNAL authentication started\n"
14274
"SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\n"
14275
"SASL SSF: 0\n"
12303
14276
"<placeholder-1/>\n"
12304
14277
"\n"
12305
"modifying entry \"olcDatabase={1}hdb,cn=config\""
14278
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
12306
14279
msgstr ""
12307
14280
12308
#: serverguide/C/network-auth.xml:878(para)
14281
#: serverguide/C/network-auth.xml:1210(para)
12309
14282
msgid ""
12310
14283
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12311
14284
"(FQDN) in the certificate, you may have to edit "
12312
14285
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12313
14286
msgstr ""
12314
14287
12315
#: serverguide/C/network-auth.xml:883(programlisting)
14288
#: serverguide/C/network-auth.xml:1215(programlisting)
12316
14289
#, no-wrap
12317
14290
msgid ""
12318
14291
"\n"
12319
"TLS_CERT /etc/ssl/certs/server.crt\n"
12320
"TLS_KEY /etc/ssl/private/server.key\n"
14292
"TLS_CERT /etc/ssl/certs/ldap02_slapd_cert.pem\n"
14293
"TLS_KEY /etc/ssl/private/ldap02_slapd_key.pem\n"
12321
14294
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12322
14295
msgstr ""
12323
14296
12324
#: serverguide/C/network-auth.xml:890(para)
14297
#: serverguide/C/network-auth.xml:1222(para)
12325
14298
msgid ""
12326
14299
"Finally, restart <application>slapd</application> on each of the servers:"
12327
14300
msgstr ""
12328
14301
12329
#: serverguide/C/network-auth.xml:903(title)
14302
#: serverguide/C/network-auth.xml:1235(title)
12330
14303
msgid "LDAP Authentication"
12331
14304
msgstr ""
12332
14305
12333
#: serverguide/C/network-auth.xml:905(para)
14306
#: serverguide/C/network-auth.xml:1237(para)
12334
14307
msgid ""
12335
14308
"Once you have a working LDAP server, the <application>auth-client-"
12336
14309
"config</application> and <application>libnss-ldap</application> packages "
12338
14311
"LDAP. To install the packages from, a terminal prompt enter:"
12339
14312
msgstr ""
12340
14313
12341
#: serverguide/C/network-auth.xml:912(command)
14314
#: serverguide/C/network-auth.xml:1244(command)
12342
14315
msgid "sudo apt-get install libnss-ldap"
12343
14316
msgstr ""
12344
14317
12345
#: serverguide/C/network-auth.xml:915(para)
14318
#: serverguide/C/network-auth.xml:1247(para)
12346
14319
msgid ""
12347
14320
"During the install a menu dialog will ask you connection details about your "
12348
14321
"LDAP server."
12349
14322
msgstr ""
12350
14323
12351
#: serverguide/C/network-auth.xml:919(para)
14324
#: serverguide/C/network-auth.xml:1251(para)
12352
14325
msgid ""
12353
14326
"If you make a mistake when entering your information you can execute the "
12354
14327
"dialog again using:"
12355
14328
msgstr ""
12356
14329
12357
#: serverguide/C/network-auth.xml:924(command)
14330
#: serverguide/C/network-auth.xml:1256(command)
12358
14331
msgid "sudo dpkg-reconfigure ldap-auth-config"
12359
14332
msgstr ""
12360
14333
12361
#: serverguide/C/network-auth.xml:927(para)
14334
#: serverguide/C/network-auth.xml:1259(para)
12362
14335
msgid ""
12363
14336
"The results of the dialog can be seen in "
12364
14337
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
12365
14338
"covered in the menu edit this file accordingly."
12366
14339
msgstr ""
12367
14340
12368
#: serverguide/C/network-auth.xml:932(para)
14341
#: serverguide/C/network-auth.xml:1264(para)
12369
14342
msgid ""
12370
14343
"Now that <application>libnss-ldap</application> is configured enable the "
12371
14344
"<application>auth-client-config</application> LDAP profile by entering:"
12372
14345
msgstr ""
12373
14346
12374
#: serverguide/C/network-auth.xml:938(command)
14347
#: serverguide/C/network-auth.xml:1270(command)
12375
14348
msgid "sudo auth-client-config -t nss -p lac_ldap"
12376
14349
msgstr ""
12377
14350
12378
#: serverguide/C/network-auth.xml:943(para)
14351
#: serverguide/C/network-auth.xml:1275(para)
12379
14352
msgid ""
12380
14353
"<emphasis>-t:</emphasis> only modifies "
12381
14354
"<filename>/etc/nsswitch.conf</filename>."
12382
14355
msgstr ""
12383
14356
12384
#: serverguide/C/network-auth.xml:948(para)
14357
#: serverguide/C/network-auth.xml:1280(para)
12385
14358
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
12386
14359
msgstr ""
12387
14360
12388
#: serverguide/C/network-auth.xml:953(para)
14361
#: serverguide/C/network-auth.xml:1285(para)
12389
14362
msgid ""
12390
14363
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
12391
14364
"config</application> profile that is part of the <application>ldap-auth-"
12392
14365
"config</application> package."
12393
14366
msgstr ""
12394
14367
12395
#: serverguide/C/network-auth.xml:960(para)
14368
#: serverguide/C/network-auth.xml:1292(para)
12396
14369
msgid ""
12397
14370
"Using the <application>pam-auth-update</application> utility, configure the "
12398
14371
"system to use LDAP for authentication:"
12399
14372
msgstr ""
12400
14373
12401
#: serverguide/C/network-auth.xml:965(command)
14374
#: serverguide/C/network-auth.xml:1297(command)
12402
14375
msgid "sudo pam-auth-update"
12403
14376
msgstr ""
12404
14377
12405
#: serverguide/C/network-auth.xml:968(para)
14378
#: serverguide/C/network-auth.xml:1300(para)
12406
14379
msgid ""
12407
14380
"From the <application>pam-auth-update</application> menu, choose LDAP and "
12408
14381
"any other authentication mechanisms you need."
12409
14382
msgstr ""
12410
14383
12411
#: serverguide/C/network-auth.xml:972(para)
14384
#: serverguide/C/network-auth.xml:1304(para)
12412
14385
msgid ""
12413
14386
"You should now be able to login using user credentials stored in the LDAP "
12414
14387
"directory."
12415
14388
msgstr ""
12416
14389
12417
#: serverguide/C/network-auth.xml:977(para)
14390
#: serverguide/C/network-auth.xml:1309(para)
12418
14391
msgid ""
12419
14392
"If you are going to use LDAP to store Samba users you will need to configure "
12420
14393
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
12421
14394
"for details."
12422
14395
msgstr ""
12423
14396
12424
#: serverguide/C/network-auth.xml:985(title)
14397
#: serverguide/C/network-auth.xml:1317(title)
12425
14398
msgid "User and Group Management"
12426
14399
msgstr ""
12427
14400
12428
#: serverguide/C/network-auth.xml:987(para)
14401
#: serverguide/C/network-auth.xml:1319(para)
12429
14402
msgid ""
12430
14403
"The <application>ldap-utils</application> package comes with multiple "
12431
14404
"utilities to manage the directory, but the long string of options needed, "
12433
14406
"package contains configurable scripts to easily manage LDAP users and groups."
12434
14407
msgstr ""
12435
14408
12436
#: serverguide/C/network-auth.xml:993(para)
14409
#: serverguide/C/network-auth.xml:1325(para)
12437
14410
msgid "To install the package, from a terminal enter:"
12438
14411
msgstr ""
12439
14412
12440
#: serverguide/C/network-auth.xml:998(command)
14413
#: serverguide/C/network-auth.xml:1330(command)
12441
14414
msgid "sudo apt-get install ldapscripts"
12442
14415
msgstr ""
12443
14416
12444
#: serverguide/C/network-auth.xml:1001(para)
14417
#: serverguide/C/network-auth.xml:1333(para)
12445
14418
msgid ""
12446
14419
"Next, edit the config file "
12447
14420
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
12448
14421
"changing the following to match your environment:"
12449
14422
msgstr ""
12450
14423
12451
#: serverguide/C/network-auth.xml:1006(programlisting)
14424
#: serverguide/C/network-auth.xml:1338(programlisting)
12452
14425
#, no-wrap
12453
14426
msgid ""
12454
14427
"\n"
12464
14437
"MIDSTART=10000\n"
12465
14438
msgstr ""
12466
14439
12467
#: serverguide/C/network-auth.xml:1019(para)
14440
#: serverguide/C/network-auth.xml:1351(para)
12468
14441
msgid ""
12469
14442
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
12470
14443
"authenticated access to the directory:"
12471
14444
msgstr ""
12472
14445
12473
#: serverguide/C/network-auth.xml:1024(command)
14446
#: serverguide/C/network-auth.xml:1356(command)
12474
14447
msgid ""
12475
14448
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
12476
14449
msgstr ""
12477
14450
12478
#: serverguide/C/network-auth.xml:1025(command)
14451
#: serverguide/C/network-auth.xml:1357(command)
12479
14452
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
12480
14453
msgstr ""
12481
14454
12482
#: serverguide/C/network-auth.xml:1029(para)
14455
#: serverguide/C/network-auth.xml:1361(para)
12483
14456
msgid ""
12484
14457
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
12485
14458
"user."
12486
14459
msgstr ""
12487
14460
12488
#: serverguide/C/network-auth.xml:1034(para)
14461
#: serverguide/C/network-auth.xml:1366(para)
12489
14462
msgid ""
12490
14463
"The <application>ldapscripts</application> are now ready to help manage your "
12491
14464
"directory. The following are some examples of how to use the scripts:"
12492
14465
msgstr ""
12493
14466
12494
#: serverguide/C/network-auth.xml:1041(para)
14467
#: serverguide/C/network-auth.xml:1373(para)
12495
14468
msgid "Create a new user:"
12496
14469
msgstr ""
12497
14470
12498
#: serverguide/C/network-auth.xml:1045(command)
14471
#: serverguide/C/network-auth.xml:1377(command)
12499
14472
msgid "sudo ldapadduser george example"
12500
14473
msgstr ""
12501
14474
12502
#: serverguide/C/network-auth.xml:1047(para)
14475
#: serverguide/C/network-auth.xml:1379(para)
12503
14476
msgid ""
12504
14477
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
12505
14478
"and set the user's primary group (gid) to <emphasis "
12506
14479
"role=\"italic\">example</emphasis>"
12507
14480
msgstr ""
12508
14481
12509
#: serverguide/C/network-auth.xml:1053(para)
14482
#: serverguide/C/network-auth.xml:1385(para)
12510
14483
msgid "Change a user's password:"
12511
14484
msgstr ""
12512
14485
12513
#: serverguide/C/network-auth.xml:1057(command)
14486
#: serverguide/C/network-auth.xml:1389(command)
12514
14487
msgid "sudo ldapsetpasswd george"
12515
14488
msgstr ""
12516
14489
12517
#: serverguide/C/network-auth.xml:1058(computeroutput)
14490
#: serverguide/C/network-auth.xml:1390(computeroutput)
12518
14491
#, no-wrap
12519
14492
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
12520
14493
msgstr ""
12521
14494
12522
#: serverguide/C/network-auth.xml:1059(userinput)
14495
#: serverguide/C/network-auth.xml:1391(userinput)
12523
14496
#, no-wrap
12524
14497
msgid "New Password: "
12525
14498
msgstr ""
12526
14499
12527
#: serverguide/C/network-auth.xml:1060(userinput)
14500
#: serverguide/C/network-auth.xml:1392(userinput)
12528
14501
#, no-wrap
12529
14502
msgid "New Password (verify): "
12530
14503
msgstr ""
12531
14504
12532
#: serverguide/C/network-auth.xml:1064(para)
14505
#: serverguide/C/network-auth.xml:1396(para)
12533
14506
msgid "Delete a user:"
12534
14507
msgstr ""
12535
14508
12536
#: serverguide/C/network-auth.xml:1068(command)
14509
#: serverguide/C/network-auth.xml:1400(command)
12537
14510
msgid "sudo ldapdeleteuser george"
12538
14511
msgstr ""
12539
14512
12540
#: serverguide/C/network-auth.xml:1073(para)
14513
#: serverguide/C/network-auth.xml:1405(para)
12541
14514
msgid "Add a group:"
12542
14515
msgstr ""
12543
14516
12544
#: serverguide/C/network-auth.xml:1077(command)
14517
#: serverguide/C/network-auth.xml:1409(command)
12545
14518
msgid "sudo ldapaddgroup qa"
12546
14519
msgstr ""
12547
14520
12548
#: serverguide/C/network-auth.xml:1081(para)
14521
#: serverguide/C/network-auth.xml:1413(para)
12549
14522
msgid "Delete a group:"
12550
14523
msgstr ""
12551
14524
12552
#: serverguide/C/network-auth.xml:1085(command)
14525
#: serverguide/C/network-auth.xml:1417(command)
12553
14526
msgid "sudo ldapdeletegroup qa"
12554
14527
msgstr ""
12555
14528
12556
#: serverguide/C/network-auth.xml:1089(para)
14529
#: serverguide/C/network-auth.xml:1421(para)
12557
14530
msgid "Add a user to a group:"
12558
14531
msgstr ""
12559
14532
12560
#: serverguide/C/network-auth.xml:1093(command)
14533
#: serverguide/C/network-auth.xml:1425(command)
12561
14534
msgid "sudo ldapaddusertogroup george qa"
12562
14535
msgstr ""
12563
14536
12564
#: serverguide/C/network-auth.xml:1095(para)
14537
#: serverguide/C/network-auth.xml:1427(para)
12565
14538
msgid ""
12566
14539
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
12567
14540
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
12568
14541
"role=\"italic\">george</emphasis>."
12569
14542
msgstr ""
12570
14543
12571
#: serverguide/C/network-auth.xml:1101(para)
14544
#: serverguide/C/network-auth.xml:1433(para)
12572
14545
msgid "Remove a user from a group:"
12573
14546
msgstr ""
12574
14547
12575
#: serverguide/C/network-auth.xml:1105(command)
14548
#: serverguide/C/network-auth.xml:1437(command)
12576
14549
msgid "sudo ldapdeleteuserfromgroup george qa"
12577
14550
msgstr ""
12578
14551
12579
#: serverguide/C/network-auth.xml:1107(para)
14552
#: serverguide/C/network-auth.xml:1439(para)
12580
14553
msgid ""
12581
14554
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
12582
14555
"<emphasis role=\"italic\">qa</emphasis> group."
12583
14556
msgstr ""
12584
14557
12585
#: serverguide/C/network-auth.xml:1113(para)
14558
#: serverguide/C/network-auth.xml:1445(para)
12586
14559
msgid ""
12587
14560
"The <application>ldapmodifyuser</application> script allows you to add, "
12588
14561
"remove, or replace a user's attributes. The script uses the same syntax as "
12589
14562
"the <application>ldapmodify</application> utility. For example:"
12590
14563
msgstr ""
12591
14564
12592
#: serverguide/C/network-auth.xml:1118(command)
14565
#: serverguide/C/network-auth.xml:1450(command)
12593
14566
msgid "sudo ldapmodifyuser george"
12594
14567
msgstr ""
12595
14568
12596
#: serverguide/C/network-auth.xml:1119(computeroutput)
14569
#: serverguide/C/network-auth.xml:1451(computeroutput)
12597
14570
#, no-wrap
12598
14571
msgid ""
12599
14572
"# About to modify the following entry :\n"
12614
14587
"dn: uid=george,ou=People,dc=example,dc=com"
12615
14588
msgstr ""
12616
14589
12617
#: serverguide/C/network-auth.xml:1135(userinput)
14590
#: serverguide/C/network-auth.xml:1467(userinput)
12618
14591
#, no-wrap
12619
14592
msgid ""
12620
14593
"replace: gecos\n"
12621
14594
"gecos: George Carlin"
12622
14595
msgstr ""
12623
14596
12624
#: serverguide/C/network-auth.xml:1138(para)
14597
#: serverguide/C/network-auth.xml:1470(para)
12625
14598
msgid ""
12626
14599
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
12627
14600
"Carlin</quote>."
12628
14601
msgstr ""
12629
14602
12630
#: serverguide/C/network-auth.xml:1143(para)
14603
#: serverguide/C/network-auth.xml:1475(para)
12631
14604
msgid ""
12632
14605
"Another great feature of <application>ldapscripts</application>, is the "
12633
14606
"template system. Templates allow you to customize the attributes of user, "
12636
14609
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
12637
14610
msgstr ""
12638
14611
12639
#: serverguide/C/network-auth.xml:1150(programlisting)
14612
#: serverguide/C/network-auth.xml:1482(programlisting)
12640
14613
#, no-wrap
12641
14614
msgid ""
12642
14615
"\n"
12643
14616
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
12644
14617
msgstr ""
12645
14618
12646
#: serverguide/C/network-auth.xml:1154(para)
14619
#: serverguide/C/network-auth.xml:1486(para)
12647
14620
msgid ""
12648
14621
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
12649
14622
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
12651
14624
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
12652
14625
msgstr ""
12653
14626
12654
#: serverguide/C/network-auth.xml:1161(command)
14627
#: serverguide/C/network-auth.xml:1493(command)
12655
14628
msgid ""
12656
14629
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
12657
14630
"/etc/ldapscripts/ldapadduser.template"
12658
14631
msgstr ""
12659
14632
12660
#: serverguide/C/network-auth.xml:1164(para)
14633
#: serverguide/C/network-auth.xml:1496(para)
12661
14634
msgid ""
12662
14635
"Edit the new template to add the desired attributes. The following will "
12663
14636
"create new user's as with an <emphasis>objectClass</emphasis> of "
12664
14637
"<emphasis>inetOrgPerson</emphasis>:"
12665
14638
msgstr ""
12666
14639
12667
#: serverguide/C/network-auth.xml:1169(programlisting)
14640
#: serverguide/C/network-auth.xml:1501(programlisting)
12668
14641
#, no-wrap
12669
14642
msgid ""
12670
14643
"\n"
12683
14656
"title: Employee\n"
12684
14657
msgstr ""
12685
14658
12686
#: serverguide/C/network-auth.xml:1185(para)
14659
#: serverguide/C/network-auth.xml:1517(para)
12687
14660
msgid ""
12688
14661
"Notice the <emphasis><ask></emphasis> option used for the "
12689
14662
"<emphasis>cn</emphasis> value. Using <ask> will configure "
12691
14664
"during user creation."
12692
14665
msgstr ""
12693
14666
12694
#: serverguide/C/network-auth.xml:1193(para)
14667
#: serverguide/C/network-auth.xml:1525(para)
12695
14668
msgid ""
12696
14669
"There are more useful scripts in the package, to see a full list enter: "
12697
14670
"<command>dpkg -L ldapscripts | grep bin</command>"
12698
14671
msgstr ""
12699
14672
12700
#: serverguide/C/network-auth.xml:1202(para)
14673
#: serverguide/C/network-auth.xml:1534(para)
14674
msgid ""
14675
"The <ulink url=\"https://help.ubuntu.com/community/OpenLDAPServer\">OpenLDAP "
14676
"Ubuntu Wiki</ulink> page has more details."
14677
msgstr ""
14678
14679
#: serverguide/C/network-auth.xml:1539(para)
12701
14680
msgid ""
12702
14681
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
12703
14682
"Home Page</ulink>"
12704
14683
msgstr ""
12705
14684
12706
#: serverguide/C/network-auth.xml:1207(para)
14685
#: serverguide/C/network-auth.xml:1544(para)
12707
14686
msgid ""
12708
14687
"Though starting to show it's age, a great source for in depth LDAP "
12709
14688
"information is O'Reilly's <ulink "
12711
14690
"Administration</ulink>"
12712
14691
msgstr ""
12713
14692
12714
#: serverguide/C/network-auth.xml:1213(para)
14693
#: serverguide/C/network-auth.xml:1550(para)
12715
14694
msgid ""
12716
14695
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
12717
14696
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
12718
14697
"newer versions of OpenLDAP."
12719
14698
msgstr ""
12720
14699
12721
#: serverguide/C/network-auth.xml:1219(para)
14700
#: serverguide/C/network-auth.xml:1556(para)
12722
14701
msgid ""
12723
14702
"For more information on <application>auth-client-config</application> see "
12724
14703
"the man page: <command>man auth-client-config</command>."
12725
14704
msgstr ""
12726
14705
12727
#: serverguide/C/network-auth.xml:1224(para)
14706
#: serverguide/C/network-auth.xml:1561(para)
12728
14707
msgid ""
12729
14708
"For more details regarding the <application>ldapscripts</application> "
12730
14709
"package see the man pages: <command>man ldapscripts</command>, <command>man "
12731
14710
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
12732
14711
msgstr ""
12733
14712
12734
#: serverguide/C/network-auth.xml:1234(title)
14713
#: serverguide/C/network-auth.xml:1571(title)
12735
14714
msgid "Samba and LDAP"
12736
14715
msgstr ""
12737
14716
12738
#: serverguide/C/network-auth.xml:1236(para)
14717
#: serverguide/C/network-auth.xml:1573(para)
12739
14718
msgid ""
12740
14719
"This section covers configuring Samba to use LDAP for user, group, and "
12741
14720
"machine account information and authentication. The assumption is, you "
12746
14725
"Samba see <xref linkend=\"windows-networking\"/>."
12747
14726
msgstr ""
12748
14727
12749
#: serverguide/C/network-auth.xml:1246(para)
14728
#: serverguide/C/network-auth.xml:1583(para)
12750
14729
msgid ""
12751
14730
"There are three packages needed when integrating Samba with LDAP. "
12752
14731
"<application>samba</application>, <application>samba-doc</application>, and "
12754
14733
"from a terminal enter:"
12755
14734
msgstr ""
12756
14735
12757
#: serverguide/C/network-auth.xml:1252(command)
14736
#: serverguide/C/network-auth.xml:1589(command)
12758
14737
msgid "sudo apt-get install samba samba-doc smbldap-tools"
12759
14738
msgstr ""
12760
14739
12761
#: serverguide/C/network-auth.xml:1255(para)
14740
#: serverguide/C/network-auth.xml:1592(para)
12762
14741
msgid ""
12763
14742
"Strictly speaking the <application>smbldap-tools</application> package isn't "
12764
14743
"needed, but unless you have another package or custom scripts, a method of "
12765
14744
"managing users, groups, and computer accounts is needed."
12766
14745
msgstr ""
12767
14746
12768
#: serverguide/C/network-auth.xml:1262(title)
14747
#: serverguide/C/network-auth.xml:1599(title)
12769
14748
msgid "OpenLDAP Configuration"
12770
14749
msgstr ""
12771
14750
12772
#: serverguide/C/network-auth.xml:1264(para)
14751
#: serverguide/C/network-auth.xml:1601(para)
12773
14752
msgid ""
12774
14753
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
12775
14754
"the user objects in the directory will need additional attributes. This "
12777
14756
"controller, and will add the necessary LDAP objects and attributes."
12778
14757
msgstr ""
12779
14758
12780
#: serverguide/C/network-auth.xml:1272(para)
14759
#: serverguide/C/network-auth.xml:1609(para)
12781
14760
msgid ""
12782
14761
"The Samba attributes are defined in the <filename>samba.schema</filename> "
12783
14762
"file which is part of the <application>samba-doc</application> package. The "
12785
14764
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
12786
14765
msgstr ""
12787
14766
12788
#: serverguide/C/network-auth.xml:1279(command)
14767
#: serverguide/C/network-auth.xml:1616(command)
12789
14768
msgid ""
12790
14769
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
12791
14770
"/etc/ldap/schema/"
12792
14771
msgstr ""
12793
14772
12794
#: serverguide/C/network-auth.xml:1280(command)
14773
#: serverguide/C/network-auth.xml:1617(command)
12795
14774
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
12796
14775
msgstr ""
12797
14776
12798
#: serverguide/C/network-auth.xml:1286(para)
14777
#: serverguide/C/network-auth.xml:1623(para)
12799
14778
msgid ""
12800
14779
"The <emphasis>samba</emphasis> schema needs to be added to the "
12801
14780
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
12803
14782
"linkend=\"openldap-configuration\"/>."
12804
14783
msgstr ""
12805
14784
12806
#: serverguide/C/network-auth.xml:1294(para) serverguide/C/network-auth.xml:2318(para)
14785
#: serverguide/C/network-auth.xml:1631(para) serverguide/C/network-auth.xml:2666(para)
12807
14786
msgid ""
12808
14787
"First, create a configuration file named "
12809
14788
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
12810
14789
"containing the following lines:"
12811
14790
msgstr ""
12812
14791
12813
#: serverguide/C/network-auth.xml:1299(programlisting)
14792
#: serverguide/C/network-auth.xml:1636(programlisting)
12814
14793
#, no-wrap
12815
14794
msgid ""
12816
14795
"\n"
12829
14808
"include /etc/ldap/schema/samba.schema\n"
12830
14809
msgstr ""
12831
14810
12832
#: serverguide/C/network-auth.xml:1329(para) serverguide/C/network-auth.xml:2353(para)
14811
#: serverguide/C/network-auth.xml:1666(para) serverguide/C/network-auth.xml:2701(para)
12833
14812
msgid ""
12834
14813
"Now use <application>slapcat</application> to convert the schema files:"
12835
14814
msgstr ""
12836
14815
12837
#: serverguide/C/network-auth.xml:1334(command)
14816
#: serverguide/C/network-auth.xml:1671(command)
12838
14817
msgid ""
12839
14818
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
12840
14819
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
12841
14820
msgstr ""
12842
14821
12843
#: serverguide/C/network-auth.xml:1337(para) serverguide/C/network-auth.xml:2361(para)
14822
#: serverguide/C/network-auth.xml:1674(para) serverguide/C/network-auth.xml:2709(para)
12844
14823
msgid ""
12845
14824
"Change the above file and path names to match your own if they are different."
12846
14825
msgstr ""
12847
14826
12848
#: serverguide/C/network-auth.xml:1344(para)
14827
#: serverguide/C/network-auth.xml:1681(para)
12849
14828
msgid ""
12850
14829
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
12851
14830
"the following attributes:"
12852
14831
msgstr ""
12853
14832
12854
#: serverguide/C/network-auth.xml:1348(programlisting)
14833
#: serverguide/C/network-auth.xml:1685(programlisting)
12855
14834
#, no-wrap
12856
14835
msgid ""
12857
14836
"\n"
12860
14839
"cn: samba\n"
12861
14840
msgstr ""
12862
14841
12863
#: serverguide/C/network-auth.xml:1358(programlisting)
14842
#: serverguide/C/network-auth.xml:1695(programlisting)
12864
14843
#, no-wrap
12865
14844
msgid ""
12866
14845
"\n"
12873
14852
"modifyTimestamp: 20080827045234Z\n"
12874
14853
msgstr ""
12875
14854
12876
#: serverguide/C/network-auth.xml:1383(command)
14855
#: serverguide/C/network-auth.xml:1720(command)
12877
14856
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
12878
14857
msgstr ""
12879
14858
12880
#: serverguide/C/network-auth.xml:1389(para)
14859
#: serverguide/C/network-auth.xml:1726(para)
12881
14860
msgid ""
12882
14861
"There should now be a <emphasis>dn: "
12883
14862
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
12884
14863
"sequential schema, entry in the cn=config tree."
12885
14864
msgstr ""
12886
14865
12887
#: serverguide/C/network-auth.xml:1397(para)
14866
#: serverguide/C/network-auth.xml:1734(para)
12888
14867
msgid ""
12889
14868
"Copy and paste the following into a file named "
12890
14869
"<filename>samba_indexes.ldif</filename>:"
12891
14870
msgstr ""
12892
14871
12893
#: serverguide/C/network-auth.xml:1401(programlisting)
14872
#: serverguide/C/network-auth.xml:1738(programlisting)
12894
14873
#, no-wrap
12895
14874
msgid ""
12896
14875
"\n"
12911
14890
"olcDbIndex: default sub\n"
12912
14891
msgstr ""
12913
14892
12914
#: serverguide/C/network-auth.xml:1419(para)
14893
#: serverguide/C/network-auth.xml:1756(para)
12915
14894
msgid ""
12916
14895
"Using the <application>ldapmodify</application> utility load the new indexes:"
12917
14896
msgstr ""
12918
14897
12919
#: serverguide/C/network-auth.xml:1424(command)
14898
#: serverguide/C/network-auth.xml:1761(command)
12920
14899
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
12921
14900
msgstr ""
12922
14901
12923
#: serverguide/C/network-auth.xml:1426(para)
14902
#: serverguide/C/network-auth.xml:1763(para)
12924
14903
msgid ""
12925
14904
"If all went well you should see the new indexes using "
12926
14905
"<application>ldapsearch</application>:"
12927
14906
msgstr ""
12928
14907
12929
#: serverguide/C/network-auth.xml:1431(command)
14908
#: serverguide/C/network-auth.xml:1768(command)
12930
14909
msgid ""
12931
14910
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
12932
14911
msgstr ""
12933
14912
12934
#: serverguide/C/network-auth.xml:1437(para)
14913
#: serverguide/C/network-auth.xml:1774(para)
12935
14914
msgid ""
12936
14915
"Next, configure the <application>smbldap-tools</application> package to "
12937
14916
"match your environment. The package comes with a configuration script that "
12938
14917
"will ask questions about the needed options. To run the script enter:"
12939
14918
msgstr ""
12940
14919
12941
#: serverguide/C/network-auth.xml:1443(command)
14920
#: serverguide/C/network-auth.xml:1780(command)
12942
14921
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
12943
14922
msgstr ""
12944
14923
12945
#: serverguide/C/network-auth.xml:1444(command)
14924
#: serverguide/C/network-auth.xml:1781(command)
12946
14925
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
12947
14926
msgstr ""
12948
14927
12949
#: serverguide/C/network-auth.xml:1447(para)
14928
#: serverguide/C/network-auth.xml:1784(para)
12950
14929
msgid ""
12951
14930
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
12952
14931
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
12955
14934
"may be simpler to edit the file appropriately."
12956
14935
msgstr ""
12957
14936
12958
#: serverguide/C/network-auth.xml:1457(para)
14937
#: serverguide/C/network-auth.xml:1794(para)
12959
14938
msgid ""
12960
14939
"The <application>smbldap-populate</application> script will add the "
12961
14940
"necessary users, groups, and LDAP objects required for Samba. It is a good "
12963
14942
"<application>slapcat</application> before executing the command:"
12964
14943
msgstr ""
12965
14944
12966
#: serverguide/C/network-auth.xml:1464(command)
14945
#: serverguide/C/network-auth.xml:1801(command)
12967
14946
msgid "sudo slapcat -l backup.ldif"
12968
14947
msgstr ""
12969
14948
12970
#: serverguide/C/network-auth.xml:1470(para)
14949
#: serverguide/C/network-auth.xml:1807(para)
12971
14950
msgid ""
12972
14951
"Once you have a current backup execute <application>smbldap-"
12973
14952
"populate</application> by entering:"
12974
14953
msgstr ""
12975
14954
12976
#: serverguide/C/network-auth.xml:1475(command)
14955
#: serverguide/C/network-auth.xml:1812(command)
12977
14956
msgid "sudo smbldap-populate"
12978
14957
msgstr ""
12979
14958
12980
#: serverguide/C/network-auth.xml:1479(para)
14959
#: serverguide/C/network-auth.xml:1816(para)
12981
14960
msgid ""
12982
14961
"You can create an LDIF file containing the new Samba objects by executing "
12983
14962
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
12984
14963
"look over the changes making sure everything is correct."
12985
14964
msgstr ""
12986
14965
12987
#: serverguide/C/network-auth.xml:1487(para)
14966
#: serverguide/C/network-auth.xml:1824(para)
12988
14967
msgid ""
12989
14968
"Your LDAP directory now has the necessary domain information to authenticate "
12990
14969
"Samba users."
12991
14970
msgstr ""
12992
14971
12993
#: serverguide/C/network-auth.xml:1493(title)
14972
#: serverguide/C/network-auth.xml:1830(title)
12994
14973
msgid "Samba Configuration"
12995
14974
msgstr ""
12996
14975
12997
#: serverguide/C/network-auth.xml:1495(para)
14976
#: serverguide/C/network-auth.xml:1832(para)
12998
14977
msgid ""
12999
14978
"There a multiple ways to configure Samba for details on some common "
13000
14979
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
13003
14982
"backend</emphasis> option and adding the following:"
13004
14983
msgstr ""
13005
14984
13006
#: serverguide/C/network-auth.xml:1501(programlisting)
14985
#: serverguide/C/network-auth.xml:1838(programlisting)
13007
14986
#, no-wrap
13008
14987
msgid ""
13009
14988
"\n"
13023
15002
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
13024
15003
msgstr ""
13025
15004
13026
#: serverguide/C/network-auth.xml:1518(para)
15005
#: serverguide/C/network-auth.xml:1855(para)
13027
15006
msgid "Restart <application>samba</application> to enable the new settings:"
13028
15007
msgstr ""
13029
15008
13030
#: serverguide/C/network-auth.xml:1526(para)
15009
#: serverguide/C/network-auth.xml:1863(para)
13031
15010
msgid ""
13032
15011
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
13033
15012
"enter:"
13034
15013
msgstr ""
13035
15014
13036
#: serverguide/C/network-auth.xml:1531(command)
15015
#: serverguide/C/network-auth.xml:1868(command)
13037
15016
msgid "sudo smbpasswd -w secret"
13038
15017
msgstr ""
13039
15018
13040
#: serverguide/C/network-auth.xml:1535(para)
15019
#: serverguide/C/network-auth.xml:1872(para)
13041
15020
msgid ""
13042
15021
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
13043
15022
"password."
13044
15023
msgstr ""
13045
15024
13046
#: serverguide/C/network-auth.xml:1540(para)
15025
#: serverguide/C/network-auth.xml:1877(para)
13047
15026
msgid ""
13048
15027
"If you currently have users in LDAP, and you want them to authenticate using "
13049
15028
"Samba, they will need some Samba attributes defined in the "
13052
15031
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
13053
15032
msgstr ""
13054
15033
13055
#: serverguide/C/network-auth.xml:1548(command)
15034
#: serverguide/C/network-auth.xml:1885(command)
13056
15035
msgid "sudo smbpasswd -a username"
13057
15036
msgstr ""
13058
15037
13059
#: serverguide/C/network-auth.xml:1551(para)
15038
#: serverguide/C/network-auth.xml:1888(para)
13060
15039
msgid "You will then be asked to enter the user's password."
13061
15040
msgstr ""
13062
15041
13063
#: serverguide/C/network-auth.xml:1555(para)
15042
#: serverguide/C/network-auth.xml:1892(para)
13064
15043
msgid ""
13065
15044
"To add new user, group, and machine accounts use the utilities from the "
13066
15045
"<application>smbldap-tools</application> package. Here are some examples:"
13067
15046
msgstr ""
13068
15047
13069
#: serverguide/C/network-auth.xml:1562(para)
15048
#: serverguide/C/network-auth.xml:1899(para)
13070
15049
msgid ""
13071
15050
"To add a new user to LDAP with Samba attributes enter the following, "
13072
15051
"replacing username with an actual username:"
13073
15052
msgstr ""
13074
15053
13075
#: serverguide/C/network-auth.xml:1566(command)
15054
#: serverguide/C/network-auth.xml:1903(command)
13076
15055
msgid "sudo smbldap-useradd -a -P username"
13077
15056
msgstr ""
13078
15057
13079
#: serverguide/C/network-auth.xml:1568(para)
15058
#: serverguide/C/network-auth.xml:1905(para)
13080
15059
msgid ""
13081
15060
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
13082
15061
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
13084
15063
"a password for the user."
13085
15064
msgstr ""
13086
15065
13087
#: serverguide/C/network-auth.xml:1574(para)
15066
#: serverguide/C/network-auth.xml:1911(para)
13088
15067
msgid "To remove a user from the directory enter:"
13089
15068
msgstr ""
13090
15069
13091
#: serverguide/C/network-auth.xml:1578(command)
15070
#: serverguide/C/network-auth.xml:1915(command)
13092
15071
msgid "sudo smbldap-userdel username"
13093
15072
msgstr ""
13094
15073
13095
#: serverguide/C/network-auth.xml:1580(para)
15074
#: serverguide/C/network-auth.xml:1917(para)
13096
15075
msgid ""
13097
15076
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
13098
15077
"r</emphasis> option to remove the user's home directory."
13099
15078
msgstr ""
13100
15079
13101
#: serverguide/C/network-auth.xml:1585(para)
15080
#: serverguide/C/network-auth.xml:1922(para)
13102
15081
msgid ""
13103
15082
"Use <application>smbldap-groupadd</application> to add a group, replacing "
13104
15083
"groupname with an appropriate group:"
13105
15084
msgstr ""
13106
15085
13107
#: serverguide/C/network-auth.xml:1589(command)
15086
#: serverguide/C/network-auth.xml:1926(command)
13108
15087
msgid "sudo smbldap-groupadd -a groupname"
13109
15088
msgstr ""
13110
15089
13111
#: serverguide/C/network-auth.xml:1591(para)
15090
#: serverguide/C/network-auth.xml:1928(para)
13112
15091
msgid ""
13113
15092
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
13114
15093
"a</emphasis> adds the Samba attributes."
13115
15094
msgstr ""
13116
15095
13117
#: serverguide/C/network-auth.xml:1596(para)
15096
#: serverguide/C/network-auth.xml:1933(para)
13118
15097
msgid ""
13119
15098
"To add a user to a group use <application>smbldap-groupmod</application>:"
13120
15099
msgstr ""
13121
15100
13122
#: serverguide/C/network-auth.xml:1600(command)
15101
#: serverguide/C/network-auth.xml:1937(command)
13123
15102
msgid "sudo smbldap-groupmod -m username groupname"
13124
15103
msgstr ""
13125
15104
13126
#: serverguide/C/network-auth.xml:1602(para)
15105
#: serverguide/C/network-auth.xml:1939(para)
13127
15106
msgid ""
13128
15107
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
13129
15108
"<emphasis>-m</emphasis> option can add more than one user at a time by "
13130
15109
"listing them in <emphasis>comma separated</emphasis> format."
13131
15110
msgstr ""
13132
15111
13133
#: serverguide/C/network-auth.xml:1608(para)
15112
#: serverguide/C/network-auth.xml:1945(para)
13134
15113
msgid ""
13135
15114
"<application>smbldap-groupmod</application> can also be used to remove a "
13136
15115
"user from a group:"
13137
15116
msgstr ""
13138
15117
13139
#: serverguide/C/network-auth.xml:1612(command)
15118
#: serverguide/C/network-auth.xml:1949(command)
13140
15119
msgid "sudo smbldap-groupmod -x username groupname"
13141
15120
msgstr ""
13142
15121
13143
#: serverguide/C/network-auth.xml:1616(para)
15122
#: serverguide/C/network-auth.xml:1953(para)
13144
15123
msgid ""
13145
15124
"Additionally, the <application>smbldap-useradd</application> utility can add "
13146
15125
"Samba machine accounts:"
13147
15126
msgstr ""
13148
15127
13149
#: serverguide/C/network-auth.xml:1620(command)
15128
#: serverguide/C/network-auth.xml:1957(command)
13150
15129
msgid "sudo smbldap-useradd -t 0 -w username"
13151
15130
msgstr ""
13152
15131
13153
#: serverguide/C/network-auth.xml:1622(para)
15132
#: serverguide/C/network-auth.xml:1959(para)
13154
15133
msgid ""
13155
15134
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
13156
15135
"<emphasis>-t 0</emphasis> option creates the machine account without a "
13160
15139
"<application>smbldap-useradd</application>."
13161
15140
msgstr ""
13162
15141
13163
#: serverguide/C/network-auth.xml:1631(para)
15142
#: serverguide/C/network-auth.xml:1968(para)
13164
15143
msgid ""
13165
15144
"There are more useful utilities and options in the <application>smbldap-"
13166
15145
"tools</application> package. The man page for each utility provides more "
13167
15146
"details."
13168
15147
msgstr ""
13169
15148
13170
#: serverguide/C/network-auth.xml:1642(para)
15149
#: serverguide/C/network-auth.xml:1979(para)
13171
15150
msgid ""
13172
15151
"There are multiple places where LDAP and Samba is documented in the <ulink "
13173
15152
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
13174
15153
"Collection</ulink>."
13175
15154
msgstr ""
13176
15155
13177
#: serverguide/C/network-auth.xml:1648(para)
15156
#: serverguide/C/network-auth.xml:1985(para)
13178
15157
msgid ""
13179
15158
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
13180
15159
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
13181
15160
msgstr ""
13182
15161
13183
#: serverguide/C/network-auth.xml:1654(para)
15162
#: serverguide/C/network-auth.xml:1991(para)
13184
15163
msgid ""
13185
15164
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
13186
15165
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
13187
15166
msgstr ""
13188
15167
13189
#: serverguide/C/network-auth.xml:1660(para)
15168
#: serverguide/C/network-auth.xml:1997(para)
13190
15169
msgid ""
13191
15170
"Again, for more information on <application>smbldap-tools</application> see "
13192
15171
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
13193
15172
"groupadd</command>, <command>man smbldap-populate</command>, etc."
13194
15173
msgstr ""
13195
15174
13196
#: serverguide/C/network-auth.xml:1670(title)
15175
#: serverguide/C/network-auth.xml:2004(para)
15176
msgid ""
15177
"Also, there is a list of <ulink "
15178
"url=\"https://help.ubuntu.com/community/Samba#samba-ldap\">Ubuntu "
15179
"wiki</ulink> articles with more information."
15180
msgstr ""
15181
15182
#: serverguide/C/network-auth.xml:2013(title)
13197
15183
msgid "Kerberos"
13198
15184
msgstr "Kerberos"
13199
15185
13200
#: serverguide/C/network-auth.xml:1672(para)
15186
#: serverguide/C/network-auth.xml:2015(para)
13201
15187
msgid ""
13202
15188
"<application>Kerberos</application> is a network authentication system based "
13203
15189
"on the principal of a trusted third party. The other two parties being the "
13206
15192
"network environment one step closer to being Single Sign On (SSO)."
13207
15193
msgstr ""
13208
15194
13209
#: serverguide/C/network-auth.xml:1678(para)
15195
#: serverguide/C/network-auth.xml:2021(para)
13210
15196
msgid ""
13211
15197
"This section covers installation and configuration of a Kerberos server, and "
13212
15198
"some example client configurations."
13213
15199
msgstr ""
13214
15200
13215
#: serverguide/C/network-auth.xml:1685(para)
15201
#: serverguide/C/network-auth.xml:2028(para)
13216
15202
msgid ""
13217
15203
"If you are new to Kerberos there are a few terms that are good to understand "
13218
15204
"before setting up a Kerberos server. Most of the terms will relate to things "
13219
15205
"you may be familiar with in other environments:"
13220
15206
msgstr ""
13221
15207
13222
#: serverguide/C/network-auth.xml:1692(para)
15208
#: serverguide/C/network-auth.xml:2035(para)
13223
15209
msgid ""
13224
15210
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
13225
15211
"by servers need to be defined as Kerberos Principals."
13226
15212
msgstr ""
13227
15213
13228
#: serverguide/C/network-auth.xml:1697(para)
15214
#: serverguide/C/network-auth.xml:2040(para)
13229
15215
msgid ""
13230
15216
"<emphasis>Instances:</emphasis> are used for service principals and special "
13231
15217
"administrative principals."
13232
15218
msgstr ""
13233
15219
13234
#: serverguide/C/network-auth.xml:1702(para)
15220
#: serverguide/C/network-auth.xml:2045(para)
13235
15221
msgid ""
13236
15222
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
13237
15223
"Kerberos installation. Usually the DNS domain converted to uppercase "
13238
15224
"(EXAMPLE.COM)."
13239
15225
msgstr ""
13240
15226
13241
#: serverguide/C/network-auth.xml:1708(para)
15227
#: serverguide/C/network-auth.xml:2051(para)
13242
15228
msgid ""
13243
15229
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
13244
15230
"a database of all principals, the authentication server, and the ticket "
13245
15231
"granting server. For each realm there must be at least one KDC."
13246
15232
msgstr ""
13247
15233
13248
#: serverguide/C/network-auth.xml:1714(para)
15234
#: serverguide/C/network-auth.xml:2057(para)
13249
15235
msgid ""
13250
15236
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
13251
15237
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
13252
15238
"password which is known only to the user and the KDC."
13253
15239
msgstr ""
13254
15240
13255
#: serverguide/C/network-auth.xml:1720(para)
15241
#: serverguide/C/network-auth.xml:2063(para)
13256
15242
msgid ""
13257
15243
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
13258
15244
"clients upon request."
13259
15245
msgstr ""
13260
15246
13261
#: serverguide/C/network-auth.xml:1725(para)
15247
#: serverguide/C/network-auth.xml:2068(para)
13262
15248
msgid ""
13263
15249
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
13264
15250
"One principal being a user and the other a service requested by the user. "
13266
15252
"authenticated session."
13267
15253
msgstr ""
13268
15254
13269
#: serverguide/C/network-auth.xml:1731(para)
15255
#: serverguide/C/network-auth.xml:2074(para)
13270
15256
msgid ""
13271
15257
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
13272
15258
"principal database and contain the encryption key for a service or host."
13273
15259
msgstr ""
13274
15260
13275
#: serverguide/C/network-auth.xml:1738(para)
15261
#: serverguide/C/network-auth.xml:2081(para)
13276
15262
msgid ""
13277
15263
"To put the pieces together, a Realm has at least one KDC, preferably two for "
13278
15264
"redundancy, which contains a database of Principals. When a user principal "
13284
15270
"and password."
13285
15271
msgstr ""
13286
15272
13287
#: serverguide/C/network-auth.xml:1747(title)
15273
#: serverguide/C/network-auth.xml:2090(title)
13288
15274
msgid "Kerberos Server"
13289
15275
msgstr ""
13290
15276
13291
#: serverguide/C/network-auth.xml:1751(para)
15277
#: serverguide/C/network-auth.xml:2094(para)
13292
15278
msgid ""
13293
15279
"Before installing the Kerberos server a properly configured DNS server is "
13294
15280
"needed for your domain. Since the Kerberos Realm by convention matches the "
13296
15282
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
13297
15283
msgstr ""
13298
15284
13299
#: serverguide/C/network-auth.xml:1757(para)
15285
#: serverguide/C/network-auth.xml:2100(para)
13300
15286
msgid ""
13301
15287
"Also, Kerberos is a time sensitive protocol. So if the local system time "
13302
15288
"between a client machine and the server differs by more than five minutes "
13306
15292
"NTP see <xref linkend=\"NTP\"/>."
13307
15293
msgstr ""
13308
15294
13309
#: serverguide/C/network-auth.xml:1764(para)
15295
#: serverguide/C/network-auth.xml:2107(para)
13310
15296
msgid ""
13311
15297
"The first step in installing a Kerberos Realm is to install the "
13312
15298
"<application>krb5-kdc</application> and <application>krb5-admin-"
13313
15299
"server</application> packages. From a terminal enter:"
13314
15300
msgstr ""
13315
15301
13316
#: serverguide/C/network-auth.xml:1770(command) serverguide/C/network-auth.xml:1945(command)
15302
#: serverguide/C/network-auth.xml:2113(command) serverguide/C/network-auth.xml:2288(command)
13317
15303
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
13318
15304
msgstr ""
13319
15305
13320
#: serverguide/C/network-auth.xml:1773(para)
15306
#: serverguide/C/network-auth.xml:2116(para)
13321
15307
msgid ""
13322
15308
"You will be asked at the end of the install to supply a name for the "
13323
15309
"Kerberos and Admin servers, which may or may not be the same server, for the "
13324
15310
"realm."
13325
15311
msgstr ""
13326
15312
13327
#: serverguide/C/network-auth.xml:1778(para)
15313
#: serverguide/C/network-auth.xml:2121(para)
13328
15314
msgid ""
13329
15315
"Next, create the new realm with the <application>kdb5_newrealm</application> "
13330
15316
"utility:"
13331
15317
msgstr ""
13332
15318
13333
#: serverguide/C/network-auth.xml:1783(command)
15319
#: serverguide/C/network-auth.xml:2126(command)
13334
15320
msgid "sudo krb5_newrealm"
13335
15321
msgstr ""
13336
15322
13337
#: serverguide/C/network-auth.xml:1790(para)
15323
#: serverguide/C/network-auth.xml:2133(para)
13338
15324
msgid ""
13339
15325
"The questions asked during installation are used to configure the "
13340
15326
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
13342
15328
"<application>krb5-kdc</application> daemon."
13343
15329
msgstr ""
13344
15330
13345
#: serverguide/C/network-auth.xml:1798(para)
15331
#: serverguide/C/network-auth.xml:2141(para)
13346
15332
msgid ""
13347
15333
"Now that the KDC running an admin user is needed. It is recommended to use a "
13348
15334
"different username from your everyday username. Using the "
13349
15335
"<application>kadmin.local</application> utility in a terminal prompt enter:"
13350
15336
msgstr ""
13351
15337
13352
#: serverguide/C/network-auth.xml:1804(command) serverguide/C/network-auth.xml:2595(command)
15338
#: serverguide/C/network-auth.xml:2147(command) serverguide/C/network-auth.xml:2943(command)
13353
15339
msgid "sudo kadmin.local"
13354
15340
msgstr ""
13355
15341
13356
#: serverguide/C/network-auth.xml:1805(computeroutput)
15342
#: serverguide/C/network-auth.xml:2148(computeroutput)
13357
15343
#, no-wrap
13358
15344
msgid ""
13359
15345
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
13360
15346
"kadmin.local:"
13361
15347
msgstr ""
13362
15348
13363
#: serverguide/C/network-auth.xml:1806(userinput)
15349
#: serverguide/C/network-auth.xml:2149(userinput)
13364
15350
#, no-wrap
13365
15351
msgid " addprinc steve/admin"
13366
15352
msgstr ""
13367
15353
13368
#: serverguide/C/network-auth.xml:1807(computeroutput)
15354
#: serverguide/C/network-auth.xml:2150(computeroutput)
13369
15355
#, no-wrap
13370
15356
msgid ""
13371
15357
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
13376
15362
"kadmin.local:"
13377
15363
msgstr ""
13378
15364
13379
#: serverguide/C/network-auth.xml:1811(userinput)
15365
#: serverguide/C/network-auth.xml:2154(userinput)
13380
15366
#, no-wrap
13381
15367
msgid " quit"
13382
15368
msgstr ""
13383
15369
13384
#: serverguide/C/network-auth.xml:1814(para)
15370
#: serverguide/C/network-auth.xml:2157(para)
13385
15371
msgid ""
13386
15372
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
13387
15373
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
13392
15378
"rights."
13393
15379
msgstr ""
13394
15380
13395
#: serverguide/C/network-auth.xml:1822(para)
15381
#: serverguide/C/network-auth.xml:2165(para)
13396
15382
msgid ""
13397
15383
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
13398
15384
"your Realm and admin username."
13399
15385
msgstr ""
13400
15386
13401
#: serverguide/C/network-auth.xml:1830(para)
15387
#: serverguide/C/network-auth.xml:2173(para)
13402
15388
msgid ""
13403
15389
"Next, the new admin user needs to have the appropriate Access Control List "
13404
15390
"(ACL) permissions. The permissions are configured in the "
13405
15391
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
13406
15392
msgstr ""
13407
15393
13408
#: serverguide/C/network-auth.xml:1835(programlisting)
15394
#: serverguide/C/network-auth.xml:2178(programlisting)
13409
15395
#, no-wrap
13410
15396
msgid ""
13411
15397
"\n"
13412
15398
"steve/admin@EXAMPLE.COM *\n"
13413
15399
msgstr ""
13414
15400
13415
#: serverguide/C/network-auth.xml:1839(para)
15401
#: serverguide/C/network-auth.xml:2182(para)
13416
15402
msgid ""
13417
15403
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
13418
15404
"any operation on all principals in the realm."
13419
15405
msgstr ""
13420
15406
13421
#: serverguide/C/network-auth.xml:1846(para)
15407
#: serverguide/C/network-auth.xml:2189(para)
13422
15408
msgid ""
13423
15409
"Now restart the <application>krb5-admin-server</application> for the new ACL "
13424
15410
"to take affect:"
13425
15411
msgstr ""
13426
15412
13427
#: serverguide/C/network-auth.xml:1851(command)
15413
#: serverguide/C/network-auth.xml:2194(command)
13428
15414
msgid "sudo /etc/init.d/krb5-admin-server restart"
13429
15415
msgstr ""
13430
15416
13431
#: serverguide/C/network-auth.xml:1857(para)
15417
#: serverguide/C/network-auth.xml:2200(para)
13432
15418
msgid ""
13433
15419
"The new user principal can be tested using the <application>kinit "
13434
15420
"utility</application>:"
13435
15421
msgstr ""
13436
15422
13437
#: serverguide/C/network-auth.xml:1862(command)
15423
#: serverguide/C/network-auth.xml:2205(command)
13438
15424
msgid "kinit steve/admin"
13439
15425
msgstr ""
13440
15426
13441
#: serverguide/C/network-auth.xml:1863(computeroutput)
15427
#: serverguide/C/network-auth.xml:2206(computeroutput)
13442
15428
#, no-wrap
13443
15429
msgid "steve/admin@EXAMPLE.COM's Password:"
13444
15430
msgstr ""
13445
15431
13446
#: serverguide/C/network-auth.xml:1866(para)
15432
#: serverguide/C/network-auth.xml:2209(para)
13447
15433
msgid ""
13448
15434
"After entering the password, use the <application>klist</application> "
13449
15435
"utility to view information about the Ticket Granting Ticket (TGT):"
13450
15436
msgstr ""
13451
15437
13452
#: serverguide/C/network-auth.xml:1872(command) serverguide/C/network-auth.xml:2207(command)
15438
#: serverguide/C/network-auth.xml:2215(command) serverguide/C/network-auth.xml:2550(command)
13453
15439
msgid "klist"
13454
15440
msgstr ""
13455
15441
13456
#: serverguide/C/network-auth.xml:1873(computeroutput)
15442
#: serverguide/C/network-auth.xml:2216(computeroutput)
13457
15443
#, no-wrap
13458
15444
msgid ""
13459
15445
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
13463
15449
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
13464
15450
msgstr ""
13465
15451
13466
#: serverguide/C/network-auth.xml:1880(para)
15452
#: serverguide/C/network-auth.xml:2223(para)
13467
15453
msgid ""
13468
15454
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
13469
15455
"the KDC. For example:"
13470
15456
msgstr ""
13471
15457
13472
#: serverguide/C/network-auth.xml:1884(programlisting)
15458
#: serverguide/C/network-auth.xml:2227(programlisting)
13473
15459
#, no-wrap
13474
15460
msgid ""
13475
15461
"\n"
13476
15462
"192.168.0.1 kdc01.example.com kdc01\n"
13477
15463
msgstr ""
13478
15464
13479
#: serverguide/C/network-auth.xml:1888(para)
15465
#: serverguide/C/network-auth.xml:2231(para)
13480
15466
msgid ""
13481
15467
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
13482
15468
msgstr ""
13483
15469
13484
#: serverguide/C/network-auth.xml:1895(para)
15470
#: serverguide/C/network-auth.xml:2238(para)
13485
15471
msgid ""
13486
15472
"In order for clients to determine the KDC for the Realm some DNS SRV records "
13487
15473
"are needed. Add the following to "
13488
15474
"<filename>/etc/named/db.example.com</filename>:"
13489
15475
msgstr ""
13490
15476
13491
#: serverguide/C/network-auth.xml:1900(programlisting)
15477
#: serverguide/C/network-auth.xml:2243(programlisting)
13492
15478
#, no-wrap
13493
15479
msgid ""
13494
15480
"\n"
13500
15486
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
13501
15487
msgstr ""
13502
15488
13503
#: serverguide/C/network-auth.xml:1910(para)
15489
#: serverguide/C/network-auth.xml:2253(para)
13504
15490
msgid ""
13505
15491
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
13506
15492
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
13507
15493
"KDC."
13508
15494
msgstr ""
13509
15495
13510
#: serverguide/C/network-auth.xml:1916(para)
15496
#: serverguide/C/network-auth.xml:2259(para)
13511
15497
msgid ""
13512
15498
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
13513
15499
msgstr ""
13514
15500
13515
#: serverguide/C/network-auth.xml:1923(para)
15501
#: serverguide/C/network-auth.xml:2266(para)
13516
15502
msgid "Your new Kerberos Realm is now ready to authenticate clients."
13517
15503
msgstr ""
13518
15504
13519
#: serverguide/C/network-auth.xml:1930(title)
15505
#: serverguide/C/network-auth.xml:2273(title)
13520
15506
msgid "Secondary KDC"
13521
15507
msgstr ""
13522
15508
13523
#: serverguide/C/network-auth.xml:1932(para)
15509
#: serverguide/C/network-auth.xml:2275(para)
13524
15510
msgid ""
13525
15511
"Once you have one Key Distribution Center (KDC) on your network, it is good "
13526
15512
"practice to have a Secondary KDC in case the primary becomes unavailable."
13527
15513
msgstr ""
13528
15514
13529
#: serverguide/C/network-auth.xml:1940(para)
15515
#: serverguide/C/network-auth.xml:2283(para)
13530
15516
msgid ""
13531
15517
"First, install the packages, and when asked for the Kerberos and Admin "
13532
15518
"server names enter the name of the Primary KDC:"
13533
15519
msgstr ""
13534
15520
13535
#: serverguide/C/network-auth.xml:1951(para)
15521
#: serverguide/C/network-auth.xml:2294(para)
13536
15522
msgid ""
13537
15523
"Once you have the packages installed, create the Secondary KDC's host "
13538
15524
"principal. From a terminal prompt, enter:"
13539
15525
msgstr ""
13540
15526
13541
#: serverguide/C/network-auth.xml:1956(command)
15527
#: serverguide/C/network-auth.xml:2299(command)
13542
15528
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
13543
15529
msgstr ""
13544
15530
13545
#: serverguide/C/network-auth.xml:1960(para)
15531
#: serverguide/C/network-auth.xml:2303(para)
13546
15532
msgid ""
13547
15533
"After, issuing any <application>kadmin</application> commands you will be "
13548
15534
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
13549
15535
"password."
13550
15536
msgstr ""
13551
15537
13552
#: serverguide/C/network-auth.xml:1969(para)
15538
#: serverguide/C/network-auth.xml:2312(para)
13553
15539
msgid "Extract the <emphasis>keytab</emphasis> file:"
13554
15540
msgstr ""
13555
15541
13556
#: serverguide/C/network-auth.xml:1974(command)
15542
#: serverguide/C/network-auth.xml:2317(command)
13557
15543
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
13558
15544
msgstr ""
13559
15545
13560
#: serverguide/C/network-auth.xml:1980(para)
15546
#: serverguide/C/network-auth.xml:2323(para)
13561
15547
msgid ""
13562
15548
"There should now be a <filename>keytab.kdc02</filename> in the current "
13563
15549
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
13564
15550
msgstr ""
13565
15551
13566
#: serverguide/C/network-auth.xml:1986(command)
15552
#: serverguide/C/network-auth.xml:2329(command)
13567
15553
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
13568
15554
msgstr ""
13569
15555
13570
#: serverguide/C/network-auth.xml:1990(para)
15556
#: serverguide/C/network-auth.xml:2333(para)
13571
15557
msgid ""
13572
15558
"If the path to the <filename>keytab.kdc02</filename> file is different "
13573
15559
"adjust accordingly."
13574
15560
msgstr ""
13575
15561
13576
#: serverguide/C/network-auth.xml:1995(para)
15562
#: serverguide/C/network-auth.xml:2338(para)
13577
15563
msgid ""
13578
15564
"Also, you can list the principals in a Keytab file, which can be useful when "
13579
15565
"troubleshooting, using the <application>klist</application> utility:"
13580
15566
msgstr ""
13581
15567
13582
#: serverguide/C/network-auth.xml:2001(command)
15568
#: serverguide/C/network-auth.xml:2344(command)
13583
15569
msgid "sudo klist -k /etc/krb5.keytab"
13584
15570
msgstr ""
13585
15571
13586
#: serverguide/C/network-auth.xml:2007(para)
15572
#: serverguide/C/network-auth.xml:2350(para)
13587
15573
msgid ""
13588
15574
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
13589
15575
"that lists all KDCs for the Realm. For example, on both primary and "
13590
15576
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
13591
15577
msgstr ""
13592
15578
13593
#: serverguide/C/network-auth.xml:2012(programlisting)
15579
#: serverguide/C/network-auth.xml:2355(programlisting)
13594
15580
#, no-wrap
13595
15581
msgid ""
13596
15582
"\n"
13598
15584
"host/kdc02.example.com@EXAMPLE.COM\n"
13599
15585
msgstr ""
13600
15586
13601
#: serverguide/C/network-auth.xml:2020(para)
15587
#: serverguide/C/network-auth.xml:2363(para)
13602
15588
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
13603
15589
msgstr ""
13604
15590
13605
#: serverguide/C/network-auth.xml:2025(command)
15591
#: serverguide/C/network-auth.xml:2368(command)
13606
15592
msgid "sudo kdb5_util -s create"
13607
15593
msgstr ""
13608
15594
13609
#: serverguide/C/network-auth.xml:2031(para)
15595
#: serverguide/C/network-auth.xml:2374(para)
13610
15596
msgid ""
13611
15597
"Now start the <application>kpropd</application> daemon, which listens for "
13612
15598
"connections from the <application>kprop</application> utility. "
13613
15599
"<application>kprop</application> is used to transfer dump files:"
13614
15600
msgstr ""
13615
15601
13616
#: serverguide/C/network-auth.xml:2038(command)
15602
#: serverguide/C/network-auth.xml:2381(command)
13617
15603
msgid "sudo kpropd -S"
13618
15604
msgstr ""
13619
15605
13620
#: serverguide/C/network-auth.xml:2044(para)
15606
#: serverguide/C/network-auth.xml:2387(para)
13621
15607
msgid ""
13622
15608
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
13623
15609
"of the principal database:"
13624
15610
msgstr ""
13625
15611
13626
#: serverguide/C/network-auth.xml:2049(command)
15612
#: serverguide/C/network-auth.xml:2392(command)
13627
15613
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
13628
15614
msgstr ""
13629
15615
13630
#: serverguide/C/network-auth.xml:2055(para)
15616
#: serverguide/C/network-auth.xml:2398(para)
13631
15617
msgid ""
13632
15618
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
13633
15619
"<filename>/etc/krb5.keytab</filename>:"
13634
15620
msgstr ""
13635
15621
13636
#: serverguide/C/network-auth.xml:2060(command)
15622
#: serverguide/C/network-auth.xml:2403(command)
13637
15623
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
13638
15624
msgstr ""
13639
15625
13640
#: serverguide/C/network-auth.xml:2061(command)
15626
#: serverguide/C/network-auth.xml:2404(command)
13641
15627
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
13642
15628
msgstr ""
13643
15629
13644
#: serverguide/C/network-auth.xml:2065(para)
15630
#: serverguide/C/network-auth.xml:2408(para)
13645
15631
msgid ""
13646
15632
"Make sure there is a <emphasis>host</emphasis> for "
13647
15633
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
13648
15634
msgstr ""
13649
15635
13650
#: serverguide/C/network-auth.xml:2073(para)
15636
#: serverguide/C/network-auth.xml:2416(para)
13651
15637
msgid ""
13652
15638
"Using the <application>kprop</application> utility push the database to the "
13653
15639
"Secondary KDC:"
13654
15640
msgstr ""
13655
15641
13656
#: serverguide/C/network-auth.xml:2078(command)
15642
#: serverguide/C/network-auth.xml:2421(command)
13657
15643
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
13658
15644
msgstr ""
13659
15645
13660
#: serverguide/C/network-auth.xml:2082(para)
15646
#: serverguide/C/network-auth.xml:2425(para)
13661
15647
msgid ""
13662
15648
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
13663
15649
"worked. If there is an error message check "
13665
15651
"information."
13666
15652
msgstr ""
13667
15653
13668
#: serverguide/C/network-auth.xml:2088(para)
15654
#: serverguide/C/network-auth.xml:2431(para)
13669
15655
msgid ""
13670
15656
"You may also want to create a <application>cron</application> job to "
13671
15657
"periodically update the database on the Secondary KDC. For example, the "
13672
15658
"following will push the database every hour:"
13673
15659
msgstr ""
13674
15660
13675
#: serverguide/C/network-auth.xml:2093(programlisting)
15661
#: serverguide/C/network-auth.xml:2436(programlisting)
13676
15662
#, no-wrap
13677
15663
msgid ""
13678
15664
"\n"
13681
15667
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
13682
15668
msgstr ""
13683
15669
13684
#: serverguide/C/network-auth.xml:2101(para)
15670
#: serverguide/C/network-auth.xml:2444(para)
13685
15671
msgid ""
13686
15672
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
13687
15673
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
13688
15674
msgstr ""
13689
15675
13690
#: serverguide/C/network-auth.xml:2107(command)
15676
#: serverguide/C/network-auth.xml:2450(command)
13691
15677
msgid "sudo kdb5_util stash"
13692
15678
msgstr ""
13693
15679
13694
#: serverguide/C/network-auth.xml:2113(para)
15680
#: serverguide/C/network-auth.xml:2456(para)
13695
15681
msgid ""
13696
15682
"Finally, start the <application>krb5-kdc</application> daemon on the "
13697
15683
"Secondary KDC:"
13698
15684
msgstr ""
13699
15685
13700
#: serverguide/C/network-auth.xml:2118(command) serverguide/C/network-auth.xml:2725(command)
15686
#: serverguide/C/network-auth.xml:2461(command) serverguide/C/network-auth.xml:3073(command)
13701
15687
msgid "sudo /etc/init.d/krb5-kdc start"
13702
15688
msgstr ""
13703
15689
13704
#: serverguide/C/network-auth.xml:2124(para)
15690
#: serverguide/C/network-auth.xml:2467(para)
13705
15691
msgid ""
13706
15692
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
13707
15693
"for the Realm. You can test this by stopping the <application>krb5-"
13710
15696
"should receive a ticket from the Secondary KDC."
13711
15697
msgstr ""
13712
15698
13713
#: serverguide/C/network-auth.xml:2132(title)
15699
#: serverguide/C/network-auth.xml:2475(title)
13714
15700
msgid "Kerberos Linux Client"
13715
15701
msgstr ""
13716
15702
13717
#: serverguide/C/network-auth.xml:2134(para)
15703
#: serverguide/C/network-auth.xml:2477(para)
13718
15704
msgid ""
13719
15705
"This section covers configuring a Linux system as a "
13720
15706
"<application>Kerberos</application> client. This will allow access to any "
13721
15707
"kerberized services once a user has successfully logged into the system."
13722
15708
msgstr ""
13723
15709
13724
#: serverguide/C/network-auth.xml:2142(para)
15710
#: serverguide/C/network-auth.xml:2485(para)
13725
15711
msgid ""
13726
15712
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
13727
15713
"user</application> and <application>libpam-krb5</application> packages are "
13730
15716
"prompt:"
13731
15717
msgstr ""
13732
15718
13733
#: serverguide/C/network-auth.xml:2149(command)
15719
#: serverguide/C/network-auth.xml:2492(command)
13734
15720
msgid ""
13735
15721
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
13736
15722
msgstr ""
13737
15723
13738
#: serverguide/C/network-auth.xml:2152(para)
15724
#: serverguide/C/network-auth.xml:2495(para)
13739
15725
msgid ""
13740
15726
"The <application>auth-client-config</application> package allows simple "
13741
15727
"configuration of PAM for authentication from multiple sources, and the "
13746
15732
"be accessed off the network as well."
13747
15733
msgstr ""
13748
15734
13749
#: serverguide/C/network-auth.xml:2163(para)
15735
#: serverguide/C/network-auth.xml:2506(para)
13750
15736
msgid "To configure the client in a terminal enter:"
13751
15737
msgstr ""
13752
15738
13753
#: serverguide/C/network-auth.xml:2168(command)
15739
#: serverguide/C/network-auth.xml:2511(command)
13754
15740
msgid "sudo dpkg-reconfigure krb5-config"
13755
15741
msgstr ""
13756
15742
13757
#: serverguide/C/network-auth.xml:2171(para)
15743
#: serverguide/C/network-auth.xml:2514(para)
13758
15744
msgid ""
13759
15745
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
13760
15746
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
13762
15748
"Center (KDC) and Realm Administration server."
13763
15749
msgstr ""
13764
15750
13765
#: serverguide/C/network-auth.xml:2177(para)
15751
#: serverguide/C/network-auth.xml:2520(para)
13766
15752
msgid ""
13767
15753
"The <application>dpkg-reconfigure</application> adds entries to the "
13768
15754
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
13769
15755
"entries similar to the following:"
13770
15756
msgstr ""
13771
15757
13772
#: serverguide/C/network-auth.xml:2182(programlisting)
15758
#: serverguide/C/network-auth.xml:2525(programlisting)
13773
15759
#, no-wrap
13774
15760
msgid ""
13775
15761
"\n"
13783
15769
" }\n"
13784
15770
msgstr ""
13785
15771
13786
#: serverguide/C/network-auth.xml:2193(para)
15772
#: serverguide/C/network-auth.xml:2536(para)
13787
15773
msgid ""
13788
15774
"You can test the configuration by requesting a ticket using the "
13789
15775
"<application>kinit</application> utility. For example:"
13790
15776
msgstr ""
13791
15777
13792
#: serverguide/C/network-auth.xml:2198(command)
15778
#: serverguide/C/network-auth.xml:2541(command)
13793
15779
msgid "kinit steve@EXAMPLE.COM"
13794
15780
msgstr ""
13795
15781
13796
#: serverguide/C/network-auth.xml:2199(computeroutput)
15782
#: serverguide/C/network-auth.xml:2542(computeroutput)
13797
15783
#, no-wrap
13798
15784
msgid "Password for steve@EXAMPLE.COM:"
13799
15785
msgstr ""
13800
15786
13801
#: serverguide/C/network-auth.xml:2202(para)
15787
#: serverguide/C/network-auth.xml:2545(para)
13802
15788
msgid ""
13803
15789
"When a ticket has been granted, the details can be viewed using "
13804
15790
"<application>klist</application>:"
13805
15791
msgstr ""
13806
15792
13807
#: serverguide/C/network-auth.xml:2208(computeroutput)
15793
#: serverguide/C/network-auth.xml:2551(computeroutput)
13808
15794
#, no-wrap
13809
15795
msgid ""
13810
15796
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
13819
15805
"klist: You have no tickets cached"
13820
15806
msgstr ""
13821
15807
13822
#: serverguide/C/network-auth.xml:2220(para)
15808
#: serverguide/C/network-auth.xml:2563(para)
13823
15809
msgid ""
13824
15810
"Next, use the <application>auth-client-config</application> to configure the "
13825
15811
"<application>libpam-krb5</application> module to request a ticket during "
13826
15812
"login:"
13827
15813
msgstr ""
13828
15814
13829
#: serverguide/C/network-auth.xml:2226(command)
15815
#: serverguide/C/network-auth.xml:2569(command)
13830
15816
msgid "sudo auth-client-config -a -p kerberos_example"
13831
15817
msgstr ""
13832
15818
13833
#: serverguide/C/network-auth.xml:2229(para)
15819
#: serverguide/C/network-auth.xml:2572(para)
13834
15820
msgid ""
13835
15821
"You will should now receive a ticket upon successful login authentication."
13836
15822
msgstr ""
13837
15823
13838
#: serverguide/C/network-auth.xml:2240(para)
15824
#: serverguide/C/network-auth.xml:2583(para)
13839
15825
msgid ""
13840
15826
"For more information on Kerberos see the <ulink "
13841
15827
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
13842
15828
msgstr ""
13843
15829
13844
#: serverguide/C/network-auth.xml:2245(para)
15830
#: serverguide/C/network-auth.xml:2588(para)
15831
msgid ""
15832
"The <ulink url=\"https://help.ubuntu.com/community/Kerberos\">Ubuntu Wiki "
15833
"Kerberos</ulink> page has more details."
15834
msgstr ""
15835
15836
#: serverguide/C/network-auth.xml:2593(para)
13845
15837
msgid ""
13846
15838
"O'Reilly's <ulink "
13847
15839
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
13848
15840
"Guide</ulink> is a great reference when setting up Kerberos."
13849
15841
msgstr ""
13850
15842
13851
#: serverguide/C/network-auth.xml:2251(para)
15843
#: serverguide/C/network-auth.xml:2599(para)
13852
15844
msgid ""
13853
15845
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
13854
15846
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
13855
15847
"Kerberos questions."
13856
15848
msgstr ""
13857
15849
13858
#: serverguide/C/network-auth.xml:2261(title)
15850
#: serverguide/C/network-auth.xml:2609(title)
13859
15851
msgid "Kerberos and LDAP"
13860
15852
msgstr ""
13861
15853
13862
#: serverguide/C/network-auth.xml:2263(para)
15854
#: serverguide/C/network-auth.xml:2611(para)
13863
15855
msgid ""
13864
15856
"Replicating a Kerberos principal database between two servers can be "
13865
15857
"complicated, and adds an additional user database to your network. "
13869
15861
"<application>OpenLDAP</application> for the principal database."
13870
15862
msgstr ""
13871
15863
13872
#: serverguide/C/network-auth.xml:2271(title)
15864
#: serverguide/C/network-auth.xml:2619(title)
13873
15865
msgid "Configuring OpenLDAP"
13874
15866
msgstr ""
13875
15867
13876
#: serverguide/C/network-auth.xml:2273(para)
15868
#: serverguide/C/network-auth.xml:2621(para)
13877
15869
msgid ""
13878
15870
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
13879
15871
"<application>OpenLDAP</application> server that has network connectivity to "
13882
15874
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
13883
15875
msgstr ""
13884
15876
13885
#: serverguide/C/network-auth.xml:2280(para)
15877
#: serverguide/C/network-auth.xml:2628(para)
13886
15878
msgid ""
13887
15879
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
13888
15880
"that traffic between the KDC and LDAP server is encrypted. See <xref "
13889
15881
"linkend=\"openldap-tls\"/> for details."
13890
15882
msgstr ""
13891
15883
13892
#: serverguide/C/network-auth.xml:2287(para)
15884
#: serverguide/C/network-auth.xml:2635(para)
13893
15885
msgid ""
13894
15886
"To load the schema into LDAP, on the LDAP server install the "
13895
15887
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
13896
15888
msgstr ""
13897
15889
13898
#: serverguide/C/network-auth.xml:2293(command)
15890
#: serverguide/C/network-auth.xml:2641(command)
13899
15891
msgid "sudo apt-get install krb5-kdc-ldap"
13900
15892
msgstr ""
13901
15893
13902
#: serverguide/C/network-auth.xml:2298(para)
15894
#: serverguide/C/network-auth.xml:2646(para)
13903
15895
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
13904
15896
msgstr ""
13905
15897
13906
#: serverguide/C/network-auth.xml:2303(command)
15898
#: serverguide/C/network-auth.xml:2651(command)
13907
15899
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
13908
15900
msgstr ""
13909
15901
13910
#: serverguide/C/network-auth.xml:2304(command)
15902
#: serverguide/C/network-auth.xml:2652(command)
13911
15903
msgid ""
13912
15904
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
13913
15905
msgstr ""
13914
15906
13915
#: serverguide/C/network-auth.xml:2310(para)
15907
#: serverguide/C/network-auth.xml:2658(para)
13916
15908
msgid ""
13917
15909
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
13918
15910
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
13920
15912
"linkend=\"openldap-configuration\"/>."
13921
15913
msgstr ""
13922
15914
13923
#: serverguide/C/network-auth.xml:2323(programlisting)
15915
#: serverguide/C/network-auth.xml:2671(programlisting)
13924
15916
#, no-wrap
13925
15917
msgid ""
13926
15918
"\n"
13939
15931
"include /etc/ldap/schema/kerberos.schema\n"
13940
15932
msgstr ""
13941
15933
13942
#: serverguide/C/network-auth.xml:2343(para)
15934
#: serverguide/C/network-auth.xml:2691(para)
13943
15935
msgid "Create a temporary directory to hold the LDIF files:"
13944
15936
msgstr ""
13945
15937
13946
#: serverguide/C/network-auth.xml:2358(command)
15938
#: serverguide/C/network-auth.xml:2706(command)
13947
15939
msgid ""
13948
15940
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13949
15941
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
13950
15942
msgstr ""
13951
15943
13952
#: serverguide/C/network-auth.xml:2368(para)
15944
#: serverguide/C/network-auth.xml:2716(para)
13953
15945
msgid ""
13954
15946
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
13955
15947
"changing the following attributes:"
13956
15948
msgstr ""
13957
15949
13958
#: serverguide/C/network-auth.xml:2372(programlisting)
15950
#: serverguide/C/network-auth.xml:2720(programlisting)
13959
15951
#, no-wrap
13960
15952
msgid ""
13961
15953
"\n"
13964
15956
"cn: kerberos\n"
13965
15957
msgstr ""
13966
15958
13967
#: serverguide/C/network-auth.xml:2378(para)
15959
#: serverguide/C/network-auth.xml:2726(para)
13968
15960
msgid "And remove the following lines from the end of the file:"
13969
15961
msgstr ""
13970
15962
13971
#: serverguide/C/network-auth.xml:2382(programlisting)
15963
#: serverguide/C/network-auth.xml:2730(programlisting)
13972
15964
#, no-wrap
13973
15965
msgid ""
13974
15966
"\n"
13981
15973
"modifyTimestamp: 20090111203515Z\n"
13982
15974
msgstr ""
13983
15975
13984
#: serverguide/C/network-auth.xml:2401(para)
15976
#: serverguide/C/network-auth.xml:2749(para)
13985
15977
msgid "Load the new schema with <application>ldapadd</application>:"
13986
15978
msgstr ""
13987
15979
13988
#: serverguide/C/network-auth.xml:2406(command)
15980
#: serverguide/C/network-auth.xml:2754(command)
13989
15981
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
13990
15982
msgstr ""
13991
15983
13992
#: serverguide/C/network-auth.xml:2412(para)
15984
#: serverguide/C/network-auth.xml:2760(para)
13993
15985
msgid ""
13994
15986
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
13995
15987
msgstr ""
13996
15988
13997
#: serverguide/C/network-auth.xml:2419(userinput)
15989
#: serverguide/C/network-auth.xml:2765(command) serverguide/C/network-auth.xml:2782(command)
15990
msgid "ldapmodify -x -D cn=admin,cn=config -W"
15991
msgstr ""
15992
15993
#: serverguide/C/network-auth.xml:2767(userinput)
13998
15994
#, no-wrap
13999
15995
msgid ""
14000
15996
"dn: olcDatabase={1}hdb,cn=config\n"
14002
15998
"olcDbIndex: krbPrincipalName eq,pres,sub"
14003
15999
msgstr ""
14004
16000
14005
#: serverguide/C/network-auth.xml:2429(para)
16001
#: serverguide/C/network-auth.xml:2766(computeroutput)
16002
#, no-wrap
16003
msgid ""
16004
"Enter LDAP Password:\n"
16005
"<placeholder-1/>\n"
16006
"\n"
16007
"modifying entry \"olcDatabase={1}hdb,cn=config\""
16008
msgstr ""
16009
16010
#: serverguide/C/network-auth.xml:2777(para)
14006
16011
msgid "Finally, update the Access Control Lists (ACL):"
14007
16012
msgstr ""
14008
16013
14009
#: serverguide/C/network-auth.xml:2436(userinput)
16014
#: serverguide/C/network-auth.xml:2784(userinput)
14010
16015
#, no-wrap
14011
16016
msgid ""
14012
16017
"dn: olcDatabase={1}hdb,cn=config\n"
14022
16027
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
14023
16028
msgstr ""
14024
16029
14025
#: serverguide/C/network-auth.xml:2435(computeroutput)
16030
#: serverguide/C/network-auth.xml:2783(computeroutput)
14026
16031
#, no-wrap
14027
16032
msgid ""
14028
16033
"Enter LDAP Password: \n"
14031
16036
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14032
16037
msgstr ""
14033
16038
14034
#: serverguide/C/network-auth.xml:2456(para)
16039
#: serverguide/C/network-auth.xml:2804(para)
14035
16040
msgid ""
14036
16041
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
14037
16042
"database."
14038
16043
msgstr ""
14039
16044
14040
#: serverguide/C/network-auth.xml:2462(title)
16045
#: serverguide/C/network-auth.xml:2810(title)
14041
16046
msgid "Primary KDC Configuration"
14042
16047
msgstr ""
14043
16048
14044
#: serverguide/C/network-auth.xml:2464(para)
16049
#: serverguide/C/network-auth.xml:2812(para)
14045
16050
msgid ""
14046
16051
"With <application>OpenLDAP</application> configured it is time to configure "
14047
16052
"the KDC."
14048
16053
msgstr ""
14049
16054
14050
#: serverguide/C/network-auth.xml:2470(para)
16055
#: serverguide/C/network-auth.xml:2818(para)
14051
16056
msgid "First, install the necessary packages, from a terminal enter:"
14052
16057
msgstr ""
14053
16058
14054
#: serverguide/C/network-auth.xml:2475(command) serverguide/C/network-auth.xml:2632(command)
16059
#: serverguide/C/network-auth.xml:2823(command) serverguide/C/network-auth.xml:2980(command)
14055
16060
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
14056
16061
msgstr ""
14057
16062
14058
#: serverguide/C/network-auth.xml:2481(para)
16063
#: serverguide/C/network-auth.xml:2829(para)
14059
16064
msgid ""
14060
16065
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
14061
16066
"under the appropriate sections:"
14062
16067
msgstr ""
14063
16068
14064
#: serverguide/C/network-auth.xml:2485(programlisting)
16069
#: serverguide/C/network-auth.xml:2833(programlisting)
14065
16070
#, no-wrap
14066
16071
msgid ""
14067
16072
"\n"
14111
16116
" }\n"
14112
16117
msgstr ""
14113
16118
14114
#: serverguide/C/network-auth.xml:2530(para)
16119
#: serverguide/C/network-auth.xml:2878(para)
14115
16120
msgid ""
14116
16121
"Change <emphasis>example.com</emphasis>, "
14117
16122
"<emphasis>dc=example,dc=com</emphasis>, "
14120
16125
"object, and LDAP server for your network."
14121
16126
msgstr ""
14122
16127
14123
#: serverguide/C/network-auth.xml:2539(para)
16128
#: serverguide/C/network-auth.xml:2887(para)
14124
16129
msgid ""
14125
16130
"Next, use the <application>kdb5_ldap_util</application> utility to create "
14126
16131
"the realm:"
14127
16132
msgstr ""
14128
16133
14129
#: serverguide/C/network-auth.xml:2544(command)
16134
#: serverguide/C/network-auth.xml:2892(command)
14130
16135
msgid ""
14131
16136
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
14132
16137
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
14133
16138
msgstr ""
14134
16139
14135
#: serverguide/C/network-auth.xml:2550(para)
16140
#: serverguide/C/network-auth.xml:2898(para)
14136
16141
msgid ""
14137
16142
"Create a stash of the password used to bind to the LDAP server. This "
14138
16143
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
14140
16145
"<filename>/etc/krb5.conf</filename>:"
14141
16146
msgstr ""
14142
16147
14143
#: serverguide/C/network-auth.xml:2556(command) serverguide/C/network-auth.xml:2694(command)
16148
#: serverguide/C/network-auth.xml:2904(command) serverguide/C/network-auth.xml:3042(command)
14144
16149
msgid ""
14145
16150
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
14146
16151
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
14147
16152
msgstr ""
14148
16153
14149
#: serverguide/C/network-auth.xml:2562(para)
16154
#: serverguide/C/network-auth.xml:2910(para)
14150
16155
msgid "Copy the CA certificate from the LDAP server:"
14151
16156
msgstr ""
14152
16157
14153
#: serverguide/C/network-auth.xml:2567(command)
16158
#: serverguide/C/network-auth.xml:2915(command)
14154
16159
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
14155
16160
msgstr ""
14156
16161
14157
#: serverguide/C/network-auth.xml:2568(command)
16162
#: serverguide/C/network-auth.xml:2916(command)
14158
16163
msgid "sudo cp cacert.pem /etc/ssl/certs"
14159
16164
msgstr ""
14160
16165
14161
#: serverguide/C/network-auth.xml:2571(para)
16166
#: serverguide/C/network-auth.xml:2919(para)
14162
16167
msgid ""
14163
16168
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
14164
16169
msgstr ""
14165
16170
14166
#: serverguide/C/network-auth.xml:2575(programlisting)
16171
#: serverguide/C/network-auth.xml:2923(programlisting)
14167
16172
#, no-wrap
14168
16173
msgid ""
14169
16174
"\n"
14170
16175
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14171
16176
msgstr ""
14172
16177
14173
#: serverguide/C/network-auth.xml:2580(para)
16178
#: serverguide/C/network-auth.xml:2928(para)
14174
16179
msgid ""
14175
16180
"The certificate will also need to be copied to the Secondary KDC, to allow "
14176
16181
"the connection to the LDAP servers using LDAPS."
14177
16182
msgstr ""
14178
16183
14179
#: serverguide/C/network-auth.xml:2589(para)
16184
#: serverguide/C/network-auth.xml:2937(para)
14180
16185
msgid ""
14181
16186
"You can now add Kerberos principals to the LDAP database, and they will be "
14182
16187
"copied to any other LDAP servers configured for replication. To add a "
14183
16188
"principal using the <application>kadmin.local</application> utility enter:"
14184
16189
msgstr ""
14185
16190
14186
#: serverguide/C/network-auth.xml:2597(userinput)
16191
#: serverguide/C/network-auth.xml:2945(userinput)
14187
16192
#, no-wrap
14188
16193
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
14189
16194
msgstr ""
14190
16195
14191
#: serverguide/C/network-auth.xml:2596(computeroutput)
16196
#: serverguide/C/network-auth.xml:2944(computeroutput)
14192
16197
#, no-wrap
14193
16198
msgid ""
14194
16199
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
14199
16204
"Principal \"steve@EXAMPLE.COM\" created."
14200
16205
msgstr ""
14201
16206
14202
#: serverguide/C/network-auth.xml:2604(para)
16207
#: serverguide/C/network-auth.xml:2952(para)
14203
16208
msgid ""
14204
16209
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
14205
16210
"krbExtraData attributes added to the "
14208
16213
"utilities to test that the user is indeed issued a ticket."
14209
16214
msgstr ""
14210
16215
14211
#: serverguide/C/network-auth.xml:2611(para)
16216
#: serverguide/C/network-auth.xml:2959(para)
14212
16217
msgid ""
14213
16218
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
14214
16219
"option is needed to add the Kerberos attributes. Otherwise a new "
14215
16220
"<emphasis>principal</emphasis> object will be created in the realm subtree."
14216
16221
msgstr ""
14217
16222
14218
#: serverguide/C/network-auth.xml:2619(title)
16223
#: serverguide/C/network-auth.xml:2967(title)
14219
16224
msgid "Secondary KDC Configuration"
14220
16225
msgstr ""
14221
16226
14222
#: serverguide/C/network-auth.xml:2621(para)
16227
#: serverguide/C/network-auth.xml:2969(para)
14223
16228
msgid ""
14224
16229
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
14225
16230
"one using the normal Kerberos database."
14226
16231
msgstr ""
14227
16232
14228
#: serverguide/C/network-auth.xml:2627(para)
16233
#: serverguide/C/network-auth.xml:2975(para)
14229
16234
msgid "First, install the necessary packages. In a terminal enter:"
14230
16235
msgstr ""
14231
16236
14232
#: serverguide/C/network-auth.xml:2638(para)
16237
#: serverguide/C/network-auth.xml:2986(para)
14233
16238
msgid ""
14234
16239
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
14235
16240
msgstr ""
14236
16241
14237
#: serverguide/C/network-auth.xml:2642(programlisting)
16242
#: serverguide/C/network-auth.xml:2990(programlisting)
14238
16243
#, no-wrap
14239
16244
msgid ""
14240
16245
"\n"
14283
16288
" }\n"
14284
16289
msgstr ""
14285
16290
14286
#: serverguide/C/network-auth.xml:2689(para)
16291
#: serverguide/C/network-auth.xml:3037(para)
14287
16292
msgid "Create the stash for the LDAP bind password:"
14288
16293
msgstr ""
14289
16294
14290
#: serverguide/C/network-auth.xml:2700(para)
16295
#: serverguide/C/network-auth.xml:3048(para)
14291
16296
msgid ""
14292
16297
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
14293
16298
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
14296
16301
"media."
14297
16302
msgstr ""
14298
16303
14299
#: serverguide/C/network-auth.xml:2707(command)
16304
#: serverguide/C/network-auth.xml:3055(command)
14300
16305
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
14301
16306
msgstr ""
14302
16307
14303
#: serverguide/C/network-auth.xml:2708(command)
16308
#: serverguide/C/network-auth.xml:3056(command)
14304
16309
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
14305
16310
msgstr ""
14306
16311
14307
#: serverguide/C/network-auth.xml:2712(para)
16312
#: serverguide/C/network-auth.xml:3060(para)
14308
16313
msgid ""
14309
16314
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
14310
16315
msgstr ""
14311
16316
14312
#: serverguide/C/network-auth.xml:2720(para)
16317
#: serverguide/C/network-auth.xml:3068(para)
14313
16318
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
14314
16319
msgstr ""
14315
16320
14316
#: serverguide/C/network-auth.xml:2731(para)
16321
#: serverguide/C/network-auth.xml:3079(para)
14317
16322
msgid ""
14318
16323
"You now have redundant KDCs on your network, and with redundant LDAP servers "
14319
16324
"you should be able to continue to authenticate users if one LDAP server, one "
14320
16325
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
14321
16326
msgstr ""
14322
16327
14323
#: serverguide/C/network-auth.xml:2743(para)
16328
#: serverguide/C/network-auth.xml:3091(para)
14324
16329
msgid ""
14325
16330
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14326
16331
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
14327
16332
"Guide</ulink> has some additional details."
14328
16333
msgstr ""
14329
16334
14330
#: serverguide/C/network-auth.xml:2749(para)
16335
#: serverguide/C/network-auth.xml:3097(para)
14331
16336
msgid ""
14332
16337
"For more information on <application>kdb5_ldap_util</application> see <ulink "
14333
16338
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14334
16339
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
14335
16340
"5.6</ulink> and the <ulink "
14336
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/kdb5_ldap_util.8.htm"
14337
"l\">kdb5_ldap_util man page</ulink>."
16341
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/kdb5_ldap_util.8.html"
16342
"\">kdb5_ldap_util man page</ulink>."
14338
16343
msgstr ""
14339
16344
14340
#: serverguide/C/network-auth.xml:2757(para)
16345
#: serverguide/C/network-auth.xml:3105(para)
14341
16346
msgid ""
14342
16347
"Another useful link is the <ulink "
14343
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">k"
14344
"rb5.conf man page</ulink>."
16348
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/krb5.conf.5.html\">kr"
16349
"b5.conf man page</ulink>."
16350
msgstr ""
16351
16352
#: serverguide/C/network-auth.xml:3110(para)
16353
msgid ""
16354
"Also, see the <ulink "
16355
"url=\"https://help.ubuntu.com/community/Kerberos#kerberos-ldap\">Kerberos "
16356
"and LDAP</ulink> Ubuntu wiki page."
14345
16357
msgstr ""
14346
16358
14347
16359
#: serverguide/C/monitoring.xml:13(title)
14758
16770
"Nagios and network monitoring:"
14759
16771
msgstr ""
14760
16772
14761
#: serverguide/C/monitoring.xml:420(title)
16773
#: serverguide/C/monitoring.xml:416(para)
16774
msgid ""
16775
"The <ulink url=\"https://help.ubuntu.com/community/Nagios\">Nagios Ubuntu "
16776
"Wiki</ulink> page also has more details."
16777
msgstr ""
16778
16779
#: serverguide/C/monitoring.xml:425(title)
14762
16780
msgid "Munin"
14763
16781
msgstr ""
14764
16782
14765
#: serverguide/C/monitoring.xml:425(para)
16783
#: serverguide/C/monitoring.xml:430(para)
14766
16784
msgid ""
14767
16785
"Before installing <application>Munin</application> on "
14768
16786
"<emphasis>server01</emphasis><application>apache2</application> will need to "
14771
16789
"linkend=\"httpd\"/>."
14772
16790
msgstr ""
14773
16791
14774
#: serverguide/C/monitoring.xml:431(para)
16792
#: serverguide/C/monitoring.xml:436(para)
14775
16793
msgid ""
14776
16794
"First, on <emphasis>server01</emphasis> install "
14777
16795
"<application>munin</application>. In a terminal enter:"
14778
16796
msgstr ""
14779
16797
14780
#: serverguide/C/monitoring.xml:436(command)
16798
#: serverguide/C/monitoring.xml:441(command)
14781
16799
msgid "sudo apt-get install munin"
14782
16800
msgstr ""
14783
16801
14784
#: serverguide/C/monitoring.xml:439(para)
16802
#: serverguide/C/monitoring.xml:444(para)
14785
16803
msgid ""
14786
16804
"Now on <emphasis>server02</emphasis> install the <application>munin-"
14787
16805
"node</application> package:"
14788
16806
msgstr ""
14789
16807
14790
#: serverguide/C/monitoring.xml:444(command)
16808
#: serverguide/C/monitoring.xml:449(command)
14791
16809
msgid "sudo apt-get install munin-node"
14792
16810
msgstr ""
14793
16811
14794
#: serverguide/C/monitoring.xml:451(para)
16812
#: serverguide/C/monitoring.xml:456(para)
14795
16813
msgid ""
14796
16814
"On <emphasis>server01</emphasis> edit the "
14797
16815
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
14798
16816
"<emphasis>server02</emphasis>:"
14799
16817
msgstr ""
14800
16818
14801
#: serverguide/C/monitoring.xml:456(programlisting)
16819
#: serverguide/C/monitoring.xml:461(programlisting)
14802
16820
#, no-wrap
14803
16821
msgid ""
14804
16822
"\n"
14807
16825
" address 172.18.100.101\n"
14808
16826
msgstr ""
14809
16827
14810
#: serverguide/C/monitoring.xml:463(para)
16828
#: serverguide/C/monitoring.xml:468(para)
14811
16829
msgid ""
14812
16830
"Replace <emphasis>server02</emphasis> and "
14813
16831
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
14814
16832
"for your server."
14815
16833
msgstr ""
14816
16834
14817
#: serverguide/C/monitoring.xml:469(para)
16835
#: serverguide/C/monitoring.xml:474(para)
14818
16836
msgid ""
14819
16837
"Next, configure <application>munin-node</application> on "
14820
16838
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
14821
16839
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
14822
16840
msgstr ""
14823
16841
14824
#: serverguide/C/monitoring.xml:474(programlisting)
16842
#: serverguide/C/monitoring.xml:479(programlisting)
14825
16843
#, no-wrap
14826
16844
msgid ""
14827
16845
"\n"
14828
16846
"allow ^172\\.18\\.100\\.100$\n"
14829
16847
msgstr ""
14830
16848
14831
#: serverguide/C/monitoring.xml:479(para)
16849
#: serverguide/C/monitoring.xml:484(para)
14832
16850
msgid ""
14833
16851
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
14834
16852
"<application>munin</application> server."
14835
16853
msgstr ""
14836
16854
14837
#: serverguide/C/monitoring.xml:484(para)
16855
#: serverguide/C/monitoring.xml:489(para)
14838
16856
msgid ""
14839
16857
"Now restart <application>munin-node</application> on "
14840
16858
"<emphasis>server02</emphasis> for the changes to take effect:"
14841
16859
msgstr ""
14842
16860
14843
#: serverguide/C/monitoring.xml:489(command)
16861
#: serverguide/C/monitoring.xml:494(command)
14844
16862
msgid "sudo /etc/init.d/munin-node restart"
14845
16863
msgstr ""
14846
16864
14847
#: serverguide/C/monitoring.xml:492(para)
16865
#: serverguide/C/monitoring.xml:497(para)
14848
16866
msgid ""
14849
16867
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
14850
16868
"you should see links to nice graphs displaying information from the standard "
14851
16869
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
14852
16870
msgstr ""
14853
16871
14854
#: serverguide/C/monitoring.xml:498(para)
16872
#: serverguide/C/monitoring.xml:503(para)
14855
16873
msgid ""
14856
16874
"Since this is a new install it may take some time for the graphs to display "
14857
16875
"anything useful."
14858
16876
msgstr ""
14859
16877
14860
#: serverguide/C/monitoring.xml:505(title)
16878
#: serverguide/C/monitoring.xml:510(title)
14861
16879
msgid "Additional Plugins"
14862
16880
msgstr ""
14863
16881
14864
#: serverguide/C/monitoring.xml:507(para)
16882
#: serverguide/C/monitoring.xml:512(para)
14865
16883
msgid ""
14866
16884
"The <application>munin-plugins-extra</application> package contains "
14867
16885
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
14868
16886
"install the package, from a terminal enter:"
14869
16887
msgstr ""
14870
16888
14871
#: serverguide/C/monitoring.xml:513(command)
16889
#: serverguide/C/monitoring.xml:518(command)
14872
16890
msgid "sudo apt-get install munin-plugins-extra"
14873
16891
msgstr ""
14874
16892
14875
#: serverguide/C/monitoring.xml:516(para)
16893
#: serverguide/C/monitoring.xml:521(para)
14876
16894
msgid "Be sure to install the package on both the server and node machines."
14877
16895
msgstr ""
14878
16896
14879
#: serverguide/C/monitoring.xml:526(para)
16897
#: serverguide/C/monitoring.xml:531(para)
14880
16898
msgid ""
14881
16899
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
14882
16900
"website for more details."
14883
16901
msgstr ""
14884
16902
14885
#: serverguide/C/monitoring.xml:531(para)
16903
#: serverguide/C/monitoring.xml:536(para)
14886
16904
msgid ""
14887
16905
"Specifically the <ulink "
14888
16906
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
14890
16908
"writing plugins, etc."
14891
16909
msgstr ""
14892
16910
14893
#: serverguide/C/monitoring.xml:537(para)
16911
#: serverguide/C/monitoring.xml:542(para)
14894
16912
msgid ""
14895
16913
"Also, there is a book in German by Open Source Press: <ulink "
14896
16914
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
14897
16915
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
14898
16916
msgstr ""
14899
16917
16918
#: serverguide/C/monitoring.xml:548(para)
16919
msgid ""
16920
"Another resource is the <ulink "
16921
"url=\"https://help.ubuntu.com/community/Munin\">Munin Ubuntu Wiki</ulink> "
16922
"page."
16923
msgstr ""
16924
14900
16925
#: serverguide/C/mail.xml:13(title)
14901
16926
msgid "Email Services"
14902
16927
msgstr ""
14914
16939
"IMAP server."
14915
16940
msgstr ""
14916
16941
14917
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:804(application) serverguide/C/mail.xml:838(title) serverguide/C/mail.xml:916(title) serverguide/C/mail.xml:1475(title)
16942
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:832(application) serverguide/C/mail.xml:866(title) serverguide/C/mail.xml:944(title) serverguide/C/mail.xml:1510(title)
14918
16943
msgid "Postfix"
14919
16944
msgstr ""
14920
16945
14980
17005
msgstr ""
14981
17006
14982
17007
#: serverguide/C/mail.xml:68(para)
14983
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
17008
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
14984
17009
msgstr ""
14985
17010
14986
17011
#: serverguide/C/mail.xml:69(para)
15004
17029
#: serverguide/C/mail.xml:75(para)
15005
17030
msgid ""
15006
17031
"Replace mail.example.com with the domain for which you'll accept email, "
15007
"192.168.0/24 with the actual network and class range of your mail server, "
17032
"192.168.0.0/24 with the actual network and class range of your mail server, "
15008
17033
"and steve with the appropriate username."
15009
17034
msgstr ""
15010
17035
15037
17062
"your Mail Delivery Agent (MDA) to use the same path."
15038
17063
msgstr ""
15039
17064
15040
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:538(title)
17065
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:556(title)
15041
17066
msgid "SMTP Authentication"
15042
17067
msgstr ""
15043
17068
15107
17132
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
15108
17133
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
15109
17134
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
15110
"sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'\n"
15111
17135
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
15112
17136
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
15113
17137
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
15115
17139
"sudo postconf -e 'myhostname = mail.example.com'\n"
15116
17140
msgstr ""
15117
17141
15118
#: serverguide/C/mail.xml:175(para)
17142
#: serverguide/C/mail.xml:173(para)
17143
msgid ""
17144
"If you are using your own <emphasis>Certificate Authority</emphasis> to sign "
17145
"the certificate enter:"
17146
msgstr ""
17147
17148
#: serverguide/C/mail.xml:177(command)
17149
msgid "sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'"
17150
msgstr ""
17151
17152
#: serverguide/C/mail.xml:180(para)
17153
msgid ""
17154
"Again, for more details about certificates see <xref linkend=\"certificates-"
17155
"and-security\"/>."
17156
msgstr ""
17157
17158
#: serverguide/C/mail.xml:186(para)
15119
17159
msgid ""
15120
17160
"After running all the commands, <application>Postfix</application> is "
15121
17161
"configured for SMTP-AUTH and a self-signed certificate has been created for "
15122
17162
"TLS encryption."
15123
17163
msgstr ""
15124
17164
15125
#: serverguide/C/mail.xml:180(para)
17165
#: serverguide/C/mail.xml:191(para)
15126
17166
msgid ""
15127
17167
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
15128
17168
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
15129
17169
msgstr ""
15130
17170
15131
#: serverguide/C/mail.xml:184(para)
17171
#: serverguide/C/mail.xml:195(para)
15132
17172
msgid ""
15133
17173
"The postfix initial configuration is complete. Run the following command to "
15134
17174
"restart the postfix daemon:"
15135
17175
msgstr ""
15136
17176
15137
#: serverguide/C/mail.xml:189(para)
17177
#: serverguide/C/mail.xml:201(command) serverguide/C/mail.xml:315(command) serverguide/C/mail.xml:378(command) serverguide/C/mail.xml:984(command) serverguide/C/mail.xml:1561(command)
17178
msgid "sudo /etc/init.d/postfix restart"
17179
msgstr ""
17180
17181
#: serverguide/C/mail.xml:204(para)
15138
17182
msgid ""
15139
17183
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
15140
17184
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
15143
17187
"use SMTP-AUTH."
15144
17188
msgstr ""
15145
17189
15146
#: serverguide/C/mail.xml:199(title) serverguide/C/mail.xml:591(title)
17190
#: serverguide/C/mail.xml:214(title) serverguide/C/mail.xml:609(title)
15147
17191
msgid "Configuring SASL"
15148
17192
msgstr ""
15149
17193
15150
#: serverguide/C/mail.xml:200(para)
17194
#: serverguide/C/mail.xml:215(para)
15151
17195
msgid ""
15152
17196
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
15153
17197
"enable Dovecot SASL the <application>dovecot-common</application> package "
15154
17198
"will need to be installed. From a terminal prompt enter the following:"
15155
17199
msgstr ""
15156
17200
15157
#: serverguide/C/mail.xml:206(command)
17201
#: serverguide/C/mail.xml:221(command)
15158
17202
msgid "sudo apt-get install dovecot-common"
15159
17203
msgstr ""
15160
17204
15161
#: serverguide/C/mail.xml:208(para)
17205
#: serverguide/C/mail.xml:223(para)
15162
17206
msgid ""
15163
17207
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
15164
17208
"In the <emphasis>auth default</emphasis> section uncomment the "
15165
17209
"<emphasis>socket listen</emphasis> option and change the following:"
15166
17210
msgstr ""
15167
17211
15168
#: serverguide/C/mail.xml:212(programlisting)
17212
#: serverguide/C/mail.xml:227(programlisting)
15169
17213
#, no-wrap
15170
17214
msgid ""
15171
17215
"\n"
15193
17237
" }\n"
15194
17238
msgstr ""
15195
17239
15196
#: serverguide/C/mail.xml:236(para)
17240
#: serverguide/C/mail.xml:251(para)
15197
17241
msgid ""
15198
17242
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
15199
17243
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
15200
17244
"add <emphasis>\"login\"</emphasis>:"
15201
17245
msgstr ""
15202
17246
15203
#: serverguide/C/mail.xml:241(programlisting)
17247
#: serverguide/C/mail.xml:256(programlisting)
15204
17248
#, no-wrap
15205
17249
msgid ""
15206
17250
"\n"
15207
17251
" mechanisms = plain login\n"
15208
17252
msgstr ""
15209
17253
15210
#: serverguide/C/mail.xml:245(para)
17254
#: serverguide/C/mail.xml:260(para)
15211
17255
msgid ""
15212
17256
"Once you have <application>Dovecot</application> configured restart it with:"
15213
17257
msgstr ""
15214
17258
15215
#: serverguide/C/mail.xml:249(command) serverguide/C/mail.xml:712(command)
17259
#: serverguide/C/mail.xml:264(command) serverguide/C/mail.xml:735(command)
15216
17260
msgid "sudo /etc/init.d/dovecot restart"
15217
17261
msgstr ""
15218
17262
15219
#: serverguide/C/mail.xml:254(title)
17263
#: serverguide/C/mail.xml:269(title)
15220
17264
msgid "Postfix-Dovecot"
15221
17265
msgstr ""
15222
17266
15223
#: serverguide/C/mail.xml:256(para)
17267
#: serverguide/C/mail.xml:271(para)
15224
17268
msgid ""
15225
17269
"Another option for configuring <application>Postfix</application> for SMTP-"
15226
17270
"AUTH is using the <application>dovecot-postfix</application> package. This "
15230
17274
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
15231
17275
msgstr ""
15232
17276
15233
#: serverguide/C/mail.xml:265(para)
17277
#: serverguide/C/mail.xml:280(para)
15234
17278
msgid ""
15235
17279
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
15236
17280
"server. For example, if you are configuring your server to be a mail "
15238
17282
"the above commands to configure Postfix for SMTPAUTH."
15239
17283
msgstr ""
15240
17284
15241
#: serverguide/C/mail.xml:272(para)
17285
#: serverguide/C/mail.xml:287(para)
15242
17286
msgid "To install the package, from a terminal prompt enter:"
15243
17287
msgstr ""
15244
17288
15245
#: serverguide/C/mail.xml:277(command)
17289
#: serverguide/C/mail.xml:292(command)
15246
17290
msgid "sudo apt-get install dovecot-postfix"
15247
17291
msgstr ""
15248
17292
15249
#: serverguide/C/mail.xml:280(para)
17293
#: serverguide/C/mail.xml:295(para)
15250
17294
msgid ""
15251
17295
"You should now have a working mail server, but there are a few options that "
15252
17296
"you may wish to further customize. For example, the package uses the "
15256
17300
"for more details."
15257
17301
msgstr ""
15258
17302
15259
#: serverguide/C/mail.xml:286(para)
17303
#: serverguide/C/mail.xml:301(para)
15260
17304
msgid ""
15261
17305
"Once you have a customized certificate and key for the host, change the "
15262
17306
"following options in <filename>/etc/postfix/main.cf</filename>:"
15263
17307
msgstr ""
15264
17308
15265
#: serverguide/C/mail.xml:290(programlisting)
17309
#: serverguide/C/mail.xml:305(programlisting)
15266
17310
#, no-wrap
15267
17311
msgid ""
15268
17312
"\n"
15270
17314
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
15271
17315
msgstr ""
15272
17316
15273
#: serverguide/C/mail.xml:295(para)
17317
#: serverguide/C/mail.xml:310(para)
15274
17318
msgid "Then restart Postfix:"
15275
17319
msgstr ""
15276
17320
15277
#: serverguide/C/mail.xml:300(command) serverguide/C/mail.xml:363(command) serverguide/C/mail.xml:956(command) serverguide/C/mail.xml:1526(command)
15278
msgid "sudo /etc/init.d/postfix restart"
15279
msgstr ""
15280
15281
#: serverguide/C/mail.xml:306(para)
17321
#: serverguide/C/mail.xml:321(para)
15282
17322
msgid ""
15283
17323
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
15284
17324
msgstr ""
15285
17325
15286
#: serverguide/C/mail.xml:309(para)
17326
#: serverguide/C/mail.xml:324(para)
15287
17327
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
15288
17328
msgstr ""
15289
17329
15290
#: serverguide/C/mail.xml:314(command)
17330
#: serverguide/C/mail.xml:329(command)
15291
17331
msgid "telnet mail.example.com 25"
15292
17332
msgstr ""
15293
17333
15294
#: serverguide/C/mail.xml:316(para)
17334
#: serverguide/C/mail.xml:331(para)
15295
17335
msgid ""
15296
17336
"After you have established the connection to the postfix mail server, type:"
15297
17337
msgstr ""
15298
17338
15299
#: serverguide/C/mail.xml:320(screen)
17339
#: serverguide/C/mail.xml:335(screen)
15300
17340
#, no-wrap
15301
17341
msgid ""
15302
17342
"\n"
15303
17343
"ehlo mail.example.com\n"
15304
17344
msgstr ""
15305
17345
15306
#: serverguide/C/mail.xml:323(para)
17346
#: serverguide/C/mail.xml:338(para)
15307
17347
msgid ""
15308
17348
"If you see the following lines among others, then everything is working "
15309
17349
"perfectly. Type <command>quit</command> to exit."
15310
17350
msgstr ""
15311
17351
15312
#: serverguide/C/mail.xml:327(programlisting)
17352
#: serverguide/C/mail.xml:342(programlisting)
15313
17353
#, no-wrap
15314
17354
msgid ""
15315
17355
"\n"
15319
17359
"250 8BITMIME\n"
15320
17360
msgstr ""
15321
17361
15322
#: serverguide/C/mail.xml:337(para)
17362
#: serverguide/C/mail.xml:352(para)
15323
17363
msgid ""
15324
17364
"This section introduces some common ways to determine the cause if problems "
15325
17365
"arise."
15326
17366
msgstr ""
15327
17367
15328
#: serverguide/C/mail.xml:341(title)
17368
#: serverguide/C/mail.xml:356(title)
15329
17369
msgid "Escaping chroot"
15330
17370
msgstr ""
15331
17371
15332
#: serverguide/C/mail.xml:342(para)
17372
#: serverguide/C/mail.xml:357(para)
15333
17373
msgid ""
15334
17374
"The Ubuntu <application>postfix</application> package will by default "
15335
17375
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
15336
17376
"This can add greater complexity when troubleshooting problems."
15337
17377
msgstr ""
15338
17378
15339
#: serverguide/C/mail.xml:346(para)
17379
#: serverguide/C/mail.xml:361(para)
15340
17380
msgid ""
15341
17381
"To turn off the chroot operation locate for the following line in the "
15342
17382
"<filename>/etc/postfix/master.cf</filename> configuration file:"
15343
17383
msgstr ""
15344
17384
15345
#: serverguide/C/mail.xml:350(screen)
17385
#: serverguide/C/mail.xml:365(screen)
15346
17386
#, no-wrap
15347
17387
msgid ""
15348
17388
"\n"
15349
17389
"smtp inet n - - - - smtpd\n"
15350
17390
msgstr ""
15351
17391
15352
#: serverguide/C/mail.xml:353(para)
17392
#: serverguide/C/mail.xml:368(para)
15353
17393
msgid "and modify it as follows:"
15354
17394
msgstr ""
15355
17395
15356
#: serverguide/C/mail.xml:356(screen)
17396
#: serverguide/C/mail.xml:371(screen)
15357
17397
#, no-wrap
15358
17398
msgid ""
15359
17399
"\n"
15360
17400
"smtp inet n - n - - smtpd\n"
15361
17401
msgstr ""
15362
17402
15363
#: serverguide/C/mail.xml:359(para)
17403
#: serverguide/C/mail.xml:374(para)
15364
17404
msgid ""
15365
17405
"You will then need to restart Postfix to use the new configuration. From a "
15366
17406
"terminal prompt enter:"
15367
17407
msgstr ""
15368
17408
15369
#: serverguide/C/mail.xml:367(title)
17409
#: serverguide/C/mail.xml:382(title)
15370
17410
msgid "Log Files"
15371
17411
msgstr ""
15372
17412
15373
#: serverguide/C/mail.xml:368(para)
17413
#: serverguide/C/mail.xml:383(para)
15374
17414
msgid ""
15375
17415
"<application>Postfix</application> sends all log messages to "
15376
17416
"<filename>/var/log/mail.log</filename>. However error and warning messages "
15379
17419
"<filename>/var/log/mail.warn</filename> respectively."
15380
17420
msgstr ""
15381
17421
15382
#: serverguide/C/mail.xml:373(para)
17422
#: serverguide/C/mail.xml:388(para)
15383
17423
msgid ""
15384
17424
"To see messages entered into the logs in real time you can use the "
15385
17425
"<application>tail -f</application> command:"
15386
17426
msgstr ""
15387
17427
15388
#: serverguide/C/mail.xml:378(command)
17428
#: serverguide/C/mail.xml:393(command)
15389
17429
msgid "tail -f /var/log/mail.err"
15390
17430
msgstr ""
15391
17431
15392
#: serverguide/C/mail.xml:380(para)
17432
#: serverguide/C/mail.xml:395(para)
15393
17433
msgid ""
15394
17434
"The amount of detail that is recorded in the logs can be increased. Below "
15395
17435
"are some configuration options for increasing the log level for some of the "
15396
17436
"areas covered above."
15397
17437
msgstr ""
15398
17438
15399
#: serverguide/C/mail.xml:386(para)
17439
#: serverguide/C/mail.xml:401(para)
15400
17440
msgid ""
15401
17441
"To increase <emphasis>TLS</emphasis> activity logging set the "
15402
17442
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
15403
17443
msgstr ""
15404
17444
15405
#: serverguide/C/mail.xml:390(command)
17445
#: serverguide/C/mail.xml:405(command)
15406
17446
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
15407
17447
msgstr ""
15408
17448
15409
#: serverguide/C/mail.xml:394(para)
17449
#: serverguide/C/mail.xml:409(para)
15410
17450
msgid ""
15411
17451
"If you are having trouble sending or receiving mail from a specific domain "
15412
17452
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
15413
17453
msgstr ""
15414
17454
15415
#: serverguide/C/mail.xml:399(command)
17455
#: serverguide/C/mail.xml:414(command)
15416
17456
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
15417
17457
msgstr ""
15418
17458
15419
#: serverguide/C/mail.xml:403(para)
17459
#: serverguide/C/mail.xml:418(para)
15420
17460
msgid ""
15421
17461
"You can increase the verbosity of any <application>Postfix</application> "
15422
17462
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
15424
17464
"<emphasis>smtp</emphasis> entry:"
15425
17465
msgstr ""
15426
17466
15427
#: serverguide/C/mail.xml:407(programlisting)
17467
#: serverguide/C/mail.xml:422(programlisting)
15428
17468
#, no-wrap
15429
17469
msgid ""
15430
17470
"\n"
15431
17471
"smtp unix - - - - - smtp -v\n"
15432
17472
msgstr ""
15433
17473
15434
#: serverguide/C/mail.xml:413(para)
17474
#: serverguide/C/mail.xml:428(para)
15435
17475
msgid ""
15436
17476
"It is important to note that after making one of the logging changes above "
15437
17477
"the <application>Postfix</application> process will need to be reloaded in "
15439
17479
"reload</command>"
15440
17480
msgstr ""
15441
17481
15442
#: serverguide/C/mail.xml:420(para)
17482
#: serverguide/C/mail.xml:435(para)
15443
17483
msgid ""
15444
17484
"To increase the amount of information logged when troubleshooting "
15445
17485
"<emphasis>SASL</emphasis> issues you can set the following options in "
15446
17486
"<filename>/etc/dovecot/dovecot.conf</filename>"
15447
17487
msgstr ""
15448
17488
15449
#: serverguide/C/mail.xml:424(programlisting)
17489
#: serverguide/C/mail.xml:439(programlisting)
15450
17490
#, no-wrap
15451
17491
msgid ""
15452
17492
"\n"
15454
17494
"auth_debug_passwords=yes\n"
15455
17495
msgstr ""
15456
17496
15457
#: serverguide/C/mail.xml:431(para)
17497
#: serverguide/C/mail.xml:446(para)
15458
17498
msgid ""
15459
17499
"Just like <application>Postfix</application> if you change a "
15460
17500
"<application>Dovecot</application> configuration the process will need to be "
15461
17501
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
15462
17502
msgstr ""
15463
17503
15464
#: serverguide/C/mail.xml:437(para)
17504
#: serverguide/C/mail.xml:452(para)
15465
17505
msgid ""
15466
17506
"Some of the options above can drastically increase the amount of information "
15467
17507
"sent to the log files. Remember to return the log level back to normal after "
15469
17509
"new configuration to take affect."
15470
17510
msgstr ""
15471
17511
15472
#: serverguide/C/mail.xml:445(para)
17512
#: serverguide/C/mail.xml:460(para)
15473
17513
msgid ""
15474
17514
"Administering a <application>Postfix</application> server can be a very "
15475
17515
"complicated task. At some point you may need to turn to the Ubuntu community "
15476
17516
"for more experienced help."
15477
17517
msgstr ""
15478
17518
15479
#: serverguide/C/mail.xml:449(para)
17519
#: serverguide/C/mail.xml:464(para)
15480
17520
msgid ""
15481
17521
"A great place to ask for <application>Postfix</application> assistance, and "
15482
17522
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
15486
17526
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
15487
17527
msgstr ""
15488
17528
15489
#: serverguide/C/mail.xml:454(para)
17529
#: serverguide/C/mail.xml:469(para)
15490
17530
msgid ""
15491
17531
"For in depth <application>Postfix</application> information Ubuntu "
15492
17532
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
15493
17533
"Book of Postfix</ulink>."
15494
17534
msgstr ""
15495
17535
15496
#: serverguide/C/mail.xml:458(para)
17536
#: serverguide/C/mail.xml:473(para)
15497
17537
msgid ""
15498
17538
"Finally, the <ulink "
15499
17539
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
15501
17541
"available."
15502
17542
msgstr ""
15503
17543
15504
#: serverguide/C/mail.xml:467(title) serverguide/C/mail.xml:844(title) serverguide/C/mail.xml:960(title)
17544
#: serverguide/C/mail.xml:477(para)
17545
msgid ""
17546
"Also, the <ulink url=\"https://help.ubuntu.com/community/Postfix\">Ubuntu "
17547
"Wiki Postifx</ulink> page has more information."
17548
msgstr ""
17549
17550
#: serverguide/C/mail.xml:485(title) serverguide/C/mail.xml:872(title) serverguide/C/mail.xml:988(title)
15505
17551
msgid "Exim4"
15506
17552
msgstr ""
15507
17553
15508
#: serverguide/C/mail.xml:468(para)
17554
#: serverguide/C/mail.xml:486(para)
15509
17555
msgid ""
15510
17556
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
15511
17557
"developed at the University of Cambridge for use on Unix systems connected "
15515
17561
"<application>sendmail</application>."
15516
17562
msgstr ""
15517
17563
15518
#: serverguide/C/mail.xml:479(para)
17564
#: serverguide/C/mail.xml:497(para)
15519
17565
msgid ""
15520
17566
"To install <application>exim4</application>, run the following command: "
15521
17567
"<screen>\n"
15523
17569
"</screen>"
15524
17570
msgstr ""
15525
17571
15526
#: serverguide/C/mail.xml:488(para)
17572
#: serverguide/C/mail.xml:506(para)
15527
17573
msgid ""
15528
17574
"To configure <application>Exim4</application>, run the following command:"
15529
17575
msgstr ""
15530
17576
15531
#: serverguide/C/mail.xml:492(command)
17577
#: serverguide/C/mail.xml:510(command)
15532
17578
msgid "sudo dpkg-reconfigure exim4-config"
15533
17579
msgstr ""
15534
17580
15535
#: serverguide/C/mail.xml:494(para)
17581
#: serverguide/C/mail.xml:512(para)
15536
17582
msgid ""
15537
17583
"The user interface will be displayed. The user interface lets you configure "
15538
17584
"many parameters. For example, In <application>Exim4</application> the "
15540
17586
"in one file you can configure accordingly in this user interface."
15541
17587
msgstr ""
15542
17588
15543
#: serverguide/C/mail.xml:502(para)
17589
#: serverguide/C/mail.xml:520(para)
15544
17590
msgid ""
15545
17591
"All the parameters you configure in the user interface are stored in "
15546
17592
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
15549
17595
"following command to generate the master configuration file:"
15550
17596
msgstr ""
15551
17597
15552
#: serverguide/C/mail.xml:513(command) serverguide/C/mail.xml:586(command)
17598
#: serverguide/C/mail.xml:531(command) serverguide/C/mail.xml:604(command)
15553
17599
msgid "sudo update-exim4.conf"
15554
17600
msgstr ""
15555
17601
15556
#: serverguide/C/mail.xml:515(para)
17602
#: serverguide/C/mail.xml:533(para)
15557
17603
msgid ""
15558
17604
"The master configuration file, is generated and it is stored in "
15559
17605
"<filename>/var/lib/exim4/config.autogenerated</filename>."
15560
17606
msgstr ""
15561
17607
15562
#: serverguide/C/mail.xml:521(para)
17608
#: serverguide/C/mail.xml:539(para)
15563
17609
msgid ""
15564
17610
"At any time, you should not edit the master configuration file, "
15565
17611
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
15566
17612
"updated automatically every time you run <command>update-exim4.conf</command>"
15567
17613
msgstr ""
15568
17614
15569
#: serverguide/C/mail.xml:529(para)
17615
#: serverguide/C/mail.xml:547(para)
15570
17616
msgid ""
15571
17617
"You can run the following command to start <application>Exim4</application> "
15572
17618
"daemon."
15573
17619
msgstr ""
15574
17620
15575
#: serverguide/C/mail.xml:534(command) serverguide/C/mail.xml:966(command)
17621
#: serverguide/C/mail.xml:552(command) serverguide/C/mail.xml:994(command)
15576
17622
msgid "sudo /etc/init.d/exim4 start"
15577
17623
msgstr ""
15578
17624
15579
#: serverguide/C/mail.xml:539(para)
17625
#: serverguide/C/mail.xml:557(para)
15580
17626
msgid ""
15581
17627
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
15582
17628
msgstr ""
15583
17629
15584
#: serverguide/C/mail.xml:542(para)
17630
#: serverguide/C/mail.xml:560(para)
15585
17631
msgid ""
15586
17632
"The first step is to create a certificate for use with TLS. Enter the "
15587
17633
"following into a terminal prompt:"
15588
17634
msgstr ""
15589
17635
15590
#: serverguide/C/mail.xml:546(command)
17636
#: serverguide/C/mail.xml:564(command)
15591
17637
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
15592
17638
msgstr ""
15593
17639
15594
#: serverguide/C/mail.xml:548(para)
17640
#: serverguide/C/mail.xml:566(para)
15595
17641
msgid ""
15596
17642
"Now Exim4 needs to be configured for TLS by editing "
15597
17643
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
15598
17644
"the following:"
15599
17645
msgstr ""
15600
17646
15601
#: serverguide/C/mail.xml:552(programlisting)
17647
#: serverguide/C/mail.xml:570(programlisting)
15602
17648
#, no-wrap
15603
17649
msgid ""
15604
17650
"\n"
15605
17651
"MAIN_TLS_ENABLE = yes\n"
15606
17652
msgstr ""
15607
17653
15608
#: serverguide/C/mail.xml:555(para)
17654
#: serverguide/C/mail.xml:573(para)
15609
17655
msgid ""
15610
17656
"Next you need to configure <application>Exim4</application> to use the "
15611
17657
"<application>saslauthd</application> for authentication. Edit "
15614
17660
"<emphasis>login_saslauthd_server</emphasis> sections:"
15615
17661
msgstr ""
15616
17662
15617
#: serverguide/C/mail.xml:560(programlisting)
17663
#: serverguide/C/mail.xml:578(programlisting)
15618
17664
#, no-wrap
15619
17665
msgid ""
15620
17666
"\n"
15640
17686
" .endif\n"
15641
17687
msgstr ""
15642
17688
15643
#: serverguide/C/mail.xml:582(para)
17689
#: serverguide/C/mail.xml:600(para)
15644
17690
msgid "Finally, update the Exim4 configuration and restart the service:"
15645
17691
msgstr ""
15646
17692
15647
#: serverguide/C/mail.xml:587(command)
17693
#: serverguide/C/mail.xml:605(command)
15648
17694
msgid "sudo /etc/init.d/exim4 restart"
15649
17695
msgstr ""
15650
17696
15651
#: serverguide/C/mail.xml:592(para)
17697
#: serverguide/C/mail.xml:610(para)
15652
17698
msgid ""
15653
17699
"This section provides details on configuring the saslauthd to provide "
15654
17700
"authentication for <application>Exim4</application>."
15655
17701
msgstr ""
15656
17702
15657
#: serverguide/C/mail.xml:595(para)
17703
#: serverguide/C/mail.xml:613(para)
15658
17704
msgid ""
15659
17705
"The first step is to install the sasl2-bin package. From a terminal prompt "
15660
17706
"enter the following:"
15661
17707
msgstr ""
15662
17708
15663
#: serverguide/C/mail.xml:599(command)
17709
#: serverguide/C/mail.xml:617(command)
15664
17710
msgid "sudo apt-get install sasl2-bin"
15665
17711
msgstr ""
15666
17712
15667
#: serverguide/C/mail.xml:601(para)
17713
#: serverguide/C/mail.xml:619(para)
15668
17714
msgid ""
15669
17715
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
15670
17716
"and set START=no to:"
15671
17717
msgstr ""
15672
17718
15673
#: serverguide/C/mail.xml:604(programlisting)
17719
#: serverguide/C/mail.xml:622(programlisting)
15674
17720
#, no-wrap
15675
17721
msgid ""
15676
17722
"\n"
15677
17723
"START=yes\n"
15678
17724
msgstr ""
15679
17725
15680
#: serverguide/C/mail.xml:607(para)
17726
#: serverguide/C/mail.xml:625(para)
15681
17727
msgid ""
15682
17728
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
15683
17729
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
15684
17730
"service:"
15685
17731
msgstr ""
15686
17732
15687
#: serverguide/C/mail.xml:612(command)
17733
#: serverguide/C/mail.xml:630(command)
15688
17734
msgid "sudo adduser Debian-exim sasl"
15689
17735
msgstr ""
15690
17736
15691
#: serverguide/C/mail.xml:614(para)
17737
#: serverguide/C/mail.xml:632(para)
15692
17738
msgid "Now start the <application>saslauthd</application> service:"
15693
17739
msgstr ""
15694
17740
15695
#: serverguide/C/mail.xml:618(command)
17741
#: serverguide/C/mail.xml:636(command)
15696
17742
msgid "sudo /etc/init.d/saslauthd start"
15697
17743
msgstr ""
15698
17744
15699
#: serverguide/C/mail.xml:620(para)
17745
#: serverguide/C/mail.xml:638(para)
15700
17746
msgid ""
15701
17747
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
15702
17748
"and SASL authentication."
15703
17749
msgstr ""
15704
17750
15705
#: serverguide/C/mail.xml:629(para)
17751
#: serverguide/C/mail.xml:647(para)
15706
17752
msgid ""
15707
17753
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
15708
17754
"information."
15709
17755
msgstr ""
15710
17756
15711
#: serverguide/C/mail.xml:634(para)
17757
#: serverguide/C/mail.xml:652(para)
15712
17758
msgid ""
15713
17759
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
15714
17760
"server\">Exim4 Book</ulink> available."
15715
17761
msgstr ""
15716
17762
15717
#: serverguide/C/mail.xml:643(title)
17763
#: serverguide/C/mail.xml:657(para)
17764
msgid ""
17765
"Another resource is the <ulink "
17766
"url=\"https://help.ubuntu.com/community/Exim4\">Exim4 Ubuntu Wiki </ulink> "
17767
"page."
17768
msgstr ""
17769
17770
#: serverguide/C/mail.xml:666(title)
15718
17771
msgid "Dovecot Server"
15719
17772
msgstr ""
15720
17773
15721
#: serverguide/C/mail.xml:644(para)
17774
#: serverguide/C/mail.xml:667(para)
15722
17775
msgid ""
15723
17776
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
15724
17777
"security primarily in mind. It supports the major mailbox formats: mbox or "
15725
17778
"Maildir. This section explain how to set it up as an imap or pop3 server."
15726
17779
msgstr ""
15727
17780
15728
#: serverguide/C/mail.xml:652(para)
17781
#: serverguide/C/mail.xml:675(para)
15729
17782
msgid ""
15730
17783
"To install <application>dovecot</application>, run the following command in "
15731
17784
"the command prompt:"
15732
17785
msgstr ""
15733
17786
15734
#: serverguide/C/mail.xml:657(command)
17787
#: serverguide/C/mail.xml:680(command)
15735
17788
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
15736
17789
msgstr ""
15737
17790
15738
#: serverguide/C/mail.xml:662(para)
17791
#: serverguide/C/mail.xml:685(para)
15739
17792
msgid ""
15740
17793
"To configure <application>dovecot</application>, you can edit the file "
15741
17794
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
15747
17800
"link>."
15748
17801
msgstr ""
15749
17802
15750
#: serverguide/C/mail.xml:672(para)
17803
#: serverguide/C/mail.xml:695(para)
15751
17804
msgid ""
15752
17805
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
15753
17806
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
15754
17807
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
15755
17808
msgstr ""
15756
17809
15757
#: serverguide/C/mail.xml:678(programlisting)
17810
#: serverguide/C/mail.xml:701(programlisting)
15758
17811
#, no-wrap
15759
17812
msgid ""
15760
17813
"\n"
15761
17814
"protocols = pop3 pop3s imap imaps\n"
15762
17815
msgstr ""
15763
17816
15764
#: serverguide/C/mail.xml:681(para)
17817
#: serverguide/C/mail.xml:704(para)
15765
17818
msgid ""
15766
17819
"Next, choose the mailbox you would like to use. "
15767
17820
"<application>Dovecot</application> supports <emphasis "
15772
17825
"site</ulink>."
15773
17826
msgstr ""
15774
17827
15775
#: serverguide/C/mail.xml:689(para)
17828
#: serverguide/C/mail.xml:712(para)
15776
17829
msgid ""
15777
17830
"Once you have chosen your mailbox type, edit the file "
15778
17831
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
15779
17832
msgstr ""
15780
17833
15781
#: serverguide/C/mail.xml:694(programlisting)
17834
#: serverguide/C/mail.xml:717(programlisting)
15782
17835
#, no-wrap
15783
17836
msgid ""
15784
17837
"\n"
15787
17840
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
15788
17841
msgstr ""
15789
17842
15790
#: serverguide/C/mail.xml:700(para)
17843
#: serverguide/C/mail.xml:723(para)
15791
17844
msgid ""
15792
17845
"You should configure your Mail Transport Agent (MTA) to transfer the "
15793
17846
"incoming mail to this type of mailbox if it is different from the one you "
15794
17847
"have configured."
15795
17848
msgstr ""
15796
17849
15797
#: serverguide/C/mail.xml:706(para)
17850
#: serverguide/C/mail.xml:729(para)
15798
17851
msgid ""
15799
17852
"Once you have configured dovecot, restart the "
15800
17853
"<application>dovecot</application> daemon in order to test your setup:"
15801
17854
msgstr ""
15802
17855
15803
#: serverguide/C/mail.xml:715(para)
17856
#: serverguide/C/mail.xml:738(para)
15804
17857
msgid ""
15805
17858
"If you have enabled imap, or pop3, you can also try to log in with the "
15806
17859
"commands <command>telnet localhost pop3</command> or <command>telnet "
15808
17861
"installation has been successful:"
15809
17862
msgstr ""
15810
17863
15811
#: serverguide/C/mail.xml:722(programlisting)
17864
#: serverguide/C/mail.xml:745(programlisting)
15812
17865
#, no-wrap
15813
17866
msgid ""
15814
17867
"\n"
15819
17872
"+OK Dovecot ready.\n"
15820
17873
msgstr ""
15821
17874
15822
#: serverguide/C/mail.xml:731(title)
17875
#: serverguide/C/mail.xml:754(title)
15823
17876
msgid "Dovecot SSL Configuration"
15824
17877
msgstr ""
15825
17878
15826
#: serverguide/C/mail.xml:732(para)
17879
#: serverguide/C/mail.xml:755(para)
15827
17880
msgid ""
15828
17881
"To configure <application>dovecot</application> to use SSL, you can edit the "
15829
17882
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
15830
17883
"lines:"
15831
17884
msgstr ""
15832
17885
15833
#: serverguide/C/mail.xml:737(programlisting)
17886
#: serverguide/C/mail.xml:760(programlisting)
15834
17887
#, no-wrap
15835
17888
msgid ""
15836
17889
"\n"
15840
17893
"disable_plaintext_auth = no\n"
15841
17894
msgstr ""
15842
17895
15843
#: serverguide/C/mail.xml:743(para)
17896
#: serverguide/C/mail.xml:766(para)
15844
17897
msgid ""
15845
17898
"You can get the SSL certificate from a Certificate Issuing Authority or you "
15846
17899
"can create self signed SSL certificate. The latter is a good option for "
15852
17905
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
15853
17906
msgstr ""
15854
17907
15855
#: serverguide/C/mail.xml:758(title)
17908
#: serverguide/C/mail.xml:781(title)
15856
17909
msgid "Firewall Configuration for an Email Server"
15857
17910
msgstr ""
15858
17911
15859
#: serverguide/C/mail.xml:764(para)
17912
#: serverguide/C/mail.xml:787(para)
15860
17913
msgid "IMAP - 143"
15861
17914
msgstr ""
15862
17915
15863
#: serverguide/C/mail.xml:765(para)
17916
#: serverguide/C/mail.xml:788(para)
15864
17917
msgid "IMAPS - 993"
15865
17918
msgstr ""
15866
17919
15867
#: serverguide/C/mail.xml:766(para)
17920
#: serverguide/C/mail.xml:789(para)
15868
17921
msgid "POP3 - 110"
15869
17922
msgstr ""
15870
17923
15871
#: serverguide/C/mail.xml:767(para)
17924
#: serverguide/C/mail.xml:790(para)
15872
17925
msgid "POP3S - 995"
15873
17926
msgstr ""
15874
17927
15875
#: serverguide/C/mail.xml:759(para)
17928
#: serverguide/C/mail.xml:782(para)
15876
17929
msgid ""
15877
17930
"To access your mail server from another computer, you must configure your "
15878
17931
"firewall to allow connections to the server on the necessary ports. "
15879
17932
"<placeholder-1/>"
15880
17933
msgstr ""
15881
17934
15882
#: serverguide/C/mail.xml:776(para)
17935
#: serverguide/C/mail.xml:799(para)
15883
17936
msgid ""
15884
17937
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
15885
17938
"more information."
15886
17939
msgstr ""
15887
17940
15888
#: serverguide/C/mail.xml:785(title) serverguide/C/mail.xml:862(title) serverguide/C/mail.xml:1085(title)
17941
#: serverguide/C/mail.xml:804(para)
17942
msgid ""
17943
"Also, the <ulink url=\"https://help.ubuntu.com/community/Dovecot\">Dovecot "
17944
"Ubuntu Wiki</ulink> page has more details."
17945
msgstr ""
17946
17947
#: serverguide/C/mail.xml:813(title) serverguide/C/mail.xml:890(title) serverguide/C/mail.xml:1113(title)
15889
17948
msgid "Mailman"
15890
17949
msgstr ""
15891
17950
15892
#: serverguide/C/mail.xml:786(para)
17951
#: serverguide/C/mail.xml:814(para)
15893
17952
msgid ""
15894
17953
"Mailman is an open source program for managing electronic mail discussions "
15895
17954
"and e-newsletter lists. Many open source mailing lists (including all the "
15898
17957
"and maintain."
15899
17958
msgstr ""
15900
17959
15901
#: serverguide/C/mail.xml:796(para)
17960
#: serverguide/C/mail.xml:824(para)
15902
17961
msgid ""
15903
17962
"Mailman provides a web interface for the administrators and users, using an "
15904
17963
"external mail server to send and receive emails. It works perfectly with the "
15905
17964
"following mail servers:"
15906
17965
msgstr ""
15907
17966
15908
#: serverguide/C/mail.xml:807(application)
17967
#: serverguide/C/mail.xml:835(application)
15909
17968
msgid "Exim"
15910
17969
msgstr ""
15911
17970
15912
#: serverguide/C/mail.xml:810(application)
17971
#: serverguide/C/mail.xml:838(application)
15913
17972
msgid "Sendmail"
15914
17973
msgstr ""
15915
17974
15916
#: serverguide/C/mail.xml:813(application)
17975
#: serverguide/C/mail.xml:841(application)
15917
17976
msgid "Qmail"
15918
17977
msgstr ""
15919
17978
15920
#: serverguide/C/mail.xml:818(para)
17979
#: serverguide/C/mail.xml:846(para)
15921
17980
msgid ""
15922
17981
"We will see how to install and configure Mailman with, the Apache web "
15923
17982
"server, and either the Postfix or Exim mail server. If you wish to install "
15924
17983
"Mailman with a different mail server, please refer to the references section."
15925
17984
msgstr ""
15926
17985
15927
#: serverguide/C/mail.xml:825(para)
17986
#: serverguide/C/mail.xml:853(para)
15928
17987
msgid ""
15929
17988
"You only need to install one mail server and "
15930
17989
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
15931
17990
msgstr ""
15932
17991
15933
#: serverguide/C/mail.xml:830(title) serverguide/C/mail.xml:889(title)
17992
#: serverguide/C/mail.xml:858(title) serverguide/C/mail.xml:917(title)
15934
17993
msgid "Apache2"
15935
17994
msgstr ""
15936
17995
15937
#: serverguide/C/mail.xml:831(para)
17996
#: serverguide/C/mail.xml:859(para)
15938
17997
msgid ""
15939
17998
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
15940
17999
"installation\">HTTPD Installation</ulink> section for details."
15941
18000
msgstr ""
15942
18001
15943
#: serverguide/C/mail.xml:839(para)
18002
#: serverguide/C/mail.xml:867(para)
15944
18003
msgid ""
15945
18004
"For instructions on installing and configuring Postfix refer to <xref "
15946
18005
"linkend=\"postfix\"/>"
15947
18006
msgstr ""
15948
18007
15949
#: serverguide/C/mail.xml:845(para)
18008
#: serverguide/C/mail.xml:873(para)
15950
18009
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
15951
18010
msgstr ""
15952
18011
15953
#: serverguide/C/mail.xml:856(application)
18012
#: serverguide/C/mail.xml:884(application)
15954
18013
msgid "dc_use_split_config='true'"
15955
18014
msgstr ""
15956
18015
15957
#: serverguide/C/mail.xml:848(para)
18016
#: serverguide/C/mail.xml:876(para)
15958
18017
msgid ""
15959
18018
"Once exim4 is installed, the configuration files are stored in the "
15960
18019
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
15963
18022
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
15964
18023
msgstr ""
15965
18024
15966
#: serverguide/C/mail.xml:863(para)
18025
#: serverguide/C/mail.xml:891(para)
15967
18026
msgid ""
15968
18027
"To install <application>Mailman</application>, run following command at a "
15969
18028
"terminal prompt:"
15970
18029
msgstr ""
15971
18030
15972
#: serverguide/C/mail.xml:867(command)
18031
#: serverguide/C/mail.xml:895(command)
15973
18032
msgid "sudo apt-get install mailman"
15974
18033
msgstr ""
15975
18034
15976
#: serverguide/C/mail.xml:869(para)
18035
#: serverguide/C/mail.xml:897(para)
15977
18036
msgid ""
15978
18037
"It copies the installation files in "
15979
18038
"<application>/var/lib/mailman</application> directory. It installs the CGI "
15983
18042
"this user."
15984
18043
msgstr ""
15985
18044
15986
#: serverguide/C/mail.xml:881(para)
18045
#: serverguide/C/mail.xml:909(para)
15987
18046
msgid ""
15988
18047
"This section assumes you have successfully installed "
15989
18048
"<application>mailman</application>, <application>apache2</application>, and "
15991
18050
"you just need to configure them."
15992
18051
msgstr ""
15993
18052
15994
#: serverguide/C/mail.xml:890(para)
18053
#: serverguide/C/mail.xml:918(para)
15995
18054
msgid ""
15996
18055
"An example Apache configuration file comes with "
15997
18056
"<application>Mailman</application> and is placed in "
16000
18059
"available</filename>:"
16001
18060
msgstr ""
16002
18061
16003
#: serverguide/C/mail.xml:896(command)
18062
#: serverguide/C/mail.xml:924(command)
16004
18063
msgid ""
16005
18064
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
16006
18065
msgstr ""
16007
18066
16008
#: serverguide/C/mail.xml:898(para)
18067
#: serverguide/C/mail.xml:926(para)
16009
18068
msgid ""
16010
18069
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
16011
18070
"Mailman administration site. Now enable the new configuration and restart "
16012
18071
"Apache:"
16013
18072
msgstr ""
16014
18073
16015
#: serverguide/C/mail.xml:903(command)
18074
#: serverguide/C/mail.xml:931(command)
16016
18075
msgid "sudo a2ensite mailman.conf"
16017
18076
msgstr ""
16018
18077
16019
#: serverguide/C/mail.xml:906(para)
18078
#: serverguide/C/mail.xml:934(para)
16020
18079
msgid ""
16021
18080
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
16022
18081
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
16025
18084
"available/mailman.conf</filename> file if you wish to change this behavior."
16026
18085
msgstr ""
16027
18086
16028
#: serverguide/C/mail.xml:917(para)
18087
#: serverguide/C/mail.xml:945(para)
16029
18088
msgid ""
16030
18089
"For <application>Postfix</application> integration, we will associate the "
16031
18090
"domain lists.example.com with the mailing lists. Please replace "
16032
18091
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
16033
18092
msgstr ""
16034
18093
16035
#: serverguide/C/mail.xml:921(para)
18094
#: serverguide/C/mail.xml:949(para)
16036
18095
msgid ""
16037
18096
"You can use the postconf command to add the necessary configuration to "
16038
18097
"<filename>/etc/postfix/main.cf</filename>:"
16039
18098
msgstr ""
16040
18099
16041
#: serverguide/C/mail.xml:925(command)
18100
#: serverguide/C/mail.xml:953(command)
16042
18101
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
16043
18102
msgstr ""
16044
18103
16045
#: serverguide/C/mail.xml:926(command)
18104
#: serverguide/C/mail.xml:954(command)
16046
18105
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
16047
18106
msgstr ""
16048
18107
16049
#: serverguide/C/mail.xml:927(command)
18108
#: serverguide/C/mail.xml:955(command)
16050
18109
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
16051
18110
msgstr ""
16052
18111
16053
#: serverguide/C/mail.xml:929(para)
18112
#: serverguide/C/mail.xml:957(para)
16054
18113
msgid ""
16055
18114
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
16056
18115
"the following transport:"
16057
18116
msgstr ""
16058
18117
16059
#: serverguide/C/mail.xml:932(programlisting)
18118
#: serverguide/C/mail.xml:960(programlisting)
16060
18119
#, no-wrap
16061
18120
msgid ""
16062
18121
"\n"
16065
18124
" ${nexthop} ${user}\n"
16066
18125
msgstr ""
16067
18126
16068
#: serverguide/C/mail.xml:937(para)
18127
#: serverguide/C/mail.xml:965(para)
16069
18128
msgid ""
16070
18129
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
16071
18130
"is delivered to a list."
16072
18131
msgstr ""
16073
18132
16074
#: serverguide/C/mail.xml:940(para)
18133
#: serverguide/C/mail.xml:968(para)
16075
18134
msgid ""
16076
18135
"Associate the domain lists.example.com to the Mailman transport with the "
16077
18136
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
16078
18137
msgstr ""
16079
18138
16080
#: serverguide/C/mail.xml:943(programlisting)
18139
#: serverguide/C/mail.xml:971(programlisting)
16081
18140
#, no-wrap
16082
18141
msgid ""
16083
18142
"\n"
16084
18143
"lists.example.com mailman:\n"
16085
18144
msgstr ""
16086
18145
16087
#: serverguide/C/mail.xml:946(para)
18146
#: serverguide/C/mail.xml:974(para)
16088
18147
msgid ""
16089
18148
"Now have <application>Postfix</application> build the transport map by "
16090
18149
"entering the following from a terminal prompt:"
16091
18150
msgstr ""
16092
18151
16093
#: serverguide/C/mail.xml:950(command)
18152
#: serverguide/C/mail.xml:978(command)
16094
18153
msgid "sudo postmap -v /etc/postfix/transport"
16095
18154
msgstr ""
16096
18155
16097
#: serverguide/C/mail.xml:952(para)
18156
#: serverguide/C/mail.xml:980(para)
16098
18157
msgid "Then restart Postfix to enable the new configurations:"
16099
18158
msgstr ""
16100
18159
16101
#: serverguide/C/mail.xml:961(para)
18160
#: serverguide/C/mail.xml:989(para)
16102
18161
msgid ""
16103
18162
"Once Exim4 is installed, you can start the Exim server using the following "
16104
18163
"command from a terminal prompt:"
16105
18164
msgstr ""
16106
18165
16107
#: serverguide/C/mail.xml:977(para) serverguide/C/mail.xml:992(title)
18166
#: serverguide/C/mail.xml:1005(para) serverguide/C/mail.xml:1020(title)
16108
18167
msgid "Main"
16109
18168
msgstr ""
16110
18169
16111
#: serverguide/C/mail.xml:980(para) serverguide/C/mail.xml:1032(title)
18170
#: serverguide/C/mail.xml:1008(para) serverguide/C/mail.xml:1060(title)
16112
18171
msgid "Transport"
16113
18172
msgstr ""
16114
18173
16115
#: serverguide/C/mail.xml:983(para) serverguide/C/mail.xml:1055(title)
18174
#: serverguide/C/mail.xml:1011(para) serverguide/C/mail.xml:1083(title)
16116
18175
msgid "Router"
16117
18176
msgstr ""
16118
18177
16119
#: serverguide/C/mail.xml:968(para)
18178
#: serverguide/C/mail.xml:996(para)
16120
18179
msgid ""
16121
18180
"In order to make mailman work with Exim4, you need to configure Exim4. As "
16122
18181
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
16128
18187
"is very important."
16129
18188
msgstr ""
16130
18189
16131
#: serverguide/C/mail.xml:999(programlisting)
18190
#: serverguide/C/mail.xml:1027(programlisting)
16132
18191
#, no-wrap
16133
18192
msgid ""
16134
18193
"\n"
16162
18221
"# end\n"
16163
18222
msgstr ""
16164
18223
16165
#: serverguide/C/mail.xml:993(para)
18224
#: serverguide/C/mail.xml:1021(para)
16166
18225
msgid ""
16167
18226
"All the configuration files belonging to the main type are stored in the "
16168
18227
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
16170
18229
"config_mailman</filename>: <placeholder-1/>"
16171
18230
msgstr ""
16172
18231
16173
#: serverguide/C/mail.xml:1039(programlisting)
18232
#: serverguide/C/mail.xml:1067(programlisting)
16174
18233
#, no-wrap
16175
18234
msgid ""
16176
18235
"\n"
16188
18247
" group = MM_GID\n"
16189
18248
msgstr ""
16190
18249
16191
#: serverguide/C/mail.xml:1033(para)
18250
#: serverguide/C/mail.xml:1061(para)
16192
18251
msgid ""
16193
18252
"All the configuration files belonging to transport type are stored in the "
16194
18253
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
16196
18255
"config_mailman</filename>: <placeholder-1/>"
16197
18256
msgstr ""
16198
18257
16199
#: serverguide/C/mail.xml:1060(programlisting)
18258
#: serverguide/C/mail.xml:1088(programlisting)
16200
18259
#, no-wrap
16201
18260
msgid ""
16202
18261
"\n"
16210
18269
" transport = mailman_transport\n"
16211
18270
msgstr ""
16212
18271
16213
#: serverguide/C/mail.xml:1056(para)
18272
#: serverguide/C/mail.xml:1084(para)
16214
18273
msgid ""
16215
18274
"All the configuration files belonging to router type are stored in the "
16216
18275
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
16218
18277
"config_mailman</filename>: <placeholder-1/>"
16219
18278
msgstr ""
16220
18279
16221
#: serverguide/C/mail.xml:1073(para)
18280
#: serverguide/C/mail.xml:1101(para)
16222
18281
msgid ""
16223
18282
"The order of main and transport configuration files can be in any order. "
16224
18283
"But, the order of router configuration files must be the same. This "
16228
18287
"details, please refer to the references section."
16229
18288
msgstr ""
16230
18289
16231
#: serverguide/C/mail.xml:1086(para)
18290
#: serverguide/C/mail.xml:1114(para)
16232
18291
msgid ""
16233
18292
"Once mailman is installed, you can run it using the following command:"
16234
18293
msgstr ""
16235
18294
16236
#: serverguide/C/mail.xml:1090(command)
18295
#: serverguide/C/mail.xml:1118(command)
16237
18296
msgid "sudo /etc/init.d/mailman start"
16238
18297
msgstr ""
16239
18298
16240
#: serverguide/C/mail.xml:1092(para)
18299
#: serverguide/C/mail.xml:1120(para)
16241
18300
msgid ""
16242
18301
"Once mailman is installed, you should create the default mailing list. Run "
16243
18302
"the following command to create the mailing list:"
16244
18303
msgstr ""
16245
18304
16246
#: serverguide/C/mail.xml:1098(command)
18305
#: serverguide/C/mail.xml:1126(command)
16247
18306
msgid "sudo /usr/sbin/newlist mailman"
16248
18307
msgstr ""
16249
18308
16250
#: serverguide/C/mail.xml:1101(programlisting)
18309
#: serverguide/C/mail.xml:1129(programlisting)
16251
18310
#, no-wrap
16252
18311
msgid ""
16253
18312
"\n"
16278
18337
" # \n"
16279
18338
msgstr ""
16280
18339
16281
#: serverguide/C/mail.xml:1124(para)
18340
#: serverguide/C/mail.xml:1152(para)
16282
18341
msgid ""
16283
18342
"We have configured either Postfix or Exim4 to recognize all emails from "
16284
18343
"mailman. So, it is not mandatory to make any new entries in "
16287
18346
"continuing to next section."
16288
18347
msgstr ""
16289
18348
16290
#: serverguide/C/mail.xml:1132(para)
18349
#: serverguide/C/mail.xml:1160(para)
16291
18350
msgid ""
16292
18351
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
16293
18352
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
16295
18354
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
16296
18355
msgstr ""
16297
18356
16298
#: serverguide/C/mail.xml:1143(title)
18357
#: serverguide/C/mail.xml:1171(title)
16299
18358
msgid "Administration"
16300
18359
msgstr ""
16301
18360
16302
#: serverguide/C/mail.xml:1144(para)
18361
#: serverguide/C/mail.xml:1172(para)
16303
18362
msgid ""
16304
18363
"We assume you have a default installation. The mailman cgi scripts are still "
16305
18364
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
16307
18366
"point your browser to the following url:"
16308
18367
msgstr ""
16309
18368
16310
#: serverguide/C/mail.xml:1152(para)
18369
#: serverguide/C/mail.xml:1180(para)
16311
18370
msgid "http://hostname/cgi-bin/mailman/admin"
16312
18371
msgstr ""
16313
18372
16314
#: serverguide/C/mail.xml:1156(para)
18373
#: serverguide/C/mail.xml:1184(para)
16315
18374
msgid ""
16316
18375
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16317
18376
"screen. If you click the mailing list name, it will ask for your "
16322
18381
"mailing list using the web interface."
16323
18382
msgstr ""
16324
18383
16325
#: serverguide/C/mail.xml:1169(title)
18384
#: serverguide/C/mail.xml:1197(title)
16326
18385
msgid "Users"
16327
18386
msgstr ""
16328
18387
16329
#: serverguide/C/mail.xml:1170(para)
18388
#: serverguide/C/mail.xml:1198(para)
16330
18389
msgid ""
16331
18390
"Mailman provides a web based interface for users. To access this page, point "
16332
18391
"your browser to the following url:"
16333
18392
msgstr ""
16334
18393
16335
#: serverguide/C/mail.xml:1175(para)
18394
#: serverguide/C/mail.xml:1203(para)
16336
18395
msgid "http://hostname/cgi-bin/mailman/listinfo"
16337
18396
msgstr ""
16338
18397
16339
#: serverguide/C/mail.xml:1179(para)
18398
#: serverguide/C/mail.xml:1207(para)
16340
18399
msgid ""
16341
18400
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16342
18401
"screen. If you click the mailing list name, it will display the subscription "
16345
18404
"instructions in the email to subscribe."
16346
18405
msgstr ""
16347
18406
16348
#: serverguide/C/mail.xml:1191(ulink)
18407
#: serverguide/C/mail.xml:1219(ulink)
16349
18408
msgid "GNU Mailman - Installation Manual"
16350
18409
msgstr ""
16351
18410
16352
#: serverguide/C/mail.xml:1195(ulink)
18411
#: serverguide/C/mail.xml:1223(ulink)
16353
18412
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
16354
18413
msgstr ""
16355
18414
16356
#: serverguide/C/mail.xml:1201(title)
18415
#: serverguide/C/mail.xml:1226(para)
18416
msgid ""
18417
"Also, see the <ulink "
18418
"url=\"https://help.ubuntu.com/community/Mailman\">Mailman Ubuntu "
18419
"Wiki</ulink> page."
18420
msgstr ""
18421
18422
#: serverguide/C/mail.xml:1232(title)
16357
18423
msgid "Mail Filtering"
16358
18424
msgstr ""
16359
18425
16360
#: serverguide/C/mail.xml:1202(para)
18426
#: serverguide/C/mail.xml:1233(para)
16361
18427
msgid ""
16362
18428
"One of the largest issues with email today is the problem of Unsolicited "
16363
18429
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
16365
18431
"the bulk of all email traffic on the Internet."
16366
18432
msgstr ""
16367
18433
16368
#: serverguide/C/mail.xml:1207(para)
18434
#: serverguide/C/mail.xml:1238(para)
16369
18435
msgid ""
16370
18436
"This section will cover integrating <application>Amavisd-new</application>, "
16371
18437
"<application>Spamassassin</application>, and "
16378
18444
"filter</application> and <application>python-policyd-spf</application>."
16379
18445
msgstr ""
16380
18446
16381
#: serverguide/C/mail.xml:1217(para)
18447
#: serverguide/C/mail.xml:1248(para)
16382
18448
msgid ""
16383
18449
"<application>Amavisd-new</application> is a wrapper program that can call "
16384
18450
"any number of content filtering programs for spam detection, antivirus, etc."
16385
18451
msgstr ""
16386
18452
16387
#: serverguide/C/mail.xml:1223(para)
18453
#: serverguide/C/mail.xml:1254(para)
16388
18454
msgid ""
16389
18455
"<application>Spamassassin</application> uses a variety of mechanisms to "
16390
18456
"filter email based on the message content."
16391
18457
msgstr ""
16392
18458
16393
#: serverguide/C/mail.xml:1228(para)
18459
#: serverguide/C/mail.xml:1259(para)
16394
18460
msgid ""
16395
18461
"<application>ClamAV</application> is an open source antivirus application."
16396
18462
msgstr ""
16397
18463
16398
#: serverguide/C/mail.xml:1233(para)
18464
#: serverguide/C/mail.xml:1264(para)
16399
18465
msgid ""
16400
18466
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
16401
18467
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
16402
18468
msgstr ""
16403
18469
16404
#: serverguide/C/mail.xml:1239(para)
18470
#: serverguide/C/mail.xml:1270(para)
16405
18471
msgid ""
16406
18472
"<application>python-policyd-spf</application> enables Sender Policy "
16407
18473
"Framework (SPF) checking with <application>Postfix</application>."
16408
18474
msgstr ""
16409
18475
16410
#: serverguide/C/mail.xml:1244(para)
18476
#: serverguide/C/mail.xml:1275(para)
16411
18477
msgid "This is how the pieces fit together:"
16412
18478
msgstr ""
16413
18479
16414
#: serverguide/C/mail.xml:1249(para)
18480
#: serverguide/C/mail.xml:1280(para)
16415
18481
msgid "An email message is accepted by <application>Postfix</application>."
16416
18482
msgstr ""
16417
18483
16418
#: serverguide/C/mail.xml:1254(para)
18484
#: serverguide/C/mail.xml:1285(para)
16419
18485
msgid ""
16420
18486
"The message is passed through any external filters <application>dkim-"
16421
18487
"filter</application> and <application>python-policyd-spf</application> in "
16422
18488
"this case."
16423
18489
msgstr ""
16424
18490
16425
#: serverguide/C/mail.xml:1260(para)
18491
#: serverguide/C/mail.xml:1291(para)
16426
18492
msgid "<application>Amavisd-new</application> then processes the message."
16427
18493
msgstr ""
16428
18494
16429
#: serverguide/C/mail.xml:1265(para)
18495
#: serverguide/C/mail.xml:1296(para)
16430
18496
msgid ""
16431
18497
"<application>ClamAV</application> is used to scan the message. If the "
16432
18498
"message contains a virus <application>Postfix</application> will reject the "
16433
18499
"message."
16434
18500
msgstr ""
16435
18501
16436
#: serverguide/C/mail.xml:1271(para)
18502
#: serverguide/C/mail.xml:1302(para)
16437
18503
msgid ""
16438
18504
"Clean messages will then be analyzed by "
16439
18505
"<application>Spamassassin</application> to find out if the message is spam. "
16442
18508
"message."
16443
18509
msgstr ""
16444
18510
16445
#: serverguide/C/mail.xml:1278(para)
18511
#: serverguide/C/mail.xml:1309(para)
16446
18512
msgid ""
16447
18513
"For example, if a message has a Spam score of over fifty the message could "
16448
18514
"be automatically dropped from the queue without the recipient ever having to "
16451
18517
"see fit."
16452
18518
msgstr ""
16453
18519
16454
#: serverguide/C/mail.xml:1285(para)
18520
#: serverguide/C/mail.xml:1316(para)
16455
18521
msgid ""
16456
18522
"See <xref linkend=\"postfix\"/> for instructions on installing and "
16457
18523
"configuring Postfix."
16458
18524
msgstr ""
16459
18525
16460
#: serverguide/C/mail.xml:1288(para)
18526
#: serverguide/C/mail.xml:1319(para)
16461
18527
msgid ""
16462
18528
"To install the rest of the applications enter the following from a terminal "
16463
18529
"prompt:"
16464
18530
msgstr ""
16465
18531
16466
#: serverguide/C/mail.xml:1292(command)
18532
#: serverguide/C/mail.xml:1323(command)
16467
18533
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
16468
18534
msgstr ""
16469
18535
16470
#: serverguide/C/mail.xml:1293(command)
18536
#: serverguide/C/mail.xml:1324(command)
16471
18537
msgid "sudo apt-get install dkim-filter python-policyd-spf"
16472
18538
msgstr ""
16473
18539
16474
#: serverguide/C/mail.xml:1295(para)
18540
#: serverguide/C/mail.xml:1326(para)
16475
18541
msgid ""
16476
18542
"There are some optional packages that integrate with "
16477
18543
"<application>Spamassassin</application> for better spam detection:"
16478
18544
msgstr ""
16479
18545
16480
#: serverguide/C/mail.xml:1299(command)
18546
#: serverguide/C/mail.xml:1330(command)
16481
18547
msgid "sudo apt-get install pyzor razor"
16482
18548
msgstr ""
16483
18549
16484
#: serverguide/C/mail.xml:1301(para)
18550
#: serverguide/C/mail.xml:1332(para)
16485
18551
msgid ""
16486
18552
"Along with the main filtering applications compression utilities are needed "
16487
18553
"to process some email attachments:"
16488
18554
msgstr ""
16489
18555
16490
#: serverguide/C/mail.xml:1305(command)
18556
#: serverguide/C/mail.xml:1336(command)
16491
18557
msgid ""
16492
18558
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
16493
18559
msgstr ""
16494
18560
16495
#: serverguide/C/mail.xml:1310(para)
18561
#: serverguide/C/mail.xml:1339(para)
18562
msgid ""
18563
"If some packages are not found, check that the "
18564
"<emphasis>multiverse</emphasis> repository is enabled in "
18565
"<filename>/etc/apt/sources.list</filename>"
18566
msgstr ""
18567
18568
#: serverguide/C/mail.xml:1340(para)
18569
msgid ""
18570
"If you make changes to the file, be sure to run <command>sudo apt-get "
18571
"update</command> before trying to install again."
18572
msgstr ""
18573
18574
#: serverguide/C/mail.xml:1345(para)
16496
18575
msgid "Now configure everything to work together and filter email."
16497
18576
msgstr ""
16498
18577
16499
#: serverguide/C/mail.xml:1314(title)
18578
#: serverguide/C/mail.xml:1349(title)
16500
18579
msgid "ClamAV"
16501
18580
msgstr ""
16502
18581
16503
#: serverguide/C/mail.xml:1315(para)
18582
#: serverguide/C/mail.xml:1350(para)
16504
18583
msgid ""
16505
18584
"The default behaviour of <application>ClamAV</application> will fit our "
16506
18585
"needs. For more ClamAV configuration options, check the configuration files "
16507
18586
"in <filename>/etc/clamav</filename>."
16508
18587
msgstr ""
16509
18588
16510
#: serverguide/C/mail.xml:1320(para)
18589
#: serverguide/C/mail.xml:1355(para)
16511
18590
msgid ""
16512
18591
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
16513
18592
"group in order for <application>Amavisd-new</application> to have the "
16514
18593
"appropriate access to scan files:"
16515
18594
msgstr ""
16516
18595
16517
#: serverguide/C/mail.xml:1325(command)
18596
#: serverguide/C/mail.xml:1360(command)
16518
18597
msgid "sudo adduser clamav amavis"
16519
18598
msgstr ""
16520
18599
16521
#: serverguide/C/mail.xml:1329(title)
18600
#: serverguide/C/mail.xml:1364(title)
16522
18601
msgid "Spamassassin"
16523
18602
msgstr ""
16524
18603
16525
#: serverguide/C/mail.xml:1330(para)
18604
#: serverguide/C/mail.xml:1365(para)
16526
18605
msgid ""
16527
18606
"Spamassassin automatically detects optional components and will use them if "
16528
18607
"they are present. This means that there is no need to configure "
16529
18608
"<application>pyzor</application> and <application>razor</application>."
16530
18609
msgstr ""
16531
18610
16532
#: serverguide/C/mail.xml:1334(para)
18611
#: serverguide/C/mail.xml:1369(para)
16533
18612
msgid ""
16534
18613
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
16535
18614
"<application>Spamassassin</application> daemon. Change "
16536
18615
"<emphasis>ENABLED=0</emphasis> to:"
16537
18616
msgstr ""
16538
18617
16539
#: serverguide/C/mail.xml:1338(programlisting)
18618
#: serverguide/C/mail.xml:1373(programlisting)
16540
18619
#, no-wrap
16541
18620
msgid ""
16542
18621
"\n"
16543
18622
"ENABLED=1\n"
16544
18623
msgstr ""
16545
18624
16546
#: serverguide/C/mail.xml:1341(para)
18625
#: serverguide/C/mail.xml:1376(para)
16547
18626
msgid "Now start the daemon:"
16548
18627
msgstr ""
16549
18628
16550
#: serverguide/C/mail.xml:1345(command)
18629
#: serverguide/C/mail.xml:1380(command)
16551
18630
msgid "sudo /etc/init.d/spamassassin start"
16552
18631
msgstr ""
16553
18632
16554
#: serverguide/C/mail.xml:1349(title)
18633
#: serverguide/C/mail.xml:1384(title)
16555
18634
msgid "Amavisd-new"
16556
18635
msgstr ""
16557
18636
16558
#: serverguide/C/mail.xml:1350(para)
18637
#: serverguide/C/mail.xml:1385(para)
16559
18638
msgid ""
16560
18639
"First activate spam and antivirus detection in <application>Amavisd-"
16561
18640
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
16562
18641
"content_filter_mode</filename>:"
16563
18642
msgstr ""
16564
18643
16565
#: serverguide/C/mail.xml:1354(programlisting)
18644
#: serverguide/C/mail.xml:1389(programlisting)
16566
18645
#, no-wrap
16567
18646
msgid ""
16568
18647
"\n"
16593
18672
"1; # insure a defined return\n"
16594
18673
msgstr ""
16595
18674
16596
#: serverguide/C/mail.xml:1379(para)
18675
#: serverguide/C/mail.xml:1414(para)
16597
18676
msgid ""
16598
18677
"Bouncing spam can be a bad idea as the return address is often faked. "
16599
18678
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
16601
18680
"D_BOUNCE, as follows:"
16602
18681
msgstr ""
16603
18682
16604
#: serverguide/C/mail.xml:1385(programlisting)
18683
#: serverguide/C/mail.xml:1420(programlisting)
16605
18684
#, no-wrap
16606
18685
msgid ""
16607
18686
"\n"
16608
18687
"$final_spam_destiny = D_DISCARD;\n"
16609
18688
msgstr ""
16610
18689
16611
#: serverguide/C/mail.xml:1389(para)
18690
#: serverguide/C/mail.xml:1424(para)
16612
18691
msgid ""
16613
18692
"Additionally, you may want to adjust the following options to flag more "
16614
18693
"messages as spam:"
16615
18694
msgstr ""
16616
18695
16617
#: serverguide/C/mail.xml:1393(programlisting)
18696
#: serverguide/C/mail.xml:1428(programlisting)
16618
18697
#, no-wrap
16619
18698
msgid ""
16620
18699
"\n"
16625
18704
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
16626
18705
msgstr ""
16627
18706
16628
#: serverguide/C/mail.xml:1400(para)
18707
#: serverguide/C/mail.xml:1435(para)
16629
18708
msgid ""
16630
18709
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
16631
18710
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
16634
18713
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
16635
18714
msgstr ""
16636
18715
16637
#: serverguide/C/mail.xml:1407(programlisting)
18716
#: serverguide/C/mail.xml:1442(programlisting)
16638
18717
#, no-wrap
16639
18718
msgid ""
16640
18719
"\n"
16642
18721
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
16643
18722
msgstr ""
16644
18723
16645
#: serverguide/C/mail.xml:1412(para)
18724
#: serverguide/C/mail.xml:1447(para)
16646
18725
msgid ""
16647
18726
"After configuration <application>Amavisd-new</application> needs to be "
16648
18727
"restarted:"
16649
18728
msgstr ""
16650
18729
16651
#: serverguide/C/mail.xml:1416(command) serverguide/C/mail.xml:1462(command)
18730
#: serverguide/C/mail.xml:1451(command) serverguide/C/mail.xml:1497(command)
16652
18731
msgid "sudo /etc/init.d/amavis restart"
16653
18732
msgstr ""
16654
18733
16655
#: serverguide/C/mail.xml:1419(title)
18734
#: serverguide/C/mail.xml:1454(title)
16656
18735
msgid "DKIM Whitelist"
16657
18736
msgstr ""
16658
18737
16659
#: serverguide/C/mail.xml:1421(para)
18738
#: serverguide/C/mail.xml:1456(para)
16660
18739
msgid ""
16661
18740
"<application>Amavisd-new</application> can be configured to automatically "
16662
18741
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
16664
18743
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
16665
18744
msgstr ""
16666
18745
16667
#: serverguide/C/mail.xml:1427(para)
18746
#: serverguide/C/mail.xml:1462(para)
16668
18747
msgid "There are multiple ways to configure the Whitelist for a domain:"
16669
18748
msgstr ""
16670
18749
16671
#: serverguide/C/mail.xml:1433(para)
18750
#: serverguide/C/mail.xml:1468(para)
16672
18751
msgid ""
16673
18752
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16674
18753
"address from the \"example.com\" domain."
16675
18754
msgstr ""
16676
18755
16677
#: serverguide/C/mail.xml:1438(para)
18756
#: serverguide/C/mail.xml:1473(para)
16678
18757
msgid ""
16679
18758
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16680
18759
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
16681
18760
"have a valid signature."
16682
18761
msgstr ""
16683
18762
16684
#: serverguide/C/mail.xml:1444(para)
18763
#: serverguide/C/mail.xml:1479(para)
16685
18764
msgid ""
16686
18765
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
16687
18766
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
16688
18767
"role=\"italic\">example.com</emphasis> the parent domain."
16689
18768
msgstr ""
16690
18769
16691
#: serverguide/C/mail.xml:1450(para)
18770
#: serverguide/C/mail.xml:1485(para)
16692
18771
msgid ""
16693
18772
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
16694
18773
"that have a valid signature from \"example.com\". This is usually used for "
16695
18774
"discussion groups that sign thier messages."
16696
18775
msgstr ""
16697
18776
16698
#: serverguide/C/mail.xml:1457(para)
18777
#: serverguide/C/mail.xml:1492(para)
16699
18778
msgid ""
16700
18779
"A domain can also have multiple Whitelist configurations. After, editing the "
16701
18780
"file restart <application>amaisd-new</application>:"
16702
18781
msgstr ""
16703
18782
16704
#: serverguide/C/mail.xml:1466(para)
18783
#: serverguide/C/mail.xml:1501(para)
16705
18784
msgid ""
16706
18785
"In this context, once a domain has been added to the Whitelist the message "
16707
18786
"will not receive any anti-virus or spam filtering. This may or may not be "
16708
18787
"the intended behavior you wish for a domain."
16709
18788
msgstr ""
16710
18789
16711
#: serverguide/C/mail.xml:1476(para)
18790
#: serverguide/C/mail.xml:1511(para)
16712
18791
msgid ""
16713
18792
"For <application>Postfix</application> integration, enter the following from "
16714
18793
"a terminal prompt:"
16715
18794
msgstr ""
16716
18795
16717
#: serverguide/C/mail.xml:1480(command)
18796
#: serverguide/C/mail.xml:1515(command)
16718
18797
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
16719
18798
msgstr ""
16720
18799
16721
#: serverguide/C/mail.xml:1482(para)
18800
#: serverguide/C/mail.xml:1517(para)
16722
18801
msgid ""
16723
18802
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
16724
18803
"to the end of the file:"
16725
18804
msgstr ""
16726
18805
16727
#: serverguide/C/mail.xml:1485(programlisting)
18806
#: serverguide/C/mail.xml:1520(programlisting)
16728
18807
#, no-wrap
16729
18808
msgid ""
16730
18809
"\n"
16756
18835
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
16757
18836
msgstr ""
16758
18837
16759
#: serverguide/C/mail.xml:1512(para)
18838
#: serverguide/C/mail.xml:1547(para)
16760
18839
msgid ""
16761
18840
"Also add the following two lines immediately below the "
16762
18841
"<emphasis>\"pickup\"</emphasis> transport service:"
16763
18842
msgstr ""
16764
18843
16765
#: serverguide/C/mail.xml:1515(programlisting)
18844
#: serverguide/C/mail.xml:1550(programlisting)
16766
18845
#, no-wrap
16767
18846
msgid ""
16768
18847
"\n"
16770
18849
" -o receive_override_options=no_header_body_checks\n"
16771
18850
msgstr ""
16772
18851
16773
#: serverguide/C/mail.xml:1519(para)
18852
#: serverguide/C/mail.xml:1554(para)
16774
18853
msgid ""
16775
18854
"This will prevent messages that are generated to report on spam from being "
16776
18855
"classified as spam."
16777
18856
msgstr ""
16778
18857
16779
#: serverguide/C/mail.xml:1522(para)
18858
#: serverguide/C/mail.xml:1557(para)
16780
18859
msgid "Now restart <application>Postfix</application>:"
16781
18860
msgstr ""
16782
18861
16783
#: serverguide/C/mail.xml:1528(para)
18862
#: serverguide/C/mail.xml:1563(para)
16784
18863
msgid "Content filtering with spam and virus detection is now enabled."
16785
18864
msgstr ""
16786
18865
16787
#: serverguide/C/mail.xml:1535(para)
18866
#: serverguide/C/mail.xml:1570(para)
16788
18867
msgid ""
16789
18868
"First, test that the <application>Amavisd-new</application> SMTP is "
16790
18869
"listening:"
16791
18870
msgstr ""
16792
18871
16793
#: serverguide/C/mail.xml:1538(programlisting)
18872
#: serverguide/C/mail.xml:1573(programlisting)
16794
18873
#, no-wrap
16795
18874
msgid ""
16796
18875
"\n"
16802
18881
"^]\n"
16803
18882
msgstr ""
16804
18883
16805
#: serverguide/C/mail.xml:1546(para)
18884
#: serverguide/C/mail.xml:1581(para)
16806
18885
msgid ""
16807
18886
"In the Header of messages that go through the content filter you should see:"
16808
18887
msgstr ""
16809
18888
16810
#: serverguide/C/mail.xml:1549(programlisting)
18889
#: serverguide/C/mail.xml:1584(programlisting)
16811
18890
#, no-wrap
16812
18891
msgid ""
16813
18892
"\n"
16818
18897
"X-Spam-Level: \n"
16819
18898
msgstr ""
16820
18899
16821
#: serverguide/C/mail.xml:1556(para)
18900
#: serverguide/C/mail.xml:1591(para)
16822
18901
msgid ""
16823
18902
"Your output will vary, but the important thing is that there are <emphasis>X-"
16824
18903
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
16825
18904
msgstr ""
16826
18905
16827
#: serverguide/C/mail.xml:1564(para)
18906
#: serverguide/C/mail.xml:1599(para)
16828
18907
msgid ""
16829
18908
"The best way to figure out why something is going wrong is to check the log "
16830
18909
"files."
16831
18910
msgstr ""
16832
18911
16833
#: serverguide/C/mail.xml:1569(para)
18912
#: serverguide/C/mail.xml:1604(para)
16834
18913
msgid ""
16835
18914
"For instructions on <application>Postfix</application> logging see the <xref "
16836
18915
"linkend=\"postfix-troubleshooting\"/> section."
16837
18916
msgstr ""
16838
18917
16839
#: serverguide/C/mail.xml:1575(para)
18918
#: serverguide/C/mail.xml:1610(para)
16840
18919
msgid ""
16841
18920
"<application>Amavisd-new</application> uses "
16842
18921
"<application>Syslog</application> to send messages to "
16846
18925
"1 to 5."
16847
18926
msgstr ""
16848
18927
16849
#: serverguide/C/mail.xml:1580(programlisting)
18928
#: serverguide/C/mail.xml:1615(programlisting)
16850
18929
#, no-wrap
16851
18930
msgid ""
16852
18931
"\n"
16853
18932
"$log_level = 2;\n"
16854
18933
msgstr ""
16855
18934
16856
#: serverguide/C/mail.xml:1584(para)
18935
#: serverguide/C/mail.xml:1619(para)
16857
18936
msgid ""
16858
18937
"When the <application>Amavisd-new</application> log output is increased "
16859
18938
"<application>Spamassassin</application> log output is also increased."
16860
18939
msgstr ""
16861
18940
16862
#: serverguide/C/mail.xml:1591(para)
18941
#: serverguide/C/mail.xml:1626(para)
16863
18942
msgid ""
16864
18943
"The <application>ClamAV</application> log level can be increased by editing "
16865
18944
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
16866
18945
msgstr ""
16867
18946
16868
#: serverguide/C/mail.xml:1595(programlisting)
18947
#: serverguide/C/mail.xml:1630(programlisting)
16869
18948
#, no-wrap
16870
18949
msgid ""
16871
18950
"\n"
16872
18951
"LogVerbose true\n"
16873
18952
msgstr ""
16874
18953
16875
#: serverguide/C/mail.xml:1598(para)
18954
#: serverguide/C/mail.xml:1633(para)
16876
18955
msgid ""
16877
18956
"By default <application>ClamAV</application> will send log messages to "
16878
18957
"<filename>/var/log/clamav/clamav.log</filename>."
16879
18958
msgstr ""
16880
18959
16881
#: serverguide/C/mail.xml:1604(para)
18960
#: serverguide/C/mail.xml:1639(para)
16882
18961
msgid ""
16883
18962
"After changing an applications log settings remember to restart the service "
16884
18963
"for the new settings to take affect. Also, once the issue you are "
16886
18965
"back to normal."
16887
18966
msgstr ""
16888
18967
16889
#: serverguide/C/mail.xml:1612(para)
18968
#: serverguide/C/mail.xml:1647(para)
16890
18969
msgid "For more information on filtering mail see the following links:"
16891
18970
msgstr ""
16892
18971
16893
#: serverguide/C/mail.xml:1618(ulink)
18972
#: serverguide/C/mail.xml:1653(ulink)
16894
18973
msgid "Amavisd-new Documentation"
16895
18974
msgstr ""
16896
18975
16897
#: serverguide/C/mail.xml:1622(para)
18976
#: serverguide/C/mail.xml:1657(para)
16898
18977
msgid ""
16899
18978
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
16900
18979
"Documentation</ulink> and <ulink "
16901
18980
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
16902
18981
msgstr ""
16903
18982
16904
#: serverguide/C/mail.xml:1629(ulink)
18983
#: serverguide/C/mail.xml:1664(ulink)
16905
18984
msgid "Spamassassin Wiki"
16906
18985
msgstr ""
16907
18986
16908
#: serverguide/C/mail.xml:1634(ulink)
18987
#: serverguide/C/mail.xml:1669(ulink)
16909
18988
msgid "Pyzor Homepage"
16910
18989
msgstr ""
16911
18990
16912
#: serverguide/C/mail.xml:1639(ulink)
18991
#: serverguide/C/mail.xml:1674(ulink)
16913
18992
msgid "Razor Homepage"
16914
18993
msgstr ""
16915
18994
16916
#: serverguide/C/mail.xml:1644(ulink)
18995
#: serverguide/C/mail.xml:1679(ulink)
16917
18996
msgid "DKIM.org"
16918
18997
msgstr ""
16919
18998
16920
#: serverguide/C/mail.xml:1648(para)
18999
#: serverguide/C/mail.xml:1684(ulink)
19000
msgid "Postfix Amavis New"
19001
msgstr ""
19002
19003
#: serverguide/C/mail.xml:1688(para)
16921
19004
msgid ""
16922
19005
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
16923
19006
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
17043
19126
"<xref linkend=\"http-installation\"/> sub-section in <xref "
17044
19127
"linkend=\"httpd\"/> section."
17045
19128
msgstr ""
19129
"Du bør også installere <application>apache2</application>-nettjener. For "
19130
"installasjon av <application>apache2</application>, følg <xref "
19131
"linkend=\"http-installation\"/> i <xref linkend=\"httpd\"/>-avsnittet."
17046
19132
17047
19133
#: serverguide/C/lamp-applications.xml:130(para)
17048
19134
msgid ""
17249
19335
"Wiki</ulink>."
17250
19336
msgstr ""
17251
19337
17252
#: serverguide/C/lamp-applications.xml:272(title)
19338
#: serverguide/C/lamp-applications.xml:268(para)
19339
msgid ""
19340
"Also, see the <ulink "
19341
"url=\"https://help.ubuntu.com/community/MoinMoin\">Ubuntu Wiki "
19342
"MoinMoin</ulink> page."
19343
msgstr ""
19344
19345
#: serverguide/C/lamp-applications.xml:277(title)
17253
19346
msgid "MediaWiki"
17254
19347
msgstr "MediaWiki"
17255
19348
17256
#: serverguide/C/lamp-applications.xml:274(para)
19349
#: serverguide/C/lamp-applications.xml:279(para)
17257
19350
msgid ""
17258
19351
"MediaWiki is an web based Wiki software written in the PHP language. It can "
17259
19352
"either use <application>MySQL</application> or "
17260
19353
"<application>PostgreSQL</application> Database Management System."
17261
19354
msgstr ""
17262
19355
17263
#: serverguide/C/lamp-applications.xml:284(para)
19356
#: serverguide/C/lamp-applications.xml:289(para)
17264
19357
msgid ""
17265
19358
"Before installing <application>MediaWiki</application> you should also "
17266
19359
"install <application>Apache2</application>, the "
17271
19364
"installation instructions."
17272
19365
msgstr ""
17273
19366
17274
#: serverguide/C/lamp-applications.xml:292(para)
19367
#: serverguide/C/lamp-applications.xml:297(para)
17275
19368
msgid ""
17276
19369
"To install <application>MediaWiki</application>, run the following command "
17277
19370
"in the command prompt:"
17278
19371
msgstr ""
19372
"For å installére <application>MediaWiki</application>, kjør følgende "
19373
"kommando i terminal:"
17279
19374
17280
#: serverguide/C/lamp-applications.xml:298(command)
19375
#: serverguide/C/lamp-applications.xml:303(command)
17281
19376
msgid "sudo apt-get install mediawiki php5-gd"
17282
msgstr ""
19377
msgstr "sudo apt-get install mediawiki php5-gd"
17283
19378
17284
#: serverguide/C/lamp-applications.xml:301(para)
19379
#: serverguide/C/lamp-applications.xml:306(para)
17285
19380
msgid ""
17286
19381
"For additional <application>MediaWiki</application> functionality see the "
17287
19382
"<application>mediawiki-extensions</application> package."
17288
19383
msgstr ""
17289
19384
17290
#: serverguide/C/lamp-applications.xml:311(para)
19385
#: serverguide/C/lamp-applications.xml:316(para)
17291
19386
msgid ""
17292
19387
"The Apache configuration file <filename>mediawiki.conf</filename> for "
17293
19388
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
17295
19390
"MediaWiki application."
17296
19391
msgstr ""
17297
19392
17298
#: serverguide/C/lamp-applications.xml:319(screen)
19393
#: serverguide/C/lamp-applications.xml:324(screen)
17299
19394
#, no-wrap
17300
19395
msgid ""
17301
19396
"\n"
17302
19397
"# Alias /mediawiki /var/lib/mediawiki\n"
17303
19398
msgstr ""
17304
19399
17305
#: serverguide/C/lamp-applications.xml:323(para)
19400
#: serverguide/C/lamp-applications.xml:328(para)
17306
19401
msgid ""
17307
19402
"After you uncomment the above line, restart Apache server and access "
17308
19403
"MediaWiki using the following url:"
17309
19404
msgstr ""
17310
19405
17311
#: serverguide/C/lamp-applications.xml:328(programlisting)
19406
#: serverguide/C/lamp-applications.xml:333(programlisting)
17312
19407
#, no-wrap
17313
19408
msgid ""
17314
19409
"\n"
17315
19410
"http://localhost/mediawiki/config/index.php\n"
17316
19411
msgstr ""
17317
19412
17318
#: serverguide/C/lamp-applications.xml:333(para)
19413
#: serverguide/C/lamp-applications.xml:338(para)
17319
19414
msgid ""
17320
19415
"Please read the <quote>Checking environment...</quote> section in this page. "
17321
19416
"You should be able to fix many issues by carefully reading this section."
17322
19417
msgstr ""
17323
19418
17324
#: serverguide/C/lamp-applications.xml:340(para)
19419
#: serverguide/C/lamp-applications.xml:345(para)
17325
19420
msgid ""
17326
19421
"Once the configuration is complete, you should copy the "
17327
"<filename>/var/lib/mediawiki/LocalSettings.php</filename> file to "
17328
"<filename>/etc/mediawiki</filename> directory."
17329
msgstr ""
17330
17331
#: serverguide/C/lamp-applications.xml:348(title)
19422
"<filename>LocalSettings.php</filename> file to "
19423
"<filename>/etc/mediawiki</filename> directory:"
19424
msgstr ""
19425
19426
#: serverguide/C/lamp-applications.xml:352(command)
19427
msgid "sudo mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/"
19428
msgstr ""
19429
19430
#: serverguide/C/lamp-applications.xml:355(para)
19431
msgid ""
19432
"You may also want to edit "
19433
"<filename>/etc/mediawiki/LocalSettings.php</filename> adjusting:"
19434
msgstr ""
19435
19436
#: serverguide/C/lamp-applications.xml:360(programlisting)
19437
#, no-wrap
19438
msgid ""
19439
"\n"
19440
"ini_set( 'memory_limit', '64M' );\n"
19441
msgstr ""
19442
19443
#: serverguide/C/lamp-applications.xml:367(title)
17332
19444
msgid "Extensions"
17333
19445
msgstr ""
17334
19446
17335
#: serverguide/C/lamp-applications.xml:349(para)
19447
#: serverguide/C/lamp-applications.xml:368(para)
17336
19448
msgid ""
17337
19449
"The extensions add new features and enhancements for the MediaWiki "
17338
19450
"application. The extensions give wiki administrators and end users the "
17339
19451
"ability to customize MediaWiki to their requirements."
17340
19452
msgstr ""
17341
19453
17342
#: serverguide/C/lamp-applications.xml:355(para)
19454
#: serverguide/C/lamp-applications.xml:374(para)
17343
19455
msgid ""
17344
19456
"You can download MediaWiki extensions as an archive file or checkout from "
17345
19457
"the Subversion repository. You should copy it to "
17348
19460
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
17349
19461
msgstr ""
17350
19462
17351
#: serverguide/C/lamp-applications.xml:363(programlisting)
19463
#: serverguide/C/lamp-applications.xml:382(programlisting)
17352
19464
#, no-wrap
17353
19465
msgid ""
17354
19466
"\n"
17355
19467
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
17356
19468
msgstr ""
17357
19469
17358
#: serverguide/C/lamp-applications.xml:373(para)
19470
#: serverguide/C/lamp-applications.xml:392(para)
17359
19471
msgid ""
17360
19472
"For more details, please refer to the <ulink "
17361
19473
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
17362
19474
msgstr ""
19475
"For flere detaljer, se <ulink url=\"http://www.mediawiki.org\">nettsiden til "
19476
"MediaWiki</ulink>."
17363
19477
17364
#: serverguide/C/lamp-applications.xml:379(para)
19478
#: serverguide/C/lamp-applications.xml:398(para)
17365
19479
msgid ""
17366
19480
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
17367
19481
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
17368
19482
"new MediaWiki administrators."
17369
19483
msgstr ""
17370
19484
17371
#: serverguide/C/lamp-applications.xml:389(title)
19485
#: serverguide/C/lamp-applications.xml:404(para)
19486
msgid ""
19487
"Also, the <ulink url=\"https://help.ubuntu.com/community/MediaWiki\">Ubuntu "
19488
"Wiki MediaWiki</ulink> page is a good resource."
19489
msgstr ""
19490
19491
#: serverguide/C/lamp-applications.xml:414(title)
17372
19492
msgid "phpMyAdmin"
17373
19493
msgstr ""
17374
19494
17375
#: serverguide/C/lamp-applications.xml:391(para)
19495
#: serverguide/C/lamp-applications.xml:416(para)
17376
19496
msgid ""
17377
19497
"<application>phpMyAdmin</application> is a LAMP application specifically "
17378
19498
"written for administering <application>MySQL</application> servers. Written "
17380
19500
"phpMyAdmin provides a graphical interface for database administration tasks."
17381
19501
msgstr ""
17382
19502
17383
#: serverguide/C/lamp-applications.xml:400(para)
19503
#: serverguide/C/lamp-applications.xml:425(para)
17384
19504
msgid ""
17385
19505
"Before installing <application>phpMyAdmin</application> you will need access "
17386
19506
"to a <application>MySQL</application> database either on the same host as "
17389
19509
"enter:"
17390
19510
msgstr ""
17391
19511
17392
#: serverguide/C/lamp-applications.xml:407(command)
19512
#: serverguide/C/lamp-applications.xml:432(command)
17393
19513
msgid "sudo apt-get install phpmyadmin"
17394
19514
msgstr ""
17395
19515
17396
#: serverguide/C/lamp-applications.xml:410(para)
19516
#: serverguide/C/lamp-applications.xml:435(para)
17397
19517
msgid ""
17398
19518
"At the prompt choose which web server to be configured for "
17399
19519
"<application>phpMyAdmin</application>. The rest of this section will use "
17400
19520
"<application>Apache2</application> for the web server."
17401
19521
msgstr ""
17402
19522
17403
#: serverguide/C/lamp-applications.xml:415(para)
19523
#: serverguide/C/lamp-applications.xml:440(para)
17404
19524
msgid ""
17405
19525
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
17406
19526
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
17410
19530
"password."
17411
19531
msgstr ""
17412
19532
17413
#: serverguide/C/lamp-applications.xml:422(para)
19533
#: serverguide/C/lamp-applications.xml:447(para)
17414
19534
msgid ""
17415
19535
"Once logged in you can reset the <emphasis>root</emphasis> password if "
17416
19536
"needed, create users, create/destroy databases and tables, etc."
17417
19537
msgstr ""
17418
19538
17419
#: serverguide/C/lamp-applications.xml:430(para)
19539
#: serverguide/C/lamp-applications.xml:455(para)
17420
19540
msgid ""
17421
19541
"The configuration files for <application>phpMyAdmin</application> are "
17422
19542
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
17425
19545
"<application>phpMyAdmin</application>."
17426
19546
msgstr ""
17427
19547
17428
#: serverguide/C/lamp-applications.xml:436(para)
19548
#: serverguide/C/lamp-applications.xml:461(para)
17429
19549
msgid ""
17430
19550
"To use <application>phpMyAdmin</application> to administer a MySQL database "
17431
19551
"hosted on another server, adjust the following in "
17432
19552
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
17433
19553
msgstr ""
17434
19554
17435
#: serverguide/C/lamp-applications.xml:441(programlisting)
19555
#: serverguide/C/lamp-applications.xml:466(programlisting)
17436
19556
#, no-wrap
17437
19557
msgid ""
17438
19558
"\n"
17439
19559
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
17440
19560
msgstr ""
17441
19561
17442
#: serverguide/C/lamp-applications.xml:446(para)
19562
#: serverguide/C/lamp-applications.xml:471(para)
17443
19563
msgid ""
17444
19564
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
17445
19565
"remote database server name or IP address. Also, be sure that the "
17447
19567
"remote database."
17448
19568
msgstr ""
17449
19569
17450
#: serverguide/C/lamp-applications.xml:452(para)
19570
#: serverguide/C/lamp-applications.xml:477(para)
17451
19571
msgid ""
17452
19572
"Once configured, log out of <application>phpMyAdmin</application> and back "
17453
19573
"in, and you should be accessing the new server."
17454
19574
msgstr ""
17455
19575
17456
#: serverguide/C/lamp-applications.xml:456(para)
19576
#: serverguide/C/lamp-applications.xml:481(para)
17457
19577
msgid ""
17458
19578
"The <filename>config.header.inc.php</filename> and "
17459
19579
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
17460
19580
"header and footer to <application>phpMyAdmin</application>."
17461
19581
msgstr ""
17462
19582
17463
#: serverguide/C/lamp-applications.xml:461(para)
19583
#: serverguide/C/lamp-applications.xml:486(para)
17464
19584
msgid ""
17465
19585
"Another important configuration file is "
17466
19586
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
17472
19592
"linkend=\"httpd\"/>."
17473
19593
msgstr ""
17474
19594
17475
#: serverguide/C/lamp-applications.xml:475(para)
19595
#: serverguide/C/lamp-applications.xml:500(para)
17476
19596
msgid ""
17477
19597
"The <application>phpMyAdmin</application> documentation comes installed with "
17478
19598
"the package and can be accessed from the <emphasis>phpMyAdmin "
17481
19601
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
17482
19602
msgstr ""
17483
19603
17484
#: serverguide/C/lamp-applications.xml:482(para)
19604
#: serverguide/C/lamp-applications.xml:507(para)
17485
19605
msgid ""
17486
19606
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
17487
19607
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
17488
19608
msgstr ""
17489
19609
19610
#: serverguide/C/lamp-applications.xml:512(para)
19611
msgid ""
19612
"A third resource is the <ulink "
19613
"url=\"https://help.ubuntu.com/community/phpMyAdmin\">phpMyAdmin Ubuntu "
19614
"Wiki</ulink> page."
19615
msgstr ""
19616
17490
19617
#: serverguide/C/introduction.xml:14(para)
17491
19618
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
17492
19619
msgstr ""
17503
19630
"This guide assumes you have a basic understanding of your Ubuntu system. "
17504
19631
"Some installation details are covered in <xref linkend=\"installation\"/>, "
17505
19632
"but if you need detailed instructions installing Ubuntu please refer to the "
17506
"<ulink url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu "
19633
"<ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
17507
19634
"Installation Guide</ulink>."
17508
19635
msgstr ""
17509
19636
17523
19650
msgstr ""
17524
19651
17525
19652
#: serverguide/C/introduction.xml:36(command)
17526
msgid "w3m /usr/share/ubuntu-serverguide/html/en_GB/index.html"
19653
msgid "w3m /usr/share/ubuntu-serverguide/html/C/index.html"
17527
19654
msgstr ""
17528
19655
17529
19656
#: serverguide/C/introduction.xml:39(para)
17530
msgid "Replace <emphasis>en_GB</emphasis> with your language localization."
19657
msgid ""
19658
"If you are using a localized version of Ubuntu, replace "
19659
"<emphasis>C</emphasis> with your language localization (e.g. "
19660
"<emphasis>en_GB</emphasis>)."
17531
19661
msgstr ""
17532
19662
17533
19663
#: serverguide/C/introduction.xml:53(title)
17536
19666
17537
19667
#: serverguide/C/introduction.xml:55(para)
17538
19668
msgid ""
17539
"There a couple of different ways that Ubuntu Server Edition is supported, "
17540
"commercial support and community support. The main commercial support (and "
17541
"development funding) is available from Canonical Ltd. They supply reasonably "
17542
"priced support contracts on a per desktop or per server basis. For more "
17543
"information see the <ulink "
19669
"There are a couple of different ways that Ubuntu Server Edition is "
19670
"supported, commercial support and community support. The main commercial "
19671
"support (and development funding) is available from Canonical Ltd. They "
19672
"supply reasonably priced support contracts on a per desktop or per server "
19673
"basis. For more information see the <ulink "
17544
19674
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
17545
19675
"page."
17546
19676
msgstr ""
17558
19688
17559
19689
#: serverguide/C/installation.xml:14(para)
17560
19690
msgid ""
17561
"This chapter provides a quick overview of installing Ubuntu 9.10 Server "
19691
"This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server "
17562
19692
"Edition. For more detailed instructions, please refer to the <ulink "
17563
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
17564
"Guide</ulink>."
19693
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu "
19694
"Installation Guide</ulink>."
17565
19695
msgstr ""
17566
19696
17567
19697
#: serverguide/C/installation.xml:19(title)
17580
19710
17581
19711
#: serverguide/C/installation.xml:25(para)
17582
19712
msgid ""
17583
"Ubuntu 9.10 Server Edition supports two (2) major architectures: Intel x86 "
17584
"and AMD64. The table below lists recommended hardware specifications. "
19713
"Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel "
19714
"x86 and AMD64. The table below lists recommended hardware specifications. "
17585
19715
"Depending on your needs, you might manage with less than this. However, most "
17586
19716
"users risk being frustrated if they ignore these suggestions."
17587
19717
msgstr ""
17633
19763
"services, such as file/print services, web hosting, email hosting, etc."
17634
19764
msgstr ""
17635
19765
17636
#: serverguide/C/installation.xml:62(title)
19766
#: serverguide/C/installation.xml:60(para)
19767
msgid ""
19768
"The requirements for UEC are slightly different for Front End requirements "
19769
"see <xref linkend=\"uec-frontend-requirements\"/> and for UEC Node "
19770
"requirements see <xref linkend=\"uec-node-requirements\"/>."
19771
msgstr ""
19772
19773
#: serverguide/C/installation.xml:68(title)
17637
19774
msgid "Server and Desktop Differences"
17638
19775
msgstr ""
17639
19776
17640
#: serverguide/C/installation.xml:63(para)
19777
#: serverguide/C/installation.xml:69(para)
17641
19778
msgid ""
17642
19779
"There are a few differences between the <emphasis>Ubuntu Server "
17643
19780
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
17647
19784
"Desktop Edition as it is on the Server Edition."
17648
19785
msgstr ""
17649
19786
17650
#: serverguide/C/installation.xml:69(para)
19787
#: serverguide/C/installation.xml:75(para)
17651
19788
msgid ""
17652
19789
"The differences between the two editions are the lack of an X window "
17653
19790
"environment in the Server Edition, the installation process, and different "
17654
19791
"Kernel options."
17655
19792
msgstr ""
17656
19793
17657
#: serverguide/C/installation.xml:76(title)
19794
#: serverguide/C/installation.xml:82(title)
17658
19795
msgid "Kernel Differences:"
17659
19796
msgstr ""
17660
19797
17661
#: serverguide/C/installation.xml:79(para)
19798
#: serverguide/C/installation.xml:85(para)
17662
19799
msgid ""
17663
19800
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
17664
19801
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
17665
19802
"Edition."
17666
19803
msgstr ""
17667
19804
17668
#: serverguide/C/installation.xml:85(para)
19805
#: serverguide/C/installation.xml:91(para)
17669
19806
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
17670
19807
msgstr ""
17671
19808
17672
#: serverguide/C/installation.xml:90(para)
19809
#: serverguide/C/installation.xml:96(para)
17673
19810
msgid ""
17674
19811
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
17675
19812
"Desktop Edition."
17676
19813
msgstr ""
17677
19814
17678
#: serverguide/C/installation.xml:96(para)
19815
#: serverguide/C/installation.xml:102(para)
17679
19816
msgid ""
17680
19817
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
17681
19818
"limited by memory addressing space."
17682
19819
msgstr ""
17683
19820
17684
#: serverguide/C/installation.xml:101(para)
19821
#: serverguide/C/installation.xml:107(para)
17685
19822
msgid ""
17686
19823
"To see all kernel configuration options you can look through "
17687
19824
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
17689
19826
"great resource on the options available."
17690
19827
msgstr ""
17691
19828
17692
#: serverguide/C/installation.xml:110(title)
19829
#: serverguide/C/installation.xml:116(title)
17693
19830
msgid "Backing Up"
17694
19831
msgstr ""
17695
19832
17696
#: serverguide/C/installation.xml:113(para)
19833
#: serverguide/C/installation.xml:119(para)
17697
19834
msgid ""
17698
19835
"Before installing <application>Ubuntu Server Edition</application> you "
17699
19836
"should make sure all data on the system is backed up. See <xref "
17700
19837
"linkend=\"backups\"/> for backup options."
17701
19838
msgstr ""
17702
19839
17703
#: serverguide/C/installation.xml:117(para)
19840
#: serverguide/C/installation.xml:123(para)
17704
19841
msgid ""
17705
19842
"If this is not the first time an operating system has been installed on your "
17706
19843
"computer, it is likely you will need to re-partition your disk to make room "
17707
19844
"for Ubuntu."
17708
19845
msgstr ""
17709
19846
17710
#: serverguide/C/installation.xml:121(para)
19847
#: serverguide/C/installation.xml:127(para)
17711
19848
msgid ""
17712
19849
"Any time you partition your disk, you should be prepared to lose everything "
17713
19850
"on the disk should you make a mistake or something goes wrong during "
17715
19852
"have seen years of use, but they also perform destructive actions."
17716
19853
msgstr ""
17717
19854
17718
#: serverguide/C/installation.xml:133(title)
19855
#: serverguide/C/installation.xml:139(title)
17719
19856
msgid "Installing from CD"
17720
19857
msgstr ""
17721
19858
17722
#: serverguide/C/installation.xml:134(para)
19859
#: serverguide/C/installation.xml:140(para)
17723
19860
msgid ""
17724
19861
"The basic steps to install Ubuntu Server Edition from CD are the same for "
17725
19862
"installing any operating system from CD. Unlike the <emphasis>Desktop "
17728
19865
"menu based process."
17729
19866
msgstr ""
17730
19867
17731
#: serverguide/C/installation.xml:141(para)
19868
#: serverguide/C/installation.xml:147(para)
17732
19869
msgid ""
17733
19870
"First, download and burn the appropriate ISO file from the <ulink "
17734
19871
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
17735
19872
msgstr ""
17736
19873
17737
#: serverguide/C/installation.xml:147(para)
19874
#: serverguide/C/installation.xml:153(para)
17738
19875
msgid "Boot the system from the CD-ROM drive."
17739
19876
msgstr ""
17740
19877
17741
#: serverguide/C/installation.xml:152(para)
19878
#: serverguide/C/installation.xml:158(para)
17742
19879
msgid ""
17743
19880
"At the boot prompt you will be asked to select the language. Afterwards the "
17744
19881
"installation process begins by asking for your keyboard layout."
17745
19882
msgstr ""
17746
19883
17747
#: serverguide/C/installation.xml:158(para)
19884
#: serverguide/C/installation.xml:164(para)
19885
msgid ""
19886
"From the main boot menu there are some additional options to install Ubuntu "
19887
"Server Edition. You can install a basic Ubuntu Server, or install Ubuntu "
19888
"Server as part of a <emphasis>Ubuntu Enterprise Cloud</emphasis>. For more "
19889
"information on UEC see <xref linkend=\"uec\"/>. The rest of this section "
19890
"will cover the basic Ubuntu Server install."
19891
msgstr ""
19892
19893
#: serverguide/C/installation.xml:172(para)
17748
19894
msgid ""
17749
19895
"The installer then discovers your hardware configuration, and configures the "
17750
19896
"network settings using DHCP. If you do not wish to use DHCP at the next "
17752
19898
"network manually\"."
17753
19899
msgstr ""
17754
19900
17755
#: serverguide/C/installation.xml:165(para)
19901
#: serverguide/C/installation.xml:179(para)
17756
19902
msgid "Next, the installer asks for the system's hostname and Time Zone."
17757
19903
msgstr ""
17758
19904
17759
#: serverguide/C/installation.xml:170(para)
19905
#: serverguide/C/installation.xml:184(para)
17760
19906
msgid ""
17761
19907
"You can then choose from several options to configure the hard drive layout. "
17762
19908
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
17763
19909
msgstr ""
17764
19910
17765
#: serverguide/C/installation.xml:176(para)
19911
#: serverguide/C/installation.xml:190(para)
17766
19912
msgid "The Ubuntu base system is then installed."
17767
19913
msgstr ""
17768
19914
17769
#: serverguide/C/installation.xml:181(para)
19915
#: serverguide/C/installation.xml:195(para)
17770
19916
msgid ""
17771
19917
"A new user is setup, this user will have <emphasis>root</emphasis> access "
17772
19918
"through the <application>sudo</application> utility."
17773
19919
msgstr ""
17774
19920
17775
#: serverguide/C/installation.xml:187(para)
19921
#: serverguide/C/installation.xml:201(para)
17776
19922
msgid ""
17777
19923
"After the user is setup, you will be asked to encrypt your <filename "
17778
19924
"role=\"directory\">home</filename> directory."
17779
19925
msgstr ""
17780
19926
17781
#: serverguide/C/installation.xml:193(para)
19927
#: serverguide/C/installation.xml:207(para)
17782
19928
msgid ""
17783
19929
"The next step in the installation process is to decide how you want to "
17784
19930
"update the system. There are three options:"
17785
19931
msgstr ""
17786
19932
17787
#: serverguide/C/installation.xml:199(para)
19933
#: serverguide/C/installation.xml:213(para)
17788
19934
msgid ""
17789
19935
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
17790
19936
"log into the machine and manually install updates."
17791
19937
msgstr ""
17792
19938
17793
#: serverguide/C/installation.xml:205(para)
19939
#: serverguide/C/installation.xml:219(para)
17794
19940
msgid ""
17795
19941
"<emphasis>Install security updates Automatically</emphasis>: will install "
17796
19942
"the <application>unattended-upgrades</application> package, which will "
17798
19944
"more details see <xref linkend=\"automatic-updates\"/>."
17799
19945
msgstr ""
17800
19946
17801
#: serverguide/C/installation.xml:212(para)
19947
#: serverguide/C/installation.xml:226(para)
17802
19948
msgid ""
17803
19949
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
17804
19950
"service provided by Canonical to help manage your Ubuntu machines. See the "
17806
19952
"site for details."
17807
19953
msgstr ""
17808
19954
17809
#: serverguide/C/installation.xml:221(para)
19955
#: serverguide/C/installation.xml:235(para)
17810
19956
msgid ""
17811
19957
"You now have the option to install, or not install, several package tasks. "
17812
19958
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
17814
19960
"install. For more information see <xref linkend=\"aptitude\"/>."
17815
19961
msgstr ""
17816
19962
17817
#: serverguide/C/installation.xml:229(para)
19963
#: serverguide/C/installation.xml:243(para)
17818
19964
msgid "Finally, the last step before rebooting is to set the clock to UTC."
17819
19965
msgstr ""
17820
19966
17821
#: serverguide/C/installation.xml:235(para)
19967
#: serverguide/C/installation.xml:249(para)
17822
19968
msgid ""
17823
19969
"If at any point during installation you are not satisfied by the default "
17824
19970
"setting, use the \"Go Back\" function at any prompt to be brought to a "
17826
19972
"settings."
17827
19973
msgstr ""
17828
19974
17829
#: serverguide/C/installation.xml:240(para)
19975
#: serverguide/C/installation.xml:254(para)
17830
19976
msgid ""
17831
19977
"At some point during the installation process you may want to read the help "
17832
19978
"screen provided by the installation system. To do this, press F1."
17833
19979
msgstr ""
17834
19980
17835
#: serverguide/C/installation.xml:245(para)
19981
#: serverguide/C/installation.xml:259(para)
17836
19982
msgid ""
17837
19983
"Once again, for detailed instructions see the <ulink "
17838
"url=\"https://help.ubuntu.com/9.10/installation-guide/\"> Ubuntu "
19984
"url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu "
17839
19985
"Installation Guide</ulink>."
17840
19986
msgstr ""
17841
19987
17842
#: serverguide/C/installation.xml:251(title)
19988
#: serverguide/C/installation.xml:265(title)
17843
19989
msgid "Package Tasks"
17844
19990
msgstr ""
17845
19991
17846
#: serverguide/C/installation.xml:252(para)
19992
#: serverguide/C/installation.xml:266(para)
17847
19993
msgid ""
17848
19994
"During the Server Edition installation you have the option of installing "
17849
19995
"additional packages from the CD. The packages are grouped by the type of "
17850
19996
"service they provide."
17851
19997
msgstr ""
17852
19998
17853
#: serverguide/C/installation.xml:258(para)
19999
#: serverguide/C/installation.xml:272(para)
20000
msgid "Cloud computing: Walrus storage service"
20001
msgstr ""
20002
20003
#: serverguide/C/installation.xml:277(para)
20004
msgid "Cloud computing: all-in-one cluster"
20005
msgstr ""
20006
20007
#: serverguide/C/installation.xml:282(para)
20008
msgid "Cloud computing: Cluster controller"
20009
msgstr ""
20010
20011
#: serverguide/C/installation.xml:287(para)
20012
msgid "Cloud computing: Node controller"
20013
msgstr ""
20014
20015
#: serverguide/C/installation.xml:292(para)
20016
msgid "Cloud computing: Storage controller"
20017
msgstr ""
20018
20019
#: serverguide/C/installation.xml:297(para)
20020
msgid "Cloud computing: top-level cloud controller"
20021
msgstr ""
20022
20023
#: serverguide/C/installation.xml:302(para)
17854
20024
msgid "DNS server: Selects the BIND DNS server and its documentation."
17855
20025
msgstr ""
17856
20026
17857
#: serverguide/C/installation.xml:263(para)
20027
#: serverguide/C/installation.xml:307(para)
17858
20028
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
17859
20029
msgstr ""
17860
20030
17861
#: serverguide/C/installation.xml:268(para)
20031
#: serverguide/C/installation.xml:312(para)
17862
20032
msgid ""
17863
20033
"Mail server: This task selects a variety of package useful for a general "
17864
20034
"purpose mail server system."
17865
20035
msgstr ""
17866
20036
17867
#: serverguide/C/installation.xml:273(para)
20037
#: serverguide/C/installation.xml:317(para)
17868
20038
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
17869
20039
msgstr ""
17870
20040
17871
#: serverguide/C/installation.xml:278(para)
20041
#: serverguide/C/installation.xml:322(para)
17872
20042
msgid ""
17873
20043
"PostgreSQL database: This task selects client and server packages for the "
17874
20044
"PostgreSQL database."
17875
20045
msgstr ""
17876
20046
17877
#: serverguide/C/installation.xml:283(para)
20047
#: serverguide/C/installation.xml:327(para)
17878
20048
msgid "Print server: This task sets up your system to be a print server."
17879
20049
msgstr ""
17880
20050
17881
#: serverguide/C/installation.xml:288(para)
20051
#: serverguide/C/installation.xml:332(para)
17882
20052
msgid ""
17883
20053
"Samba File server: This task sets up your system to be a Samba file server, "
17884
20054
"which is especially suitable in networks with both Windows and Linux systems."
17885
20055
msgstr ""
17886
20056
17887
#: serverguide/C/installation.xml:294(para)
20057
#: serverguide/C/installation.xml:338(para)
17888
20058
msgid ""
17889
20059
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
17890
20060
"etc."
17891
20061
msgstr ""
17892
20062
17893
#: serverguide/C/installation.xml:299(para)
20063
#: serverguide/C/installation.xml:343(para)
17894
20064
msgid ""
17895
20065
"Virtual machine host: Includes packages needed to run KVM virtual machines."
17896
20066
msgstr ""
17897
20067
17898
#: serverguide/C/installation.xml:304(para)
20068
#: serverguide/C/installation.xml:348(para)
20069
msgid ""
20070
"Manually select packages: Executes <application>apptitude</application> "
20071
"allowing you to individually select packages."
20072
msgstr ""
20073
20074
#: serverguide/C/installation.xml:353(para)
17899
20075
msgid ""
17900
20076
"Installing the package groups is accomplished using the "
17901
20077
"<application>tasksel</application> utility. One of the important difference "
17906
20082
"a fully integrated service."
17907
20083
msgstr ""
17908
20084
17909
#: serverguide/C/installation.xml:311(para)
20085
#: serverguide/C/installation.xml:360(para)
20086
msgid ""
20087
"For more information on the <emphasis>Cloud Computing</emphasis> tasks see "
20088
"<xref linkend=\"uec\"/>."
20089
msgstr ""
20090
20091
#: serverguide/C/installation.xml:363(para)
17910
20092
msgid ""
17911
20093
"Once the installation process has finished you can view a list of available "
17912
20094
"tasks by entering the following from a terminal prompt:"
17913
20095
msgstr ""
17914
20096
17915
#: serverguide/C/installation.xml:316(command)
20097
#: serverguide/C/installation.xml:368(command)
17916
20098
msgid "tasksel --list-tasks"
17917
20099
msgstr ""
17918
20100
17919
#: serverguide/C/installation.xml:319(para)
20101
#: serverguide/C/installation.xml:371(para)
17920
20102
msgid ""
17921
20103
"The output will list tasks from other Ubuntu based distributions such as "
17922
20104
"Kubuntu and Edubuntu. Note that you can also invoke the "
17924
20106
"the different tasks available."
17925
20107
msgstr ""
17926
20108
17927
#: serverguide/C/installation.xml:325(para)
20109
#: serverguide/C/installation.xml:377(para)
17928
20110
msgid ""
17929
20111
"You can view a list of which packages are installed with each task using the "
17930
20112
"<emphasis>--task-packages</emphasis> option. For example, to list the "
17932
20114
"following:"
17933
20115
msgstr ""
17934
20116
17935
#: serverguide/C/installation.xml:330(command)
20117
#: serverguide/C/installation.xml:382(command)
17936
20118
msgid "tasksel --task-packages dns-server"
17937
20119
msgstr ""
17938
20120
17939
#: serverguide/C/installation.xml:332(para)
20121
#: serverguide/C/installation.xml:384(para)
17940
20122
msgid "The output of the command should list:"
17941
20123
msgstr ""
17942
20124
17943
#: serverguide/C/installation.xml:335(programlisting)
20125
#: serverguide/C/installation.xml:387(programlisting)
17944
20126
#, no-wrap
17945
20127
msgid ""
17946
20128
"\n"
17949
20131
"bind9\n"
17950
20132
msgstr ""
17951
20133
17952
#: serverguide/C/installation.xml:340(para)
20134
#: serverguide/C/installation.xml:392(para)
17953
20135
msgid ""
17954
20136
"Also, if you did not install one of the tasks during the installation "
17955
20137
"process, but for example you decide to make your new LAMP server a DNS "
17956
20138
"server as well. Simply insert the installation CD and from a terminal:"
17957
20139
msgstr ""
17958
20140
17959
#: serverguide/C/installation.xml:345(command)
20141
#: serverguide/C/installation.xml:397(command)
17960
20142
msgid "sudo tasksel install dns-server"
17961
20143
msgstr ""
17962
20144
17963
#: serverguide/C/installation.xml:350(title)
20145
#: serverguide/C/installation.xml:402(title)
17964
20146
msgid "Upgrading"
17965
20147
msgstr ""
17966
20148
17967
#: serverguide/C/installation.xml:351(para)
20149
#: serverguide/C/installation.xml:403(para)
17968
20150
msgid ""
17969
20151
"There are several ways to upgrade from one Ubuntu release to another. This "
17970
20152
"section gives an overview of the recommended upgrade method."
17971
20153
msgstr ""
17972
20154
17973
#: serverguide/C/installation.xml:355(title) serverguide/C/installation.xml:370(command)
20155
#: serverguide/C/installation.xml:407(title) serverguide/C/installation.xml:422(command)
17974
20156
msgid "do-release-upgrade"
17975
20157
msgstr ""
17976
20158
17977
#: serverguide/C/installation.xml:356(para)
20159
#: serverguide/C/installation.xml:408(para)
17978
20160
msgid ""
17979
20161
"The recommended way to upgrade a Server Edition installation is to use the "
17980
20162
"<application>do-release-upgrade</application> utility. Part of the "
17982
20164
"graphical dependencies and is installed by default."
17983
20165
msgstr ""
17984
20166
17985
#: serverguide/C/installation.xml:361(para)
20167
#: serverguide/C/installation.xml:413(para)
17986
20168
msgid ""
17987
20169
"Debian based systems can also be upgraded by using <command>apt-get dist-"
17988
20170
"upgrade</command>. However, using <application>do-release-"
17990
20172
"system configuration changes sometimes needed between releases."
17991
20173
msgstr ""
17992
20174
17993
#: serverguide/C/installation.xml:366(para)
20175
#: serverguide/C/installation.xml:418(para)
17994
20176
msgid "To upgrade to a newer release, from a terminal prompt enter:"
17995
20177
msgstr ""
17996
20178
17997
#: serverguide/C/installation.xml:372(para)
20179
#: serverguide/C/installation.xml:424(para)
17998
20180
msgid ""
17999
20181
"It is also possible to use <application>do-release-upgrade</application> to "
18000
20182
"upgrade to a development version of Ubuntu. To accomplish this use the "
18001
20183
"<emphasis>-d</emphasis> switch:"
18002
20184
msgstr ""
18003
20185
18004
#: serverguide/C/installation.xml:377(command)
20186
#: serverguide/C/installation.xml:429(command)
18005
20187
msgid "do-release-upgrade -d"
18006
20188
msgstr ""
18007
20189
18008
#: serverguide/C/installation.xml:380(para)
20190
#: serverguide/C/installation.xml:432(para)
18009
20191
msgid ""
18010
20192
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
18011
20193
"for production environments."
18012
20194
msgstr ""
18013
20195
18014
#: serverguide/C/installation.xml:387(title)
20196
#: serverguide/C/installation.xml:439(title)
18015
20197
msgid "Advanced Installation"
18016
20198
msgstr ""
18017
20199
18018
#: serverguide/C/installation.xml:390(title)
20200
#: serverguide/C/installation.xml:442(title)
18019
20201
msgid "Software RAID"
18020
20202
msgstr ""
18021
20203
18022
#: serverguide/C/installation.xml:392(para)
20204
#: serverguide/C/installation.xml:444(para)
18023
20205
msgid ""
18024
20206
"RAID is a method of configuring multiple hard drives to act as one, reducing "
18025
20207
"the probability of catastrophic data loss in case of drive failure. RAID is "
18029
20211
"drives 'invisibly')."
18030
20212
msgstr ""
18031
20213
18032
#: serverguide/C/installation.xml:399(para)
20214
#: serverguide/C/installation.xml:451(para)
18033
20215
msgid ""
18034
20216
"The RAID software included with current versions of Linux (and Ubuntu) is "
18035
20217
"based on the <application>'mdadm'</application> driver and works very well, "
18039
20221
"another for <emphasis>swap</emphasis>."
18040
20222
msgstr ""
18041
20223
18042
#: serverguide/C/installation.xml:409(para) serverguide/C/installation.xml:926(para)
20224
#: serverguide/C/installation.xml:461(para) serverguide/C/installation.xml:975(para)
18043
20225
msgid ""
18044
20226
"Follow the installation steps until you get to the <emphasis>Partition "
18045
20227
"disks</emphasis> step, then:"
18046
20228
msgstr ""
18047
20229
18048
#: serverguide/C/installation.xml:416(para)
20230
#: serverguide/C/installation.xml:468(para)
18049
20231
msgid "Select <emphasis>Manual</emphasis> as the partition method."
18050
20232
msgstr ""
18051
20233
18052
#: serverguide/C/installation.xml:423(para)
20234
#: serverguide/C/installation.xml:475(para)
18053
20235
msgid ""
18054
20236
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
18055
20237
"partition table on this device?\"</emphasis>."
18056
20238
msgstr ""
18057
20239
18058
#: serverguide/C/installation.xml:427(para)
20240
#: serverguide/C/installation.xml:479(para)
18059
20241
msgid ""
18060
20242
"Repeat this step for each drive you wish to be part of the RAID array."
18061
20243
msgstr ""
18062
20244
18063
#: serverguide/C/installation.xml:434(para)
20245
#: serverguide/C/installation.xml:486(para)
18064
20246
msgid ""
18065
20247
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
18066
20248
"select <emphasis>\"Create a new partition\"</emphasis>."
18067
20249
msgstr ""
18068
20250
18069
#: serverguide/C/installation.xml:441(para)
20251
#: serverguide/C/installation.xml:493(para)
18070
20252
msgid ""
18071
20253
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
18072
20254
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
18074
20256
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18075
20257
msgstr ""
18076
20258
18077
#: serverguide/C/installation.xml:450(para)
20259
#: serverguide/C/installation.xml:502(para)
18078
20260
msgid ""
18079
20261
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18080
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
20262
"is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, "
18081
20263
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18082
20264
"<emphasis>\"Done setting up partition\"</emphasis>."
18083
20265
msgstr ""
18084
20266
18085
#: serverguide/C/installation.xml:459(para)
20267
#: serverguide/C/installation.xml:511(para)
18086
20268
msgid ""
18087
20269
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18088
20270
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18089
20271
"partition\"</emphasis>."
18090
20272
msgstr ""
18091
20273
18092
#: serverguide/C/installation.xml:467(para)
20274
#: serverguide/C/installation.xml:519(para)
18093
20275
msgid ""
18094
20276
"Use the rest of the free space on the drive and choose "
18095
20277
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18096
20278
msgstr ""
18097
20279
18098
#: serverguide/C/installation.xml:474(para)
20280
#: serverguide/C/installation.xml:526(para)
18099
20281
msgid ""
18100
20282
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18101
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18102
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
20283
"at the top, changing it to <emphasis>\"physical volume for "
20284
"RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> "
20285
"line to change the value to <emphasis>\"on\"</emphasis>. Then choose "
20286
"<emphasis>\"Done setting up partition\"</emphasis>."
18103
20287
msgstr ""
18104
20288
18105
#: serverguide/C/installation.xml:482(para)
20289
#: serverguide/C/installation.xml:536(para)
18106
20290
msgid "Repeat steps three through eight for the other disk and partitions."
18107
20291
msgstr ""
18108
20292
18109
#: serverguide/C/installation.xml:491(title)
20293
#: serverguide/C/installation.xml:545(title)
18110
20294
msgid "RAID Configuration"
18111
20295
msgstr ""
18112
20296
18113
#: serverguide/C/installation.xml:493(para)
20297
#: serverguide/C/installation.xml:547(para)
18114
20298
msgid "With the partitions setup the arrays are ready to be configured:"
18115
20299
msgstr ""
18116
20300
18117
#: serverguide/C/installation.xml:500(para)
20301
#: serverguide/C/installation.xml:554(para)
18118
20302
msgid ""
18119
20303
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18120
20304
"Software RAID\"</emphasis> at the top."
18121
20305
msgstr ""
18122
20306
18123
#: serverguide/C/installation.xml:507(para)
20307
#: serverguide/C/installation.xml:561(para)
18124
20308
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18125
20309
msgstr ""
18126
20310
18127
#: serverguide/C/installation.xml:514(para)
18128
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
20311
#: serverguide/C/installation.xml:568(para)
20312
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
18129
20313
msgstr ""
18130
20314
18131
#: serverguide/C/installation.xml:521(para)
20315
#: serverguide/C/installation.xml:575(para)
18132
20316
msgid ""
18133
20317
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18134
20318
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18135
20319
msgstr ""
18136
20320
18137
#: serverguide/C/installation.xml:527(para)
20321
#: serverguide/C/installation.xml:581(para)
18138
20322
msgid ""
18139
20323
"In order to use <emphasis>RAID5</emphasis> you need at least "
18140
20324
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18141
20325
"<emphasis>two</emphasis> drives are required."
18142
20326
msgstr ""
18143
20327
18144
#: serverguide/C/installation.xml:536(para)
20328
#: serverguide/C/installation.xml:590(para)
18145
20329
msgid ""
18146
20330
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18147
20331
"of hard drives you have, for the array. Then select "
18148
20332
"<emphasis>\"Continue\"</emphasis>."
18149
20333
msgstr ""
18150
20334
18151
#: serverguide/C/installation.xml:544(para)
20335
#: serverguide/C/installation.xml:598(para)
18152
20336
msgid ""
18153
20337
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18154
20338
"default, then choose <emphasis>\"Continue\"</emphasis>."
18155
20339
msgstr ""
18156
20340
18157
#: serverguide/C/installation.xml:551(para)
20341
#: serverguide/C/installation.xml:605(para)
18158
20342
msgid ""
18159
20343
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18160
20344
"etc. The numbers will usually match and the different letters correspond to "
18161
20345
"different hard drives."
18162
20346
msgstr ""
18163
20347
18164
#: serverguide/C/installation.xml:556(para)
20348
#: serverguide/C/installation.xml:610(para)
18165
20349
msgid ""
18166
20350
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18167
20351
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18168
20352
"go to the next step."
18169
20353
msgstr ""
18170
20354
18171
#: serverguide/C/installation.xml:564(para)
20355
#: serverguide/C/installation.xml:618(para)
18172
20356
msgid ""
18173
20357
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18174
20358
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18175
20359
"and <emphasis>sdb2</emphasis>."
18176
20360
msgstr ""
18177
20361
18178
#: serverguide/C/installation.xml:572(para)
20362
#: serverguide/C/installation.xml:626(para)
18179
20363
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18180
20364
msgstr ""
18181
20365
18182
#: serverguide/C/installation.xml:582(title)
20366
#: serverguide/C/installation.xml:636(title)
18183
20367
msgid "Formatting"
18184
20368
msgstr ""
18185
20369
18186
#: serverguide/C/installation.xml:584(para)
20370
#: serverguide/C/installation.xml:638(para)
18187
20371
msgid ""
18188
20372
"There should now be a list of hard drives and RAID devices. The next step is "
18189
20373
"to format and set the mount point for the RAID devices. Treat the RAID "
18190
20374
"device as a local hard drive, format and mount accordingly."
18191
20375
msgstr ""
18192
20376
18193
#: serverguide/C/installation.xml:592(para)
18194
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
20377
#: serverguide/C/installation.xml:646(para)
20378
msgid ""
20379
"Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20380
"#0\"</emphasis> partition."
18195
20381
msgstr ""
18196
20382
18197
#: serverguide/C/installation.xml:599(para)
20383
#: serverguide/C/installation.xml:653(para)
18198
20384
msgid ""
18199
20385
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18200
20386
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18201
20387
msgstr ""
18202
20388
18203
#: serverguide/C/installation.xml:607(para)
18204
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
20389
#: serverguide/C/installation.xml:661(para)
20390
msgid ""
20391
"Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device "
20392
"#1\"</emphasis> partition."
18205
20393
msgstr ""
18206
20394
18207
#: serverguide/C/installation.xml:614(para)
20395
#: serverguide/C/installation.xml:668(para)
18208
20396
msgid ""
18209
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
20397
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 "
18210
20398
"journaling file system\"</emphasis>."
18211
20399
msgstr ""
18212
20400
18213
#: serverguide/C/installation.xml:621(para)
20401
#: serverguide/C/installation.xml:675(para)
18214
20402
msgid ""
18215
20403
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18216
20404
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
18218
20406
"partition\"</emphasis>."
18219
20407
msgstr ""
18220
20408
18221
#: serverguide/C/installation.xml:629(para)
20409
#: serverguide/C/installation.xml:683(para)
18222
20410
msgid ""
18223
20411
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18224
20412
"disk\"</emphasis>."
18225
20413
msgstr ""
18226
20414
18227
#: serverguide/C/installation.xml:636(para)
20415
#: serverguide/C/installation.xml:690(para)
18228
20416
msgid ""
18229
20417
"If you choose to place the root partition on a RAID array, the installer "
18230
20418
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
18231
20419
"state. See <xref linkend=\"raid-degraded\"/> for further details."
18232
20420
msgstr ""
18233
20421
18234
#: serverguide/C/installation.xml:641(para)
20422
#: serverguide/C/installation.xml:695(para)
18235
20423
msgid "The installation process will then continue normally."
18236
20424
msgstr ""
18237
20425
18238
#: serverguide/C/installation.xml:647(title)
20426
#: serverguide/C/installation.xml:701(title)
18239
20427
msgid "Degraded RAID"
18240
20428
msgstr ""
18241
20429
18242
#: serverguide/C/installation.xml:649(para)
20430
#: serverguide/C/installation.xml:703(para)
18243
20431
msgid ""
18244
20432
"At some point in the life of the computer a disk failure event may occur. "
18245
20433
"When this happens, using Software RAID, the operating system will place the "
18246
20434
"array into what is known as a <emphasis>degraded</emphasis> state."
18247
20435
msgstr ""
18248
20436
18249
#: serverguide/C/installation.xml:654(para)
20437
#: serverguide/C/installation.xml:708(para)
18250
20438
msgid ""
18251
20439
"If the array has become degraded, due to the chance of data corruption, by "
18252
20440
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
18257
20445
"Booting to a degraded array can be configured several ways:"
18258
20446
msgstr ""
18259
20447
18260
#: serverguide/C/installation.xml:665(para)
20448
#: serverguide/C/installation.xml:719(para)
18261
20449
msgid ""
18262
20450
"The <application>dpkg-reconfigure</application> utility can be used to "
18263
20451
"configure the default behavior, and during the process you will be queried "
18266
20454
"following:"
18267
20455
msgstr ""
18268
20456
18269
#: serverguide/C/installation.xml:672(command)
20457
#: serverguide/C/installation.xml:726(command)
18270
20458
msgid "sudo dpkg-reconfigure mdadm"
18271
20459
msgstr ""
18272
20460
18273
#: serverguide/C/installation.xml:678(para)
20461
#: serverguide/C/installation.xml:732(para)
18274
20462
msgid ""
18275
20463
"The <command>dpkg-reconfigure mdadm</command> process will change the "
18276
20464
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
18278
20466
"behavior, and can also be manually edited:"
18279
20467
msgstr ""
18280
20468
18281
#: serverguide/C/installation.xml:684(programlisting)
20469
#: serverguide/C/installation.xml:738(programlisting)
18282
20470
#, no-wrap
18283
20471
msgid ""
18284
20472
"\n"
18285
20473
"BOOT_DEGRADED=true\n"
18286
20474
msgstr ""
18287
20475
18288
#: serverguide/C/installation.xml:689(para)
20476
#: serverguide/C/installation.xml:743(para)
18289
20477
msgid "The configuration file can be overridden by using a Kernel argument."
18290
20478
msgstr ""
18291
20479
18292
#: serverguide/C/installation.xml:697(para)
20480
#: serverguide/C/installation.xml:751(para)
18293
20481
msgid ""
18294
20482
"Using a Kernel argument will allow the system to boot to a degraded array as "
18295
20483
"well:"
18296
20484
msgstr ""
18297
20485
18298
#: serverguide/C/installation.xml:703(para)
20486
#: serverguide/C/installation.xml:757(para)
18299
20487
msgid ""
18300
"When the server is booting press <emphasis>ESC</emphasis> to open the "
20488
"When the server is booting press <keycap>Shift</keycap> to open the "
18301
20489
"<application>Grub</application> menu."
18302
20490
msgstr ""
18303
20491
18304
#: serverguide/C/installation.xml:708(para)
18305
msgid "Press <emphasis>\"e\"</emphasis> to edit your Kernel command options."
18306
msgstr ""
18307
18308
#: serverguide/C/installation.xml:713(para)
18309
msgid ""
18310
"Press the <emphasis>DOWN</emphasis> arrow to highlight the kernel line."
18311
msgstr ""
18312
18313
#: serverguide/C/installation.xml:718(para)
18314
msgid ""
18315
"Press the <emphasis>\"e\"</emphasis> key again to edit the kernel line."
18316
msgstr ""
18317
18318
#: serverguide/C/installation.xml:723(para)
20492
#: serverguide/C/installation.xml:762(para)
20493
msgid "Press <keycap>e</keycap> to edit your kernel command options."
20494
msgstr ""
20495
20496
#: serverguide/C/installation.xml:767(para)
20497
msgid "Press the <keycap>down</keycap> arrow to highlight the kernel line."
20498
msgstr ""
20499
20500
#: serverguide/C/installation.xml:772(para)
18319
20501
msgid ""
18320
20502
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
18321
20503
"end of the line."
18322
20504
msgstr ""
18323
20505
18324
#: serverguide/C/installation.xml:728(para)
18325
msgid "Press <emphasis>\"ENTER\"</emphasis>."
18326
msgstr ""
18327
18328
#: serverguide/C/installation.xml:733(para)
18329
msgid "Finally, press <emphasis>\"b\"</emphasis> to boot the system."
18330
msgstr ""
18331
18332
#: serverguide/C/installation.xml:742(para)
20506
#: serverguide/C/installation.xml:777(para)
20507
msgid ""
20508
"Press <keycombo><keycap>Ctrl</keycap><keycap>x</keycap></keycombo> to boot "
20509
"the system."
20510
msgstr ""
20511
20512
#: serverguide/C/installation.xml:786(para)
18333
20513
msgid ""
18334
20514
"Once the system has booted you can either repair the array see <xref "
18335
20515
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
18336
20516
"another machine due to major hardware failure."
18337
20517
msgstr ""
18338
20518
18339
#: serverguide/C/installation.xml:749(title)
20519
#: serverguide/C/installation.xml:793(title)
18340
20520
msgid "RAID Maintenance"
18341
20521
msgstr ""
18342
20522
18343
#: serverguide/C/installation.xml:751(para)
20523
#: serverguide/C/installation.xml:795(para)
18344
20524
msgid ""
18345
20525
"The <application>mdadm</application> utility can be used to view the status "
18346
20526
"of an array, add disks to an array, remove disks, etc:"
18347
20527
msgstr ""
18348
20528
18349
#: serverguide/C/installation.xml:758(para)
20529
#: serverguide/C/installation.xml:802(para)
18350
20530
msgid "To view the status of an array, from a terminal prompt enter:"
18351
20531
msgstr ""
18352
20532
18353
#: serverguide/C/installation.xml:762(command)
20533
#: serverguide/C/installation.xml:806(command)
18354
20534
msgid "sudo mdadm -D /dev/md0"
18355
20535
msgstr ""
18356
20536
18357
#: serverguide/C/installation.xml:765(para)
20537
#: serverguide/C/installation.xml:809(para)
18358
20538
msgid ""
18359
20539
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
18360
20540
"display <emphasis>detailed</emphasis> information about the "
18362
20542
"with the appropriate RAID device."
18363
20543
msgstr ""
18364
20544
18365
#: serverguide/C/installation.xml:771(para)
20545
#: serverguide/C/installation.xml:815(para)
18366
20546
msgid "To view the status of a disk in an array:"
18367
20547
msgstr ""
18368
20548
18369
#: serverguide/C/installation.xml:775(command)
20549
#: serverguide/C/installation.xml:819(command)
18370
20550
msgid "sudo mdadm -E /dev/sda1"
18371
20551
msgstr ""
18372
20552
18373
#: serverguide/C/installation.xml:777(para)
20553
#: serverguide/C/installation.xml:821(para)
18374
20554
msgid ""
18375
20555
"The output if very similar to the <command>mdadm -D</command> command, "
18376
20556
"adjust <filename>/dev/sda1</filename> for each disk."
18377
20557
msgstr ""
18378
20558
18379
#: serverguide/C/installation.xml:782(para)
20559
#: serverguide/C/installation.xml:826(para)
18380
20560
msgid "If a disk fails and needs to be removed from an array enter:"
18381
20561
msgstr ""
18382
20562
18383
#: serverguide/C/installation.xml:786(command)
20563
#: serverguide/C/installation.xml:830(command)
18384
20564
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
18385
20565
msgstr ""
18386
20566
18387
#: serverguide/C/installation.xml:788(para)
20567
#: serverguide/C/installation.xml:832(para)
18388
20568
msgid ""
18389
20569
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
18390
20570
"the appropriate RAID device and disk."
18391
20571
msgstr ""
18392
20572
18393
#: serverguide/C/installation.xml:793(para)
20573
#: serverguide/C/installation.xml:837(para)
18394
20574
msgid "Similarly, to add a new disk:"
18395
20575
msgstr ""
18396
20576
18397
#: serverguide/C/installation.xml:797(command)
20577
#: serverguide/C/installation.xml:841(command)
18398
20578
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
18399
20579
msgstr ""
18400
20580
18401
#: serverguide/C/installation.xml:802(para)
20581
#: serverguide/C/installation.xml:846(para)
18402
20582
msgid ""
18403
20583
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
18404
20584
"though there is nothing physically wrong with the drive. It is usually "
18407
20587
"the array, it is a good indication of hardware failure."
18408
20588
msgstr ""
18409
20589
18410
#: serverguide/C/installation.xml:808(para)
20590
#: serverguide/C/installation.xml:852(para)
18411
20591
msgid ""
18412
20592
"The <filename>/proc/mdstat</filename> file also contains useful information "
18413
20593
"about the system's RAID devices:"
18414
20594
msgstr ""
18415
20595
18416
#: serverguide/C/installation.xml:813(command)
20596
#: serverguide/C/installation.xml:857(command)
18417
20597
msgid "cat /proc/mdstat"
18418
20598
msgstr ""
18419
20599
18420
#: serverguide/C/installation.xml:814(computeroutput)
20600
#: serverguide/C/installation.xml:858(computeroutput)
18421
20601
#, no-wrap
18422
20602
msgid ""
18423
20603
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
18428
20608
"unused devices: <none>"
18429
20609
msgstr ""
18430
20610
18431
#: serverguide/C/installation.xml:821(para)
20611
#: serverguide/C/installation.xml:865(para)
18432
20612
msgid ""
18433
20613
"The following command is great for watching the status of a syncing drive:"
18434
20614
msgstr ""
18435
20615
18436
#: serverguide/C/installation.xml:826(command)
20616
#: serverguide/C/installation.xml:870(command)
18437
20617
msgid "watch -n1 cat /proc/mdstat"
18438
20618
msgstr ""
18439
20619
18440
#: serverguide/C/installation.xml:829(para)
20620
#: serverguide/C/installation.xml:873(para)
18441
20621
msgid ""
18442
20622
"Press <emphasis>Ctrl+c</emphasis> to stop the "
18443
20623
"<application>watch</application> command."
18444
20624
msgstr ""
18445
20625
18446
#: serverguide/C/installation.xml:833(para)
20626
#: serverguide/C/installation.xml:877(para)
18447
20627
msgid ""
18448
20628
"If you do need to replace a faulty drive, after the drive has been replaced "
18449
20629
"and synced, <application>grub</application> will need to be installed. To "
18451
20631
"following:"
18452
20632
msgstr ""
18453
20633
18454
#: serverguide/C/installation.xml:839(command)
20634
#: serverguide/C/installation.xml:883(command)
18455
20635
msgid "sudo grub-install /dev/md0"
18456
20636
msgstr ""
18457
20637
18458
#: serverguide/C/installation.xml:842(para)
20638
#: serverguide/C/installation.xml:886(para)
18459
20639
msgid ""
18460
20640
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
18461
20641
msgstr ""
18462
20642
18463
#: serverguide/C/installation.xml:850(para)
20643
#: serverguide/C/installation.xml:894(para)
18464
20644
msgid ""
18465
20645
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
18466
20646
"can be configured. Please see the following links for more information:"
18467
20647
msgstr ""
18468
20648
18469
#: serverguide/C/installation.xml:858(ulink)
20649
#: serverguide/C/installation.xml:901(para)
20650
msgid ""
20651
"<ulink url=\"https://help.ubuntu.com/community/Installation#raid\">Ubuntu "
20652
"Wiki Articles on RAID</ulink>."
20653
msgstr ""
20654
20655
#: serverguide/C/installation.xml:907(ulink)
18470
20656
msgid "Software RAID HOWTO"
18471
20657
msgstr ""
18472
20658
18473
#: serverguide/C/installation.xml:863(ulink)
20659
#: serverguide/C/installation.xml:912(ulink)
18474
20660
msgid "Managing RAID on Linux"
18475
20661
msgstr ""
18476
20662
18477
#: serverguide/C/installation.xml:870(title)
20663
#: serverguide/C/installation.xml:919(title)
18478
20664
msgid "Logical Volume Manager (LVM)"
18479
20665
msgstr ""
18480
20666
18481
#: serverguide/C/installation.xml:872(para)
20667
#: serverguide/C/installation.xml:921(para)
18482
20668
msgid ""
18483
20669
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
18484
20670
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
18487
20673
"giving greater flexibility to systems as requirements change."
18488
20674
msgstr ""
18489
20675
18490
#: serverguide/C/installation.xml:881(para)
20676
#: serverguide/C/installation.xml:930(para)
18491
20677
msgid ""
18492
20678
"A side effect of LVM's power and flexibility is a greater degree of "
18493
20679
"complication. Before diving into the LVM installation process, it is best to "
18494
20680
"get familiar with some terms."
18495
20681
msgstr ""
18496
20682
18497
#: serverguide/C/installation.xml:888(para)
20683
#: serverguide/C/installation.xml:937(para)
18498
20684
msgid ""
18499
20685
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
18500
20686
"Volumes (LV)."
18501
20687
msgstr ""
18502
20688
18503
#: serverguide/C/installation.xml:893(para)
20689
#: serverguide/C/installation.xml:942(para)
18504
20690
msgid ""
18505
20691
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
18506
20692
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
18507
20693
"which resides the actual EXT3, XFS, JFS, etc filesystem."
18508
20694
msgstr ""
18509
20695
18510
#: serverguide/C/installation.xml:899(para)
20696
#: serverguide/C/installation.xml:948(para)
18511
20697
msgid ""
18512
20698
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
18513
20699
"RAID partition. The Volume Group can be extended by adding more PVs."
18514
20700
msgstr ""
18515
20701
18516
#: serverguide/C/installation.xml:910(para)
20702
#: serverguide/C/installation.xml:959(para)
18517
20703
msgid ""
18518
20704
"As an example this section covers installing Ubuntu Server Edition with "
18519
20705
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
18522
20708
"can be extended."
18523
20709
msgstr ""
18524
20710
18525
#: serverguide/C/installation.xml:916(para)
20711
#: serverguide/C/installation.xml:965(para)
18526
20712
msgid ""
18527
20713
"There are several installation options for LVM, <emphasis>\"Guided - use the "
18528
20714
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
18533
20719
"the Manual approach."
18534
20720
msgstr ""
18535
20721
18536
#: serverguide/C/installation.xml:933(para)
20722
#: serverguide/C/installation.xml:982(para)
18537
20723
msgid ""
18538
20724
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
18539
20725
"<emphasis>\"Manual\"</emphasis>."
18540
20726
msgstr ""
18541
20727
18542
#: serverguide/C/installation.xml:940(para)
20728
#: serverguide/C/installation.xml:989(para)
18543
20729
msgid ""
18544
20730
"Select the hard disk and on the next screen choose \"yes\" to "
18545
20731
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
18546
20732
msgstr ""
18547
20733
18548
#: serverguide/C/installation.xml:947(para)
20734
#: serverguide/C/installation.xml:996(para)
18549
20735
msgid ""
18550
20736
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
18551
20737
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
18552
20738
msgstr ""
18553
20739
18554
#: serverguide/C/installation.xml:955(para)
20740
#: serverguide/C/installation.xml:1004(para)
18555
20741
msgid ""
18556
20742
"For the LVM <emphasis>/srv</emphasis>, create a new "
18557
20743
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
18559
20745
"<emphasis>\"Done setting up the partition\"</emphasis>."
18560
20746
msgstr ""
18561
20747
18562
#: serverguide/C/installation.xml:963(para)
20748
#: serverguide/C/installation.xml:1012(para)
18563
20749
msgid ""
18564
20750
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
18565
20751
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
18566
20752
"disk."
18567
20753
msgstr ""
18568
20754
18569
#: serverguide/C/installation.xml:971(para)
20755
#: serverguide/C/installation.xml:1020(para)
18570
20756
msgid ""
18571
20757
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
18572
20758
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
18575
20761
"<emphasis>\"Continue\"</emphasis>."
18576
20762
msgstr ""
18577
20763
18578
#: serverguide/C/installation.xml:980(para)
20764
#: serverguide/C/installation.xml:1029(para)
18579
20765
msgid ""
18580
20766
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
18581
20767
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
18586
20772
"main <emphasis>\"Partition Disks\"</emphasis> screen."
18587
20773
msgstr ""
18588
20774
18589
#: serverguide/C/installation.xml:990(para)
20775
#: serverguide/C/installation.xml:1039(para)
18590
20776
msgid ""
18591
20777
"Now add a filesystem to the new LVM. Select the partition under "
18592
20778
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
18595
20781
"select <emphasis>\"Done setting up the partition\"</emphasis>."
18596
20782
msgstr ""
18597
20783
18598
#: serverguide/C/installation.xml:999(para)
20784
#: serverguide/C/installation.xml:1048(para)
18599
20785
msgid ""
18600
20786
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18601
20787
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
18602
20788
"the installation."
18603
20789
msgstr ""
18604
20790
18605
#: serverguide/C/installation.xml:1007(para)
20791
#: serverguide/C/installation.xml:1056(para)
18606
20792
msgid "There are some useful utilities to view information about LVM:"
18607
20793
msgstr ""
18608
20794
18609
#: serverguide/C/installation.xml:1012(para)
20795
#: serverguide/C/installation.xml:1061(para)
18610
20796
msgid ""
18611
20797
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
18612
20798
msgstr ""
18613
20799
18614
#: serverguide/C/installation.xml:1013(para)
20800
#: serverguide/C/installation.xml:1062(para)
18615
20801
msgid ""
18616
20802
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
18617
20803
msgstr ""
18618
20804
18619
#: serverguide/C/installation.xml:1014(para)
20805
#: serverguide/C/installation.xml:1063(para)
18620
20806
msgid ""
18621
20807
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
18622
20808
"Physical Volumes."
18623
20809
msgstr ""
18624
20810
18625
#: serverguide/C/installation.xml:1019(title)
20811
#: serverguide/C/installation.xml:1068(title)
18626
20812
msgid "Extending Volume Groups"
18627
20813
msgstr ""
18628
20814
18629
#: serverguide/C/installation.xml:1021(para)
20815
#: serverguide/C/installation.xml:1070(para)
18630
20816
msgid ""
18631
20817
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
18632
20818
"section covers adding a second hard disk, creating a Physical Volume (PV), "
18641
20827
"them as different physical volumes)"
18642
20828
msgstr ""
18643
20829
18644
#: serverguide/C/installation.xml:1033(para)
20830
#: serverguide/C/installation.xml:1082(para)
18645
20831
msgid "First, create the physical volume, in a terminal execute:"
18646
20832
msgstr ""
18647
20833
18648
#: serverguide/C/installation.xml:1038(command)
20834
#: serverguide/C/installation.xml:1087(command)
18649
20835
msgid "sudo pvcreate /dev/sdb"
18650
20836
msgstr ""
18651
20837
18652
#: serverguide/C/installation.xml:1044(para)
20838
#: serverguide/C/installation.xml:1093(para)
18653
20839
msgid "Now extend the Volume Group (VG):"
18654
20840
msgstr ""
18655
20841
18656
#: serverguide/C/installation.xml:1049(command)
20842
#: serverguide/C/installation.xml:1098(command)
18657
20843
msgid "sudo vgextend vg01 /dev/sdb"
18658
20844
msgstr ""
18659
20845
18660
#: serverguide/C/installation.xml:1055(para)
20846
#: serverguide/C/installation.xml:1104(para)
18661
20847
msgid ""
18662
20848
"Use <application>vgdisplay</application> to find out the free physical "
18663
20849
"extents - Free PE / size (the size you can allocate). We will assume a free "
18665
20851
"whole free space available. Use your own PE and/or free space."
18666
20852
msgstr ""
18667
20853
18668
#: serverguide/C/installation.xml:1061(para)
20854
#: serverguide/C/installation.xml:1110(para)
18669
20855
msgid ""
18670
20856
"The Logical Volume (LV) can now be extended by different methods, we will "
18671
20857
"only see how to use the PE to extend the LV:"
18672
20858
msgstr ""
18673
20859
18674
#: serverguide/C/installation.xml:1066(command)
20860
#: serverguide/C/installation.xml:1115(command)
18675
20861
msgid "sudo lvextend /dev/vg01/srv -l +511"
18676
20862
msgstr ""
18677
20863
18678
#: serverguide/C/installation.xml:1069(para)
20864
#: serverguide/C/installation.xml:1118(para)
18679
20865
msgid ""
18680
20866
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
18681
20867
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
18682
20868
"Gig, Tera, etc bytes."
18683
20869
msgstr ""
18684
20870
18685
#: serverguide/C/installation.xml:1077(para)
20871
#: serverguide/C/installation.xml:1126(para)
18686
20872
msgid ""
18687
20873
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
18688
20874
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
18691
20877
"first is compulsory)."
18692
20878
msgstr ""
18693
20879
18694
#: serverguide/C/installation.xml:1083(para)
20880
#: serverguide/C/installation.xml:1132(para)
18695
20881
msgid ""
18696
20882
"The following commands are for an <emphasis>EXT3</emphasis> or "
18697
20883
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
18698
20884
"there may be other utilities available."
18699
20885
msgstr ""
18700
20886
18701
#: serverguide/C/installation.xml:1090(command)
20887
#: serverguide/C/installation.xml:1139(command)
18702
20888
msgid "sudo e2fsck -f /dev/vg01/srv"
18703
20889
msgstr ""
18704
20890
18705
#: serverguide/C/installation.xml:1093(para)
20891
#: serverguide/C/installation.xml:1142(para)
18706
20892
msgid ""
18707
20893
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
18708
20894
"forces checking even if the system seems clean."
18709
20895
msgstr ""
18710
20896
18711
#: serverguide/C/installation.xml:1100(para)
20897
#: serverguide/C/installation.xml:1149(para)
18712
20898
msgid "Finally, resize the filesystem:"
18713
20899
msgstr ""
18714
20900
18715
#: serverguide/C/installation.xml:1105(command)
20901
#: serverguide/C/installation.xml:1154(command)
18716
20902
msgid "sudo resize2fs /dev/vg01/srv"
18717
20903
msgstr ""
18718
20904
18719
#: serverguide/C/installation.xml:1111(para)
20905
#: serverguide/C/installation.xml:1160(para)
18720
20906
msgid "Now mount the partition and check its size."
18721
20907
msgstr ""
18722
20908
18723
#: serverguide/C/installation.xml:1116(command)
20909
#: serverguide/C/installation.xml:1165(command)
18724
20910
msgid "mount /dev/vg01/srv /srv && df -h /srv"
18725
20911
msgstr ""
18726
20912
18727
#: serverguide/C/installation.xml:1128(para)
20913
#: serverguide/C/installation.xml:1177(para)
20914
msgid ""
20915
"See the <ulink "
20916
"url=\"https://help.ubuntu.com/community/Installation#lvm\">Ubuntu Wiki LVM "
20917
"Articles</ulink>."
20918
msgstr ""
20919
20920
#: serverguide/C/installation.xml:1182(para)
18728
20921
msgid ""
18729
20922
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
18730
20923
"HOWTO</ulink> for more information."
18731
20924
msgstr ""
18732
20925
18733
#: serverguide/C/installation.xml:1133(para)
20926
#: serverguide/C/installation.xml:1187(para)
18734
20927
msgid ""
18735
20928
"Another good article is <ulink "
18736
20929
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
18738
20931
"linuxdevcenter.com site."
18739
20932
msgstr ""
18740
20933
18741
#: serverguide/C/installation.xml:1140(para)
20934
#: serverguide/C/installation.xml:1194(para)
18742
20935
msgid ""
18743
20936
"For more information on <application>fdisk</application> see the <ulink "
18744
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/fdisk.8.html\">fdisk"
18745
" man page</ulink>."
20937
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/fdisk.8.html\">fdisk "
20938
"man page</ulink>."
18746
20939
msgstr ""
18747
20940
18748
20941
#: serverguide/C/file-server.xml:13(title)
19069
21262
#: serverguide/C/file-server.xml:293(para)
19070
21263
msgid ""
19071
21264
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
19072
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/vsftpd.conf.5.html\""
19073
">vsftpd.conf man page</ulink>."
21265
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/vsftpd.conf.5.html\">"
21266
"vsftpd.conf man page</ulink>."
19074
21267
msgstr ""
19075
21268
19076
21269
#: serverguide/C/file-server.xml:299(para)
19081
21274
"contrasting FTPS and SFTP."
19082
21275
msgstr ""
19083
21276
19084
#: serverguide/C/file-server.xml:310(title)
21277
#: serverguide/C/file-server.xml:305(para)
21278
msgid ""
21279
"Also, for more information see the <ulink "
21280
"url=\"https://help.ubuntu.com/community/vsftpd\">Ubuntu Wiki vsftpd</ulink> "
21281
"page."
21282
msgstr ""
21283
21284
#: serverguide/C/file-server.xml:315(title)
19085
21285
msgid "Network File System (NFS)"
19086
21286
msgstr ""
19087
21287
19088
#: serverguide/C/file-server.xml:311(para)
21288
#: serverguide/C/file-server.xml:316(para)
19089
21289
msgid ""
19090
21290
"NFS allows a system to share directories and files with others over a "
19091
21291
"network. By using NFS, users and programs can access files on remote systems "
19092
21292
"almost as if they were local files."
19093
21293
msgstr ""
19094
21294
19095
#: serverguide/C/file-server.xml:317(para)
21295
#: serverguide/C/file-server.xml:322(para)
19096
21296
msgid "Some of the most notable benefits that NFS can provide are:"
19097
21297
msgstr ""
19098
21298
19099
#: serverguide/C/file-server.xml:323(para)
21299
#: serverguide/C/file-server.xml:328(para)
19100
21300
msgid ""
19101
21301
"Local workstations use less disk space because commonly used data can be "
19102
21302
"stored on a single machine and still remain accessible to others over the "
19103
21303
"network."
19104
21304
msgstr ""
19105
21305
19106
#: serverguide/C/file-server.xml:328(para)
21306
#: serverguide/C/file-server.xml:333(para)
19107
21307
msgid ""
19108
21308
"There is no need for users to have separate home directories on every "
19109
21309
"network machine. Home directories could be set up on the NFS server and made "
19110
21310
"available throughout the network."
19111
21311
msgstr ""
19112
21312
19113
#: serverguide/C/file-server.xml:334(para)
21313
#: serverguide/C/file-server.xml:339(para)
19114
21314
msgid ""
19115
21315
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
19116
21316
"be used by other machines on the network. This may reduce the number of "
19117
21317
"removable media drives throughout the network."
19118
21318
msgstr ""
19119
21319
19120
#: serverguide/C/file-server.xml:344(para)
21320
#: serverguide/C/file-server.xml:349(para)
19121
21321
msgid ""
19122
21322
"At a terminal prompt enter the following command to install the NFS Server:"
19123
21323
msgstr ""
19124
21324
19125
#: serverguide/C/file-server.xml:350(command)
21325
#: serverguide/C/file-server.xml:355(command)
19126
21326
msgid "sudo apt-get install nfs-kernel-server"
19127
21327
msgstr ""
19128
21328
19129
#: serverguide/C/file-server.xml:356(para)
21329
#: serverguide/C/file-server.xml:361(para)
19130
21330
msgid ""
19131
21331
"You can configure the directories to be exported by adding them to the "
19132
21332
"<filename>/etc/exports</filename> file. For example:"
19133
21333
msgstr ""
19134
21334
19135
#: serverguide/C/file-server.xml:361(screen)
21335
#: serverguide/C/file-server.xml:366(screen)
19136
21336
#, no-wrap
19137
21337
msgid ""
19138
21338
"\n"
19140
21340
"/home *(rw,sync,no_root_squash)\n"
19141
21341
msgstr ""
19142
21342
19143
#: serverguide/C/file-server.xml:367(para)
21343
#: serverguide/C/file-server.xml:372(para)
19144
21344
msgid ""
19145
21345
"You can replace * with one of the hostname formats. Make the hostname "
19146
21346
"declaration as specific as possible so unwanted systems cannot access the "
19147
21347
"NFS mount."
19148
21348
msgstr ""
19149
21349
19150
#: serverguide/C/file-server.xml:373(para)
21350
#: serverguide/C/file-server.xml:378(para)
19151
21351
msgid ""
19152
21352
"To start the NFS server, you can run the following command at a terminal "
19153
21353
"prompt:"
19154
21354
msgstr ""
19155
21355
19156
#: serverguide/C/file-server.xml:378(command)
21356
#: serverguide/C/file-server.xml:383(command)
19157
21357
msgid "sudo /etc/init.d/nfs-kernel-server start"
19158
21358
msgstr ""
19159
21359
19160
#: serverguide/C/file-server.xml:383(title)
21360
#: serverguide/C/file-server.xml:388(title)
19161
21361
msgid "NFS Client Configuration"
19162
21362
msgstr ""
19163
21363
19164
#: serverguide/C/file-server.xml:384(para)
21364
#: serverguide/C/file-server.xml:389(para)
19165
21365
msgid ""
19166
21366
"Use the <application>mount</application> command to mount a shared NFS "
19167
21367
"directory from another machine, by typing a command line similar to the "
19168
21368
"following at a terminal prompt:"
19169
21369
msgstr ""
19170
21370
19171
#: serverguide/C/file-server.xml:390(command)
21371
#: serverguide/C/file-server.xml:395(command)
19172
21372
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
19173
21373
msgstr ""
19174
21374
19175
#: serverguide/C/file-server.xml:394(para)
21375
#: serverguide/C/file-server.xml:399(para)
19176
21376
msgid ""
19177
21377
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
19178
21378
"There should be no files or subdirectories in the "
19179
21379
"<filename>/local/ubuntu</filename> directory."
19180
21380
msgstr ""
19181
21381
19182
#: serverguide/C/file-server.xml:401(para)
21382
#: serverguide/C/file-server.xml:406(para)
19183
21383
msgid ""
19184
21384
"An alternate way to mount an NFS share from another machine is to add a line "
19185
21385
"to the <filename>/etc/fstab</filename> file. The line must state the "
19187
21387
"the directory on the local machine where the NFS share is to be mounted."
19188
21388
msgstr ""
19189
21389
19190
#: serverguide/C/file-server.xml:409(para)
21390
#: serverguide/C/file-server.xml:414(para)
19191
21391
msgid ""
19192
21392
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
19193
21393
"as follows:"
19194
21394
msgstr ""
19195
21395
19196
#: serverguide/C/file-server.xml:415(programlisting)
21396
#: serverguide/C/file-server.xml:420(programlisting)
19197
21397
#, no-wrap
19198
21398
msgid ""
19199
21399
"\n"
19201
21401
"rsize=8192,wsize=8192,timeo=14,intr\n"
19202
21402
msgstr ""
19203
21403
19204
#: serverguide/C/file-server.xml:419(para)
21404
#: serverguide/C/file-server.xml:424(para)
19205
21405
msgid ""
19206
21406
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
19207
21407
"common</application> package is installed on your client. To install "
19211
21411
"</screen>"
19212
21412
msgstr ""
19213
21413
19214
#: serverguide/C/file-server.xml:432(ulink)
21414
#: serverguide/C/file-server.xml:437(ulink)
19215
21415
msgid "Linux NFS faq"
19216
21416
msgstr ""
19217
21417
19218
#: serverguide/C/file-server.xml:437(title)
21418
#: serverguide/C/file-server.xml:439(ulink)
21419
msgid "Ubuntu Wiki NFS Howto"
21420
msgstr ""
21421
21422
#: serverguide/C/file-server.xml:445(title)
19219
21423
msgid "CUPS - Print Server"
19220
21424
msgstr ""
19221
21425
19222
#: serverguide/C/file-server.xml:438(para)
21426
#: serverguide/C/file-server.xml:446(para)
19223
21427
msgid ""
19224
21428
"The primary mechanism for Ubuntu printing and print services is the "
19225
21429
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
19227
21431
"become the new standard for printing in most Linux distributions."
19228
21432
msgstr ""
19229
21433
19230
#: serverguide/C/file-server.xml:445(para)
21434
#: serverguide/C/file-server.xml:453(para)
19231
21435
msgid ""
19232
21436
"CUPS manages print jobs and queues and provides network printing using the "
19233
21437
"standard Internet Printing Protocol (IPP), while offering support for a very "
19237
21441
"administration tool."
19238
21442
msgstr ""
19239
21443
19240
#: serverguide/C/file-server.xml:455(para)
21444
#: serverguide/C/file-server.xml:463(para)
19241
21445
msgid ""
19242
21446
"To install CUPS on your Ubuntu computer, simply use "
19243
21447
"<application>sudo</application> with the <application>apt-get</application> "
19247
21451
"CUPS:"
19248
21452
msgstr ""
19249
21453
19250
#: serverguide/C/file-server.xml:460(command)
21454
#: serverguide/C/file-server.xml:468(command)
19251
21455
msgid "sudo apt-get install cups"
19252
21456
msgstr ""
19253
21457
19254
#: serverguide/C/file-server.xml:463(para)
21458
#: serverguide/C/file-server.xml:471(para)
19255
21459
msgid ""
19256
21460
"Upon authenticating with your user password, the packages should be "
19257
21461
"downloaded and installed without error. Upon the conclusion of installation, "
19258
21462
"the CUPS server will be started automatically."
19259
21463
msgstr ""
19260
21464
19261
#: serverguide/C/file-server.xml:468(para)
21465
#: serverguide/C/file-server.xml:476(para)
19262
21466
msgid ""
19263
21467
"For troubleshooting purposes, you can access CUPS server errors via the "
19264
21468
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
19271
21475
"from becoming overly large."
19272
21476
msgstr ""
19273
21477
19274
#: serverguide/C/file-server.xml:481(para)
21478
#: serverguide/C/file-server.xml:489(para)
19275
21479
msgid ""
19276
21480
"The Common UNIX Printing System server's behavior is configured through the "
19277
21481
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
19282
21486
"initially will be presented here."
19283
21487
msgstr ""
19284
21488
19285
#: serverguide/C/file-server.xml:491(para)
21489
#: serverguide/C/file-server.xml:499(para)
19286
21490
msgid ""
19287
21491
"Prior to editing the configuration file, you should make a copy of the "
19288
21492
"original file and protect it from writing, so you will have the original "
19289
21493
"settings as a reference, and to reuse as necessary."
19290
21494
msgstr ""
19291
21495
19292
#: serverguide/C/file-server.xml:495(para)
21496
#: serverguide/C/file-server.xml:503(para)
19293
21497
msgid ""
19294
21498
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
19295
21499
"writing with the following commands, issued at a terminal prompt:"
19296
21500
msgstr ""
19297
21501
19298
#: serverguide/C/file-server.xml:501(command)
21502
#: serverguide/C/file-server.xml:509(command)
19299
21503
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
19300
21504
msgstr ""
19301
21505
19302
#: serverguide/C/file-server.xml:502(command)
21506
#: serverguide/C/file-server.xml:510(command)
19303
21507
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
19304
21508
msgstr ""
19305
21509
19306
#: serverguide/C/file-server.xml:507(para)
21510
#: serverguide/C/file-server.xml:515(para)
19307
21511
msgid ""
19308
21512
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
19309
21513
"address of the designated administrator of the CUPS server, simply edit the "
19315
21519
"as such:"
19316
21520
msgstr ""
19317
21521
19318
#: serverguide/C/file-server.xml:518(screen)
21522
#: serverguide/C/file-server.xml:526(screen)
19319
21523
#, no-wrap
19320
21524
msgid ""
19321
21525
"\n"
19322
21526
"ServerAdmin bjoy@somebigco.com\n"
19323
21527
msgstr ""
19324
21528
19325
#: serverguide/C/file-server.xml:524(para)
21529
#: serverguide/C/file-server.xml:532(para)
19326
21530
msgid ""
19327
21531
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
19328
21532
"server installation listens only on the loopback interface at IP address "
19337
21541
"such:"
19338
21542
msgstr ""
19339
21543
19340
#: serverguide/C/file-server.xml:538(screen)
21544
#: serverguide/C/file-server.xml:546(screen)
19341
21545
#, no-wrap
19342
21546
msgid ""
19343
21547
"\n"
19347
21551
"(IPP)\n"
19348
21552
msgstr ""
19349
21553
19350
#: serverguide/C/file-server.xml:544(para)
21554
#: serverguide/C/file-server.xml:552(para)
19351
21555
msgid ""
19352
21556
"In the example above, you may comment out or remove the reference to the "
19353
21557
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
19358
21562
"<emphasis>socrates</emphasis> as such:"
19359
21563
msgstr ""
19360
21564
19361
#: serverguide/C/file-server.xml:554(screen)
21565
#: serverguide/C/file-server.xml:562(screen)
19362
21566
#, no-wrap
19363
21567
msgid ""
19364
21568
"\n"
19365
21569
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
19366
21570
msgstr ""
19367
21571
19368
#: serverguide/C/file-server.xml:558(para)
21572
#: serverguide/C/file-server.xml:566(para)
19369
21573
msgid ""
19370
21574
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
19371
21575
"instead, as in:"
19372
21576
msgstr ""
19373
21577
19374
#: serverguide/C/file-server.xml:560(screen)
21578
#: serverguide/C/file-server.xml:568(screen)
19375
21579
#, no-wrap
19376
21580
msgid ""
19377
21581
"\n"
19378
21582
"Port 631 # Listen on port 631 on all interfaces\n"
19379
21583
msgstr ""
19380
21584
19381
#: serverguide/C/file-server.xml:567(para)
21585
#: serverguide/C/file-server.xml:575(para)
19382
21586
msgid ""
19383
21587
"For more examples of configuration directives in the CUPS server "
19384
21588
"configuration file, view the associated system manual page by entering the "
19385
21589
"following command at a terminal prompt:"
19386
21590
msgstr ""
19387
21591
19388
#: serverguide/C/file-server.xml:574(command)
21592
#: serverguide/C/file-server.xml:582(command)
19389
21593
msgid "man cupsd.conf"
19390
21594
msgstr ""
19391
21595
19392
#: serverguide/C/file-server.xml:578(para)
21596
#: serverguide/C/file-server.xml:586(para)
19393
21597
msgid ""
19394
21598
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
19395
21599
"configuration file, you'll need to restart the CUPS server by typing the "
19396
21600
"following command at a terminal prompt:"
19397
21601
msgstr ""
19398
21602
19399
#: serverguide/C/file-server.xml:584(command)
21603
#: serverguide/C/file-server.xml:592(command)
19400
21604
msgid "sudo /etc/init.d/cups restart"
19401
21605
msgstr ""
19402
21606
19403
#: serverguide/C/file-server.xml:590(title)
21607
#: serverguide/C/file-server.xml:598(title)
19404
21608
msgid "Web Interface"
19405
21609
msgstr ""
19406
21610
19407
#: serverguide/C/file-server.xml:592(para)
21611
#: serverguide/C/file-server.xml:600(para)
19408
21612
msgid ""
19409
21613
"CUPS can be configured and monitored using a web interface, which by default "
19410
21614
"is available at <ulink "
19412
21616
"web interface can be used to perform all printer management tasks."
19413
21617
msgstr ""
19414
21618
19415
#: serverguide/C/file-server.xml:596(para)
21619
#: serverguide/C/file-server.xml:604(para)
19416
21620
msgid ""
19417
21621
"In order to perform administrative tasks via the web interface, you must "
19418
21622
"either have the root account enabled on your server, or authenticate as a "
19420
21624
"reasons, CUPS won't authenticate a user that doesn't have a password."
19421
21625
msgstr ""
19422
21626
19423
#: serverguide/C/file-server.xml:599(para)
21627
#: serverguide/C/file-server.xml:607(para)
19424
21628
msgid ""
19425
21629
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
19426
21630
"at the terminal prompt: <screen>\n"
19428
21632
"</screen>"
19429
21633
msgstr ""
19430
21634
19431
#: serverguide/C/file-server.xml:605(para)
21635
#: serverguide/C/file-server.xml:613(para)
19432
21636
msgid ""
19433
21637
"Further documentation is available in the <emphasis "
19434
21638
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
19435
21639
msgstr ""
19436
21640
19437
#: serverguide/C/file-server.xml:613(ulink)
21641
#: serverguide/C/file-server.xml:621(ulink)
19438
21642
msgid "CUPS Website"
19439
21643
msgstr ""
19440
21644
21645
#: serverguide/C/file-server.xml:624(ulink)
21646
msgid "Ubuntu Wiki CUPS page"
21647
msgstr ""
21648
19441
21649
#: serverguide/C/dns.xml:13(title)
19442
21650
msgid "Domain Name Service (DNS)"
19443
21651
msgstr ""
20255
22463
"ns2\tIN A\t 192.168.1.11\n"
20256
22464
msgstr ""
20257
22465
20258
#: serverguide/C/dns.xml:619(title)
20259
msgid "More Information"
20260
msgstr ""
20261
20262
#: serverguide/C/dns.xml:620(para)
22466
#: serverguide/C/dns.xml:622(para)
20263
22467
msgid ""
20264
22468
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
20265
22469
"HOWTO</ulink> explains more advanced options for configuring BIND9."
20266
22470
msgstr ""
20267
22471
20268
#: serverguide/C/dns.xml:623(para)
22472
#: serverguide/C/dns.xml:627(para)
20269
22473
msgid ""
20270
22474
"For in depth coverage of <emphasis>DNS</emphasis> and "
20271
22475
"<application>BIND9</application> see <ulink "
20272
22476
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
20273
22477
msgstr ""
20274
22478
20275
#: serverguide/C/dns.xml:626(para)
22479
#: serverguide/C/dns.xml:632(para)
20276
22480
msgid ""
20277
22481
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
20278
22482
"BIND</ulink> is a popular book now in it's fifth edition."
20279
22483
msgstr ""
20280
22484
20281
#: serverguide/C/dns.xml:629(para)
22485
#: serverguide/C/dns.xml:637(para)
20282
22486
msgid ""
20283
22487
"A great place to ask for <application>BIND9</application> assistance, and "
20284
22488
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20286
22490
"url=\"http://freenode.net\">freenode</ulink>."
20287
22491
msgstr ""
20288
22492
22493
#: serverguide/C/dns.xml:643(para)
22494
msgid ""
22495
"Also, see the <ulink "
22496
"url=\"https://help.ubuntu.com/community/BIND9ServerHowto\">BIND9 Server "
22497
"HOWTO</ulink> in the Ubuntu Wiki."
22498
msgstr ""
22499
20289
22500
#: serverguide/C/databases.xml:13(title)
20290
22501
msgid "Databases"
20291
22502
msgstr ""
20294
22505
msgid "Ubuntu provides two popular database servers. They are:"
20295
22506
msgstr ""
20296
22507
20297
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:152(title)
22508
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:157(title)
20298
22509
msgid "PostgreSQL"
20299
22510
msgstr ""
20300
22511
20359
22570
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
20360
22571
"the basic settings -- log file, port number, etc. For example, to configure "
20361
22572
"<application>MySQL</application> to listen for connections from network "
20362
"hosts, change the <emphasis>bind_address</emphasis> directive to the "
22573
"hosts, change the <emphasis>bind-address</emphasis> directive to the "
20363
22574
"server's IP address:"
20364
22575
msgstr ""
20365
22576
20388
22599
msgstr ""
20389
22600
20390
22601
#: serverguide/C/databases.xml:113(command)
20391
msgid "sudo dpkg-reconfigure mysql-server-5.0"
22602
msgid "sudo dpkg-reconfigure mysql-server-5.1"
20392
22603
msgstr ""
20393
22604
20394
22605
#: serverguide/C/databases.xml:116(para)
20421
22632
"chapter/index.html</command> in your browser's address bar."
20422
22633
msgstr ""
20423
22634
20424
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:285(para)
22635
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:290(para)
20425
22636
msgid ""
20426
22637
"For general SQL information see <ulink "
20427
22638
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
20428
22639
"Special Edition</ulink> by Rafe Colburn."
20429
22640
msgstr ""
20430
22641
20431
#: serverguide/C/databases.xml:153(para)
22642
#: serverguide/C/databases.xml:149(para)
22643
msgid ""
22644
"The <ulink url=\"https://help.ubuntu.com/community/ApacheMySQLPHP\">Apache "
22645
"MySQL PHP Ubuntu Wiki</ulink> page also has useful information."
22646
msgstr ""
22647
22648
#: serverguide/C/databases.xml:158(para)
20432
22649
msgid ""
20433
22650
"PostgreSQL is an object-relational database system that has the features of "
20434
22651
"traditional commercial database systems with enhancements to be found in "
20435
22652
"next-generation DBMS systems."
20436
22653
msgstr ""
20437
22654
20438
#: serverguide/C/databases.xml:160(para)
22655
#: serverguide/C/databases.xml:165(para)
20439
22656
msgid ""
20440
22657
"To install PostgreSQL, run the following command in the command prompt:"
20441
22658
msgstr ""
20442
22659
20443
#: serverguide/C/databases.xml:167(command)
22660
#: serverguide/C/databases.xml:172(command)
20444
22661
msgid "sudo apt-get install postgresql"
20445
22662
msgstr ""
20446
22663
20447
#: serverguide/C/databases.xml:171(para)
22664
#: serverguide/C/databases.xml:176(para)
20448
22665
msgid ""
20449
22666
"Once the installation is complete, you should configure the PostgreSQL "
20450
22667
"server based on your needs, although the default configuration is viable."
20451
22668
msgstr ""
20452
22669
20453
#: serverguide/C/databases.xml:179(para)
22670
#: serverguide/C/databases.xml:184(para)
20454
22671
msgid ""
20455
22672
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
20456
22673
"client authentication methods. By default, IDENT authentication method is "
20459
22676
"PostgreSQL Administrator's Guide</ulink>."
20460
22677
msgstr ""
20461
22678
20462
#: serverguide/C/databases.xml:186(para)
22679
#: serverguide/C/databases.xml:191(para)
20463
22680
msgid ""
20464
22681
"The following discussion assumes that you wish to enable TCP/IP connections "
20465
22682
"and use the MD5 method for client authentication. PostgreSQL configuration "
20469
22686
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
20470
22687
msgstr ""
20471
22688
20472
#: serverguide/C/databases.xml:196(para)
22689
#: serverguide/C/databases.xml:201(para)
20473
22690
msgid ""
20474
22691
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
20475
22692
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
20476
22693
msgstr ""
20477
22694
20478
#: serverguide/C/databases.xml:203(para)
22695
#: serverguide/C/databases.xml:208(para)
20479
22696
msgid ""
20480
22697
"To enable TCP/IP connections, edit the file "
20481
22698
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
20482
22699
msgstr ""
20483
22700
20484
#: serverguide/C/databases.xml:205(para)
22701
#: serverguide/C/databases.xml:210(para)
20485
22702
msgid ""
20486
22703
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
20487
22704
"change it to:"
20488
22705
msgstr ""
20489
22706
20490
#: serverguide/C/databases.xml:208(programlisting)
22707
#: serverguide/C/databases.xml:213(programlisting)
20491
22708
#, no-wrap
20492
22709
msgid ""
20493
22710
"\n"
20494
22711
"listen_addresses = 'localhost'\n"
20495
22712
msgstr ""
20496
22713
20497
#: serverguide/C/databases.xml:212(para)
22714
#: serverguide/C/databases.xml:217(para)
20498
22715
msgid ""
20499
22716
"To allow other computers to connect to your "
20500
22717
"<application>PostgreSQL</application> server replace 'localhost' with the "
20501
22718
"<emphasis>IP Address</emphasis> of your server."
20502
22719
msgstr ""
20503
22720
20504
#: serverguide/C/databases.xml:217(para)
22721
#: serverguide/C/databases.xml:222(para)
20505
22722
msgid ""
20506
22723
"You may also edit all other parameters, if you know what you are doing! For "
20507
22724
"details, refer to the configuration file or to the PostgreSQL documentation."
20508
22725
msgstr ""
20509
22726
20510
#: serverguide/C/databases.xml:222(para)
22727
#: serverguide/C/databases.xml:227(para)
20511
22728
msgid ""
20512
22729
"Now that we can connect to our <application>PostgreSQL</application> server, "
20513
22730
"the next step is to set a password for the <emphasis>postgres</emphasis> "
20515
22732
"default PostgreSQL template database:"
20516
22733
msgstr ""
20517
22734
20518
#: serverguide/C/databases.xml:229(command)
22735
#: serverguide/C/databases.xml:234(command)
20519
22736
msgid "sudo -u postgres psql template1"
20520
22737
msgstr ""
20521
22738
20522
#: serverguide/C/databases.xml:231(para)
22739
#: serverguide/C/databases.xml:236(para)
20523
22740
msgid ""
20524
22741
"The above command connects to PostgreSQL database "
20525
22742
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
20529
22746
"role=\"italics\">postgres</emphasis>."
20530
22747
msgstr ""
20531
22748
20532
#: serverguide/C/databases.xml:239(command)
22749
#: serverguide/C/databases.xml:244(command)
20533
22750
msgid "ALTER USER postgres with encrypted password 'your_password';"
20534
22751
msgstr ""
20535
22752
20536
#: serverguide/C/databases.xml:241(para)
22753
#: serverguide/C/databases.xml:246(para)
20537
22754
msgid ""
20538
22755
"After configuring the password, edit the file "
20539
22756
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
20541
22758
"<emphasis>postgres</emphasis> user:"
20542
22759
msgstr ""
20543
22760
20544
#: serverguide/C/databases.xml:247(programlisting)
22761
#: serverguide/C/databases.xml:252(programlisting)
20545
22762
#, no-wrap
20546
22763
msgid ""
20547
22764
"\n"
20548
"local all postgres md5 sameuser\n"
22765
"local all postgres md5\n"
20549
22766
msgstr ""
20550
22767
20551
#: serverguide/C/databases.xml:251(para)
22768
#: serverguide/C/databases.xml:256(para)
20552
22769
msgid ""
20553
22770
"Finally, you should restart the <application>PostgreSQL</application> "
20554
22771
"service to initialize the new configuration. From a terminal prompt enter "
20555
22772
"the following to restart <application>PostgreSQL</application>:"
20556
22773
msgstr ""
20557
22774
20558
#: serverguide/C/databases.xml:257(command)
22775
#: serverguide/C/databases.xml:262(command)
20559
22776
msgid "sudo /etc/init.d/postgresql-8.4 restart"
20560
22777
msgstr ""
20561
22778
20562
#: serverguide/C/databases.xml:260(para)
22779
#: serverguide/C/databases.xml:265(para)
20563
22780
msgid ""
20564
22781
"The above configuration is not complete by any means. Please refer <ulink "
20565
22782
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
20566
22783
"Administrator's Guide</ulink> to configure more parameters."
20567
22784
msgstr ""
20568
22785
20569
#: serverguide/C/databases.xml:271(para)
22786
#: serverguide/C/databases.xml:276(para)
20570
22787
msgid ""
20571
22788
"As mentioned above the <ulink "
20572
22789
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
20575
22792
"in a terminal to install the package:"
20576
22793
msgstr ""
20577
22794
20578
#: serverguide/C/databases.xml:277(command)
22795
#: serverguide/C/databases.xml:282(command)
20579
22796
msgid "sudo apt-get install postgresql-doc-8.4"
20580
22797
msgstr ""
20581
22798
20582
#: serverguide/C/databases.xml:279(para)
22799
#: serverguide/C/databases.xml:284(para)
20583
22800
msgid ""
20584
22801
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
20585
22802
"8.4/html/index.html</command> into the address bar of your browser."
20586
22803
msgstr ""
20587
22804
22805
#: serverguide/C/databases.xml:296(para)
22806
msgid ""
22807
"Also, see the <ulink "
22808
"url=\"https://help.ubuntu.com/community/PostgreSQL\">PostgreSQL Ubuntu "
22809
"Wiki</ulink> page for more information."
22810
msgstr ""
22811
20588
22812
#: serverguide/C/clustering.xml:13(title)
20589
22813
msgid "Clustering"
20590
22814
msgstr ""
20805
23029
#: serverguide/C/clustering.xml:243(para)
20806
23030
msgid ""
20807
23031
"The <ulink "
20808
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">d"
20809
"rbd.conf man page</ulink> contains details on the options not covered in "
20810
"this guide."
23032
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/drbd.conf.5.html\">dr"
23033
"bd.conf man page</ulink> contains details on the options not covered in this "
23034
"guide."
20811
23035
msgstr ""
20812
23036
20813
23037
#: serverguide/C/clustering.xml:249(para)
20814
23038
msgid ""
20815
23039
"Also, see the <ulink "
20816
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drb"
20817
"dadm man page</ulink>."
23040
"url=\"http://manpages.ubuntu.com/manpages/lucid/en/man8/drbdadm.8.html\">drbd"
23041
"adm man page</ulink>."
23042
msgstr ""
23043
23044
#: serverguide/C/clustering.xml:254(para)
23045
msgid ""
23046
"The <ulink url=\"https://help.ubuntu.com/community/DRBD\">DRBD Ubuntu "
23047
"Wiki</ulink> page also has more information."
20818
23048
msgstr ""
20819
23049
20820
23050
#: serverguide/C/chat.xml:13(title)
20931
23161
"FAQ</ulink> for more details about the IRC Server."
20932
23162
msgstr ""
20933
23163
20934
#: serverguide/C/chat.xml:127(title)
23164
#: serverguide/C/chat.xml:124(para)
23165
msgid ""
23166
"Also, the <ulink url=\"https://help.ubuntu.com/community/ircd\">Ubuntu Wiki "
23167
"IRCD</ulink> page has more information."
23168
msgstr ""
23169
23170
#: serverguide/C/chat.xml:132(title)
20935
23171
msgid "Jabber Instant Messaging Server"
20936
23172
msgstr ""
20937
23173
20938
#: serverguide/C/chat.xml:129(para)
23174
#: serverguide/C/chat.xml:134(para)
20939
23175
msgid ""
20940
23176
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
20941
23177
"XMPP, an open standard for instant messaging, and used by many popular "
20944
23180
"to providing messaging services to users over the Internet."
20945
23181
msgstr ""
20946
23182
20947
#: serverguide/C/chat.xml:138(para)
23183
#: serverguide/C/chat.xml:143(para)
20948
23184
msgid "To install <application>jabberd2</application>, in a terminal enter:"
20949
23185
msgstr ""
20950
23186
20951
#: serverguide/C/chat.xml:143(command)
23187
#: serverguide/C/chat.xml:148(command)
20952
23188
msgid "sudo apt-get install jabberd2"
20953
23189
msgstr ""
20954
23190
20955
#: serverguide/C/chat.xml:150(para)
23191
#: serverguide/C/chat.xml:155(para)
20956
23192
msgid ""
20957
23193
"A couple of XML configuration files will be used to configure "
20958
23194
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
20961
23197
"Postgresql, etc for for user authentication."
20962
23198
msgstr ""
20963
23199
20964
#: serverguide/C/chat.xml:157(para)
23200
#: serverguide/C/chat.xml:162(para)
20965
23201
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
20966
23202
msgstr ""
20967
23203
20968
#: serverguide/C/chat.xml:161(programlisting)
23204
#: serverguide/C/chat.xml:166(programlisting)
20969
23205
#, no-wrap
20970
23206
msgid ""
20971
23207
"\n"
20972
23208
" <id>jabber.example.com</id>\n"
20973
23209
msgstr ""
20974
23210
20975
#: serverguide/C/chat.xml:166(para)
23211
#: serverguide/C/chat.xml:171(para)
20976
23212
msgid ""
20977
23213
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
20978
23214
"id, of your server."
20979
23215
msgstr ""
20980
23216
20981
#: serverguide/C/chat.xml:171(para)
23217
#: serverguide/C/chat.xml:176(para)
20982
23218
msgid "Now in the <storage> section change the <driver> to:"
20983
23219
msgstr ""
20984
23220
20985
#: serverguide/C/chat.xml:175(programlisting)
23221
#: serverguide/C/chat.xml:180(programlisting)
20986
23222
#, no-wrap
20987
23223
msgid ""
20988
23224
"\n"
20989
23225
" <driver>db</driver>\n"
20990
23226
msgstr ""
20991
23227
20992
#: serverguide/C/chat.xml:179(para)
23228
#: serverguide/C/chat.xml:184(para)
20993
23229
msgid ""
20994
23230
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
20995
23231
"<emphasis><local></emphasis> section change:"
20996
23232
msgstr ""
20997
23233
20998
#: serverguide/C/chat.xml:183(programlisting)
23234
#: serverguide/C/chat.xml:188(programlisting)
20999
23235
#, no-wrap
21000
23236
msgid ""
21001
23237
"\n"
21002
23238
" <id>jabber.example.com</id>\n"
21003
23239
msgstr ""
21004
23240
21005
#: serverguide/C/chat.xml:187(para)
23241
#: serverguide/C/chat.xml:192(para)
21006
23242
msgid ""
21007
23243
"And in the <authreg> section adjust the <module> section to:"
21008
23244
msgstr ""
21009
23245
21010
#: serverguide/C/chat.xml:191(programlisting)
23246
#: serverguide/C/chat.xml:196(programlisting)
21011
23247
#, no-wrap
21012
23248
msgid ""
21013
23249
"\n"
21014
23250
" <module>db</module>\n"
21015
23251
msgstr ""
21016
23252
21017
#: serverguide/C/chat.xml:195(para)
23253
#: serverguide/C/chat.xml:200(para)
21018
23254
msgid ""
21019
23255
"Finally, restart <application>jabberd2</application> to enable the new "
21020
23256
"settings:"
21021
23257
msgstr ""
21022
23258
21023
#: serverguide/C/chat.xml:200(command)
23259
#: serverguide/C/chat.xml:205(command)
21024
23260
msgid "sudo /etc/init.d/jabberd2 restart"
21025
23261
msgstr ""
21026
23262
21027
#: serverguide/C/chat.xml:203(para)
23263
#: serverguide/C/chat.xml:208(para)
21028
23264
msgid ""
21029
23265
"You should now be able to connect to the server using a Jabber client like "
21030
23266
"<application>Pidgin</application> for example."
21031
23267
msgstr ""
21032
23268
21033
#: serverguide/C/chat.xml:208(para)
23269
#: serverguide/C/chat.xml:213(para)
21034
23270
msgid ""
21035
23271
"The advantage of using Berkeley DB for user data is that after being "
21036
23272
"configured no additional maintenance is required. If you need more control "
21038
23274
"recommended."
21039
23275
msgstr ""
21040
23276
21041
#: serverguide/C/chat.xml:220(para)
23277
#: serverguide/C/chat.xml:225(para)
21042
23278
msgid ""
21043
23279
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
21044
23280
"Site</ulink> contains more details on configuring "
21045
23281
"<application>Jabberd2</application>."
21046
23282
msgstr ""
21047
23283
21048
#: serverguide/C/chat.xml:226(para)
23284
#: serverguide/C/chat.xml:231(para)
21049
23285
msgid ""
21050
23286
"For more authentication options see the <ulink "
21051
23287
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
21052
23288
"Guide</ulink>."
21053
23289
msgstr ""
21054
23290
23291
#: serverguide/C/chat.xml:236(para)
23292
msgid ""
23293
"Also, the <ulink "
23294
"url=\"https://help.ubuntu.com/community/SettingUpJabberServer\">Setting Up "
23295
"Jabber Server Ubuntu Wiki</ulink> page has more information."
23296
msgstr ""
23297
21055
23298
#: serverguide/C/backups.xml:13(title)
21056
23299
msgid "Backups"
21057
23300
msgstr ""
22146
24389
"the latest Bacula news and developments."
22147
24390
msgstr ""
22148
24391
24392
#: serverguide/C/backups.xml:869(para)
24393
msgid ""
24394
"Also, see the <ulink url=\"https://help.ubuntu.com/community/Bacula\">Bacula "
24395
"Ubuntu Wiki</ulink> page."
24396
msgstr ""
24397
22149
24398
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
22150
24399
#: serverguide/C/backups.xml:0(None)
22151
24400
msgid "translator-credits"
22152
24401
msgstr ""
22153
24402
"Launchpad Contributions:\n"
22154
" Daniel Høyer Iversen https://launchpad.net/~dahoiv\n"
22155
" Daniel Landsverk https://launchpad.net/~daniel-landsverk\n"
22156
" Eirik Fikkan https://launchpad.net/~efikkan\n"
22157
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
22158
"admins\n"
22159
" Pål Grønås Drange https://launchpad.net/~drange\n"
22160
24403
" Tor Harald Thorland https://launchpad.net/~linux-strigen"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1