« back to all changes in this revision
Viewing changes to serverguide/po/eo.po
- browse files at revision 379
- compare with another revision
- download diff
- download tarball
- view history from revision 379
- Committer: Matthew East
- Date: 2009-10-17 13:38:29 UTC
- Revision ID: matt@matt-vbox-20091017133829-0rix7b9gsqs5usob
Add translations exported from Rosetta as at 16.10.09
- files added:
- about-ubuntu/po/dv.po
- files modified:
- about-ubuntu/po/about-ubuntu.pot
added
removed
serverguide/po/eo.po
1
# Esperanto translation for ubuntu-docs
2
# Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2009.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2009-10-04 21:24+0100\n"
11
"PO-Revision-Date: 2009-05-08 11:10+0000\n"
12
"Last-Translator: Michael Moroni <haikara90@gmail.com>\n"
13
"Language-Team: Esperanto <eo@li.org>\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2009-10-16 07:27+0000\n"
18
"X-Generator: Launchpad (build Unknown)\n"
19
20
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
21
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
22
msgstr "ubuntu-doc@lists.ubuntu.com (Documentada projekto de Ubuntu)"
23
24
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
25
msgid "Ubuntu Server Guide"
26
msgstr ""
27
28
#: serverguide/C/serverguide-C.omf:9(date)
29
msgid "2007-09-30"
30
msgstr "30-a de septembro 2007"
31
32
#: serverguide/C/windows-networking.xml:13(title)
33
msgid "Windows Networking"
34
msgstr ""
35
36
#: serverguide/C/windows-networking.xml:15(para)
37
msgid ""
38
"Computer networks are often comprised of diverse systems, and while "
39
"operating a network made up entirely of Ubuntu desktop and server computers "
40
"would certainly be fun, some network environments must consist of both "
41
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
42
"class=\"registered\">Windows</trademark> systems working together in "
43
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
44
"principles and tools used in configuring your Ubuntu Server for sharing "
45
"network resources with Windows computers."
46
msgstr ""
47
48
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:397(title) serverguide/C/security.xml:412(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
49
msgid "Introduction"
50
msgstr ""
51
52
#: serverguide/C/windows-networking.xml:27(para)
53
msgid ""
54
"Successfully networking your Ubuntu system with Windows clients involves "
55
"providing and integrating with services common to Windows environments. Such "
56
"services assist the sharing of data and information about the computers and "
57
"users involved in the network, and may be classified under three major "
58
"categories of functionality:"
59
msgstr ""
60
61
#: serverguide/C/windows-networking.xml:35(para)
62
msgid ""
63
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
64
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
65
"folders, volumes, and the sharing of printers throughout the network."
66
msgstr ""
67
68
#: serverguide/C/windows-networking.xml:41(para)
69
msgid ""
70
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
71
"information about the computers and users of the network with such "
72
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
73
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
74
msgstr ""
75
76
#: serverguide/C/windows-networking.xml:48(para)
77
msgid ""
78
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
79
"the identity of a computer or user of the network and determining the "
80
"information the computer or user is authorized to access using such "
81
"principles and technologies as file permissions, group policies, and the "
82
"Kerberos authentication service."
83
msgstr ""
84
85
#: serverguide/C/windows-networking.xml:56(para)
86
msgid ""
87
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
88
"clients and share network resources among them. One of the principal pieces "
89
"of software your Ubuntu system includes for Windows networking is the Samba "
90
"suite of SMB server applications and tools."
91
msgstr ""
92
93
#: serverguide/C/windows-networking.xml:62(para)
94
msgid ""
95
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
96
"of the common Samba use cases, and how to install and configure the "
97
"necessary packages. Additional detailed documentation and information on "
98
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
99
"website</ulink>."
100
msgstr ""
101
102
#: serverguide/C/windows-networking.xml:70(title)
103
msgid "Samba File Server"
104
msgstr ""
105
106
#: serverguide/C/windows-networking.xml:72(para)
107
msgid ""
108
"One of the most common ways to network Ubuntu and Windows computers is to "
109
"configure Samba as a File Server. This section covers setting up a "
110
"<application>Samba</application> server to share files with Windows clients."
111
msgstr ""
112
113
#: serverguide/C/windows-networking.xml:77(para)
114
msgid ""
115
"The server will be configured to share files with any client on the network "
116
"without prompting for a password. If your environment requires stricter "
117
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
118
msgstr ""
119
120
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:282(title) serverguide/C/windows-networking.xml:1279(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:669(title) serverguide/C/web-servers.xml:804(title) serverguide/C/web-servers.xml:925(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:1341(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:402(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:220(title) serverguide/C/network-config.xml:603(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1244(title) serverguide/C/network-auth.xml:1749(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:423(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:478(title) serverguide/C/mail.xml:651(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1284(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:282(title) serverguide/C/lamp-applications.xml:398(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:908(title) serverguide/C/file-server.xml:342(title) serverguide/C/file-server.xml:454(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:159(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:593(title)
121
msgid "Installation"
122
msgstr ""
123
124
#: serverguide/C/windows-networking.xml:85(para)
125
msgid ""
126
"The first step is to install the <application>samba</application> package. "
127
"From a terminal prompt enter:"
128
msgstr ""
129
130
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:294(command)
131
msgid "sudo apt-get install samba"
132
msgstr "sudo apt-get install samba"
133
134
#: serverguide/C/windows-networking.xml:93(para)
135
msgid ""
136
"That's all there is to it; you are now ready to configure Samba to share "
137
"files."
138
msgstr ""
139
140
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:299(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:720(title) serverguide/C/web-servers.xml:815(title) serverguide/C/web-servers.xml:952(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/vpn.xml:137(title) serverguide/C/virtualization.xml:1226(title) serverguide/C/virtualization.xml:1415(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:420(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:245(title) serverguide/C/package-management.xml:365(title) serverguide/C/network-config.xml:625(title) serverguide/C/network-auth.xml:88(title) serverguide/C/network-auth.xml:1788(title) serverguide/C/network-auth.xml:2161(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:449(title) serverguide/C/mail.xml:487(title) serverguide/C/mail.xml:661(title) serverguide/C/mail.xml:880(title) serverguide/C/mail.xml:1309(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:309(title) serverguide/C/lamp-applications.xml:428(title) serverguide/C/file-server.xml:355(title) serverguide/C/file-server.xml:480(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:178(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:616(title)
141
msgid "Configuration"
142
msgstr "Agordo"
143
144
#: serverguide/C/windows-networking.xml:101(para)
145
msgid ""
146
"The main Samba configuration file is located in "
147
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
148
"a significant amount of comments in order to document various configuration "
149
"directives."
150
msgstr ""
151
152
#: serverguide/C/windows-networking.xml:106(para)
153
msgid ""
154
"Not all the available options are included in the default configuration "
155
"file. See the <filename>smb.conf</filename><application>man</application> "
156
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
157
"Collection/\">Samba HOWTO Collection</ulink> for more details."
158
msgstr ""
159
160
#: serverguide/C/windows-networking.xml:116(para)
161
msgid ""
162
"First, edit the following key/value pairs in the "
163
"<emphasis>[global]</emphasis> section of "
164
"<filename>/etc/samba/smb.conf</filename>:"
165
msgstr ""
166
167
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:306(programlisting) serverguide/C/windows-networking.xml:761(programlisting) serverguide/C/windows-networking.xml:975(programlisting)
168
#, no-wrap
169
msgid ""
170
"\n"
171
" workgroup = EXAMPLE\n"
172
" ...\n"
173
" security = user\n"
174
msgstr ""
175
176
#: serverguide/C/windows-networking.xml:127(para)
177
msgid ""
178
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
179
"section, and is commented by default. Also, change "
180
"<emphasis>EXAMPLE</emphasis> to better match your environment."
181
msgstr ""
182
183
#: serverguide/C/windows-networking.xml:135(para)
184
msgid ""
185
"Create a new section at the bottom of the file, or uncomment one of the "
186
"examples, for the directory to be shared:"
187
msgstr ""
188
189
#: serverguide/C/windows-networking.xml:139(programlisting)
190
#, no-wrap
191
msgid ""
192
"\n"
193
"[share]\n"
194
" comment = Ubuntu File Server Share\n"
195
" path = /srv/samba/share\n"
196
" browsable = yes\n"
197
" guest ok = yes\n"
198
" read only = no\n"
199
" create mask = 0755\n"
200
msgstr ""
201
202
#: serverguide/C/windows-networking.xml:151(para)
203
msgid ""
204
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
205
"fit your needs."
206
msgstr ""
207
208
#: serverguide/C/windows-networking.xml:156(para)
209
msgid "<emphasis>path:</emphasis> the path to the directory to share."
210
msgstr "<emphasis>pado:</emphasis> la pado de la kunhavenda dosierujo"
211
212
#: serverguide/C/windows-networking.xml:159(para)
213
msgid ""
214
"This example uses <filename>/srv/samba/sharename</filename> because, "
215
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
216
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
217
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
218
"specific data should be served. Technically Samba shares can be placed "
219
"anywhere on the filesystem as long as the permissions are correct, but "
220
"adhering to standards is recommended."
221
msgstr ""
222
223
#: serverguide/C/windows-networking.xml:168(para)
224
msgid ""
225
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
226
"directory using <application>Windows Explorer</application>."
227
msgstr ""
228
229
#: serverguide/C/windows-networking.xml:174(para)
230
msgid ""
231
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
232
"without supplying a password."
233
msgstr ""
234
235
#: serverguide/C/windows-networking.xml:179(para)
236
msgid ""
237
"<emphasis>read only:</emphasis> determines if the share is read only or if "
238
"write privileges are granted. Write privileges are allowed only when the "
239
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
240
"is <emphasis>yes</emphasis>, then access to the share is read only."
241
msgstr ""
242
243
#: serverguide/C/windows-networking.xml:184(para)
244
msgid ""
245
"<emphasis>create mask:</emphasis> determines the permissions new files will "
246
"have when created."
247
msgstr ""
248
249
#: serverguide/C/windows-networking.xml:193(para)
250
msgid ""
251
"Now that <application>Samba</application> is configured, the directory needs "
252
"to be created and the permissions changed. From a terminal enter:"
253
msgstr ""
254
255
#: serverguide/C/windows-networking.xml:199(command)
256
msgid "sudo mkdir -p /srv/samba/share"
257
msgstr "sudo mkdir -p /srv/samba/share"
258
259
#: serverguide/C/windows-networking.xml:200(command)
260
msgid "sudo chown nobody.nogroup /srv/samba/share/"
261
msgstr "sudo chown nobody.nogroup /srv/samba/share/"
262
263
#: serverguide/C/windows-networking.xml:204(para)
264
msgid ""
265
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
266
"directory tree if it doesn't exist. Change the share name to fit your "
267
"environment."
268
msgstr ""
269
270
#: serverguide/C/windows-networking.xml:213(para)
271
msgid ""
272
"Finally, restart the <application>samba</application> services to enable the "
273
"new configuration:"
274
msgstr ""
275
276
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:326(command) serverguide/C/windows-networking.xml:458(command) serverguide/C/windows-networking.xml:557(command) serverguide/C/windows-networking.xml:922(command) serverguide/C/windows-networking.xml:1032(command) serverguide/C/windows-networking.xml:1142(command) serverguide/C/network-auth.xml:1523(command)
277
msgid "sudo /etc/init.d/samba restart"
278
msgstr "sudo /etc/init.d/samba restart"
279
280
#: serverguide/C/windows-networking.xml:225(para)
281
msgid ""
282
"Once again, the above configuration gives all access to any client on the "
283
"local network. For a more secure configuration see <xref linkend=\"samba-"
284
"fileprint-security\"/>."
285
msgstr ""
286
287
#: serverguide/C/windows-networking.xml:231(para)
288
msgid ""
289
"From a Windows client you should now be able to browse to the Ubuntu file "
290
"server and see the shared directory. To check that everything is working try "
291
"creating a directory from Windows."
292
msgstr ""
293
294
#: serverguide/C/windows-networking.xml:236(para)
295
msgid ""
296
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
297
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
298
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
299
"share actually exists and the permissions are correct."
300
msgstr ""
301
302
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:336(title) serverguide/C/windows-networking.xml:686(title) serverguide/C/windows-networking.xml:1051(title) serverguide/C/windows-networking.xml:1253(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1163(title) serverguide/C/remote-administration.xml:478(title) serverguide/C/network-config.xml:247(title) serverguide/C/network-config.xml:490(title) serverguide/C/network-auth.xml:1199(title) serverguide/C/network-auth.xml:1638(title) serverguide/C/network-auth.xml:2236(title) serverguide/C/network-auth.xml:2739(title) serverguide/C/installation.xml:848(title) serverguide/C/installation.xml:1124(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:268(title) serverguide/C/backups.xml:855(title)
303
msgid "Resources"
304
msgstr ""
305
306
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:340(para) serverguide/C/windows-networking.xml:690(para) serverguide/C/windows-networking.xml:1055(para)
307
msgid ""
308
"For in depth Samba configurations see the <ulink "
309
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
310
"Collection</ulink>"
311
msgstr ""
312
313
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:346(para) serverguide/C/windows-networking.xml:696(para) serverguide/C/windows-networking.xml:1061(para)
314
msgid ""
315
"The guide is also available in <ulink "
316
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
317
"format</ulink>."
318
msgstr ""
319
320
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:352(para)
321
msgid ""
322
"O'Reilly's <ulink "
323
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
324
"another good reference."
325
msgstr ""
326
327
#: serverguide/C/windows-networking.xml:269(title)
328
msgid "Samba Print Server"
329
msgstr ""
330
331
#: serverguide/C/windows-networking.xml:271(para)
332
msgid ""
333
"Another common use of Samba is to configure it to share printers installed, "
334
"either locally or over the network, on an Ubuntu server. Similar to <xref "
335
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
336
"any client on the local network to use the installed printers without "
337
"prompting for a username and password."
338
msgstr ""
339
340
#: serverguide/C/windows-networking.xml:277(para)
341
msgid ""
342
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
343
"security\"/>."
344
msgstr ""
345
346
#: serverguide/C/windows-networking.xml:284(para)
347
msgid ""
348
"Before installing and configuring Samba it is best to already have a working "
349
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
350
"for details."
351
msgstr ""
352
353
#: serverguide/C/windows-networking.xml:289(para)
354
msgid ""
355
"To install the <application>samba</application> package, from a terminal "
356
"enter:"
357
msgstr ""
358
"Por instali <application>samba</application>-n pakaĵon el terminalo, tajpi:"
359
360
#: serverguide/C/windows-networking.xml:300(para)
361
msgid ""
362
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
363
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
364
"network, and change <emphasis>security</emphasis> to <emphasis "
365
"role=\"italic\">share</emphasis>:"
366
msgstr ""
367
368
#: serverguide/C/windows-networking.xml:312(para)
369
msgid ""
370
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
371
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
372
msgstr ""
373
374
#: serverguide/C/windows-networking.xml:316(programlisting)
375
#, no-wrap
376
msgid ""
377
"\n"
378
" browsable = yes\n"
379
" guest ok = yes\n"
380
msgstr ""
381
382
#: serverguide/C/windows-networking.xml:321(para)
383
msgid "After editing <filename>smb.conf</filename> restart Samba:"
384
msgstr ""
385
386
#: serverguide/C/windows-networking.xml:329(para)
387
msgid ""
388
"The default Samba configuration will automatically share any printers "
389
"installed. Simply install the printer locally on your Windows clients."
390
msgstr ""
391
392
#: serverguide/C/windows-networking.xml:358(para)
393
msgid ""
394
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
395
"more information on configuring CUPS."
396
msgstr ""
397
398
#: serverguide/C/windows-networking.xml:367(title)
399
msgid "Securing a Samba File and Print Server"
400
msgstr ""
401
402
#: serverguide/C/windows-networking.xml:370(title)
403
msgid "Samba Security Modes"
404
msgstr ""
405
406
#: serverguide/C/windows-networking.xml:372(para)
407
msgid ""
408
"There are two security levels available to the Common Internet Filesystem "
409
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
410
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
411
"allows more flexibility, providing four ways of implementing user-level "
412
"security and one way to implement share-level:"
413
msgstr ""
414
415
#: serverguide/C/windows-networking.xml:381(para)
416
msgid ""
417
"<emphasis>security = user:</emphasis> requires clients to supply a username "
418
"and password to connect to shares. Samba user accounts are separate from "
419
"system accounts, but the <application>libpam-smbpass</application> package "
420
"will sync system users and passwords with the Samba user database."
421
msgstr ""
422
423
#: serverguide/C/windows-networking.xml:388(para)
424
msgid ""
425
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
426
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
427
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
428
"linkend=\"samba-dc\"/> for further information."
429
msgstr ""
430
431
#: serverguide/C/windows-networking.xml:395(para)
432
msgid ""
433
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
434
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
435
"integration\"/> for details."
436
msgstr ""
437
438
#: serverguide/C/windows-networking.xml:401(para)
439
msgid ""
440
"<emphasis>security = server:</emphasis> this mode is left over from before "
441
"Samba could become a member server, and due to some security issues should "
442
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
443
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
444
"of the Samba guide for more details."
445
msgstr ""
446
447
#: serverguide/C/windows-networking.xml:409(para)
448
msgid ""
449
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
450
"without supplying a username and password."
451
msgstr ""
452
453
#: serverguide/C/windows-networking.xml:416(para)
454
msgid ""
455
"The security mode you choose will depend on your environment and what you "
456
"need the Samba server to accomplish."
457
msgstr ""
458
459
#: serverguide/C/windows-networking.xml:422(title)
460
msgid "Security = User"
461
msgstr ""
462
463
#: serverguide/C/windows-networking.xml:424(para)
464
msgid ""
465
"This section will reconfigure the Samba file and print server, from <xref "
466
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
467
"require authentication."
468
msgstr ""
469
470
#: serverguide/C/windows-networking.xml:429(para)
471
msgid ""
472
"First, install the <application>libpam-smbpass</application> package which "
473
"will sync the system users to the Samba user database:"
474
msgstr ""
475
476
#: serverguide/C/windows-networking.xml:435(command)
477
msgid "sudo apt-get install libpam-smbpass"
478
msgstr ""
479
480
#: serverguide/C/windows-networking.xml:439(para)
481
msgid ""
482
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
483
"<application>libpam-smbpass</application> is already installed."
484
msgstr ""
485
486
#: serverguide/C/windows-networking.xml:445(para)
487
msgid ""
488
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
489
"<emphasis>[share]</emphasis> section change:"
490
msgstr ""
491
492
#: serverguide/C/windows-networking.xml:449(programlisting)
493
#, no-wrap
494
msgid ""
495
"\n"
496
" guest ok = no\n"
497
msgstr ""
498
499
#: serverguide/C/windows-networking.xml:453(para)
500
msgid "Finally, restart Samba for the new settings to take effect:"
501
msgstr ""
502
503
#: serverguide/C/windows-networking.xml:461(para)
504
msgid ""
505
"Now when connecting to the shared directories or printers you should be "
506
"prompted for a username and password."
507
msgstr ""
508
509
#: serverguide/C/windows-networking.xml:466(para)
510
msgid ""
511
"If you choose to map a network drive to the share you can check the "
512
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
513
"enter the username and password once, at least until the password changes."
514
msgstr ""
515
516
#: serverguide/C/windows-networking.xml:474(title)
517
msgid "Share Security"
518
msgstr ""
519
520
#: serverguide/C/windows-networking.xml:476(para)
521
msgid ""
522
"There are several options available to increase the security for each "
523
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
524
"this section will cover some common options."
525
msgstr ""
526
527
#: serverguide/C/windows-networking.xml:482(title)
528
msgid "Groups"
529
msgstr ""
530
531
#: serverguide/C/windows-networking.xml:484(para)
532
msgid ""
533
"Groups define a collection of computers or users which have a common level "
534
"of access to particular network resources and offer a level of granularity "
535
"in controlling access to such resources. For example, if a group <emphasis "
536
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
537
"role=\"italic\">freda</emphasis>, <emphasis "
538
"role=\"italic\">danika</emphasis>, and <emphasis "
539
"role=\"italic\">rob</emphasis> and a second group <emphasis "
540
"role=\"italic\">support</emphasis> is defined and consists of users "
541
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
542
"role=\"italic\">jeremy</emphasis>, and <emphasis "
543
"role=\"italic\">vincent</emphasis> then certain network resources configured "
544
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
545
"subsequently enable access by freda, danika, and rob, but not jeremy or "
546
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
547
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
548
"role=\"italic\">support</emphasis> groups, she will be able to access "
549
"resources configured for access by both groups, whereas all other users will "
550
"have only access to resources explicitly allowing the group they are part of."
551
msgstr ""
552
553
#: serverguide/C/windows-networking.xml:498(para)
554
msgid ""
555
"By default Samba looks for the local system groups defined in "
556
"<filename>/etc/group</filename> to determine which users belong to which "
557
"groups. For more information on adding and removing users from groups see "
558
"<xref linkend=\"adding-deleting-users\"/>."
559
msgstr ""
560
561
#: serverguide/C/windows-networking.xml:504(para)
562
msgid ""
563
"When defining groups in the Samba configuration file, "
564
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
565
"preface the group name with an \"@\" symbol. For example, if you wished to "
566
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
567
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
568
"do so by entering the group name as <emphasis "
569
"role=\"bold\">@sysadmin</emphasis>."
570
msgstr ""
571
572
#: serverguide/C/windows-networking.xml:513(title)
573
msgid "File Permissions"
574
msgstr ""
575
576
#: serverguide/C/windows-networking.xml:515(para)
577
msgid ""
578
"File Permissions define the explicit rights a computer or user has to a "
579
"particular directory, file, or set of files. Such permissions may be defined "
580
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
581
"the explicit permissions of a defined file share."
582
msgstr ""
583
584
#: serverguide/C/windows-networking.xml:521(para)
585
msgid ""
586
"For example, if you have defined a Samba share called "
587
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
588
"only</emphasis> permissions to the group of users known as <emphasis "
589
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
590
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
591
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
592
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
593
"under the <emphasis>[share]</emphasis> entry:"
594
msgstr ""
595
596
#: serverguide/C/windows-networking.xml:530(programlisting)
597
#, no-wrap
598
msgid ""
599
"\n"
600
" read list = @qa\n"
601
" write list = @sysadmin, vincent\n"
602
msgstr ""
603
604
#: serverguide/C/windows-networking.xml:535(para)
605
msgid ""
606
"Another possible Samba permission is to declare "
607
"<emphasis>administrative</emphasis> permissions to a particular shared "
608
"resource. Users having administrative permissions may read, write, or modify "
609
"any information contained in the resource the user has been given explicit "
610
"administrative permissions to."
611
msgstr ""
612
613
#: serverguide/C/windows-networking.xml:541(para)
614
msgid ""
615
"For example, if you wanted to give the user <emphasis "
616
"role=\"italic\">melissa</emphasis> administrative permissions to the "
617
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
618
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
619
"under the <emphasis>[share]</emphasis> entry:"
620
msgstr ""
621
622
#: serverguide/C/windows-networking.xml:548(programlisting)
623
#, no-wrap
624
msgid ""
625
"\n"
626
" admin users = melissa\n"
627
msgstr ""
628
629
#: serverguide/C/windows-networking.xml:552(para)
630
msgid ""
631
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
632
"the changes to take effect:"
633
msgstr ""
634
635
#: serverguide/C/windows-networking.xml:561(para)
636
msgid ""
637
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
638
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
639
"<emphasis role=\"italic\">security = share</emphasis>"
640
msgstr ""
641
642
#: serverguide/C/windows-networking.xml:567(para)
643
msgid ""
644
"Now that Samba has been configured to limit which groups have access to the "
645
"shared directory, the filesystem permissions need to be updated."
646
msgstr ""
647
648
#: serverguide/C/windows-networking.xml:572(para)
649
msgid ""
650
"Traditional Linux file permissions do not map well to Windows NT Access "
651
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
652
"providing more fine grained control. For example, to enable ACLs on "
653
"<filename>/srv</filename> an EXT3 filesystem, edit "
654
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
655
msgstr ""
656
657
#: serverguide/C/windows-networking.xml:579(programlisting)
658
#, no-wrap
659
msgid ""
660
"\n"
661
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
662
"0 1\n"
663
msgstr ""
664
665
#: serverguide/C/windows-networking.xml:583(para)
666
msgid "Then remount the partition:"
667
msgstr ""
668
669
#: serverguide/C/windows-networking.xml:588(command)
670
msgid "sudo mount -v -o remount /srv"
671
msgstr ""
672
673
#: serverguide/C/windows-networking.xml:592(para)
674
msgid ""
675
"The above example assumes <filename>/srv</filename> on a separate partition. "
676
"If <filename>/srv</filename>, or wherever you have configured your share "
677
"path, is part of the <filename>/</filename> partition a reboot may be "
678
"required."
679
msgstr ""
680
681
#: serverguide/C/windows-networking.xml:599(para)
682
msgid ""
683
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
684
"group will be given read, write, and execute permissions to "
685
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
686
"will be given read and execute permissions, and the files will be owned by "
687
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
688
msgstr ""
689
690
#: serverguide/C/windows-networking.xml:607(command)
691
msgid "sudo chown -R melissa /srv/samba/share/"
692
msgstr ""
693
694
#: serverguide/C/windows-networking.xml:608(command)
695
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
696
msgstr ""
697
698
#: serverguide/C/windows-networking.xml:609(command)
699
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
700
msgstr ""
701
702
#: serverguide/C/windows-networking.xml:613(para)
703
msgid ""
704
"The <application>setfacl</application> command above gives "
705
"<emphasis>execute</emphasis> permissions to all files in the "
706
"<filename>/srv/samba/share</filename> directory, which you may or may not "
707
"want."
708
msgstr ""
709
710
#: serverguide/C/windows-networking.xml:619(para)
711
msgid ""
712
"Now from a Windows client you should notice the new file permissions are "
713
"implemented. See the <application>acl</application> and "
714
"<application>setfacl</application> man pages for more information on POSIX "
715
"ACLs."
716
msgstr ""
717
718
#: serverguide/C/windows-networking.xml:627(title)
719
msgid "Samba AppArmor Profile"
720
msgstr ""
721
722
#: serverguide/C/windows-networking.xml:629(para)
723
msgid ""
724
"Ubuntu comes with the <application>AppArmor</application> security module, "
725
"which provides mandatory access controls. The default AppArmor profile for "
726
"Samba will need to be adapted to your configuration. For more details on "
727
"using AppArmor see <xref linkend=\"apparmor\"/>."
728
msgstr ""
729
730
#: serverguide/C/windows-networking.xml:635(para)
731
msgid ""
732
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
733
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
734
"of the <application>apparmor-profiles</application> packages. To install the "
735
"package, from a terminal prompt enter:"
736
msgstr ""
737
738
#: serverguide/C/windows-networking.xml:642(command) serverguide/C/security.xml:978(command)
739
msgid "sudo apt-get install apparmor-profiles"
740
msgstr ""
741
742
#: serverguide/C/windows-networking.xml:646(para)
743
msgid "This package contains profiles for several other binaries."
744
msgstr ""
745
746
#: serverguide/C/windows-networking.xml:651(para)
747
msgid ""
748
"By default the profiles for <application>smbd</application> and "
749
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
750
"allowing Samba to work without modifying the profile, and only logging "
751
"errors. To place the <application>smbd</application> profile into "
752
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
753
"profile will need to be modified to reflect any directories that are shared."
754
msgstr ""
755
756
#: serverguide/C/windows-networking.xml:658(para)
757
msgid ""
758
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
759
"for <emphasis>[share]</emphasis> from the file server example:"
760
msgstr ""
761
762
#: serverguide/C/windows-networking.xml:663(programlisting)
763
#, no-wrap
764
msgid ""
765
"\n"
766
" /srv/samba/share/ r,\n"
767
" /srv/samba/share/** rwkix,\n"
768
msgstr ""
769
770
#: serverguide/C/windows-networking.xml:668(para)
771
msgid ""
772
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
773
msgstr ""
774
775
#: serverguide/C/windows-networking.xml:673(command)
776
msgid "sudo aa-enforce /usr/sbin/smbd"
777
msgstr ""
778
779
#: serverguide/C/windows-networking.xml:674(command)
780
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
781
msgstr ""
782
783
#: serverguide/C/windows-networking.xml:677(para)
784
msgid ""
785
"You should now be able to read, write, and execute files in the shared "
786
"directory as normal, and the <application>smbd</application> binary will "
787
"have access to only the configured files and directories. Be sure to add "
788
"entries for each directory you configure Samba to share. Also, any errors "
789
"will be logged to <filename>/var/log/syslog</filename>."
790
msgstr ""
791
792
#: serverguide/C/windows-networking.xml:702(para) serverguide/C/windows-networking.xml:1067(para)
793
msgid ""
794
"O'Reilly's <ulink "
795
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
796
"also a good reference."
797
msgstr ""
798
799
#: serverguide/C/windows-networking.xml:708(para)
800
msgid ""
801
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
802
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
803
"security."
804
msgstr ""
805
806
#: serverguide/C/windows-networking.xml:714(para)
807
msgid ""
808
"For more information on Samba and ACLs see the <ulink "
809
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
810
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
811
msgstr ""
812
813
#: serverguide/C/windows-networking.xml:725(title)
814
msgid "Samba as a Domain Controller"
815
msgstr ""
816
817
#: serverguide/C/windows-networking.xml:727(para)
818
msgid ""
819
"Although it cannot act as an Active Directory Primary Domain Controller "
820
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
821
"domain controller. A major advantage of this configuration is the ability to "
822
"centralize user and machine credentials. Samba can also use multiple "
823
"backends to store the user information."
824
msgstr ""
825
826
#: serverguide/C/windows-networking.xml:734(title)
827
msgid "Primary Domain Controller"
828
msgstr ""
829
830
#: serverguide/C/windows-networking.xml:736(para)
831
msgid ""
832
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
833
"using the default smbpasswd backend."
834
msgstr ""
835
836
#: serverguide/C/windows-networking.xml:743(para)
837
msgid ""
838
"First, install Samba, and <application>libpam-smbpass</application> to sync "
839
"the user accounts, by entering the following in a terminal prompt:"
840
msgstr ""
841
842
#: serverguide/C/windows-networking.xml:749(command) serverguide/C/windows-networking.xml:965(command)
843
msgid "sudo apt-get install samba libpam-smbpass"
844
msgstr ""
845
846
#: serverguide/C/windows-networking.xml:755(para)
847
msgid ""
848
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
849
"The <emphasis>security</emphasis> mode should be set to <emphasis "
850
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
851
"should relate to your organization:"
852
msgstr ""
853
854
#: serverguide/C/windows-networking.xml:770(para)
855
msgid ""
856
"In the commented <quote>Domains</quote> section add or uncomment the "
857
"following:"
858
msgstr ""
859
860
#: serverguide/C/windows-networking.xml:774(programlisting)
861
#, no-wrap
862
msgid ""
863
"\n"
864
" domain logons = yes\n"
865
" logon path = \\\\%N\\%U\\profile\n"
866
" logon drive = H:\n"
867
" logon home = \\\\%N\\%U\n"
868
" logon script = logon.cmd\n"
869
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
870
"/var/lib/samba -s /bin/false %u\n"
871
msgstr ""
872
873
#: serverguide/C/windows-networking.xml:785(para)
874
msgid ""
875
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
876
"Samba to act as a domain controller."
877
msgstr ""
878
879
#: serverguide/C/windows-networking.xml:790(para)
880
msgid ""
881
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
882
"their home directory. It is also possible to configure a "
883
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
884
"directory."
885
msgstr ""
886
887
#: serverguide/C/windows-networking.xml:796(para)
888
msgid ""
889
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
890
msgstr ""
891
892
#: serverguide/C/windows-networking.xml:801(para)
893
msgid ""
894
"<emphasis>logon home:</emphasis> specifies the home directory location."
895
msgstr ""
896
897
#: serverguide/C/windows-networking.xml:806(para)
898
msgid ""
899
"<emphasis>logon script:</emphasis> determines the script to be run locally "
900
"once a user has logged in. The script needs to be placed in the "
901
"<emphasis>[netlogon]</emphasis> share."
902
msgstr ""
903
904
#: serverguide/C/windows-networking.xml:812(para)
905
msgid ""
906
"<emphasis>add machine script:</emphasis> a script that will automatically "
907
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
908
"workstation to join the domain."
909
msgstr ""
910
911
#: serverguide/C/windows-networking.xml:816(para)
912
msgid ""
913
"In this example the <emphasis>machines</emphasis> group will need to be "
914
"created using the <application>addgroup</application> utility see <xref "
915
"linkend=\"adding-deleting-users\"/> for details."
916
msgstr ""
917
918
#: serverguide/C/windows-networking.xml:824(para)
919
msgid ""
920
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
921
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
922
"commented."
923
msgstr ""
924
925
#: serverguide/C/windows-networking.xml:833(para)
926
msgid ""
927
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
928
"role=\"italic\">logon home</emphasis> to be mapped:"
929
msgstr ""
930
931
#: serverguide/C/windows-networking.xml:838(programlisting)
932
#, no-wrap
933
msgid ""
934
"\n"
935
"[homes]\n"
936
" comment = Home Directories\n"
937
" browseable = no\n"
938
" read only = no\n"
939
" create mask = 0700\n"
940
" directory mask = 0700\n"
941
" valid users = %S\n"
942
msgstr ""
943
944
#: serverguide/C/windows-networking.xml:851(para)
945
msgid ""
946
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
947
"share needs to be configured. To enable the share, uncomment:"
948
msgstr ""
949
950
#: serverguide/C/windows-networking.xml:856(programlisting)
951
#, no-wrap
952
msgid ""
953
"\n"
954
"[netlogon]\n"
955
" comment = Network Logon Service\n"
956
" path = /srv/samba/netlogon\n"
957
" guest ok = yes\n"
958
" read only = yes\n"
959
" share modes = no\n"
960
msgstr ""
961
962
#: serverguide/C/windows-networking.xml:866(para)
963
msgid ""
964
"The original <emphasis>netlogon</emphasis> share path is "
965
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
966
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
967
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
968
"location for site-specific data provided by the system."
969
msgstr ""
970
971
#: serverguide/C/windows-networking.xml:877(para)
972
msgid ""
973
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
974
"and an empty (for now) <filename>logon.cmd</filename> script file:"
975
msgstr ""
976
977
#: serverguide/C/windows-networking.xml:883(command)
978
msgid "sudo mkdir -p /srv/samba/netlogon"
979
msgstr ""
980
981
#: serverguide/C/windows-networking.xml:884(command)
982
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
983
msgstr ""
984
985
#: serverguide/C/windows-networking.xml:887(para)
986
msgid ""
987
"You can enter any normal Windows logon script commands in "
988
"<filename>logon.cmd</filename> to customize the client's environment."
989
msgstr ""
990
991
#: serverguide/C/windows-networking.xml:895(para)
992
msgid ""
993
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
994
"workstation to the domain, a system group needs to be mapped to the Windows "
995
"<emphasis>Domain Admins</emphasis> group. Using the "
996
"<application>net</application> utility, from a terminal enter:"
997
msgstr ""
998
999
#: serverguide/C/windows-networking.xml:902(command)
1000
msgid ""
1001
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1002
"type=d"
1003
msgstr ""
1004
1005
#: serverguide/C/windows-networking.xml:906(para)
1006
msgid ""
1007
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1008
"prefer. Also, the user used to join the domain needs to be a member of the "
1009
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1010
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1011
"allows <application>sudo</application> use."
1012
msgstr ""
1013
1014
#: serverguide/C/windows-networking.xml:917(para)
1015
msgid "Finally, restart Samba to enable the new domain controller:"
1016
msgstr ""
1017
1018
#: serverguide/C/windows-networking.xml:928(para)
1019
msgid ""
1020
"You should now be able to join Windows clients to the Domain in the same "
1021
"manner as joining them to an NT4 domain running on a Windows server."
1022
msgstr ""
1023
1024
#: serverguide/C/windows-networking.xml:938(title)
1025
msgid "Backup Domain Controller"
1026
msgstr ""
1027
1028
#: serverguide/C/windows-networking.xml:940(para)
1029
msgid ""
1030
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1031
"Backup Domain Controller (BDC) as well. This will allow clients to "
1032
"authenticate in case the PDC becomes unavailable."
1033
msgstr ""
1034
1035
#: serverguide/C/windows-networking.xml:945(para)
1036
msgid ""
1037
"When configuring Samba as a BDC you need a way to sync account information "
1038
"with the PDC. There are multiple ways of accomplishing this "
1039
"<application>scp</application>, <application>rsync</application>, or by "
1040
"using <application>LDAP</application> as the <emphasis>passdb "
1041
"backend</emphasis>."
1042
msgstr ""
1043
1044
#: serverguide/C/windows-networking.xml:951(para)
1045
msgid ""
1046
"Using LDAP is the most robust way to sync account information, because both "
1047
"domain controllers can use the same information in real time. However, "
1048
"setting up a LDAP server may be overly complicated for a small number of "
1049
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1050
msgstr ""
1051
1052
#: serverguide/C/windows-networking.xml:960(para)
1053
msgid ""
1054
"First, install <application>samba</application> and <application>libpam-"
1055
"smbpass</application>. From a terminal enter:"
1056
msgstr ""
1057
1058
#: serverguide/C/windows-networking.xml:971(para)
1059
msgid ""
1060
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1061
"following in the <emphasis>[global]</emphasis>:"
1062
msgstr ""
1063
1064
#: serverguide/C/windows-networking.xml:984(para)
1065
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1066
msgstr ""
1067
1068
#: serverguide/C/windows-networking.xml:988(programlisting)
1069
#, no-wrap
1070
msgid ""
1071
"\n"
1072
" domain logons = yes\n"
1073
" domain master = no\n"
1074
msgstr ""
1075
1076
#: serverguide/C/windows-networking.xml:996(para)
1077
msgid ""
1078
"Make sure a user has rights to read the files in "
1079
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1080
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1081
"files, enter:"
1082
msgstr ""
1083
1084
#: serverguide/C/windows-networking.xml:1002(command)
1085
msgid "sudo chgrp -R admin /var/lib/samba"
1086
msgstr ""
1087
1088
#: serverguide/C/windows-networking.xml:1008(para)
1089
msgid ""
1090
"Next, sync the user accounts, using <application>scp</application> to copy "
1091
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1092
msgstr ""
1093
1094
#: serverguide/C/windows-networking.xml:1014(command)
1095
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1096
msgstr ""
1097
1098
#: serverguide/C/windows-networking.xml:1018(para)
1099
msgid ""
1100
"Replace <emphasis>username</emphasis> with a valid username and "
1101
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1102
msgstr ""
1103
1104
#: serverguide/C/windows-networking.xml:1027(para)
1105
msgid "Finally, restart <application>samba</application>:"
1106
msgstr ""
1107
1108
#: serverguide/C/windows-networking.xml:1038(para)
1109
msgid ""
1110
"You can test that your Backup Domain controller is working by stopping the "
1111
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1112
"the domain."
1113
msgstr ""
1114
1115
#: serverguide/C/windows-networking.xml:1043(para)
1116
msgid ""
1117
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1118
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1119
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1120
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1121
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1122
msgstr ""
1123
1124
#: serverguide/C/windows-networking.xml:1073(para)
1125
msgid ""
1126
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1127
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1128
"up a Primary Domain Controller."
1129
msgstr ""
1130
1131
#: serverguide/C/windows-networking.xml:1079(para)
1132
msgid ""
1133
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1134
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1135
"explains setting up a Backup Domain Controller."
1136
msgstr ""
1137
1138
#: serverguide/C/windows-networking.xml:1089(title)
1139
msgid "Samba Active Directory Integration"
1140
msgstr ""
1141
1142
#: serverguide/C/windows-networking.xml:1092(title)
1143
msgid "Accessing a Samba Share"
1144
msgstr ""
1145
1146
#: serverguide/C/windows-networking.xml:1094(para)
1147
msgid ""
1148
"Another, use for Samba is to integrate into an existing Windows network. "
1149
"Once part of an Active Directory domain, Samba can provide file and print "
1150
"services to AD users."
1151
msgstr ""
1152
1153
#: serverguide/C/windows-networking.xml:1099(para)
1154
msgid ""
1155
"The simplest way to join an AD domain is to use <application>Likewise-"
1156
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1157
"open\"/>."
1158
msgstr ""
1159
1160
#: serverguide/C/windows-networking.xml:1104(para)
1161
msgid "Once part of the domain, install the following packages:"
1162
msgstr ""
1163
1164
#: serverguide/C/windows-networking.xml:1109(command)
1165
msgid "sudo apt-get install samba smbfs smbclient"
1166
msgstr ""
1167
1168
#: serverguide/C/windows-networking.xml:1112(para)
1169
msgid ""
1170
"Since the <application>likewise-open</application> and "
1171
"<application>samba</application> packages use separate "
1172
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1173
"<filename role=\"directory\">/var/lib/samba</filename>:"
1174
msgstr ""
1175
1176
#: serverguide/C/windows-networking.xml:1118(command)
1177
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1178
msgstr ""
1179
1180
#: serverguide/C/windows-networking.xml:1119(command)
1181
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1182
msgstr ""
1183
1184
#: serverguide/C/windows-networking.xml:1122(para)
1185
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1186
msgstr ""
1187
1188
#: serverguide/C/windows-networking.xml:1126(programlisting)
1189
#, no-wrap
1190
msgid ""
1191
"\n"
1192
" workgroup = EXAMPLE\n"
1193
" ...\n"
1194
" security = ads\n"
1195
" realm = EXAMPLE.COM\n"
1196
" ...\n"
1197
" idmap backend = lwopen\n"
1198
" idmap uid = 50-9999999999\n"
1199
" idmap gid = 50-9999999999\n"
1200
msgstr ""
1201
1202
#: serverguide/C/windows-networking.xml:1137(para)
1203
msgid ""
1204
"Restart <application>samba</application> for the new settings to take effect:"
1205
msgstr ""
1206
1207
#: serverguide/C/windows-networking.xml:1145(para)
1208
msgid ""
1209
"You should now be able to access any <application>Samba</application> shares "
1210
"from a Windows client. However, be sure to give the appropriate AD users or "
1211
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1212
"security\"/> for more details."
1213
msgstr ""
1214
1215
#: serverguide/C/windows-networking.xml:1153(title)
1216
msgid "Accessing a Windows Share"
1217
msgstr ""
1218
1219
#: serverguide/C/windows-networking.xml:1155(para)
1220
msgid ""
1221
"Now that the Samba server is part of the Active Directory domain you can "
1222
"access any Windows server shares:"
1223
msgstr ""
1224
1225
#: serverguide/C/windows-networking.xml:1162(para)
1226
msgid ""
1227
"To mount a Windows file share enter the following in a terminal prompt:"
1228
msgstr ""
1229
1230
#: serverguide/C/windows-networking.xml:1166(command)
1231
msgid "mount.cifs //fs01.example.com/share mount_point"
1232
msgstr ""
1233
1234
#: serverguide/C/windows-networking.xml:1169(para)
1235
msgid ""
1236
"It is also possible to access shares on computers not part of an AD domain, "
1237
"but a username and password will need to be provided."
1238
msgstr ""
1239
1240
#: serverguide/C/windows-networking.xml:1177(para)
1241
msgid ""
1242
"To mount the share during boot place an entry in "
1243
"<filename>/etc/fstab</filename>, for example:"
1244
msgstr ""
1245
1246
#: serverguide/C/windows-networking.xml:1181(programlisting)
1247
#, no-wrap
1248
msgid ""
1249
"\n"
1250
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1251
"0 0\n"
1252
msgstr ""
1253
1254
#: serverguide/C/windows-networking.xml:1188(para)
1255
msgid ""
1256
"Another way to copy files from a Windows server is to use the "
1257
"<application>smbclient</application> utility. To list the files in a Windows "
1258
"share:"
1259
msgstr ""
1260
1261
#: serverguide/C/windows-networking.xml:1194(command)
1262
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1263
msgstr ""
1264
1265
#: serverguide/C/windows-networking.xml:1200(para)
1266
msgid "To copy a file from the share, enter:"
1267
msgstr ""
1268
1269
#: serverguide/C/windows-networking.xml:1205(command)
1270
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1271
msgstr ""
1272
1273
#: serverguide/C/windows-networking.xml:1208(para)
1274
msgid ""
1275
"This will copy the <filename>file.txt</filename> into the current directory."
1276
msgstr ""
1277
1278
#: serverguide/C/windows-networking.xml:1215(para)
1279
msgid "And to copy a file to the share:"
1280
msgstr ""
1281
1282
#: serverguide/C/windows-networking.xml:1220(command)
1283
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1284
msgstr ""
1285
1286
#: serverguide/C/windows-networking.xml:1223(para)
1287
msgid ""
1288
"This will copy the <filename>/etc/hosts</filename> to "
1289
"<filename>//fs01.example.com/share/hosts</filename>."
1290
msgstr ""
1291
1292
#: serverguide/C/windows-networking.xml:1230(para)
1293
msgid ""
1294
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1295
"<application>smbclient</application> command all at once. This is useful for "
1296
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1297
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1298
"and directory commands, simply execute:"
1299
msgstr ""
1300
1301
#: serverguide/C/windows-networking.xml:1237(command)
1302
msgid "smbclient //fs01.example.com/share -k"
1303
msgstr ""
1304
1305
#: serverguide/C/windows-networking.xml:1244(para)
1306
msgid ""
1307
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1308
"<emphasis>//192.168.0.5/share</emphasis>, "
1309
"<emphasis>username=steve,password=secret</emphasis>, and "
1310
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1311
"file name, and an actual username and password with rights to the share."
1312
msgstr ""
1313
1314
#: serverguide/C/windows-networking.xml:1255(para)
1315
msgid ""
1316
"For more <application>smbclient</application> options see the man page: "
1317
"<command>man smbclient</command>, also available <ulink "
1318
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1319
"nline</ulink>."
1320
msgstr ""
1321
1322
#: serverguide/C/windows-networking.xml:1260(para)
1323
msgid ""
1324
"The <application>mount.cifs</application><ulink "
1325
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1326
"man page</ulink> is also useful for more detailed information."
1327
msgstr ""
1328
1329
#: serverguide/C/windows-networking.xml:1270(title)
1330
msgid "Likewise Open"
1331
msgstr ""
1332
1333
#: serverguide/C/windows-networking.xml:1272(para)
1334
msgid ""
1335
"<application>Likewise Open</application> simplifies the necessary "
1336
"configuration needed to authenticate a Linux machine to an Active Directory "
1337
"domain. Based on <application>winbind</application>, the "
1338
"<application>likewise-open</application> package takes the pain out of "
1339
"integrating Ubuntu authentication into an existing Windows network."
1340
msgstr ""
1341
1342
#: serverguide/C/windows-networking.xml:1281(para)
1343
msgid ""
1344
"There are two ways to use Likewise Open, <application>likewise-"
1345
"open</application> the command line utility and <application>likewise-open-"
1346
"gui</application>. This section focuses on the command line utility."
1347
msgstr ""
1348
1349
#: serverguide/C/windows-networking.xml:1286(para)
1350
msgid ""
1351
"To install the <application>likewise-open</application> package, open a "
1352
"terminal prompt and enter:"
1353
msgstr ""
1354
1355
#: serverguide/C/windows-networking.xml:1291(command)
1356
msgid "sudo apt-get install likewise-open"
1357
msgstr ""
1358
1359
#: serverguide/C/windows-networking.xml:1294(para)
1360
msgid ""
1361
"With Ubuntu 9.04 <application>Likewise Open 5.0</application> is available "
1362
"in the <emphasis>Universe</emphasis> repository. However, since upgrading "
1363
"from <application>Likewise Open 4.1</application> currently requires the "
1364
"system to leave the domain and re-join, a separate package for version five "
1365
"was created."
1366
msgstr ""
1367
1368
#: serverguide/C/windows-networking.xml:1300(para)
1369
msgid "To install <application>Likewise Open 5.0</application> enter:"
1370
msgstr ""
1371
1372
#: serverguide/C/windows-networking.xml:1305(command)
1373
msgid "sudo apt-get install likewise-open5"
1374
msgstr ""
1375
1376
#: serverguide/C/windows-networking.xml:1309(para)
1377
msgid ""
1378
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1379
"will replace it. You will have to rejoin the domain after install."
1380
msgstr ""
1381
1382
#: serverguide/C/windows-networking.xml:1317(title)
1383
msgid "Joining a Domain"
1384
msgstr ""
1385
1386
#: serverguide/C/windows-networking.xml:1319(para)
1387
msgid ""
1388
"The main executable file of the <application>likewise-open</application> "
1389
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1390
"join your computer to the domain. Before you join a domain you will need to "
1391
"make sure you have:"
1392
msgstr ""
1393
1394
#: serverguide/C/windows-networking.xml:1327(para)
1395
msgid ""
1396
"Access to an Active Directory user with appropriate rights to join the "
1397
"domain."
1398
msgstr ""
1399
1400
#: serverguide/C/windows-networking.xml:1332(para)
1401
msgid ""
1402
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1403
"you want to join. If your AD domain does not match a valid domain such as "
1404
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1405
"the form of <emphasis>domainname.local</emphasis>."
1406
msgstr ""
1407
1408
#: serverguide/C/windows-networking.xml:1339(para)
1409
msgid ""
1410
"DNS for the domain setup properly. In a production AD environment this "
1411
"should be the case. Proper Microsoft DNS is needed so that client "
1412
"workstations can determine the Active Directory domain is available."
1413
msgstr ""
1414
1415
#: serverguide/C/windows-networking.xml:1343(para)
1416
msgid ""
1417
"If you don't have a Windows DNS server on your network, see <xref "
1418
"linkend=\"likewise-open-ms-dns\"/> for details."
1419
msgstr ""
1420
1421
#: serverguide/C/windows-networking.xml:1350(para)
1422
msgid "To join a domain, from a terminal prompt enter:"
1423
msgstr ""
1424
1425
#: serverguide/C/windows-networking.xml:1355(command)
1426
msgid "sudo domainjoin-cli join example.com Administrator"
1427
msgstr ""
1428
1429
#: serverguide/C/windows-networking.xml:1359(para)
1430
msgid ""
1431
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1432
"<emphasis>Administrator</emphasis> with the appropriate user name."
1433
msgstr ""
1434
1435
#: serverguide/C/windows-networking.xml:1365(para)
1436
msgid ""
1437
"You will then be prompted for the user's password. If all goes well a "
1438
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1439
msgstr ""
1440
1441
#: serverguide/C/windows-networking.xml:1371(para)
1442
msgid ""
1443
"After joining the domain, it is necessary to reboot before attempting to "
1444
"authenticate against the domain."
1445
msgstr ""
1446
1447
#: serverguide/C/windows-networking.xml:1377(para)
1448
msgid ""
1449
"After successfully joining an Ubuntu machine to an Active Directory domain "
1450
"you can authenticate using any valid AD user. To login you will need to "
1451
"enter the user name as 'domain\\username'. For example to ssh to a server "
1452
"joined to the domain enter:"
1453
msgstr ""
1454
1455
#: serverguide/C/windows-networking.xml:1384(command)
1456
msgid "ssh 'example\\steve'@hostname"
1457
msgstr ""
1458
1459
#: serverguide/C/windows-networking.xml:1388(para)
1460
msgid ""
1461
"If configuring a Desktop the user name will need to be prefixed with "
1462
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1463
msgstr ""
1464
1465
#: serverguide/C/windows-networking.xml:1394(para)
1466
msgid ""
1467
"To make likewise-open use a default domain, you can add the following "
1468
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1469
msgstr ""
1470
1471
#: serverguide/C/windows-networking.xml:1398(programlisting)
1472
#, no-wrap
1473
msgid ""
1474
"\n"
1475
"winbind use default domain = yes\n"
1476
msgstr ""
1477
1478
#: serverguide/C/windows-networking.xml:1402(para)
1479
msgid "Then restart the <application>likewise-open</application> daemons:"
1480
msgstr ""
1481
1482
#: serverguide/C/windows-networking.xml:1407(command)
1483
msgid "sudo /etc/init.d/likewise-open restart"
1484
msgstr ""
1485
1486
#: serverguide/C/windows-networking.xml:1411(para)
1487
msgid ""
1488
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1489
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1490
"using only their username."
1491
msgstr ""
1492
1493
#: serverguide/C/windows-networking.xml:1417(para)
1494
msgid ""
1495
"The <application>domainjoin-cli</application> utility can also be used to "
1496
"leave the domain. From a terminal:"
1497
msgstr ""
1498
1499
#: serverguide/C/windows-networking.xml:1422(command)
1500
msgid "sudo domainjoin-cli leave"
1501
msgstr ""
1502
1503
#: serverguide/C/windows-networking.xml:1427(title) serverguide/C/security.xml:1830(title)
1504
msgid "Other Utilities"
1505
msgstr ""
1506
1507
#: serverguide/C/windows-networking.xml:1429(para)
1508
msgid ""
1509
"The <application>likewise-open</application> package comes with a few other "
1510
"utilities that may be useful for gathering information about the Active "
1511
"Directory environment. These utilities are used to join the machine to the "
1512
"domain, and are the same as those available in the <application>samba-"
1513
"common</application> and <application>winbind</application> packages:"
1514
msgstr ""
1515
1516
#: serverguide/C/windows-networking.xml:1438(para)
1517
msgid ""
1518
"<application>lwinet</application>: Returns information about the network and "
1519
"the domain."
1520
msgstr ""
1521
1522
#: serverguide/C/windows-networking.xml:1443(para)
1523
msgid ""
1524
"<application>lwimsg</application>: Allows interaction with the "
1525
"<application>likewise-winbindd</application> daemon."
1526
msgstr ""
1527
1528
#: serverguide/C/windows-networking.xml:1448(para)
1529
msgid ""
1530
"<application>lwiinfo</application>: Displays information about various parts "
1531
"of the Domain."
1532
msgstr ""
1533
1534
#: serverguide/C/windows-networking.xml:1454(para)
1535
msgid "Please refer to each utility's man page specific for details."
1536
msgstr ""
1537
1538
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:336(title) serverguide/C/mail.xml:1563(title) serverguide/C/dns.xml:338(title)
1539
msgid "Troubleshooting"
1540
msgstr ""
1541
1542
#: serverguide/C/windows-networking.xml:1464(para)
1543
msgid ""
1544
"If the client has trouble joining the domain, double check that the "
1545
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1546
"example:"
1547
msgstr ""
1548
1549
#: serverguide/C/windows-networking.xml:1469(programlisting)
1550
#, no-wrap
1551
msgid ""
1552
"\n"
1553
"nameserver 192.168.0.1\n"
1554
msgstr ""
1555
1556
#: serverguide/C/windows-networking.xml:1474(para)
1557
msgid ""
1558
"For more information when joining a domain, use the <emphasis>--loglevel "
1559
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1560
"<application>domainjoin-cli</application> utility:"
1561
msgstr ""
1562
1563
#: serverguide/C/windows-networking.xml:1480(command)
1564
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1565
msgstr ""
1566
1567
#: serverguide/C/windows-networking.xml:1484(para)
1568
msgid ""
1569
"If an Active Directory user has trouble logging in, check the "
1570
"<filename>/var/log/auth.log</filename> for details."
1571
msgstr ""
1572
1573
#: serverguide/C/windows-networking.xml:1489(para)
1574
msgid ""
1575
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1576
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1577
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1578
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1579
"option. For example:"
1580
msgstr ""
1581
1582
#: serverguide/C/windows-networking.xml:1495(programlisting)
1583
#, no-wrap
1584
msgid ""
1585
"\n"
1586
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1587
msgstr ""
1588
1589
#: serverguide/C/windows-networking.xml:1499(para)
1590
msgid "Change the above to:"
1591
msgstr ""
1592
1593
#: serverguide/C/windows-networking.xml:1503(programlisting)
1594
#, no-wrap
1595
msgid ""
1596
"\n"
1597
"hosts: files dns [NOTFOUND=return]\n"
1598
msgstr ""
1599
1600
#: serverguide/C/windows-networking.xml:1507(para)
1601
msgid "Then restart networking by entering:"
1602
msgstr ""
1603
1604
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1605
msgid "sudo /etc/init.d/networking restart"
1606
msgstr ""
1607
1608
#: serverguide/C/windows-networking.xml:1515(para)
1609
msgid "You should now be able to join the Active Directory domain."
1610
msgstr ""
1611
1612
#: serverguide/C/windows-networking.xml:1523(title)
1613
msgid "Microsoft DNS"
1614
msgstr ""
1615
1616
#: serverguide/C/windows-networking.xml:1525(para)
1617
msgid ""
1618
"The following are instructions for installing DNS on an Active Directory "
1619
"domain controller running Windows Server 2003, but the instructions should "
1620
"be similar for other versions:"
1621
msgstr ""
1622
1623
#: serverguide/C/windows-networking.xml:1532(para)
1624
msgid ""
1625
"Click "
1626
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1627
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1628
"This will open the <application>Server Role Mangement</application> utility."
1629
msgstr ""
1630
1631
#: serverguide/C/windows-networking.xml:1540(para)
1632
msgid "Click Add or remove a role"
1633
msgstr ""
1634
1635
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1636
msgid "Click Next"
1637
msgstr ""
1638
1639
#: serverguide/C/windows-networking.xml:1542(para)
1640
msgid "Select \"DNS Server\""
1641
msgstr ""
1642
1643
#: serverguide/C/windows-networking.xml:1544(para)
1644
msgid "Next"
1645
msgstr ""
1646
1647
#: serverguide/C/windows-networking.xml:1545(para)
1648
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1649
msgstr ""
1650
1651
#: serverguide/C/windows-networking.xml:1547(para)
1652
msgid ""
1653
"Make sure \"This server maintains the zone\" is selected and click Next."
1654
msgstr ""
1655
1656
#: serverguide/C/windows-networking.xml:1548(para)
1657
msgid "Enter your domain name and click Next"
1658
msgstr ""
1659
1660
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1661
msgid "Click Next to \"Allow only secure dynamic updates\""
1662
msgstr ""
1663
1664
#: serverguide/C/windows-networking.xml:1552(para)
1665
msgid ""
1666
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1667
"should not forward queries\" and click Next."
1668
msgstr ""
1669
1670
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1671
msgid "Click Finish"
1672
msgstr ""
1673
1674
#: serverguide/C/windows-networking.xml:1559(para)
1675
msgid ""
1676
"DNS is now installed and can be further configured using the "
1677
"<application>Microsoft Management Console</application> DNS snap-in."
1678
msgstr ""
1679
1680
#: serverguide/C/windows-networking.xml:1567(para)
1681
msgid "Click Start"
1682
msgstr ""
1683
1684
#: serverguide/C/windows-networking.xml:1568(para)
1685
msgid "Control Panel"
1686
msgstr ""
1687
1688
#: serverguide/C/windows-networking.xml:1569(para)
1689
msgid "Network Connections"
1690
msgstr ""
1691
1692
#: serverguide/C/windows-networking.xml:1570(para)
1693
msgid "Right Click \"Local Area Connection\""
1694
msgstr ""
1695
1696
#: serverguide/C/windows-networking.xml:1571(para)
1697
msgid "Click Properties"
1698
msgstr ""
1699
1700
#: serverguide/C/windows-networking.xml:1572(para)
1701
msgid "Double click \"Internet Protocol (TCP/IP)\""
1702
msgstr ""
1703
1704
#: serverguide/C/windows-networking.xml:1573(para)
1705
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1706
msgstr ""
1707
1708
#: serverguide/C/windows-networking.xml:1574(para)
1709
msgid "Click Ok"
1710
msgstr ""
1711
1712
#: serverguide/C/windows-networking.xml:1575(para)
1713
msgid "Click Ok again to save the settings"
1714
msgstr ""
1715
1716
#: serverguide/C/windows-networking.xml:1564(para)
1717
msgid ""
1718
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1719
msgstr ""
1720
1721
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1722
msgid "References"
1723
msgstr ""
1724
1725
#: serverguide/C/windows-networking.xml:1584(para)
1726
msgid ""
1727
"Please refer to the <ulink "
1728
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1729
"further information."
1730
msgstr ""
1731
1732
#: serverguide/C/windows-networking.xml:1588(para)
1733
msgid ""
1734
"For more <application>domainjoin-cli</application> options see the man page: "
1735
"<command>man domainjoin-cli</command>."
1736
msgstr ""
1737
1738
#: serverguide/C/web-servers.xml:13(title)
1739
msgid "Web Servers"
1740
msgstr ""
1741
1742
#: serverguide/C/web-servers.xml:14(para)
1743
msgid ""
1744
"A Web server is a software responsible for accepting HTTP requests from "
1745
"clients, which are known as Web browsers, and serving them HTTP responses "
1746
"along with optional data contents, which usually are Web pages such as HTML "
1747
"documents and linked objects (images, etc.)."
1748
msgstr ""
1749
1750
#: serverguide/C/web-servers.xml:19(title)
1751
msgid "HTTPD - Apache2 Web Server"
1752
msgstr ""
1753
1754
#: serverguide/C/web-servers.xml:20(para)
1755
msgid ""
1756
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1757
"are used to serve Web Pages requested by client computers. Clients typically "
1758
"request and view Web Pages using Web Browser applications such as "
1759
"<application>Firefox</application>, <application>Opera</application>, or "
1760
"<application>Mozilla</application>."
1761
msgstr ""
1762
1763
#: serverguide/C/web-servers.xml:24(para)
1764
msgid ""
1765
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1766
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1767
"resource. For example, to view the home page of the <ulink "
1768
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1769
"the FQDN. To request specific information about <ulink "
1770
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1771
"enter the FQDN followed by a path."
1772
msgstr ""
1773
1774
#: serverguide/C/web-servers.xml:29(para)
1775
msgid ""
1776
"The most common protocol used to transfer Web pages is the Hyper Text "
1777
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1778
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1779
"protocol for uploading and downloading files, are also supported."
1780
msgstr ""
1781
1782
#: serverguide/C/web-servers.xml:33(para)
1783
msgid ""
1784
"Apache Web Servers are often used in combination with the "
1785
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1786
"(<application>PHP</application>) scripting language, and other popular "
1787
"scripting languages such as <application>Python</application> and "
1788
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1789
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1790
"for the development and deployment of Web-based applications."
1791
msgstr ""
1792
1793
#: serverguide/C/web-servers.xml:42(para)
1794
msgid ""
1795
"The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
1796
msgstr ""
1797
1798
#: serverguide/C/web-servers.xml:48(para)
1799
msgid "At a terminal prompt enter the following command:"
1800
msgstr ""
1801
1802
#: serverguide/C/web-servers.xml:53(command)
1803
msgid "sudo apt-get install apache2"
1804
msgstr ""
1805
1806
#: serverguide/C/web-servers.xml:63(para)
1807
msgid ""
1808
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1809
"text configuration files. The configuration files are separated between the "
1810
"following files and directories:"
1811
msgstr ""
1812
1813
#: serverguide/C/web-servers.xml:71(para)
1814
msgid ""
1815
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1816
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1817
msgstr ""
1818
1819
#: serverguide/C/web-servers.xml:77(para)
1820
msgid ""
1821
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1822
"<emphasis>globally</emphasis> to Apache. Other packages that use Apache2 to "
1823
"serve content may add files, or symlinks, to this directory."
1824
msgstr ""
1825
1826
#: serverguide/C/web-servers.xml:83(para)
1827
msgid ""
1828
"<emphasis>envvars:</emphasis> file where Apache2 "
1829
"<emphasis>environment</emphasis> variables are set."
1830
msgstr ""
1831
1832
#: serverguide/C/web-servers.xml:88(para)
1833
msgid ""
1834
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1835
"file, named after the <application>httpd</application> daemon. The file can "
1836
"be used for <emphasis>user specific</emphasis> configuration options that "
1837
"globally effect Apache2."
1838
msgstr ""
1839
1840
#: serverguide/C/web-servers.xml:95(para)
1841
msgid ""
1842
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1843
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1844
"modules will have specific configuration files, however."
1845
msgstr ""
1846
1847
#: serverguide/C/web-servers.xml:101(para)
1848
msgid ""
1849
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1850
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1851
"configuration file is symlinked it will be enabled the next time "
1852
"<application>apache2</application> is restarted."
1853
msgstr ""
1854
1855
#: serverguide/C/web-servers.xml:108(para)
1856
msgid ""
1857
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1858
"TCP ports Apache2 is listening on."
1859
msgstr ""
1860
1861
#: serverguide/C/web-servers.xml:113(para)
1862
msgid ""
1863
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1864
"for Apache <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1865
"to be configured for multiple sites that have separate configurations."
1866
msgstr ""
1867
1868
#: serverguide/C/web-servers.xml:119(para)
1869
msgid ""
1870
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1871
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1872
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1873
"a configuration file in sites-available is symlinked it will be active once "
1874
"Apache is restarted."
1875
msgstr ""
1876
1877
#: serverguide/C/web-servers.xml:127(para)
1878
msgid ""
1879
"In addition, other configuration files may be added using the "
1880
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1881
"many configuration files. Any directive may be placed in any of these "
1882
"configuration files. Changes to the main configuration files are only "
1883
"recognized by Apache2 when it is started or restarted."
1884
msgstr ""
1885
1886
#: serverguide/C/web-servers.xml:136(para)
1887
msgid ""
1888
"The server also reads a file containing mime document types; the filename is "
1889
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1890
"<filename>/etc/mime.types</filename> by default."
1891
msgstr ""
1892
1893
#: serverguide/C/web-servers.xml:141(title)
1894
msgid "Basic Settings"
1895
msgstr ""
1896
1897
#: serverguide/C/web-servers.xml:142(para)
1898
msgid ""
1899
"This section explains Apache2 server essential configuration parameters. "
1900
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1901
"Documentation</ulink> for more details."
1902
msgstr ""
1903
1904
#: serverguide/C/web-servers.xml:150(para)
1905
msgid ""
1906
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1907
"it is configured with a single default virtual host (using the "
1908
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1909
"if you have a single site, or used as a template for additional virtual "
1910
"hosts if you have multiple sites. If left alone, the default virtual host "
1911
"will serve as your default site, or the site users will see if the URL they "
1912
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1913
"your custom sites. To modify the default virtual host, edit the file "
1914
"<filename>/etc/apache2/sites-available/default</filename>."
1915
msgstr ""
1916
1917
#: serverguide/C/web-servers.xml:163(para)
1918
msgid ""
1919
"The directives set for a virtual host only apply to that particular virtual "
1920
"host. If a directive is set server-wide and not defined within the virtual "
1921
"host settings, the default setting is used. For example, you can define a "
1922
"Webmaster email address and not define individual email addresses for each "
1923
"virtual host."
1924
msgstr ""
1925
1926
#: serverguide/C/web-servers.xml:171(para)
1927
msgid ""
1928
"If you wish to configure a new virtual host or site, copy that file into the "
1929
"same directory with a name you choose. For example:"
1930
msgstr ""
1931
1932
#: serverguide/C/web-servers.xml:177(command)
1933
msgid ""
1934
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1935
"available/mynewsite"
1936
msgstr ""
1937
1938
#: serverguide/C/web-servers.xml:180(para)
1939
msgid ""
1940
"Edit the new file to configure the new site using some of the directives "
1941
"described below."
1942
msgstr ""
1943
1944
#: serverguide/C/web-servers.xml:187(para)
1945
msgid ""
1946
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1947
"to be advertised for the server's administrator. The default value is "
1948
"webmaster@localhost. This should be changed to an email address that is "
1949
"delivered to you (if you are the server's administrator). If your website "
1950
"has a problem, Apache2 will display an error message containing this email "
1951
"address to report the problem to. Find this directive in your site's "
1952
"configuration file in /etc/apache2/sites-available."
1953
msgstr ""
1954
1955
#: serverguide/C/web-servers.xml:198(para)
1956
msgid ""
1957
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1958
"the IP address, Apache2 should listen on. If the IP address is not "
1959
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1960
"it runs on. The default value for the Listen directive is 80. Change this to "
1961
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1962
"that it will not be available to the Internet, to (for example) 81 to change "
1963
"the port that it listens on, or leave it as is for normal operation. This "
1964
"directive can be found and changed in its own file, "
1965
"<filename>/etc/apache2/ports.conf</filename>"
1966
msgstr ""
1967
1968
#: serverguide/C/web-servers.xml:211(para)
1969
msgid ""
1970
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1971
"FQDN your site should answer to. The default virtual host has no ServerName "
1972
"directive specified, so it will respond to all requests that do not match a "
1973
"ServerName directive in another virtual host. If you have just acquired the "
1974
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1975
"value of the ServerName directive in your virtual host configuration file "
1976
"should be ubunturocks.com. Add this directive to the new virtual host file "
1977
"you created earlier (<filename>/etc/apache2/sites-"
1978
"available/mynewsite</filename>)."
1979
msgstr ""
1980
1981
#: serverguide/C/web-servers.xml:223(para)
1982
msgid ""
1983
"You may also want your site to respond to www.ubunturocks.com, since many "
1984
"users will assume the www prefix is appropriate. Use the "
1985
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
1986
"wildcards in the ServerAlias directive."
1987
msgstr ""
1988
1989
#: serverguide/C/web-servers.xml:230(para)
1990
msgid ""
1991
"For example, the following configuration will cause your site to respond to "
1992
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
1993
msgstr ""
1994
1995
#: serverguide/C/web-servers.xml:236(programlisting)
1996
#, no-wrap
1997
msgid ""
1998
"\n"
1999
"ServerAlias *.ubunturocks.com\n"
2000
msgstr ""
2001
2002
#: serverguide/C/web-servers.xml:242(para)
2003
msgid ""
2004
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache "
2005
"should look for the files that make up the site. The default value is "
2006
"/var/www. No site is configured there, but if you uncomment the "
2007
"<emphasis>RedirectMatch</emphasis> directive in "
2008
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2009
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2010
"this value in your site's virtual host file, and remember to create that "
2011
"directory if necessary!"
2012
msgstr ""
2013
2014
#: serverguide/C/web-servers.xml:254(para)
2015
msgid ""
2016
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2017
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2018
"enabled point to \"available\" sites."
2019
msgstr ""
2020
2021
#: serverguide/C/web-servers.xml:260(para)
2022
msgid ""
2023
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2024
"<application>a2ensite</application> utility and restart Apache:"
2025
msgstr ""
2026
2027
#: serverguide/C/web-servers.xml:266(command)
2028
msgid "sudo a2ensite mynewsite"
2029
msgstr ""
2030
2031
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:904(command) serverguide/C/lamp-applications.xml:228(command)
2032
msgid "sudo /etc/init.d/apache2 restart"
2033
msgstr ""
2034
2035
#: serverguide/C/web-servers.xml:271(para)
2036
msgid ""
2037
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2038
"name for the VirtualHost. One method is to name the file after the "
2039
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2040
msgstr ""
2041
2042
#: serverguide/C/web-servers.xml:278(para)
2043
msgid ""
2044
"Similarly, use the <application>a2dissite</application> utility to disable "
2045
"sites. This is can be useful when troubleshooting configuration problems "
2046
"with multiple VirtualHosts:"
2047
msgstr ""
2048
2049
#: serverguide/C/web-servers.xml:284(command)
2050
msgid "sudo a2dissite mynewsite"
2051
msgstr ""
2052
2053
#: serverguide/C/web-servers.xml:290(title)
2054
msgid "Default Settings"
2055
msgstr ""
2056
2057
#: serverguide/C/web-servers.xml:292(para)
2058
msgid ""
2059
"This section explains configuration of the Apache2 server default settings. "
2060
"For example, if you add a virtual host, the settings you configure for the "
2061
"virtual host take precedence for that virtual host. For a directive not "
2062
"defined within the virtual host settings, the default value is used."
2063
msgstr ""
2064
2065
#: serverguide/C/web-servers.xml:304(para)
2066
msgid ""
2067
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2068
"server when a user requests an index of a directory by specifying a forward "
2069
"slash (/) at the end of the directory name."
2070
msgstr ""
2071
2072
#: serverguide/C/web-servers.xml:311(para)
2073
msgid ""
2074
"For example, when a user requests the page "
2075
"http://www.example.com/this_directory/, he or she will get either the "
2076
"DirectoryIndex page if it exists, a server-generated directory list if it "
2077
"does not and the Indexes option is specified, or a Permission Denied page if "
2078
"neither is true. The server will try to find one of the files listed in the "
2079
"DirectoryIndex directive and will return the first one it finds. If it does "
2080
"not find any of these files and if Options Indexes is set for that "
2081
"directory, the server will generate and return a list, in HTML format, of "
2082
"the subdirectories and files in the directory. The default value, found in "
2083
"<filename>/etc/apache2/apache2.conf</filename> is \" index.html index.cgi "
2084
"index.pl index.php index.xhtml\". Thus, if Apache2 finds a file in a "
2085
"requested directory matching any of these names, the first will be displayed."
2086
msgstr ""
2087
2088
#: serverguide/C/web-servers.xml:332(para)
2089
msgid ""
2090
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2091
"file for Apache to use for specific error events. For example, if a user "
2092
"requests a resource that does not exist, a 404 error will occur, and per "
2093
"Apache2's default configuration, the file "
2094
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2095
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2096
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2097
"redirects requests to the /error directory to "
2098
"<filename>/usr/share/apache2/error/</filename>."
2099
msgstr ""
2100
2101
#: serverguide/C/web-servers.xml:344(para)
2102
msgid ""
2103
"To see a list of the default ErrorDocument directives, use this command:"
2104
msgstr ""
2105
2106
#: serverguide/C/web-servers.xml:350(command)
2107
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2108
msgstr ""
2109
2110
#: serverguide/C/web-servers.xml:355(para)
2111
msgid ""
2112
"By default, the server writes the transfer log to the file "
2113
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2114
"per-site basis in your virtual host configuration files with the "
2115
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2116
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2117
"specify the file to which errors are logged, via the "
2118
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2119
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2120
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2121
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2122
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2123
"/etc/apache2/apache2.conf</filename> for the default value)."
2124
msgstr ""
2125
2126
#: serverguide/C/web-servers.xml:370(para)
2127
msgid ""
2128
"Some options are specified on a per-directory basis rather than per-server. "
2129
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2130
"is enclosed in XML-like tags, like so:"
2131
msgstr ""
2132
2133
#: serverguide/C/web-servers.xml:376(programlisting)
2134
#, no-wrap
2135
msgid ""
2136
"\n"
2137
"<Directory /var/www/mynewsite>\n"
2138
"...\n"
2139
"</Directory>\n"
2140
msgstr ""
2141
2142
#: serverguide/C/web-servers.xml:382(para)
2143
msgid ""
2144
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2145
"one or more of the following values (among others), separated by spaces:"
2146
msgstr ""
2147
2148
#: serverguide/C/web-servers.xml:394(para)
2149
msgid ""
2150
"Most files should not be executed as CGI scripts. This would be very "
2151
"dangerous. CGI scripts should kept in a directory separate from and outside "
2152
"your DocumentRoot, and only this directory should have the ExecCGI option "
2153
"set. This is the default, and the default location for CGI scripts is "
2154
"<filename>/usr/lib/cgi-bin</filename>."
2155
msgstr ""
2156
2157
#: serverguide/C/web-servers.xml:389(para)
2158
msgid ""
2159
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2160
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2161
msgstr ""
2162
2163
#: serverguide/C/web-servers.xml:405(para)
2164
msgid ""
2165
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2166
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2167
"other files. This is not a common option. See <ulink "
2168
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2169
"HOWTO</ulink> for more information."
2170
msgstr ""
2171
2172
#: serverguide/C/web-servers.xml:414(para)
2173
msgid ""
2174
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2175
"includes, but disable the <emphasis>#exec</emphasis> and "
2176
"<emphasis>#include</emphasis> commands in CGI scripts."
2177
msgstr ""
2178
2179
#: serverguide/C/web-servers.xml:426(para)
2180
msgid ""
2181
"For security reasons, this should usually not be set, and certainly should "
2182
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2183
"per-directory basis only if you are certain you want users to see the entire "
2184
"contents of the directory."
2185
msgstr ""
2186
2187
#: serverguide/C/web-servers.xml:421(para)
2188
msgid ""
2189
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2190
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2191
"index.html) exists in the requested directory. <placeholder-1/>"
2192
msgstr ""
2193
2194
#: serverguide/C/web-servers.xml:436(para)
2195
msgid ""
2196
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2197
"multiviews; this option is disabled by default for security reasons. See the "
2198
"<ulink "
2199
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2200
"Apache2 documentation on this option</ulink>."
2201
msgstr ""
2202
2203
#: serverguide/C/web-servers.xml:444(para)
2204
msgid ""
2205
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2206
"symbolic links if the target file or directory has the same owner as the "
2207
"link."
2208
msgstr ""
2209
2210
#: serverguide/C/web-servers.xml:456(title)
2211
msgid "httpd Settings"
2212
msgstr ""
2213
2214
#: serverguide/C/web-servers.xml:458(para)
2215
msgid ""
2216
"This section explains some basic <application>httpd</application> daemon "
2217
"configuration settings."
2218
msgstr ""
2219
2220
#: serverguide/C/web-servers.xml:462(para)
2221
msgid ""
2222
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2223
"the path to the lockfile used when the server is compiled with either "
2224
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2225
"stored on the local disk. It should be left to the default value unless the "
2226
"logs directory is located on an NFS share. If this is the case, the default "
2227
"value should be changed to a location on the local disk and to a directory "
2228
"that is readable only by root."
2229
msgstr ""
2230
2231
#: serverguide/C/web-servers.xml:471(para)
2232
msgid ""
2233
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2234
"file in which the server records its process ID (pid). This file should only "
2235
"be readable by root. In most cases, it should be left to the default value."
2236
msgstr ""
2237
2238
#: serverguide/C/web-servers.xml:477(para)
2239
msgid ""
2240
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2241
"used by the server to answer requests. This setting determines the server's "
2242
"access. Any files inaccessible to this user will also be inaccessible to "
2243
"your website's visitors. The default value for User is www-data."
2244
msgstr ""
2245
2246
#: serverguide/C/web-servers.xml:484(para)
2247
msgid ""
2248
"Unless you know exactly what you are doing, do not set the User directive to "
2249
"root. Using root as the User will create large security holes for your Web "
2250
"server."
2251
msgstr ""
2252
2253
#: serverguide/C/web-servers.xml:490(para)
2254
msgid ""
2255
"The Group directive is similar to the User directive. Group sets the group "
2256
"under which the server will answer requests. The default group is also www-"
2257
"data."
2258
msgstr ""
2259
2260
#: serverguide/C/web-servers.xml:496(title)
2261
msgid "Apache Modules"
2262
msgstr ""
2263
2264
#: serverguide/C/web-servers.xml:498(para)
2265
msgid ""
2266
"Apache is a modular server. This implies that only the most basic "
2267
"functionality is included in the core server. Extended features are "
2268
"available through modules which can be loaded into Apache. By default, a "
2269
"base set of modules is included in the server at compile-time. If the server "
2270
"is compiled to use dynamically loaded modules, then modules can be compiled "
2271
"separately, and added at any time using the LoadModule directive. Otherwise, "
2272
"Apache must be recompiled to add or remove modules."
2273
msgstr ""
2274
2275
#: serverguide/C/web-servers.xml:510(para)
2276
msgid ""
2277
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2278
"Configuration directives may be conditionally included on the presence of a "
2279
"particular module by enclosing them in an "
2280
"<emphasis><IfModule></emphasis> block."
2281
msgstr ""
2282
2283
#: serverguide/C/web-servers.xml:517(para)
2284
msgid ""
2285
"You can install additional Apache2 modules and use them with your Web "
2286
"server. For example, run the following command from a terminal prompt to "
2287
"install the <emphasis>MySQL Authentication</emphasis> module:"
2288
msgstr ""
2289
2290
#: serverguide/C/web-servers.xml:524(command)
2291
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2292
msgstr ""
2293
2294
#: serverguide/C/web-servers.xml:527(para)
2295
msgid ""
2296
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2297
"additional modules."
2298
msgstr ""
2299
2300
#: serverguide/C/web-servers.xml:531(para)
2301
msgid ""
2302
"Use the <application>a2enmod</application> utility to enable a module:"
2303
msgstr ""
2304
2305
#: serverguide/C/web-servers.xml:537(command)
2306
msgid "sudo a2enmod auth_mysql"
2307
msgstr ""
2308
2309
#: serverguide/C/web-servers.xml:541(para)
2310
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2311
msgstr ""
2312
2313
#: serverguide/C/web-servers.xml:546(command)
2314
msgid "sudo a2dismod auth_mysql"
2315
msgstr ""
2316
2317
#: serverguide/C/web-servers.xml:553(title)
2318
msgid "HTTPS Configuration"
2319
msgstr ""
2320
2321
#: serverguide/C/web-servers.xml:555(para)
2322
msgid ""
2323
"The <application>mod_ssl</application> module adds an important feature to "
2324
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2325
"browser is communicating using SSL, the https:// prefix is used at the "
2326
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2327
"bar."
2328
msgstr ""
2329
2330
#: serverguide/C/web-servers.xml:564(para)
2331
msgid ""
2332
"The <application>mod_ssl</application> module is available in "
2333
"<application>apache2-common</application> package. Execute the following "
2334
"command from a terminal prompt to enable the "
2335
"<application>mod_ssl</application> module:"
2336
msgstr ""
2337
2338
#: serverguide/C/web-servers.xml:571(command)
2339
msgid "sudo a2enmod ssl"
2340
msgstr ""
2341
2342
#: serverguide/C/web-servers.xml:574(para)
2343
msgid ""
2344
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2345
"available/default-ssl</filename>. In order for "
2346
"<application>Apache</application> to provide HTTPS, a "
2347
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2348
"needed. The default HTTPS configuration will use a certificate and key "
2349
"generated by the <application>ssl-cert</application> package. They are good "
2350
"for testing, but the auto-generated certificate and key should be replaced "
2351
"by a certificate specific to the site or server. For information on "
2352
"generating a key and obtaining a certificate see <xref "
2353
"linkend=\"certificates-and-security\"/>"
2354
msgstr ""
2355
2356
#: serverguide/C/web-servers.xml:584(para)
2357
msgid ""
2358
"To configure <application>Apache</application> for HTTPS, enter the "
2359
"following:"
2360
msgstr ""
2361
2362
#: serverguide/C/web-servers.xml:589(command)
2363
msgid "sudo a2ensite default-ssl"
2364
msgstr ""
2365
2366
#: serverguide/C/web-servers.xml:593(para)
2367
msgid ""
2368
"The directories <filename>/etc/ssl/certs</filename> and "
2369
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2370
"install the certificate and key in another directory make sure to change "
2371
"<emphasis>SSLCertificateFile</emphasis> and "
2372
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2373
msgstr ""
2374
2375
#: serverguide/C/web-servers.xml:600(para)
2376
msgid ""
2377
"With Apache now configured for HTTPS, restart the service to enable the new "
2378
"settings:"
2379
msgstr ""
2380
2381
#: serverguide/C/web-servers.xml:611(para)
2382
msgid ""
2383
"Depending on how you obtained your certificate you may need to enter a "
2384
"passphrase when <application>Apache</application> starts."
2385
msgstr ""
2386
2387
#: serverguide/C/web-servers.xml:617(para)
2388
msgid ""
2389
"You can access the secure server pages by typing https://your_hostname/url/ "
2390
"in your browser address bar."
2391
msgstr ""
2392
2393
#: serverguide/C/web-servers.xml:628(para)
2394
msgid ""
2395
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2396
"Documentation</ulink> contains in depth information on Apache2 configuration "
2397
"directives. Also, see the <application>apache2-doc</application> package for "
2398
"the official Apache2 docs."
2399
msgstr ""
2400
2401
#: serverguide/C/web-servers.xml:635(para)
2402
msgid ""
2403
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2404
"Documentation</ulink> site for more SSL related information."
2405
msgstr ""
2406
2407
#: serverguide/C/web-servers.xml:641(para)
2408
msgid ""
2409
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2410
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2411
"configurations."
2412
msgstr ""
2413
2414
#: serverguide/C/web-servers.xml:647(para)
2415
msgid ""
2416
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2417
"server</emphasis> IRC channel on <ulink "
2418
"url=\"http://freenode.net/\">freenode.net</ulink>."
2419
msgstr ""
2420
2421
#: serverguide/C/web-servers.xml:658(title)
2422
msgid "PHP5 - Scripting Language"
2423
msgstr ""
2424
2425
#: serverguide/C/web-servers.xml:659(para)
2426
msgid ""
2427
"PHP is a general-purpose scripting language suited for Web development. The "
2428
"PHP script can be embedded into HTML. This section explains how to install "
2429
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2430
msgstr ""
2431
2432
#: serverguide/C/web-servers.xml:663(para)
2433
msgid ""
2434
"This section assumes you have installed and configured Apache 2 Web Server "
2435
"and MySQL Database Server. You can refer to Apache 2 section and MySQL "
2436
"sections in this document to install and configure Apache 2 and MySQL "
2437
"respectively."
2438
msgstr ""
2439
2440
#: serverguide/C/web-servers.xml:670(para)
2441
msgid "The PHP5 is available in Ubuntu Linux."
2442
msgstr ""
2443
2444
#: serverguide/C/web-servers.xml:672(para)
2445
msgid ""
2446
"To install PHP5 you can enter the following command in the terminal prompt: "
2447
"<screen>\n"
2448
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2449
"</screen>"
2450
msgstr ""
2451
2452
#: serverguide/C/web-servers.xml:681(para)
2453
msgid ""
2454
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2455
"line you should install <application>php5-cli</application> package. To "
2456
"install <application>php5-cli</application> you can enter the following "
2457
"command in the terminal prompt: <screen>\n"
2458
"<command>sudo apt-get install php5-cli</command>\n"
2459
"</screen>"
2460
msgstr ""
2461
2462
#: serverguide/C/web-servers.xml:690(para)
2463
msgid ""
2464
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2465
"accomplish this, you should install <application>php5-cgi</application> "
2466
"package. You can run the following command in a terminal prompt to install "
2467
"<application>php5-cgi</application> package: <screen>\n"
2468
"<command>sudo apt-get install php5-cgi</command>\n"
2469
"</screen>"
2470
msgstr ""
2471
2472
#: serverguide/C/web-servers.xml:700(para)
2473
msgid ""
2474
"To use <application>MySQL</application> with PHP5 you should install "
2475
"<application>php5-mysql</application> package. To install <application>php5-"
2476
"mysql</application> you can enter the following command in the terminal "
2477
"prompt: <screen>\n"
2478
"<command>sudo apt-get install php5-mysql</command>\n"
2479
"</screen>"
2480
msgstr ""
2481
2482
#: serverguide/C/web-servers.xml:708(para)
2483
msgid ""
2484
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2485
"install <application>php5-pgsql</application> package. To install "
2486
"<application>php5-pgsql</application> you can enter the following command in "
2487
"the terminal prompt: <screen>\n"
2488
"<command>sudo apt-get install php5-pgsql</command>\n"
2489
"</screen>"
2490
msgstr ""
2491
2492
#: serverguide/C/web-servers.xml:721(para)
2493
msgid ""
2494
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2495
"you have installed <application>php5-cli</application> package, you can run "
2496
"PHP5 scripts from your command prompt."
2497
msgstr ""
2498
2499
#: serverguide/C/web-servers.xml:728(para)
2500
msgid ""
2501
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2502
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2503
"when you install the module. Please verify if the files "
2504
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2505
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2506
"not exists, you can enable the module using <command>a2enmod</command> "
2507
"command."
2508
msgstr ""
2509
2510
#: serverguide/C/web-servers.xml:739(para)
2511
msgid ""
2512
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2513
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2514
"following command at a terminal prompt to restart your web server: "
2515
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2516
msgstr ""
2517
2518
#: serverguide/C/web-servers.xml:747(title) serverguide/C/mail.xml:305(title) serverguide/C/mail.xml:1534(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2519
msgid "Testing"
2520
msgstr ""
2521
2522
#: serverguide/C/web-servers.xml:748(para)
2523
msgid ""
2524
"To verify your installation, you can run following PHP5 phpinfo script:"
2525
msgstr ""
2526
2527
#: serverguide/C/web-servers.xml:751(programlisting)
2528
#, no-wrap
2529
msgid ""
2530
"\n"
2531
"<?php\n"
2532
" phpinfo();\n"
2533
"?>\n"
2534
msgstr ""
2535
2536
#: serverguide/C/web-servers.xml:756(para)
2537
msgid ""
2538
"You can save the content in a file <filename>phpinfo.php</filename> and "
2539
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2540
"server. When point your browser to "
2541
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2542
"various PHP5 configuration parameters."
2543
msgstr ""
2544
2545
#: serverguide/C/web-servers.xml:770(para)
2546
msgid ""
2547
"For more in depth information see <ulink "
2548
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2549
msgstr ""
2550
2551
#: serverguide/C/web-servers.xml:775(para)
2552
msgid ""
2553
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2554
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2555
"5</ulink> and the <ulink "
2556
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2557
msgstr ""
2558
2559
#: serverguide/C/web-servers.xml:787(title)
2560
msgid "Squid - Proxy Server"
2561
msgstr ""
2562
2563
#: serverguide/C/web-servers.xml:788(para)
2564
msgid ""
2565
"Squid is a full-featured web proxy cache server application which provides "
2566
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2567
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2568
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2569
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2570
"caching. Squid also supports a wide variety of caching protocols, such as "
2571
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2572
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2573
"Protocol. (WCCP)"
2574
msgstr ""
2575
2576
#: serverguide/C/web-servers.xml:796(para)
2577
msgid ""
2578
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2579
"and caching server needs, and scales from the branch office to enterprise "
2580
"level networks while providing extensive, granular access control mechanisms "
2581
"and monitoring of critical parameters via the Simple Network Management "
2582
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2583
"Squid proxy, or caching servers, ensure your system is configured with a "
2584
"large amount of physical memory, as Squid maintains an in-memory cache for "
2585
"increased performance."
2586
msgstr ""
2587
2588
#: serverguide/C/web-servers.xml:805(para)
2589
msgid ""
2590
"At a terminal prompt, enter the following command to install the Squid "
2591
"server:"
2592
msgstr ""
2593
2594
#: serverguide/C/web-servers.xml:810(command)
2595
msgid "sudo apt-get install squid"
2596
msgstr ""
2597
2598
#: serverguide/C/web-servers.xml:816(para)
2599
msgid ""
2600
"Squid is configured by editing the directives contained within the "
2601
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2602
"examples illustrate some of the directives which may be modified to affect "
2603
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2604
"see the References section."
2605
msgstr ""
2606
2607
#: serverguide/C/web-servers.xml:822(para)
2608
msgid ""
2609
"Prior to editing the configuration file, you should make a copy of the "
2610
"original file and protect it from writing so you will have the original "
2611
"settings as a reference, and to re-use as necessary."
2612
msgstr ""
2613
2614
#: serverguide/C/web-servers.xml:825(para)
2615
msgid ""
2616
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2617
"writing with the following commands entered at a terminal prompt:"
2618
msgstr ""
2619
2620
#: serverguide/C/web-servers.xml:830(command)
2621
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2622
msgstr ""
2623
2624
#: serverguide/C/web-servers.xml:831(command)
2625
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2626
msgstr ""
2627
2628
#: serverguide/C/web-servers.xml:837(para)
2629
msgid ""
2630
"To set your Squid server to listen on TCP port 8888 instead of the default "
2631
"TCP port 3128, change the http_port directive as such:"
2632
msgstr ""
2633
2634
#: serverguide/C/web-servers.xml:841(programlisting)
2635
#, no-wrap
2636
msgid ""
2637
"\n"
2638
"http_port 8888\n"
2639
msgstr ""
2640
2641
#: serverguide/C/web-servers.xml:846(para)
2642
msgid ""
2643
"Change the visible_hostname directive in order to give the Squid server a "
2644
"specific hostname. This hostname does not necessarily need to be the "
2645
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2646
msgstr ""
2647
2648
#: serverguide/C/web-servers.xml:850(programlisting)
2649
#, no-wrap
2650
msgid ""
2651
"\n"
2652
"visible_hostname weezie\n"
2653
msgstr ""
2654
2655
#: serverguide/C/web-servers.xml:855(para)
2656
msgid ""
2657
"Again, Using Squid's access control, you may configure use of Internet "
2658
"services proxied by Squid to be available only users with certain Internet "
2659
"Protocol (IP) addresses. For example, we will illustrate access by users of "
2660
"the 192.168.42.0/24 subnetwork only:"
2661
msgstr ""
2662
2663
#: serverguide/C/web-servers.xml:860(para) serverguide/C/web-servers.xml:880(para)
2664
msgid ""
2665
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2666
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2667
msgstr ""
2668
2669
#: serverguide/C/web-servers.xml:863(programlisting)
2670
#, no-wrap
2671
msgid ""
2672
"\n"
2673
"acl fortytwo_network src 192.168.42.0/24\n"
2674
msgstr ""
2675
2676
#: serverguide/C/web-servers.xml:866(para) serverguide/C/web-servers.xml:887(para)
2677
msgid ""
2678
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2679
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2680
msgstr ""
2681
2682
#: serverguide/C/web-servers.xml:870(programlisting)
2683
#, no-wrap
2684
msgid ""
2685
"\n"
2686
"http_access allow fortytwo_network\n"
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:875(para)
2690
msgid ""
2691
"Using the excellent access control features of Squid, you may configure use "
2692
"of Internet services proxied by Squid to be available only during normal "
2693
"business hours. For example, we'll illustrate access by employees of a "
2694
"business which is operating between 9:00AM and 5:00PM, Monday through "
2695
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2696
msgstr ""
2697
2698
#: serverguide/C/web-servers.xml:883(programlisting)
2699
#, no-wrap
2700
msgid ""
2701
"\n"
2702
"acl biz_network src 10.1.42.0/24\n"
2703
"acl biz_hours time M T W T F 9:00-17:00\n"
2704
msgstr ""
2705
2706
#: serverguide/C/web-servers.xml:891(programlisting)
2707
#, no-wrap
2708
msgid ""
2709
"\n"
2710
"http_access allow biz_network biz_hours\n"
2711
msgstr ""
2712
2713
#: serverguide/C/web-servers.xml:898(para)
2714
msgid ""
2715
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2716
"save the file and restart the <application>squid</application> server "
2717
"application to effect the changes using the following command entered at a "
2718
"terminal prompt:"
2719
msgstr ""
2720
2721
#: serverguide/C/web-servers.xml:905(command)
2722
msgid "sudo /etc/init.d/squid restart"
2723
msgstr ""
2724
2725
#: serverguide/C/web-servers.xml:912(ulink)
2726
msgid "Squid Website"
2727
msgstr ""
2728
2729
#: serverguide/C/web-servers.xml:918(title)
2730
msgid "Ruby on Rails"
2731
msgstr ""
2732
2733
#: serverguide/C/web-servers.xml:919(para)
2734
msgid ""
2735
"Ruby on Rails is an open source web framework for developing database backed "
2736
"web applications. It is optimized for sustainable productivity of the "
2737
"programmer since it lets the programmer to write code by favouring "
2738
"convention over configuration."
2739
msgstr ""
2740
2741
#: serverguide/C/web-servers.xml:926(para)
2742
msgid ""
2743
"Before installing <application>Rails</application> you should install "
2744
"<application>Apache</application> and <application>MySQL</application>. To "
2745
"install the <application>Apache</application> package, please refer to <xref "
2746
"linkend=\"httpd\"/>. For instructions on installing "
2747
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2748
msgstr ""
2749
2750
#: serverguide/C/web-servers.xml:934(para)
2751
msgid ""
2752
"Once you have <application>Apache</application> and "
2753
"<application>MySQL</application> packages installed, you are ready to "
2754
"install <application>Ruby on Rails</application> package."
2755
msgstr ""
2756
2757
#: serverguide/C/web-servers.xml:941(para)
2758
msgid ""
2759
"To install the <application>Ruby</application> base packages and "
2760
"<application>Ruby on Rails</application>, you can enter the following "
2761
"command in the terminal prompt:"
2762
msgstr ""
2763
2764
#: serverguide/C/web-servers.xml:947(command)
2765
msgid "sudo apt-get install rails"
2766
msgstr ""
2767
2768
#: serverguide/C/web-servers.xml:953(para)
2769
msgid ""
2770
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2771
"configuration file to setup your domains."
2772
msgstr ""
2773
2774
#: serverguide/C/web-servers.xml:957(para)
2775
msgid ""
2776
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2777
msgstr ""
2778
2779
#: serverguide/C/web-servers.xml:961(programlisting)
2780
#, no-wrap
2781
msgid ""
2782
"\n"
2783
"DocumentRoot /path/to/rails/application/public\n"
2784
msgstr ""
2785
2786
#: serverguide/C/web-servers.xml:964(para)
2787
msgid ""
2788
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2789
"directive:"
2790
msgstr ""
2791
2792
#: serverguide/C/web-servers.xml:968(programlisting)
2793
#, no-wrap
2794
msgid ""
2795
"\n"
2796
"<Directory \"/path/to/rails/application/public\">\n"
2797
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2798
" AllowOverride All\n"
2799
" Order allow,deny\n"
2800
" allow from all\n"
2801
" AddHandler cgi-script .cgi\n"
2802
"</Directory>\n"
2803
msgstr ""
2804
2805
#: serverguide/C/web-servers.xml:978(para)
2806
msgid ""
2807
"You should also enable the <application>mod_rewrite</application> module for "
2808
"Apache. To enable <application>mod_rewrite</application> module, please "
2809
"enter the following command in a terminal prompt:"
2810
msgstr ""
2811
2812
#: serverguide/C/web-servers.xml:984(command)
2813
msgid "sudo a2enmod rewrite"
2814
msgstr ""
2815
2816
#: serverguide/C/web-servers.xml:987(para)
2817
msgid ""
2818
"Finally you will need to change the ownership of the "
2819
"<filename>/path/to/rails/application/public</filename> and "
2820
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2821
"used to run the <application>Apache</application> process:"
2822
msgstr ""
2823
2824
#: serverguide/C/web-servers.xml:993(command)
2825
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2826
msgstr ""
2827
2828
#: serverguide/C/web-servers.xml:994(command)
2829
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2830
msgstr ""
2831
2832
#: serverguide/C/web-servers.xml:997(para)
2833
msgid ""
2834
"That's it! Now you have your Server ready for your <application>Ruby on "
2835
"Rails</application> applications."
2836
msgstr ""
2837
2838
#: serverguide/C/web-servers.xml:1006(para)
2839
msgid ""
2840
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2841
"for more information."
2842
msgstr ""
2843
2844
#: serverguide/C/web-servers.xml:1011(para)
2845
msgid ""
2846
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2847
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2848
"resource."
2849
msgstr ""
2850
2851
#: serverguide/C/web-servers.xml:1022(title)
2852
msgid "Apache Tomcat"
2853
msgstr ""
2854
2855
#: serverguide/C/web-servers.xml:1023(para)
2856
msgid ""
2857
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2858
"JSP (Java Server Pages) web applications."
2859
msgstr ""
2860
2861
#: serverguide/C/web-servers.xml:1025(para)
2862
msgid ""
2863
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2864
"different ways of running Tomcat. You can install them as a classic unique "
2865
"system-wide instance, that will be started at boot time and will run as the "
2866
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2867
"will run with your own user rights, and that you should start and stop by "
2868
"yourself. This second way is particularly useful in a development server "
2869
"context where multiple users need to test on their own private Tomcat "
2870
"instances."
2871
msgstr ""
2872
2873
#: serverguide/C/web-servers.xml:1035(title)
2874
msgid "System-wide installation"
2875
msgstr ""
2876
2877
#: serverguide/C/web-servers.xml:1036(para)
2878
msgid ""
2879
"To install the <application>Tomcat</application> server, you can enter the "
2880
"following command in the terminal prompt:"
2881
msgstr ""
2882
2883
#: serverguide/C/web-servers.xml:1039(command)
2884
msgid "sudo apt-get install tomcat6"
2885
msgstr ""
2886
2887
#: serverguide/C/web-servers.xml:1041(para)
2888
msgid ""
2889
"This will install a Tomcat server with just a default ROOT webapp that "
2890
"displays a minimal \"It works\" page by default."
2891
msgstr ""
2892
2893
#: serverguide/C/web-servers.xml:1047(para)
2894
msgid ""
2895
"Tomcat configuration files can be found in "
2896
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2897
"will be described here, please see <ulink "
2898
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2899
"documentation</ulink> for more."
2900
msgstr ""
2901
2902
#: serverguide/C/web-servers.xml:1053(title)
2903
msgid "Changing default ports"
2904
msgstr ""
2905
2906
#: serverguide/C/web-servers.xml:1054(para)
2907
msgid ""
2908
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2909
"connector on port 8009. You might want to change those default ports to "
2910
"avoid conflict with another server on the system. This is done by changing "
2911
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2912
msgstr ""
2913
2914
#: serverguide/C/web-servers.xml:1059(programlisting)
2915
#, no-wrap
2916
msgid ""
2917
"\n"
2918
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2919
" connectionTimeout=\"20000\" \n"
2920
" redirectPort=\"8443\" />\n"
2921
"...\n"
2922
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2923
"/>\n"
2924
msgstr ""
2925
2926
#: serverguide/C/web-servers.xml:1068(title)
2927
msgid "Changing JVM used"
2928
msgstr ""
2929
2930
#: serverguide/C/web-servers.xml:1069(para)
2931
msgid ""
2932
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2933
"then try some other JVMs. If you have various JVMs installed, you can set "
2934
"which should be used by setting JAVA_HOME in "
2935
"<filename>/etc/default/tomcat6</filename>:"
2936
msgstr ""
2937
2938
#: serverguide/C/web-servers.xml:1073(programlisting)
2939
#, no-wrap
2940
msgid ""
2941
"\n"
2942
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2943
msgstr ""
2944
2945
#: serverguide/C/web-servers.xml:1078(title)
2946
msgid "Declaring users and roles"
2947
msgstr ""
2948
2949
#: serverguide/C/web-servers.xml:1079(para)
2950
msgid ""
2951
"Usernames, passwords and roles (groups) can be defined centrally in a "
2952
"Servlet container. In Tomcat 6.0 this is done in the "
2953
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2954
msgstr ""
2955
2956
#: serverguide/C/web-servers.xml:1082(programlisting)
2957
#, no-wrap
2958
msgid ""
2959
"\n"
2960
"<role rolename=\"admin\"/>\n"
2961
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2962
msgstr ""
2963
2964
#: serverguide/C/web-servers.xml:1090(title)
2965
msgid "Using Tomcat standard webapps"
2966
msgstr ""
2967
2968
#: serverguide/C/web-servers.xml:1091(para)
2969
msgid ""
2970
"Tomcat is shipped with webapps that you can install for documentation, "
2971
"administration or demo purposes."
2972
msgstr ""
2973
2974
#: serverguide/C/web-servers.xml:1094(title)
2975
msgid "Tomcat documentation"
2976
msgstr ""
2977
2978
#: serverguide/C/web-servers.xml:1095(para)
2979
msgid ""
2980
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
2981
"documentation, packaged as a webapp that you can access by default at "
2982
"http://yourserver:8080/docs. You can install it by entering the following "
2983
"command in the terminal prompt:"
2984
msgstr ""
2985
2986
#: serverguide/C/web-servers.xml:1100(command)
2987
msgid "sudo apt-get install tomcat6-docs"
2988
msgstr ""
2989
2990
#: serverguide/C/web-servers.xml:1104(title)
2991
msgid "Tomcat administration webapps"
2992
msgstr ""
2993
2994
#: serverguide/C/web-servers.xml:1105(para)
2995
msgid ""
2996
"The <application>tomcat6-admin</application> package contains two webapps "
2997
"that can be used to administer the Tomcat server using a web interface. You "
2998
"can install them by entering the following command in the terminal prompt:"
2999
msgstr ""
3000
3001
#: serverguide/C/web-servers.xml:1110(command)
3002
msgid "sudo apt-get install tomcat6-admin"
3003
msgstr ""
3004
3005
#: serverguide/C/web-servers.xml:1112(para)
3006
msgid ""
3007
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3008
"access by default at http://yourserver:8080/manager/html. It is primarily "
3009
"used to get server status and restart webapps."
3010
msgstr ""
3011
3012
#: serverguide/C/web-servers.xml:1115(para)
3013
msgid ""
3014
"Access to the <emphasis>manager</emphasis> application is protected by "
3015
"default: you need to define a user with the role \"manager\" in "
3016
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3017
msgstr ""
3018
3019
#: serverguide/C/web-servers.xml:1119(para)
3020
msgid ""
3021
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3022
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3023
"used to create virtual hosts dynamically."
3024
msgstr ""
3025
3026
#: serverguide/C/web-servers.xml:1123(para)
3027
msgid ""
3028
"Access to the <emphasis>host-manager</emphasis> application is also "
3029
"protected by default: you need to define a user with the role \"admin\" in "
3030
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3031
msgstr ""
3032
3033
#: serverguide/C/web-servers.xml:1128(para)
3034
msgid ""
3035
"For security reasons, the tomcat6 user cannot write to the "
3036
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3037
"these admin webapps (application deployment, virtual host creation) need "
3038
"write access to that directory. If you want to use these features execute "
3039
"the following, to give users in the tomcat6 group the necessary rights:"
3040
msgstr ""
3041
3042
#: serverguide/C/web-servers.xml:1135(command)
3043
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3044
msgstr ""
3045
3046
#: serverguide/C/web-servers.xml:1136(command)
3047
msgid "sudo chmod -R g+w /etc/tomcat6"
3048
msgstr ""
3049
3050
#: serverguide/C/web-servers.xml:1141(title)
3051
msgid "Tomcat examples webapps"
3052
msgstr ""
3053
3054
#: serverguide/C/web-servers.xml:1142(para)
3055
msgid ""
3056
"The <application>tomcat6-examples</application> package contains two webapps "
3057
"that can be used to test or demonstrate Servlets and JSP features, which you "
3058
"can access them by default at http://yourserver:8080/examples. You can "
3059
"install them by entering the following command in the terminal prompt:"
3060
msgstr ""
3061
3062
#: serverguide/C/web-servers.xml:1148(command)
3063
msgid "sudo apt-get install tomcat6-examples"
3064
msgstr ""
3065
3066
#: serverguide/C/web-servers.xml:1154(title)
3067
msgid "Using private instances"
3068
msgstr ""
3069
3070
#: serverguide/C/web-servers.xml:1155(para)
3071
msgid ""
3072
"Tomcat is heavily used in development and testing scenarios where using a "
3073
"single system-wide instance doesn't meet the requirements of multiple users "
3074
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3075
"help deploy your own user-oriented instances, allowing every user on a "
3076
"system to run (without root rights) separate private instances while still "
3077
"using the system-installed libraries."
3078
msgstr ""
3079
3080
#: serverguide/C/web-servers.xml:1162(para)
3081
msgid ""
3082
"It is possible to run the system-wide instance and the private instances in "
3083
"parallel, as long as they do not use the same TCP ports."
3084
msgstr ""
3085
3086
#: serverguide/C/web-servers.xml:1166(title)
3087
msgid "Installing private instance support"
3088
msgstr ""
3089
3090
#: serverguide/C/web-servers.xml:1167(para)
3091
msgid ""
3092
"You can install everything necessary to run private instances by entering "
3093
"the following command in the terminal prompt:"
3094
msgstr ""
3095
3096
#: serverguide/C/web-servers.xml:1170(command)
3097
msgid "sudo apt-get install tomcat6-user"
3098
msgstr ""
3099
3100
#: serverguide/C/web-servers.xml:1174(title)
3101
msgid "Creating a private instance"
3102
msgstr ""
3103
3104
#: serverguide/C/web-servers.xml:1175(para)
3105
msgid ""
3106
"You can create a private instance directory by entering the following "
3107
"command in the terminal prompt:"
3108
msgstr ""
3109
3110
#: serverguide/C/web-servers.xml:1178(command)
3111
msgid "tomcat6-instance-create my-instance"
3112
msgstr ""
3113
3114
#: serverguide/C/web-servers.xml:1180(para)
3115
msgid ""
3116
"This will create a new <filename>my-instance</filename> directory with all "
3117
"the necessary subdirectories and scripts. You can for example install your "
3118
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3119
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3120
"are deployed by default."
3121
msgstr ""
3122
3123
#: serverguide/C/web-servers.xml:1188(title)
3124
msgid "Configuring your private instance"
3125
msgstr ""
3126
3127
#: serverguide/C/web-servers.xml:1189(para)
3128
msgid ""
3129
"You will find the classic Tomcat configuration files for your private "
3130
"instance in the <filename>conf/</filename> subdirectory. You should for "
3131
"example certainly edit the <filename>conf/server.xml</filename> file to "
3132
"change the default ports used by your private Tomcat instance to avoid "
3133
"conflict with other instances that might be running."
3134
msgstr ""
3135
3136
#: serverguide/C/web-servers.xml:1197(title)
3137
msgid "Starting/stopping your private instance"
3138
msgstr ""
3139
3140
#: serverguide/C/web-servers.xml:1198(para)
3141
msgid ""
3142
"You can start your private instance by entering the following command in the "
3143
"terminal prompt (supposing your instance is located in the <filename>my-"
3144
"instance</filename> directory):"
3145
msgstr ""
3146
3147
#: serverguide/C/web-servers.xml:1202(command)
3148
msgid "my-instance/bin/startup.sh"
3149
msgstr ""
3150
3151
#: serverguide/C/web-servers.xml:1204(para)
3152
msgid ""
3153
"You should check the <filename>logs/</filename> subdirectory for any error. "
3154
"If you have a <emphasis>java.net.BindException: Address already in "
3155
"use<null>:8080</emphasis> error, it means that the port you're using "
3156
"is already taken and that you should change it."
3157
msgstr ""
3158
3159
#: serverguide/C/web-servers.xml:1209(para)
3160
msgid ""
3161
"You can stop your instance by entering the following command in the terminal "
3162
"prompt (supposing your instance is located in the <filename>my-"
3163
"instance</filename> directory):"
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:1213(command)
3167
msgid "my-instance/bin/shutdown.sh"
3168
msgstr ""
3169
3170
#: serverguide/C/web-servers.xml:1222(para)
3171
msgid ""
3172
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3173
"website for more information."
3174
msgstr ""
3175
3176
#: serverguide/C/web-servers.xml:1227(para)
3177
msgid ""
3178
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3179
"Definitive Guide</ulink> is a good resource for building web applications "
3180
"with Tomcat."
3181
msgstr ""
3182
3183
#: serverguide/C/web-servers.xml:1233(para)
3184
msgid ""
3185
"For additional books see the <ulink "
3186
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3187
"page."
3188
msgstr ""
3189
3190
#: serverguide/C/vpn.xml:13(title)
3191
msgid "VPN"
3192
msgstr ""
3193
3194
#: serverguide/C/vpn.xml:15(para)
3195
msgid ""
3196
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3197
"network connection between two or more networks. There are several ways to "
3198
"create a VPN using software as well as dedicated hardware appliances. This "
3199
"chapter will cover installing and configuring "
3200
"<application>OpenVPN</application> to create a VPN between two servers."
3201
msgstr ""
3202
3203
#: serverguide/C/vpn.xml:23(title)
3204
msgid "OpenVPN"
3205
msgstr ""
3206
3207
#: serverguide/C/vpn.xml:25(para)
3208
msgid ""
3209
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3210
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3211
"clients through a bridge interface on the VPN server. This guide will assume "
3212
"that one VPN node, the server in this case, has a bridge interface "
3213
"configured. For more information on setting up a bridge see <xref "
3214
"linkend=\"bridging\"/>."
3215
msgstr ""
3216
3217
#: serverguide/C/vpn.xml:35(para)
3218
msgid "To install <application>openvpn</application> in a terminal enter:"
3219
msgstr ""
3220
3221
#: serverguide/C/vpn.xml:41(command)
3222
msgid "sudo apt-get install openvpn"
3223
msgstr ""
3224
3225
#: serverguide/C/vpn.xml:45(title)
3226
msgid "Server Certificates"
3227
msgstr ""
3228
3229
#: serverguide/C/vpn.xml:47(para)
3230
msgid ""
3231
"Now that the <application>openvpn</application> package is installed, the "
3232
"certificates for the VPN server need to be created."
3233
msgstr ""
3234
3235
#: serverguide/C/vpn.xml:52(para)
3236
msgid ""
3237
"First, copy the <filename>easy-rsa</filename> directory to "
3238
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3239
"scripts will not be lost when the package is updated. From a terminal enter:"
3240
msgstr ""
3241
3242
#: serverguide/C/vpn.xml:58(command)
3243
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3244
msgstr ""
3245
3246
#: serverguide/C/vpn.xml:59(command)
3247
msgid ""
3248
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/"
3249
msgstr ""
3250
3251
#: serverguide/C/vpn.xml:62(para)
3252
msgid ""
3253
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3254
"following to your environment:"
3255
msgstr ""
3256
3257
#: serverguide/C/vpn.xml:66(programlisting)
3258
#, no-wrap
3259
msgid ""
3260
"\n"
3261
"export KEY_COUNTRY=\"US\"\n"
3262
"export KEY_PROVINCE=\"NC\"\n"
3263
"export KEY_CITY=\"Winston-Salem\"\n"
3264
"export KEY_ORG=\"Example Company\"\n"
3265
"export KEY_EMAIL=\"steve@example.com\"\n"
3266
msgstr ""
3267
3268
#: serverguide/C/vpn.xml:74(para)
3269
msgid "Enter the following to create the server certificates:"
3270
msgstr ""
3271
3272
#: serverguide/C/vpn.xml:79(command)
3273
msgid "cd /etc/openvpn/easy-rsa/easy-rsa"
3274
msgstr ""
3275
3276
#: serverguide/C/vpn.xml:80(command) serverguide/C/vpn.xml:101(command)
3277
msgid "source vars"
3278
msgstr ""
3279
3280
#: serverguide/C/vpn.xml:81(command)
3281
msgid "./clean-all"
3282
msgstr ""
3283
3284
#: serverguide/C/vpn.xml:82(command)
3285
msgid "./build-dh"
3286
msgstr ""
3287
3288
#: serverguide/C/vpn.xml:83(command)
3289
msgid "./pkitool --initca"
3290
msgstr ""
3291
3292
#: serverguide/C/vpn.xml:84(command)
3293
msgid "./pkitool --server server"
3294
msgstr ""
3295
3296
#: serverguide/C/vpn.xml:85(command)
3297
msgid "cd keys"
3298
msgstr ""
3299
3300
#: serverguide/C/vpn.xml:86(command)
3301
msgid "openvpn --genkey --secret ta.key"
3302
msgstr ""
3303
3304
#: serverguide/C/vpn.xml:87(command)
3305
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3306
msgstr ""
3307
3308
#: serverguide/C/vpn.xml:92(title)
3309
msgid "Client Certificates"
3310
msgstr ""
3311
3312
#: serverguide/C/vpn.xml:94(para)
3313
msgid ""
3314
"The VPN client will also need a certificate to authenticate itself to the "
3315
"server. To create the certificate, enter the following in a terminal:"
3316
msgstr ""
3317
3318
#: serverguide/C/vpn.xml:100(command)
3319
msgid "cd /etc/openvpn/easy-rsa/"
3320
msgstr ""
3321
3322
#: serverguide/C/vpn.xml:102(command)
3323
msgid "./pkitool hostname"
3324
msgstr ""
3325
3326
#: serverguide/C/vpn.xml:106(para)
3327
msgid ""
3328
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3329
"machine connecting to the VPN."
3330
msgstr ""
3331
3332
#: serverguide/C/vpn.xml:111(para)
3333
msgid "Copy the following files to the client:"
3334
msgstr ""
3335
3336
#: serverguide/C/vpn.xml:116(para)
3337
msgid "/etc/openvpn/easy-rsa/hostname.ovpn"
3338
msgstr ""
3339
3340
#: serverguide/C/vpn.xml:117(para)
3341
msgid "/etc/openvpn/easy-rsa/ca.crt"
3342
msgstr ""
3343
3344
#: serverguide/C/vpn.xml:118(para)
3345
msgid "/etc/openvpn/easy-rsa/hostname.crt"
3346
msgstr ""
3347
3348
#: serverguide/C/vpn.xml:119(para)
3349
msgid "/etc/openvpn/easy-rsa/hostname.key"
3350
msgstr ""
3351
3352
#: serverguide/C/vpn.xml:120(para)
3353
msgid "/etc/openvpn/easy-rsa/ta.key"
3354
msgstr ""
3355
3356
#: serverguide/C/vpn.xml:124(para)
3357
msgid ""
3358
"Remember to adjust the above file names for your client machine's "
3359
"<emphasis>hostname</emphasis>."
3360
msgstr ""
3361
3362
#: serverguide/C/vpn.xml:129(para)
3363
msgid ""
3364
"It is best to use a secure method to copy the certificate and key files. The "
3365
"<application>scp</application> utility is a good choice, but copying the "
3366
"files to removable media then to the client, also works well."
3367
msgstr ""
3368
3369
#: serverguide/C/vpn.xml:140(title) serverguide/C/vcs.xml:107(title)
3370
msgid "Server Configuration"
3371
msgstr ""
3372
3373
#: serverguide/C/vpn.xml:142(para)
3374
msgid ""
3375
"Now configure the <application>openvpn</application> server by creating "
3376
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3377
"terminal enter:"
3378
msgstr ""
3379
3380
#: serverguide/C/vpn.xml:148(command)
3381
msgid ""
3382
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3383
"/etc/openvpn/"
3384
msgstr ""
3385
3386
#: serverguide/C/vpn.xml:149(command)
3387
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3388
msgstr ""
3389
3390
#: serverguide/C/vpn.xml:152(para)
3391
msgid ""
3392
"Edit <filename>etc/openvpn/server.conf</filename> changing the following "
3393
"options to:"
3394
msgstr ""
3395
3396
#: serverguide/C/vpn.xml:156(programlisting)
3397
#, no-wrap
3398
msgid ""
3399
"\n"
3400
"local 172.18.100.101\n"
3401
"dev tap0\n"
3402
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3403
"push \"route 172.18.100.1 255.255.255.0\"\n"
3404
"push \"dhcp-option DNS 172.18.100.20\"\n"
3405
"push \"dhcp-option DOMAIN example.com\"\n"
3406
"tls-auth ta.key 0 # This file is secret\n"
3407
"user nobody\n"
3408
"group nogroup\n"
3409
msgstr ""
3410
3411
#: serverguide/C/vpn.xml:170(para)
3412
msgid ""
3413
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3414
msgstr ""
3415
3416
#: serverguide/C/vpn.xml:175(para)
3417
msgid ""
3418
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3419
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3420
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3421
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3422
"to clients."
3423
msgstr ""
3424
3425
#: serverguide/C/vpn.xml:182(para)
3426
msgid ""
3427
"<emphasis>push</emphasis>: are directives to add networking options for "
3428
"clients."
3429
msgstr ""
3430
3431
#: serverguide/C/vpn.xml:187(para)
3432
msgid ""
3433
"<emphasis>user and group</emphasis>: configure which user and group the "
3434
"<application>openvpn</application> daemon executes as."
3435
msgstr ""
3436
3437
#: serverguide/C/vpn.xml:194(para)
3438
msgid ""
3439
"Replace all IP addresses and domain names above with those of your network."
3440
msgstr ""
3441
3442
#: serverguide/C/vpn.xml:199(para)
3443
msgid ""
3444
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3445
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3446
msgstr ""
3447
3448
#: serverguide/C/vpn.xml:203(programlisting)
3449
#, no-wrap
3450
msgid ""
3451
"\n"
3452
"#!/bin/sh\n"
3453
"\n"
3454
"BR=$1\n"
3455
"DEV=$2\n"
3456
"MTU=$3\n"
3457
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3458
"/usr/sbin/brctl addif $BR $DEV\n"
3459
msgstr ""
3460
3461
#: serverguide/C/vpn.xml:213(para)
3462
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3463
msgstr ""
3464
3465
#: serverguide/C/vpn.xml:217(programlisting)
3466
#, no-wrap
3467
msgid ""
3468
"\n"
3469
"#!/bin/sh\n"
3470
"\n"
3471
"BR=$1\n"
3472
"DEV=$2\n"
3473
"\n"
3474
"/usr/sbin/brctl delif $BR $DEV\n"
3475
"/sbin/ifconfig $DEV down\n"
3476
msgstr ""
3477
3478
#: serverguide/C/vpn.xml:227(para)
3479
msgid "Then make them executable:"
3480
msgstr ""
3481
3482
#: serverguide/C/vpn.xml:232(command)
3483
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3484
msgstr ""
3485
3486
#: serverguide/C/vpn.xml:233(command)
3487
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3488
msgstr ""
3489
3490
#: serverguide/C/vpn.xml:236(para)
3491
msgid ""
3492
"After configuring the server, restart <application>openvpn</application> by "
3493
"entering:"
3494
msgstr ""
3495
3496
#: serverguide/C/vpn.xml:241(command) serverguide/C/vpn.xml:281(command)
3497
msgid "sudo /etc/init.d/openvpn restart"
3498
msgstr ""
3499
3500
#: serverguide/C/vpn.xml:246(title)
3501
msgid "Client Configuration"
3502
msgstr ""
3503
3504
#: serverguide/C/vpn.xml:248(para)
3505
msgid ""
3506
"With the server configured and the client certificates copied over, create a "
3507
"client configuration file by copying the example. In a terminal on the "
3508
"client machine enter:"
3509
msgstr ""
3510
3511
#: serverguide/C/vpn.xml:254(command)
3512
msgid ""
3513
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3514
"/etc/openvpn"
3515
msgstr ""
3516
3517
#: serverguide/C/vpn.xml:257(para)
3518
msgid ""
3519
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3520
"following options:"
3521
msgstr ""
3522
3523
#: serverguide/C/vpn.xml:261(programlisting)
3524
#, no-wrap
3525
msgid ""
3526
"\n"
3527
"dev tap\n"
3528
"remote vpn.example.com 1194\n"
3529
"cert hostname.crt\n"
3530
"key hostname.key\n"
3531
"tls-auth ta.key 1\n"
3532
msgstr ""
3533
3534
#: serverguide/C/vpn.xml:270(para)
3535
msgid ""
3536
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3537
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3538
"key filenames."
3539
msgstr ""
3540
3541
#: serverguide/C/vpn.xml:276(para)
3542
msgid "Finally, restart <application>openvpn</application>:"
3543
msgstr ""
3544
3545
#: serverguide/C/vpn.xml:284(para)
3546
msgid "You should now be able to connect to the remote LAN through the VPN."
3547
msgstr ""
3548
3549
#: serverguide/C/vpn.xml:295(para)
3550
msgid ""
3551
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3552
"additional information."
3553
msgstr ""
3554
3555
#: serverguide/C/vpn.xml:300(para)
3556
msgid ""
3557
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3558
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3559
msgstr ""
3560
3561
#: serverguide/C/virtualization.xml:13(title)
3562
msgid "Virtualization"
3563
msgstr ""
3564
3565
#: serverguide/C/virtualization.xml:14(para)
3566
msgid ""
3567
"Virtualization is being adopted in many different environments and "
3568
"situations. If you are a developer, virtualization can provide you with a "
3569
"contained environment where you can safely do almost any sort of development "
3570
"safe from messing up your main working environment. If you are a systems "
3571
"administrator, you can use virtualization to more easily separate your "
3572
"services and move them around based on demand."
3573
msgstr ""
3574
3575
#: serverguide/C/virtualization.xml:20(para)
3576
msgid ""
3577
"The default virtualization technology supported in Ubuntu is "
3578
"<application>KVM</application>, a technology that takes advantage of "
3579
"virtualization extensions built into Intel and AMD hardware. For hardware "
3580
"without virtualization extensions <application>Xen</application> and "
3581
"<application>Qemu</application> are popular solutions."
3582
msgstr ""
3583
3584
#: serverguide/C/virtualization.xml:27(title)
3585
msgid "libvirt"
3586
msgstr ""
3587
3588
#: serverguide/C/virtualization.xml:28(para)
3589
msgid ""
3590
"The <application>libvirt</application> library is used to interface with "
3591
"different virtualization technologies. Before getting started with "
3592
"<application>libvirt</application> it is best to make sure your hardware "
3593
"supports the necessary virtualization extensions for "
3594
"<application>KVM</application>. Enter the following from a terminal prompt:"
3595
msgstr ""
3596
3597
#: serverguide/C/virtualization.xml:34(command)
3598
msgid "egrep '(vmx|svm)' /proc/cpuinfo"
3599
msgstr ""
3600
3601
#: serverguide/C/virtualization.xml:36(para)
3602
msgid ""
3603
"If nothing is printed, it means that your cpu does <emphasis>not</emphasis> "
3604
"support hardware virtualization."
3605
msgstr ""
3606
3607
#: serverguide/C/virtualization.xml:40(para)
3608
msgid ""
3609
"On most computer whose processor supports virtualization, it is necessary to "
3610
"activate an option in the bios to enable it. The method described above does "
3611
"not show the status of it's activation."
3612
msgstr ""
3613
3614
#: serverguide/C/virtualization.xml:47(title)
3615
msgid "Virtual Networking"
3616
msgstr ""
3617
3618
#: serverguide/C/virtualization.xml:49(para)
3619
msgid ""
3620
"There are a few different ways to allow a virtual machine access to the "
3621
"external network. The default virtual network configuration is "
3622
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3623
"traffic is NATed through the host interface to the outside network."
3624
msgstr ""
3625
3626
#: serverguide/C/virtualization.xml:54(para)
3627
msgid ""
3628
"To enable external hosts to directly access services on virtual machines a "
3629
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3630
"interfaces to connect to the outside network through the physical interface, "
3631
"making them appear as normal hosts to the rest of the network. For "
3632
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3633
msgstr ""
3634
3635
#: serverguide/C/virtualization.xml:63(para)
3636
msgid "To install the necessary packages, from a terminal prompt enter:"
3637
msgstr ""
3638
3639
#: serverguide/C/virtualization.xml:67(command)
3640
msgid "sudo apt-get install kvm libvirt-bin"
3641
msgstr ""
3642
3643
#: serverguide/C/virtualization.xml:69(para)
3644
msgid ""
3645
"After installing <application>libvirt-bin</application>, the user used to "
3646
"manage virtual machines will need to be added to the "
3647
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3648
"the advanced networking options."
3649
msgstr ""
3650
3651
#: serverguide/C/virtualization.xml:73(para)
3652
msgid "In a terminal enter:"
3653
msgstr ""
3654
3655
#: serverguide/C/virtualization.xml:77(command)
3656
msgid "sudo adduser $USER libvirtd"
3657
msgstr ""
3658
3659
#: serverguide/C/virtualization.xml:80(para)
3660
msgid ""
3661
"If the user chosen is the current user, you will need to log out and back in "
3662
"for the new group membership to take effect."
3663
msgstr ""
3664
3665
#: serverguide/C/virtualization.xml:84(para)
3666
msgid ""
3667
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3668
"Installing a virtual machine follows the same process as installing the "
3669
"operating system directly on the hardware. You either need a way to automate "
3670
"the installation, or a keyboard and monitor will need to be attached to the "
3671
"physical machine."
3672
msgstr ""
3673
3674
#: serverguide/C/virtualization.xml:89(para)
3675
msgid ""
3676
"In the case of virtual machines a Graphical User Interface (GUI) is "
3677
"analogous to using a physical keyboard and mouse. Instead of installing a "
3678
"GUI the <application>virt-viewer</application> application can be used to "
3679
"connect to a virtual machine's console using <application>VNC</application>. "
3680
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3681
msgstr ""
3682
3683
#: serverguide/C/virtualization.xml:94(para)
3684
msgid ""
3685
"There are several ways to automate the Ubuntu installation process, for "
3686
"example using preseeds, kickstart, etc. Refer to the <ulink "
3687
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
3688
"Guide</ulink> for details."
3689
msgstr ""
3690
3691
#: serverguide/C/virtualization.xml:98(para)
3692
msgid ""
3693
"Yet another way to install an Ubuntu virtual machine is to use "
3694
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3695
"builder</application> allows you to setup advanced partitions, execute "
3696
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3697
"vmbuilder\"/>"
3698
msgstr ""
3699
3700
#: serverguide/C/virtualization.xml:104(title)
3701
msgid "virt-install"
3702
msgstr ""
3703
3704
#: serverguide/C/virtualization.xml:105(para)
3705
msgid ""
3706
"<application>virt-install</application> is part of the <application>python-"
3707
"virtinst</application> package. To install it, from a terminal prompt enter:"
3708
msgstr ""
3709
3710
#: serverguide/C/virtualization.xml:109(command)
3711
msgid "sudo apt-get install python-virtinst"
3712
msgstr ""
3713
3714
#: serverguide/C/virtualization.xml:111(para)
3715
msgid ""
3716
"There are several options available when using <application>virt-"
3717
"install</application>. For example:"
3718
msgstr ""
3719
3720
#: serverguide/C/virtualization.xml:115(command)
3721
msgid ""
3722
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3723
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3724
msgstr ""
3725
3726
#: serverguide/C/virtualization.xml:122(para)
3727
msgid ""
3728
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3729
"be <emphasis>web_devel</emphasis> in this example."
3730
msgstr ""
3731
3732
#: serverguide/C/virtualization.xml:127(para)
3733
msgid ""
3734
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3735
"machine will use."
3736
msgstr ""
3737
3738
#: serverguide/C/virtualization.xml:132(para)
3739
msgid ""
3740
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3741
"disk which can be a file, partition, or logical volume. In this example a "
3742
"file named <filename>web_devel.img</filename>."
3743
msgstr ""
3744
3745
#: serverguide/C/virtualization.xml:138(para)
3746
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3747
msgstr ""
3748
3749
#: serverguide/C/virtualization.xml:143(para)
3750
msgid ""
3751
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3752
"file can be either an ISO file or the path to the host's CDROM device."
3753
msgstr ""
3754
3755
#: serverguide/C/virtualization.xml:149(para)
3756
msgid ""
3757
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3758
"technologies."
3759
msgstr ""
3760
3761
#: serverguide/C/virtualization.xml:154(para)
3762
msgid ""
3763
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3764
msgstr ""
3765
3766
#: serverguide/C/virtualization.xml:159(para)
3767
msgid ""
3768
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3769
"virtual machine's console."
3770
msgstr ""
3771
3772
#: serverguide/C/virtualization.xml:164(para)
3773
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3774
msgstr ""
3775
3776
#: serverguide/C/virtualization.xml:169(para)
3777
msgid ""
3778
"After launching <application>virt-install</application> you can connect to "
3779
"the virtual machine's console either locally using a GUI or with the "
3780
"<application>virt-viewer</application> utility."
3781
msgstr ""
3782
3783
#: serverguide/C/virtualization.xml:175(title)
3784
msgid "virt-clone"
3785
msgstr ""
3786
3787
#: serverguide/C/virtualization.xml:176(para)
3788
msgid ""
3789
"The <application>virt-clone</application> application can be used to copy "
3790
"one virtual machine to another. For example:"
3791
msgstr ""
3792
3793
#: serverguide/C/virtualization.xml:180(command)
3794
msgid ""
3795
"sudo virt-clone -o web_devel -n database_devel -f "
3796
"/path/to/database_devel.img --connect=qemu:///system"
3797
msgstr ""
3798
3799
#: serverguide/C/virtualization.xml:184(para)
3800
msgid "<emphasis>-o:</emphasis> original virtual machine."
3801
msgstr ""
3802
3803
#: serverguide/C/virtualization.xml:189(para)
3804
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3805
msgstr ""
3806
3807
#: serverguide/C/virtualization.xml:194(para)
3808
msgid ""
3809
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3810
"be used by the new virtual machine."
3811
msgstr ""
3812
3813
#: serverguide/C/virtualization.xml:199(para)
3814
msgid ""
3815
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3816
msgstr ""
3817
3818
#: serverguide/C/virtualization.xml:204(para)
3819
msgid ""
3820
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3821
"help troubleshoot problems with <application>virt-clone</application>."
3822
msgstr ""
3823
3824
#: serverguide/C/virtualization.xml:209(para)
3825
msgid ""
3826
"Replace <emphasis>web_devel</emphasis> and "
3827
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3828
msgstr ""
3829
3830
#: serverguide/C/virtualization.xml:215(title)
3831
msgid "Virtual Machine Management"
3832
msgstr ""
3833
3834
#: serverguide/C/virtualization.xml:217(title)
3835
msgid "virsh"
3836
msgstr ""
3837
3838
#: serverguide/C/virtualization.xml:218(para)
3839
msgid ""
3840
"There are several utilities available to manage virtual machines and "
3841
"<application>libvirt</application>. The <application>virsh</application> "
3842
"utility can be used from the command line. Some examples:"
3843
msgstr ""
3844
3845
#: serverguide/C/virtualization.xml:224(para)
3846
msgid "To list running virtual machines:"
3847
msgstr ""
3848
3849
#: serverguide/C/virtualization.xml:228(command)
3850
msgid "virsh -c qemu:///system list"
3851
msgstr ""
3852
3853
#: serverguide/C/virtualization.xml:232(para)
3854
msgid "To start a virtual machine:"
3855
msgstr ""
3856
3857
#: serverguide/C/virtualization.xml:236(command)
3858
msgid "virsh -c qemu:///system start web_devel"
3859
msgstr ""
3860
3861
#: serverguide/C/virtualization.xml:240(para)
3862
msgid "Similarly, to start a virtual machine at boot:"
3863
msgstr ""
3864
3865
#: serverguide/C/virtualization.xml:244(command)
3866
msgid "virsh -c qemu:///system autostart web_devel"
3867
msgstr ""
3868
3869
#: serverguide/C/virtualization.xml:248(para)
3870
msgid "Reboot a virtual machine with:"
3871
msgstr ""
3872
3873
#: serverguide/C/virtualization.xml:252(command)
3874
msgid "virsh -c qemu:///system reboot web_devel"
3875
msgstr ""
3876
3877
#: serverguide/C/virtualization.xml:256(para)
3878
msgid ""
3879
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3880
"order to be restored later. The following will save the virtual machine "
3881
"state into a file named according to the date:"
3882
msgstr ""
3883
3884
#: serverguide/C/virtualization.xml:261(command)
3885
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3886
msgstr ""
3887
3888
#: serverguide/C/virtualization.xml:263(para)
3889
msgid "Once saved the virtual machine will no longer be running."
3890
msgstr ""
3891
3892
#: serverguide/C/virtualization.xml:268(para)
3893
msgid "A saved virtual machine can be restored using:"
3894
msgstr ""
3895
3896
#: serverguide/C/virtualization.xml:272(command)
3897
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3898
msgstr ""
3899
3900
#: serverguide/C/virtualization.xml:276(para)
3901
msgid "To shutdown a virtual machine do:"
3902
msgstr ""
3903
3904
#: serverguide/C/virtualization.xml:280(command)
3905
msgid "virsh -c qemu:///system shutdown web_devel"
3906
msgstr ""
3907
3908
#: serverguide/C/virtualization.xml:284(para)
3909
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3910
msgstr ""
3911
3912
#: serverguide/C/virtualization.xml:288(command)
3913
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3914
msgstr ""
3915
3916
#: serverguide/C/virtualization.xml:293(para)
3917
msgid ""
3918
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3919
"appropriate virtual machine name, and <filename>web_devel-"
3920
"022708.state</filename> with a descriptive file name."
3921
msgstr ""
3922
3923
#: serverguide/C/virtualization.xml:300(title)
3924
msgid "Virtual Machine Manager"
3925
msgstr ""
3926
3927
#: serverguide/C/virtualization.xml:301(para)
3928
msgid ""
3929
"The <application>virt-manager</application> package contains a graphical "
3930
"utility to manage local and remote virtual machines. To install virt-manager "
3931
"enter:"
3932
msgstr ""
3933
3934
#: serverguide/C/virtualization.xml:306(command)
3935
msgid "sudo apt-get install virt-manager"
3936
msgstr ""
3937
3938
#: serverguide/C/virtualization.xml:308(para)
3939
msgid ""
3940
"Since <application>virt-manager</application> requires a Graphical User "
3941
"Interface (GUI) environment it is recommended to be installed on a "
3942
"workstation or test machine instead of a production server. To connect to "
3943
"the local <application>libvirt</application> service enter:"
3944
msgstr ""
3945
3946
#: serverguide/C/virtualization.xml:314(command)
3947
msgid "virt-manager -c qemu:///system"
3948
msgstr ""
3949
3950
#: serverguide/C/virtualization.xml:316(para)
3951
msgid ""
3952
"You can connect to the <application>libvirt</application> service running on "
3953
"another host by entering the following in a terminal prompt:"
3954
msgstr ""
3955
3956
#: serverguide/C/virtualization.xml:320(command)
3957
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3958
msgstr ""
3959
3960
#: serverguide/C/virtualization.xml:323(para)
3961
msgid ""
3962
"The above example assumes that <application>SSH</application> connectivity "
3963
"between the management system and virtnode1.mydomain.com has already been "
3964
"configured, and uses SSH keys for authentication. SSH "
3965
"<emphasis>keys</emphasis> are needed because "
3966
"<application>libvirt</application> sends the password prompt to another "
3967
"process. For details on configuring <application>SSH</application> see <xref "
3968
"linkend=\"openssh-server\"/>"
3969
msgstr ""
3970
3971
#: serverguide/C/virtualization.xml:333(title)
3972
msgid "Virtual Machine Viewer"
3973
msgstr ""
3974
3975
#: serverguide/C/virtualization.xml:334(para)
3976
msgid ""
3977
"The <application>virt-viewer</application> application allows you to connect "
3978
"to a virtual machine's console. <application>virt-viewer</application> does "
3979
"require a Graphical User Interface (GUI) to interface with the virtual "
3980
"machine."
3981
msgstr ""
3982
3983
#: serverguide/C/virtualization.xml:338(para)
3984
msgid ""
3985
"To install <application>virt-viewer</application> from a terminal enter:"
3986
msgstr ""
3987
3988
#: serverguide/C/virtualization.xml:342(command)
3989
msgid "sudo apt-get install virt-viewer"
3990
msgstr ""
3991
3992
#: serverguide/C/virtualization.xml:344(para)
3993
msgid ""
3994
"Once a virtual machine is installed and running you can connect to the "
3995
"virtual machine's console by using:"
3996
msgstr ""
3997
3998
#: serverguide/C/virtualization.xml:348(command)
3999
msgid "virt-viewer -c qemu:///system web_devel"
4000
msgstr ""
4001
4002
#: serverguide/C/virtualization.xml:350(para)
4003
msgid ""
4004
"Similar to <application>virt-manager</application>, <application>virt-"
4005
"viewer</application> can connect to a remote host using "
4006
"<emphasis>SSH</emphasis> with key authentication, as well:"
4007
msgstr ""
4008
4009
#: serverguide/C/virtualization.xml:355(command)
4010
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
4011
msgstr ""
4012
4013
#: serverguide/C/virtualization.xml:357(para)
4014
msgid ""
4015
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4016
"appropriate virtual machine name."
4017
msgstr ""
4018
4019
#: serverguide/C/virtualization.xml:360(para)
4020
msgid ""
4021
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4022
"can also setup <application>SSH</application> access to the virtual machine. "
4023
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4024
"more details."
4025
msgstr ""
4026
4027
#: serverguide/C/virtualization.xml:369(para)
4028
msgid ""
4029
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4030
"for more details."
4031
msgstr ""
4032
4033
#: serverguide/C/virtualization.xml:374(para)
4034
msgid ""
4035
"For more information on <application>libvirt</application> see the <ulink "
4036
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
4037
msgstr ""
4038
4039
#: serverguide/C/virtualization.xml:379(para)
4040
msgid ""
4041
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4042
"Manager</ulink> site has more information on <application>virt-"
4043
"manager</application> development."
4044
msgstr ""
4045
4046
#: serverguide/C/virtualization.xml:385(para)
4047
msgid ""
4048
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4049
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4050
"technology in Ubuntu."
4051
msgstr ""
4052
4053
#: serverguide/C/virtualization.xml:394(title)
4054
msgid "JeOS and vmbuilder"
4055
msgstr ""
4056
4057
#: serverguide/C/virtualization.xml:400(title)
4058
msgid "What is JeOS"
4059
msgstr ""
4060
4061
#: serverguide/C/virtualization.xml:402(para)
4062
msgid ""
4063
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4064
"variant of the Ubuntu Server operating system, configured specifically for "
4065
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4066
"only as an option either:"
4067
msgstr ""
4068
4069
#: serverguide/C/virtualization.xml:409(para)
4070
msgid ""
4071
"While installing from the Server Edition ISO (pressing "
4072
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4073
"installation\", which is the package selection equivalent to JeOS)."
4074
msgstr ""
4075
4076
#: serverguide/C/virtualization.xml:415(para)
4077
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
4078
msgstr ""
4079
4080
#: serverguide/C/virtualization.xml:421(para)
4081
msgid ""
4082
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4083
"kernel that only contains the base elements needed to run within a "
4084
"virtualized environment."
4085
msgstr ""
4086
4087
#: serverguide/C/virtualization.xml:426(para)
4088
msgid ""
4089
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4090
"in the latest virtualization products from VMware. This combination of "
4091
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4092
"delivers a highly efficient use of server resources in large virtual "
4093
"deployments."
4094
msgstr ""
4095
4096
#: serverguide/C/virtualization.xml:432(para)
4097
msgid ""
4098
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4099
"can configure their supporting OS exactly as they require. They have the "
4100
"peace of mind that updates, whether for security or enhancement reasons, "
4101
"will be limited to the bare minimum of what is required in their specific "
4102
"environment. In turn, users deploying virtual appliances built on top of "
4103
"JeOS will have to go through fewer updates and therefore less maintenance "
4104
"than they would have had to with a standard full installation of a server."
4105
msgstr ""
4106
4107
#: serverguide/C/virtualization.xml:441(title)
4108
msgid "What is vmbuilder"
4109
msgstr ""
4110
4111
#: serverguide/C/virtualization.xml:443(para)
4112
msgid ""
4113
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4114
"will fetch the various package and build a virtual machine tailored for our "
4115
"need in about a minute for us. Vmbuilder is a Script that automates the "
4116
"process of creating a ready to use Linux based VM. The currently supported "
4117
"hypervisors are KVM and Xen."
4118
msgstr ""
4119
4120
#: serverguide/C/virtualization.xml:449(para)
4121
msgid ""
4122
"You can pass command line options to add extra packages, remove packages, "
4123
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4124
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4125
"a local mirror, you can bootstrap a VM in less than a minute."
4126
msgstr ""
4127
4128
#: serverguide/C/virtualization.xml:455(para)
4129
msgid ""
4130
"First introduced as a shell script in Ubuntu 8.04LTS, <application>ubuntu-vm-"
4131
"builder</application> started with little emphasis as a hack to help "
4132
"developers test their new code in a virtual machine without having to "
4133
"restart from scratch each time. As a few Ubuntu administrators started to "
4134
"notice this script, a few of them went on improving it and adapting it for "
4135
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4136
"virtualization specialist, not the golf player) decided to rewrite it from "
4137
"scratch for Intrepid as a python script with a few new design goals:"
4138
msgstr ""
4139
4140
#: serverguide/C/virtualization.xml:465(para)
4141
msgid "Develop it so that it can be reused by other distributions."
4142
msgstr ""
4143
4144
#: serverguide/C/virtualization.xml:470(para)
4145
msgid ""
4146
"Use a plugin mechanisms for all virtualization interactions so that others "
4147
"can easily add logic for other virtualization environments."
4148
msgstr ""
4149
4150
#: serverguide/C/virtualization.xml:475(para)
4151
msgid ""
4152
"Provide an easy to maintain web interface as an option to the command line "
4153
"interface."
4154
msgstr ""
4155
4156
#: serverguide/C/virtualization.xml:481(para)
4157
msgid "But the general principles and commands remain the same."
4158
msgstr ""
4159
4160
#: serverguide/C/virtualization.xml:488(title)
4161
msgid "Initial Setup"
4162
msgstr ""
4163
4164
#: serverguide/C/virtualization.xml:490(para)
4165
msgid ""
4166
"It is assumed that you have installed and configured "
4167
"<application>libvirt</application> and <application>KVM</application> "
4168
"locally on the machine you are using. For details on how to perform this, "
4169
"please refer to:"
4170
msgstr ""
4171
4172
#: serverguide/C/virtualization.xml:502(para)
4173
msgid ""
4174
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4175
"page."
4176
msgstr ""
4177
4178
#: serverguide/C/virtualization.xml:508(para)
4179
msgid ""
4180
"We also assume that you know how to use a text based text editor such as "
4181
"nano or vi. If you have not used any of them before, you can get an overview "
4182
"of the various text editors available by reading the <ulink "
4183
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4184
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4185
"principle should remain on other virtualization technologies."
4186
msgstr ""
4187
4188
#: serverguide/C/virtualization.xml:516(title)
4189
msgid "Install vmbuilder"
4190
msgstr ""
4191
4192
#: serverguide/C/virtualization.xml:518(para)
4193
msgid ""
4194
"The name of the package that we need to install is <application>python-vm-"
4195
"builder</application>. In a terminal prompt enter:"
4196
msgstr ""
4197
4198
#: serverguide/C/virtualization.xml:523(command)
4199
msgid "sudo apt-get install python-vm-builder"
4200
msgstr ""
4201
4202
#: serverguide/C/virtualization.xml:527(para)
4203
msgid ""
4204
"If you are running Hardy, you can still perform most of this using the older "
4205
"version of the package named <application>ubuntu-vm-builder</application>, "
4206
"there are only a few changes to the syntax of the tool."
4207
msgstr ""
4208
4209
#: serverguide/C/virtualization.xml:536(title)
4210
msgid "Defining Your Virtual Machine"
4211
msgstr ""
4212
4213
#: serverguide/C/virtualization.xml:538(para)
4214
msgid ""
4215
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4216
"are a few thing to consider:"
4217
msgstr ""
4218
4219
#: serverguide/C/virtualization.xml:544(para)
4220
msgid ""
4221
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4222
"will know how to extend disk size to fit their need, so either plan for a "
4223
"large virtual disk to allow for your appliance to grow, or explain fairly "
4224
"well in your documentation how to allocate more space. It might actually be "
4225
"a good idea to store data on some separate external storage."
4226
msgstr ""
4227
4228
#: serverguide/C/virtualization.xml:551(para)
4229
msgid ""
4230
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4231
"whatever you think is a safe minimum for your appliance."
4232
msgstr ""
4233
4234
#: serverguide/C/virtualization.xml:557(para)
4235
msgid ""
4236
"The <application>vmbuilder</application> command has 2 main parameters: the "
4237
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4238
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4239
"and can be found using the following command:"
4240
msgstr ""
4241
4242
#: serverguide/C/virtualization.xml:563(command)
4243
msgid "vmbuilder --help"
4244
msgstr ""
4245
4246
#: serverguide/C/virtualization.xml:567(title)
4247
msgid "Base Parameters"
4248
msgstr ""
4249
4250
#: serverguide/C/virtualization.xml:569(para)
4251
msgid ""
4252
"As this example is based on <application>KVM</application> and Ubuntu 9.10 "
4253
"(Karmic Koala), and we are likely to rebuild the same virtual machine "
4254
"multiple time, we'll invoke vmbuilder with the following first parameters:"
4255
msgstr ""
4256
4257
#: serverguide/C/virtualization.xml:575(command)
4258
msgid ""
4259
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4260
"libvirt qemu:///system"
4261
msgstr ""
4262
4263
#: serverguide/C/virtualization.xml:578(para)
4264
msgid ""
4265
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4266
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4267
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4268
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4269
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4270
"libvirt</emphasis> tells to inform the local virtualization environment to "
4271
"add the resulting VM to the list of available machines."
4272
msgstr ""
4273
4274
#: serverguide/C/virtualization.xml:586(para)
4275
msgid "Notes:"
4276
msgstr ""
4277
4278
#: serverguide/C/virtualization.xml:592(para)
4279
msgid ""
4280
"Because of the nature of operations performed by vmbuilder, it needs to have "
4281
"root privilege, hence the use of sudo."
4282
msgstr ""
4283
4284
#: serverguide/C/virtualization.xml:597(para)
4285
msgid ""
4286
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4287
"a 64 bit machine (--arch amd64)."
4288
msgstr ""
4289
4290
#: serverguide/C/virtualization.xml:602(para)
4291
msgid ""
4292
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4293
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4294
"use <emphasis>--flavour</emphasis> server instead."
4295
msgstr ""
4296
4297
#: serverguide/C/virtualization.xml:610(title)
4298
msgid "JeOS Installation Parameters"
4299
msgstr ""
4300
4301
#: serverguide/C/virtualization.xml:613(title)
4302
msgid "JeOS Networking"
4303
msgstr ""
4304
4305
#: serverguide/C/virtualization.xml:616(title)
4306
msgid "Assigning a fixed IP address"
4307
msgstr ""
4308
4309
#: serverguide/C/virtualization.xml:618(para)
4310
msgid ""
4311
"As a virtual appliance that may be deployed on various very different "
4312
"networks, it is very difficult to know what the actual network will look "
4313
"like. In order to simplify configuration, it is a good idea to take an "
4314
"approach similar to what network hardware vendors usually do, namely "
4315
"assigning an initial fixed IP address to the appliance in a private class "
4316
"network that you will provide in your documentation. An address in the range "
4317
"192.168.0.0/255 is usually a good choice."
4318
msgstr ""
4319
4320
#: serverguide/C/virtualization.xml:625(para)
4321
msgid "To do this we'll use the following parameters:"
4322
msgstr ""
4323
4324
#: serverguide/C/virtualization.xml:631(para)
4325
msgid ""
4326
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4327
"dhcp if not specified)"
4328
msgstr ""
4329
4330
#: serverguide/C/virtualization.xml:636(para)
4331
msgid ""
4332
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4333
"255.255.255.0)"
4334
msgstr ""
4335
4336
#: serverguide/C/virtualization.xml:641(para)
4337
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4338
msgstr ""
4339
4340
#: serverguide/C/virtualization.xml:646(para)
4341
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4342
msgstr ""
4343
4344
#: serverguide/C/virtualization.xml:651(para)
4345
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4346
msgstr ""
4347
4348
#: serverguide/C/virtualization.xml:656(para)
4349
msgid ""
4350
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4351
msgstr ""
4352
4353
#: serverguide/C/virtualization.xml:662(para)
4354
msgid ""
4355
"We assume for now that default values are good enough, so the resulting "
4356
"invocation becomes:"
4357
msgstr ""
4358
4359
#: serverguide/C/virtualization.xml:667(command)
4360
msgid ""
4361
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4362
"libvirt qemu:///system --ip 192.168.0.100"
4363
msgstr ""
4364
4365
#: serverguide/C/virtualization.xml:672(title)
4366
msgid "Modifying the libvirt Template to use Bridging"
4367
msgstr ""
4368
4369
#: serverguide/C/virtualization.xml:674(para)
4370
msgid ""
4371
"Because our appliance will be likely to need to be accessed by remote hosts, "
4372
"we need to configure libvirt so that the appliance uses bridge networking. "
4373
"To do this we use vmbuilder template mechanism to modify the default one."
4374
msgstr ""
4375
4376
#: serverguide/C/virtualization.xml:679(para)
4377
msgid ""
4378
"In our working directory we create the template hierarchy and copy the "
4379
"default template:"
4380
msgstr ""
4381
4382
#: serverguide/C/virtualization.xml:684(command)
4383
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4384
msgstr ""
4385
4386
#: serverguide/C/virtualization.xml:685(command)
4387
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4388
msgstr ""
4389
4390
#: serverguide/C/virtualization.xml:688(para)
4391
msgid ""
4392
"We can then edit "
4393
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4394
"change:"
4395
msgstr ""
4396
4397
#: serverguide/C/virtualization.xml:692(programlisting)
4398
#, no-wrap
4399
msgid ""
4400
"\n"
4401
" <interface type='network'>\n"
4402
" <source network='default'/>\n"
4403
" </interface>\n"
4404
msgstr ""
4405
4406
#: serverguide/C/virtualization.xml:698(para)
4407
msgid "To:"
4408
msgstr ""
4409
4410
#: serverguide/C/virtualization.xml:702(programlisting)
4411
#, no-wrap
4412
msgid ""
4413
"\n"
4414
" <interface type='bridge'>\n"
4415
" <source bridge='br0'/>\n"
4416
" </interface>\n"
4417
msgstr ""
4418
4419
#: serverguide/C/virtualization.xml:712(title) serverguide/C/installation.xml:407(title)
4420
msgid "Partitioning"
4421
msgstr ""
4422
4423
#: serverguide/C/virtualization.xml:714(para)
4424
msgid ""
4425
"Partitioning of the virtual appliance will have to take into consideration "
4426
"what you are planning to do with is. Because most appliances want to have a "
4427
"separate storage for data, having a separate <filename>/var</filename> would "
4428
"make sense."
4429
msgstr ""
4430
4431
#: serverguide/C/virtualization.xml:719(para)
4432
msgid ""
4433
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4434
msgstr ""
4435
4436
#: serverguide/C/virtualization.xml:723(programlisting)
4437
#, no-wrap
4438
msgid ""
4439
"\n"
4440
"--part PATH\n"
4441
" Allows to specify a partition table in partfile each line of partfile "
4442
"should specify\n"
4443
" (root first):\n"
4444
" mountpoint size\n"
4445
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4446
"disk starts on a\n"
4447
" line with ’---’. ie :\n"
4448
" root 1000\n"
4449
" /opt 1000\n"
4450
" swap 256\n"
4451
" ---\n"
4452
" /var 2000\n"
4453
" /log 1500\n"
4454
msgstr ""
4455
4456
#: serverguide/C/virtualization.xml:738(para)
4457
msgid ""
4458
"In our case we will define a text file name "
4459
"<filename>vmbuilder.partition</filename> which will contain the following:"
4460
msgstr ""
4461
4462
#: serverguide/C/virtualization.xml:742(programlisting)
4463
#, no-wrap
4464
msgid ""
4465
"\n"
4466
"root 8000\n"
4467
"swap 4000\n"
4468
"---\n"
4469
"/var 20000\n"
4470
msgstr ""
4471
4472
#: serverguide/C/virtualization.xml:750(para)
4473
msgid ""
4474
"Note that as we are using virtual disk images, the actual sizes that we put "
4475
"here are maximum sizes for these volumes."
4476
msgstr ""
4477
4478
#: serverguide/C/virtualization.xml:755(para)
4479
msgid "Our command line now looks like:"
4480
msgstr ""
4481
4482
#: serverguide/C/virtualization.xml:760(command)
4483
msgid ""
4484
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 \\ -o "
4485
"--libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4486
msgstr ""
4487
4488
#: serverguide/C/virtualization.xml:765(para)
4489
msgid ""
4490
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4491
"next line."
4492
msgstr ""
4493
4494
#: serverguide/C/virtualization.xml:772(title)
4495
msgid "User and Password"
4496
msgstr ""
4497
4498
#: serverguide/C/virtualization.xml:774(para)
4499
msgid ""
4500
"Again setting up a virtual appliance, you will need to provide a default "
4501
"user and password that is generic so that you can include it in your "
4502
"documentation. We will see later on in this tutorial how we will provide "
4503
"some security by defining a script that will be run the first time a user "
4504
"actually logs in the appliance, that will, among other things, ask him to "
4505
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4506
"as my user name, and <emphasis>'default'</emphasis> as the password."
4507
msgstr ""
4508
4509
#: serverguide/C/virtualization.xml:782(para)
4510
msgid "To do this we use the following optional parameters:"
4511
msgstr ""
4512
4513
#: serverguide/C/virtualization.xml:788(para)
4514
msgid ""
4515
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4516
"Default: ubuntu."
4517
msgstr ""
4518
4519
#: serverguide/C/virtualization.xml:793(para)
4520
msgid ""
4521
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4522
"added. Default: Ubuntu."
4523
msgstr ""
4524
4525
#: serverguide/C/virtualization.xml:798(para)
4526
msgid ""
4527
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4528
"Default: ubuntu."
4529
msgstr ""
4530
4531
#: serverguide/C/virtualization.xml:804(para)
4532
msgid "Our resulting command line becomes:"
4533
msgstr ""
4534
4535
#: serverguide/C/virtualization.xml:809(command)
4536
msgid ""
4537
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
4538
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4539
"-user user --name user --pass default"
4540
msgstr ""
4541
4542
#: serverguide/C/virtualization.xml:817(title)
4543
msgid "Installing Required Packages"
4544
msgstr ""
4545
4546
#: serverguide/C/virtualization.xml:819(para)
4547
msgid ""
4548
"In this example we will be installing a package "
4549
"<application>(Limesurvey)</application> that accesses a "
4550
"<application>MySQL</application> database and has a web interface. We will "
4551
"therefore require our OS to provide us with:"
4552
msgstr ""
4553
4554
#: serverguide/C/virtualization.xml:826(para)
4555
msgid "Apache"
4556
msgstr ""
4557
4558
#: serverguide/C/virtualization.xml:827(para)
4559
msgid "PHP"
4560
msgstr ""
4561
4562
#: serverguide/C/virtualization.xml:828(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4563
msgid "MySQL"
4564
msgstr ""
4565
4566
#: serverguide/C/virtualization.xml:829(para) serverguide/C/remote-administration.xml:20(title)
4567
msgid "OpenSSH Server"
4568
msgstr ""
4569
4570
#: serverguide/C/virtualization.xml:830(para)
4571
msgid "Limesurvey (as an example application that we have packaged)"
4572
msgstr ""
4573
4574
#: serverguide/C/virtualization.xml:833(para)
4575
msgid ""
4576
"This is done using vmbuilder by specifying the --addpkg command multiple "
4577
"times:"
4578
msgstr ""
4579
4580
#: serverguide/C/virtualization.xml:837(programlisting)
4581
#, no-wrap
4582
msgid ""
4583
"\n"
4584
"--addpkg PKG\n"
4585
" Install PKG into the guest (can be specfied multiple times)\n"
4586
msgstr ""
4587
4588
#: serverguide/C/virtualization.xml:842(para)
4589
msgid ""
4590
"However, due to the way vmbuilder operates, packages that have to ask "
4591
"questions to the user during the post install phase are not supported and "
4592
"should instead be installed while interactivity can occur. This is the case "
4593
"of Limesurvey, which we will have to install later, once the user logs in."
4594
msgstr ""
4595
4596
#: serverguide/C/virtualization.xml:848(para)
4597
msgid ""
4598
"Other packages that ask simple debconf question, such as <application>mysql-"
4599
"server</application> asking to set a password, the package can be installed "
4600
"immediately, but we will have to reconfigure it the first time the user logs "
4601
"in."
4602
msgstr ""
4603
4604
#: serverguide/C/virtualization.xml:854(para)
4605
msgid ""
4606
"If some packages that we need to install are not in main, we need to enable "
4607
"the additional repositories using --comp and --ppa:"
4608
msgstr ""
4609
4610
#: serverguide/C/virtualization.xml:858(programlisting)
4611
#, no-wrap
4612
msgid ""
4613
"\n"
4614
"--components COMP1,COMP2,...,COMPN\n"
4615
" A comma separated list of distro components to include (e.g. "
4616
"main,universe). This defaults\n"
4617
" to \"main\"\n"
4618
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:865(para)
4622
msgid ""
4623
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4624
"PPA (personal package archive) address so that it is added to the VM "
4625
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4626
"to the command line:"
4627
msgstr ""
4628
4629
#: serverguide/C/virtualization.xml:871(command)
4630
msgid ""
4631
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4632
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4633
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4634
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4635
"server --ppa nijaba"
4636
msgstr ""
4637
4638
#: serverguide/C/virtualization.xml:878(title)
4639
msgid "OpenSSH"
4640
msgstr ""
4641
4642
#: serverguide/C/virtualization.xml:880(para)
4643
msgid ""
4644
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4645
"it will allow our admins to access the appliance remotely. However, pushing "
4646
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4647
"security risk as all these server will share the same secret key, making it "
4648
"very easy for hackers to target our appliance with all the tools they need "
4649
"to crack it open in a breeze. As for the user password, we will instead rely "
4650
"on a script that will install OpenSSH the first time a user logs in so that "
4651
"the key generated will be different for each appliance. For this we'll use a "
4652
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4653
"interaction."
4654
msgstr ""
4655
4656
#: serverguide/C/virtualization.xml:892(title)
4657
msgid "Speed Considerations"
4658
msgstr ""
4659
4660
#: serverguide/C/virtualization.xml:895(title)
4661
msgid "Package Caching"
4662
msgstr ""
4663
4664
#: serverguide/C/virtualization.xml:897(para)
4665
msgid ""
4666
"When vmbuilder creates builds your system, it has to go fetch each one of "
4667
"the packages that composes it over the network to one of the official "
4668
"repositories, which, depending on your internet connection speed and the "
4669
"load of the mirror, can have a big impact on the actual build time. In order "
4670
"to reduce this, it is recommended to either have a local repository (which "
4671
"can be created using <application>apt-mirror</application>) or using a "
4672
"caching proxy such as <application>apt-cache</application>. The later option "
4673
"being much simpler to implement and requiring less disk space, it is the one "
4674
"we will pick in this tutorial. To install it, simply type:"
4675
msgstr ""
4676
4677
#: serverguide/C/virtualization.xml:907(command)
4678
msgid "sudo apt-get install apt-proxy"
4679
msgstr ""
4680
4681
#: serverguide/C/virtualization.xml:910(para)
4682
msgid ""
4683
"Once this is complete, your (empty) proxy is ready for use on "
4684
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4685
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4686
"option:"
4687
msgstr ""
4688
4689
#: serverguide/C/virtualization.xml:915(programlisting)
4690
#, no-wrap
4691
msgid ""
4692
"\n"
4693
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4694
" is http://archive.ubuntu.com/ubuntu for official\n"
4695
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4696
" otherwise\n"
4697
msgstr ""
4698
4699
#: serverguide/C/virtualization.xml:922(para)
4700
msgid "So we add to the command line:"
4701
msgstr ""
4702
4703
#: serverguide/C/virtualization.xml:927(command)
4704
msgid "--mirror http://mirroraddress:9999/ubuntu"
4705
msgstr ""
4706
4707
#: serverguide/C/virtualization.xml:931(para)
4708
msgid ""
4709
"The mirror address specified here will also be used in the "
4710
"<filename>/etc/apt/source.list</filename> of the newly created guest, so it "
4711
"is usefull to specify here an address that can be resolved by the guest or "
4712
"to plan on reseting this address later on, such as in a <emphasis>--"
4713
"firstboot</emphasis> script."
4714
msgstr ""
4715
4716
#: serverguide/C/virtualization.xml:940(title)
4717
msgid "Install a Local Mirror"
4718
msgstr ""
4719
4720
#: serverguide/C/virtualization.xml:942(para)
4721
msgid ""
4722
"If we are in a larger environment, it may make sense to setup a local mirror "
4723
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4724
"script that will handle the mirroring for you. You should plan on having "
4725
"about 20 gigabyte of free space per supported release and architecture."
4726
msgstr ""
4727
4728
#: serverguide/C/virtualization.xml:948(para)
4729
msgid ""
4730
"By default, <application>apt-mirror</application> uses the configuration "
4731
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4732
"replicate only the architecture of the local machine. If you would like to "
4733
"support other architectures on your mirror, simply duplicate the lines "
4734
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4735
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4736
"archives as well, you will have:"
4737
msgstr ""
4738
4739
#: serverguide/C/virtualization.xml:955(programlisting)
4740
#, no-wrap
4741
msgid ""
4742
"\n"
4743
"deb http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4744
"multiverse \n"
4745
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4746
"multiverse\n"
4747
"\n"
4748
"deb http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4749
"universe multiverse \n"
4750
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4751
"universe multiverse \n"
4752
"\n"
4753
"deb http://archive.ubuntu.com/ubuntu/ karmic-backports main restricted "
4754
"universe multiverse \n"
4755
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-backports main restricted "
4756
"universe multiverse \n"
4757
"\n"
4758
"deb http://security.ubuntu.com/ubuntu karmic-security main restricted "
4759
"universe multiverse \n"
4760
"/deb-i386 http://security.ubuntu.com/ubuntu karmic-security main restricted "
4761
"universe multiverse \n"
4762
"\n"
4763
"deb http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4764
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4765
"installer \n"
4766
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4767
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4768
"installer \n"
4769
msgstr ""
4770
4771
#: serverguide/C/virtualization.xml:972(para)
4772
msgid ""
4773
"Notice that the source packages are not mirrored as they are seldom used "
4774
"compared to the binaries and they do take a lot more space, but they can be "
4775
"easily added to the list."
4776
msgstr ""
4777
4778
#: serverguide/C/virtualization.xml:977(para)
4779
msgid ""
4780
"Once the mirror has finished replicating (and this can be quite long), you "
4781
"need to configure Apache so that your mirror files (in "
4782
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4783
"default), are published by your Apache server. For more information on "
4784
"Apache see <xref linkend=\"httpd\"/>."
4785
msgstr ""
4786
4787
#: serverguide/C/virtualization.xml:986(title)
4788
msgid "Installing in a RAM Disk"
4789
msgstr ""
4790
4791
#: serverguide/C/virtualization.xml:988(para)
4792
msgid ""
4793
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4794
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4795
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4796
"-tmpfs</emphasis> will help you do just that:"
4797
msgstr ""
4798
4799
#: serverguide/C/virtualization.xml:994(programlisting)
4800
#, no-wrap
4801
msgid ""
4802
"\n"
4803
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4804
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4805
msgstr ""
4806
4807
#: serverguide/C/virtualization.xml:999(para)
4808
msgid ""
4809
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4810
"have 1G of free ram."
4811
msgstr ""
4812
4813
#: serverguide/C/virtualization.xml:1006(title)
4814
msgid "Package the Application"
4815
msgstr ""
4816
4817
#: serverguide/C/virtualization.xml:1008(para)
4818
msgid "Two option are available to us:"
4819
msgstr ""
4820
4821
#: serverguide/C/virtualization.xml:1014(para)
4822
msgid ""
4823
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4824
"package. Since this is outside of the scope of this tutorial, we will not "
4825
"perform this here and invite the reader to read the documentation on how to "
4826
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4827
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4828
"repository for your package so that updates can be conveniently pulled from "
4829
"it. See the <ulink url=\"http://www.debian-"
4830
"administration.org/articles/286\">Debian Administration</ulink> article for "
4831
"a tutorial on this."
4832
msgstr ""
4833
4834
#: serverguide/C/virtualization.xml:1023(para)
4835
msgid ""
4836
"Manually install the application under <filename>/opt</filename> as "
4837
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4838
"guidelines</ulink>."
4839
msgstr ""
4840
4841
#: serverguide/C/virtualization.xml:1030(para)
4842
msgid ""
4843
"In our case we'll use <application>Limesurvey</application> as example web "
4844
"application for which we wish to provide a virtual appliance. As noted "
4845
"before, we've made a version of the package available in a PPA (Personal "
4846
"Package Archive)."
4847
msgstr ""
4848
4849
#: serverguide/C/virtualization.xml:1037(title)
4850
msgid "Finishing Install"
4851
msgstr ""
4852
4853
#: serverguide/C/virtualization.xml:1040(title)
4854
msgid "First Boot"
4855
msgstr ""
4856
4857
#: serverguide/C/virtualization.xml:1042(para)
4858
msgid ""
4859
"As we mentioned earlier, the first time the machine boots we'll need to "
4860
"install <application>openssh-server</application> so that the key generated "
4861
"for it is unique for each machine. To do this, we'll write a script called "
4862
"<filename>boot.sh</filename> as follows:"
4863
msgstr ""
4864
4865
#: serverguide/C/virtualization.xml:1048(programlisting)
4866
#, no-wrap
4867
msgid ""
4868
"\n"
4869
"# This script will run the first time the virtual machine boots\n"
4870
"# It is ran as root.\n"
4871
"\n"
4872
"apt-get update\n"
4873
"apt-get install -qqy --force-yes openssh-server\n"
4874
msgstr ""
4875
4876
#: serverguide/C/virtualization.xml:1056(para)
4877
msgid ""
4878
"And we add the <command>--firstboot boot.sh</command> option to our command "
4879
"line."
4880
msgstr ""
4881
4882
#: serverguide/C/virtualization.xml:1062(title)
4883
msgid "First Login"
4884
msgstr ""
4885
4886
#: serverguide/C/virtualization.xml:1064(para)
4887
msgid ""
4888
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4889
"set them up the first time a user logs in using a script named login.sh. "
4890
"We'll also use this script to let the user specify:"
4891
msgstr ""
4892
4893
#: serverguide/C/virtualization.xml:1070(para)
4894
msgid "His own password"
4895
msgstr ""
4896
4897
#: serverguide/C/virtualization.xml:1071(para)
4898
msgid "Define the keyboard and other locale info he wants to use"
4899
msgstr ""
4900
4901
#: serverguide/C/virtualization.xml:1074(para)
4902
msgid "So we'll define <filename>login.sh</filename> as follows:"
4903
msgstr ""
4904
4905
#: serverguide/C/virtualization.xml:1078(programlisting)
4906
#, no-wrap
4907
msgid ""
4908
"\n"
4909
"# This script is ran the first time a user logs in\n"
4910
"\n"
4911
"echo \"Your appliance is about to be finished to be set up.\"\n"
4912
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4913
"echo \"starting by changing your user password.\"\n"
4914
"\n"
4915
"passwd\n"
4916
"\n"
4917
"#give the opportunity to change the keyboard\n"
4918
"sudo dpkg-reconfigure console-setup\n"
4919
"\n"
4920
"#configure the mysql server root password\n"
4921
"sudo dpkg-reconfigure mysql-server-5.0\n"
4922
"\n"
4923
"#install limesurvey\n"
4924
"sudo apt-get install -qqy --force-yes limesurvey\n"
4925
"\n"
4926
"echo \"Your appliance is now configured. To use it point your\"\n"
4927
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4928
msgstr ""
4929
4930
#: serverguide/C/virtualization.xml:1100(para)
4931
msgid ""
4932
"And we add the <command>--firstlogin login.sh</command> option to our "
4933
"command line."
4934
msgstr ""
4935
4936
#: serverguide/C/virtualization.xml:1107(title)
4937
msgid "Useful Additions"
4938
msgstr ""
4939
4940
#: serverguide/C/virtualization.xml:1110(title)
4941
msgid "Configuring Automatic Updates"
4942
msgstr ""
4943
4944
#: serverguide/C/virtualization.xml:1112(para)
4945
msgid ""
4946
"To have your system be configured to update itself on a regular basis, we "
4947
"will just install <application>unattended-upgrades</application>, so we add "
4948
"the following option to our command line:"
4949
msgstr ""
4950
4951
#: serverguide/C/virtualization.xml:1118(command)
4952
msgid "--addpkg unattended-upgrades"
4953
msgstr ""
4954
4955
#: serverguide/C/virtualization.xml:1121(para)
4956
msgid ""
4957
"As we have put our application package in a PPA, the process will update not "
4958
"only the system, but also the application each time we update the version in "
4959
"the PPA."
4960
msgstr ""
4961
4962
#: serverguide/C/virtualization.xml:1128(title)
4963
msgid "ACPI Event Handling"
4964
msgstr ""
4965
4966
#: serverguide/C/virtualization.xml:1130(para)
4967
msgid ""
4968
"For your virtual machine to be able to handle restart and shutdown events it "
4969
"is being sent, it is a good idea to install the acpid package as well. To do "
4970
"this we just add the following option:"
4971
msgstr ""
4972
4973
#: serverguide/C/virtualization.xml:1136(command)
4974
msgid "--addpkg acpid"
4975
msgstr ""
4976
4977
#: serverguide/C/virtualization.xml:1142(title)
4978
msgid "Final Command"
4979
msgstr ""
4980
4981
#: serverguide/C/virtualization.xml:1144(para)
4982
msgid "Here is the command with all the options discussed above:"
4983
msgstr ""
4984
4985
#: serverguide/C/virtualization.xml:1149(command)
4986
msgid ""
4987
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
4988
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
4989
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
4990
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
4991
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
4992
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
4993
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
4994
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
4995
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
4996
"firstlogin login.sh es"
4997
msgstr ""
4998
4999
#: serverguide/C/virtualization.xml:1164(para)
5000
msgid ""
5001
"If you are interested in learning more, have questions or suggestions, "
5002
"please contact the Ubuntu Server Team at:"
5003
msgstr ""
5004
5005
#: serverguide/C/virtualization.xml:1169(para)
5006
msgid "IRC: #ubuntu-server on freenode"
5007
msgstr ""
5008
5009
#: serverguide/C/virtualization.xml:1174(para)
5010
msgid ""
5011
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5012
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
5013
msgstr ""
5014
5015
#: serverguide/C/virtualization.xml:1182(title)
5016
msgid "Eucalyptus"
5017
msgstr ""
5018
5019
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5020
msgid "Overview"
5021
msgstr ""
5022
5023
#: serverguide/C/virtualization.xml:1187(para)
5024
msgid ""
5025
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5026
"for implementing \"cloud computing\" on your own clusters. "
5027
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5028
"computing environment in order to maximize computing resources and provide a "
5029
"cloud computing environment to your users."
5030
msgstr ""
5031
5032
#: serverguide/C/virtualization.xml:1193(para)
5033
msgid ""
5034
"This section will cover setting up a Cloud Computing environment using "
5035
"<application>Eucalyptus</application> with <application>KVM</application>. "
5036
"For more information on KVM see <xref linkend=\"libvirt\"/>."
5037
msgstr ""
5038
5039
#: serverguide/C/virtualization.xml:1198(para)
5040
msgid ""
5041
"The Cloud Computing environment will consist of three components, typically "
5042
"installed on at least two separate machines (termed the 'front-end' and "
5043
"'node(s)' for the rest of this document):"
5044
msgstr ""
5045
5046
#: serverguide/C/virtualization.xml:1205(para)
5047
msgid ""
5048
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5049
"Web configuration interface, and a Cluster Controller, which determines "
5050
"where virtual machines (VMs) will be housed and manages cluster level VM "
5051
"networking."
5052
msgstr ""
5053
5054
#: serverguide/C/virtualization.xml:1211(para)
5055
msgid ""
5056
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5057
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5058
"a host for VMs."
5059
msgstr ""
5060
5061
#: serverguide/C/virtualization.xml:1218(para)
5062
msgid ""
5063
"The simple <emphasis>System</emphasis> networking option will be used by "
5064
"default. This network method allows virtual machine instances, to obtain IP "
5065
"addresses from the local LAN, assuming that a DHCP server is properly "
5066
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5067
"Each node will be configured for bridge networking. For more details see "
5068
"<xref linkend=\"bridging\"/>."
5069
msgstr ""
5070
5071
#: serverguide/C/virtualization.xml:1228(para)
5072
msgid ""
5073
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5074
"packages. In a terminal prompt on the Front-End enter:"
5075
msgstr ""
5076
5077
#: serverguide/C/virtualization.xml:1233(command)
5078
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
5079
msgstr ""
5080
5081
#: serverguide/C/virtualization.xml:1236(para)
5082
msgid ""
5083
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5084
"controller package. In a terminal prompt on each Compute Node enter:"
5085
msgstr ""
5086
5087
#: serverguide/C/virtualization.xml:1241(command)
5088
msgid "sudo apt-get install eucalyptus-nc"
5089
msgstr ""
5090
5091
#: serverguide/C/virtualization.xml:1244(para)
5092
msgid ""
5093
"Once the installation is complete, and it may take a while, in a browser go "
5094
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5095
"administration interface using the default username and password of "
5096
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5097
"password, configure an email address for the admin user, and set the storage "
5098
"URL."
5099
msgstr ""
5100
5101
#: serverguide/C/virtualization.xml:1250(para)
5102
msgid ""
5103
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5104
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5105
"configuration, the cluster controller is on the same system as the cloud "
5106
"controller, so entering 'localhost' as the cluster hostname is correct). "
5107
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5108
"button."
5109
msgstr ""
5110
5111
#: serverguide/C/virtualization.xml:1256(para)
5112
msgid ""
5113
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5114
"cluster:"
5115
msgstr ""
5116
5117
#: serverguide/C/virtualization.xml:1261(command)
5118
msgid "sudo euca_conf -addnode hostname_of_node"
5119
msgstr ""
5120
5121
#: serverguide/C/virtualization.xml:1264(para)
5122
msgid ""
5123
"You will then be prompted to log into your Node, install the "
5124
"<application>eucalyptus-nc</application> package, and add the "
5125
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5126
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5127
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5128
"synchronizing the eucalyptus component keys and node registration is "
5129
"complete."
5130
msgstr ""
5131
5132
#: serverguide/C/virtualization.xml:1270(para)
5133
msgid ""
5134
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5135
"configuration file will need editing to use your node's bridge interface "
5136
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5137
msgstr ""
5138
5139
#: serverguide/C/virtualization.xml:1275(programlisting)
5140
#, no-wrap
5141
msgid ""
5142
"\n"
5143
"VNET_INTERFACE=\"br0\"\n"
5144
"...\n"
5145
"VNET_BRIDGE=\"br0\"\n"
5146
msgstr ""
5147
5148
#: serverguide/C/virtualization.xml:1281(para)
5149
msgid "Finally, restart <application>eucalyptus-nc</application>:"
5150
msgstr ""
5151
5152
#: serverguide/C/virtualization.xml:1286(command)
5153
msgid "sudo /etc/init.d/eucalyptus-nc restart"
5154
msgstr ""
5155
5156
#: serverguide/C/virtualization.xml:1291(para)
5157
msgid ""
5158
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5159
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5160
"hostnames."
5161
msgstr ""
5162
5163
#: serverguide/C/virtualization.xml:1297(para)
5164
msgid ""
5165
"<application>Eucalyptus</application> is now ready to host images on the "
5166
"cloud."
5167
msgstr ""
5168
5169
#: serverguide/C/virtualization.xml:1307(para)
5170
msgid ""
5171
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5172
"website</ulink> for more information."
5173
msgstr ""
5174
5175
#: serverguide/C/virtualization.xml:1312(para)
5176
msgid ""
5177
"For information on loading instances see the <ulink "
5178
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5179
"page."
5180
msgstr ""
5181
5182
#: serverguide/C/virtualization.xml:1317(para)
5183
msgid ""
5184
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5185
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5186
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5187
msgstr ""
5188
5189
#: serverguide/C/virtualization.xml:1327(title)
5190
msgid "OpenNebula"
5191
msgstr ""
5192
5193
#: serverguide/C/virtualization.xml:1329(para)
5194
msgid ""
5195
"<application>OpenNebula</application> allows virtual machines to be placed "
5196
"and re-placed dynamically on a pool of physical resources. This allows a "
5197
"virtual machine to be hosted from any location available."
5198
msgstr ""
5199
5200
#: serverguide/C/virtualization.xml:1334(para)
5201
msgid ""
5202
"This section will detail configuring an OpenNebula cluster using three "
5203
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
5204
"Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
5205
"also need a bridge configured to allow the virtual machines access to the "
5206
"local network. For details see <xref linkend=\"bridging\"/>."
5207
msgstr ""
5208
5209
#: serverguide/C/virtualization.xml:1343(para)
5210
msgid "First, from a terminal on the Front-End enter:"
5211
msgstr ""
5212
5213
#: serverguide/C/virtualization.xml:1348(command)
5214
msgid "sudo apt-get install opennebula"
5215
msgstr ""
5216
5217
#: serverguide/C/virtualization.xml:1351(para)
5218
msgid "On each Compute Node install:"
5219
msgstr ""
5220
5221
#: serverguide/C/virtualization.xml:1356(command)
5222
msgid "sudo apt-get install opennebula-node"
5223
msgstr ""
5224
5225
#: serverguide/C/virtualization.xml:1359(para)
5226
msgid ""
5227
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
5228
"to have a password. On each machine execute:"
5229
msgstr ""
5230
5231
#: serverguide/C/virtualization.xml:1364(command)
5232
msgid "sudo passwd oneadmin"
5233
msgstr ""
5234
5235
#: serverguide/C/virtualization.xml:1367(para)
5236
msgid ""
5237
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
5238
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
5239
msgstr ""
5240
5241
#: serverguide/C/virtualization.xml:1372(command)
5242
msgid ""
5243
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5244
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
5245
msgstr ""
5246
5247
#: serverguide/C/virtualization.xml:1373(command)
5248
msgid ""
5249
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5250
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
5251
msgstr ""
5252
5253
#: serverguide/C/virtualization.xml:1374(command)
5254
msgid ""
5255
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
5256
"/var/lib/one/.ssh/authorized_keys\""
5257
msgstr ""
5258
5259
#: serverguide/C/virtualization.xml:1377(para)
5260
msgid ""
5261
"The SSH key for the Compute Nodes needs to be added to the "
5262
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
5263
"accomplish this <application>ssh</application> to each Compute Node as a "
5264
"user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
5265
"session, and execute the following to copy the SSH key from "
5266
"<filename>~/.ssh/known_hosts</filename> to "
5267
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
5268
msgstr ""
5269
5270
#: serverguide/C/virtualization.xml:1384(command)
5271
msgid ""
5272
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
5273
"/etc/ssh/ssh_known_hosts\""
5274
msgstr ""
5275
5276
#: serverguide/C/virtualization.xml:1385(command)
5277
msgid ""
5278
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
5279
"/etc/ssh/ssh_known_hosts\""
5280
msgstr ""
5281
5282
#: serverguide/C/virtualization.xml:1389(para)
5283
msgid ""
5284
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
5285
"appropriate host names."
5286
msgstr ""
5287
5288
#: serverguide/C/virtualization.xml:1394(para)
5289
msgid ""
5290
"This allows the <emphasis>oneadmin</emphasis> to use "
5291
"<application>scp</application>, without a password or manual intervention, "
5292
"to deploy an image to the Compute Nodes."
5293
msgstr ""
5294
5295
#: serverguide/C/virtualization.xml:1399(para)
5296
msgid ""
5297
"On the Front-End create a directory to store the VM images, giving the "
5298
"<emphasis>oneadmin</emphasis> user access to the directory:"
5299
msgstr ""
5300
5301
#: serverguide/C/virtualization.xml:1404(command)
5302
msgid "sudo mkdir /var/lib/one/images"
5303
msgstr ""
5304
5305
#: serverguide/C/virtualization.xml:1405(command)
5306
msgid "sudo chown oneadmin /var/lib/one/images/"
5307
msgstr ""
5308
5309
#: serverguide/C/virtualization.xml:1408(para)
5310
msgid ""
5311
"Finally, copy a virtual machine disk file into "
5312
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
5313
"machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
5314
"and-vmbuilder\"/> for details."
5315
msgstr ""
5316
5317
#: serverguide/C/virtualization.xml:1417(para)
5318
msgid ""
5319
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
5320
"and virtual machines added to the cluster."
5321
msgstr ""
5322
5323
#: serverguide/C/virtualization.xml:1421(para)
5324
msgid "From a terminal prompt enter:"
5325
msgstr ""
5326
5327
#: serverguide/C/virtualization.xml:1426(command)
5328
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
5329
msgstr ""
5330
5331
#: serverguide/C/virtualization.xml:1427(command)
5332
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
5333
msgstr ""
5334
5335
#: serverguide/C/virtualization.xml:1430(para)
5336
msgid ""
5337
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
5338
"<filename>vnet01.template</filename>:"
5339
msgstr ""
5340
5341
#: serverguide/C/virtualization.xml:1434(programlisting)
5342
#, no-wrap
5343
msgid ""
5344
"\n"
5345
"NAME = \"LAN\"\n"
5346
"TYPE = RANGED\n"
5347
"BRIDGE = br0\n"
5348
"NETWORK_SIZE = C\n"
5349
"NETWORK_ADDRESS = 192.168.0.0\n"
5350
msgstr ""
5351
5352
#: serverguide/C/virtualization.xml:1443(para)
5353
msgid ""
5354
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
5355
msgstr ""
5356
5357
#: serverguide/C/virtualization.xml:1448(para)
5358
msgid ""
5359
"Using the <application>onevnet</application> utility, add the virtual "
5360
"network to OpenNebula:"
5361
msgstr ""
5362
5363
#: serverguide/C/virtualization.xml:1453(command)
5364
msgid "onevnet create vnet01.template"
5365
msgstr ""
5366
5367
#: serverguide/C/virtualization.xml:1456(para)
5368
msgid ""
5369
"Now create a <emphasis>VM Template</emphasis> file named "
5370
"<filename>vm01.template</filename>:"
5371
msgstr ""
5372
5373
#: serverguide/C/virtualization.xml:1460(programlisting)
5374
#, no-wrap
5375
msgid ""
5376
"\n"
5377
"NAME = vm01\n"
5378
"CPU = 0.5\n"
5379
"MEMORY = 512\n"
5380
"\n"
5381
"OS = [ BOOT = hd ]\n"
5382
"\n"
5383
"DISK = [\n"
5384
" source = \"/var/lib/one/images/vm01.qcow2\",\n"
5385
" target = \"hda\",\n"
5386
" readonly = \"no\" ]\n"
5387
"\n"
5388
"NIC = [ NETWORK=\"LAN\" ]\n"
5389
"\n"
5390
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
5391
msgstr ""
5392
5393
#: serverguide/C/virtualization.xml:1477(para)
5394
msgid "Start the virtual machine using <application>onevm</application>:"
5395
msgstr ""
5396
5397
#: serverguide/C/virtualization.xml:1482(command)
5398
msgid "onevm submit vm01.template"
5399
msgstr ""
5400
5401
#: serverguide/C/virtualization.xml:1485(para)
5402
msgid ""
5403
"Use the <application>onevm list</application> option to view information "
5404
"about virtual machines. Also, the <application>onevm show vm01</application> "
5405
"option will display more details about a specific virtual machine."
5406
msgstr ""
5407
5408
#: serverguide/C/virtualization.xml:1496(para)
5409
msgid ""
5410
"See the <ulink "
5411
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
5412
"> for more information."
5413
msgstr ""
5414
5415
#: serverguide/C/virtualization.xml:1501(para)
5416
msgid ""
5417
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
5418
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
5419
"url=\"http://freenode.net\">Freenode</ulink>."
5420
msgstr ""
5421
5422
#: serverguide/C/vcs.xml:13(title)
5423
msgid "Version Control System"
5424
msgstr ""
5425
5426
#: serverguide/C/vcs.xml:14(para)
5427
msgid ""
5428
"Version control is the art of managing changes to information. It has long "
5429
"been a critical tool for programmers, who typically spend their time making "
5430
"small changes to software and then undoing those changes the next day. But "
5431
"the usefulness of version control software extends far beyond the bounds of "
5432
"the software development world. Anywhere you can find people using computers "
5433
"to manage information that changes often, there is room for version control."
5434
msgstr ""
5435
5436
#: serverguide/C/vcs.xml:17(title)
5437
msgid "Bazaar"
5438
msgstr ""
5439
5440
#: serverguide/C/vcs.xml:18(para)
5441
msgid ""
5442
"Bazaar is a new version control system sponsored by Canonical, the "
5443
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
5444
"support a central repository model, Bazaar also supports "
5445
"<emphasis>distributed version control</emphasis>, giving people the ability "
5446
"to collaborate more efficiently. In particular, Bazaar is designed to "
5447
"maximize the level of community participation in open source projects."
5448
msgstr ""
5449
5450
#: serverguide/C/vcs.xml:29(para)
5451
msgid ""
5452
"At a terminal prompt, enter the following command to install "
5453
"<application>bzr</application>: <screen>\n"
5454
"<command>sudo apt-get install bzr</command>\n"
5455
"</screen>"
5456
msgstr ""
5457
5458
#: serverguide/C/vcs.xml:40(para)
5459
msgid ""
5460
"To introduce yourself to <application>bzr</application>, use the "
5461
"<emphasis>whoami</emphasis> command like this: <screen>\n"
5462
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
5463
"</screen>"
5464
msgstr ""
5465
5466
#: serverguide/C/vcs.xml:49(title)
5467
msgid "Learning Bazaar"
5468
msgstr ""
5469
5470
#: serverguide/C/vcs.xml:50(para)
5471
msgid ""
5472
"Bazaar comes with bundled documentation installed into "
5473
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
5474
"is a good place to start. The <application>bzr</application> command also "
5475
"comes with built-in help: <screen>\n"
5476
"<command>$ bzr help</command>\n"
5477
"</screen>"
5478
msgstr ""
5479
5480
#: serverguide/C/vcs.xml:60(para)
5481
msgid ""
5482
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
5483
"<command>$ bzr help foo</command>\n"
5484
"</screen>"
5485
msgstr ""
5486
5487
#: serverguide/C/vcs.xml:68(title)
5488
msgid "Launchpad Integration"
5489
msgstr ""
5490
5491
#: serverguide/C/vcs.xml:69(para)
5492
msgid ""
5493
"While highly useful as a stand-alone system, Bazaar has good, optional "
5494
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
5495
"the collaborative development system used by Canonical and the broader open "
5496
"source community to manage and extend Ubuntu itself. For information on how "
5497
"Bazaar can be used with Launchpad to collaborate on open source projects, "
5498
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
5499
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
5500
msgstr ""
5501
5502
#: serverguide/C/vcs.xml:81(title)
5503
msgid "Subversion"
5504
msgstr ""
5505
5506
#: serverguide/C/vcs.xml:82(para)
5507
msgid ""
5508
"Subversion is an open source version control system. Using Subversion, you "
5509
"can record the history of source files and documents. It manages files and "
5510
"directories over time. A tree of files is placed into a central repository. "
5511
"The repository is much like an ordinary file server, except that it "
5512
"remembers every change ever made to files and directories."
5513
msgstr ""
5514
5515
#: serverguide/C/vcs.xml:87(para)
5516
msgid ""
5517
"To access Subversion repository using the HTTP protocol, you must install "
5518
"and configure a web server. Apache2 is proven to work with Subversion. "
5519
"Please refer to the HTTP subsection in the Apache2 section to install and "
5520
"configure Apache2. To access the Subversion repository using the HTTPS "
5521
"protocol, you must install and configure a digital certificate in your "
5522
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
5523
"section to install and configure the digital certificate."
5524
msgstr ""
5525
5526
#: serverguide/C/vcs.xml:96(para)
5527
msgid ""
5528
"To install Subversion, run the following command from a terminal prompt:"
5529
msgstr ""
5530
5531
#: serverguide/C/vcs.xml:101(command)
5532
msgid "sudo apt-get install subversion libapache2-svn"
5533
msgstr ""
5534
5535
#: serverguide/C/vcs.xml:108(para)
5536
msgid ""
5537
"This step assumes you have installed above mentioned packages on your "
5538
"system. This section explains how to create a Subversion repository and "
5539
"access the project."
5540
msgstr ""
5541
5542
#: serverguide/C/vcs.xml:111(title)
5543
msgid "Create Subversion Repository"
5544
msgstr ""
5545
5546
#: serverguide/C/vcs.xml:112(para)
5547
msgid ""
5548
"The Subversion repository can be created using the following command from a "
5549
"terminal prompt:"
5550
msgstr ""
5551
5552
#: serverguide/C/vcs.xml:116(command)
5553
msgid "svnadmin create /path/to/repos/project"
5554
msgstr ""
5555
5556
#: serverguide/C/vcs.xml:121(title)
5557
msgid "Importing Files"
5558
msgstr ""
5559
5560
#: serverguide/C/vcs.xml:122(para)
5561
msgid ""
5562
"Once you create the repository you can <emphasis>import</emphasis> files "
5563
"into the repository. To import a directory, enter the following from a "
5564
"terminal prompt: <screen>\n"
5565
"<command>svn import /path/to/import/directory "
5566
"file:///path/to/repos/project</command>\n"
5567
"</screen>"
5568
msgstr ""
5569
5570
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
5571
msgid "Access Methods"
5572
msgstr ""
5573
5574
#: serverguide/C/vcs.xml:135(para)
5575
msgid ""
5576
"Subversion repositories can be accessed (checked out) through many different "
5577
"methods --on local disk, or through various network protocols. A repository "
5578
"location, however, is always a URL. The table describes how different URL "
5579
"schemes map to the available access methods."
5580
msgstr ""
5581
5582
#: serverguide/C/vcs.xml:146(para)
5583
msgid "Schema"
5584
msgstr ""
5585
5586
#: serverguide/C/vcs.xml:147(para)
5587
msgid "Access Method"
5588
msgstr ""
5589
5590
#: serverguide/C/vcs.xml:152(para)
5591
msgid "file://"
5592
msgstr ""
5593
5594
#: serverguide/C/vcs.xml:153(para)
5595
msgid "direct repository access (on local disk)"
5596
msgstr ""
5597
5598
#: serverguide/C/vcs.xml:156(para)
5599
msgid "http://"
5600
msgstr ""
5601
5602
#: serverguide/C/vcs.xml:157(para)
5603
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5604
msgstr ""
5605
5606
#: serverguide/C/vcs.xml:160(para)
5607
msgid "https://"
5608
msgstr ""
5609
5610
#: serverguide/C/vcs.xml:161(para)
5611
msgid "Same as http://, but with SSL encryption"
5612
msgstr ""
5613
5614
#: serverguide/C/vcs.xml:164(para)
5615
msgid "svn://"
5616
msgstr ""
5617
5618
#: serverguide/C/vcs.xml:165(para)
5619
msgid "Access via custom protocol to an svnserve server"
5620
msgstr ""
5621
5622
#: serverguide/C/vcs.xml:168(para)
5623
msgid "svn+ssh://"
5624
msgstr ""
5625
5626
#: serverguide/C/vcs.xml:169(para)
5627
msgid "Same as svn://, but through an SSH tunnel"
5628
msgstr ""
5629
5630
#: serverguide/C/vcs.xml:175(para)
5631
msgid ""
5632
"In this section, we will see how to configure Subversion for all these "
5633
"access methods. Here, we cover the basics. For more advanced usage details, "
5634
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5635
msgstr ""
5636
5637
#: serverguide/C/vcs.xml:182(title)
5638
msgid "Direct repository access (file://)"
5639
msgstr ""
5640
5641
#: serverguide/C/vcs.xml:183(para)
5642
msgid ""
5643
"This is the simplest of all access methods. It does not require any "
5644
"Subversion server process to be running. This access method is used to "
5645
"access Subversion from the same machine. The syntax of the command, entered "
5646
"at a terminal prompt, is as follows:"
5647
msgstr ""
5648
5649
#: serverguide/C/vcs.xml:190(command)
5650
msgid "svn co file:///path/to/repos/project"
5651
msgstr ""
5652
5653
#: serverguide/C/vcs.xml:193(para)
5654
msgid "or"
5655
msgstr ""
5656
5657
#: serverguide/C/vcs.xml:196(command)
5658
msgid "svn co file://localhost/path/to/repos/project"
5659
msgstr ""
5660
5661
#: serverguide/C/vcs.xml:200(para)
5662
msgid ""
5663
"If you do not specify the hostname, there are three forward slashes (///) -- "
5664
"two for the protocol (file, in this case) plus the leading slash in the "
5665
"path. If you specify the hostname, you must use two forward slashes (//)."
5666
msgstr ""
5667
5668
#: serverguide/C/vcs.xml:202(para)
5669
msgid ""
5670
"The repository permissions depend on filesystem permissions. If the user has "
5671
"read/write permission, he can checkout from and commit to the repository."
5672
msgstr ""
5673
5674
#: serverguide/C/vcs.xml:205(title)
5675
msgid "Access via WebDAV protocol (http://)"
5676
msgstr ""
5677
5678
#: serverguide/C/vcs.xml:206(para)
5679
msgid ""
5680
"To access the Subversion repository via WebDAV protocol, you must configure "
5681
"your Apache 2 web server. You must add the following snippet in your "
5682
"<filename>/etc/apache2/apache2.conf</filename> file:"
5683
msgstr ""
5684
5685
#: serverguide/C/vcs.xml:208(programlisting)
5686
#, no-wrap
5687
msgid ""
5688
"\n"
5689
" <Location /svn>\n"
5690
" DAV svn\n"
5691
" SVNParentPath /home/svn\n"
5692
" AuthType Basic\n"
5693
" AuthName \"Your repository name\"\n"
5694
" AuthUserFile /etc/subversion/passwd\n"
5695
" Require valid-user\n"
5696
" </Location> \n"
5697
msgstr ""
5698
5699
#: serverguide/C/vcs.xml:219(para)
5700
msgid ""
5701
"The above configuration snippet assumes that Subversion repositories are "
5702
"created under <filename>/home/svn/</filename> directory using "
5703
"<command>svnadmin</command> command. They can be accessible using "
5704
"<command>htpp://hostname/svn/repos_name</command> url."
5705
msgstr ""
5706
5707
#: serverguide/C/vcs.xml:225(para)
5708
msgid ""
5709
"To import or commit files to your Subversion repository over HTTP, the "
5710
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
5711
"HTTP user is <command>www-data</command>. To change the ownership of the "
5712
"repository files enter the following command from terminal prompt:"
5713
msgstr ""
5714
5715
#: serverguide/C/vcs.xml:234(command)
5716
msgid "sudo chown -R www-data:www-data /path/to/repos"
5717
msgstr ""
5718
5719
#: serverguide/C/vcs.xml:237(para)
5720
msgid ""
5721
"By changing the ownership of repository as <command>www-data</command> you "
5722
"will not be able to import or commit files into the repository by running "
5723
"<command>svn import file:///</command> command as any user other than "
5724
"<command>www-data</command>."
5725
msgstr ""
5726
5727
#: serverguide/C/vcs.xml:246(para)
5728
msgid ""
5729
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5730
"that will contain user authentication details. To create a file issue the "
5731
"following command at a command prompt (which will create the file and add "
5732
"the first user):"
5733
msgstr ""
5734
5735
#: serverguide/C/vcs.xml:252(command)
5736
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5737
msgstr ""
5738
5739
#: serverguide/C/vcs.xml:255(para)
5740
msgid ""
5741
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5742
"option replaces the old file. Instead use this form:"
5743
msgstr ""
5744
5745
#: serverguide/C/vcs.xml:260(command)
5746
msgid "sudo htpasswd /etc/subversion/password user_name"
5747
msgstr ""
5748
5749
#: serverguide/C/vcs.xml:264(para)
5750
msgid ""
5751
"This command will prompt you to enter the password. Once you enter the "
5752
"password, the user is added. Now, to access the repository you can run the "
5753
"following command:"
5754
msgstr ""
5755
5756
#: serverguide/C/vcs.xml:265(command)
5757
msgid "svn co http://servername/svn"
5758
msgstr ""
5759
5760
#: serverguide/C/vcs.xml:267(para)
5761
msgid ""
5762
"The password is transmitted as plain text. If you are worried about password "
5763
"snooping, you are advised to use SSL encryption. For details, please refer "
5764
"next section."
5765
msgstr ""
5766
5767
#: serverguide/C/vcs.xml:273(title)
5768
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5769
msgstr ""
5770
5771
#: serverguide/C/vcs.xml:274(para)
5772
msgid ""
5773
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5774
"(https://) is similar to http:// except that you must install and configure "
5775
"the digital certificate in your Apache2 web server. To use SSL with "
5776
"Subversion add the above Apache2 configuration to "
5777
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
5778
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
5779
"configuration\"/>."
5780
msgstr ""
5781
5782
#: serverguide/C/vcs.xml:283(para)
5783
msgid ""
5784
"You can install a digital certificate issued by a signing authority. "
5785
"Alternatively, you can install your own self-signed certificate."
5786
msgstr ""
5787
5788
#: serverguide/C/vcs.xml:288(para)
5789
msgid ""
5790
"This step assumes you have installed and configured a digital certificate in "
5791
"your Apache 2 web server. Now, to access the Subversion repository, please "
5792
"refer to the above section! The access methods are exactly the same, except "
5793
"the protocol. You must use https:// to access the Subversion repository."
5794
msgstr ""
5795
5796
#: serverguide/C/vcs.xml:298(title)
5797
msgid "Access via custom protocol (svn://)"
5798
msgstr ""
5799
5800
#: serverguide/C/vcs.xml:299(para)
5801
msgid ""
5802
"Once the Subversion repository is created, you can configure the access "
5803
"control. You can edit the <filename> "
5804
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
5805
"access control. For example, to set up authentication, you can uncomment the "
5806
"following lines in the configuration file:"
5807
msgstr ""
5808
5809
#: serverguide/C/vcs.xml:306(programlisting)
5810
#, no-wrap
5811
msgid ""
5812
"# [general]\n"
5813
"# password-db = passwd"
5814
msgstr ""
5815
5816
#: serverguide/C/vcs.xml:309(para)
5817
msgid ""
5818
"After uncommenting the above lines, you can maintain the user list in the "
5819
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5820
"directory and add the new user. The syntax is as follows:"
5821
msgstr ""
5822
5823
#: serverguide/C/vcs.xml:315(programlisting)
5824
#, no-wrap
5825
msgid "username = password"
5826
msgstr ""
5827
5828
#: serverguide/C/vcs.xml:316(para)
5829
msgid "For more details, please refer to the file."
5830
msgstr ""
5831
5832
#: serverguide/C/vcs.xml:320(para)
5833
msgid ""
5834
"Now, to access Subversion via the svn:// custom protocol, either from the "
5835
"same machine or a different machine, you can run svnserver using svnserve "
5836
"command. The syntax is as follows:"
5837
msgstr ""
5838
5839
#: serverguide/C/vcs.xml:325(programlisting)
5840
#, no-wrap
5841
msgid ""
5842
"$ svnserve -d --foreground -r /path/to/repos\n"
5843
"# -d -- daemon mode\n"
5844
"# --foreground -- run in foreground (useful for debugging)\n"
5845
"# -r -- root of directory to serve\n"
5846
"\n"
5847
"For more usage details, please refer to:\n"
5848
"$ svnserve --help"
5849
msgstr ""
5850
5851
#: serverguide/C/vcs.xml:333(para)
5852
msgid ""
5853
"Once you run this command, Subversion starts listening on default port "
5854
"(3690). To access the project repository, you must run the following command "
5855
"from a terminal prompt:"
5856
msgstr ""
5857
5858
#: serverguide/C/vcs.xml:336(command)
5859
msgid "svn co svn://hostname/project project --username user_name"
5860
msgstr ""
5861
5862
#: serverguide/C/vcs.xml:339(para)
5863
msgid ""
5864
"Based on server configuration, it prompts for password. Once you are "
5865
"authenticated, it checks out the code from Subversion repository. To "
5866
"synchronize the project repository with the local copy, you can run the "
5867
"<command>update</command> sub-command. The syntax of the command, entered at "
5868
"a terminal prompt, is as follows:"
5869
msgstr ""
5870
5871
#: serverguide/C/vcs.xml:347(command)
5872
msgid "cd project_dir ; svn update"
5873
msgstr ""
5874
5875
#: serverguide/C/vcs.xml:350(para)
5876
msgid ""
5877
"For more details about using each Subversion sub-command, you can refer to "
5878
"the manual. For example, to learn more about the co (checkout) command, "
5879
"please run the following command from a terminal prompt:"
5880
msgstr ""
5881
5882
#: serverguide/C/vcs.xml:354(command)
5883
msgid "svn co help"
5884
msgstr ""
5885
5886
#: serverguide/C/vcs.xml:358(title)
5887
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
5888
msgstr ""
5889
5890
#: serverguide/C/vcs.xml:359(para)
5891
msgid ""
5892
"The configuration and server process is same as in the svn:// method. For "
5893
"details, please refer to the above section. This step assumes you have "
5894
"followed the above step and started the Subversion server using "
5895
"<application>svnserve</application> command."
5896
msgstr ""
5897
5898
#: serverguide/C/vcs.xml:365(para)
5899
msgid ""
5900
"It is also assumed that the ssh server is running on that machine and that "
5901
"it is allowing incoming connections. To confirm, please try to login to that "
5902
"machine using ssh. If you can login, everything is perfect. If you cannot "
5903
"login, please address it before continuing further."
5904
msgstr ""
5905
5906
#: serverguide/C/vcs.xml:371(para)
5907
msgid ""
5908
"The svn+ssh:// protocol is used to access the Subversion repository using "
5909
"SSL encryption. The data transfer is encrypted using this method. To access "
5910
"the project repository (for example with a checkout), you must use the "
5911
"following command syntax:"
5912
msgstr ""
5913
5914
#: serverguide/C/vcs.xml:378(command)
5915
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
5916
msgstr ""
5917
5918
#: serverguide/C/vcs.xml:382(para)
5919
msgid ""
5920
"You must use the full path (/path/to/repos/project) to access the Subversion "
5921
"repository using this access method."
5922
msgstr ""
5923
5924
#: serverguide/C/vcs.xml:385(para)
5925
msgid ""
5926
"Based on server configuration, it prompts for password. You must enter the "
5927
"password you use to login via ssh. Once you are authenticated, it checks out "
5928
"the code from the Subversion repository."
5929
msgstr ""
5930
5931
#: serverguide/C/vcs.xml:396(title)
5932
msgid "CVS Server"
5933
msgstr ""
5934
5935
#: serverguide/C/vcs.xml:397(para)
5936
msgid ""
5937
"CVS is a version control system. You can use it to record the history of "
5938
"source files."
5939
msgstr ""
5940
5941
#: serverguide/C/vcs.xml:403(para)
5942
msgid ""
5943
"To install <application>CVS</application>, run the following command from a "
5944
"terminal prompt: <screen>\n"
5945
"<command>sudo apt-get install cvs</command>\n"
5946
"</screen> After you install <application>cvs</application>, you should "
5947
"install <application>xinetd</application> to start/stop the cvs server. At "
5948
"the prompt, enter the following command to install "
5949
"<application>xinetd</application>: <screen>\n"
5950
"<command>sudo apt-get install xinetd</command>\n"
5951
"</screen>"
5952
msgstr ""
5953
5954
#: serverguide/C/vcs.xml:436(programlisting)
5955
#, no-wrap
5956
msgid ""
5957
"\n"
5958
"service cvspserver\n"
5959
"{\n"
5960
" port = 2401\n"
5961
" socket_type = stream\n"
5962
" protocol = tcp\n"
5963
" user = root\n"
5964
" wait = no\n"
5965
" type = UNLISTED\n"
5966
" server = /usr/bin/cvs\n"
5967
" server_args = -f --allow-root /var/lib/cvs pserver\n"
5968
" disable = no\n"
5969
"}\n"
5970
msgstr ""
5971
5972
#: serverguide/C/vcs.xml:452(para)
5973
msgid ""
5974
"Be sure to edit the repository if you have changed the default repository "
5975
"(<application>/var/lib/cvs</application>) directory."
5976
msgstr ""
5977
5978
#: serverguide/C/vcs.xml:421(para)
5979
msgid ""
5980
"Once you install cvs, the repository will be automatically initialized. By "
5981
"default, the repository resides under the "
5982
"<application>/var/lib/cvs</application> directory. You can change this path "
5983
"by running following command: <screen>\n"
5984
"<command>cvs -d /your/new/cvs/repo init</command>\n"
5985
"</screen> Once the initial repository is set up, you can configure "
5986
"<application>xinetd</application> to start the CVS server. You can copy the "
5987
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
5988
"<placeholder-1/><placeholder-2/> Once you have configured "
5989
"<application>xinetd</application> you can start the cvs server by running "
5990
"following command: <screen>\n"
5991
"<command>sudo /etc/init.d/xinetd restart</command>\n"
5992
"</screen>"
5993
msgstr ""
5994
5995
#: serverguide/C/vcs.xml:465(para)
5996
msgid ""
5997
"You can confirm that the CVS server is running by issuing the following "
5998
"command:"
5999
msgstr ""
6000
6001
#: serverguide/C/vcs.xml:472(command)
6002
msgid "sudo netstat -tap | grep cvs"
6003
msgstr ""
6004
6005
#: serverguide/C/vcs.xml:476(para) serverguide/C/databases.xml:65(para)
6006
msgid ""
6007
"When you run this command, you should see the following line or something "
6008
"similar:"
6009
msgstr ""
6010
6011
#: serverguide/C/vcs.xml:481(programlisting)
6012
#, no-wrap
6013
msgid ""
6014
"\n"
6015
"tcp 0 0 *:cvspserver *:* LISTEN \n"
6016
msgstr ""
6017
6018
#: serverguide/C/vcs.xml:485(para)
6019
msgid ""
6020
"From here you can continue to add users, add new projects, and manage the "
6021
"CVS server."
6022
msgstr ""
6023
6024
#: serverguide/C/vcs.xml:490(para)
6025
msgid ""
6026
"CVS allows the user to add users independently of the underlying OS "
6027
"installation. Probably the easiest way is to use the Linux Users for CVS, "
6028
"although it has potential security issues. Please refer to the CVS manual "
6029
"for details."
6030
msgstr ""
6031
6032
#: serverguide/C/vcs.xml:500(title)
6033
msgid "Add Projects"
6034
msgstr ""
6035
6036
#: serverguide/C/vcs.xml:512(para)
6037
msgid ""
6038
"You can use the CVSROOT environment variable to store the CVS root "
6039
"directory. Once you export the CVSROOT environment variable, you can avoid "
6040
"using -d option in the above cvs command."
6041
msgstr ""
6042
6043
#: serverguide/C/vcs.xml:524(para)
6044
msgid ""
6045
"When you add a new project, the CVS user you use must have write access to "
6046
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
6047
"the <application>src</application> group has write access to the CVS "
6048
"repository. So, you can add the user to this group, and he can then add and "
6049
"manage projects in the CVS repository."
6050
msgstr ""
6051
6052
#: serverguide/C/vcs.xml:501(para)
6053
msgid ""
6054
"This section explains how to add new project to the CVS repository. Create "
6055
"the directory and add necessary document and source files to the directory. "
6056
"Now, run the following command to add this project to CVS repository: "
6057
"<screen>\n"
6058
"<command>cd your/project</command>\n"
6059
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
6060
"\"Importing my project to CVS repository\" . new_project start</command>\n"
6061
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
6062
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
6063
"purpose in this context, but since CVS requires them, they must be present. "
6064
"<placeholder-2/>"
6065
msgstr ""
6066
6067
#: serverguide/C/vcs.xml:537(ulink)
6068
msgid "Bazaar Home Page"
6069
msgstr ""
6070
6071
#: serverguide/C/vcs.xml:538(ulink)
6072
msgid "Launchpad"
6073
msgstr ""
6074
6075
#: serverguide/C/vcs.xml:539(ulink)
6076
msgid "Subversion Home Page"
6077
msgstr ""
6078
6079
#: serverguide/C/vcs.xml:540(ulink)
6080
msgid "Subversion Book"
6081
msgstr ""
6082
6083
#: serverguide/C/vcs.xml:542(ulink)
6084
msgid "CVS Manual"
6085
msgstr ""
6086
6087
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
6088
msgid "Credits and License"
6089
msgstr ""
6090
6091
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
6092
msgid ""
6093
"This document is maintained by the Ubuntu documentation team "
6094
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
6095
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
6096
msgstr ""
6097
6098
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
6099
msgid ""
6100
"This document is made available under the Creative Commons ShareAlike 2.5 "
6101
"License (CC-BY-SA)."
6102
msgstr ""
6103
6104
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
6105
msgid ""
6106
"You are free to modify, extend, and improve the Ubuntu documentation source "
6107
"code under the terms of this license. All derivative works must be released "
6108
"under this license."
6109
msgstr ""
6110
6111
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
6112
msgid ""
6113
"This documentation is distributed in the hope that it will be useful, but "
6114
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
6115
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
6116
msgstr ""
6117
6118
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
6119
msgid ""
6120
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
6121
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
6122
msgstr ""
6123
6124
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
6125
msgid "2008"
6126
msgstr ""
6127
6128
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
6129
msgid "Ubuntu Documentation Project"
6130
msgstr ""
6131
6132
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
6133
msgid "Canonical Ltd. and members of the <placeholder-1/>"
6134
msgstr ""
6135
6136
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
6137
msgid "The Ubuntu Documentation Project"
6138
msgstr ""
6139
6140
#: serverguide/C/serverguide.xml:17(para)
6141
msgid ""
6142
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
6143
"information on how to install and configure various server applications on "
6144
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
6145
"guide for configuring and customizing your system."
6146
msgstr ""
6147
6148
#: serverguide/C/security.xml:13(title)
6149
msgid "Security"
6150
msgstr ""
6151
6152
#: serverguide/C/security.xml:14(para)
6153
msgid ""
6154
"Security should always be considered when installing, deploying, and using "
6155
"any type of computer system. Although a fresh installation of Ubuntu is "
6156
"relatively safe for immediate use on the Internet, it is important to have a "
6157
"balanced understanding of your systems security posture based on how it will "
6158
"be used after deployment."
6159
msgstr ""
6160
6161
#: serverguide/C/security.xml:17(para)
6162
msgid ""
6163
"This chapter provides an overview of security related topics as they pertain "
6164
"to Ubuntu 9.10 Server Edition, and outlines simple measures you may use to "
6165
"protect your server and network from any number of potential security "
6166
"threats."
6167
msgstr ""
6168
6169
#: serverguide/C/security.xml:21(title)
6170
msgid "User Management"
6171
msgstr ""
6172
6173
#: serverguide/C/security.xml:22(para)
6174
msgid ""
6175
"User management is a critical part of maintaining a secure system. "
6176
"Ineffective user and privilege management often lead many systems into being "
6177
"compromised. Therefore, it is important that you understand how you can "
6178
"protect your server through simple and effective user account management "
6179
"techniques."
6180
msgstr ""
6181
6182
#: serverguide/C/security.xml:26(title)
6183
msgid "Where is root?"
6184
msgstr ""
6185
6186
#: serverguide/C/security.xml:27(para)
6187
msgid ""
6188
"Ubuntu developers made a conscientious decision to disable the "
6189
"administrative root account by default in all Ubuntu installations. This "
6190
"does not mean that the root account has been deleted or that it may not be "
6191
"accessed. It merely has been given a password which matches no possible "
6192
"encrypted value, therefore may not log in directly by itself."
6193
msgstr ""
6194
6195
#: serverguide/C/security.xml:30(para)
6196
msgid ""
6197
"Instead, users are encouraged to make use of a tool by the name of "
6198
"<application>sudo</application> to carry out system administrative duties. "
6199
"<application>Sudo</application> allows an authorized user to temporarily "
6200
"elevate their privileges using their own password instead of having to know "
6201
"the password belonging to the root account. This simple yet effective "
6202
"methodology provides accountability for all user actions, and gives the "
6203
"administrator granular control over which actions a user can perform with "
6204
"said privileges."
6205
msgstr ""
6206
6207
#: serverguide/C/security.xml:35(para)
6208
msgid ""
6209
"If for some reason you wish to enable the root account, simply give it a "
6210
"password:"
6211
msgstr ""
6212
6213
#: serverguide/C/security.xml:39(command)
6214
msgid "sudo passwd"
6215
msgstr ""
6216
6217
#: serverguide/C/security.xml:41(para)
6218
msgid ""
6219
"Sudo will prompt you for your password, and then ask you to supply a new "
6220
"password for root as shown below:"
6221
msgstr ""
6222
6223
#: serverguide/C/security.xml:44(userinput)
6224
#, no-wrap
6225
msgid "(enter your own password)"
6226
msgstr ""
6227
6228
#: serverguide/C/security.xml:45(userinput)
6229
#, no-wrap
6230
msgid "(enter a new password for root)"
6231
msgstr ""
6232
6233
#: serverguide/C/security.xml:46(userinput)
6234
#, no-wrap
6235
msgid "(repeat new password for root)"
6236
msgstr ""
6237
6238
#: serverguide/C/security.xml:44(computeroutput)
6239
#, no-wrap
6240
msgid ""
6241
"[sudo] password for username: <placeholder-1/>\n"
6242
"Enter new UNIX password: <placeholder-2/>\n"
6243
"Retype new UNIX password: <placeholder-3/>\n"
6244
"passwd: password updated successfully"
6245
msgstr ""
6246
6247
#: serverguide/C/security.xml:51(para)
6248
msgid "To disable the root account, use the following passwd syntax:"
6249
msgstr ""
6250
6251
#: serverguide/C/security.xml:55(command)
6252
msgid "sudo passwd -l root"
6253
msgstr ""
6254
6255
#: serverguide/C/security.xml:59(para)
6256
msgid ""
6257
"You should read more on <application>Sudo</application> by checking out it's "
6258
"man page:"
6259
msgstr ""
6260
6261
#: serverguide/C/security.xml:63(command)
6262
msgid "man sudo"
6263
msgstr ""
6264
6265
#: serverguide/C/security.xml:67(para)
6266
msgid ""
6267
"By default, the initial user created by the Ubuntu installer is a member of "
6268
"the group \"admin\" which is added to the file "
6269
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
6270
"give any other account full root access through "
6271
"<application>sudo</application>, simply add them to the admin group."
6272
msgstr ""
6273
6274
#: serverguide/C/security.xml:73(title)
6275
msgid "Adding and Deleting Users"
6276
msgstr ""
6277
6278
#: serverguide/C/security.xml:74(para)
6279
msgid ""
6280
"The process for managing local users and groups is straight forward and "
6281
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
6282
"other Debian based distributions, encourage the use of the \"adduser\" "
6283
"package for account management."
6284
msgstr ""
6285
6286
#: serverguide/C/security.xml:79(para)
6287
msgid ""
6288
"To add a user account, use the following syntax, and follow the prompts to "
6289
"give the account a password and identifiable characteristics such as a full "
6290
"name, phone number, etc."
6291
msgstr ""
6292
6293
#: serverguide/C/security.xml:83(command)
6294
msgid "sudo adduser username"
6295
msgstr ""
6296
6297
#: serverguide/C/security.xml:87(para)
6298
msgid ""
6299
"To delete a user account and its primary group, use the following syntax:"
6300
msgstr ""
6301
6302
#: serverguide/C/security.xml:91(command)
6303
msgid "sudo deluser username"
6304
msgstr ""
6305
6306
#: serverguide/C/security.xml:93(para)
6307
msgid ""
6308
"Deleting an account does not remove their respective home folder. It is up "
6309
"to you whether or not you wish to delete the folder manually or keep it "
6310
"according to your desired retention policies."
6311
msgstr ""
6312
6313
#: serverguide/C/security.xml:96(para)
6314
msgid ""
6315
"Remember, any user added later on with the same UID/GID as the previous "
6316
"owner will now have access to this folder if you have not taken the "
6317
"necessary precautions."
6318
msgstr ""
6319
6320
#: serverguide/C/security.xml:99(para)
6321
msgid ""
6322
"You may want to change these UID/GID values to something more appropriate, "
6323
"such as the root account, and perhaps even relocate the folder to avoid "
6324
"future conflicts:"
6325
msgstr ""
6326
6327
#: serverguide/C/security.xml:103(command)
6328
msgid "sudo chown -R root:root /home/username/"
6329
msgstr ""
6330
6331
#: serverguide/C/security.xml:104(command)
6332
msgid "sudo mkdir /home/archived_users/"
6333
msgstr ""
6334
6335
#: serverguide/C/security.xml:105(command)
6336
msgid "sudo mv /home/username /home/archived_users/"
6337
msgstr ""
6338
6339
#: serverguide/C/security.xml:109(para)
6340
msgid ""
6341
"To temporarily lock or unlock a user account, use the following syntax, "
6342
"respectively:"
6343
msgstr ""
6344
6345
#: serverguide/C/security.xml:113(command)
6346
msgid "sudo passwd -l username"
6347
msgstr ""
6348
6349
#: serverguide/C/security.xml:114(command)
6350
msgid "sudo passwd -u username"
6351
msgstr ""
6352
6353
#: serverguide/C/security.xml:118(para)
6354
msgid ""
6355
"To add or delete a personalized group, use the following syntax, "
6356
"respectively:"
6357
msgstr ""
6358
6359
#: serverguide/C/security.xml:122(command)
6360
msgid "sudo addgroup groupname"
6361
msgstr ""
6362
6363
#: serverguide/C/security.xml:123(command)
6364
msgid "sudo delgroup groupname"
6365
msgstr ""
6366
6367
#: serverguide/C/security.xml:127(para)
6368
msgid "To add a user to a group, use the following syntax:"
6369
msgstr ""
6370
6371
#: serverguide/C/security.xml:131(command)
6372
msgid "sudo adduser username groupname"
6373
msgstr ""
6374
6375
#: serverguide/C/security.xml:138(title)
6376
msgid "User Profile Security"
6377
msgstr ""
6378
6379
#: serverguide/C/security.xml:139(para)
6380
msgid ""
6381
"When a new user is created, the adduser utility creates a brand new home "
6382
"directory named <filename class=\"directory\">/home/username</filename>, "
6383
"respectively. The default profile is modeled after the contents found in the "
6384
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6385
"includes all profile basics."
6386
msgstr ""
6387
6388
#: serverguide/C/security.xml:142(para)
6389
msgid ""
6390
"If your server will be home to multiple users, you should pay close "
6391
"attention to the user home directory permissions to ensure confidentiality. "
6392
"By default, user home directories in Ubuntu are created with world "
6393
"read/execute permissions. This means that all users can browse and access "
6394
"the contents of other users home directories. This may not be suitable for "
6395
"your environment."
6396
msgstr ""
6397
6398
#: serverguide/C/security.xml:147(para)
6399
msgid ""
6400
"To verify your current users home directory permissions, use the following "
6401
"syntax:"
6402
msgstr ""
6403
6404
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
6405
msgid "ls -ld /home/username"
6406
msgstr ""
6407
6408
#: serverguide/C/security.xml:153(para)
6409
msgid ""
6410
"The following output shows that the directory <filename "
6411
"class=\"directory\">/home/username</filename> has world readable permissions:"
6412
msgstr ""
6413
6414
#: serverguide/C/security.xml:156(computeroutput)
6415
#, no-wrap
6416
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6417
msgstr ""
6418
6419
#: serverguide/C/security.xml:160(para)
6420
msgid ""
6421
"You can remove the world readable permissions using the following syntax:"
6422
msgstr ""
6423
6424
#: serverguide/C/security.xml:164(command)
6425
msgid "sudo chmod 0750 /home/username"
6426
msgstr ""
6427
6428
#: serverguide/C/security.xml:167(para)
6429
msgid ""
6430
"Some people tend to use the recursive option (-R) indiscriminately which "
6431
"modifies all child folders and files, but this is not necessary, and may "
6432
"yield other undesirable results. The parent directory alone is sufficient "
6433
"for preventing unauthorized access to anything below the parent."
6434
msgstr ""
6435
6436
#: serverguide/C/security.xml:171(para)
6437
msgid ""
6438
"A much more efficient approach to the matter would be to modify the "
6439
"<application>adduser</application> global default permissions when creating "
6440
"user home folders. Simply edit the file "
6441
"<filename>/etc/adduser.conf</filename> and modify the "
6442
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
6443
"new home directories will receive the correct permissions."
6444
msgstr ""
6445
6446
#: serverguide/C/security.xml:174(programlisting)
6447
#, no-wrap
6448
msgid ""
6449
"\n"
6450
"DIR_MODE=0750\n"
6451
msgstr ""
6452
6453
#: serverguide/C/security.xml:179(para)
6454
msgid ""
6455
"After correcting the directory permissions using any of the previously "
6456
"mentioned techniques, verify the results using the following syntax:"
6457
msgstr ""
6458
6459
#: serverguide/C/security.xml:185(para)
6460
msgid ""
6461
"The results below show that world readable permissions have been removed:"
6462
msgstr ""
6463
6464
#: serverguide/C/security.xml:188(computeroutput)
6465
#, no-wrap
6466
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6467
msgstr ""
6468
6469
#: serverguide/C/security.xml:195(title)
6470
msgid "Password Policy"
6471
msgstr ""
6472
6473
#: serverguide/C/security.xml:196(para)
6474
msgid ""
6475
"A strong password policy is one of the most important aspects of your "
6476
"security posture. Many successful security breaches involve simple brute "
6477
"force and dictionary attacks against weak passwords. If you intend to offer "
6478
"any form of remote access involving your local password system, make sure "
6479
"you adequately address minimum password complexity requirements, maximum "
6480
"password lifetimes, and frequent audits of your authentication systems."
6481
msgstr ""
6482
6483
#: serverguide/C/security.xml:200(title)
6484
msgid "Minimum Password Length"
6485
msgstr ""
6486
6487
#: serverguide/C/security.xml:201(para)
6488
msgid ""
6489
"By default, Ubuntu requires a minimum password length of 4 characters, as "
6490
"well as some basic entropy checks. These values are controlled in the file "
6491
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
6492
msgstr ""
6493
6494
#: serverguide/C/security.xml:204(programlisting)
6495
#, no-wrap
6496
msgid ""
6497
"\n"
6498
"password required pam_unix.so nullok obscure min=4 max=8 md5\n"
6499
msgstr ""
6500
6501
#: serverguide/C/security.xml:207(para)
6502
msgid ""
6503
"If you would like to adjust the minimum length to 6 characters, change the "
6504
"appropriate variable to min=6. The modification is outlined below."
6505
msgstr ""
6506
6507
#: serverguide/C/security.xml:210(programlisting)
6508
#, no-wrap
6509
msgid ""
6510
"\n"
6511
"password required pam_unix.so nullok obscure min=6 max=8 md5\n"
6512
msgstr ""
6513
6514
#: serverguide/C/security.xml:214(para)
6515
msgid ""
6516
"The <varname>max=8</varname> variable does not represent the maximum length "
6517
"of a password. It only means that complexity requirements will not be "
6518
"checked on passwords over 8 characters. You may want to look at the "
6519
"<application>libpam-cracklib</application> package for additional password "
6520
"entropy assistance."
6521
msgstr ""
6522
6523
#: serverguide/C/security.xml:220(title)
6524
msgid "Password Expiration"
6525
msgstr ""
6526
6527
#: serverguide/C/security.xml:221(para)
6528
msgid ""
6529
"When creating user accounts, you should make it a policy to have a minimum "
6530
"and maximum password age forcing users to change their passwords when they "
6531
"expire."
6532
msgstr ""
6533
6534
#: serverguide/C/security.xml:226(para)
6535
msgid ""
6536
"To easily view the current status of a user account, use the following "
6537
"syntax:"
6538
msgstr ""
6539
6540
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
6541
msgid "sudo chage -l username"
6542
msgstr ""
6543
6544
#: serverguide/C/security.xml:232(para)
6545
msgid ""
6546
"The output below shows interesting facts about the user account, namely that "
6547
"there are no policies applied:"
6548
msgstr ""
6549
6550
#: serverguide/C/security.xml:235(computeroutput)
6551
#, no-wrap
6552
msgid ""
6553
"Last password change : Jan 20, 2008\n"
6554
"Password expires : never\n"
6555
"Password inactive : never\n"
6556
"Account expires : never\n"
6557
"Minimum number of days between password change : 0\n"
6558
"Maximum number of days between password change : 99999\n"
6559
"Number of days of warning before password expires : 7"
6560
msgstr ""
6561
6562
#: serverguide/C/security.xml:245(para)
6563
msgid ""
6564
"To set any of these values, simply use the following syntax, and follow the "
6565
"interactive prompts:"
6566
msgstr ""
6567
6568
#: serverguide/C/security.xml:249(command)
6569
msgid "sudo chage username"
6570
msgstr ""
6571
6572
#: serverguide/C/security.xml:251(para)
6573
msgid ""
6574
"The following is also an example of how you can manually change the explicit "
6575
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6576
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6577
"password expiration, and a warning time period (-W) of 14 days before "
6578
"password expiration."
6579
msgstr ""
6580
6581
#: serverguide/C/security.xml:255(command)
6582
msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
6583
msgstr ""
6584
6585
#: serverguide/C/security.xml:259(para)
6586
msgid "To verify changes, use the same syntax as mentioned previously:"
6587
msgstr ""
6588
6589
#: serverguide/C/security.xml:265(para)
6590
msgid ""
6591
"The output below shows the new policies that have been established for the "
6592
"account:"
6593
msgstr ""
6594
6595
#: serverguide/C/security.xml:268(computeroutput)
6596
#, no-wrap
6597
msgid ""
6598
"Last password change : Jan 20, 2008\n"
6599
"Password expires : Apr 19, 2008\n"
6600
"Password inactive : May 19, 2008\n"
6601
"Account expires : Jan 31, 2008\n"
6602
"Minimum number of days between password change : 5\n"
6603
"Maximum number of days between password change : 90\n"
6604
"Number of days of warning before password expires : 14"
6605
msgstr ""
6606
6607
#: serverguide/C/security.xml:284(title)
6608
msgid "Other Security Considerations"
6609
msgstr ""
6610
6611
#: serverguide/C/security.xml:285(para)
6612
msgid ""
6613
"Many applications use alternate authentication mechanisms that can be easily "
6614
"overlooked by even experienced system administrators. Therefore, it is "
6615
"important to understand and control how users authenticate and gain access "
6616
"to services and applications on your server."
6617
msgstr ""
6618
6619
#: serverguide/C/security.xml:290(title)
6620
msgid "SSH Access by Disabled Users"
6621
msgstr ""
6622
6623
#: serverguide/C/security.xml:291(para)
6624
msgid ""
6625
"Simply disabling/locking a user account will not prevent a user from logging "
6626
"into your server remotely if they have previously set up RSA public key "
6627
"authentication. They will still be able to gain shell access to the server, "
6628
"without the need for any password. Remember to check the users home "
6629
"directory for files that will allow for this type of authenticated SSH "
6630
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6631
msgstr ""
6632
6633
#: serverguide/C/security.xml:294(para)
6634
msgid ""
6635
"Remove or rename the directory <filename "
6636
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6637
"further SSH authentication capabilities."
6638
msgstr ""
6639
6640
#: serverguide/C/security.xml:297(para)
6641
msgid ""
6642
"Be sure to check for any established SSH connections by the disabled user, "
6643
"as it is possible they may have existing inbound or outbound connections. "
6644
"Kill any that are found."
6645
msgstr ""
6646
6647
#: serverguide/C/security.xml:300(para)
6648
msgid ""
6649
"Restrict SSH access to only user accounts that should have it. For example, "
6650
"you may create a group called \"sshlogin\" and add the group name as the "
6651
"value associated with the <varname>AllowGroups</varname> variable located in "
6652
"the file <filename>/etc/ssh/sshd_config</filename>."
6653
msgstr ""
6654
6655
#: serverguide/C/security.xml:303(programlisting)
6656
#, no-wrap
6657
msgid ""
6658
"\n"
6659
"AllowGroups sshlogin\n"
6660
msgstr ""
6661
6662
#: serverguide/C/security.xml:306(para)
6663
msgid ""
6664
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6665
"SSH service."
6666
msgstr ""
6667
6668
#: serverguide/C/security.xml:310(command)
6669
msgid "sudo adduser username sshlogin"
6670
msgstr ""
6671
6672
#: serverguide/C/security.xml:311(command) serverguide/C/remote-administration.xml:150(command)
6673
msgid "sudo /etc/init.d/ssh restart"
6674
msgstr ""
6675
6676
#: serverguide/C/security.xml:315(title)
6677
msgid "External User Database Authentication"
6678
msgstr ""
6679
6680
#: serverguide/C/security.xml:316(para)
6681
msgid ""
6682
"Most enterprise networks require centralized authentication and access "
6683
"controls for all system resources. If you have configured your server to "
6684
"authenticate users against external databases, be sure to disable the user "
6685
"accounts both externally and locally, this way you ensure that local "
6686
"fallback authentication is not possible."
6687
msgstr ""
6688
6689
#: serverguide/C/security.xml:325(title)
6690
msgid "Console Security"
6691
msgstr ""
6692
6693
#: serverguide/C/security.xml:326(para)
6694
msgid ""
6695
"As with any other security barrier you put in place to protect your server, "
6696
"it is pretty tough to defend against untold damage caused by someone with "
6697
"physical access to your environment, for example, theft of hard drives, "
6698
"power or service disruption and so on. Therefore, console security should be "
6699
"addressed merely as one component of your overall physical security "
6700
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
6701
"very least slow down a determined one, so it is still advisable to perform "
6702
"basic precautions with regard to console security."
6703
msgstr ""
6704
6705
#: serverguide/C/security.xml:329(para)
6706
msgid ""
6707
"The following instructions will help defend your server against issues that "
6708
"could otherwise yield very serious consequences."
6709
msgstr ""
6710
6711
#: serverguide/C/security.xml:334(title)
6712
msgid "Disable Ctrl+Alt+Delete"
6713
msgstr ""
6714
6715
#: serverguide/C/security.xml:335(para)
6716
msgid ""
6717
"First and foremost, anyone that has physical access to the keyboard can "
6718
"simply use the "
6719
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6720
"eycombo> key combination to reboot the server without having to log on. "
6721
"Sure, someone could simply unplug the power source, but you should still "
6722
"prevent the use of this key combination on a production server. This forces "
6723
"an attacker to take more drastic measures to reboot the server, and will "
6724
"prevent accidental reboots at the same time."
6725
msgstr ""
6726
6727
#: serverguide/C/security.xml:340(para)
6728
msgid ""
6729
"To disable the reboot action taken by pressing the "
6730
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6731
"eycombo> key combination, comment out the following line in the file "
6732
"<filename>/etc/event.d/control-alt-delete</filename>."
6733
msgstr ""
6734
6735
#: serverguide/C/security.xml:343(programlisting)
6736
#, no-wrap
6737
msgid ""
6738
"\n"
6739
"#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
6740
msgstr ""
6741
6742
#: serverguide/C/security.xml:350(title)
6743
msgid "GRUB Password Security"
6744
msgstr ""
6745
6746
#: serverguide/C/security.xml:351(para)
6747
msgid ""
6748
"Ubuntu installs GNU GRUB as its default boot loader, which allows for great "
6749
"flexibility and recovery options. For example, when you install additional "
6750
"kernel images, these are automatically added as available boot options in "
6751
"the <application>grub</application> menu. Also, by default, alternate boot "
6752
"options are available for each kernel entry that may be used for system "
6753
"recovery, aptly labeled (recovery mode). Recovery mode simply boots the "
6754
"corresponding kernel image into single user mode (init 1), which lands the "
6755
"administrator at a root prompt without the need for any password."
6756
msgstr ""
6757
6758
#: serverguide/C/security.xml:354(para)
6759
msgid ""
6760
"Therefore, it is important to control who may edit the "
6761
"<application>grub</application> menu items which, would otherwise allow for "
6762
"someone to perform the following dangerous actions:"
6763
msgstr ""
6764
6765
#: serverguide/C/security.xml:359(para)
6766
msgid "Pass kernel options at boot up."
6767
msgstr ""
6768
6769
#: serverguide/C/security.xml:364(para)
6770
msgid "Boot the server into single user mode."
6771
msgstr ""
6772
6773
#: serverguide/C/security.xml:369(para)
6774
msgid ""
6775
"You can prevent these actions by adding a password to GRUB's configuration "
6776
"file of <filename>/boot/grub/menu.lst</filename>, which will be required to "
6777
"unlock GRUB's more advanced features prior to use."
6778
msgstr ""
6779
6780
#: serverguide/C/security.xml:374(para)
6781
msgid ""
6782
"To add a password for use with <application>grub</application>, first you "
6783
"must generate an md5 password hash using the <application>grub-md5-"
6784
"crypt</application> utility:"
6785
msgstr ""
6786
6787
#: serverguide/C/security.xml:378(command)
6788
msgid "grub-md5-crypt"
6789
msgstr ""
6790
6791
#: serverguide/C/security.xml:380(para)
6792
msgid ""
6793
"The command will ask you to enter a password and offer a resulting hash "
6794
"value as shown below:"
6795
msgstr ""
6796
6797
#: serverguide/C/security.xml:383(userinput)
6798
#, no-wrap
6799
msgid "(enter new password)"
6800
msgstr ""
6801
6802
#: serverguide/C/security.xml:384(userinput)
6803
#, no-wrap
6804
msgid "(repeat password)"
6805
msgstr ""
6806
6807
#: serverguide/C/security.xml:383(computeroutput)
6808
#, no-wrap
6809
msgid ""
6810
"Password: <placeholder-1/>\n"
6811
"Retype password: <placeholder-2/>\n"
6812
"$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6813
msgstr ""
6814
6815
#: serverguide/C/security.xml:389(para)
6816
msgid ""
6817
"Add the resulting hash value to the file "
6818
"<filename>/boot/grub/menu.lst</filename> in the following format:"
6819
msgstr ""
6820
6821
#: serverguide/C/security.xml:392(programlisting)
6822
#, no-wrap
6823
msgid "password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6824
msgstr ""
6825
6826
#: serverguide/C/security.xml:395(para)
6827
msgid ""
6828
"To require use of the password for entering single user mode, change the "
6829
"value of the <varname>lockalternative</varname> variable in the file "
6830
"<filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as "
6831
"shown in the following example."
6832
msgstr ""
6833
6834
#: serverguide/C/security.xml:398(programlisting)
6835
#, no-wrap
6836
msgid "# lockalternative=true"
6837
msgstr ""
6838
6839
#: serverguide/C/security.xml:402(para)
6840
msgid ""
6841
"This does not prevent someone from booting the server from alternate media. "
6842
"A determined attacker would simply boot into an alternate environment, "
6843
"overwrite your master boot record, mount or copy your physical volumes, "
6844
"destroy your data, or anything else they can imagine. Please explore other "
6845
"countermeasures that may help you with these types of attacks."
6846
msgstr ""
6847
6848
#: serverguide/C/security.xml:410(title)
6849
msgid "Firewall"
6850
msgstr ""
6851
6852
#: serverguide/C/security.xml:413(para)
6853
msgid ""
6854
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6855
"which is used to manipulate or decide the fate of network traffic headed "
6856
"into or through your server. All modern Linux firewall solutions use this "
6857
"system for packet filtering."
6858
msgstr ""
6859
6860
#: serverguide/C/security.xml:418(para)
6861
msgid ""
6862
"The kernel's packet filtering system would be of little use to "
6863
"administrators without a userspace interface to manage it. This is the "
6864
"purpose of iptables. When a packet reaches your server, it will be handed "
6865
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6866
"based on the rules supplied to it from userspace via iptables. Thus, "
6867
"iptables is all you need to manage your firewall if you're familiar with it, "
6868
"but many frontends are available to simplify the task."
6869
msgstr ""
6870
6871
#: serverguide/C/security.xml:428(title)
6872
msgid "ufw - Uncomplicated Firewall"
6873
msgstr ""
6874
6875
#: serverguide/C/security.xml:429(para)
6876
msgid ""
6877
"The default firewall configuration tool for Ubuntu is "
6878
"<application>ufw</application>. Developed to ease iptables firewall "
6879
"configuration, <application>ufw</application> provides a user friendly way "
6880
"to create an IPv4 or IPv6 host-based firewall."
6881
msgstr ""
6882
6883
#: serverguide/C/security.xml:433(para)
6884
msgid ""
6885
"<application>ufw</application> by default is initially disabled. From the "
6886
"<application>ufw</application> man page:"
6887
msgstr ""
6888
6889
#: serverguide/C/security.xml:437(quote)
6890
msgid ""
6891
"ufw is not intended to provide complete firewall functionality via its "
6892
"command interface, but instead provides an easy way to add or remove simple "
6893
"rules. It is currently mainly used for host-based firewalls."
6894
msgstr ""
6895
6896
#: serverguide/C/security.xml:441(para)
6897
msgid ""
6898
"The following are some examples of how to use <application>ufw</application>:"
6899
msgstr ""
6900
6901
#: serverguide/C/security.xml:446(para)
6902
msgid ""
6903
"First, <application>ufw</application> needs to be enabled. From a terminal "
6904
"prompt enter:"
6905
msgstr ""
6906
6907
#: serverguide/C/security.xml:450(command)
6908
msgid "sudo ufw enable"
6909
msgstr ""
6910
6911
#: serverguide/C/security.xml:454(para)
6912
msgid "To open a port (ssh in this example):"
6913
msgstr ""
6914
6915
#: serverguide/C/security.xml:458(command)
6916
msgid "sudo ufw allow 22"
6917
msgstr ""
6918
6919
#: serverguide/C/security.xml:462(para)
6920
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6921
msgstr ""
6922
6923
#: serverguide/C/security.xml:466(command)
6924
msgid "sudo ufw insert 1 allow 80"
6925
msgstr ""
6926
6927
#: serverguide/C/security.xml:470(para)
6928
msgid "Similarly, to close an opened port:"
6929
msgstr ""
6930
6931
#: serverguide/C/security.xml:474(command)
6932
msgid "sudo ufw deny 22"
6933
msgstr ""
6934
6935
#: serverguide/C/security.xml:478(para)
6936
msgid "To remove a rule, use delete followed by the rule:"
6937
msgstr ""
6938
6939
#: serverguide/C/security.xml:482(command)
6940
msgid "sudo ufw delete deny 22"
6941
msgstr ""
6942
6943
#: serverguide/C/security.xml:486(para)
6944
msgid ""
6945
"It is also possible to allow access from specific hosts or networks to a "
6946
"port. The following example allows ssh access from host 192.168.0.2 to any "
6947
"ip address on this host:"
6948
msgstr ""
6949
6950
#: serverguide/C/security.xml:491(command)
6951
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6952
msgstr ""
6953
6954
#: serverguide/C/security.xml:493(para)
6955
msgid ""
6956
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6957
"subnet."
6958
msgstr ""
6959
6960
#: serverguide/C/security.xml:499(para)
6961
msgid ""
6962
"Adding the <emphasis>--dry-run</emphasis> option to a "
6963
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6964
"apply them. For example, the following is what would be applied if opening "
6965
"the HTTP port:"
6966
msgstr ""
6967
6968
#: serverguide/C/security.xml:505(command)
6969
msgid "sudo ufw --dry-run allow http"
6970
msgstr ""
6971
6972
#: serverguide/C/security.xml:509(computeroutput)
6973
#, no-wrap
6974
msgid ""
6975
"*filter\n"
6976
":ufw-user-input - [0:0]\n"
6977
":ufw-user-output - [0:0]\n"
6978
":ufw-user-forward - [0:0]\n"
6979
":ufw-user-limit - [0:0]\n"
6980
":ufw-user-limit-accept - [0:0]\n"
6981
"### RULES ###\n"
6982
"\n"
6983
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
6984
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
6985
"\n"
6986
"### END RULES ###\n"
6987
"-A ufw-user-input -j RETURN\n"
6988
"-A ufw-user-output -j RETURN\n"
6989
"-A ufw-user-forward -j RETURN\n"
6990
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
6991
"LIMIT]: \"\n"
6992
"-A ufw-user-limit -j REJECT\n"
6993
"-A ufw-user-limit-accept -j ACCEPT\n"
6994
"COMMIT\n"
6995
"Rules updated"
6996
msgstr ""
6997
6998
#: serverguide/C/security.xml:533(para)
6999
msgid "<application>ufw</application> can be disabled by:"
7000
msgstr ""
7001
7002
#: serverguide/C/security.xml:537(command)
7003
msgid "sudo ufw disable"
7004
msgstr ""
7005
7006
#: serverguide/C/security.xml:541(para)
7007
msgid "To see the firewall status, enter:"
7008
msgstr ""
7009
7010
#: serverguide/C/security.xml:545(command)
7011
msgid "sudo ufw status"
7012
msgstr ""
7013
7014
#: serverguide/C/security.xml:549(para)
7015
msgid "And for more verbose status information use:"
7016
msgstr ""
7017
7018
#: serverguide/C/security.xml:553(command)
7019
msgid "sudo ufw status verbose"
7020
msgstr ""
7021
7022
#: serverguide/C/security.xml:557(para)
7023
msgid "To view the <emphasis>numbered</emphasis> format:"
7024
msgstr ""
7025
7026
#: serverguide/C/security.xml:561(command)
7027
msgid "sudo ufw status numbered"
7028
msgstr ""
7029
7030
#: serverguide/C/security.xml:566(para)
7031
msgid ""
7032
"If the port you want to open or close is defined in "
7033
"<filename>/etc/services</filename>, you can use the port name instead of the "
7034
"number. In the above examples, replace <emphasis>22</emphasis> with "
7035
"<emphasis>ssh</emphasis>."
7036
msgstr ""
7037
7038
#: serverguide/C/security.xml:572(para)
7039
msgid ""
7040
"This is a quick introduction to using <application>ufw</application>. Please "
7041
"refer to the <application>ufw</application> man page for more information."
7042
msgstr ""
7043
7044
#: serverguide/C/security.xml:578(title)
7045
msgid "ufw Application Integration"
7046
msgstr ""
7047
7048
#: serverguide/C/security.xml:580(para)
7049
msgid ""
7050
"Applications that open ports can include an <application>ufw</application> "
7051
"profile, which details the ports needed for the application to function "
7052
"properly. The profiles are kept in <filename "
7053
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7054
"the default ports have been changed."
7055
msgstr ""
7056
7057
#: serverguide/C/security.xml:589(para)
7058
msgid ""
7059
"To view which applications have installed a profile, enter the following in "
7060
"a terminal:"
7061
msgstr ""
7062
7063
#: serverguide/C/security.xml:594(command)
7064
msgid "sudo ufw app list"
7065
msgstr ""
7066
7067
#: serverguide/C/security.xml:600(para)
7068
msgid ""
7069
"Similar to allowing traffic to a port, using an application profile is "
7070
"accomplished by entering:"
7071
msgstr ""
7072
7073
#: serverguide/C/security.xml:605(command)
7074
msgid "sudo ufw allow Samba"
7075
msgstr ""
7076
7077
#: serverguide/C/security.xml:611(para)
7078
msgid "An extended syntax is available as well:"
7079
msgstr ""
7080
7081
#: serverguide/C/security.xml:616(command)
7082
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
7083
msgstr ""
7084
7085
#: serverguide/C/security.xml:619(para)
7086
msgid ""
7087
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7088
"with the application profile you are using and the IP range for your network."
7089
msgstr ""
7090
7091
#: serverguide/C/security.xml:625(para)
7092
msgid ""
7093
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7094
"application, because that information is detailed in the profile. Also, note "
7095
"that the <emphasis>app</emphasis> name replaces the "
7096
"<emphasis>port</emphasis> number."
7097
msgstr ""
7098
7099
#: serverguide/C/security.xml:634(para)
7100
msgid ""
7101
"To view details about which ports, protocols, etc are defined for an "
7102
"application, enter:"
7103
msgstr ""
7104
7105
#: serverguide/C/security.xml:639(command)
7106
msgid "sudo ufw app info Samba"
7107
msgstr ""
7108
7109
#: serverguide/C/security.xml:645(para)
7110
msgid ""
7111
"Not all applications that require opening a network port come with "
7112
"<application>ufw</application> profiles, but if you have profiled an "
7113
"application and want the file to be included with the package, please file a "
7114
"bug against the package in <ulink "
7115
"url=\"https://launchpad.net/\">Launchpad</ulink>."
7116
msgstr ""
7117
7118
#: serverguide/C/security.xml:654(title)
7119
msgid "IP Masquerading"
7120
msgstr ""
7121
7122
#: serverguide/C/security.xml:655(para)
7123
msgid ""
7124
"The purpose of IP Masquerading is to allow machines with private, non-"
7125
"routable IP addresses on your network to access the Internet through the "
7126
"machine doing the masquerading. Traffic from your private network destined "
7127
"for the Internet must be manipulated for replies to be routable back to the "
7128
"machine that made the request. To do this, the kernel must modify the "
7129
"<emphasis>source</emphasis> IP address of each packet so that replies will "
7130
"be routed back to it, rather than to the private IP address that made the "
7131
"request, which is impossible over the Internet. Linux uses "
7132
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
7133
"connections belong to which machines and reroute each return packet "
7134
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
7135
"having originated from your Ubuntu gateway machine. This process is referred "
7136
"to in Microsoft documentation as Internet Connection Sharing."
7137
msgstr ""
7138
7139
#: serverguide/C/security.xml:671(title)
7140
msgid "ufw Masquerading"
7141
msgstr ""
7142
7143
#: serverguide/C/security.xml:672(para)
7144
msgid ""
7145
"IP Masquerading can be achieved using custom <application>ufw</application> "
7146
"rules. This is possible because the current back-end for "
7147
"<application>ufw</application> is <application>iptables-"
7148
"restore</application> with the rules files located in "
7149
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
7150
"legacy iptables rules used without <application>ufw</application>, and rules "
7151
"that are more network gateway or bridge related."
7152
msgstr ""
7153
7154
#: serverguide/C/security.xml:678(para)
7155
msgid ""
7156
"The rules are split into two different files, rules that should be executed "
7157
"before <application>ufw</application> command line rules, and rules that are "
7158
"executed after <application>ufw</application> command line rules."
7159
msgstr ""
7160
7161
#: serverguide/C/security.xml:684(para)
7162
msgid ""
7163
"First, packet forwarding needs to be enabled in "
7164
"<application>ufw</application>. Two configuration files will need to be "
7165
"adjusted, in <filename>/etc/default/ufw</filename> change the "
7166
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
7167
msgstr ""
7168
7169
#: serverguide/C/security.xml:688(programlisting)
7170
#, no-wrap
7171
msgid ""
7172
"\n"
7173
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
7174
msgstr ""
7175
7176
#: serverguide/C/security.xml:691(para)
7177
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
7178
msgstr ""
7179
7180
#: serverguide/C/security.xml:694(programlisting)
7181
#, no-wrap
7182
msgid ""
7183
"\n"
7184
"net/ipv4/ip_forward=1\n"
7185
msgstr ""
7186
7187
#: serverguide/C/security.xml:697(para)
7188
msgid "Similarly, for IPv6 forwarding uncomment:"
7189
msgstr ""
7190
7191
#: serverguide/C/security.xml:700(programlisting)
7192
#, no-wrap
7193
msgid ""
7194
"\n"
7195
"net/ipv6/conf/default/forwarding=1\n"
7196
msgstr ""
7197
7198
#: serverguide/C/security.xml:705(para)
7199
msgid ""
7200
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
7201
"file. The default rules only configure the <emphasis>filter</emphasis> "
7202
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
7203
"need to be configured. Add the following to the top of the file just after "
7204
"the header comments:"
7205
msgstr ""
7206
7207
#: serverguide/C/security.xml:710(programlisting)
7208
#, no-wrap
7209
msgid ""
7210
"\n"
7211
"# nat Table rules\n"
7212
"*nat\n"
7213
":POSTROUTING ACCEPT [0:0]\n"
7214
"\n"
7215
"# Forward traffic from eth1 through eth0.\n"
7216
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
7217
"\n"
7218
"# don't delete the 'COMMIT' line or these nat table rules won't be "
7219
"processed\n"
7220
"COMMIT\n"
7221
msgstr ""
7222
7223
#: serverguide/C/security.xml:721(para)
7224
msgid ""
7225
"The comments are not strictly necessary, but it is considered good practice "
7226
"to document your configuration. Also, when modifying any of the "
7227
"<emphasis>rules</emphasis> files in <filename "
7228
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
7229
"line for each table modified:"
7230
msgstr ""
7231
7232
#: serverguide/C/security.xml:727(programlisting)
7233
#, no-wrap
7234
msgid ""
7235
"\n"
7236
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
7237
"COMMIT\n"
7238
msgstr ""
7239
7240
#: serverguide/C/security.xml:732(para)
7241
msgid ""
7242
"For each <emphasis>Table</emphasis> a corresponding "
7243
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
7244
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
7245
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
7246
"<emphasis>mangle</emphasis> tables."
7247
msgstr ""
7248
7249
#: serverguide/C/security.xml:739(para)
7250
msgid ""
7251
"In the above example replace <emphasis>eth0</emphasis>, "
7252
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
7253
"appropriate interfaces and IP range for your network."
7254
msgstr ""
7255
7256
#: serverguide/C/security.xml:747(para)
7257
msgid ""
7258
"Finally, disable and re-enable <application>ufw</application> to apply the "
7259
"changes:"
7260
msgstr ""
7261
7262
#: serverguide/C/security.xml:751(command)
7263
msgid "sudo ufw disable && sudo ufw enable"
7264
msgstr ""
7265
7266
#: serverguide/C/security.xml:755(para)
7267
msgid ""
7268
"IP Masquerading should now be enabled. You can also add any additional "
7269
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
7270
"recommended that these additional rules be added to the <emphasis>ufw-before-"
7271
"forward</emphasis> chain."
7272
msgstr ""
7273
7274
#: serverguide/C/security.xml:762(title)
7275
msgid "iptables Masquerading"
7276
msgstr ""
7277
7278
#: serverguide/C/security.xml:763(para)
7279
msgid ""
7280
"<application>iptables</application> can also be used to enable masquerading."
7281
msgstr ""
7282
7283
#: serverguide/C/security.xml:768(para)
7284
msgid ""
7285
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
7286
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
7287
"uncomment the following line"
7288
msgstr ""
7289
7290
#: serverguide/C/security.xml:772(programlisting)
7291
#, no-wrap
7292
msgid ""
7293
"\n"
7294
"net.ipv4.ip_forward=1\n"
7295
msgstr ""
7296
7297
#: serverguide/C/security.xml:775(para)
7298
msgid "If you wish to enable IPv6 forwarding also uncomment:"
7299
msgstr ""
7300
7301
#: serverguide/C/security.xml:778(programlisting)
7302
#, no-wrap
7303
msgid ""
7304
"\n"
7305
"net.ipv6.conf.default.forwarding=1\n"
7306
msgstr ""
7307
7308
#: serverguide/C/security.xml:783(para)
7309
msgid ""
7310
"Next, execute the <application>sysctl</application> command to enable the "
7311
"new settings in the configuration file:"
7312
msgstr ""
7313
7314
#: serverguide/C/security.xml:787(command)
7315
msgid "sudo sysctl -p"
7316
msgstr ""
7317
7318
#: serverguide/C/security.xml:791(para)
7319
msgid ""
7320
"IP Masquerading can now be accomplished with a single iptables rule, which "
7321
"may differ slightly based on your network configuration:"
7322
msgstr ""
7323
7324
#: serverguide/C/security.xml:794(screen)
7325
#, no-wrap
7326
msgid ""
7327
"\n"
7328
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7329
msgstr ""
7330
7331
#: serverguide/C/security.xml:797(para)
7332
msgid ""
7333
"The above command assumes that your private address space is 192.168.0.0/16 "
7334
"and that your Internet-facing device is ppp0. The syntax is broken down as "
7335
"follows:"
7336
msgstr ""
7337
7338
#: serverguide/C/security.xml:802(para)
7339
msgid "-t nat -- the rule is to go into the nat table"
7340
msgstr ""
7341
7342
#: serverguide/C/security.xml:803(para)
7343
msgid ""
7344
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
7345
msgstr ""
7346
7347
#: serverguide/C/security.xml:804(para)
7348
msgid ""
7349
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
7350
"specified address space"
7351
msgstr ""
7352
7353
#: serverguide/C/security.xml:805(para)
7354
msgid ""
7355
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
7356
"specified network device"
7357
msgstr ""
7358
7359
#: serverguide/C/security.xml:807(para)
7360
msgid ""
7361
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
7362
"MASQUERADE target to be manipulated as described above"
7363
msgstr ""
7364
7365
#: serverguide/C/security.xml:815(para)
7366
msgid ""
7367
"Also, each chain in the filter table (the default table, and where most or "
7368
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7369
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
7370
"you may have set the policies to DROP or REJECT, in which case your "
7371
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
7372
"above rule to work:"
7373
msgstr ""
7374
7375
#: serverguide/C/security.xml:822(screen)
7376
#, no-wrap
7377
msgid ""
7378
"\n"
7379
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
7380
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
7381
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
7382
msgstr ""
7383
7384
#: serverguide/C/security.xml:826(para)
7385
msgid ""
7386
"The above commands will allow all connections from your local network to the "
7387
"Internet and all traffic related to those connections to return to the "
7388
"machine that initiated them."
7389
msgstr ""
7390
7391
#: serverguide/C/security.xml:833(para)
7392
msgid ""
7393
"If you want masquerading to be enabled on reboot, which you probably do, "
7394
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
7395
"example add the first command with no filtering:"
7396
msgstr ""
7397
7398
#: serverguide/C/security.xml:837(screen)
7399
#, no-wrap
7400
msgid ""
7401
"\n"
7402
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7403
msgstr ""
7404
7405
#: serverguide/C/security.xml:845(title)
7406
msgid "Logs"
7407
msgstr ""
7408
7409
#: serverguide/C/security.xml:846(para)
7410
msgid ""
7411
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7412
"firewall rules, and noticing unusual activity on your network. You must "
7413
"include logging rules in your firewall for them to be generated, though, and "
7414
"logging rules must come before any applicable terminating rule (a rule with "
7415
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
7416
"REJECT)."
7417
msgstr ""
7418
7419
#: serverguide/C/security.xml:853(para)
7420
msgid ""
7421
"If you are using <application>ufw</application>, you can turn on logging by "
7422
"entering the following in a terminal:"
7423
msgstr ""
7424
7425
#: serverguide/C/security.xml:857(command)
7426
msgid "sudo ufw logging on"
7427
msgstr ""
7428
7429
#: serverguide/C/security.xml:859(para)
7430
msgid ""
7431
"To turn logging off in <application>ufw</application>, simply replace "
7432
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7433
"role=\"italic\">off</emphasis> in the above command."
7434
msgstr ""
7435
7436
#: serverguide/C/security.xml:862(para)
7437
msgid ""
7438
"If using <application>iptables</application> instead of "
7439
"<application>ufw</application>, enter:"
7440
msgstr ""
7441
7442
#: serverguide/C/security.xml:865(screen)
7443
#, no-wrap
7444
msgid ""
7445
"\n"
7446
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
7447
"prefix \"NEW_HTTP_CONN: \"\n"
7448
msgstr ""
7449
7450
#: serverguide/C/security.xml:868(para)
7451
msgid ""
7452
"A request on port 80 from the local machine, then, would generate a log in "
7453
"dmesg that looks like this:"
7454
msgstr ""
7455
7456
#: serverguide/C/security.xml:873(programlisting)
7457
#, no-wrap
7458
msgid ""
7459
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
7460
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
7461
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
7462
"WINDOW=32767 RES=0x00 SYN URGP=0"
7463
msgstr ""
7464
7465
#: serverguide/C/security.xml:875(para)
7466
msgid ""
7467
"The above log will also appear in <filename>/var/log/messages</filename>, "
7468
"<filename>/var/log/syslog</filename>, and "
7469
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
7470
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
7471
"and configuring <application>ulogd</application> and using the ULOG target "
7472
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
7473
"server that listens for logging instructions from the kernel specifically "
7474
"for firewalls, and can log to any file you like, or even to a "
7475
"<application>PostgreSQL</application> or <application>MySQL</application> "
7476
"database. Making sense of your firewall logs can be simplified by using a "
7477
"log analyzing tool such as <application>fwanalog</application>, "
7478
"<application> fwlogwatch</application>, or <application>lire</application>."
7479
msgstr ""
7480
7481
#: serverguide/C/security.xml:890(title)
7482
msgid "Other Tools"
7483
msgstr ""
7484
7485
#: serverguide/C/security.xml:891(para)
7486
msgid ""
7487
"There are many tools available to help you construct a complete firewall "
7488
"without intimate knowledge of iptables. For the GUI-inclined:"
7489
msgstr ""
7490
7491
#: serverguide/C/security.xml:897(para)
7492
msgid ""
7493
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
7494
"popular and easy to use."
7495
msgstr ""
7496
7497
#: serverguide/C/security.xml:902(para)
7498
msgid ""
7499
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7500
"and will look familiar to an administrator who has used a commercial "
7501
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7502
msgstr ""
7503
7504
#: serverguide/C/security.xml:908(para)
7505
msgid ""
7506
"If you prefer a command-line tool with plain-text configuration files:"
7507
msgstr ""
7508
7509
#: serverguide/C/security.xml:913(para)
7510
msgid ""
7511
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7512
"powerful solution to help you configure an advanced firewall for any network."
7513
msgstr ""
7514
7515
#: serverguide/C/security.xml:919(para)
7516
msgid ""
7517
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
7518
"a working firewall \"out of the box\" with zero configuration, and will "
7519
"allow you to easily set up a more advanced firewall by editing simple, well-"
7520
"documented configuration files."
7521
msgstr ""
7522
7523
#: serverguide/C/security.xml:926(para)
7524
msgid ""
7525
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
7526
"designed to be a desktop firewall application. It is made up of a server "
7527
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
7528
"like many popular interactive firewall applications for Windows."
7529
msgstr ""
7530
7531
#: serverguide/C/security.xml:938(para)
7532
msgid ""
7533
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
7534
"Firewall</ulink> wiki page contains information on the development of "
7535
"<application>ufw</application>."
7536
msgstr ""
7537
7538
#: serverguide/C/security.xml:944(para)
7539
msgid ""
7540
"Also, the <application>ufw</application> manual page contains some very "
7541
"useful information: <command>man ufw</command>."
7542
msgstr ""
7543
7544
#: serverguide/C/security.xml:949(para)
7545
msgid ""
7546
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7547
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7548
"on using <application>iptables</application>."
7549
msgstr ""
7550
7551
#: serverguide/C/security.xml:955(para)
7552
msgid ""
7553
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7554
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7555
msgstr ""
7556
7557
#: serverguide/C/security.xml:964(title)
7558
msgid "AppArmor"
7559
msgstr ""
7560
7561
#: serverguide/C/security.xml:965(para)
7562
msgid ""
7563
"<application>AppArmor</application> is a Linux Security Module "
7564
"implementation of name-based mandatory access controls. AppArmor confines "
7565
"individual programs to a set of listed files and posix 1003.1e draft "
7566
"capabilities."
7567
msgstr ""
7568
7569
#: serverguide/C/security.xml:969(para)
7570
msgid ""
7571
"<application>AppArmor</application> is installed and loaded by default. It "
7572
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7573
"and permissions the application requires. Some packages will install their "
7574
"own profiles, and additional profiles can be found in the "
7575
"<application>apparmor-profiles</application> package."
7576
msgstr ""
7577
7578
#: serverguide/C/security.xml:974(para)
7579
msgid ""
7580
"To install the <application>apparmor-profiles</application> package from a "
7581
"terminal prompt:"
7582
msgstr ""
7583
7584
#: serverguide/C/security.xml:980(para)
7585
msgid "AppArmor profiles have two modes of execution:"
7586
msgstr ""
7587
7588
#: serverguide/C/security.xml:985(para)
7589
msgid ""
7590
"Complaining/Learning: profile violations are permitted and logged. Useful "
7591
"for testing and developing new profiles."
7592
msgstr ""
7593
7594
#: serverguide/C/security.xml:990(para)
7595
msgid ""
7596
"Enforced/Confined: enforces profile policy as well as logging the violation."
7597
msgstr ""
7598
7599
#: serverguide/C/security.xml:996(title)
7600
msgid "Using AppArmor"
7601
msgstr ""
7602
7603
#: serverguide/C/security.xml:997(para)
7604
msgid ""
7605
"The <application>apparmor-utils</application> package contains command line "
7606
"utilities that you can use to change the <application>AppArmor</application> "
7607
"execution mode, find the status of a profile, create new profiles, etc."
7608
msgstr ""
7609
7610
#: serverguide/C/security.xml:1003(para)
7611
msgid ""
7612
"<application>apparmor_status</application> is used to view the current "
7613
"status of AppArmor profiles."
7614
msgstr ""
7615
7616
#: serverguide/C/security.xml:1007(command)
7617
msgid "sudo apparmor_status"
7618
msgstr ""
7619
7620
#: serverguide/C/security.xml:1011(para)
7621
msgid ""
7622
"<application>aa-complain</application> places a profile into "
7623
"<emphasis>complain</emphasis> mode."
7624
msgstr ""
7625
7626
#: serverguide/C/security.xml:1015(command)
7627
msgid "sudo aa-complain /path/to/bin"
7628
msgstr ""
7629
7630
#: serverguide/C/security.xml:1019(para)
7631
msgid ""
7632
"<application>aa-enforce</application> places a profile into "
7633
"<emphasis>enforce</emphasis> mode."
7634
msgstr ""
7635
7636
#: serverguide/C/security.xml:1023(command)
7637
msgid "sudo aa-enforce /path/to/bin"
7638
msgstr ""
7639
7640
#: serverguide/C/security.xml:1027(para)
7641
msgid ""
7642
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7643
"profiles are located. It can be used to manipulate the "
7644
"<emphasis>mode</emphasis> of all profiles."
7645
msgstr ""
7646
7647
#: serverguide/C/security.xml:1031(para)
7648
msgid "Enter the following to place all profiles into complain mode:"
7649
msgstr ""
7650
7651
#: serverguide/C/security.xml:1035(command)
7652
msgid "sudo aa-complain /etc/apparmor.d/*"
7653
msgstr ""
7654
7655
#: serverguide/C/security.xml:1037(para)
7656
msgid "To place all profiles in enforce mode:"
7657
msgstr ""
7658
7659
#: serverguide/C/security.xml:1041(command)
7660
msgid "sudo aa-enforce /etc/apparmor.d/*"
7661
msgstr ""
7662
7663
#: serverguide/C/security.xml:1045(para)
7664
msgid ""
7665
"<application>apparmor_parser</application> is used to load a profile into "
7666
"the kernel. It can also be used to reload a currently loaded profile using "
7667
"the <emphasis>-r</emphasis> option. To load a profile:"
7668
msgstr ""
7669
7670
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
7671
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7672
msgstr ""
7673
7674
#: serverguide/C/security.xml:1052(para)
7675
msgid "To reload a profile:"
7676
msgstr ""
7677
7678
#: serverguide/C/security.xml:1056(command)
7679
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7680
msgstr ""
7681
7682
#: serverguide/C/security.xml:1060(para)
7683
msgid ""
7684
"<filename>/etc/init.d/apparmor</filename> can be used to "
7685
"<emphasis>reload</emphasis> all profiles:"
7686
msgstr ""
7687
7688
#: serverguide/C/security.xml:1064(command)
7689
msgid "sudo /etc/init.d/apparmor reload"
7690
msgstr ""
7691
7692
#: serverguide/C/security.xml:1068(para)
7693
msgid ""
7694
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7695
"with the <application>apparmor_parser -R</application> option to "
7696
"<emphasis>disable</emphasis> a profile."
7697
msgstr ""
7698
7699
#: serverguide/C/security.xml:1073(command)
7700
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7701
msgstr ""
7702
7703
#: serverguide/C/security.xml:1074(command)
7704
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7705
msgstr ""
7706
7707
#: serverguide/C/security.xml:1076(para)
7708
msgid ""
7709
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7710
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7711
"load the profile using the <emphasis>-a</emphasis> option."
7712
msgstr ""
7713
7714
#: serverguide/C/security.xml:1081(command)
7715
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7716
msgstr ""
7717
7718
#: serverguide/C/security.xml:1086(para)
7719
msgid ""
7720
"<application>AppArmor</application> can be disabled, and the kernel module "
7721
"unloaded by entering the following:"
7722
msgstr ""
7723
7724
#: serverguide/C/security.xml:1090(command)
7725
msgid "sudo /etc/init.d/apparmor stop"
7726
msgstr ""
7727
7728
#: serverguide/C/security.xml:1091(command)
7729
msgid "sudo update-rc.d -f apparmor remove"
7730
msgstr ""
7731
7732
#: serverguide/C/security.xml:1095(para)
7733
msgid "To re-enable <application>AppArmor</application> enter:"
7734
msgstr ""
7735
7736
#: serverguide/C/security.xml:1099(command)
7737
msgid "sudo /etc/init.d/apparmor start"
7738
msgstr ""
7739
7740
#: serverguide/C/security.xml:1100(command)
7741
msgid "sudo update-rc.d apparmor defaults"
7742
msgstr ""
7743
7744
#: serverguide/C/security.xml:1105(para)
7745
msgid ""
7746
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7747
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7748
"the actual executable file path. For example for the "
7749
"<application>ping</application> command use <filename>/bin/ping</filename>"
7750
msgstr ""
7751
7752
#: serverguide/C/security.xml:1113(title)
7753
msgid "Profiles"
7754
msgstr ""
7755
7756
#: serverguide/C/security.xml:1114(para)
7757
msgid ""
7758
"<application>AppArmor</application> profiles are simple text files located "
7759
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7760
"path to the executable they profile replacing the \"/\" with \".\". For "
7761
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
7762
"profile for the <filename>/bin/ping</filename> command."
7763
msgstr ""
7764
7765
#: serverguide/C/security.xml:1120(para)
7766
msgid "There are two main type of rules used in profiles:"
7767
msgstr ""
7768
7769
#: serverguide/C/security.xml:1125(para)
7770
msgid ""
7771
"<emphasis>Path entries:</emphasis> which detail which files an application "
7772
"can access in the file system."
7773
msgstr ""
7774
7775
#: serverguide/C/security.xml:1130(para)
7776
msgid ""
7777
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7778
"confined process is allowed to use."
7779
msgstr ""
7780
7781
#: serverguide/C/security.xml:1135(para)
7782
msgid ""
7783
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7784
msgstr ""
7785
7786
#: serverguide/C/security.xml:1138(programlisting)
7787
#, no-wrap
7788
msgid ""
7789
"\n"
7790
"#include <tunables/global>\n"
7791
"/bin/ping flags=(complain) {\n"
7792
" #include <abstractions/base>\n"
7793
" #include <abstractions/consoles>\n"
7794
" #include <abstractions/nameservice>\n"
7795
"\n"
7796
" capability net_raw,\n"
7797
" capability setuid,\n"
7798
" network inet raw,\n"
7799
" \n"
7800
" /bin/ping mixr,\n"
7801
" /etc/modules.conf r,\n"
7802
"}\n"
7803
msgstr ""
7804
7805
#: serverguide/C/security.xml:1155(para)
7806
msgid ""
7807
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7808
"from other files. This allows statements pertaining to multiple applications "
7809
"to be placed in a common file."
7810
msgstr ""
7811
7812
#: serverguide/C/security.xml:1161(para)
7813
msgid ""
7814
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7815
"program, also setting the mode to <emphasis>complain</emphasis>."
7816
msgstr ""
7817
7818
#: serverguide/C/security.xml:1167(para)
7819
msgid ""
7820
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7821
"the CAP_NET_RAW Posix.1e capability."
7822
msgstr ""
7823
7824
#: serverguide/C/security.xml:1172(para)
7825
msgid ""
7826
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7827
"execute access to the file."
7828
msgstr ""
7829
7830
#: serverguide/C/security.xml:1178(para)
7831
msgid ""
7832
"After editing a profile file the profile must be reloaded. See <xref "
7833
"linkend=\"apparmor-usage\"/> for details."
7834
msgstr ""
7835
7836
#: serverguide/C/security.xml:1183(title)
7837
msgid "Creating a Profile"
7838
msgstr ""
7839
7840
#: serverguide/C/security.xml:1186(para)
7841
msgid ""
7842
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7843
"application should be exercised. The test plan should be divided into small "
7844
"test cases. Each test case should have a small description and list the "
7845
"steps to follow."
7846
msgstr ""
7847
7848
#: serverguide/C/security.xml:1190(para)
7849
msgid "Some standard test cases are:"
7850
msgstr ""
7851
7852
#: serverguide/C/security.xml:1195(para)
7853
msgid "Starting the program."
7854
msgstr ""
7855
7856
#: serverguide/C/security.xml:1200(para)
7857
msgid "Stopping the program."
7858
msgstr ""
7859
7860
#: serverguide/C/security.xml:1205(para)
7861
msgid "Reloading the program."
7862
msgstr ""
7863
7864
#: serverguide/C/security.xml:1210(para)
7865
msgid "Testing all the commands supported by the init script."
7866
msgstr ""
7867
7868
#: serverguide/C/security.xml:1217(para)
7869
msgid ""
7870
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7871
"genprof</application> to generate a new profile. From a terminal:"
7872
msgstr ""
7873
7874
#: serverguide/C/security.xml:1222(command)
7875
msgid "sudo aa-genprof executable"
7876
msgstr ""
7877
7878
#: serverguide/C/security.xml:1224(para)
7879
msgid "For example:"
7880
msgstr ""
7881
7882
#: serverguide/C/security.xml:1228(command)
7883
msgid "sudo aa-genprof slapd"
7884
msgstr ""
7885
7886
#: serverguide/C/security.xml:1232(para)
7887
msgid ""
7888
"To get your new profile included in the <application>apparmor-"
7889
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7890
"against the <ulink "
7891
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
7892
"/ulink> package:"
7893
msgstr ""
7894
7895
#: serverguide/C/security.xml:1239(para)
7896
msgid "Include your test plan and test cases."
7897
msgstr ""
7898
7899
#: serverguide/C/security.xml:1244(para)
7900
msgid "Attach your new profile to the bug."
7901
msgstr ""
7902
7903
#: serverguide/C/security.xml:1253(title)
7904
msgid "Updating Profiles"
7905
msgstr ""
7906
7907
#: serverguide/C/security.xml:1254(para)
7908
msgid ""
7909
"When the program is misbehaving, audit messages are sent to the log files. "
7910
"The program <application>aa-logprof</application> can be used to scan log "
7911
"files for <application>AppArmor</application> audit messages, review them "
7912
"and update the profiles. From a terminal:"
7913
msgstr ""
7914
7915
#: serverguide/C/security.xml:1259(command)
7916
msgid "sudo aa-logprof"
7917
msgstr ""
7918
7919
#: serverguide/C/security.xml:1267(para)
7920
msgid ""
7921
"See the <ulink "
7922
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7923
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
7924
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
7925
"configuration options."
7926
msgstr ""
7927
7928
#: serverguide/C/security.xml:1274(para)
7929
msgid ""
7930
"For details using AppArmor with other Ubuntu releases see the <ulink "
7931
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7932
"Wiki</ulink> page."
7933
msgstr ""
7934
7935
#: serverguide/C/security.xml:1282(para)
7936
msgid ""
7937
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
7938
"page is another introduction to AppArmor."
7939
msgstr ""
7940
7941
#: serverguide/C/security.xml:1289(para)
7942
msgid ""
7943
"A great place to ask for <application>AppArmor</application> assistance, and "
7944
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7945
"server</emphasis> IRC channel on <ulink "
7946
"url=\"http://freenode.net\">freenode</ulink>."
7947
msgstr ""
7948
7949
#: serverguide/C/security.xml:1299(title)
7950
msgid "Certificates"
7951
msgstr ""
7952
7953
#: serverguide/C/security.xml:1300(para)
7954
msgid ""
7955
"One of the most common forms of cryptography today is <emphasis>public-"
7956
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7957
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
7958
"system works by <emphasis>encrypting</emphasis> information using the public "
7959
"key. The information can then only be <emphasis>decrypted</emphasis> using "
7960
"the private key."
7961
msgstr ""
7962
7963
#: serverguide/C/security.xml:1306(para)
7964
msgid ""
7965
"A common use for public-key cryptography is encrypting application traffic "
7966
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7967
"connection. For example, configuring Apache to provide "
7968
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7969
"encrypt traffic using a protocol that does not itself provide encryption."
7970
msgstr ""
7971
7972
#: serverguide/C/security.xml:1311(para)
7973
msgid ""
7974
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7975
"<emphasis>public key</emphasis> and other information about a server and the "
7976
"organization who is responsible for it. Certificates can be digitally signed "
7977
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7978
"third party that has confirmed that the information contained in the "
7979
"certificate is accurate."
7980
msgstr ""
7981
7982
#: serverguide/C/security.xml:1318(title)
7983
msgid "Types of Certificates"
7984
msgstr ""
7985
7986
#: serverguide/C/security.xml:1319(para)
7987
msgid ""
7988
"To set up a secure server using public-key cryptography, in most cases, you "
7989
"send your certificate request (including your public key), proof of your "
7990
"company's identity, and payment to a CA. The CA verifies the certificate "
7991
"request and your identity, and then sends back a certificate for your secure "
7992
"server. Alternatively, you can create your own <emphasis>self-"
7993
"signed</emphasis> certificate."
7994
msgstr ""
7995
7996
#: serverguide/C/security.xml:1329(para)
7997
msgid ""
7998
"Note, that self-signed certificates should not be used in most production "
7999
"environments."
8000
msgstr ""
8001
8002
#: serverguide/C/security.xml:1333(para)
8003
msgid ""
8004
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8005
"capabilities that a self-signed certificate does not:"
8006
msgstr ""
8007
8008
#: serverguide/C/security.xml:1340(para)
8009
msgid ""
8010
"Browsers (usually) automatically recognize the certificate and allow a "
8011
"secure connection to be made without prompting the user."
8012
msgstr ""
8013
8014
#: serverguide/C/security.xml:1347(para)
8015
msgid ""
8016
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8017
"the organization that is providing the web pages to the browser."
8018
msgstr ""
8019
8020
#: serverguide/C/security.xml:1355(para)
8021
msgid ""
8022
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8023
"certificates they automatically accept. If a browser encounters a "
8024
"certificate whose authorizing CA is not in the list, the browser asks the "
8025
"user to either accept or decline the connection. Also, other applications "
8026
"may generate an error message when using a self-singed certificate."
8027
msgstr ""
8028
8029
#: serverguide/C/security.xml:1363(para)
8030
msgid ""
8031
"The process of getting a certificate from a CA is fairly easy. A quick "
8032
"overview is as follows:"
8033
msgstr ""
8034
8035
#: serverguide/C/security.xml:1370(para)
8036
msgid "Create a private and public encryption key pair."
8037
msgstr ""
8038
8039
#: serverguide/C/security.xml:1373(para)
8040
msgid ""
8041
"Create a certificate request based on the public key. The certificate "
8042
"request contains information about your server and the company hosting it."
8043
msgstr ""
8044
8045
#: serverguide/C/security.xml:1378(para)
8046
msgid ""
8047
"Send the certificate request, along with documents proving your identity, to "
8048
"a CA. We cannot tell you which certificate authority to choose. Your "
8049
"decision may be based on your past experiences, or on the experiences of "
8050
"your friends or colleagues, or purely on monetary factors."
8051
msgstr ""
8052
8053
#: serverguide/C/security.xml:1384(para)
8054
msgid ""
8055
"Once you have decided upon a CA, you need to follow the instructions they "
8056
"provide on how to obtain a certificate from them."
8057
msgstr ""
8058
8059
#: serverguide/C/security.xml:1389(para)
8060
msgid ""
8061
"When the CA is satisfied that you are indeed who you claim to be, they send "
8062
"you a digital certificate."
8063
msgstr ""
8064
8065
#: serverguide/C/security.xml:1393(para)
8066
msgid ""
8067
"Install this certificate on your secure server, and configure the "
8068
"appropriate applications to use the certificate."
8069
msgstr ""
8070
8071
#: serverguide/C/security.xml:1402(title)
8072
msgid "Generating a Certificate Signing Request (CSR)"
8073
msgstr ""
8074
8075
#: serverguide/C/security.xml:1404(para)
8076
msgid ""
8077
"Whether you are getting a certificate from a CA or generating your own self-"
8078
"signed certificate, the first step is to generate a key."
8079
msgstr ""
8080
8081
#: serverguide/C/security.xml:1409(para)
8082
msgid ""
8083
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8084
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8085
"passphrase allows the services to start without manual intervention, usually "
8086
"the preferred way to start a daemon."
8087
msgstr ""
8088
8089
#: serverguide/C/security.xml:1415(para)
8090
msgid ""
8091
"This section will cover generating a key with a passphrase, and one without. "
8092
"The non-passphrase key will then be used to generate a certificate that can "
8093
"be used with various service daemons."
8094
msgstr ""
8095
8096
#: serverguide/C/security.xml:1421(para)
8097
msgid ""
8098
"Running your secure service without a passphrase is convenient because you "
8099
"will not need to enter the passphrase every time you start your secure "
8100
"service. But it is insecure and a compromise of the key means a compromise "
8101
"of the server as well."
8102
msgstr ""
8103
8104
#: serverguide/C/security.xml:1428(para)
8105
msgid ""
8106
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
8107
"Request (CSR) run the following command from a terminal prompt:"
8108
msgstr ""
8109
8110
#: serverguide/C/security.xml:1434(command)
8111
msgid "openssl genrsa -des3 -out server.key 1024"
8112
msgstr ""
8113
8114
#: serverguide/C/security.xml:1437(programlisting)
8115
#, no-wrap
8116
msgid ""
8117
"\n"
8118
"Generating RSA private key, 1024 bit long modulus\n"
8119
".....................++++++\n"
8120
".................++++++\n"
8121
"unable to write 'random state'\n"
8122
"e is 65537 (0x10001)\n"
8123
"Enter pass phrase for server.key:\n"
8124
msgstr ""
8125
8126
#: serverguide/C/security.xml:1446(para)
8127
msgid ""
8128
"You can now enter your passphrase. For best security, it should at least "
8129
"contain eight characters. The minimum length when specifying -des3 is four "
8130
"characters. It should include numbers and/or punctuation and not be a word "
8131
"in a dictionary. Also remember that your passphrase is case-sensitive."
8132
msgstr ""
8133
8134
#: serverguide/C/security.xml:1454(para)
8135
msgid ""
8136
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
8137
"server key is generated and stored in the <filename>server.key</filename> "
8138
"file."
8139
msgstr ""
8140
8141
#: serverguide/C/security.xml:1460(para)
8142
msgid ""
8143
"Now create the insecure key, the one without a passphrase, and shuffle the "
8144
"key names:"
8145
msgstr ""
8146
8147
#: serverguide/C/security.xml:1466(command)
8148
msgid "openssl rsa -in server.key -out server.key.insecure"
8149
msgstr ""
8150
8151
#: serverguide/C/security.xml:1467(command)
8152
msgid "mv server.key server.key.secure"
8153
msgstr ""
8154
8155
#: serverguide/C/security.xml:1468(command)
8156
msgid "mv server.key.insecure server.key"
8157
msgstr ""
8158
8159
#: serverguide/C/security.xml:1471(para)
8160
msgid ""
8161
"The insecure key is now named <filename>server.key</filename>, and you can "
8162
"use this file to generate the CSR without passphrase."
8163
msgstr ""
8164
8165
#: serverguide/C/security.xml:1476(para)
8166
msgid "To create the CSR, run the following command at a terminal prompt:"
8167
msgstr ""
8168
8169
#: serverguide/C/security.xml:1481(command)
8170
msgid "openssl req -new -key server.key -out server.csr"
8171
msgstr ""
8172
8173
#: serverguide/C/security.xml:1484(para)
8174
msgid ""
8175
"It will prompt you enter the passphrase. If you enter the correct "
8176
"passphrase, it will prompt you to enter Company Name, Once you enter all "
8177
"these details, your CSR will be created and it will be stored in the "
8178
"<filename>server.csr</filename> file. Site Name, Email Id, etc."
8179
msgstr ""
8180
8181
#: serverguide/C/security.xml:1492(para)
8182
msgid ""
8183
"You can now submit this CSR file to a CA for processing. The CA will use "
8184
"this CSR file and issue the certificate. On the other hand, you can create "
8185
"self-signed certificate using this CSR."
8186
msgstr ""
8187
8188
#: serverguide/C/security.xml:1500(title)
8189
msgid "Creating a Self-Signed Certificate"
8190
msgstr ""
8191
8192
#: serverguide/C/security.xml:1501(para)
8193
msgid ""
8194
"To create the self-signed certificate, run the following command at a "
8195
"terminal prompt:"
8196
msgstr ""
8197
8198
#: serverguide/C/security.xml:1506(command)
8199
msgid ""
8200
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8201
"server.crt"
8202
msgstr ""
8203
8204
#: serverguide/C/security.xml:1509(para)
8205
msgid ""
8206
"The above command will prompt you to enter the passphrase. Once you enter "
8207
"the correct passphrase, your certificate will be created and it will be "
8208
"stored in the <filename>server.crt</filename> file."
8209
msgstr ""
8210
8211
#: serverguide/C/security.xml:1514(para)
8212
msgid ""
8213
"If your secure server is to be used in a production environment, you "
8214
"probably need a CA-signed certificate. It is not recommended to use self-"
8215
"signed certificate."
8216
msgstr ""
8217
8218
#: serverguide/C/security.xml:1522(title)
8219
msgid "Installing the Certificate"
8220
msgstr ""
8221
8222
#: serverguide/C/security.xml:1524(para)
8223
msgid ""
8224
"You can install the key file <filename>server.key</filename> and certificate "
8225
"file <filename>server.crt</filename>, or the certificate file issued by your "
8226
"CA, by running following commands at a terminal prompt:"
8227
msgstr ""
8228
8229
#: serverguide/C/security.xml:1530(command)
8230
msgid "sudo cp server.crt /etc/ssl/certs"
8231
msgstr ""
8232
8233
#: serverguide/C/security.xml:1531(command)
8234
msgid "sudo cp server.key /etc/ssl/private"
8235
msgstr ""
8236
8237
#: serverguide/C/security.xml:1533(para)
8238
msgid ""
8239
"Now simply configure any applications, with the ability to use public-key "
8240
"cryptography, to use the <emphasis>certificate</emphasis> and "
8241
"<emphasis>key</emphasis> files. For example, "
8242
"<application>Apache</application> can provide HTTPS, "
8243
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
8244
msgstr ""
8245
8246
#: serverguide/C/security.xml:1540(title)
8247
msgid "Certification Authority"
8248
msgstr ""
8249
8250
#: serverguide/C/security.xml:1542(para)
8251
msgid ""
8252
"If the services on your network require more than a few self-signed "
8253
"certificates it may be worth the additional effort to setup your own "
8254
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
8255
"certificates signed by your own CA, allows the various services using the "
8256
"certificates to easily trust other services using certificates issued from "
8257
"the same CA."
8258
msgstr ""
8259
8260
#: serverguide/C/security.xml:1552(para)
8261
msgid ""
8262
"First, create the directories to hold the CA certificate and related files:"
8263
msgstr ""
8264
8265
#: serverguide/C/security.xml:1557(command)
8266
msgid "sudo mkdir /etc/ssl/CA"
8267
msgstr ""
8268
8269
#: serverguide/C/security.xml:1558(command)
8270
msgid "sudo mkdir /etc/ssl/newcerts"
8271
msgstr ""
8272
8273
#: serverguide/C/security.xml:1564(para)
8274
msgid ""
8275
"The CA needs a few additional files to operate, one to keep track of the "
8276
"last serial number used by the CA, each certificate must have a unique "
8277
"serial number, and another file to record which certificates have been "
8278
"issued:"
8279
msgstr ""
8280
8281
#: serverguide/C/security.xml:1571(command)
8282
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
8283
msgstr ""
8284
8285
#: serverguide/C/security.xml:1572(command)
8286
msgid "sudo touch /etc/ssl/CA/index.txt"
8287
msgstr ""
8288
8289
#: serverguide/C/security.xml:1578(para)
8290
msgid ""
8291
"The third file is a CA configuration file. Though not strictly necessary, it "
8292
"is very convenient when issuing multiple certificates. Edit "
8293
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
8294
"]</emphasis> change:"
8295
msgstr ""
8296
8297
#: serverguide/C/security.xml:1584(programlisting)
8298
#, no-wrap
8299
msgid ""
8300
"\n"
8301
"dir = /etc/ssl/ # Where everything is kept\n"
8302
"database = $dir/CA/index.txt # database index file.\n"
8303
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
8304
"serial = $dir/CA/serial # The current serial number\n"
8305
"private_key = $dir/private/cakey.pem# The private key\n"
8306
msgstr ""
8307
8308
#: serverguide/C/security.xml:1595(para)
8309
msgid "Next, create the self-singed root certificate:"
8310
msgstr ""
8311
8312
#: serverguide/C/security.xml:1600(command)
8313
msgid ""
8314
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
8315
"days 3650"
8316
msgstr ""
8317
8318
#: serverguide/C/security.xml:1603(para)
8319
msgid "You will then be asked to enter the details about the certificate."
8320
msgstr ""
8321
8322
#: serverguide/C/security.xml:1610(para)
8323
msgid "Now install the root certificate and key:"
8324
msgstr ""
8325
8326
#: serverguide/C/security.xml:1615(command)
8327
msgid "sudo mv cakey.pem /etc/ssl/private/"
8328
msgstr ""
8329
8330
#: serverguide/C/security.xml:1616(command)
8331
msgid "sudo mv cacert.pem /etc/ssl/certs/"
8332
msgstr ""
8333
8334
#: serverguide/C/security.xml:1622(para)
8335
msgid ""
8336
"You are now ready to start signing certificates. The first item needed is a "
8337
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
8338
"for details. Once you have a CSR, enter the following to generate a "
8339
"certificate signed by the CA:"
8340
msgstr ""
8341
8342
#: serverguide/C/security.xml:1629(command)
8343
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
8344
msgstr ""
8345
8346
#: serverguide/C/security.xml:1632(para)
8347
msgid ""
8348
"After entering the password for the CA key, you will be prompted to sign the "
8349
"certificate, and again to commit the new certificate. You should then see a "
8350
"somewhat large amount of output related to the certificate creation."
8351
msgstr ""
8352
8353
#: serverguide/C/security.xml:1641(para)
8354
msgid ""
8355
"There should now be a new file, "
8356
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
8357
"Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
8358
"</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
8359
"file named after the hostname of the server where the certificate will be "
8360
"installed. For example <filename>mail.example.com.crt</filename>, is a nice "
8361
"descriptive name."
8362
msgstr ""
8363
8364
#: serverguide/C/security.xml:1649(para)
8365
msgid ""
8366
"Subsequent certificates will be named <filename>02.pem</filename>, "
8367
"<filename>03.pem</filename>, etc."
8368
msgstr ""
8369
8370
#: serverguide/C/security.xml:1654(para)
8371
msgid ""
8372
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
8373
"name."
8374
msgstr ""
8375
8376
#: serverguide/C/security.xml:1662(para)
8377
msgid ""
8378
"Finally, copy the new certificate to the host that needs it, and configure "
8379
"the appropriate applications to use it. The default location to install "
8380
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
8381
"enables multiple services to use the same certificate without overly "
8382
"complicated file permissions."
8383
msgstr ""
8384
8385
#: serverguide/C/security.xml:1668(para)
8386
msgid ""
8387
"For applications that can be configured to use a CA certificate, you should "
8388
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
8389
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
8390
"server."
8391
msgstr ""
8392
8393
#: serverguide/C/security.xml:1682(para)
8394
msgid ""
8395
"For more detailed instructions on using cryptography see the <ulink "
8396
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
8397
"Certificates HOWTO</ulink> by tlpd.org"
8398
msgstr ""
8399
8400
#: serverguide/C/security.xml:1688(para)
8401
msgid ""
8402
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
8403
"of Certificate Authorities."
8404
msgstr ""
8405
8406
#: serverguide/C/security.xml:1693(para)
8407
msgid ""
8408
"The Wikipedia <ulink "
8409
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8410
"information regarding HTTPS."
8411
msgstr ""
8412
8413
#: serverguide/C/security.xml:1698(para)
8414
msgid ""
8415
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8416
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8417
msgstr ""
8418
8419
#: serverguide/C/security.xml:1703(para)
8420
msgid ""
8421
"Also, O'Reilly's <ulink "
8422
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8423
"OpenSSL</ulink> is a good in depth reference."
8424
msgstr ""
8425
8426
#: serverguide/C/security.xml:1712(title)
8427
msgid "eCryptfs"
8428
msgstr ""
8429
8430
#: serverguide/C/security.xml:1714(para)
8431
msgid ""
8432
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
8433
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
8434
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
8435
"filesystem, partition type, etc."
8436
msgstr ""
8437
8438
#: serverguide/C/security.xml:1720(para)
8439
msgid ""
8440
"During installation there is an option to encrypt the <filename "
8441
"role=\"directory\">/home</filename> partition. This will automatically "
8442
"configure everything needed to encrypt and mount the partition."
8443
msgstr ""
8444
8445
#: serverguide/C/security.xml:1725(para)
8446
msgid ""
8447
"As an example, this section will cover configuring <filename "
8448
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
8449
msgstr ""
8450
8451
#: serverguide/C/security.xml:1730(title)
8452
msgid "Using eCryptfs"
8453
msgstr ""
8454
8455
#: serverguide/C/security.xml:1732(para)
8456
msgid "First, install the necessary packages. From a terminal prompt enter:"
8457
msgstr ""
8458
8459
#: serverguide/C/security.xml:1737(command)
8460
msgid "sudo apt-get install ecryptfs-utils"
8461
msgstr ""
8462
8463
#: serverguide/C/security.xml:1740(para)
8464
msgid "Now mount the partition to be encrypted:"
8465
msgstr ""
8466
8467
#: serverguide/C/security.xml:1745(command)
8468
msgid "sudo mount -t ecryptfs /srv /srv"
8469
msgstr ""
8470
8471
#: serverguide/C/security.xml:1748(para)
8472
msgid ""
8473
"You will then be prompted for some details on how "
8474
"<application>ecryptfs</application> should encrypt the data."
8475
msgstr ""
8476
8477
#: serverguide/C/security.xml:1752(para)
8478
msgid ""
8479
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8480
"copy the <filename>/etc/default</filename> folder to "
8481
"<filename>/srv</filename>:"
8482
msgstr ""
8483
8484
#: serverguide/C/security.xml:1758(command) serverguide/C/clustering.xml:192(command)
8485
msgid "sudo cp -r /etc/default /srv"
8486
msgstr ""
8487
8488
#: serverguide/C/security.xml:1761(para)
8489
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8490
msgstr ""
8491
8492
#: serverguide/C/security.xml:1766(command) serverguide/C/installation.xml:1089(command) serverguide/C/clustering.xml:200(command)
8493
msgid "sudo umount /srv"
8494
msgstr ""
8495
8496
#: serverguide/C/security.xml:1767(command)
8497
msgid "cat /srv/default/cron"
8498
msgstr ""
8499
8500
#: serverguide/C/security.xml:1770(para)
8501
msgid ""
8502
"Remounting <filename>/srv</filename> using "
8503
"<application>ecryptfs</application> will make the data viewable once again."
8504
msgstr ""
8505
8506
#: serverguide/C/security.xml:1776(title)
8507
msgid "Automatically Mounting Encrypted Partitions"
8508
msgstr ""
8509
8510
#: serverguide/C/security.xml:1778(para)
8511
msgid ""
8512
"There are a couple of ways to automatically mount an "
8513
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8514
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
8515
"mount options, along with a passphrase file residing on a USB key."
8516
msgstr ""
8517
8518
#: serverguide/C/security.xml:1784(para)
8519
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8520
msgstr ""
8521
8522
#: serverguide/C/security.xml:1788(programlisting)
8523
#, no-wrap
8524
msgid ""
8525
"\n"
8526
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
8527
"ecryptfs_sig=5826dd62cf81c615\n"
8528
"ecryptfs_cipher=aes\n"
8529
"ecryptfs_key_bytes=16\n"
8530
"ecryptfs_passthrough=n\n"
8531
"ecryptfs_enable_filename_crypto=n\n"
8532
msgstr ""
8533
8534
#: serverguide/C/security.xml:1798(para)
8535
msgid ""
8536
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8537
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8538
msgstr ""
8539
8540
#: serverguide/C/security.xml:1803(para)
8541
msgid ""
8542
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8543
"file:"
8544
msgstr ""
8545
8546
#: serverguide/C/security.xml:1807(programlisting)
8547
#, no-wrap
8548
msgid ""
8549
"\n"
8550
"passphrase_passwd=[secrets]\n"
8551
msgstr ""
8552
8553
#: serverguide/C/security.xml:1811(para)
8554
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8555
msgstr ""
8556
8557
#: serverguide/C/security.xml:1815(programlisting)
8558
#, no-wrap
8559
msgid ""
8560
"\n"
8561
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
8562
"/srv /srv ecryptfs defaults 0 0\n"
8563
msgstr ""
8564
8565
#: serverguide/C/security.xml:1820(para)
8566
msgid "Make sure the USB drive is mounted before the encrypted partition."
8567
msgstr ""
8568
8569
#: serverguide/C/security.xml:1824(para)
8570
msgid ""
8571
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8572
"ecryptfs."
8573
msgstr ""
8574
8575
#: serverguide/C/security.xml:1832(para)
8576
msgid ""
8577
"The <application>ecryptfs-utils</application> package includes several other "
8578
"useful utilities:"
8579
msgstr ""
8580
8581
#: serverguide/C/security.xml:1838(para)
8582
msgid ""
8583
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8584
"<filename>~/Private</filename> directory to contain encrypted information. "
8585
"This utility can be run by unprivileged users to keep data private from "
8586
"other users on the system."
8587
msgstr ""
8588
8589
#: serverguide/C/security.xml:1845(para)
8590
msgid ""
8591
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8592
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8593
"directory."
8594
msgstr ""
8595
8596
#: serverguide/C/security.xml:1851(para)
8597
msgid ""
8598
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8599
"kernel keyring."
8600
msgstr ""
8601
8602
#: serverguide/C/security.xml:1856(para)
8603
msgid ""
8604
"<emphasis>ecryptfs-manager:</emphasis> manages "
8605
"<application>eCryptfs</application> objects such as keys."
8606
msgstr ""
8607
8608
#: serverguide/C/security.xml:1861(para)
8609
msgid ""
8610
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8611
"<application>ecryptfs</application> meta information for a file."
8612
msgstr ""
8613
8614
#: serverguide/C/security.xml:1874(para)
8615
msgid ""
8616
"For more information on eCryptfs see the <ulink "
8617
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
8618
msgstr ""
8619
8620
#: serverguide/C/security.xml:1879(para)
8621
msgid ""
8622
"There is also a <ulink "
8623
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8624
"article covering eCryptfs."
8625
msgstr ""
8626
8627
#: serverguide/C/security.xml:1884(para)
8628
msgid ""
8629
"Also, for more <application>ecryptfs</application> options see the <ulink "
8630
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8631
"ryptfs man page</ulink>."
8632
msgstr ""
8633
8634
#: serverguide/C/remote-administration.xml:13(title)
8635
msgid "Remote Administration"
8636
msgstr ""
8637
8638
#: serverguide/C/remote-administration.xml:14(para)
8639
msgid ""
8640
"There are many ways to remotely administer a Linux server. This chapter will "
8641
"cover one of the most popular <application>SSH</application> as well as "
8642
"<application>eBox</application>, a web based administration framework."
8643
msgstr ""
8644
8645
#: serverguide/C/remote-administration.xml:23(para)
8646
msgid ""
8647
"This section of the Ubuntu Server Guide introduces a powerful collection of "
8648
"tools for the remote control of networked computers and transfer of data "
8649
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
8650
"also learn about some of the configuration settings possible with the "
8651
"OpenSSH server application and how to change them on your Ubuntu system."
8652
msgstr ""
8653
8654
#: serverguide/C/remote-administration.xml:30(para)
8655
msgid ""
8656
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
8657
"family of tools for remotely controlling a computer or transferring files "
8658
"between computers. Traditional tools used to accomplish these functions, "
8659
"such as <application>telnet</application> or <application>rcp</application>, "
8660
"are insecure and transmit the user's password in cleartext when used. "
8661
"OpenSSH provides a server daemon and client tools to facilitate secure, "
8662
"encrypted remote control and file transfer operations, effectively replacing "
8663
"the legacy tools."
8664
msgstr ""
8665
8666
#: serverguide/C/remote-administration.xml:39(para)
8667
msgid ""
8668
"The OpenSSH server component, <application>sshd</application>, listens "
8669
"continuously for client connections from any of the client tools. When a "
8670
"connection request occurs, <application>sshd</application> sets up the "
8671
"correct connection depending on the type of client tool connecting. For "
8672
"example, if the remote computer is connecting with the "
8673
"<application>ssh</application> client application, the OpenSSH server sets "
8674
"up a remote control session after authentication. If a remote user connects "
8675
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
8676
"daemon initiates a secure copy of files between the server and client after "
8677
"authentication. OpenSSH can use many authentication methods, including plain "
8678
"password, public key, and <application>Kerberos</application> tickets."
8679
msgstr ""
8680
8681
#: serverguide/C/remote-administration.xml:53(para)
8682
msgid ""
8683
"Installation of the OpenSSH client and server applications is simple. To "
8684
"install the OpenSSH client applications on your Ubuntu system, use this "
8685
"command at a terminal prompt:"
8686
msgstr ""
8687
8688
#: serverguide/C/remote-administration.xml:59(command)
8689
msgid "sudo apt-get install openssh-client"
8690
msgstr ""
8691
8692
#: serverguide/C/remote-administration.xml:61(para)
8693
msgid ""
8694
"To install the OpenSSH server application, and related support files, use "
8695
"this command at a terminal prompt:"
8696
msgstr ""
8697
8698
#: serverguide/C/remote-administration.xml:66(command)
8699
msgid "sudo apt-get install openssh-server"
8700
msgstr ""
8701
8702
#: serverguide/C/remote-administration.xml:68(para)
8703
msgid ""
8704
"The <application>openssh-server</application> package can also be selected "
8705
"to install during the Server Edition installation process."
8706
msgstr ""
8707
8708
#: serverguide/C/remote-administration.xml:75(para)
8709
msgid ""
8710
"You may configure the default behavior of the OpenSSH server application, "
8711
"<application>sshd</application>, by editing the file "
8712
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
8713
"configuration directives used in this file, you may view the appropriate "
8714
"manual page with the following command, issued at a terminal prompt:"
8715
msgstr ""
8716
8717
#: serverguide/C/remote-administration.xml:83(command)
8718
msgid "man sshd_config"
8719
msgstr ""
8720
8721
#: serverguide/C/remote-administration.xml:85(para)
8722
msgid ""
8723
"There are many directives in the <application>sshd</application> "
8724
"configuration file controlling such things as communication settings and "
8725
"authentication modes. The following are examples of configuration directives "
8726
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
8727
"file."
8728
msgstr ""
8729
8730
#: serverguide/C/remote-administration.xml:92(para)
8731
msgid ""
8732
"Prior to editing the configuration file, you should make a copy of the "
8733
"original file and protect it from writing so you will have the original "
8734
"settings as a reference and to reuse as necessary."
8735
msgstr ""
8736
8737
#: serverguide/C/remote-administration.xml:96(para)
8738
msgid ""
8739
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
8740
"writing with the following commands, issued at a terminal prompt:"
8741
msgstr ""
8742
8743
#: serverguide/C/remote-administration.xml:101(command)
8744
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
8745
msgstr ""
8746
8747
#: serverguide/C/remote-administration.xml:102(command)
8748
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
8749
msgstr ""
8750
8751
#: serverguide/C/remote-administration.xml:104(para)
8752
msgid ""
8753
"The following are examples of configuration directives you may change:"
8754
msgstr ""
8755
8756
#: serverguide/C/remote-administration.xml:109(para)
8757
msgid ""
8758
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
8759
"port 22, change the Port directive as such:"
8760
msgstr ""
8761
8762
#: serverguide/C/remote-administration.xml:113(para)
8763
msgid "Port 2222"
8764
msgstr ""
8765
8766
#: serverguide/C/remote-administration.xml:118(para)
8767
msgid ""
8768
"To have <application>sshd</application> allow public key-based login "
8769
"credentials, simply add or modify the line:"
8770
msgstr ""
8771
8772
#: serverguide/C/remote-administration.xml:122(para)
8773
msgid "PubkeyAuthentication yes"
8774
msgstr ""
8775
8776
#: serverguide/C/remote-administration.xml:125(para)
8777
msgid ""
8778
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
8779
"present, ensure the line is not commented out."
8780
msgstr ""
8781
8782
#: serverguide/C/remote-administration.xml:131(para)
8783
msgid ""
8784
"To make your OpenSSH server display the contents of the "
8785
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
8786
"or modify the line:"
8787
msgstr ""
8788
8789
#: serverguide/C/remote-administration.xml:136(para)
8790
msgid "Banner /etc/issue.net"
8791
msgstr ""
8792
8793
#: serverguide/C/remote-administration.xml:139(para)
8794
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
8795
msgstr ""
8796
8797
#: serverguide/C/remote-administration.xml:144(para)
8798
msgid ""
8799
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
8800
"save the file, and restart the <application>sshd</application> server "
8801
"application to effect the changes using the following command at a terminal "
8802
"prompt:"
8803
msgstr ""
8804
8805
#: serverguide/C/remote-administration.xml:153(para)
8806
msgid ""
8807
"Many other configuration directives for <application>sshd</application> are "
8808
"available for changing the server application's behavior to fit your needs. "
8809
"Be advised, however, if your only method of access to a server is "
8810
"<application>ssh</application>, and you make a mistake in configuring "
8811
"<application>sshd</application> via the "
8812
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
8813
"out of the server upon restarting it, or that the "
8814
"<application>sshd</application> server refuses to start due to an incorrect "
8815
"configuration directive, so be extra careful when editing this file on a "
8816
"remote server."
8817
msgstr ""
8818
8819
#: serverguide/C/remote-administration.xml:168(title)
8820
msgid "SSH Keys"
8821
msgstr ""
8822
8823
#: serverguide/C/remote-administration.xml:169(para)
8824
msgid ""
8825
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
8826
"the need of a password. SSH key authentication uses two keys a "
8827
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
8828
msgstr ""
8829
8830
#: serverguide/C/remote-administration.xml:173(para)
8831
msgid "To generate the keys, from a terminal prompt enter:"
8832
msgstr ""
8833
8834
#: serverguide/C/remote-administration.xml:177(command)
8835
msgid "ssh-keygen -t dsa"
8836
msgstr ""
8837
8838
#: serverguide/C/remote-administration.xml:179(para)
8839
msgid ""
8840
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
8841
"identity of the user. During the process you will be prompted for a "
8842
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
8843
"key."
8844
msgstr ""
8845
8846
#: serverguide/C/remote-administration.xml:183(para)
8847
msgid ""
8848
"By default the <emphasis>public</emphasis> key is saved in the file "
8849
"<filename>~/.ssh/id_dsa.pub</filename>, while "
8850
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
8851
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
8852
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
8853
msgstr ""
8854
8855
#: serverguide/C/remote-administration.xml:189(command)
8856
msgid "ssh-copy-id username@remotehost"
8857
msgstr ""
8858
8859
#: serverguide/C/remote-administration.xml:191(para)
8860
msgid ""
8861
"Finally, double check the permissions on the "
8862
"<filename>authorized_keys</filename> file, only the authenticated user "
8863
"should have read and write permissions. If the permissions are not correct "
8864
"change them by:"
8865
msgstr ""
8866
8867
#: serverguide/C/remote-administration.xml:196(command)
8868
msgid "chmod 644 .ssh/authorized_keys"
8869
msgstr ""
8870
8871
#: serverguide/C/remote-administration.xml:198(para)
8872
msgid ""
8873
"You should now be able to SSH to the host without being prompted for a "
8874
"password."
8875
msgstr ""
8876
8877
#: serverguide/C/remote-administration.xml:205(ulink)
8878
msgid "OpenSSH Website"
8879
msgstr ""
8880
8881
#: serverguide/C/remote-administration.xml:208(ulink)
8882
msgid "Advanced OpenSSH Wiki Page"
8883
msgstr ""
8884
8885
#: serverguide/C/remote-administration.xml:213(title)
8886
msgid "eBox"
8887
msgstr ""
8888
8889
#: serverguide/C/remote-administration.xml:214(para)
8890
msgid ""
8891
"<application>eBox</application> is a web framework used to manage server "
8892
"application configuration. The modular design of eBox allows you to pick and "
8893
"choose which services you want to configure using eBox."
8894
msgstr ""
8895
8896
#: serverguide/C/remote-administration.xml:221(para)
8897
msgid ""
8898
"The different <application>eBox</application> modules are split into "
8899
"different packages, allowing you to only install those necessary. One way to "
8900
"view the available packages is to enter the following from a terminal:"
8901
msgstr ""
8902
8903
#: serverguide/C/remote-administration.xml:227(command)
8904
msgid "apt-cache rdepends ebox | uniq"
8905
msgstr ""
8906
8907
#: serverguide/C/remote-administration.xml:229(para)
8908
msgid ""
8909
"To install the <application>ebox</application> package, which contains the "
8910
"default modules, enter the following:"
8911
msgstr ""
8912
8913
#: serverguide/C/remote-administration.xml:234(command)
8914
msgid "sudo apt-get install ebox"
8915
msgstr ""
8916
8917
#: serverguide/C/remote-administration.xml:237(para)
8918
msgid ""
8919
"During the installation you will be asked to supply a password for the ebox "
8920
"user. After installing eBox the web interface can be accessed from: "
8921
"<emphasis>https://yourserver/ebox</emphasis>."
8922
msgstr ""
8923
8924
#: serverguide/C/remote-administration.xml:246(para)
8925
msgid ""
8926
"An important thing to remember when using <application>eBox</application> is "
8927
"that when configuring most modules there is a <emphasis>Change</emphasis> "
8928
"button that implements the new configuration. After clicking the Change "
8929
"button most, but not all, modules will then need to be "
8930
"<emphasis>Saved</emphasis>. To save the new configuration click on the "
8931
"<quote>Save changes</quote> link in the top right hand corner."
8932
msgstr ""
8933
8934
#: serverguide/C/remote-administration.xml:254(para)
8935
msgid ""
8936
"Once you make a change that requires a Save, the link will change from green "
8937
"to red."
8938
msgstr ""
8939
8940
#: serverguide/C/remote-administration.xml:260(title)
8941
msgid "eBox Modules"
8942
msgstr ""
8943
8944
#: serverguide/C/remote-administration.xml:261(para)
8945
msgid ""
8946
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
8947
"new module is installed it will not be automatically enabled."
8948
msgstr ""
8949
8950
#: serverguide/C/remote-administration.xml:265(para)
8951
msgid ""
8952
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
8953
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
8954
"which modules you would like to enable and click the <quote>Save</quote> "
8955
"link."
8956
msgstr ""
8957
8958
#: serverguide/C/remote-administration.xml:271(title)
8959
msgid "Default Modules"
8960
msgstr ""
8961
8962
#: serverguide/C/remote-administration.xml:272(para)
8963
msgid ""
8964
"This section provides a quick summary of the default "
8965
"<application>eBox</application> modules."
8966
msgstr ""
8967
8968
#: serverguide/C/remote-administration.xml:278(para)
8969
msgid ""
8970
"<emphasis>System:</emphasis> contains options allowing configuration of "
8971
"general eBox items."
8972
msgstr ""
8973
8974
#: serverguide/C/remote-administration.xml:284(para)
8975
msgid ""
8976
"<emphasis>General:</emphasis> allows you to set the language, port number, "
8977
"and contains a change password form."
8978
msgstr ""
8979
8980
#: serverguide/C/remote-administration.xml:290(para)
8981
msgid ""
8982
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
8983
"about disk usage."
8984
msgstr ""
8985
8986
#: serverguide/C/remote-administration.xml:296(para)
8987
msgid ""
8988
"<emphasis>Backup:</emphasis> is used to backup "
8989
"<application>eBox</application> configuration information, and the "
8990
"<emphasis>Full Backup</emphasis> option allows you to save all eBox "
8991
"information not included in the <emphasis>Configuration</emphasis> option "
8992
"such as log files."
8993
msgstr ""
8994
8995
#: serverguide/C/remote-administration.xml:304(para)
8996
msgid ""
8997
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
8998
msgstr ""
8999
9000
#: serverguide/C/remote-administration.xml:309(para)
9001
msgid ""
9002
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
9003
"when reporting bugs to the eBox developers."
9004
msgstr ""
9005
9006
#: serverguide/C/remote-administration.xml:317(para)
9007
msgid ""
9008
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9009
"queried depending on the purge time configured."
9010
msgstr ""
9011
9012
#: serverguide/C/remote-administration.xml:323(para)
9013
msgid ""
9014
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9015
"through rss, jabber, and log file."
9016
msgstr ""
9017
9018
#: serverguide/C/remote-administration.xml:330(emphasis)
9019
msgid "Available Events:"
9020
msgstr ""
9021
9022
#: serverguide/C/remote-administration.xml:334(para)
9023
msgid ""
9024
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9025
"drops below a configured percentage, 10% by default."
9026
msgstr ""
9027
9028
#: serverguide/C/remote-administration.xml:340(para)
9029
msgid ""
9030
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9031
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
9032
msgstr ""
9033
9034
#: serverguide/C/remote-administration.xml:346(para)
9035
msgid ""
9036
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9037
"any issues arise."
9038
msgstr ""
9039
9040
#: serverguide/C/remote-administration.xml:352(para)
9041
msgid ""
9042
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9043
"times in a short time period."
9044
msgstr ""
9045
9046
#: serverguide/C/remote-administration.xml:358(para)
9047
msgid ""
9048
"<emphasis>State:</emphasis> alerts on the state of "
9049
"<application>eBox</application>, either up or down."
9050
msgstr ""
9051
9052
#: serverguide/C/remote-administration.xml:367(emphasis)
9053
msgid "Dispatchers:"
9054
msgstr ""
9055
9056
#: serverguide/C/remote-administration.xml:371(para)
9057
msgid ""
9058
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9059
"<application>eBox</application> log file "
9060
"<filename>/var/log/ebox/ebox.log</filename>."
9061
msgstr ""
9062
9063
#: serverguide/C/remote-administration.xml:378(para)
9064
msgid ""
9065
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9066
"configure it by clicking on the <quote>Configure</quote> icon."
9067
msgstr ""
9068
9069
#: serverguide/C/remote-administration.xml:384(para)
9070
msgid ""
9071
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9072
"subscribe to the link in order to view event alerts."
9073
msgstr ""
9074
9075
#: serverguide/C/remote-administration.xml:397(title)
9076
msgid "Additional Modules"
9077
msgstr ""
9078
9079
#: serverguide/C/remote-administration.xml:398(para)
9080
msgid ""
9081
"Here is a quick description of other available "
9082
"<application>eBox</application> modules:"
9083
msgstr ""
9084
9085
#: serverguide/C/remote-administration.xml:403(para)
9086
msgid ""
9087
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9088
"options through eBox."
9089
msgstr ""
9090
9091
#: serverguide/C/remote-administration.xml:409(para)
9092
msgid ""
9093
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9094
msgstr ""
9095
9096
#: serverguide/C/remote-administration.xml:414(para)
9097
msgid ""
9098
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9099
"groups contained in an <application>OpenLDAP</application> LDAP directory."
9100
msgstr ""
9101
9102
#: serverguide/C/remote-administration.xml:420(para)
9103
msgid ""
9104
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9105
"server."
9106
msgstr ""
9107
9108
#: serverguide/C/remote-administration.xml:425(para)
9109
msgid ""
9110
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9111
"server configuration options."
9112
msgstr ""
9113
9114
#: serverguide/C/remote-administration.xml:431(para)
9115
msgid ""
9116
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9117
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9118
"group of IPs."
9119
msgstr ""
9120
9121
#: serverguide/C/remote-administration.xml:438(para)
9122
msgid ""
9123
"<emphasis>Services:</emphasis> displays configuration information for "
9124
"services that are available to the network."
9125
msgstr ""
9126
9127
#: serverguide/C/remote-administration.xml:444(para)
9128
msgid ""
9129
"<emphasis>Squid:</emphasis> configuration options for the "
9130
"<application>Squid</application> proxy server."
9131
msgstr ""
9132
9133
#: serverguide/C/remote-administration.xml:450(para)
9134
msgid ""
9135
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9136
msgstr ""
9137
9138
#: serverguide/C/remote-administration.xml:455(para)
9139
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
9140
msgstr ""
9141
9142
#: serverguide/C/remote-administration.xml:460(para)
9143
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
9144
msgstr ""
9145
9146
#: serverguide/C/remote-administration.xml:465(para)
9147
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
9148
msgstr ""
9149
9150
#: serverguide/C/remote-administration.xml:470(para)
9151
msgid ""
9152
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9153
"Network application."
9154
msgstr ""
9155
9156
#: serverguide/C/remote-administration.xml:481(para)
9157
msgid ""
9158
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9159
"Home Page</ulink>."
9160
msgstr ""
9161
9162
#: serverguide/C/package-management.xml:13(title)
9163
msgid "Package Management"
9164
msgstr ""
9165
9166
#: serverguide/C/package-management.xml:14(para)
9167
msgid ""
9168
"Ubuntu features a comprehensive package management system for the "
9169
"installation, upgrade, configuration, and removal of software. In addition "
9170
"to providing access to an organized base of over 24,000 software packages "
9171
"for your Ubuntu computer, the package management facilities also feature "
9172
"dependency resolution capabilities and software update checking."
9173
msgstr ""
9174
9175
#: serverguide/C/package-management.xml:16(para)
9176
msgid ""
9177
"Several tools are available for interacting with Ubuntu's package management "
9178
"system, from simple command-line utilities which may be easily automated by "
9179
"system administrators, to a simple graphical interface which is easy to use "
9180
"by those new to Ubuntu."
9181
msgstr ""
9182
9183
#: serverguide/C/package-management.xml:21(para)
9184
msgid ""
9185
"Ubuntu's package management system is derived from the same system used by "
9186
"the Debian GNU/Linux distribution. The package files contain all of the "
9187
"necessary files, meta-data, and instructions to implement a particular "
9188
"functionality or software application on your Ubuntu computer."
9189
msgstr ""
9190
9191
#: serverguide/C/package-management.xml:24(para)
9192
msgid ""
9193
"Debian package files typically have the extension '.deb', and typically "
9194
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
9195
"collections of packages found on various media, such as CD-ROM discs, or "
9196
"online. Packages are normally of the pre-compiled binary format; thus "
9197
"installation is quick and requires no compiling of software."
9198
msgstr ""
9199
9200
#: serverguide/C/package-management.xml:27(para)
9201
msgid ""
9202
"Many complex packages use the concept of <emphasis "
9203
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
9204
"packages required by the principal package in order to function properly. "
9205
"For example, the speech synthesis package "
9206
"<application>Festival</application> depends upon the package "
9207
"<application>libasound2</application>, which is a package supplying the "
9208
"<application>ALSA</application> sound library needed for audio playback. In "
9209
"order for <application>Festival</application> to function, it and all of its "
9210
"dependencies must be installed. The software management tools in Ubuntu will "
9211
"do this automatically."
9212
msgstr ""
9213
9214
#: serverguide/C/package-management.xml:32(title)
9215
msgid "dpkg"
9216
msgstr ""
9217
9218
#: serverguide/C/package-management.xml:34(para)
9219
msgid ""
9220
"<application>dpkg</application> is a package manager for "
9221
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
9222
"packages, but unlike other package management system's it can not "
9223
"automatically download and install packages and their dependencies. This "
9224
"section covers using <application>dpkg</application> to manage locally "
9225
"installed packages:"
9226
msgstr ""
9227
9228
#: serverguide/C/package-management.xml:43(para)
9229
msgid ""
9230
"To list all packages installed on the system, from a terminal prompt enter:"
9231
msgstr ""
9232
9233
#: serverguide/C/package-management.xml:48(command)
9234
msgid "dpkg -l"
9235
msgstr ""
9236
9237
#: serverguide/C/package-management.xml:54(para)
9238
msgid ""
9239
"Depending on the amount of packages on your system, this can generate a "
9240
"large amount of output. Pipe the output through "
9241
"<application>grep</application> to see if a specific package is installed:"
9242
msgstr ""
9243
9244
#: serverguide/C/package-management.xml:60(command)
9245
msgid "dpkg -l | grep apache2"
9246
msgstr ""
9247
9248
#: serverguide/C/package-management.xml:63(para)
9249
msgid ""
9250
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
9251
"package name, or other regular expression."
9252
msgstr ""
9253
9254
#: serverguide/C/package-management.xml:70(para)
9255
msgid ""
9256
"To list the files installed by a package, in this case the "
9257
"<application>ufw</application> package, enter:"
9258
msgstr ""
9259
9260
#: serverguide/C/package-management.xml:75(command)
9261
msgid "dpkg -L ufw"
9262
msgstr ""
9263
9264
#: serverguide/C/package-management.xml:81(para)
9265
msgid ""
9266
"If you are not sure which package installed a file, <application>dpkg -"
9267
"S</application> may be able to tell you. For example:"
9268
msgstr ""
9269
9270
#: serverguide/C/package-management.xml:87(command)
9271
msgid "dpkg -S /etc/host.conf"
9272
msgstr ""
9273
9274
#: serverguide/C/package-management.xml:88(computeroutput)
9275
#, no-wrap
9276
msgid "base-files: /etc/host.conf"
9277
msgstr ""
9278
9279
#: serverguide/C/package-management.xml:91(para)
9280
msgid ""
9281
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
9282
"<application>base-files</application> package."
9283
msgstr ""
9284
9285
#: serverguide/C/package-management.xml:96(para)
9286
msgid ""
9287
"Many files are automatically generated during the package install process, "
9288
"and even though they are on the filesystem <command>dpkg -S</command> may "
9289
"not know which package they belong to."
9290
msgstr ""
9291
9292
#: serverguide/C/package-management.xml:105(para)
9293
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
9294
msgstr ""
9295
9296
#: serverguide/C/package-management.xml:110(command)
9297
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
9298
msgstr ""
9299
9300
#: serverguide/C/package-management.xml:113(para)
9301
msgid ""
9302
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
9303
"the local .deb file."
9304
msgstr ""
9305
9306
#: serverguide/C/package-management.xml:120(para)
9307
msgid "Uninstalling a package can be accomplished by:"
9308
msgstr ""
9309
9310
#: serverguide/C/package-management.xml:125(command)
9311
msgid "sudo dpkg -r zip"
9312
msgstr ""
9313
9314
#: serverguide/C/package-management.xml:129(para)
9315
msgid ""
9316
"Uninstalling packages using <application>dpkg</application>, in most cases, "
9317
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
9318
"manager that handles dependencies, to ensure that the system is in a "
9319
"consistent state. For example using <command>dpkg -r</command> you can "
9320
"remove the <application>zip</application> package, but any packages that "
9321
"depend on it will still be installed and may no longer function correctly."
9322
msgstr ""
9323
9324
#: serverguide/C/package-management.xml:140(para)
9325
msgid ""
9326
"For more <application>dpkg</application> options see the man page: "
9327
"<command>man dpkg</command>."
9328
msgstr ""
9329
9330
#: serverguide/C/package-management.xml:146(title)
9331
msgid "Apt-Get"
9332
msgstr ""
9333
9334
#: serverguide/C/package-management.xml:147(para)
9335
msgid ""
9336
"The <application>apt-get</application> command is a powerful command-line "
9337
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
9338
"(APT) performing such functions as installation of new software packages, "
9339
"upgrade of existing software packages, updating of the package list index, "
9340
"and even upgrading the entire Ubuntu system."
9341
msgstr ""
9342
9343
#: serverguide/C/package-management.xml:150(para)
9344
msgid ""
9345
"Being a simple command-line tool, <application>apt-get</application> has "
9346
"numerous advantages over other package management tools available in Ubuntu "
9347
"for server administrators. Some of these advantages include ease of use over "
9348
"simple terminal connections (SSH) and the ability to be used in system "
9349
"administration scripts, which can in turn be automated by the "
9350
"<application>cron</application> scheduling utility."
9351
msgstr ""
9352
9353
#: serverguide/C/package-management.xml:157(para)
9354
msgid ""
9355
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
9356
"packages using the <application>apt-get</application> tool is quite simple. "
9357
"For example, to install the network scanner <emphasis "
9358
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
9359
"<command>sudo apt-get install nmap</command>\n"
9360
"</screen>"
9361
msgstr ""
9362
9363
#: serverguide/C/package-management.xml:165(para)
9364
msgid ""
9365
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
9366
"packages is also a straightforward and simple process. To remove the nmap "
9367
"package installed in the previous example, type the following: <screen>\n"
9368
"<command>sudo apt-get remove nmap</command>\n"
9369
"</screen>"
9370
msgstr ""
9371
9372
#: serverguide/C/package-management.xml:172(para)
9373
msgid ""
9374
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
9375
"multiple packages to be installed or removed, separated by spaces."
9376
msgstr ""
9377
9378
#: serverguide/C/package-management.xml:175(para)
9379
msgid ""
9380
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
9381
"remove</command> will remove the package configuration files as well. This "
9382
"may or may not be the desired effect so use with caution."
9383
msgstr ""
9384
9385
#: serverguide/C/package-management.xml:181(para)
9386
msgid ""
9387
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
9388
"index is essentially a database of available packages from the repositories "
9389
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
9390
"the local package index with the latest changes made in repositories, type "
9391
"the following: <screen>\n"
9392
"<command>sudo apt-get update</command>\n"
9393
"</screen>"
9394
msgstr ""
9395
9396
#: serverguide/C/package-management.xml:189(para)
9397
msgid ""
9398
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
9399
"versions of packages currently installed on your computer may become "
9400
"available from the package repositories (for example security updates). To "
9401
"upgrade your system, first update your package index as outlined above, and "
9402
"then type: <screen>\n"
9403
"<command>sudo apt-get upgrade</command>\n"
9404
"</screen>"
9405
msgstr ""
9406
9407
#: serverguide/C/package-management.xml:195(para)
9408
msgid ""
9409
"For information on upgrading to a new Ubuntu release see <xref "
9410
"linkend=\"installing-upgrading\"/>."
9411
msgstr ""
9412
9413
#: serverguide/C/package-management.xml:153(para)
9414
msgid ""
9415
"Some examples of popular uses for the <application>apt-get</application> "
9416
"utility: <placeholder-1/>"
9417
msgstr ""
9418
9419
#: serverguide/C/package-management.xml:201(para)
9420
msgid ""
9421
"Actions of the <application>apt-get</application> command, such as "
9422
"installation and removal of packages, are logged in the /var/log/dpkg.log "
9423
"log file."
9424
msgstr ""
9425
9426
#: serverguide/C/package-management.xml:204(para)
9427
msgid ""
9428
"For further information about the use of <application>APT</application>, "
9429
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
9430
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
9431
"help</screen>"
9432
msgstr ""
9433
9434
#: serverguide/C/package-management.xml:208(title)
9435
msgid "Aptitude"
9436
msgstr ""
9437
9438
#: serverguide/C/package-management.xml:209(para)
9439
msgid ""
9440
"<application>Aptitude</application> is a menu-driven, text-based front-end "
9441
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
9442
"the common package management functions, such as installation, removal, and "
9443
"upgrade, are performed in <application>Aptitude</application> with single-"
9444
"key commands, which are typically lowercase letters."
9445
msgstr ""
9446
9447
#: serverguide/C/package-management.xml:212(para)
9448
msgid ""
9449
"<application>Aptitude</application> is best suited for use in a non-"
9450
"graphical terminal environment to ensure proper functioning of the command "
9451
"keys. You may start <application>Aptitude</application> as a normal user "
9452
"with the following command at a terminal prompt: <screen>\n"
9453
"<command>sudo aptitude</command>\n"
9454
"</screen>"
9455
msgstr ""
9456
9457
#: serverguide/C/package-management.xml:219(para)
9458
msgid ""
9459
"When <application>Aptitude</application> starts, you will see a menu bar at "
9460
"the top of the screen and two panes below the menu bar. The top pane "
9461
"contains package categories, such as <emphasis role=\"italics\">New "
9462
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
9463
"Packages</emphasis>. The bottom pane contains information related to the "
9464
"packages and package categories."
9465
msgstr ""
9466
9467
#: serverguide/C/package-management.xml:222(para)
9468
msgid ""
9469
"Using <application>Aptitude</application> for package management is "
9470
"relatively straightforward, and the user interface makes common tasks simple "
9471
"to perform. The following are examples of common package management "
9472
"functions as performed in <application>Aptitude</application>:"
9473
msgstr ""
9474
9475
#: serverguide/C/package-management.xml:226(para)
9476
msgid ""
9477
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
9478
"locate the package via the Not Installed Packages package category, for "
9479
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
9480
"key, and highlight the package you wish to install. After highlighting the "
9481
"package you wish to install, press the <keycap>+</keycap> key, and the "
9482
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
9483
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
9484
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
9485
"again, and you will be prompted to become root to complete the installation. "
9486
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
9487
"your user password to become root. Finally, press <keycap>g</keycap> once "
9488
"more and you'll be prompted to download the package. Press "
9489
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
9490
"prompt, and downloading and installation of the package will commence."
9491
msgstr ""
9492
9493
#: serverguide/C/package-management.xml:230(para)
9494
msgid ""
9495
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
9496
"locate the package via the Installed Packages package category, for example, "
9497
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
9498
"highlight the package you wish to remove. After highlighting the package you "
9499
"wish to install, press the <keycap>-</keycap> key, and the package entry "
9500
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
9501
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
9502
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
9503
"prompted to become root to complete the installation. Press "
9504
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
9505
"user password to become root. Finally, press <keycap>g</keycap> once more, "
9506
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
9507
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
9508
"the package will commence."
9509
msgstr ""
9510
9511
#: serverguide/C/package-management.xml:234(para)
9512
msgid ""
9513
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
9514
"package index, simply press the <keycap>u</keycap> key and you will be "
9515
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
9516
"which will result in a Password: prompt. Enter your user password to become "
9517
"root. Updating of the package index will commence. Press "
9518
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
9519
"presented to complete the process."
9520
msgstr ""
9521
9522
#: serverguide/C/package-management.xml:238(para)
9523
msgid ""
9524
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
9525
"perform the update of the package index as detailed above, and then press "
9526
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
9527
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
9528
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
9529
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
9530
"result in a Password: prompt. Enter your user password to become root. "
9531
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
9532
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
9533
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
9534
"will commence."
9535
msgstr ""
9536
9537
#: serverguide/C/package-management.xml:245(para)
9538
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
9539
msgstr ""
9540
9541
#: serverguide/C/package-management.xml:250(para)
9542
msgid ""
9543
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
9544
"configuration remains on system"
9545
msgstr ""
9546
9547
#: serverguide/C/package-management.xml:254(para)
9548
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
9549
msgstr ""
9550
9551
#: serverguide/C/package-management.xml:258(para)
9552
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
9553
msgstr ""
9554
9555
#: serverguide/C/package-management.xml:262(para)
9556
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
9557
msgstr ""
9558
9559
#: serverguide/C/package-management.xml:266(para)
9560
msgid ""
9561
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
9562
"configured"
9563
msgstr ""
9564
9565
#: serverguide/C/package-management.xml:270(para)
9566
msgid ""
9567
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
9568
"and requires fix"
9569
msgstr ""
9570
9571
#: serverguide/C/package-management.xml:274(para)
9572
msgid ""
9573
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
9574
"requires fix"
9575
msgstr ""
9576
9577
#: serverguide/C/package-management.xml:242(para)
9578
msgid ""
9579
"The first column of information displayed in the package list in the top "
9580
"pane, when actually viewing packages lists the current state of the package, "
9581
"and uses the following key to describe the state of the package: "
9582
"<placeholder-1/>"
9583
msgstr ""
9584
9585
#: serverguide/C/package-management.xml:280(para)
9586
msgid ""
9587
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
9588
"wish to exit. Many other functions are available from the Aptitude menu by "
9589
"pressing the <keycap>F10</keycap> key."
9590
msgstr ""
9591
9592
#: serverguide/C/package-management.xml:285(title)
9593
msgid "Automatic Updates"
9594
msgstr ""
9595
9596
#: serverguide/C/package-management.xml:287(para)
9597
msgid ""
9598
"The <application>unattended-upgrades</application> package can be used to "
9599
"automatically install updated packages, and can be configured to update all "
9600
"packages or just install security updates. First, install the package by "
9601
"entering the following in a terminal:"
9602
msgstr ""
9603
9604
#: serverguide/C/package-management.xml:293(command)
9605
msgid "sudo apt-get install unattended-upgrades"
9606
msgstr ""
9607
9608
#: serverguide/C/package-management.xml:296(para)
9609
msgid ""
9610
"To configure <application>unattended-upgrades</application>, edit "
9611
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
9612
"the following to fit your needs:"
9613
msgstr ""
9614
9615
#: serverguide/C/package-management.xml:301(programlisting)
9616
#, no-wrap
9617
msgid ""
9618
"\n"
9619
"Unattended-Upgrade::Allowed-Origins {\n"
9620
" \"Ubuntu karmic-security\";\n"
9621
"// \"Ubuntu karmic-updates\";\n"
9622
"};\n"
9623
msgstr ""
9624
9625
#: serverguide/C/package-management.xml:308(para)
9626
msgid ""
9627
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
9628
"will not be automatically updated. To blacklist a package, add it to the "
9629
"list:"
9630
msgstr ""
9631
9632
#: serverguide/C/package-management.xml:313(programlisting)
9633
#, no-wrap
9634
msgid ""
9635
"\n"
9636
"Unattended-Upgrade::Package-Blacklist {\n"
9637
"// \"vim\";\n"
9638
"// \"libc6\";\n"
9639
"// \"libc6-dev\";\n"
9640
"// \"libc6-i686\";\n"
9641
"};\n"
9642
msgstr ""
9643
9644
#: serverguide/C/package-management.xml:323(para)
9645
msgid ""
9646
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
9647
"whatever follows \"//\" will not be evaluated."
9648
msgstr ""
9649
9650
#: serverguide/C/package-management.xml:328(para)
9651
msgid ""
9652
"The results of <application>unattended-upgrades</application> will be logged "
9653
"to <filename>/var/log/unattended-upgrades</filename>."
9654
msgstr ""
9655
9656
#: serverguide/C/package-management.xml:333(title)
9657
msgid "Notifications"
9658
msgstr ""
9659
9660
#: serverguide/C/package-management.xml:335(para)
9661
msgid ""
9662
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
9663
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
9664
"<application>unattended-upgrades</application> to email an administrator "
9665
"detailing any packages that need upgrading or have problems."
9666
msgstr ""
9667
9668
#: serverguide/C/package-management.xml:340(para)
9669
msgid ""
9670
"Another useful package is <application>apticron</application>. "
9671
"<application>apticron</application> will configure a "
9672
"<application>cron</application> job to email an administrator information "
9673
"about any packages on the system that need updated as well as a summary of "
9674
"changes in each package."
9675
msgstr ""
9676
9677
#: serverguide/C/package-management.xml:346(para)
9678
msgid ""
9679
"To install the <application>apticron</application> package, in a terminal "
9680
"enter:"
9681
msgstr ""
9682
9683
#: serverguide/C/package-management.xml:351(command)
9684
msgid "sudo apt-get install apticron"
9685
msgstr ""
9686
9687
#: serverguide/C/package-management.xml:354(para)
9688
msgid ""
9689
"Once the package is installed edit "
9690
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
9691
"and other options:"
9692
msgstr ""
9693
9694
#: serverguide/C/package-management.xml:358(programlisting)
9695
#, no-wrap
9696
msgid ""
9697
"\n"
9698
"EMAIL=\"root@example.com\"\n"
9699
msgstr ""
9700
9701
#: serverguide/C/package-management.xml:367(para)
9702
msgid ""
9703
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
9704
"system repositories is stored in the /etc/apt/sources.list configuration "
9705
"file. An example of this file is referenced here, along with information on "
9706
"adding or removing repository references from the file."
9707
msgstr ""
9708
9709
#: serverguide/C/package-management.xml:373(para)
9710
msgid ""
9711
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
9712
"typical <filename>/etc/apt/sources.list</filename> file."
9713
msgstr ""
9714
9715
#: serverguide/C/package-management.xml:377(para)
9716
msgid ""
9717
"You may edit the file to enable repositories or disable them. For example, "
9718
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
9719
"operations occur, simply comment out the appropriate line for the CD-ROM, "
9720
"which appears at the top of the file:"
9721
msgstr ""
9722
9723
#: serverguide/C/package-management.xml:382(screen)
9724
#, no-wrap
9725
msgid ""
9726
"\n"
9727
"# no more prompting for CD-ROM please\n"
9728
"# deb cdrom:[Ubuntu 9.10_Karmic_Koala - Release i386 (20070419.1)]/ karmic "
9729
"main restricted\n"
9730
msgstr ""
9731
9732
#: serverguide/C/package-management.xml:388(title)
9733
msgid "Extra Repositories"
9734
msgstr ""
9735
9736
#: serverguide/C/package-management.xml:389(para)
9737
msgid ""
9738
"In addition to the officially supported package repositories available for "
9739
"Ubuntu, there exist additional community-maintained repositories which add "
9740
"thousands more potential packages for installation. Two of the most popular "
9741
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
9742
"repositories. These repositories are not officially supported by Ubuntu, but "
9743
"because they are maintained by the community they generally provide packages "
9744
"which are safe for use with your Ubuntu computer."
9745
msgstr ""
9746
9747
#: serverguide/C/package-management.xml:392(para)
9748
msgid ""
9749
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
9750
"licensing issues that prevent them from being distributed with a free "
9751
"operating system, and they may be illegal in your locality."
9752
msgstr ""
9753
9754
#: serverguide/C/package-management.xml:394(para)
9755
msgid ""
9756
"Be advised that neither the <emphasis>Universe</emphasis> or "
9757
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
9758
"packages. In particular, there may not be security updates for these "
9759
"packages."
9760
msgstr ""
9761
9762
#: serverguide/C/package-management.xml:398(para)
9763
msgid ""
9764
"Many other package sources are available, sometimes even offering only one "
9765
"package, as in the case of package sources provided by the developer of a "
9766
"single application. You should always be very careful and cautious when "
9767
"using non-standard package sources, however. Research the source and "
9768
"packages carefully before performing any installation, as some package "
9769
"sources and their packages could render your system unstable or non-"
9770
"functional in some respects."
9771
msgstr ""
9772
9773
#: serverguide/C/package-management.xml:401(para)
9774
msgid ""
9775
"By default, the <emphasis>Universe</emphasis> and "
9776
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
9777
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
9778
"comment the following lines:"
9779
msgstr ""
9780
9781
#: serverguide/C/package-management.xml:408(programlisting)
9782
#, no-wrap
9783
msgid ""
9784
"\n"
9785
"deb http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9786
"deb-src http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9787
"\n"
9788
"deb http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9789
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9790
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9791
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9792
"\n"
9793
"deb http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9794
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9795
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9796
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9797
"\n"
9798
"deb http://security.ubuntu.com/ubuntu karmic-security universe\n"
9799
"deb-src http://security.ubuntu.com/ubuntu karmic-security universe\n"
9800
"deb http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
9801
"deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
9802
msgstr ""
9803
9804
#: serverguide/C/package-management.xml:434(para)
9805
msgid ""
9806
"Most of the material covered in this chapter is available in "
9807
"<application>man</application> pages, many of which are available online."
9808
msgstr ""
9809
9810
#: serverguide/C/package-management.xml:441(para)
9811
msgid ""
9812
"For more <application>dpkg</application> details see the <ulink "
9813
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/dpkg.1.html\">dpkg "
9814
"man page</ulink>."
9815
msgstr ""
9816
9817
#: serverguide/C/package-management.xml:447(para)
9818
msgid ""
9819
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
9820
"HOWTO</ulink> and <ulink "
9821
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/apt-"
9822
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
9823
"<application>apt-get</application> usage."
9824
msgstr ""
9825
9826
#: serverguide/C/package-management.xml:454(para)
9827
msgid ""
9828
"See the <ulink "
9829
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man8/aptitude.8.html\">aptit"
9830
"ude man page</ulink> for more <application>aptitude</application> options."
9831
msgstr ""
9832
9833
#: serverguide/C/package-management.xml:460(para)
9834
msgid ""
9835
"The <ulink "
9836
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
9837
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
9838
"adding repositories."
9839
msgstr ""
9840
9841
#: serverguide/C/other-apps.xml:13(title)
9842
msgid "Other Useful Applications"
9843
msgstr ""
9844
9845
#: serverguide/C/other-apps.xml:15(para)
9846
msgid ""
9847
"There are many very useful applications developed by the Ubuntu Server Team, "
9848
"and others that are well integrated with Ubuntu Server Edition, that might "
9849
"not be well known. This chapter will showcase some useful applications that "
9850
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
9851
"easier."
9852
msgstr ""
9853
9854
#: serverguide/C/other-apps.xml:23(title)
9855
msgid "Update MOTD"
9856
msgstr ""
9857
9858
#: serverguide/C/other-apps.xml:25(para)
9859
msgid ""
9860
"When logging into an Ubuntu server you may have noticed the informative "
9861
"Message Of The Day (MOTD). This information is obtained and displayed using "
9862
"a couple of packages:"
9863
msgstr ""
9864
9865
#: serverguide/C/other-apps.xml:32(para)
9866
msgid ""
9867
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
9868
"<application>landscape-client</application>, which can be used to manage "
9869
"systems using the web based <emphasis>Landscape</emphasis> application. The "
9870
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
9871
"utility which is used to gather the information displayed in the MOTD."
9872
msgstr ""
9873
9874
#: serverguide/C/other-apps.xml:40(para)
9875
msgid ""
9876
"<emphasis>update-motd:</emphasis> is used to automatically update the MOTD "
9877
"via <application>cron</application>."
9878
msgstr ""
9879
9880
#: serverguide/C/other-apps.xml:46(para)
9881
msgid ""
9882
"The <application>update-motd</application> utility has several options to "
9883
"further customize the MOTD:"
9884
msgstr ""
9885
9886
#: serverguide/C/other-apps.xml:52(para)
9887
msgid ""
9888
"<emphasis>--disable:</emphasis> prevents automatic updates of the MOTD. "
9889
"Using this option creates the <filename>/var/lib/update-"
9890
"motd/disabled</filename> file, which if present stops <application>update-"
9891
"motd</application> from modifying <filename>/etc/motd</filename>."
9892
msgstr ""
9893
9894
#: serverguide/C/other-apps.xml:59(para)
9895
msgid ""
9896
"<emphasis>--enable:</emphasis> enables the automatic MOTD updates. If "
9897
"<filename>/var/lib/update-motd</filename> is present it will be removed."
9898
msgstr ""
9899
9900
#: serverguide/C/other-apps.xml:65(para)
9901
msgid ""
9902
"<emphasis>--force:</emphasis> does a one time update of "
9903
"<filename>/etc/motd</filename>, overriding <application>update-"
9904
"motd</application> if it has been disabled."
9905
msgstr ""
9906
9907
#: serverguide/C/other-apps.xml:71(para)
9908
msgid ""
9909
"<emphasis>d, hourly, weekly, monthly:</emphasis> option will run the scripts "
9910
"in <filename>/etc/update-motd.d/</filename> (default), <filename>/etc/update-"
9911
"motd.d/hourly</filename>, <filename>/etc/update-motd.d/weekly</filename>, or "
9912
"<filename>/etc/update-motd.d/monthly</filename> respectively."
9913
msgstr ""
9914
9915
#: serverguide/C/other-apps.xml:79(para)
9916
msgid ""
9917
"<application>update-motd</application> executes the scripts in "
9918
"<filename>/etc/update-motd.d</filename> in order based on the number "
9919
"prepended to the script. Separate <application>cron</application> scripts "
9920
"execute every ten minutes, hourly, weekly, and monthly running the "
9921
"corresponding scripts in <filename>/etc/update-motd.d</filename>. The output "
9922
"of the scripts is written to <filename>/var/run/update-motd/</filename>, "
9923
"keeping the numerical order, then concatenated with "
9924
"<filename>/etc/motd.tail</filename> and written to "
9925
"<filename>/etc/motd</filename>."
9926
msgstr ""
9927
9928
#: serverguide/C/other-apps.xml:87(para)
9929
msgid ""
9930
"You can add your own dynamic information to the MOTD. For example, to add "
9931
"local weather information:"
9932
msgstr ""
9933
9934
#: serverguide/C/other-apps.xml:93(para)
9935
msgid "First, install the <application>weather-util</application> package:"
9936
msgstr ""
9937
9938
#: serverguide/C/other-apps.xml:98(command)
9939
msgid "sudo apt-get install weather-util"
9940
msgstr ""
9941
9942
#: serverguide/C/other-apps.xml:103(para)
9943
msgid ""
9944
"The <application>weather</application> utility uses METAR data from the "
9945
"National Oceanic and Atmospheric Administration and forecasts from the "
9946
"National Weather Service. In order to find local information you will need "
9947
"the 4-character ICAO location indicator. This can be determined by browsing "
9948
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
9949
"Weather Service</ulink> site."
9950
msgstr ""
9951
9952
#: serverguide/C/other-apps.xml:110(para)
9953
msgid ""
9954
"Although the National Weather Service is a United States government agency "
9955
"there are weather stations available world wide. However, local weather "
9956
"information for all locations outside the U.S. may not be available."
9957
msgstr ""
9958
9959
#: serverguide/C/other-apps.xml:116(para)
9960
msgid ""
9961
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
9962
"script to use <application>weather</application> with your local ICAO "
9963
"indicator:"
9964
msgstr ""
9965
9966
#: serverguide/C/other-apps.xml:121(programlisting)
9967
#, no-wrap
9968
msgid ""
9969
"\n"
9970
"#!/bin/sh\n"
9971
"##########################################################################\n"
9972
"#\n"
9973
"# Prints the local weather to /var/run/update-motd/60-local-weather \n"
9974
"# for update-motd.\n"
9975
"#\n"
9976
"##########################################################################\n"
9977
"\n"
9978
"# Replace KINT with your local weather station.\n"
9979
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
9980
"\n"
9981
"echo \"\" > /var/run/update-motd/60-local-weather\n"
9982
"weather -i KINT >> /var/run/update-motd/60-local-weather\n"
9983
"\n"
9984
msgstr ""
9985
9986
#: serverguide/C/other-apps.xml:139(para)
9987
msgid "Make the script executable:"
9988
msgstr ""
9989
9990
#: serverguide/C/other-apps.xml:144(command)
9991
msgid "sudo chmod 755 /usr/local/bin/local-weather"
9992
msgstr ""
9993
9994
#: serverguide/C/other-apps.xml:148(para)
9995
msgid ""
9996
"Next, create a symlink to <filename>/etc/update-motd.d/60-local-"
9997
"weather</filename>:"
9998
msgstr ""
9999
10000
#: serverguide/C/other-apps.xml:153(command)
10001
msgid ""
10002
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
10003
msgstr ""
10004
10005
#: serverguide/C/other-apps.xml:157(para)
10006
msgid "Finally, update the MOTD:"
10007
msgstr ""
10008
10009
#: serverguide/C/other-apps.xml:162(command)
10010
msgid "sudo update-motd"
10011
msgstr ""
10012
10013
#: serverguide/C/other-apps.xml:167(para)
10014
msgid ""
10015
"You should now be greeted with some useful information, and some information "
10016
"about the local weather that may not be quite so useful. Hopefully the "
10017
"<application>local-weather</application> example demonstrates the "
10018
"flexibility of <application>update-motd</application>."
10019
msgstr ""
10020
10021
#: serverguide/C/other-apps.xml:175(title)
10022
msgid "etckeeper"
10023
msgstr ""
10024
10025
#: serverguide/C/other-apps.xml:177(para)
10026
msgid ""
10027
"<application>etckeeper</application> allows the contents of <filename "
10028
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10029
"System (VCS) repository. It hooks into <application>apt</application> to "
10030
"automatically commit changes to <filename>/etc</filename> when packages are "
10031
"installed or upgraded. Placing <filename>/etc</filename> under version "
10032
"control is considered an industry best practice, and the goal of "
10033
"<application>etckeeper</application> is to make this process as painless as "
10034
"possible."
10035
msgstr ""
10036
10037
#: serverguide/C/other-apps.xml:185(para)
10038
msgid ""
10039
"Install <application>etckeeper</application> by entering the following in a "
10040
"terminal:"
10041
msgstr ""
10042
10043
#: serverguide/C/other-apps.xml:190(command)
10044
msgid "sudo apt-get install etckeeper"
10045
msgstr ""
10046
10047
#: serverguide/C/other-apps.xml:193(para)
10048
msgid ""
10049
"The main configuration file, "
10050
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
10051
"main option is which VCS to use. By default "
10052
"<application>etckeeper</application> is configured to use "
10053
"<application>bzr</application> for version control. The repository is "
10054
"automatically initialized (and committed for the first time) during package "
10055
"installation. It is possible to undo this by entering the following command:"
10056
msgstr ""
10057
10058
#: serverguide/C/other-apps.xml:203(command)
10059
msgid "sudo etckeeper uninit"
10060
msgstr ""
10061
10062
#: serverguide/C/other-apps.xml:206(para)
10063
msgid ""
10064
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
10065
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
10066
"It will also automatically commit changes before and after package "
10067
"installation. For a more precise tracking of changes, it is recommended to "
10068
"commit your changes manually, together with a commit message, using:"
10069
msgstr ""
10070
10071
#: serverguide/C/other-apps.xml:215(command)
10072
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
10073
msgstr ""
10074
10075
#: serverguide/C/other-apps.xml:218(para)
10076
msgid ""
10077
"Using the VCS commands you can view log information about files in "
10078
"<filename>/etc</filename>:"
10079
msgstr ""
10080
10081
#: serverguide/C/other-apps.xml:223(command)
10082
msgid "sudo bzr log /etc/passwd"
10083
msgstr ""
10084
10085
#: serverguide/C/other-apps.xml:226(para)
10086
msgid ""
10087
"To demonstrate the integration with the package management system, install "
10088
"<application>postfix</application>:"
10089
msgstr ""
10090
10091
#: serverguide/C/other-apps.xml:231(command) serverguide/C/mail.xml:45(command)
10092
msgid "sudo apt-get install postfix"
10093
msgstr ""
10094
10095
#: serverguide/C/other-apps.xml:234(para)
10096
msgid ""
10097
"When the installation is finished, all the "
10098
"<application>postfix</application> configuration files should be committed "
10099
"to the repository:"
10100
msgstr ""
10101
10102
#: serverguide/C/other-apps.xml:240(computeroutput)
10103
#, no-wrap
10104
msgid ""
10105
"Committing to: /etc/\n"
10106
"added aliases.db\n"
10107
"modified group\n"
10108
"modified group-\n"
10109
"modified gshadow\n"
10110
"modified gshadow-\n"
10111
"modified passwd\n"
10112
"modified passwd-\n"
10113
"added postfix\n"
10114
"added resolvconf\n"
10115
"added rsyslog.d\n"
10116
"modified shadow\n"
10117
"modified shadow-\n"
10118
"added init.d/postfix\n"
10119
"added network/if-down.d/postfix\n"
10120
"added network/if-up.d/postfix\n"
10121
"added postfix/dynamicmaps.cf\n"
10122
"added postfix/main.cf\n"
10123
"added postfix/master.cf\n"
10124
"added postfix/post-install\n"
10125
"added postfix/postfix-files\n"
10126
"added postfix/postfix-script\n"
10127
"added postfix/sasl\n"
10128
"added ppp/ip-down.d\n"
10129
"added ppp/ip-down.d/postfix\n"
10130
"added ppp/ip-up.d/postfix\n"
10131
"added rc0.d/K20postfix\n"
10132
"added rc1.d/K20postfix\n"
10133
"added rc2.d/S20postfix\n"
10134
"added rc3.d/S20postfix\n"
10135
"added rc4.d/S20postfix\n"
10136
"added rc5.d/S20postfix\n"
10137
"added rc6.d/K20postfix\n"
10138
"added resolvconf/update-libc.d\n"
10139
"added resolvconf/update-libc.d/postfix\n"
10140
"added rsyslog.d/postfix.conf\n"
10141
"added ufw/applications.d/postfix\n"
10142
"Committed revision 2."
10143
msgstr ""
10144
10145
#: serverguide/C/other-apps.xml:280(para)
10146
msgid ""
10147
"For an example of how <application>etckeeper</application> tracks manual "
10148
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10149
"<application>bzr</application> you can see which files have been modified:"
10150
msgstr ""
10151
10152
#: serverguide/C/other-apps.xml:286(command)
10153
msgid "sudo bzr status /etc/"
10154
msgstr ""
10155
10156
#: serverguide/C/other-apps.xml:287(computeroutput)
10157
#, no-wrap
10158
msgid ""
10159
"modified:\n"
10160
" hosts"
10161
msgstr ""
10162
10163
#: serverguide/C/other-apps.xml:291(para)
10164
msgid "Now commit the changes:"
10165
msgstr ""
10166
10167
#: serverguide/C/other-apps.xml:296(command)
10168
msgid "sudo etckeeper commit \"new host\""
10169
msgstr ""
10170
10171
#: serverguide/C/other-apps.xml:299(para)
10172
msgid ""
10173
"For more information on <application>bzr</application> see <xref "
10174
"linkend=\"bazaar\"/>."
10175
msgstr ""
10176
10177
#: serverguide/C/other-apps.xml:305(title)
10178
msgid "Screen Profiles"
10179
msgstr ""
10180
10181
#: serverguide/C/other-apps.xml:307(para)
10182
msgid ""
10183
"One of the most useful applications for any system administrator is "
10184
"<application>screen</application>. It allows the execution of multiple "
10185
"shells in one terminal. To make some of the advanced "
10186
"<application>screen</application> features more user friendly, and provide "
10187
"some useful information about the system, the <application>screen-"
10188
"profiles</application> package was created."
10189
msgstr ""
10190
10191
#: serverguide/C/other-apps.xml:314(para)
10192
msgid ""
10193
"When executing <application>screen</application> for the first time you will "
10194
"be presented with the <application>screen-profiles-helper</application> "
10195
"menu. This menu will allow you to:"
10196
msgstr ""
10197
10198
#: serverguide/C/other-apps.xml:320(para)
10199
msgid "View the Help menu"
10200
msgstr ""
10201
10202
#: serverguide/C/other-apps.xml:321(para)
10203
msgid "Change the key binding set"
10204
msgstr ""
10205
10206
#: serverguide/C/other-apps.xml:322(para)
10207
msgid "Change screen profiles"
10208
msgstr ""
10209
10210
#: serverguide/C/other-apps.xml:323(para)
10211
msgid "Change the escape sequence"
10212
msgstr ""
10213
10214
#: serverguide/C/other-apps.xml:324(para)
10215
msgid "Create new screen windows"
10216
msgstr ""
10217
10218
#: serverguide/C/other-apps.xml:325(para)
10219
msgid "Manage the default windows"
10220
msgstr ""
10221
10222
#: serverguide/C/other-apps.xml:326(para)
10223
msgid "Install screen by default at login"
10224
msgstr ""
10225
10226
#: serverguide/C/other-apps.xml:329(para)
10227
msgid ""
10228
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10229
"sequence, new window, change window, etc. There are two key binding sets to "
10230
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10231
"you wish to use the original key bindings choose the "
10232
"<emphasis>none</emphasis> set."
10233
msgstr ""
10234
10235
#: serverguide/C/other-apps.xml:335(para)
10236
msgid ""
10237
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10238
"displays the Ubuntu release, processor information, memory information, and "
10239
"the time and date. The effect is similar to a desktop menu. When a profile "
10240
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10241
"<application>select-screen-profile</application> utility can also be used to "
10242
"change profiles, in a terminal enter:"
10243
msgstr ""
10244
10245
#: serverguide/C/other-apps.xml:343(command)
10246
msgid "select-screen-profile -s ubuntu-light"
10247
msgstr ""
10248
10249
#: serverguide/C/other-apps.xml:346(para)
10250
msgid ""
10251
"The <emphasis>plain</emphasis> profile will change "
10252
"<application>screen</application> back to the defaults, which does not "
10253
"include the information menu at the bottom."
10254
msgstr ""
10255
10256
#: serverguide/C/other-apps.xml:351(para)
10257
msgid ""
10258
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10259
"will cause screen to be executed any time a terminal is opened. Changes made "
10260
"to <application>screen</application> are on a per user basis, and will not "
10261
"affect other users on the system."
10262
msgstr ""
10263
10264
#: serverguide/C/other-apps.xml:356(para)
10265
msgid ""
10266
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10267
"mode. If you are using one of the Ubuntu profiles press the "
10268
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10269
"scrollback mode. Scrollback mode allows you to navigate past output using "
10270
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
10271
"commands:"
10272
msgstr ""
10273
10274
#: serverguide/C/other-apps.xml:363(para)
10275
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
10276
msgstr ""
10277
10278
#: serverguide/C/other-apps.xml:364(para)
10279
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
10280
msgstr ""
10281
10282
#: serverguide/C/other-apps.xml:365(para)
10283
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
10284
msgstr ""
10285
10286
#: serverguide/C/other-apps.xml:366(para)
10287
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
10288
msgstr ""
10289
10290
#: serverguide/C/other-apps.xml:367(para)
10291
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
10292
msgstr ""
10293
10294
#: serverguide/C/other-apps.xml:368(para)
10295
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
10296
msgstr ""
10297
10298
#: serverguide/C/other-apps.xml:369(para)
10299
msgid ""
10300
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10301
"the buffer)"
10302
msgstr ""
10303
10304
#: serverguide/C/other-apps.xml:370(para)
10305
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
10306
msgstr ""
10307
10308
#: serverguide/C/other-apps.xml:371(para)
10309
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
10310
msgstr ""
10311
10312
#: serverguide/C/other-apps.xml:372(para)
10313
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
10314
msgstr ""
10315
10316
#: serverguide/C/other-apps.xml:373(para)
10317
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
10318
msgstr ""
10319
10320
#: serverguide/C/other-apps.xml:374(para)
10321
msgid "<emphasis>/</emphasis> - Search forward"
10322
msgstr ""
10323
10324
#: serverguide/C/other-apps.xml:375(para)
10325
msgid "<emphasis>?</emphasis> - Search backward"
10326
msgstr ""
10327
10328
#: serverguide/C/other-apps.xml:376(para)
10329
msgid ""
10330
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10331
msgstr ""
10332
10333
#: serverguide/C/other-apps.xml:385(para)
10334
msgid ""
10335
"See the <ulink "
10336
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10337
"motd.1.html\">update-motd man page</ulink> for more options available to "
10338
"<application>update-motd</application>."
10339
msgstr ""
10340
10341
#: serverguide/C/other-apps.xml:391(para)
10342
msgid ""
10343
"The Debian Package of the Day <ulink "
10344
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10345
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
10346
"details about using the <application>weather</application>utility."
10347
msgstr ""
10348
10349
#: serverguide/C/other-apps.xml:398(para)
10350
msgid ""
10351
"See the <ulink "
10352
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
10353
"more details on using <application>etckeeper</application>."
10354
msgstr ""
10355
10356
#: serverguide/C/other-apps.xml:404(para)
10357
msgid ""
10358
"For the latest news and information about <application>bzr</application> see "
10359
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
10360
msgstr ""
10361
10362
#: serverguide/C/other-apps.xml:409(para)
10363
msgid ""
10364
"For more information on <application>screen</application> see the <ulink "
10365
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
10366
msgstr ""
10367
10368
#: serverguide/C/other-apps.xml:414(para)
10369
msgid ""
10370
"Also, see the <application>screen-profiles</application><ulink "
10371
"url=\"https://launchpad.net/screen-profiles\">project page</ulink> for more "
10372
"information."
10373
msgstr ""
10374
10375
#: serverguide/C/network-config.xml:13(title)
10376
msgid "Networking"
10377
msgstr ""
10378
10379
#: serverguide/C/network-config.xml:14(para)
10380
msgid ""
10381
"Networks consist of two or more devices, such as computer systems, printers, "
10382
"and related equipment which are connected by either physical cabling or "
10383
"wireless links for the purpose of sharing and distributing information among "
10384
"the connected devices."
10385
msgstr ""
10386
10387
#: serverguide/C/network-config.xml:20(para)
10388
msgid ""
10389
"This section provides general and specific information pertaining to "
10390
"networking, including an overview of network concepts and detailed "
10391
"discussion of popular network protocols."
10392
msgstr ""
10393
10394
#: serverguide/C/network-config.xml:26(title)
10395
msgid "Network Configuration"
10396
msgstr ""
10397
10398
#: serverguide/C/network-config.xml:27(para)
10399
msgid ""
10400
"Ubuntu ships with a number of graphical utilities to configure your network "
10401
"devices. This document is geared toward server administrators and will focus "
10402
"on managing your network on the command line."
10403
msgstr ""
10404
10405
#: serverguide/C/network-config.xml:33(title)
10406
msgid "Ethernet"
10407
msgstr ""
10408
10409
#: serverguide/C/network-config.xml:34(para)
10410
msgid ""
10411
"Most Ethernet configuration is centralized in a single file, "
10412
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10413
"devices, only the loopback interface will appear in this file, and it will "
10414
"look something like this:"
10415
msgstr ""
10416
10417
#: serverguide/C/network-config.xml:40(programlisting)
10418
#, no-wrap
10419
msgid ""
10420
"\n"
10421
"# This file describes the network interfaces available on your system\n"
10422
"# and how to activate them. For more information, see interfaces(5).\n"
10423
"\n"
10424
"# The loopback network interface\n"
10425
"auto lo\n"
10426
"iface lo inet loopback\n"
10427
"address 127.0.0.1\n"
10428
"netmask 255.0.0.0\n"
10429
msgstr ""
10430
10431
#: serverguide/C/network-config.xml:50(para)
10432
msgid ""
10433
"If you have only one Ethernet device, eth0, and it gets its configuration "
10434
"from a DHCP server, and it should come up automatically at boot, only two "
10435
"additional lines are required:"
10436
msgstr ""
10437
10438
#: serverguide/C/network-config.xml:55(programlisting)
10439
#, no-wrap
10440
msgid ""
10441
"\n"
10442
"auto eth0\n"
10443
"iface eth0 inet dhcp\n"
10444
msgstr ""
10445
10446
#: serverguide/C/network-config.xml:59(para)
10447
msgid ""
10448
"The first line specifies that the eth0 device should come up automatically "
10449
"when you boot. The second line means that interface (<quote>iface</quote>) "
10450
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10451
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10452
"configuration automatically from DHCP. Assuming your network and DHCP server "
10453
"are properly configured, this machine's network should need no further "
10454
"configuration to operate properly. The DHCP server will provide the default "
10455
"gateway (implemented via the <application>route</application> command), the "
10456
"device's IP address (implemented via the <application>ifconfig</application> "
10457
"command), and DNS servers used on the network (implemented in the "
10458
"<filename>/etc/resolv.conf</filename> file.)"
10459
msgstr ""
10460
10461
#: serverguide/C/network-config.xml:72(para)
10462
msgid ""
10463
"To configure your Ethernet device with a static IP address and custom "
10464
"configuration, some more information will be required. Suppose you want to "
10465
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10466
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10467
"You would enter something like this into "
10468
"<filename>/etc/network/interfaces</filename>:"
10469
msgstr ""
10470
10471
#: serverguide/C/network-config.xml:79(programlisting)
10472
#, no-wrap
10473
msgid ""
10474
"\n"
10475
"iface eth1 inet static\n"
10476
"\taddress 192.168.0.2\n"
10477
"\tnetmask 255.255.255.0\n"
10478
"\tgateway 192.168.0.1\n"
10479
msgstr ""
10480
10481
#: serverguide/C/network-config.xml:85(para)
10482
msgid ""
10483
"In this case, you will need to specify your DNS servers manually in "
10484
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10485
msgstr ""
10486
10487
#: serverguide/C/network-config.xml:89(programlisting)
10488
#, no-wrap
10489
msgid ""
10490
"\n"
10491
"search mydomain.example\n"
10492
"nameserver 192.168.0.1\n"
10493
"nameserver 4.2.2.2\n"
10494
msgstr ""
10495
10496
#: serverguide/C/network-config.xml:94(para)
10497
msgid ""
10498
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10499
"mydomain.example to hostname queries in an attempt to resolve names to your "
10500
"network. For example, if your network's domain is mydomain.example and you "
10501
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10502
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10503
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10504
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10505
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10506
"and secondary DNS servers to use, and enter them into "
10507
"<filename>/etc/resolv.conf</filename> as shown above."
10508
msgstr ""
10509
10510
#: serverguide/C/network-config.xml:106(para)
10511
msgid ""
10512
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10513
"networking, VPN devices, etc. Refer to <application>man 5 "
10514
"interfaces</application> for more information and supported options. "
10515
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10516
"<application>ifup</application>/<application>ifdown</application> scripts as "
10517
"a higher level configuration scheme than may be used in some other Linux "
10518
"distributions, and that the traditional, lower level utilities such as "
10519
"<application>ifconfig</application>, <application>route</application>, and "
10520
"<application>dhclient</application> are still available to you for ad hoc "
10521
"configurations."
10522
msgstr ""
10523
10524
#: serverguide/C/network-config.xml:120(title)
10525
msgid "Managing DNS Entries"
10526
msgstr ""
10527
10528
#: serverguide/C/network-config.xml:121(para)
10529
msgid ""
10530
"This section explains how to configure which nameserver to use when "
10531
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10532
"to configure the system as a name server."
10533
msgstr ""
10534
10535
#: serverguide/C/network-config.xml:126(para)
10536
msgid ""
10537
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10538
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10539
msgstr ""
10540
10541
#: serverguide/C/network-config.xml:130(programlisting)
10542
#, no-wrap
10543
msgid ""
10544
"\n"
10545
"search com\n"
10546
"nameserver 204.11.126.131\n"
10547
"nameserver 64.125.134.133\n"
10548
"nameserver 64.125.134.132\n"
10549
"nameserver 208.185.179.218\n"
10550
msgstr ""
10551
10552
#: serverguide/C/network-config.xml:138(para)
10553
msgid ""
10554
"The <application>search</application> key specifies the string which will be "
10555
"appended to an incomplete hostname. Here, we have configured it to "
10556
"<application>com</application>. So, when we run: <command>ping "
10557
"ubuntu</command> it would be interpreted as <command>ping "
10558
"ubuntu.com</command>."
10559
msgstr ""
10560
10561
#: serverguide/C/network-config.xml:146(para)
10562
msgid ""
10563
"The <application>nameserver</application> key specifies the nameserver IP "
10564
"address. It will be used to resolve a given IP address or hostname. This "
10565
"file can have multiple nameserver entries. The nameservers will be used by "
10566
"the network query in the same order."
10567
msgstr ""
10568
10569
#: serverguide/C/network-config.xml:155(para)
10570
msgid ""
10571
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10572
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10573
"will be overwritten."
10574
msgstr ""
10575
10576
#: serverguide/C/network-config.xml:164(title)
10577
msgid "Managing Hosts"
10578
msgstr ""
10579
10580
#: serverguide/C/network-config.xml:165(para)
10581
msgid ""
10582
"To manage hosts, you can add, edit, or remove hosts from "
10583
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10584
"their corresponding hostnames. When your system tries to resolve a hostname "
10585
"to an IP address or determine the hostname for an IP address, it refers to "
10586
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10587
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10588
"name servers are not used. This behavior can be modified by editing "
10589
"<filename>/etc/nsswitch.conf</filename> at your peril."
10590
msgstr ""
10591
10592
#: serverguide/C/network-config.xml:178(para)
10593
msgid ""
10594
"If your network contains computers whose IP addresses are not listed in DNS, "
10595
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10596
"file."
10597
msgstr ""
10598
10599
#: serverguide/C/network-config.xml:186(title)
10600
msgid "Bridging"
10601
msgstr ""
10602
10603
#: serverguide/C/network-config.xml:188(para)
10604
msgid ""
10605
"Bridging multiple interfaces is a more advanced configuration, but is very "
10606
"useful in multiple scenarios. One scenario is setting up a bridge with "
10607
"multiple network interfaces, then using a firewall to filter traffic between "
10608
"two network segments. Another scenario is using bridge on a system with one "
10609
"interface to allow virtual machines direct access to the outside network. "
10610
"The following example covers the latter scenario."
10611
msgstr ""
10612
10613
#: serverguide/C/network-config.xml:195(para)
10614
msgid ""
10615
"Before configuring a bridge you will need to install the <application>bridge-"
10616
"utils</application> package. To install the package, in a terminal enter:"
10617
msgstr ""
10618
10619
#: serverguide/C/network-config.xml:201(command)
10620
msgid "sudo apt-get install bridge-utils"
10621
msgstr ""
10622
10623
#: serverguide/C/network-config.xml:204(para)
10624
msgid ""
10625
"Next, configure the bridge by editing "
10626
"<filename>/etc/network/interfaces</filename>:"
10627
msgstr ""
10628
10629
#: serverguide/C/network-config.xml:208(programlisting)
10630
#, no-wrap
10631
msgid ""
10632
"\n"
10633
"auto lo\n"
10634
"iface lo inet loopback\n"
10635
"\n"
10636
"auto br0\n"
10637
"iface br0 inet static\n"
10638
" address 192.168.0.10\n"
10639
" network 192.168.0.0\n"
10640
" netmask 255.255.255.0\n"
10641
" broadcast 192.168.0.255\n"
10642
" gateway 192.168.0.1\n"
10643
" bridge_ports eth0\n"
10644
" bridge_fd 9\n"
10645
" bridge_hello 2\n"
10646
" bridge_maxage 12\n"
10647
" bridge_stp off\n"
10648
msgstr ""
10649
10650
#: serverguide/C/network-config.xml:227(para)
10651
msgid "Enter the appropriate values for your physical interface and network."
10652
msgstr ""
10653
10654
#: serverguide/C/network-config.xml:232(para)
10655
msgid "Now restart networking to enable the bridge interface:"
10656
msgstr ""
10657
10658
#: serverguide/C/network-config.xml:239(para)
10659
msgid ""
10660
"The new bridge interface should now be up and running. The "
10661
"<application>brctl</application> provides useful information about the state "
10662
"of the bridge, controls which interfaces are part of the bridge, etc. See "
10663
"<command>man brctl</command> for more information."
10664
msgstr ""
10665
10666
#: serverguide/C/network-config.xml:255(para)
10667
msgid ""
10668
"The <ulink "
10669
"url=\"http://manpages.ubuntu.com/manpages/karmic/en/man5/interfaces.5.html\">"
10670
"interfaces man page</ulink> has details on more options for "
10671
"<filename>/etc/network/interfaces</filename>."
10672
msgstr ""
10673
10674
#: serverguide/C/network-config.xml:261(para)
10675
msgid ""
10676
"For more information on DNS client configuration see the <ulink "
10677
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/resolver.5.html\">re"
10678
"solver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
10679
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
10680
"Administrator's Guide</ulink> is a good source of resolver and name service "
10681
"configuration information."
10682
msgstr ""
10683
10684
#: serverguide/C/network-config.xml:269(para)
10685
msgid ""
10686
"For more information on <emphasis>bridging</emphasis> see the <ulink "
10687
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/brctl.8.html\">brctl"
10688
" man page</ulink> and the Linux Foundation's <ulink "
10689
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
10690
msgstr ""
10691
10692
#: serverguide/C/network-config.xml:280(title)
10693
msgid "TCP/IP"
10694
msgstr ""
10695
10696
#: serverguide/C/network-config.xml:281(para)
10697
msgid ""
10698
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
10699
"standard set of protocols developed in the late 1970s by the Defense "
10700
"Advanced Research Projects Agency (DARPA) as a means of communication "
10701
"between different types of computers and computer networks. TCP/IP is the "
10702
"driving force of the Internet, and thus it is the most popular set of "
10703
"network protocols on Earth."
10704
msgstr ""
10705
10706
#: serverguide/C/network-config.xml:289(title)
10707
msgid "TCP/IP Introduction"
10708
msgstr ""
10709
10710
#: serverguide/C/network-config.xml:290(para)
10711
msgid ""
10712
"The two protocol components of TCP/IP deal with different aspects of "
10713
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
10714
"TCP/IP is a connectionless protocol which deals only with network packet "
10715
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
10716
"basic unit of networking information. The IP Datagram consists of a header "
10717
"followed by a message. The <emphasis> Transmission Control "
10718
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
10719
"establish connections which may be used to exchange data streams. TCP also "
10720
"guarantees that the data between connections is delivered and that it "
10721
"arrives at one network host in the same order as sent from another network "
10722
"host."
10723
msgstr ""
10724
10725
#: serverguide/C/network-config.xml:303(title)
10726
msgid "TCP/IP Configuration"
10727
msgstr ""
10728
10729
#: serverguide/C/network-config.xml:304(para)
10730
msgid ""
10731
"The TCP/IP protocol configuration consists of several elements which must be "
10732
"set by editing the appropriate configuration files, or deploying solutions "
10733
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
10734
"can be configured to provide the proper TCP/IP configuration settings to "
10735
"network clients automatically. These configuration values must be set "
10736
"correctly in order to facilitate the proper network operation of your Ubuntu "
10737
"system."
10738
msgstr ""
10739
10740
#: serverguide/C/network-config.xml:316(para)
10741
msgid ""
10742
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
10743
"identifying string expressed as four decimal numbers ranging from zero (0) "
10744
"to two-hundred and fifty-five (255), separated by periods, with each of the "
10745
"four numbers representing eight (8) bits of the address for a total length "
10746
"of thirty-two (32) bits for the whole address. This format is called "
10747
"<emphasis>dotted quad notation</emphasis>."
10748
msgstr ""
10749
10750
#: serverguide/C/network-config.xml:326(para)
10751
msgid ""
10752
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
10753
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
10754
"separate the portions of an IP address significant to the network from the "
10755
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
10756
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
10757
"three bytes of the IP address and allows the last byte of the IP address to "
10758
"remain available for specifying hosts on the subnetwork."
10759
msgstr ""
10760
10761
#: serverguide/C/network-config.xml:337(para)
10762
msgid ""
10763
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
10764
"represents the bytes comprising the network portion of an IP address. For "
10765
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
10766
"network address, where twelve (12) represents the first byte of the IP "
10767
"address, (the network part) and zeroes (0) in all of the remaining three "
10768
"bytes to represent the potential host values. A network host using the "
10769
"private IP address 192.168.1.100 would in turn use a Network Address of "
10770
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
10771
"network and a zero (0) for all the possible hosts on the network."
10772
msgstr ""
10773
10774
#: serverguide/C/network-config.xml:350(para)
10775
msgid ""
10776
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
10777
"is an IP address which allows network data to be sent simultaneously to all "
10778
"hosts on a given subnetwork rather than specifying a particular host. The "
10779
"standard general broadcast address for IP networks is 255.255.255.255, but "
10780
"this broadcast address cannot be used to send a broadcast message to every "
10781
"host on the Internet because routers block it. A more appropriate broadcast "
10782
"address is set to match a specific subnetwork. For example, on the private "
10783
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
10784
"Broadcast messages are typically produced by network protocols such as the "
10785
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
10786
msgstr ""
10787
10788
#: serverguide/C/network-config.xml:363(para)
10789
msgid ""
10790
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
10791
"IP address through which a particular network, or host on a network, may be "
10792
"reached. If one network host wishes to communicate with another network "
10793
"host, and that host is not located on the same network, then a "
10794
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
10795
"Address will be that of a router on the same network, which will in turn "
10796
"pass traffic on to other networks or hosts, such as Internet hosts. The "
10797
"value of the Gateway Address setting must be correct, or your system will "
10798
"not be able to reach any hosts beyond those on the same network."
10799
msgstr ""
10800
10801
#: serverguide/C/network-config.xml:374(para)
10802
msgid ""
10803
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
10804
"represent the IP addresses of Domain Name Service (DNS) systems, which "
10805
"resolve network hostnames into IP addresses. There are three levels of "
10806
"Nameserver Addresses, which may be specified in order of precedence: The "
10807
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
10808
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
10809
"your system to be able to resolve network hostnames into their corresponding "
10810
"IP addresses, you must specify valid Nameserver Addresses which you are "
10811
"authorized to use in your system's TCP/IP configuration. In many cases these "
10812
"addresses can and will be provided by your network service provider, but "
10813
"many free and publicly accessible nameservers are available for use, such as "
10814
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
10815
msgstr ""
10816
10817
#: serverguide/C/network-config.xml:388(para)
10818
msgid ""
10819
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
10820
"Address are typically specified via the appropriate directives in the file "
10821
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
10822
"typically specified via <emphasis>nameserver</emphasis> directives in the "
10823
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
10824
"system manual page for <filename>interfaces</filename> or "
10825
"<filename>resolv.conf</filename> respectively, with the following commands "
10826
"typed at a terminal prompt:"
10827
msgstr ""
10828
10829
#: serverguide/C/network-config.xml:395(para)
10830
msgid ""
10831
"Access the system manual page for <filename>interfaces</filename> with the "
10832
"following command:"
10833
msgstr ""
10834
10835
#: serverguide/C/network-config.xml:400(command)
10836
msgid "man interfaces"
10837
msgstr ""
10838
10839
#: serverguide/C/network-config.xml:403(para)
10840
msgid ""
10841
"Access the system manual page for <filename>resolv.conf</filename> with the "
10842
"following command:"
10843
msgstr ""
10844
10845
#: serverguide/C/network-config.xml:407(command)
10846
msgid "man resolv.conf"
10847
msgstr ""
10848
10849
#: serverguide/C/network-config.xml:312(para)
10850
msgid ""
10851
"The common configuration elements of TCP/IP and their purposes are as "
10852
"follows: <placeholder-1/>"
10853
msgstr ""
10854
10855
#: serverguide/C/network-config.xml:414(title)
10856
msgid "IP Routing"
10857
msgstr ""
10858
10859
#: serverguide/C/network-config.xml:415(para)
10860
msgid ""
10861
"IP routing is a means of specifying and discovering paths in a TCP/IP "
10862
"network along which network data may be sent. Routing uses a set of "
10863
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
10864
"packets from their source to the destination, often via many intermediary "
10865
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
10866
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
10867
"<emphasis>Dynamic Routing.</emphasis>"
10868
msgstr ""
10869
10870
#: serverguide/C/network-config.xml:424(para)
10871
msgid ""
10872
"Static routing involves manually adding IP routes to the system's routing "
10873
"table, and this is usually done by manipulating the routing table with the "
10874
"<application>route</application> command. Static routing enjoys many "
10875
"advantages over dynamic routing, such as simplicity of implementation on "
10876
"smaller networks, predictability (the routing table is always computed in "
10877
"advance, and thus the route is precisely the same each time it is used), and "
10878
"low overhead on other routers and network links due to the lack of a dynamic "
10879
"routing protocol. However, static routing does present some disadvantages as "
10880
"well. For example, static routing is limited to small networks and does not "
10881
"scale well. Static routing also fails completely to adapt to network outages "
10882
"and failures along the route due to the fixed nature of the route."
10883
msgstr ""
10884
10885
#: serverguide/C/network-config.xml:434(para)
10886
msgid ""
10887
"Dynamic routing depends on large networks with multiple possible IP routes "
10888
"from a source to a destination and makes use of special routing protocols, "
10889
"such as the Router Information Protocol (RIP), which handle the automatic "
10890
"adjustments in routing tables that make dynamic routing possible. Dynamic "
10891
"routing has several advantages over static routing, such as superior "
10892
"scalability and the ability to adapt to failures and outages along network "
10893
"routes. Additionally, there is less manual configuration of the routing "
10894
"tables, since routers learn from one another about their existence and "
10895
"available routes. This trait also eliminates the possibility of introducing "
10896
"mistakes in the routing tables via human error. Dynamic routing is not "
10897
"perfect, however, and presents disadvantages such as heightened complexity "
10898
"and additional network overhead from router communications, which does not "
10899
"immediately benefit the end users, but still consumes network bandwidth."
10900
msgstr ""
10901
10902
#: serverguide/C/network-config.xml:448(title)
10903
msgid "TCP and UDP"
10904
msgstr ""
10905
10906
#: serverguide/C/network-config.xml:449(para)
10907
msgid ""
10908
"TCP is a connection-based protocol, offering error correction and guaranteed "
10909
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
10910
"Flow control determines when the flow of a data stream needs to be stopped, "
10911
"and previously sent data packets should to be re-sent due to problems such "
10912
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
10913
"accurate delivery of the data. TCP is typically used in the exchange of "
10914
"important information such as database transactions."
10915
msgstr ""
10916
10917
#: serverguide/C/network-config.xml:457(para)
10918
msgid ""
10919
"The User Datagram Protocol (UDP), on the other hand, is a "
10920
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
10921
"transmission of important data because it lacks flow control or any other "
10922
"method to ensure reliable delivery of the data. UDP is commonly used in such "
10923
"applications as audio and video streaming, where it is considerably faster "
10924
"than TCP due to the lack of error correction and flow control, and where the "
10925
"loss of a few packets is not generally catastrophic."
10926
msgstr ""
10927
10928
#: serverguide/C/network-config.xml:467(title)
10929
msgid "ICMP"
10930
msgstr ""
10931
10932
#: serverguide/C/network-config.xml:468(para)
10933
msgid ""
10934
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
10935
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
10936
"supports network packets containing control, error, and informational "
10937
"messages. ICMP is used by such network applications as the "
10938
"<application>ping</application> utility, which can determine the "
10939
"availability of a network host or device. Examples of some error messages "
10940
"returned by ICMP which are useful to both network hosts and devices such as "
10941
"routers, include <emphasis>Destination Unreachable</emphasis> and "
10942
"<emphasis>Time Exceeded</emphasis>."
10943
msgstr ""
10944
10945
#: serverguide/C/network-config.xml:478(title)
10946
msgid "Daemons"
10947
msgstr ""
10948
10949
#: serverguide/C/network-config.xml:479(para)
10950
msgid ""
10951
"Daemons are special system applications which typically execute continuously "
10952
"in the background and await requests for the functions they provide from "
10953
"other applications. Many daemons are network-centric; that is, a large "
10954
"number of daemons executing in the background on an Ubuntu system may "
10955
"provide network-related functionality. Some examples of such network daemons "
10956
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
10957
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
10958
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
10959
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
10960
"Daemon</emphasis> (imapd), which provides E-Mail services."
10961
msgstr ""
10962
10963
#: serverguide/C/network-config.xml:494(para)
10964
msgid ""
10965
"There are man pages for <ulink "
10966
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/tcp.7.html\">TCP</ul"
10967
"ink> and <ulink "
10968
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man7/ip.7.html\">IP</ulink> "
10969
"that contain more useful information."
10970
msgstr ""
10971
10972
#: serverguide/C/network-config.xml:500(para)
10973
msgid ""
10974
"Also, see the <ulink "
10975
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
10976
"and Technical Overview</ulink> IBM Redbook."
10977
msgstr ""
10978
10979
#: serverguide/C/network-config.xml:506(para)
10980
msgid ""
10981
"Another resource is O'Reilly's <ulink "
10982
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
10983
"Administration</ulink>."
10984
msgstr ""
10985
10986
#: serverguide/C/network-config.xml:515(title)
10987
msgid "Dynamic Host Configuration Protocol (DHCP)"
10988
msgstr ""
10989
10990
#: serverguide/C/network-config.xml:516(para)
10991
msgid ""
10992
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
10993
"enables host computers to be automatically assigned settings from a server "
10994
"as opposed to manually configuring each network host. Computers configured "
10995
"to be DHCP clients have no control over the settings they receive from the "
10996
"DHCP server, and the configuration is transparent to the computer's user."
10997
msgstr ""
10998
10999
#: serverguide/C/network-config.xml:523(para)
11000
msgid ""
11001
"The most common settings provided by a DHCP server to DHCP clients include:"
11002
msgstr ""
11003
11004
#: serverguide/C/network-config.xml:528(para)
11005
msgid "IP-Address and Netmask"
11006
msgstr ""
11007
11008
#: serverguide/C/network-config.xml:531(para)
11009
msgid "DNS"
11010
msgstr ""
11011
11012
#: serverguide/C/network-config.xml:534(para)
11013
msgid "WINS"
11014
msgstr ""
11015
11016
#: serverguide/C/network-config.xml:537(para)
11017
msgid ""
11018
"However, a DHCP server can also supply configuration properties such as:"
11019
msgstr ""
11020
11021
#: serverguide/C/network-config.xml:542(para)
11022
msgid "Host Name"
11023
msgstr ""
11024
11025
#: serverguide/C/network-config.xml:545(para)
11026
msgid "Domain Name"
11027
msgstr ""
11028
11029
#: serverguide/C/network-config.xml:548(para)
11030
msgid "Default Gateway"
11031
msgstr ""
11032
11033
#: serverguide/C/network-config.xml:551(para)
11034
msgid "Time Server"
11035
msgstr ""
11036
11037
#: serverguide/C/network-config.xml:554(para)
11038
msgid "Print Server"
11039
msgstr ""
11040
11041
#: serverguide/C/network-config.xml:557(para)
11042
msgid ""
11043
"The advantage of using DHCP is that changes to the network, for example a "
11044
"change in the address of the DNS server, need only be changed at the DHCP "
11045
"server, and all network hosts will be reconfigured the next time their DHCP "
11046
"clients poll the DHCP server. As an added advantage, it is also easier to "
11047
"integrate new computers into the network, as there is no need to check for "
11048
"the availability of an IP address. Conflicts in IP address allocation are "
11049
"also reduced."
11050
msgstr ""
11051
11052
#: serverguide/C/network-config.xml:565(para)
11053
msgid "A DHCP server can provide configuration settings using two methods:"
11054
msgstr ""
11055
11056
#: serverguide/C/network-config.xml:570(term)
11057
msgid "MAC Address"
11058
msgstr ""
11059
11060
#: serverguide/C/network-config.xml:572(para)
11061
msgid ""
11062
"This method entails using DHCP to identify the unique hardware address of "
11063
"each network card connected to the network and then continually supplying a "
11064
"constant configuration each time the DHCP client makes a request to the DHCP "
11065
"server using that network device."
11066
msgstr ""
11067
11068
#: serverguide/C/network-config.xml:581(term)
11069
msgid "Address Pool"
11070
msgstr ""
11071
11072
#: serverguide/C/network-config.xml:583(para)
11073
msgid ""
11074
"This method entails defining a pool (sometimes also called a range or scope) "
11075
"of IP addresses from which DHCP clients are supplied their configuration "
11076
"properties dynamically and on a \"first come, first served\" basis. When a "
11077
"DHCP client is no longer on the network for a specified period, the "
11078
"configuration is expired and released back to the address pool for use by "
11079
"other DHCP Clients."
11080
msgstr ""
11081
11082
#: serverguide/C/network-config.xml:594(para)
11083
msgid ""
11084
"Ubuntu is shipped with both DHCP server and client. The server is "
11085
"<application>dhcpd</application> (dynamic host configuration protocol "
11086
"daemon). The client provided with Ubuntu is "
11087
"<application>dhclient</application> and should be installed on all computers "
11088
"required to be automatically configured. Both programs are easy to install "
11089
"and configure and will be automatically started at system boot."
11090
msgstr ""
11091
11092
#: serverguide/C/network-config.xml:604(para)
11093
msgid ""
11094
"At a terminal prompt, enter the following command to install "
11095
"<application>dhcpd</application>:"
11096
msgstr ""
11097
11098
#: serverguide/C/network-config.xml:609(command)
11099
msgid "sudo apt-get install dhcp3-server"
11100
msgstr ""
11101
11102
#: serverguide/C/network-config.xml:611(para)
11103
msgid ""
11104
"You will probably need to change the default configuration by editing "
11105
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
11106
msgstr ""
11107
11108
#: serverguide/C/network-config.xml:615(para)
11109
msgid ""
11110
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
11111
"dhcpd should listen to. By default it listens to eth0."
11112
msgstr ""
11113
11114
#: serverguide/C/network-config.xml:619(para)
11115
msgid ""
11116
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
11117
"messages."
11118
msgstr ""
11119
11120
#: serverguide/C/network-config.xml:626(para)
11121
msgid ""
11122
"The error message the installation ends with might be a little confusing, "
11123
"but the following steps will help you configure the service:"
11124
msgstr ""
11125
11126
#: serverguide/C/network-config.xml:630(para)
11127
msgid ""
11128
"Most commonly, what you want to do is assign an IP address randomly. This "
11129
"can be done with settings as follows:"
11130
msgstr ""
11131
11132
#: serverguide/C/network-config.xml:634(programlisting)
11133
#, no-wrap
11134
msgid ""
11135
"\n"
11136
"# Sample /etc/dhcpd.conf\n"
11137
"# (add your comments here) \n"
11138
"default-lease-time 600;\n"
11139
"max-lease-time 7200;\n"
11140
"option subnet-mask 255.255.255.0;\n"
11141
"option broadcast-address 192.168.1.255;\n"
11142
"option routers 192.168.1.254;\n"
11143
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
11144
"option domain-name \"mydomain.example\";\n"
11145
"\n"
11146
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
11147
"range 192.168.1.10 192.168.1.100;\n"
11148
"range 192.168.1.150 192.168.1.200;\n"
11149
"} \n"
11150
msgstr ""
11151
11152
#: serverguide/C/network-config.xml:650(para)
11153
msgid ""
11154
"This will result in the DHCP server giving a client an IP address from the "
11155
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
11156
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
11157
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
11158
"server will also \"advise\" the client that it should use 255.255.255.0 as "
11159
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
11160
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
11161
msgstr ""
11162
11163
#: serverguide/C/network-config.xml:659(para)
11164
msgid ""
11165
"If you need to specify a WINS server for your Windows clients, you will need "
11166
"to include the netbios-name-servers option, e.g."
11167
msgstr ""
11168
11169
#: serverguide/C/network-config.xml:663(programlisting)
11170
#, no-wrap
11171
msgid ""
11172
"\n"
11173
"option netbios-name-servers 192.168.1.1; \n"
11174
msgstr ""
11175
11176
#: serverguide/C/network-config.xml:666(para)
11177
msgid ""
11178
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
11179
"be found <ulink "
11180
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
11181
msgstr ""
11182
11183
#: serverguide/C/network-config.xml:676(para)
11184
msgid ""
11185
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
11186
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/dhcpd.conf.5.html\">"
11187
"dhcpd.conf man page</ulink>."
11188
msgstr ""
11189
11190
#: serverguide/C/network-config.xml:682(para)
11191
msgid ""
11192
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
11193
"FAQ</ulink>"
11194
msgstr ""
11195
11196
#: serverguide/C/network-config.xml:692(title)
11197
msgid "Time Synchronisation with NTP"
11198
msgstr ""
11199
11200
#: serverguide/C/network-config.xml:693(para)
11201
msgid ""
11202
"This page describes methods for keeping your computer's time accurate. This "
11203
"is useful for servers, but is not necessary (or desirable) for desktop "
11204
"machines."
11205
msgstr ""
11206
11207
#: serverguide/C/network-config.xml:696(para)
11208
msgid ""
11209
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
11210
"client requests the current time from a server, and uses it to set its own "
11211
"clock."
11212
msgstr ""
11213
11214
#: serverguide/C/network-config.xml:699(para)
11215
msgid ""
11216
"Behind this simple description, there is a lot of complexity - there are "
11217
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
11218
"clocks (often via GPS), and tier two and three servers spreading the load of "
11219
"actually handling requests across the Internet. Also the client software is "
11220
"a lot more complex than you might think - it has to factor out communication "
11221
"delays, and adjust the time in a way that does not upset all the other "
11222
"processes that run on the server. But luckily all that complexity is hidden "
11223
"from you!"
11224
msgstr ""
11225
11226
#: serverguide/C/network-config.xml:702(para)
11227
msgid ""
11228
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
11229
msgstr ""
11230
11231
#: serverguide/C/network-config.xml:707(title)
11232
msgid "ntpdate"
11233
msgstr ""
11234
11235
#: serverguide/C/network-config.xml:708(para)
11236
msgid ""
11237
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
11238
"set up your time according to Ubuntu's NTP server. However, a server's clock "
11239
"is likely to drift considerably between reboots, so it makes sense to "
11240
"correct the time occasionally. The easiest way to do this is to get cron to "
11241
"run ntpdate every day. With your favorite editor, as root, create a file "
11242
"<code>/etc/cron.daily/ntpdate</code> containing:"
11243
msgstr ""
11244
11245
#: serverguide/C/network-config.xml:713(screen)
11246
#, no-wrap
11247
msgid "ntpdate ntp.ubuntu.com\n"
11248
msgstr ""
11249
11250
#: serverguide/C/network-config.xml:715(para)
11251
msgid ""
11252
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
11253
msgstr ""
11254
11255
#: serverguide/C/network-config.xml:718(screen)
11256
#, no-wrap
11257
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
11258
msgstr ""
11259
11260
#: serverguide/C/network-config.xml:722(title)
11261
msgid "ntpd"
11262
msgstr ""
11263
11264
#: serverguide/C/network-config.xml:723(para)
11265
msgid ""
11266
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
11267
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
11268
"calculates the drift of your system clock and continuously adjusts it, so "
11269
"there are no large corrections that could lead to inconsistent logs for "
11270
"instance. The cost is a little processing power and memory, but for a modern "
11271
"server this is negligible."
11272
msgstr ""
11273
11274
#: serverguide/C/network-config.xml:726(para)
11275
msgid "To set up ntpd:"
11276
msgstr ""
11277
11278
#: serverguide/C/network-config.xml:727(screen)
11279
#, no-wrap
11280
msgid "sudo apt-get install ntp\n"
11281
msgstr ""
11282
11283
#: serverguide/C/network-config.xml:732(title)
11284
msgid "Changing Time Servers"
11285
msgstr ""
11286
11287
#: serverguide/C/network-config.xml:733(para)
11288
msgid ""
11289
"In both cases above, your system will use Ubuntu's NTP server at "
11290
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
11291
"use several servers to increase accuracy and resilience, and you may want to "
11292
"use time servers that are geographically closer to you. to do this for "
11293
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
11294
msgstr ""
11295
11296
#: serverguide/C/network-config.xml:740(screen)
11297
#, no-wrap
11298
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
11299
msgstr ""
11300
11301
#: serverguide/C/network-config.xml:742(para)
11302
msgid ""
11303
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
11304
"lines:"
11305
msgstr ""
11306
11307
#: serverguide/C/network-config.xml:747(screen)
11308
#, no-wrap
11309
msgid ""
11310
"server ntp.ubuntu.com\n"
11311
"server pool.ntp.org\n"
11312
msgstr ""
11313
11314
#: serverguide/C/network-config.xml:750(para)
11315
msgid ""
11316
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
11317
"really good idea which uses round-robin DNS to return an NTP server from a "
11318
"pool, spreading the load between several different servers. Even better, "
11319
"they have pools for different regions - for instance, if you are in New "
11320
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
11321
"<code>pool.ntp.org</code> . Look at <ulink "
11322
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
11323
"details."
11324
msgstr ""
11325
11326
#: serverguide/C/network-config.xml:761(para)
11327
msgid ""
11328
"You can also Google for NTP servers in your region, and add these to your "
11329
"configuration. To test that a server works, just type <code>sudo ntpdate "
11330
"ntp.server.name</code> and see what happens."
11331
msgstr ""
11332
11333
#: serverguide/C/network-config.xml:769(title)
11334
msgid "Related Pages"
11335
msgstr ""
11336
11337
#: serverguide/C/network-config.xml:773(ulink)
11338
msgid "NTP Support"
11339
msgstr ""
11340
11341
#: serverguide/C/network-config.xml:778(ulink)
11342
msgid "The NTP FAQ and HOWTO"
11343
msgstr ""
11344
11345
#: serverguide/C/network-auth.xml:13(title)
11346
msgid "Network Authentication"
11347
msgstr ""
11348
11349
#: serverguide/C/network-auth.xml:15(para)
11350
msgid "This section explains various Network Authentication protocols."
11351
msgstr ""
11352
11353
#: serverguide/C/network-auth.xml:19(title)
11354
msgid "OpenLDAP Server"
11355
msgstr ""
11356
11357
#: serverguide/C/network-auth.xml:20(para)
11358
msgid ""
11359
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
11360
"simplified version of the X.500 protocol. The directory setup in this "
11361
"section will be used for authentication. Nevertheless, LDAP can be used in "
11362
"numerous ways: authentication, shared directory (for mail clients), address "
11363
"book, etc."
11364
msgstr ""
11365
11366
#: serverguide/C/network-auth.xml:28(para)
11367
msgid ""
11368
"To describe LDAP quickly, all information is stored in a tree structure. "
11369
"With <application>OpenLDAP</application> you have freedom to determine the "
11370
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
11371
"We will begin with a basic tree containing two nodes below the root:"
11372
msgstr ""
11373
11374
#: serverguide/C/network-auth.xml:37(para)
11375
msgid "\"People\" node where your users will be stored"
11376
msgstr ""
11377
11378
#: serverguide/C/network-auth.xml:40(para)
11379
msgid "\"Groups\" node where your groups will be stored"
11380
msgstr ""
11381
11382
#: serverguide/C/network-auth.xml:44(para)
11383
msgid ""
11384
"Before beginning, you should determine what the root of your LDAP directory "
11385
"will be. By default, your tree will be determined by your Fully Qualified "
11386
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
11387
"example), your root node will be dc=example,dc=com."
11388
msgstr ""
11389
11390
#: serverguide/C/network-auth.xml:54(para)
11391
msgid ""
11392
"First, install the <application>OpenLDAP</application> server daemon "
11393
"<application>slapd</application> and <application>ldap-utils</application>, "
11394
"a package containing LDAP management utilities:"
11395
msgstr ""
11396
11397
#: serverguide/C/network-auth.xml:60(command)
11398
msgid "sudo apt-get install slapd ldap-utils"
11399
msgstr ""
11400
11401
#: serverguide/C/network-auth.xml:63(para)
11402
msgid ""
11403
"The installation process will prompt you for the LDAP directory admin "
11404
"password and confirmation."
11405
msgstr ""
11406
11407
#: serverguide/C/network-auth.xml:68(para)
11408
msgid ""
11409
"By default the directory suffix will match the domain name of the server. "
11410
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11411
"ldap.example.com, the default suffix will be "
11412
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11413
"the directory can be reconfigured using <application>dpkg-"
11414
"reconfigure</application>. Enter the following in a terminal prompt:"
11415
msgstr ""
11416
11417
#: serverguide/C/network-auth.xml:78(command)
11418
msgid "sudo dpkg-reconfigure slapd"
11419
msgstr ""
11420
11421
#: serverguide/C/network-auth.xml:81(para)
11422
msgid ""
11423
"You will then be taken through a menu based configuration dialog, allowing "
11424
"you to configure various <application>slapd</application> options."
11425
msgstr ""
11426
11427
#: serverguide/C/network-auth.xml:90(para)
11428
msgid ""
11429
"<application>OpenLDAP</application> uses a separate database which contains "
11430
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11431
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11432
"<application>slapd</application> daemon, allowing the modification of schema "
11433
"definitions, indexes, ACLs, etc without stopping the service."
11434
msgstr ""
11435
11436
#: serverguide/C/network-auth.xml:98(para)
11437
msgid ""
11438
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11439
"utilities in the <application>ldap-utils</application> package. For example:"
11440
msgstr ""
11441
11442
#: serverguide/C/network-auth.xml:106(para)
11443
msgid ""
11444
"Use <application>ldapsearch</application> to view the tree, entering the "
11445
"admin password set during installation or reconfiguration:"
11446
msgstr ""
11447
11448
#: serverguide/C/network-auth.xml:112(command)
11449
msgid ""
11450
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11451
msgstr ""
11452
11453
#: serverguide/C/network-auth.xml:116(computeroutput)
11454
#, no-wrap
11455
msgid ""
11456
"Enter LDAP Password: \n"
11457
"dn: olcDatabase={1}hdb,cn=config\n"
11458
"objectClass: olcDatabaseConfig\n"
11459
"objectClass: olcHdbConfig\n"
11460
"olcDatabase: {1}hdb\n"
11461
"olcDbDirectory: /var/lib/ldap\n"
11462
"olcSuffix: dc=example,dc=com\n"
11463
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11464
"dn=\"cn=admin,dc=exampl\n"
11465
" e,dc=com\" write by anonymous auth by self write by * none\n"
11466
"olcAccess: {1}to dn.base=\"\" by * read\n"
11467
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11468
"olcLastMod: TRUE\n"
11469
"olcDbCheckpoint: 512 30\n"
11470
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11471
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11472
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11473
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11474
"olcDbIndex: objectClass eq\n"
11475
msgstr ""
11476
11477
#: serverguide/C/network-auth.xml:137(para)
11478
msgid ""
11479
"The output above is the current configuration options for the "
11480
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11481
"<emphasis>dc=example,dc=com</emphasis> suffix."
11482
msgstr ""
11483
11484
#: serverguide/C/network-auth.xml:146(para)
11485
msgid ""
11486
"Refine the search by supplying a <emphasis "
11487
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11488
"are indexed:"
11489
msgstr ""
11490
11491
#: serverguide/C/network-auth.xml:152(command)
11492
msgid ""
11493
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11494
"olcDbIndex"
11495
msgstr ""
11496
11497
#: serverguide/C/network-auth.xml:156(computeroutput)
11498
#, no-wrap
11499
msgid ""
11500
"Enter LDAP Password: \n"
11501
"dn: olcDatabase={1}hdb,cn=config\n"
11502
"olcDbIndex: objectClass eq\n"
11503
msgstr ""
11504
11505
#: serverguide/C/network-auth.xml:165(para)
11506
msgid ""
11507
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11508
"another attribute to the index list using "
11509
"<application>ldapmodify</application>:"
11510
msgstr ""
11511
11512
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11513
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11514
msgstr ""
11515
11516
#: serverguide/C/network-auth.xml:175(userinput)
11517
#, no-wrap
11518
msgid ""
11519
"\n"
11520
"dn: olcDatabase={1}hdb,cn=config\n"
11521
"add: olcDbIndex\n"
11522
"olcDbIndex: entryUUID eq"
11523
msgstr ""
11524
11525
#: serverguide/C/network-auth.xml:175(computeroutput)
11526
#, no-wrap
11527
msgid ""
11528
"Enter LDAP Password:<placeholder-1/>\n"
11529
"\n"
11530
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11531
msgstr ""
11532
11533
#: serverguide/C/network-auth.xml:184(para)
11534
msgid ""
11535
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11536
"exit the utility."
11537
msgstr ""
11538
11539
#: serverguide/C/network-auth.xml:191(para)
11540
msgid ""
11541
"<application>ldapmodify</application> can also read the changes from a file. "
11542
"Copy and paste the following into a file named "
11543
"<filename>uid_index.ldif</filename>:"
11544
msgstr ""
11545
11546
#: serverguide/C/network-auth.xml:196(programlisting)
11547
#, no-wrap
11548
msgid ""
11549
"\n"
11550
"dn: olcDatabase={1}hdb,cn=config\n"
11551
"add: olcDbIndex\n"
11552
"olcDbIndex: uid eq,pres,sub\n"
11553
msgstr ""
11554
11555
#: serverguide/C/network-auth.xml:202(para)
11556
msgid "Then execute <application>ldapmodify</application>:"
11557
msgstr ""
11558
11559
#: serverguide/C/network-auth.xml:207(command)
11560
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11561
msgstr ""
11562
11563
#: serverguide/C/network-auth.xml:211(computeroutput)
11564
#, no-wrap
11565
msgid ""
11566
"Enter LDAP Password: \n"
11567
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11568
msgstr ""
11569
11570
#: serverguide/C/network-auth.xml:216(para)
11571
msgid "The file method is very useful for large changes."
11572
msgstr ""
11573
11574
#: serverguide/C/network-auth.xml:223(para)
11575
msgid ""
11576
"Adding additional <emphasis>schemas</emphasis> to "
11577
"<application>slapd</application> requires the schema to be converted to LDIF "
11578
"format. Fortunately, the <application>slapd</application> program can be "
11579
"used to automate the conversion. The following example will add the "
11580
"<emphasis>misc.schema</emphasis>:"
11581
msgstr ""
11582
11583
#: serverguide/C/network-auth.xml:231(para)
11584
msgid ""
11585
"First, create a conversion <filename>schema_convert.conf</filename> file "
11586
"containing the following lines:"
11587
msgstr ""
11588
11589
#: serverguide/C/network-auth.xml:236(programlisting)
11590
#, no-wrap
11591
msgid ""
11592
"\n"
11593
"include /etc/ldap/schema/core.schema\n"
11594
"include /etc/ldap/schema/collective.schema\n"
11595
"include /etc/ldap/schema/corba.schema\n"
11596
"include /etc/ldap/schema/cosine.schema\n"
11597
"include /etc/ldap/schema/duaconf.schema\n"
11598
"include /etc/ldap/schema/dyngroup.schema\n"
11599
"include /etc/ldap/schema/inetorgperson.schema\n"
11600
"include /etc/ldap/schema/java.schema\n"
11601
"include /etc/ldap/schema/misc.schema\n"
11602
"include /etc/ldap/schema/nis.schema\n"
11603
"include /etc/ldap/schema/openldap.schema\n"
11604
"include /etc/ldap/schema/ppolicy.schema\n"
11605
msgstr ""
11606
11607
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
11608
msgid "Next, create a temporary directory to hold the output:"
11609
msgstr ""
11610
11611
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
11612
msgid "mkdir /tmp/ldif_output"
11613
msgstr ""
11614
11615
#: serverguide/C/network-auth.xml:265(para)
11616
msgid ""
11617
"Now using <application>slapcat</application> convert the schema files to "
11618
"LDIF:"
11619
msgstr ""
11620
11621
#: serverguide/C/network-auth.xml:270(command)
11622
msgid ""
11623
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11624
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11625
msgstr ""
11626
11627
#: serverguide/C/network-auth.xml:273(para)
11628
msgid ""
11629
"Adjust the configuration file name and temporary directory names if yours "
11630
"are different. Also, it may be worthwhile to keep the "
11631
"<filename>ldif_output</filename> directory around in case you want to add "
11632
"additional schemas in the future."
11633
msgstr ""
11634
11635
#: serverguide/C/network-auth.xml:282(para)
11636
msgid ""
11637
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11638
"following attributes:"
11639
msgstr ""
11640
11641
#: serverguide/C/network-auth.xml:286(programlisting)
11642
#, no-wrap
11643
msgid ""
11644
"\n"
11645
"dn: cn=misc,cn=schema,cn=config\n"
11646
"...\n"
11647
"cn: misc\n"
11648
msgstr ""
11649
11650
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
11651
msgid "And remove the following lines from the bottom of the file:"
11652
msgstr ""
11653
11654
#: serverguide/C/network-auth.xml:296(programlisting)
11655
#, no-wrap
11656
msgid ""
11657
"\n"
11658
"structuralObjectClass: olcSchemaConfig\n"
11659
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11660
"creatorsName: cn=config\n"
11661
"createTimestamp: 20080826021140Z\n"
11662
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11663
"modifiersName: cn=config\n"
11664
"modifyTimestamp: 20080826021140Z\n"
11665
msgstr ""
11666
11667
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11668
msgid ""
11669
"The attribute values will vary, just be sure the attributes are removed."
11670
msgstr ""
11671
11672
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11673
msgid ""
11674
"Finally, using the <application>ldapadd</application> utility, add the new "
11675
"schema to the directory:"
11676
msgstr ""
11677
11678
#: serverguide/C/network-auth.xml:321(command)
11679
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11680
msgstr ""
11681
11682
#: serverguide/C/network-auth.xml:327(para)
11683
msgid ""
11684
"There should now be a <emphasis>dn: "
11685
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11686
msgstr ""
11687
11688
#: serverguide/C/network-auth.xml:336(title)
11689
msgid "Populating LDAP"
11690
msgstr ""
11691
11692
#: serverguide/C/network-auth.xml:338(para)
11693
msgid ""
11694
"The directory has been created during installation and reconfiguration, and "
11695
"now it is time to populate it. It will be populated with a \"classical\" "
11696
"scheme that will be compatible with address book applications and with Unix "
11697
"Posix accounts. Posix accounts will allow authentication to various "
11698
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11699
"applications, etc."
11700
msgstr ""
11701
11702
#: serverguide/C/network-auth.xml:347(para)
11703
msgid ""
11704
"For external applications to authenticate using LDAP they will each need to "
11705
"be specifically configured to do so. Refer to the individual application "
11706
"documentation for details."
11707
msgstr ""
11708
11709
#: serverguide/C/network-auth.xml:354(para)
11710
msgid ""
11711
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11712
"Format) files. Copy the following example LDIF file, naming it "
11713
"<filename>example.com.ldif</filename>, somewhere on your system:"
11714
msgstr ""
11715
11716
#: serverguide/C/network-auth.xml:360(programlisting)
11717
#, no-wrap
11718
msgid ""
11719
"\n"
11720
"dn: ou=people,dc=example,dc=com\n"
11721
"objectClass: organizationalUnit\n"
11722
"ou: people\n"
11723
"\n"
11724
"dn: ou=groups,dc=example,dc=com\n"
11725
"objectClass: organizationalUnit\n"
11726
"ou: groups\n"
11727
"\n"
11728
"dn: uid=john,ou=people,dc=example,dc=com\n"
11729
"objectClass: inetOrgPerson\n"
11730
"objectClass: posixAccount\n"
11731
"objectClass: shadowAccount\n"
11732
"uid: john\n"
11733
"sn: Doe\n"
11734
"givenName: John\n"
11735
"cn: John Doe\n"
11736
"displayName: John Doe\n"
11737
"uidNumber: 1000\n"
11738
"gidNumber: 10000\n"
11739
"userPassword: password\n"
11740
"gecos: John Doe\n"
11741
"loginShell: /bin/bash\n"
11742
"homeDirectory: /home/john\n"
11743
"shadowExpire: -1\n"
11744
"shadowFlag: 0\n"
11745
"shadowWarning: 7\n"
11746
"shadowMin: 8\n"
11747
"shadowMax: 999999\n"
11748
"shadowLastChange: 10877\n"
11749
"mail: john.doe@example.com\n"
11750
"postalCode: 31000\n"
11751
"l: Toulouse\n"
11752
"o: Example\n"
11753
"mobile: +33 (0)6 xx xx xx xx\n"
11754
"homePhone: +33 (0)5 xx xx xx xx\n"
11755
"title: System Administrator\n"
11756
"postalAddress: \n"
11757
"initials: JD\n"
11758
"\n"
11759
"dn: cn=example,ou=groups,dc=example,dc=com\n"
11760
"objectClass: posixGroup\n"
11761
"cn: example\n"
11762
"gidNumber: 10000\n"
11763
msgstr ""
11764
11765
#: serverguide/C/network-auth.xml:406(para)
11766
msgid ""
11767
"In this example the directory structure, a user, and a group have been "
11768
"setup. In other examples you might see the <emphasis>objectClass: "
11769
"top</emphasis> added in every entry, but that is the default behaviour so "
11770
"you do not have to add it explicitly."
11771
msgstr ""
11772
11773
#: serverguide/C/network-auth.xml:413(para)
11774
msgid ""
11775
"To add the entries to the LDAP directory use the "
11776
"<application>ldapadd</application> utility:"
11777
msgstr ""
11778
11779
#: serverguide/C/network-auth.xml:419(command)
11780
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
11781
msgstr ""
11782
11783
#: serverguide/C/network-auth.xml:422(para)
11784
msgid ""
11785
"We can check that the content has been correctly added with the tools from "
11786
"the <application>ldap-utils</application> package. In order to execute a "
11787
"search of the LDAP directory:"
11788
msgstr ""
11789
11790
#: serverguide/C/network-auth.xml:429(command)
11791
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
11792
msgstr ""
11793
11794
#: serverguide/C/network-auth.xml:430(computeroutput)
11795
#, no-wrap
11796
msgid ""
11797
"\n"
11798
"dn: uid=john,ou=people,dc=example,dc=com\n"
11799
"cn: John Doe\n"
11800
"sn: Doe\n"
11801
"givenName: John\n"
11802
msgstr ""
11803
11804
#: serverguide/C/network-auth.xml:438(para)
11805
msgid "Just a quick explanation:"
11806
msgstr ""
11807
11808
#: serverguide/C/network-auth.xml:444(para)
11809
msgid ""
11810
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11811
"the default."
11812
msgstr ""
11813
11814
#: serverguide/C/network-auth.xml:450(para)
11815
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11816
msgstr ""
11817
11818
#: serverguide/C/network-auth.xml:459(title)
11819
msgid "LDAP replication"
11820
msgstr ""
11821
11822
#: serverguide/C/network-auth.xml:461(para)
11823
msgid ""
11824
"LDAP often quickly becomes a highly critical service to the network. "
11825
"Multiple systems will come to depend on LDAP for authentication, "
11826
"authorization, configuration, etc. It is a good idea to setup a redundant "
11827
"system through replication."
11828
msgstr ""
11829
11830
#: serverguide/C/network-auth.xml:467(para)
11831
msgid ""
11832
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11833
"Syncrepl allows the directory to be synced using either a "
11834
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11835
"push based configuration a <quote>primary</quote> server will push directory "
11836
"updates to <quote>secondary</quote> servers, while a pull based approach "
11837
"allows replication servers to sync on a time based interval."
11838
msgstr ""
11839
11840
#: serverguide/C/network-auth.xml:475(para)
11841
msgid ""
11842
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11843
"configuration. In this configuration each OpenLDAP server is configured for "
11844
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11845
msgstr ""
11846
11847
#: serverguide/C/network-auth.xml:483(para)
11848
msgid ""
11849
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11850
"database. Copy the following to a file named <filename>syncrepl_cn-"
11851
"config.ldif</filename>:"
11852
msgstr ""
11853
11854
#: serverguide/C/network-auth.xml:488(programlisting)
11855
#, no-wrap
11856
msgid ""
11857
"\n"
11858
"dn: cn=module{0},cn=config\n"
11859
"changetype: modify\n"
11860
"add: olcModuleLoad\n"
11861
"olcModuleLoad: syncprov\n"
11862
"\n"
11863
"dn: cn=config\n"
11864
"changetype: modify\n"
11865
"replace: olcServerID\n"
11866
"olcServerID: 1 ldap://ldap01.example.com\n"
11867
"olcServerID: 2 ldap://ldap02.example.com\n"
11868
"\n"
11869
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
11870
"changetype: add\n"
11871
"objectClass: olcOverlayConfig\n"
11872
"objectClass: olcSyncProvConfig\n"
11873
"olcOverlay: syncprov\n"
11874
"\n"
11875
"dn: olcDatabase={0}config,cn=config\n"
11876
"changetype: modify\n"
11877
"add: olcSyncRepl\n"
11878
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11879
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11880
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11881
" retry=\"5 5 300 5\" timeout=1\n"
11882
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11883
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11884
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11885
" retry=\"5 5 300 5\" timeout=1\n"
11886
"-\n"
11887
"add: olcMirrorMode\n"
11888
"olcMirrorMode: TRUE\n"
11889
msgstr ""
11890
11891
#: serverguide/C/network-auth.xml:523(para)
11892
msgid "Edit the file changing:"
11893
msgstr ""
11894
11895
#: serverguide/C/network-auth.xml:529(para)
11896
msgid ""
11897
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11898
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11899
"servers."
11900
msgstr ""
11901
11902
#: serverguide/C/network-auth.xml:534(para)
11903
msgid ""
11904
"You can have more than two LDAP servers, and when a change is made to one of "
11905
"them it will by synced to the rest. Be sure to increment the "
11906
"<emphasis>olcServerID</emphasis> for each server, and the "
11907
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11908
msgstr ""
11909
11910
#: serverguide/C/network-auth.xml:542(para)
11911
msgid ""
11912
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11913
"password."
11914
msgstr ""
11915
11916
#: serverguide/C/network-auth.xml:552(para)
11917
msgid ""
11918
"Next, add the LDIF file using the <application>ldapmodify</application> "
11919
"utility:"
11920
msgstr ""
11921
11922
#: serverguide/C/network-auth.xml:557(command)
11923
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11924
msgstr ""
11925
11926
#: serverguide/C/network-auth.xml:563(para)
11927
msgid ""
11928
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11929
"server and repeat the <application>ldapmodify</application> command above."
11930
msgstr ""
11931
11932
#: serverguide/C/network-auth.xml:571(para)
11933
msgid ""
11934
"Because a new module has been added, the <application>slapd</application> "
11935
"daemon, on all replicated servers, needs to be restarted:"
11936
msgstr ""
11937
11938
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
11939
msgid "sudo /etc/init.d/slapd restart"
11940
msgstr ""
11941
11942
#: serverguide/C/network-auth.xml:583(para)
11943
msgid ""
11944
"Now that the configuration database is synced between servers, the "
11945
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11946
"paste the following into another LDIF file named "
11947
"<filename>syncrepl_backend.ldif</filename>:"
11948
msgstr ""
11949
11950
#: serverguide/C/network-auth.xml:589(programlisting)
11951
#, no-wrap
11952
msgid ""
11953
"\n"
11954
"dn: olcDatabase={1}hdb,cn=config\n"
11955
"changetype: modify\n"
11956
"add: olcRootDN\n"
11957
"olcRootDN: cn=admin,dc=example,dc=com\n"
11958
"-\n"
11959
"add: olcSyncRepl\n"
11960
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11961
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11962
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11963
"type=refreshOnly \n"
11964
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11965
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11966
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11967
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11968
"type=refreshOnly \n"
11969
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11970
"-\n"
11971
"add: olcMirrorMode\n"
11972
"olcMirrorMode: TRUE\n"
11973
"\n"
11974
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11975
"changetype: add\n"
11976
"objectClass: olcOverlayConfig\n"
11977
"objectClass: olcSyncProvConfig\n"
11978
"olcOverlay: syncprov\n"
11979
msgstr ""
11980
11981
#: serverguide/C/network-auth.xml:616(para)
11982
msgid "Like the previous LDIF file, edit this one changing:"
11983
msgstr ""
11984
11985
#: serverguide/C/network-auth.xml:622(para)
11986
msgid ""
11987
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
11988
"searchbase."
11989
msgstr ""
11990
11991
#: serverguide/C/network-auth.xml:627(para)
11992
msgid ""
11993
"If you use a different admin user, change "
11994
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
11995
msgstr ""
11996
11997
#: serverguide/C/network-auth.xml:632(para)
11998
msgid ""
11999
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
12000
"password."
12001
msgstr ""
12002
12003
#: serverguide/C/network-auth.xml:641(para)
12004
msgid "Add the LDIF file:"
12005
msgstr ""
12006
12007
#: serverguide/C/network-auth.xml:646(command)
12008
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12009
msgstr ""
12010
12011
#: serverguide/C/network-auth.xml:649(para)
12012
msgid ""
12013
"Because the servers' configuration is already synced there is no need to "
12014
"copy this LDIF file to the other servers."
12015
msgstr ""
12016
12017
#: serverguide/C/network-auth.xml:657(para)
12018
msgid ""
12019
"The configuration and backend databases should now sycnc to the other "
12020
"servers. You can add additional servers using the "
12021
"<application>ldapmodify</application> utility as the need arises. See <xref "
12022
"linkend=\"openldap-configuration\"/> for details."
12023
msgstr ""
12024
12025
#: serverguide/C/network-auth.xml:667(programlisting)
12026
#, no-wrap
12027
msgid "127.0.0.1\tldap01.example.com ldap01"
12028
msgstr ""
12029
12030
#: serverguide/C/network-auth.xml:663(para)
12031
msgid ""
12032
"The <application>slapd</application> daemon will send log information to "
12033
"<filename>/var/log/syslog</filename> by default. So if all does "
12034
"<emphasis>not</emphasis> go well check there for errors and other "
12035
"troubleshooting information. Also, be sure that each server knows it's Fully "
12036
"Qualified Domain Name (FQDN). This is configured in "
12037
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
12038
msgstr ""
12039
12040
#: serverguide/C/network-auth.xml:674(title)
12041
msgid "Setting up ACL"
12042
msgstr ""
12043
12044
#: serverguide/C/network-auth.xml:676(para)
12045
msgid ""
12046
"Authentication requires access to the password field, that should be not "
12047
"accessible by default. Also, in order for users to change their own "
12048
"password, using <command>passwd</command> or other utilities, "
12049
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
12050
"authenticated."
12051
msgstr ""
12052
12053
#: serverguide/C/network-auth.xml:683(para)
12054
msgid ""
12055
"To view the Access Control List (ACL), use the "
12056
"<application>ldapsearch</application> utility:"
12057
msgstr ""
12058
12059
#: serverguide/C/network-auth.xml:688(command)
12060
msgid ""
12061
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
12062
"olcAccess"
12063
msgstr ""
12064
12065
#: serverguide/C/network-auth.xml:692(computeroutput)
12066
#, no-wrap
12067
msgid ""
12068
"Enter LDAP Password: \n"
12069
"dn: olcDatabase={1}hdb,cn=config\n"
12070
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
12071
"dn=\"cn=admin,dc=exampl\n"
12072
" e,dc=com\" write by anonymous auth by self write by * none\n"
12073
"olcAccess: {1}to dn.base=\"\" by * read\n"
12074
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12075
msgstr ""
12076
12077
#: serverguide/C/network-auth.xml:704(title)
12078
msgid "TLS and SSL"
12079
msgstr ""
12080
12081
#: serverguide/C/network-auth.xml:706(para)
12082
msgid ""
12083
"When authenticating to an OpenLDAP server it is best to do so using an "
12084
"encrypted session. This can be accomplished using Transport Layer Security "
12085
"(TLS) and/or Secure Sockets Layer (SSL)."
12086
msgstr ""
12087
12088
#: serverguide/C/network-auth.xml:711(para)
12089
msgid ""
12090
"The first step in the process is to obtain or create a "
12091
"<emphasis>certificate</emphasis>. See <xref linkend=\"certificates-and-"
12092
"security\"/> and <xref linkend=\"certificate-authority\"/> for details."
12093
msgstr ""
12094
12095
#: serverguide/C/network-auth.xml:716(para)
12096
msgid ""
12097
"Once you have a certificate, key, and CA cert installed, use "
12098
"<application>ldapmodify</application> to add the new configuration options:"
12099
msgstr ""
12100
12101
#: serverguide/C/network-auth.xml:727(userinput)
12102
#, no-wrap
12103
msgid ""
12104
"dn: cn=config\n"
12105
"add: olcTLSCACertificateFile\n"
12106
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
12107
"-\n"
12108
"add: olcTLSCertificateFile\n"
12109
"olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
12110
"-\n"
12111
"add: olcTLSCertificateKeyFile\n"
12112
"olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
12113
msgstr ""
12114
12115
#: serverguide/C/network-auth.xml:726(computeroutput)
12116
#, no-wrap
12117
msgid ""
12118
"Enter LDAP Password:\n"
12119
"<placeholder-1/>\n"
12120
"\n"
12121
"modifying entry \"cn=config\"\n"
12122
msgstr ""
12123
12124
#: serverguide/C/network-auth.xml:742(para)
12125
msgid ""
12126
"Adjust the <filename>server.crt</filename>, <filename>server.key</filename>, "
12127
"and <filename>cacert.pem</filename> names if yours are different. If you "
12128
"have a self-signed certificate, do <emphasis>NOT</emphasis> add the "
12129
"olcTLSCACertificateFile property, as it will cause GnuTLS to fail.."
12130
msgstr ""
12131
12132
#: serverguide/C/network-auth.xml:749(para)
12133
msgid ""
12134
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
12135
"<emphasis>SLAPD_SERVICES</emphasis> option:"
12136
msgstr ""
12137
12138
#: serverguide/C/network-auth.xml:753(programlisting)
12139
#, no-wrap
12140
msgid ""
12141
"\n"
12142
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
12143
msgstr ""
12144
12145
#: serverguide/C/network-auth.xml:757(para)
12146
msgid ""
12147
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
12148
msgstr ""
12149
12150
#: serverguide/C/network-auth.xml:762(command)
12151
msgid "sudo adduser openldap ssl-cert"
12152
msgstr ""
12153
12154
#: serverguide/C/network-auth.xml:763(command)
12155
msgid "sudo chgrp ssl-cert /etc/ssl/private/server.key"
12156
msgstr ""
12157
12158
#: serverguide/C/network-auth.xml:764(command)
12159
msgid "sudo chmod g+r /etc/ssl/private/server.key"
12160
msgstr ""
12161
12162
#: serverguide/C/network-auth.xml:768(para)
12163
msgid ""
12164
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
12165
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
12166
"adjust the commands appropriately."
12167
msgstr ""
12168
12169
#: serverguide/C/network-auth.xml:774(para)
12170
msgid "Finally, restart <application>slapd</application>:"
12171
msgstr ""
12172
12173
#: serverguide/C/network-auth.xml:782(para)
12174
msgid ""
12175
"The <application>slapd</application> daemon should now be listening for "
12176
"LDAPS connections and be able to use STARTTLS during authentication."
12177
msgstr ""
12178
12179
#: serverguide/C/network-auth.xml:788(para)
12180
msgid ""
12181
"If you run into troubles with the server not starting, check the "
12182
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
12183
"it is likely there is a configuration problem. Check that the certificate is "
12184
"signed by the authority from in the files configured, and that the ssl-cert "
12185
"group has read permissions on the private key."
12186
msgstr ""
12187
12188
#: serverguide/C/network-auth.xml:800(title)
12189
msgid "TLS Replication"
12190
msgstr ""
12191
12192
#: serverguide/C/network-auth.xml:802(para)
12193
msgid ""
12194
"If you have setup <application>Syncrepl</application> between servers, it is "
12195
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
12196
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
12197
"linkend=\"openldap-server-replication\"/>."
12198
msgstr ""
12199
12200
#: serverguide/C/network-auth.xml:808(para)
12201
msgid ""
12202
"After setting up replication, and following the instructions in <xref "
12203
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12204
"be kept in mind:"
12205
msgstr ""
12206
12207
#: serverguide/C/network-auth.xml:815(para)
12208
msgid ""
12209
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12210
"server."
12211
msgstr ""
12212
12213
#: serverguide/C/network-auth.xml:820(para)
12214
msgid ""
12215
"The path names for the <emphasis>certificate</emphasis> and "
12216
"<emphasis>key</emphasis> must be the same on all servers."
12217
msgstr ""
12218
12219
#: serverguide/C/network-auth.xml:827(para)
12220
msgid ""
12221
"So on each replicated server: install a certificate, edit "
12222
"<filename>/etc/default/slapd</filename>, and restart "
12223
"<application>slapd</application>."
12224
msgstr ""
12225
12226
#: serverguide/C/network-auth.xml:832(para)
12227
msgid ""
12228
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12229
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12230
"terminal:"
12231
msgstr ""
12232
12233
#: serverguide/C/network-auth.xml:843(userinput)
12234
#, no-wrap
12235
msgid ""
12236
"dn: olcDatabase={0}config,cn=config\n"
12237
"replace: olcSyncrepl\n"
12238
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12239
"binddn=\"cn=admin,cn\n"
12240
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12241
"type=refre\n"
12242
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12243
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12244
"binddn=\"cn=admin,cn\n"
12245
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12246
"type=refre\n"
12247
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12248
msgstr ""
12249
12250
#: serverguide/C/network-auth.xml:842(computeroutput)
12251
#, no-wrap
12252
msgid ""
12253
"Enter LDAP Password: \n"
12254
"<placeholder-1/>\n"
12255
"\n"
12256
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12257
msgstr ""
12258
12259
#: serverguide/C/network-auth.xml:856(para)
12260
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12261
msgstr ""
12262
12263
#: serverguide/C/network-auth.xml:866(userinput)
12264
#, no-wrap
12265
msgid ""
12266
"dn: olcDatabase={1}hdb,cn=config\n"
12267
"replace: olcSyncrepl\n"
12268
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12269
"binddn=\"cn=admin,dc=example,dc=\n"
12270
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12271
"type=r\n"
12272
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12273
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12274
"binddn=\"cn=admin,dc=example,dc=\n"
12275
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12276
"type=r\n"
12277
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
12278
msgstr ""
12279
12280
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
12281
#, no-wrap
12282
msgid ""
12283
"Enter LDAP Password:\n"
12284
"<placeholder-1/>\n"
12285
"\n"
12286
"modifying entry \"olcDatabase={1}hdb,cn=config\""
12287
msgstr ""
12288
12289
#: serverguide/C/network-auth.xml:878(para)
12290
msgid ""
12291
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12292
"(FQDN) in the certificate, you may have to edit "
12293
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12294
msgstr ""
12295
12296
#: serverguide/C/network-auth.xml:883(programlisting)
12297
#, no-wrap
12298
msgid ""
12299
"\n"
12300
"TLS_CERT /etc/ssl/certs/server.crt\n"
12301
"TLS_KEY /etc/ssl/private/server.key\n"
12302
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12303
msgstr ""
12304
12305
#: serverguide/C/network-auth.xml:890(para)
12306
msgid ""
12307
"Finally, restart <application>slapd</application> on each of the servers:"
12308
msgstr ""
12309
12310
#: serverguide/C/network-auth.xml:903(title)
12311
msgid "LDAP Authentication"
12312
msgstr ""
12313
12314
#: serverguide/C/network-auth.xml:905(para)
12315
msgid ""
12316
"Once you have a working LDAP server, the <application>auth-client-"
12317
"config</application> and <application>libnss-ldap</application> packages "
12318
"take the pain out of configuring an Ubuntu client to authenticate using "
12319
"LDAP. To install the packages from, a terminal prompt enter:"
12320
msgstr ""
12321
12322
#: serverguide/C/network-auth.xml:912(command)
12323
msgid "sudo apt-get install libnss-ldap"
12324
msgstr ""
12325
12326
#: serverguide/C/network-auth.xml:915(para)
12327
msgid ""
12328
"During the install a menu dialog will ask you connection details about your "
12329
"LDAP server."
12330
msgstr ""
12331
12332
#: serverguide/C/network-auth.xml:919(para)
12333
msgid ""
12334
"If you make a mistake when entering your information you can execute the "
12335
"dialog again using:"
12336
msgstr ""
12337
12338
#: serverguide/C/network-auth.xml:924(command)
12339
msgid "sudo dpkg-reconfigure ldap-auth-config"
12340
msgstr ""
12341
12342
#: serverguide/C/network-auth.xml:927(para)
12343
msgid ""
12344
"The results of the dialog can be seen in "
12345
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
12346
"covered in the menu edit this file accordingly."
12347
msgstr ""
12348
12349
#: serverguide/C/network-auth.xml:932(para)
12350
msgid ""
12351
"Now that <application>libnss-ldap</application> is configured enable the "
12352
"<application>auth-client-config</application> LDAP profile by entering:"
12353
msgstr ""
12354
12355
#: serverguide/C/network-auth.xml:938(command)
12356
msgid "sudo auth-client-config -t nss -p lac_ldap"
12357
msgstr ""
12358
12359
#: serverguide/C/network-auth.xml:943(para)
12360
msgid ""
12361
"<emphasis>-t:</emphasis> only modifies "
12362
"<filename>/etc/nsswitch.conf</filename>."
12363
msgstr ""
12364
12365
#: serverguide/C/network-auth.xml:948(para)
12366
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
12367
msgstr ""
12368
12369
#: serverguide/C/network-auth.xml:953(para)
12370
msgid ""
12371
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
12372
"config</application> profile that is part of the <application>ldap-auth-"
12373
"config</application> package."
12374
msgstr ""
12375
12376
#: serverguide/C/network-auth.xml:960(para)
12377
msgid ""
12378
"Using the <application>pam-auth-update</application> utility, configure the "
12379
"system to use LDAP for authentication:"
12380
msgstr ""
12381
12382
#: serverguide/C/network-auth.xml:965(command)
12383
msgid "sudo pam-auth-update"
12384
msgstr ""
12385
12386
#: serverguide/C/network-auth.xml:968(para)
12387
msgid ""
12388
"From the <application>pam-auth-update</application> menu, choose LDAP and "
12389
"any other authentication mechanisms you need."
12390
msgstr ""
12391
12392
#: serverguide/C/network-auth.xml:972(para)
12393
msgid ""
12394
"You should now be able to login using user credentials stored in the LDAP "
12395
"directory."
12396
msgstr ""
12397
12398
#: serverguide/C/network-auth.xml:977(para)
12399
msgid ""
12400
"If you are going to use LDAP to store Samba users you will need to configure "
12401
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
12402
"for details."
12403
msgstr ""
12404
12405
#: serverguide/C/network-auth.xml:985(title)
12406
msgid "User and Group Management"
12407
msgstr ""
12408
12409
#: serverguide/C/network-auth.xml:987(para)
12410
msgid ""
12411
"The <application>ldap-utils</application> package comes with multiple "
12412
"utilities to manage the directory, but the long string of options needed, "
12413
"can make them a burden to use. The <application>ldapscripts</application> "
12414
"package contains configurable scripts to easily manage LDAP users and groups."
12415
msgstr ""
12416
12417
#: serverguide/C/network-auth.xml:993(para)
12418
msgid "To install the package, from a terminal enter:"
12419
msgstr ""
12420
12421
#: serverguide/C/network-auth.xml:998(command)
12422
msgid "sudo apt-get install ldapscripts"
12423
msgstr ""
12424
12425
#: serverguide/C/network-auth.xml:1001(para)
12426
msgid ""
12427
"Next, edit the config file "
12428
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
12429
"changing the following to match your environment:"
12430
msgstr ""
12431
12432
#: serverguide/C/network-auth.xml:1006(programlisting)
12433
#, no-wrap
12434
msgid ""
12435
"\n"
12436
"SERVER=localhost\n"
12437
"BINDDN='cn=admin,dc=example,dc=com'\n"
12438
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
12439
"SUFFIX='dc=example,dc=com'\n"
12440
"GSUFFIX='ou=Groups'\n"
12441
"USUFFIX='ou=People'\n"
12442
"MSUFFIX='ou=Computers'\n"
12443
"GIDSTART=10000\n"
12444
"UIDSTART=10000\n"
12445
"MIDSTART=10000\n"
12446
msgstr ""
12447
12448
#: serverguide/C/network-auth.xml:1019(para)
12449
msgid ""
12450
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
12451
"authenticated access to the directory:"
12452
msgstr ""
12453
12454
#: serverguide/C/network-auth.xml:1024(command)
12455
msgid ""
12456
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
12457
msgstr ""
12458
12459
#: serverguide/C/network-auth.xml:1025(command)
12460
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
12461
msgstr ""
12462
12463
#: serverguide/C/network-auth.xml:1029(para)
12464
msgid ""
12465
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
12466
"user."
12467
msgstr ""
12468
12469
#: serverguide/C/network-auth.xml:1034(para)
12470
msgid ""
12471
"The <application>ldapscripts</application> are now ready to help manage your "
12472
"directory. The following are some examples of how to use the scripts:"
12473
msgstr ""
12474
12475
#: serverguide/C/network-auth.xml:1041(para)
12476
msgid "Create a new user:"
12477
msgstr ""
12478
12479
#: serverguide/C/network-auth.xml:1045(command)
12480
msgid "sudo ldapadduser george example"
12481
msgstr ""
12482
12483
#: serverguide/C/network-auth.xml:1047(para)
12484
msgid ""
12485
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
12486
"and set the user's primary group (gid) to <emphasis "
12487
"role=\"italic\">example</emphasis>"
12488
msgstr ""
12489
12490
#: serverguide/C/network-auth.xml:1053(para)
12491
msgid "Change a user's password:"
12492
msgstr ""
12493
12494
#: serverguide/C/network-auth.xml:1057(command)
12495
msgid "sudo ldapsetpasswd george"
12496
msgstr ""
12497
12498
#: serverguide/C/network-auth.xml:1058(computeroutput)
12499
#, no-wrap
12500
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
12501
msgstr ""
12502
12503
#: serverguide/C/network-auth.xml:1059(userinput)
12504
#, no-wrap
12505
msgid "New Password: "
12506
msgstr ""
12507
12508
#: serverguide/C/network-auth.xml:1060(userinput)
12509
#, no-wrap
12510
msgid "New Password (verify): "
12511
msgstr ""
12512
12513
#: serverguide/C/network-auth.xml:1064(para)
12514
msgid "Delete a user:"
12515
msgstr ""
12516
12517
#: serverguide/C/network-auth.xml:1068(command)
12518
msgid "sudo ldapdeleteuser george"
12519
msgstr ""
12520
12521
#: serverguide/C/network-auth.xml:1073(para)
12522
msgid "Add a group:"
12523
msgstr ""
12524
12525
#: serverguide/C/network-auth.xml:1077(command)
12526
msgid "sudo ldapaddgroup qa"
12527
msgstr ""
12528
12529
#: serverguide/C/network-auth.xml:1081(para)
12530
msgid "Delete a group:"
12531
msgstr ""
12532
12533
#: serverguide/C/network-auth.xml:1085(command)
12534
msgid "sudo ldapdeletegroup qa"
12535
msgstr ""
12536
12537
#: serverguide/C/network-auth.xml:1089(para)
12538
msgid "Add a user to a group:"
12539
msgstr ""
12540
12541
#: serverguide/C/network-auth.xml:1093(command)
12542
msgid "sudo ldapaddusertogroup george qa"
12543
msgstr ""
12544
12545
#: serverguide/C/network-auth.xml:1095(para)
12546
msgid ""
12547
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
12548
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
12549
"role=\"italic\">george</emphasis>."
12550
msgstr ""
12551
12552
#: serverguide/C/network-auth.xml:1101(para)
12553
msgid "Remove a user from a group:"
12554
msgstr ""
12555
12556
#: serverguide/C/network-auth.xml:1105(command)
12557
msgid "sudo ldapdeleteuserfromgroup george qa"
12558
msgstr ""
12559
12560
#: serverguide/C/network-auth.xml:1107(para)
12561
msgid ""
12562
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
12563
"<emphasis role=\"italic\">qa</emphasis> group."
12564
msgstr ""
12565
12566
#: serverguide/C/network-auth.xml:1113(para)
12567
msgid ""
12568
"The <application>ldapmodifyuser</application> script allows you to add, "
12569
"remove, or replace a user's attributes. The script uses the same syntax as "
12570
"the <application>ldapmodify</application> utility. For example:"
12571
msgstr ""
12572
12573
#: serverguide/C/network-auth.xml:1118(command)
12574
msgid "sudo ldapmodifyuser george"
12575
msgstr ""
12576
12577
#: serverguide/C/network-auth.xml:1119(computeroutput)
12578
#, no-wrap
12579
msgid ""
12580
"# About to modify the following entry :\n"
12581
"dn: uid=george,ou=People,dc=example,dc=com\n"
12582
"objectClass: account\n"
12583
"objectClass: posixAccount\n"
12584
"cn: george\n"
12585
"uid: george\n"
12586
"uidNumber: 1001\n"
12587
"gidNumber: 1001\n"
12588
"homeDirectory: /home/george\n"
12589
"loginShell: /bin/bash\n"
12590
"gecos: george\n"
12591
"description: User account\n"
12592
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
12593
"\n"
12594
"# Enter your modifications here, end with CTRL-D.\n"
12595
"dn: uid=george,ou=People,dc=example,dc=com"
12596
msgstr ""
12597
12598
#: serverguide/C/network-auth.xml:1135(userinput)
12599
#, no-wrap
12600
msgid ""
12601
"replace: gecos\n"
12602
"gecos: George Carlin"
12603
msgstr ""
12604
12605
#: serverguide/C/network-auth.xml:1138(para)
12606
msgid ""
12607
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
12608
"Carlin</quote>."
12609
msgstr ""
12610
12611
#: serverguide/C/network-auth.xml:1143(para)
12612
msgid ""
12613
"Another great feature of <application>ldapscripts</application>, is the "
12614
"template system. Templates allow you to customize the attributes of user, "
12615
"group, and machine objectes. For example, to enable the "
12616
"<emphasis>user</emphasis> template edit "
12617
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
12618
msgstr ""
12619
12620
#: serverguide/C/network-auth.xml:1150(programlisting)
12621
#, no-wrap
12622
msgid ""
12623
"\n"
12624
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
12625
msgstr ""
12626
12627
#: serverguide/C/network-auth.xml:1154(para)
12628
msgid ""
12629
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
12630
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
12631
"<filename>ldapadduser.template.sample</filename> file to "
12632
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
12633
msgstr ""
12634
12635
#: serverguide/C/network-auth.xml:1161(command)
12636
msgid ""
12637
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
12638
"/etc/ldapscripts/ldapadduser.template"
12639
msgstr ""
12640
12641
#: serverguide/C/network-auth.xml:1164(para)
12642
msgid ""
12643
"Edit the new template to add the desired attributes. The following will "
12644
"create new user's as with an <emphasis>objectClass</emphasis> of "
12645
"<emphasis>inetOrgPerson</emphasis>:"
12646
msgstr ""
12647
12648
#: serverguide/C/network-auth.xml:1169(programlisting)
12649
#, no-wrap
12650
msgid ""
12651
"\n"
12652
"dn: uid=<user>,<usuffix>,<suffix>\n"
12653
"objectClass: inetOrgPerson\n"
12654
"objectClass: posixAccount\n"
12655
"cn: <user>\n"
12656
"sn: <ask>\n"
12657
"uid: <user>\n"
12658
"uidNumber: <uid>\n"
12659
"gidNumber: <gid>\n"
12660
"homeDirectory: <home>\n"
12661
"loginShell: <shell>\n"
12662
"gecos: <user>\n"
12663
"description: User account\n"
12664
"title: Employee\n"
12665
msgstr ""
12666
12667
#: serverguide/C/network-auth.xml:1185(para)
12668
msgid ""
12669
"Notice the <emphasis><ask></emphasis> option used for the "
12670
"<emphasis>cn</emphasis> value. Using <ask> will configure "
12671
"<application>ldapadduser</application> to prompt you for the attribute value "
12672
"during user creation."
12673
msgstr ""
12674
12675
#: serverguide/C/network-auth.xml:1193(para)
12676
msgid ""
12677
"There are more useful scripts in the package, to see a full list enter: "
12678
"<command>dpkg -L ldapscripts | grep bin</command>"
12679
msgstr ""
12680
12681
#: serverguide/C/network-auth.xml:1202(para)
12682
msgid ""
12683
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
12684
"Home Page</ulink>"
12685
msgstr ""
12686
12687
#: serverguide/C/network-auth.xml:1207(para)
12688
msgid ""
12689
"Though starting to show it's age, a great source for in depth LDAP "
12690
"information is O'Reilly's <ulink "
12691
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
12692
"Administration</ulink>"
12693
msgstr ""
12694
12695
#: serverguide/C/network-auth.xml:1213(para)
12696
msgid ""
12697
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
12698
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
12699
"newer versions of OpenLDAP."
12700
msgstr ""
12701
12702
#: serverguide/C/network-auth.xml:1219(para)
12703
msgid ""
12704
"For more information on <application>auth-client-config</application> see "
12705
"the man page: <command>man auth-client-config</command>."
12706
msgstr ""
12707
12708
#: serverguide/C/network-auth.xml:1224(para)
12709
msgid ""
12710
"For more details regarding the <application>ldapscripts</application> "
12711
"package see the man pages: <command>man ldapscripts</command>, <command>man "
12712
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
12713
msgstr ""
12714
12715
#: serverguide/C/network-auth.xml:1234(title)
12716
msgid "Samba and LDAP"
12717
msgstr ""
12718
12719
#: serverguide/C/network-auth.xml:1236(para)
12720
msgid ""
12721
"This section covers configuring Samba to use LDAP for user, group, and "
12722
"machine account information and authentication. The assumption is, you "
12723
"already have a working OpenLDAP directory installed and the server is "
12724
"configured to use it for authentication. See <xref linkend=\"openldap-"
12725
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
12726
"setting up OpenLDAP. For more information on installing and configuring "
12727
"Samba see <xref linkend=\"windows-networking\"/>."
12728
msgstr ""
12729
12730
#: serverguide/C/network-auth.xml:1246(para)
12731
msgid ""
12732
"There are three packages needed when integrating Samba with LDAP. "
12733
"<application>samba</application>, <application>samba-doc</application>, and "
12734
"<application>smbldap-tools</application> packages . To install the packages, "
12735
"from a terminal enter:"
12736
msgstr ""
12737
12738
#: serverguide/C/network-auth.xml:1252(command)
12739
msgid "sudo apt-get install samba samba-doc smbldap-tools"
12740
msgstr ""
12741
12742
#: serverguide/C/network-auth.xml:1255(para)
12743
msgid ""
12744
"Strictly speaking the <application>smbldap-tools</application> package isn't "
12745
"needed, but unless you have another package or custom scripts, a method of "
12746
"managing users, groups, and computer accounts is needed."
12747
msgstr ""
12748
12749
#: serverguide/C/network-auth.xml:1262(title)
12750
msgid "OpenLDAP Configuration"
12751
msgstr ""
12752
12753
#: serverguide/C/network-auth.xml:1264(para)
12754
msgid ""
12755
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
12756
"the user objects in the directory will need additional attributes. This "
12757
"section assumes you want Samba to be configured as a Windows NT domain "
12758
"controller, and will add the necessary LDAP objects and attributes."
12759
msgstr ""
12760
12761
#: serverguide/C/network-auth.xml:1272(para)
12762
msgid ""
12763
"The Samba attributes are defined in the <filename>samba.schema</filename> "
12764
"file which is part of the <application>samba-doc</application> package. The "
12765
"schema file needs to be unzipped and copied to "
12766
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
12767
msgstr ""
12768
12769
#: serverguide/C/network-auth.xml:1279(command)
12770
msgid ""
12771
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
12772
"/etc/ldap/schema/"
12773
msgstr ""
12774
12775
#: serverguide/C/network-auth.xml:1280(command)
12776
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
12777
msgstr ""
12778
12779
#: serverguide/C/network-auth.xml:1286(para)
12780
msgid ""
12781
"The <emphasis>samba</emphasis> schema needs to be added to the "
12782
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
12783
"<application>slapd</application> is also detailed in <xref "
12784
"linkend=\"openldap-configuration\"/>."
12785
msgstr ""
12786
12787
#: serverguide/C/network-auth.xml:1294(para) serverguide/C/network-auth.xml:2318(para)
12788
msgid ""
12789
"First, create a configuration file named "
12790
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
12791
"containing the following lines:"
12792
msgstr ""
12793
12794
#: serverguide/C/network-auth.xml:1299(programlisting)
12795
#, no-wrap
12796
msgid ""
12797
"\n"
12798
"include /etc/ldap/schema/core.schema\n"
12799
"include /etc/ldap/schema/collective.schema\n"
12800
"include /etc/ldap/schema/corba.schema\n"
12801
"include /etc/ldap/schema/cosine.schema\n"
12802
"include /etc/ldap/schema/duaconf.schema\n"
12803
"include /etc/ldap/schema/dyngroup.schema\n"
12804
"include /etc/ldap/schema/inetorgperson.schema\n"
12805
"include /etc/ldap/schema/java.schema\n"
12806
"include /etc/ldap/schema/misc.schema\n"
12807
"include /etc/ldap/schema/nis.schema\n"
12808
"include /etc/ldap/schema/openldap.schema\n"
12809
"include /etc/ldap/schema/ppolicy.schema\n"
12810
"include /etc/ldap/schema/samba.schema\n"
12811
msgstr ""
12812
12813
#: serverguide/C/network-auth.xml:1329(para) serverguide/C/network-auth.xml:2353(para)
12814
msgid ""
12815
"Now use <application>slapcat</application> to convert the schema files:"
12816
msgstr ""
12817
12818
#: serverguide/C/network-auth.xml:1334(command)
12819
msgid ""
12820
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
12821
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
12822
msgstr ""
12823
12824
#: serverguide/C/network-auth.xml:1337(para) serverguide/C/network-auth.xml:2361(para)
12825
msgid ""
12826
"Change the above file and path names to match your own if they are different."
12827
msgstr ""
12828
12829
#: serverguide/C/network-auth.xml:1344(para)
12830
msgid ""
12831
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
12832
"the following attributes:"
12833
msgstr ""
12834
12835
#: serverguide/C/network-auth.xml:1348(programlisting)
12836
#, no-wrap
12837
msgid ""
12838
"\n"
12839
"dn: cn=samba,cn=schema,cn=config\n"
12840
"...\n"
12841
"cn: samba\n"
12842
msgstr ""
12843
12844
#: serverguide/C/network-auth.xml:1358(programlisting)
12845
#, no-wrap
12846
msgid ""
12847
"\n"
12848
"structuralObjectClass: olcSchemaConfig\n"
12849
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
12850
"creatorsName: cn=config\n"
12851
"createTimestamp: 20080827045234Z\n"
12852
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
12853
"modifiersName: cn=config\n"
12854
"modifyTimestamp: 20080827045234Z\n"
12855
msgstr ""
12856
12857
#: serverguide/C/network-auth.xml:1383(command)
12858
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
12859
msgstr ""
12860
12861
#: serverguide/C/network-auth.xml:1389(para)
12862
msgid ""
12863
"There should now be a <emphasis>dn: "
12864
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
12865
"sequential schema, entry in the cn=config tree."
12866
msgstr ""
12867
12868
#: serverguide/C/network-auth.xml:1397(para)
12869
msgid ""
12870
"Copy and paste the following into a file named "
12871
"<filename>samba_indexes.ldif</filename>:"
12872
msgstr ""
12873
12874
#: serverguide/C/network-auth.xml:1401(programlisting)
12875
#, no-wrap
12876
msgid ""
12877
"\n"
12878
"dn: olcDatabase={1}hdb,cn=config\n"
12879
"changetype: modify\n"
12880
"add: olcDbIndex\n"
12881
"olcDbIndex: uidNumber eq\n"
12882
"olcDbIndex: gidNumber eq\n"
12883
"olcDbIndex: loginShell eq\n"
12884
"olcDbIndex: uid eq,pres,sub\n"
12885
"olcDbIndex: memberUid eq,pres,sub\n"
12886
"olcDbIndex: uniqueMember eq,pres\n"
12887
"olcDbIndex: sambaSID eq\n"
12888
"olcDbIndex: sambaPrimaryGroupSID eq\n"
12889
"olcDbIndex: sambaGroupType eq\n"
12890
"olcDbIndex: sambaSIDList eq\n"
12891
"olcDbIndex: sambaDomainName eq\n"
12892
"olcDbIndex: default sub\n"
12893
msgstr ""
12894
12895
#: serverguide/C/network-auth.xml:1419(para)
12896
msgid ""
12897
"Using the <application>ldapmodify</application> utility load the new indexes:"
12898
msgstr ""
12899
12900
#: serverguide/C/network-auth.xml:1424(command)
12901
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
12902
msgstr ""
12903
12904
#: serverguide/C/network-auth.xml:1426(para)
12905
msgid ""
12906
"If all went well you should see the new indexes using "
12907
"<application>ldapsearch</application>:"
12908
msgstr ""
12909
12910
#: serverguide/C/network-auth.xml:1431(command)
12911
msgid ""
12912
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
12913
msgstr ""
12914
12915
#: serverguide/C/network-auth.xml:1437(para)
12916
msgid ""
12917
"Next, configure the <application>smbldap-tools</application> package to "
12918
"match your environment. The package comes with a configuration script that "
12919
"will ask questions about the needed options. To run the script enter:"
12920
msgstr ""
12921
12922
#: serverguide/C/network-auth.xml:1443(command)
12923
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
12924
msgstr ""
12925
12926
#: serverguide/C/network-auth.xml:1444(command)
12927
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
12928
msgstr ""
12929
12930
#: serverguide/C/network-auth.xml:1447(para)
12931
msgid ""
12932
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
12933
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
12934
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
12935
"configure script, so if you made any mistakes while executing the script it "
12936
"may be simpler to edit the file appropriately."
12937
msgstr ""
12938
12939
#: serverguide/C/network-auth.xml:1457(para)
12940
msgid ""
12941
"The <application>smbldap-populate</application> script will add the "
12942
"necessary users, groups, and LDAP objects required for Samba. It is a good "
12943
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
12944
"<application>slapcat</application> before executing the command:"
12945
msgstr ""
12946
12947
#: serverguide/C/network-auth.xml:1464(command)
12948
msgid "sudo slapcat -l backup.ldif"
12949
msgstr ""
12950
12951
#: serverguide/C/network-auth.xml:1470(para)
12952
msgid ""
12953
"Once you have a current backup execute <application>smbldap-"
12954
"populate</application> by entering:"
12955
msgstr ""
12956
12957
#: serverguide/C/network-auth.xml:1475(command)
12958
msgid "sudo smbldap-populate"
12959
msgstr ""
12960
12961
#: serverguide/C/network-auth.xml:1479(para)
12962
msgid ""
12963
"You can create an LDIF file containing the new Samba objects by executing "
12964
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
12965
"look over the changes making sure everything is correct."
12966
msgstr ""
12967
12968
#: serverguide/C/network-auth.xml:1487(para)
12969
msgid ""
12970
"Your LDAP directory now has the necessary domain information to authenticate "
12971
"Samba users."
12972
msgstr ""
12973
12974
#: serverguide/C/network-auth.xml:1493(title)
12975
msgid "Samba Configuration"
12976
msgstr ""
12977
12978
#: serverguide/C/network-auth.xml:1495(para)
12979
msgid ""
12980
"There a multiple ways to configure Samba for details on some common "
12981
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
12982
"Samba to use LDAP, edit the main Samba configuration file "
12983
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
12984
"backend</emphasis> option and adding the following:"
12985
msgstr ""
12986
12987
#: serverguide/C/network-auth.xml:1501(programlisting)
12988
#, no-wrap
12989
msgid ""
12990
"\n"
12991
"# passdb backend = tdbsam\n"
12992
"\n"
12993
"# LDAP Settings\n"
12994
" passdb backend = ldapsam:ldap://hostname\n"
12995
" ldap suffix = dc=example,dc=com\n"
12996
" ldap user suffix = ou=People\n"
12997
" ldap group suffix = ou=Groups\n"
12998
" ldap machine suffix = ou=Computers\n"
12999
" ldap idmap suffix = ou=Idmap\n"
13000
" ldap admin dn = cn=admin,dc=example,dc=com\n"
13001
" ldap ssl = start tls\n"
13002
" ldap passwd sync = yes\n"
13003
"...\n"
13004
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
13005
msgstr ""
13006
13007
#: serverguide/C/network-auth.xml:1518(para)
13008
msgid "Restart <application>samba</application> to enable the new settings:"
13009
msgstr ""
13010
13011
#: serverguide/C/network-auth.xml:1526(para)
13012
msgid ""
13013
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
13014
"enter:"
13015
msgstr ""
13016
13017
#: serverguide/C/network-auth.xml:1531(command)
13018
msgid "sudo smbpasswd -w secret"
13019
msgstr ""
13020
13021
#: serverguide/C/network-auth.xml:1535(para)
13022
msgid ""
13023
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
13024
"password."
13025
msgstr ""
13026
13027
#: serverguide/C/network-auth.xml:1540(para)
13028
msgid ""
13029
"If you currently have users in LDAP, and you want them to authenticate using "
13030
"Samba, they will need some Samba attributes defined in the "
13031
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
13032
"users using the <application>smbpasswd</application> utility, replacing "
13033
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
13034
msgstr ""
13035
13036
#: serverguide/C/network-auth.xml:1548(command)
13037
msgid "sudo smbpasswd -a username"
13038
msgstr ""
13039
13040
#: serverguide/C/network-auth.xml:1551(para)
13041
msgid "You will then be asked to enter the user's password."
13042
msgstr ""
13043
13044
#: serverguide/C/network-auth.xml:1555(para)
13045
msgid ""
13046
"To add new user, group, and machine accounts use the utilities from the "
13047
"<application>smbldap-tools</application> package. Here are some examples:"
13048
msgstr ""
13049
13050
#: serverguide/C/network-auth.xml:1562(para)
13051
msgid ""
13052
"To add a new user to LDAP with Samba attributes enter the following, "
13053
"replacing username with an actual username:"
13054
msgstr ""
13055
13056
#: serverguide/C/network-auth.xml:1566(command)
13057
msgid "sudo smbldap-useradd -a -P username"
13058
msgstr ""
13059
13060
#: serverguide/C/network-auth.xml:1568(para)
13061
msgid ""
13062
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
13063
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
13064
"passwd</application> utility after the user is created allowing you to enter "
13065
"a password for the user."
13066
msgstr ""
13067
13068
#: serverguide/C/network-auth.xml:1574(para)
13069
msgid "To remove a user from the directory enter:"
13070
msgstr ""
13071
13072
#: serverguide/C/network-auth.xml:1578(command)
13073
msgid "sudo smbldap-userdel username"
13074
msgstr ""
13075
13076
#: serverguide/C/network-auth.xml:1580(para)
13077
msgid ""
13078
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
13079
"r</emphasis> option to remove the user's home directory."
13080
msgstr ""
13081
13082
#: serverguide/C/network-auth.xml:1585(para)
13083
msgid ""
13084
"Use <application>smbldap-groupadd</application> to add a group, replacing "
13085
"groupname with an appropriate group:"
13086
msgstr ""
13087
13088
#: serverguide/C/network-auth.xml:1589(command)
13089
msgid "sudo smbldap-groupadd -a groupname"
13090
msgstr ""
13091
13092
#: serverguide/C/network-auth.xml:1591(para)
13093
msgid ""
13094
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
13095
"a</emphasis> adds the Samba attributes."
13096
msgstr ""
13097
13098
#: serverguide/C/network-auth.xml:1596(para)
13099
msgid ""
13100
"To add a user to a group use <application>smbldap-groupmod</application>:"
13101
msgstr ""
13102
13103
#: serverguide/C/network-auth.xml:1600(command)
13104
msgid "sudo smbldap-groupmod -m username groupname"
13105
msgstr ""
13106
13107
#: serverguide/C/network-auth.xml:1602(para)
13108
msgid ""
13109
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
13110
"<emphasis>-m</emphasis> option can add more than one user at a time by "
13111
"listing them in <emphasis>comma separated</emphasis> format."
13112
msgstr ""
13113
13114
#: serverguide/C/network-auth.xml:1608(para)
13115
msgid ""
13116
"<application>smbldap-groupmod</application> can also be used to remove a "
13117
"user from a group:"
13118
msgstr ""
13119
13120
#: serverguide/C/network-auth.xml:1612(command)
13121
msgid "sudo smbldap-groupmod -x username groupname"
13122
msgstr ""
13123
13124
#: serverguide/C/network-auth.xml:1616(para)
13125
msgid ""
13126
"Additionally, the <application>smbldap-useradd</application> utility can add "
13127
"Samba machine accounts:"
13128
msgstr ""
13129
13130
#: serverguide/C/network-auth.xml:1620(command)
13131
msgid "sudo smbldap-useradd -t 0 -w username"
13132
msgstr ""
13133
13134
#: serverguide/C/network-auth.xml:1622(para)
13135
msgid ""
13136
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
13137
"<emphasis>-t 0</emphasis> option creates the machine account without a "
13138
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
13139
"machine account. Also, note the <emphasis>add machine script</emphasis> "
13140
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
13141
"<application>smbldap-useradd</application>."
13142
msgstr ""
13143
13144
#: serverguide/C/network-auth.xml:1631(para)
13145
msgid ""
13146
"There are more useful utilities and options in the <application>smbldap-"
13147
"tools</application> package. The man page for each utility provides more "
13148
"details."
13149
msgstr ""
13150
13151
#: serverguide/C/network-auth.xml:1642(para)
13152
msgid ""
13153
"There are multiple places where LDAP and Samba is documented in the <ulink "
13154
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
13155
"Collection</ulink>."
13156
msgstr ""
13157
13158
#: serverguide/C/network-auth.xml:1648(para)
13159
msgid ""
13160
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
13161
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
13162
msgstr ""
13163
13164
#: serverguide/C/network-auth.xml:1654(para)
13165
msgid ""
13166
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
13167
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
13168
msgstr ""
13169
13170
#: serverguide/C/network-auth.xml:1660(para)
13171
msgid ""
13172
"Again, for more information on <application>smbldap-tools</application> see "
13173
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
13174
"groupadd</command>, <command>man smbldap-populate</command>, etc."
13175
msgstr ""
13176
13177
#: serverguide/C/network-auth.xml:1670(title)
13178
msgid "Kerberos"
13179
msgstr ""
13180
13181
#: serverguide/C/network-auth.xml:1672(para)
13182
msgid ""
13183
"<application>Kerberos</application> is a network authentication system based "
13184
"on the principal of a trusted third party. The other two parties being the "
13185
"user and the service the user wishes to authenticate to. Not all services "
13186
"and applications can use Kerberos, but for those that can, it brings the "
13187
"network environment one step closer to being Single Sign On (SSO)."
13188
msgstr ""
13189
13190
#: serverguide/C/network-auth.xml:1678(para)
13191
msgid ""
13192
"This section covers installation and configuration of a Kerberos server, and "
13193
"some example client configurations."
13194
msgstr ""
13195
13196
#: serverguide/C/network-auth.xml:1685(para)
13197
msgid ""
13198
"If you are new to Kerberos there are a few terms that are good to understand "
13199
"before setting up a Kerberos server. Most of the terms will relate to things "
13200
"you may be familiar with in other environments:"
13201
msgstr ""
13202
13203
#: serverguide/C/network-auth.xml:1692(para)
13204
msgid ""
13205
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
13206
"by servers need to be defined as Kerberos Principals."
13207
msgstr ""
13208
13209
#: serverguide/C/network-auth.xml:1697(para)
13210
msgid ""
13211
"<emphasis>Instances:</emphasis> are used for service principals and special "
13212
"administrative principals."
13213
msgstr ""
13214
13215
#: serverguide/C/network-auth.xml:1702(para)
13216
msgid ""
13217
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
13218
"Kerberos installation. Usually the DNS domain converted to uppercase "
13219
"(EXAMPLE.COM)."
13220
msgstr ""
13221
13222
#: serverguide/C/network-auth.xml:1708(para)
13223
msgid ""
13224
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
13225
"a database of all principals, the authentication server, and the ticket "
13226
"granting server. For each realm there must be at least one KDC."
13227
msgstr ""
13228
13229
#: serverguide/C/network-auth.xml:1714(para)
13230
msgid ""
13231
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
13232
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
13233
"password which is known only to the user and the KDC."
13234
msgstr ""
13235
13236
#: serverguide/C/network-auth.xml:1720(para)
13237
msgid ""
13238
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
13239
"clients upon request."
13240
msgstr ""
13241
13242
#: serverguide/C/network-auth.xml:1725(para)
13243
msgid ""
13244
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
13245
"One principal being a user and the other a service requested by the user. "
13246
"Tickets establish an encryption key used for secure communication during the "
13247
"authenticated session."
13248
msgstr ""
13249
13250
#: serverguide/C/network-auth.xml:1731(para)
13251
msgid ""
13252
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
13253
"principal database and contain the encryption key for a service or host."
13254
msgstr ""
13255
13256
#: serverguide/C/network-auth.xml:1738(para)
13257
msgid ""
13258
"To put the pieces together, a Realm has at least one KDC, preferably two for "
13259
"redundancy, which contains a database of Principals. When a user principal "
13260
"logs into a workstation, configured for Kerberos authentication, the KDC "
13261
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
13262
"match, the user is authenticated and can then request tickets for Kerberized "
13263
"services from the Ticket Granting Server (TGS). The service tickets allow "
13264
"the user to authenticate to the service without entering another username "
13265
"and password."
13266
msgstr ""
13267
13268
#: serverguide/C/network-auth.xml:1747(title)
13269
msgid "Kerberos Server"
13270
msgstr ""
13271
13272
#: serverguide/C/network-auth.xml:1751(para)
13273
msgid ""
13274
"Before installing the Kerberos server a properly configured DNS server is "
13275
"needed for your domain. Since the Kerberos Realm by convention matches the "
13276
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
13277
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
13278
msgstr ""
13279
13280
#: serverguide/C/network-auth.xml:1757(para)
13281
msgid ""
13282
"Also, Kerberos is a time sensitive protocol. So if the local system time "
13283
"between a client machine and the server differs by more than five minutes "
13284
"(by default), the workstation will not be able to authenticate. To correct "
13285
"the problem all hosts should have their time synchronized using the "
13286
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
13287
"NTP see <xref linkend=\"NTP\"/>."
13288
msgstr ""
13289
13290
#: serverguide/C/network-auth.xml:1764(para)
13291
msgid ""
13292
"The first step in installing a Kerberos Realm is to install the "
13293
"<application>krb5-kdc</application> and <application>krb5-admin-"
13294
"server</application> packages. From a terminal enter:"
13295
msgstr ""
13296
13297
#: serverguide/C/network-auth.xml:1770(command) serverguide/C/network-auth.xml:1945(command)
13298
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
13299
msgstr ""
13300
13301
#: serverguide/C/network-auth.xml:1773(para)
13302
msgid ""
13303
"You will be asked at the end of the install to supply a name for the "
13304
"Kerberos and Admin servers, which may or may not be the same server, for the "
13305
"realm."
13306
msgstr ""
13307
13308
#: serverguide/C/network-auth.xml:1778(para)
13309
msgid ""
13310
"Next, create the new realm with the <application>kdb5_newrealm</application> "
13311
"utility:"
13312
msgstr ""
13313
13314
#: serverguide/C/network-auth.xml:1783(command)
13315
msgid "sudo krb5_newrealm"
13316
msgstr ""
13317
13318
#: serverguide/C/network-auth.xml:1790(para)
13319
msgid ""
13320
"The questions asked during installation are used to configure the "
13321
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
13322
"Distribution Center (KDC) settings simply edit the file and restart the "
13323
"<application>krb5-kdc</application> daemon."
13324
msgstr ""
13325
13326
#: serverguide/C/network-auth.xml:1798(para)
13327
msgid ""
13328
"Now that the KDC running an admin user is needed. It is recommended to use a "
13329
"different username from your everyday username. Using the "
13330
"<application>kadmin.local</application> utility in a terminal prompt enter:"
13331
msgstr ""
13332
13333
#: serverguide/C/network-auth.xml:1804(command) serverguide/C/network-auth.xml:2595(command)
13334
msgid "sudo kadmin.local"
13335
msgstr ""
13336
13337
#: serverguide/C/network-auth.xml:1805(computeroutput)
13338
#, no-wrap
13339
msgid ""
13340
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
13341
"kadmin.local:"
13342
msgstr ""
13343
13344
#: serverguide/C/network-auth.xml:1806(userinput)
13345
#, no-wrap
13346
msgid " addprinc steve/admin"
13347
msgstr ""
13348
13349
#: serverguide/C/network-auth.xml:1807(computeroutput)
13350
#, no-wrap
13351
msgid ""
13352
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
13353
"policy\n"
13354
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
13355
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
13356
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
13357
"kadmin.local:"
13358
msgstr ""
13359
13360
#: serverguide/C/network-auth.xml:1811(userinput)
13361
#, no-wrap
13362
msgid " quit"
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:1814(para)
13366
msgid ""
13367
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
13368
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
13369
"is an <emphasis>Instance</emphasis>, and <emphasis "
13370
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
13371
"role=\"italic\">\"every day\"</emphasis> Principal would be "
13372
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
13373
"rights."
13374
msgstr ""
13375
13376
#: serverguide/C/network-auth.xml:1822(para)
13377
msgid ""
13378
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
13379
"your Realm and admin username."
13380
msgstr ""
13381
13382
#: serverguide/C/network-auth.xml:1830(para)
13383
msgid ""
13384
"Next, the new admin user needs to have the appropriate Access Control List "
13385
"(ACL) permissions. The permissions are configured in the "
13386
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
13387
msgstr ""
13388
13389
#: serverguide/C/network-auth.xml:1835(programlisting)
13390
#, no-wrap
13391
msgid ""
13392
"\n"
13393
"steve/admin@EXAMPLE.COM *\n"
13394
msgstr ""
13395
13396
#: serverguide/C/network-auth.xml:1839(para)
13397
msgid ""
13398
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
13399
"any operation on all principals in the realm."
13400
msgstr ""
13401
13402
#: serverguide/C/network-auth.xml:1846(para)
13403
msgid ""
13404
"Now restart the <application>krb5-admin-server</application> for the new ACL "
13405
"to take affect:"
13406
msgstr ""
13407
13408
#: serverguide/C/network-auth.xml:1851(command)
13409
msgid "sudo /etc/init.d/krb5-admin-server restart"
13410
msgstr ""
13411
13412
#: serverguide/C/network-auth.xml:1857(para)
13413
msgid ""
13414
"The new user principal can be tested using the <application>kinit "
13415
"utility</application>:"
13416
msgstr ""
13417
13418
#: serverguide/C/network-auth.xml:1862(command)
13419
msgid "kinit steve/admin"
13420
msgstr ""
13421
13422
#: serverguide/C/network-auth.xml:1863(computeroutput)
13423
#, no-wrap
13424
msgid "steve/admin@EXAMPLE.COM's Password:"
13425
msgstr ""
13426
13427
#: serverguide/C/network-auth.xml:1866(para)
13428
msgid ""
13429
"After entering the password, use the <application>klist</application> "
13430
"utility to view information about the Ticket Granting Ticket (TGT):"
13431
msgstr ""
13432
13433
#: serverguide/C/network-auth.xml:1872(command) serverguide/C/network-auth.xml:2207(command)
13434
msgid "klist"
13435
msgstr ""
13436
13437
#: serverguide/C/network-auth.xml:1873(computeroutput)
13438
#, no-wrap
13439
msgid ""
13440
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
13441
" Principal: steve/admin@EXAMPLE.COM\n"
13442
"\n"
13443
" Issued Expires Principal\n"
13444
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
13445
msgstr ""
13446
13447
#: serverguide/C/network-auth.xml:1880(para)
13448
msgid ""
13449
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
13450
"the KDC. For example:"
13451
msgstr ""
13452
13453
#: serverguide/C/network-auth.xml:1884(programlisting)
13454
#, no-wrap
13455
msgid ""
13456
"\n"
13457
"192.168.0.1 kdc01.example.com kdc01\n"
13458
msgstr ""
13459
13460
#: serverguide/C/network-auth.xml:1888(para)
13461
msgid ""
13462
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
13463
msgstr ""
13464
13465
#: serverguide/C/network-auth.xml:1895(para)
13466
msgid ""
13467
"In order for clients to determine the KDC for the Realm some DNS SRV records "
13468
"are needed. Add the following to "
13469
"<filename>/etc/named/db.example.com</filename>:"
13470
msgstr ""
13471
13472
#: serverguide/C/network-auth.xml:1900(programlisting)
13473
#, no-wrap
13474
msgid ""
13475
"\n"
13476
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
13477
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
13478
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
13479
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
13480
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
13481
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
13482
msgstr ""
13483
13484
#: serverguide/C/network-auth.xml:1910(para)
13485
msgid ""
13486
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
13487
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
13488
"KDC."
13489
msgstr ""
13490
13491
#: serverguide/C/network-auth.xml:1916(para)
13492
msgid ""
13493
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
13494
msgstr ""
13495
13496
#: serverguide/C/network-auth.xml:1923(para)
13497
msgid "Your new Kerberos Realm is now ready to authenticate clients."
13498
msgstr ""
13499
13500
#: serverguide/C/network-auth.xml:1930(title)
13501
msgid "Secondary KDC"
13502
msgstr ""
13503
13504
#: serverguide/C/network-auth.xml:1932(para)
13505
msgid ""
13506
"Once you have one Key Distribution Center (KDC) on your network, it is good "
13507
"practice to have a Secondary KDC in case the primary becomes unavailable."
13508
msgstr ""
13509
13510
#: serverguide/C/network-auth.xml:1940(para)
13511
msgid ""
13512
"First, install the packages, and when asked for the Kerberos and Admin "
13513
"server names enter the name of the Primary KDC:"
13514
msgstr ""
13515
13516
#: serverguide/C/network-auth.xml:1951(para)
13517
msgid ""
13518
"Once you have the packages installed, create the Secondary KDC's host "
13519
"principal. From a terminal prompt, enter:"
13520
msgstr ""
13521
13522
#: serverguide/C/network-auth.xml:1956(command)
13523
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
13524
msgstr ""
13525
13526
#: serverguide/C/network-auth.xml:1960(para)
13527
msgid ""
13528
"After, issuing any <application>kadmin</application> commands you will be "
13529
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
13530
"password."
13531
msgstr ""
13532
13533
#: serverguide/C/network-auth.xml:1969(para)
13534
msgid "Extract the <emphasis>keytab</emphasis> file:"
13535
msgstr ""
13536
13537
#: serverguide/C/network-auth.xml:1974(command)
13538
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
13539
msgstr ""
13540
13541
#: serverguide/C/network-auth.xml:1980(para)
13542
msgid ""
13543
"There should now be a <filename>keytab.kdc02</filename> in the current "
13544
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
13545
msgstr ""
13546
13547
#: serverguide/C/network-auth.xml:1986(command)
13548
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
13549
msgstr ""
13550
13551
#: serverguide/C/network-auth.xml:1990(para)
13552
msgid ""
13553
"If the path to the <filename>keytab.kdc02</filename> file is different "
13554
"adjust accordingly."
13555
msgstr ""
13556
13557
#: serverguide/C/network-auth.xml:1995(para)
13558
msgid ""
13559
"Also, you can list the principals in a Keytab file, which can be useful when "
13560
"troubleshooting, using the <application>klist</application> utility:"
13561
msgstr ""
13562
13563
#: serverguide/C/network-auth.xml:2001(command)
13564
msgid "sudo klist -k /etc/krb5.keytab"
13565
msgstr ""
13566
13567
#: serverguide/C/network-auth.xml:2007(para)
13568
msgid ""
13569
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
13570
"that lists all KDCs for the Realm. For example, on both primary and "
13571
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
13572
msgstr ""
13573
13574
#: serverguide/C/network-auth.xml:2012(programlisting)
13575
#, no-wrap
13576
msgid ""
13577
"\n"
13578
"host/kdc01.example.com@EXAMPLE.COM\n"
13579
"host/kdc02.example.com@EXAMPLE.COM\n"
13580
msgstr ""
13581
13582
#: serverguide/C/network-auth.xml:2020(para)
13583
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
13584
msgstr ""
13585
13586
#: serverguide/C/network-auth.xml:2025(command)
13587
msgid "sudo kdb5_util -s create"
13588
msgstr ""
13589
13590
#: serverguide/C/network-auth.xml:2031(para)
13591
msgid ""
13592
"Now start the <application>kpropd</application> daemon, which listens for "
13593
"connections from the <application>kprop</application> utility. "
13594
"<application>kprop</application> is used to transfer dump files:"
13595
msgstr ""
13596
13597
#: serverguide/C/network-auth.xml:2038(command)
13598
msgid "sudo kpropd -S"
13599
msgstr ""
13600
13601
#: serverguide/C/network-auth.xml:2044(para)
13602
msgid ""
13603
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
13604
"of the principal database:"
13605
msgstr ""
13606
13607
#: serverguide/C/network-auth.xml:2049(command)
13608
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
13609
msgstr ""
13610
13611
#: serverguide/C/network-auth.xml:2055(para)
13612
msgid ""
13613
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
13614
"<filename>/etc/krb5.keytab</filename>:"
13615
msgstr ""
13616
13617
#: serverguide/C/network-auth.xml:2060(command)
13618
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
13619
msgstr ""
13620
13621
#: serverguide/C/network-auth.xml:2061(command)
13622
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
13623
msgstr ""
13624
13625
#: serverguide/C/network-auth.xml:2065(para)
13626
msgid ""
13627
"Make sure there is a <emphasis>host</emphasis> for "
13628
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
13629
msgstr ""
13630
13631
#: serverguide/C/network-auth.xml:2073(para)
13632
msgid ""
13633
"Using the <application>kprop</application> utility push the database to the "
13634
"Secondary KDC:"
13635
msgstr ""
13636
13637
#: serverguide/C/network-auth.xml:2078(command)
13638
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
13639
msgstr ""
13640
13641
#: serverguide/C/network-auth.xml:2082(para)
13642
msgid ""
13643
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
13644
"worked. If there is an error message check "
13645
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
13646
"information."
13647
msgstr ""
13648
13649
#: serverguide/C/network-auth.xml:2088(para)
13650
msgid ""
13651
"You may also want to create a <application>cron</application> job to "
13652
"periodically update the database on the Secondary KDC. For example, the "
13653
"following will push the database every hour:"
13654
msgstr ""
13655
13656
#: serverguide/C/network-auth.xml:2093(programlisting)
13657
#, no-wrap
13658
msgid ""
13659
"\n"
13660
"# m h dom mon dow command\n"
13661
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
13662
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
13663
msgstr ""
13664
13665
#: serverguide/C/network-auth.xml:2101(para)
13666
msgid ""
13667
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
13668
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
13669
msgstr ""
13670
13671
#: serverguide/C/network-auth.xml:2107(command)
13672
msgid "sudo kdb5_util stash"
13673
msgstr ""
13674
13675
#: serverguide/C/network-auth.xml:2113(para)
13676
msgid ""
13677
"Finally, start the <application>krb5-kdc</application> daemon on the "
13678
"Secondary KDC:"
13679
msgstr ""
13680
13681
#: serverguide/C/network-auth.xml:2118(command) serverguide/C/network-auth.xml:2725(command)
13682
msgid "sudo /etc/init.d/krb5-kdc start"
13683
msgstr ""
13684
13685
#: serverguide/C/network-auth.xml:2124(para)
13686
msgid ""
13687
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
13688
"for the Realm. You can test this by stopping the <application>krb5-"
13689
"kdc</application> daemon on the Primary KDC, then use "
13690
"<application>kinit</application> to request a ticket. If all goes well you "
13691
"should receive a ticket from the Secondary KDC."
13692
msgstr ""
13693
13694
#: serverguide/C/network-auth.xml:2132(title)
13695
msgid "Kerberos Linux Client"
13696
msgstr ""
13697
13698
#: serverguide/C/network-auth.xml:2134(para)
13699
msgid ""
13700
"This section covers configuring a Linux system as a "
13701
"<application>Kerberos</application> client. This will allow access to any "
13702
"kerberized services once a user has successfully logged into the system."
13703
msgstr ""
13704
13705
#: serverguide/C/network-auth.xml:2142(para)
13706
msgid ""
13707
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
13708
"user</application> and <application>libpam-krb5</application> packages are "
13709
"needed, along with a few others that are not strictly necessary but make "
13710
"life easier. To install the packages enter the following in a terminal "
13711
"prompt:"
13712
msgstr ""
13713
13714
#: serverguide/C/network-auth.xml:2149(command)
13715
msgid ""
13716
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
13717
msgstr ""
13718
13719
#: serverguide/C/network-auth.xml:2152(para)
13720
msgid ""
13721
"The <application>auth-client-config</application> package allows simple "
13722
"configuration of PAM for authentication from multiple sources, and the "
13723
"<application>libpam-ccreds</application> will cache authentication "
13724
"credentials allowing you to login in case the Key Distribution Center (KDC) "
13725
"is unavailable. This package is also useful for laptops that may "
13726
"authenticate using Kerberos while on the corporate network, but will need to "
13727
"be accessed off the network as well."
13728
msgstr ""
13729
13730
#: serverguide/C/network-auth.xml:2163(para)
13731
msgid "To configure the client in a terminal enter:"
13732
msgstr ""
13733
13734
#: serverguide/C/network-auth.xml:2168(command)
13735
msgid "sudo dpkg-reconfigure krb5-config"
13736
msgstr ""
13737
13738
#: serverguide/C/network-auth.xml:2171(para)
13739
msgid ""
13740
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
13741
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
13742
"records, the menu will prompt you for the hostname of the Key Distribution "
13743
"Center (KDC) and Realm Administration server."
13744
msgstr ""
13745
13746
#: serverguide/C/network-auth.xml:2177(para)
13747
msgid ""
13748
"The <application>dpkg-reconfigure</application> adds entries to the "
13749
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
13750
"entries similar to the following:"
13751
msgstr ""
13752
13753
#: serverguide/C/network-auth.xml:2182(programlisting)
13754
#, no-wrap
13755
msgid ""
13756
"\n"
13757
"[libdefaults]\n"
13758
" default_realm = EXAMPLE.COM\n"
13759
"...\n"
13760
"[realms]\n"
13761
" EXAMPLE.COM = } \n"
13762
" kdc = 192.168.0.1 \n"
13763
" admin_server = 192.168.0.1\n"
13764
" }\n"
13765
msgstr ""
13766
13767
#: serverguide/C/network-auth.xml:2193(para)
13768
msgid ""
13769
"You can test the configuration by requesting a ticket using the "
13770
"<application>kinit</application> utility. For example:"
13771
msgstr ""
13772
13773
#: serverguide/C/network-auth.xml:2198(command)
13774
msgid "kinit steve@EXAMPLE.COM"
13775
msgstr ""
13776
13777
#: serverguide/C/network-auth.xml:2199(computeroutput)
13778
#, no-wrap
13779
msgid "Password for steve@EXAMPLE.COM:"
13780
msgstr ""
13781
13782
#: serverguide/C/network-auth.xml:2202(para)
13783
msgid ""
13784
"When a ticket has been granted, the details can be viewed using "
13785
"<application>klist</application>:"
13786
msgstr ""
13787
13788
#: serverguide/C/network-auth.xml:2208(computeroutput)
13789
#, no-wrap
13790
msgid ""
13791
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
13792
"Default principal: steve@EXAMPLE.COM\n"
13793
"\n"
13794
"Valid starting Expires Service principal\n"
13795
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
13796
" renew until 07/25/08 05:18:57\n"
13797
"\n"
13798
"\n"
13799
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
13800
"klist: You have no tickets cached"
13801
msgstr ""
13802
13803
#: serverguide/C/network-auth.xml:2220(para)
13804
msgid ""
13805
"Next, use the <application>auth-client-config</application> to configure the "
13806
"<application>libpam-krb5</application> module to request a ticket during "
13807
"login:"
13808
msgstr ""
13809
13810
#: serverguide/C/network-auth.xml:2226(command)
13811
msgid "sudo auth-client-config -a -p kerberos_example"
13812
msgstr ""
13813
13814
#: serverguide/C/network-auth.xml:2229(para)
13815
msgid ""
13816
"You will should now receive a ticket upon successful login authentication."
13817
msgstr ""
13818
13819
#: serverguide/C/network-auth.xml:2240(para)
13820
msgid ""
13821
"For more information on Kerberos see the <ulink "
13822
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
13823
msgstr ""
13824
13825
#: serverguide/C/network-auth.xml:2245(para)
13826
msgid ""
13827
"O'Reilly's <ulink "
13828
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
13829
"Guide</ulink> is a great reference when setting up Kerberos."
13830
msgstr ""
13831
13832
#: serverguide/C/network-auth.xml:2251(para)
13833
msgid ""
13834
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
13835
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
13836
"Kerberos questions."
13837
msgstr ""
13838
13839
#: serverguide/C/network-auth.xml:2261(title)
13840
msgid "Kerberos and LDAP"
13841
msgstr ""
13842
13843
#: serverguide/C/network-auth.xml:2263(para)
13844
msgid ""
13845
"Replicating a Kerberos principal database between two servers can be "
13846
"complicated, and adds an additional user database to your network. "
13847
"Fortunately, MIT Kerberos can be configured to use an "
13848
"<application>LDAP</application> directory as a principal database. This "
13849
"section covers configuring a primary and secondary kerberos server to use "
13850
"<application>OpenLDAP</application> for the principal database."
13851
msgstr ""
13852
13853
#: serverguide/C/network-auth.xml:2271(title)
13854
msgid "Configuring OpenLDAP"
13855
msgstr ""
13856
13857
#: serverguide/C/network-auth.xml:2273(para)
13858
msgid ""
13859
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
13860
"<application>OpenLDAP</application> server that has network connectivity to "
13861
"the Primary and Secondary KDCs. The rest of this section assumes that you "
13862
"also have LDAP replication configured between at least two servers. For "
13863
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
13864
msgstr ""
13865
13866
#: serverguide/C/network-auth.xml:2280(para)
13867
msgid ""
13868
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
13869
"that traffic between the KDC and LDAP server is encrypted. See <xref "
13870
"linkend=\"openldap-tls\"/> for details."
13871
msgstr ""
13872
13873
#: serverguide/C/network-auth.xml:2287(para)
13874
msgid ""
13875
"To load the schema into LDAP, on the LDAP server install the "
13876
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
13877
msgstr ""
13878
13879
#: serverguide/C/network-auth.xml:2293(command)
13880
msgid "sudo apt-get install krb5-kdc-ldap"
13881
msgstr ""
13882
13883
#: serverguide/C/network-auth.xml:2298(para)
13884
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
13885
msgstr ""
13886
13887
#: serverguide/C/network-auth.xml:2303(command)
13888
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
13889
msgstr ""
13890
13891
#: serverguide/C/network-auth.xml:2304(command)
13892
msgid ""
13893
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
13894
msgstr ""
13895
13896
#: serverguide/C/network-auth.xml:2310(para)
13897
msgid ""
13898
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
13899
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
13900
"<application>slapd</application> is also detailed in <xref "
13901
"linkend=\"openldap-configuration\"/>."
13902
msgstr ""
13903
13904
#: serverguide/C/network-auth.xml:2323(programlisting)
13905
#, no-wrap
13906
msgid ""
13907
"\n"
13908
"include /etc/ldap/schema/core.schema\n"
13909
"include /etc/ldap/schema/collective.schema\n"
13910
"include /etc/ldap/schema/corba.schema\n"
13911
"include /etc/ldap/schema/cosine.schema\n"
13912
"include /etc/ldap/schema/duaconf.schema\n"
13913
"include /etc/ldap/schema/dyngroup.schema\n"
13914
"include /etc/ldap/schema/inetorgperson.schema\n"
13915
"include /etc/ldap/schema/java.schema\n"
13916
"include /etc/ldap/schema/misc.schema\n"
13917
"include /etc/ldap/schema/nis.schema\n"
13918
"include /etc/ldap/schema/openldap.schema\n"
13919
"include /etc/ldap/schema/ppolicy.schema\n"
13920
"include /etc/ldap/schema/kerberos.schema\n"
13921
msgstr ""
13922
13923
#: serverguide/C/network-auth.xml:2343(para)
13924
msgid "Create a temporary directory to hold the LDIF files:"
13925
msgstr ""
13926
13927
#: serverguide/C/network-auth.xml:2358(command)
13928
msgid ""
13929
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13930
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
13931
msgstr ""
13932
13933
#: serverguide/C/network-auth.xml:2368(para)
13934
msgid ""
13935
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
13936
"changing the following attributes:"
13937
msgstr ""
13938
13939
#: serverguide/C/network-auth.xml:2372(programlisting)
13940
#, no-wrap
13941
msgid ""
13942
"\n"
13943
"dn: cn=kerberos,cn=schema,cn=config\n"
13944
"...\n"
13945
"cn: kerberos\n"
13946
msgstr ""
13947
13948
#: serverguide/C/network-auth.xml:2378(para)
13949
msgid "And remove the following lines from the end of the file:"
13950
msgstr ""
13951
13952
#: serverguide/C/network-auth.xml:2382(programlisting)
13953
#, no-wrap
13954
msgid ""
13955
"\n"
13956
"structuralObjectClass: olcSchemaConfig\n"
13957
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
13958
"creatorsName: cn=config\n"
13959
"createTimestamp: 20090111203515Z\n"
13960
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
13961
"modifiersName: cn=config\n"
13962
"modifyTimestamp: 20090111203515Z\n"
13963
msgstr ""
13964
13965
#: serverguide/C/network-auth.xml:2401(para)
13966
msgid "Load the new schema with <application>ldapadd</application>:"
13967
msgstr ""
13968
13969
#: serverguide/C/network-auth.xml:2406(command)
13970
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
13971
msgstr ""
13972
13973
#: serverguide/C/network-auth.xml:2412(para)
13974
msgid ""
13975
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
13976
msgstr ""
13977
13978
#: serverguide/C/network-auth.xml:2419(userinput)
13979
#, no-wrap
13980
msgid ""
13981
"dn: olcDatabase={1}hdb,cn=config\n"
13982
"add: olcDbIndex\n"
13983
"olcDbIndex: krbPrincipalName eq,pres,sub"
13984
msgstr ""
13985
13986
#: serverguide/C/network-auth.xml:2429(para)
13987
msgid "Finally, update the Access Control Lists (ACL):"
13988
msgstr ""
13989
13990
#: serverguide/C/network-auth.xml:2436(userinput)
13991
#, no-wrap
13992
msgid ""
13993
"dn: olcDatabase={1}hdb,cn=config\n"
13994
"replace: olcAccess\n"
13995
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
13996
"dn=\"cn=admin,dc=exampl\n"
13997
" e,dc=com\" write by anonymous auth by self write by * none\n"
13998
"-\n"
13999
"add: olcAccess\n"
14000
"olcAccess: to dn.base=\"\" by * read\n"
14001
"-\n"
14002
"add: olcAccess\n"
14003
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
14004
msgstr ""
14005
14006
#: serverguide/C/network-auth.xml:2435(computeroutput)
14007
#, no-wrap
14008
msgid ""
14009
"Enter LDAP Password: \n"
14010
"<placeholder-1/>\n"
14011
"\n"
14012
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14013
msgstr ""
14014
14015
#: serverguide/C/network-auth.xml:2456(para)
14016
msgid ""
14017
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
14018
"database."
14019
msgstr ""
14020
14021
#: serverguide/C/network-auth.xml:2462(title)
14022
msgid "Primary KDC Configuration"
14023
msgstr ""
14024
14025
#: serverguide/C/network-auth.xml:2464(para)
14026
msgid ""
14027
"With <application>OpenLDAP</application> configured it is time to configure "
14028
"the KDC."
14029
msgstr ""
14030
14031
#: serverguide/C/network-auth.xml:2470(para)
14032
msgid "First, install the necessary packages, from a terminal enter:"
14033
msgstr ""
14034
14035
#: serverguide/C/network-auth.xml:2475(command) serverguide/C/network-auth.xml:2632(command)
14036
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
14037
msgstr ""
14038
14039
#: serverguide/C/network-auth.xml:2481(para)
14040
msgid ""
14041
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
14042
"under the appropriate sections:"
14043
msgstr ""
14044
14045
#: serverguide/C/network-auth.xml:2485(programlisting)
14046
#, no-wrap
14047
msgid ""
14048
"\n"
14049
"[libdefaults]\n"
14050
" default_realm = EXAMPLE.COM\n"
14051
"\n"
14052
"...\n"
14053
"\n"
14054
"[realms]\n"
14055
" EXAMPLE.COM = {\n"
14056
" kdc = kdc01.example.com\n"
14057
" kdc = kdc02.example.com\n"
14058
" admin_server = kdc01.example.com\n"
14059
" admin_server = kdc02.example.com\n"
14060
" default_domain = example.com\n"
14061
" database_module = openldap_ldapconf\n"
14062
" }\n"
14063
"\n"
14064
"...\n"
14065
"\n"
14066
"[domain_realm]\n"
14067
" .example.com = EXAMPLE.COM\n"
14068
"\n"
14069
"\n"
14070
"...\n"
14071
"\n"
14072
"[dbdefaults]\n"
14073
" ldap_kerberos_container_dn = dc=example,dc=com\n"
14074
"\n"
14075
"[dbmodules]\n"
14076
" openldap_ldapconf = {\n"
14077
" db_library = kldap\n"
14078
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
14079
"\n"
14080
" # this object needs to have read rights on\n"
14081
" # the realm container, principal container and realm sub-"
14082
"trees\n"
14083
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
14084
"\n"
14085
" # this object needs to have read and write rights on\n"
14086
" # the realm container, principal container and realm sub-"
14087
"trees\n"
14088
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
14089
" ldap_servers = ldaps://ldap01.example.com "
14090
"ldaps://ldap02.example.com\n"
14091
" ldap_conns_per_server = 5\n"
14092
" }\n"
14093
msgstr ""
14094
14095
#: serverguide/C/network-auth.xml:2530(para)
14096
msgid ""
14097
"Change <emphasis>example.com</emphasis>, "
14098
"<emphasis>dc=example,dc=com</emphasis>, "
14099
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
14100
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
14101
"object, and LDAP server for your network."
14102
msgstr ""
14103
14104
#: serverguide/C/network-auth.xml:2539(para)
14105
msgid ""
14106
"Next, use the <application>kdb5_ldap_util</application> utility to create "
14107
"the realm:"
14108
msgstr ""
14109
14110
#: serverguide/C/network-auth.xml:2544(command)
14111
msgid ""
14112
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
14113
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
14114
msgstr ""
14115
14116
#: serverguide/C/network-auth.xml:2550(para)
14117
msgid ""
14118
"Create a stash of the password used to bind to the LDAP server. This "
14119
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
14120
"<emphasis>ldap_kadmin_dn</emphasis> options in "
14121
"<filename>/etc/krb5.conf</filename>:"
14122
msgstr ""
14123
14124
#: serverguide/C/network-auth.xml:2556(command) serverguide/C/network-auth.xml:2694(command)
14125
msgid ""
14126
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
14127
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
14128
msgstr ""
14129
14130
#: serverguide/C/network-auth.xml:2562(para)
14131
msgid "Copy the CA certificate from the LDAP server:"
14132
msgstr ""
14133
14134
#: serverguide/C/network-auth.xml:2567(command)
14135
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
14136
msgstr ""
14137
14138
#: serverguide/C/network-auth.xml:2568(command)
14139
msgid "sudo cp cacert.pem /etc/ssl/certs"
14140
msgstr ""
14141
14142
#: serverguide/C/network-auth.xml:2571(para)
14143
msgid ""
14144
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
14145
msgstr ""
14146
14147
#: serverguide/C/network-auth.xml:2575(programlisting)
14148
#, no-wrap
14149
msgid ""
14150
"\n"
14151
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14152
msgstr ""
14153
14154
#: serverguide/C/network-auth.xml:2580(para)
14155
msgid ""
14156
"The certificate will also need to be copied to the Secondary KDC, to allow "
14157
"the connection to the LDAP servers using LDAPS."
14158
msgstr ""
14159
14160
#: serverguide/C/network-auth.xml:2589(para)
14161
msgid ""
14162
"You can now add Kerberos principals to the LDAP database, and they will be "
14163
"copied to any other LDAP servers configured for replication. To add a "
14164
"principal using the <application>kadmin.local</application> utility enter:"
14165
msgstr ""
14166
14167
#: serverguide/C/network-auth.xml:2597(userinput)
14168
#, no-wrap
14169
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
14170
msgstr ""
14171
14172
#: serverguide/C/network-auth.xml:2596(computeroutput)
14173
#, no-wrap
14174
msgid ""
14175
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
14176
"kadmin.local: <placeholder-1/>\n"
14177
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
14178
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
14179
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
14180
"Principal \"steve@EXAMPLE.COM\" created."
14181
msgstr ""
14182
14183
#: serverguide/C/network-auth.xml:2604(para)
14184
msgid ""
14185
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
14186
"krbExtraData attributes added to the "
14187
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
14188
"the <application>kinit</application> and <application>klist</application> "
14189
"utilities to test that the user is indeed issued a ticket."
14190
msgstr ""
14191
14192
#: serverguide/C/network-auth.xml:2611(para)
14193
msgid ""
14194
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
14195
"option is needed to add the Kerberos attributes. Otherwise a new "
14196
"<emphasis>principal</emphasis> object will be created in the realm subtree."
14197
msgstr ""
14198
14199
#: serverguide/C/network-auth.xml:2619(title)
14200
msgid "Secondary KDC Configuration"
14201
msgstr ""
14202
14203
#: serverguide/C/network-auth.xml:2621(para)
14204
msgid ""
14205
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
14206
"one using the normal Kerberos database."
14207
msgstr ""
14208
14209
#: serverguide/C/network-auth.xml:2627(para)
14210
msgid "First, install the necessary packages. In a terminal enter:"
14211
msgstr ""
14212
14213
#: serverguide/C/network-auth.xml:2638(para)
14214
msgid ""
14215
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
14216
msgstr ""
14217
14218
#: serverguide/C/network-auth.xml:2642(programlisting)
14219
#, no-wrap
14220
msgid ""
14221
"\n"
14222
"[libdefaults]\n"
14223
" default_realm = EXAMPLE.COM\n"
14224
"\n"
14225
"...\n"
14226
"\n"
14227
"[realms]\n"
14228
" EXAMPLE.COM = {\n"
14229
" kdc = kdc01.example.com\n"
14230
" kdc = kdc02.example.com\n"
14231
" admin_server = kdc01.example.com\n"
14232
" admin_server = kdc02.example.com\n"
14233
" default_domain = example.com\n"
14234
" database_module = openldap_ldapconf\n"
14235
" }\n"
14236
"\n"
14237
"...\n"
14238
"\n"
14239
"[domain_realm]\n"
14240
" .example.com = EXAMPLE.COM\n"
14241
"\n"
14242
"...\n"
14243
"\n"
14244
"[dbdefaults]\n"
14245
" ldap_kerberos_container_dn = dc=example,dc=com\n"
14246
"\n"
14247
"[dbmodules]\n"
14248
" openldap_ldapconf = {\n"
14249
" db_library = kldap\n"
14250
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
14251
"\n"
14252
" # this object needs to have read rights on\n"
14253
" # the realm container, principal container and realm sub-"
14254
"trees\n"
14255
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
14256
"\n"
14257
" # this object needs to have read and write rights on\n"
14258
" # the realm container, principal container and realm sub-"
14259
"trees\n"
14260
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
14261
" ldap_servers = ldaps://ldap01.example.com "
14262
"ldaps://ldap02.example.com\n"
14263
" ldap_conns_per_server = 5\n"
14264
" }\n"
14265
msgstr ""
14266
14267
#: serverguide/C/network-auth.xml:2689(para)
14268
msgid "Create the stash for the LDAP bind password:"
14269
msgstr ""
14270
14271
#: serverguide/C/network-auth.xml:2700(para)
14272
msgid ""
14273
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
14274
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
14275
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
14276
"encrypted connection such as <application>scp</application>, or on physical "
14277
"media."
14278
msgstr ""
14279
14280
#: serverguide/C/network-auth.xml:2707(command)
14281
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
14282
msgstr ""
14283
14284
#: serverguide/C/network-auth.xml:2708(command)
14285
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
14286
msgstr ""
14287
14288
#: serverguide/C/network-auth.xml:2712(para)
14289
msgid ""
14290
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
14291
msgstr ""
14292
14293
#: serverguide/C/network-auth.xml:2720(para)
14294
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
14295
msgstr ""
14296
14297
#: serverguide/C/network-auth.xml:2731(para)
14298
msgid ""
14299
"You now have redundant KDCs on your network, and with redundant LDAP servers "
14300
"you should be able to continue to authenticate users if one LDAP server, one "
14301
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
14302
msgstr ""
14303
14304
#: serverguide/C/network-auth.xml:2743(para)
14305
msgid ""
14306
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14307
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
14308
"Guide</ulink> has some additional details."
14309
msgstr ""
14310
14311
#: serverguide/C/network-auth.xml:2749(para)
14312
msgid ""
14313
"For more information on <application>kdb5_ldap_util</application> see <ulink "
14314
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14315
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
14316
"5.6</ulink> and the <ulink "
14317
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/kdb5_ldap_util.8.htm"
14318
"l\">kdb5_ldap_util man page</ulink>."
14319
msgstr ""
14320
14321
#: serverguide/C/network-auth.xml:2757(para)
14322
msgid ""
14323
"Another useful link is the <ulink "
14324
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">k"
14325
"rb5.conf man page</ulink>."
14326
msgstr ""
14327
14328
#: serverguide/C/monitoring.xml:13(title)
14329
msgid "Monitoring"
14330
msgstr ""
14331
14332
#: serverguide/C/monitoring.xml:17(para)
14333
msgid ""
14334
"The monitoring of essential servers and services is an important part of "
14335
"system administration. Most network services are monitored for performance, "
14336
"availability, or both. This section will cover installation and "
14337
"configuration of <application>Nagios</application> for availability "
14338
"monitoring, and <application>Munin</application> for performance monitoring."
14339
msgstr ""
14340
14341
#: serverguide/C/monitoring.xml:24(para)
14342
msgid ""
14343
"The examples in this section will use two servers with hostnames "
14344
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
14345
"<emphasis>Server01</emphasis> will be configured with "
14346
"<application>Nagios</application> to monitor services on itself and "
14347
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
14348
"<application>munin</application> package to gather information from the "
14349
"network. Using the <application>munin-node</application> package, "
14350
"<emphasis>server02</emphasis> will be configured to send information to "
14351
"<emphasis>server01</emphasis>."
14352
msgstr ""
14353
14354
#: serverguide/C/monitoring.xml:33(para)
14355
msgid ""
14356
"Hopefully these simple examples will allow you to monitor additional servers "
14357
"and services on your network."
14358
msgstr ""
14359
14360
#: serverguide/C/monitoring.xml:39(title)
14361
msgid "Nagios"
14362
msgstr ""
14363
14364
#: serverguide/C/monitoring.xml:44(para)
14365
msgid ""
14366
"First, on <emphasis>server01</emphasis> install the "
14367
"<application>nagios</application> package. In a terminal enter:"
14368
msgstr ""
14369
14370
#: serverguide/C/monitoring.xml:50(command)
14371
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
14372
msgstr ""
14373
14374
#: serverguide/C/monitoring.xml:53(para)
14375
msgid ""
14376
"You will be asked to enter a password for the "
14377
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
14378
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
14379
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
14380
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
14381
"of the <application>apache2-utils</application> package."
14382
msgstr ""
14383
14384
#: serverguide/C/monitoring.xml:60(para)
14385
msgid ""
14386
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
14387
"user enter:"
14388
msgstr ""
14389
14390
#: serverguide/C/monitoring.xml:65(command)
14391
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
14392
msgstr ""
14393
14394
#: serverguide/C/monitoring.xml:68(para)
14395
msgid "To add a user:"
14396
msgstr ""
14397
14398
#: serverguide/C/monitoring.xml:73(command)
14399
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
14400
msgstr ""
14401
14402
#: serverguide/C/monitoring.xml:76(para)
14403
msgid ""
14404
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
14405
"server</application> package. From a terminal on server02 enter:"
14406
msgstr ""
14407
14408
#: serverguide/C/monitoring.xml:82(command)
14409
msgid "sudo apt-get install nagios-nrpe-server"
14410
msgstr ""
14411
14412
#: serverguide/C/monitoring.xml:86(para)
14413
msgid ""
14414
"<application>NRPE</application> allows you to execute local checks on remote "
14415
"hosts. There are other ways of accomplishing this through other Nagios "
14416
"plugins as well as other checks."
14417
msgstr ""
14418
14419
#: serverguide/C/monitoring.xml:94(title)
14420
msgid "Configuration Overview"
14421
msgstr ""
14422
14423
#: serverguide/C/monitoring.xml:96(para)
14424
msgid ""
14425
"There are a couple of directories containing "
14426
"<application>Nagios</application> configuration and check files."
14427
msgstr ""
14428
14429
#: serverguide/C/monitoring.xml:102(para)
14430
msgid ""
14431
"<filename>/etc/nagios3</filename>: contains configuration files for the "
14432
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
14433
"etc."
14434
msgstr ""
14435
14436
#: serverguide/C/monitoring.xml:108(para)
14437
msgid ""
14438
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
14439
"service checks."
14440
msgstr ""
14441
14442
#: serverguide/C/monitoring.xml:113(para)
14443
msgid ""
14444
"<filename>/etc/nagios</filename>: on the remote host contains the "
14445
"<application>nagios-nrpe-server</application> configuration files."
14446
msgstr ""
14447
14448
#: serverguide/C/monitoring.xml:118(para)
14449
msgid ""
14450
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
14451
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
14452
msgstr ""
14453
14454
#: serverguide/C/monitoring.xml:123(para)
14455
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
14456
msgstr ""
14457
14458
#: serverguide/C/monitoring.xml:129(para)
14459
msgid ""
14460
"There are a plethora of checks <application>Nagios</application> can be "
14461
"configured to execute for any given host. For this example Nagios will be "
14462
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
14463
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
14464
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
14465
msgstr ""
14466
14467
#: serverguide/C/monitoring.xml:136(para)
14468
msgid ""
14469
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
14470
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
14471
msgstr ""
14472
14473
#: serverguide/C/monitoring.xml:141(para)
14474
msgid ""
14475
"Additionally, there are some terms that once explained will hopefully make "
14476
"understanding Nagios configuration easier:"
14477
msgstr ""
14478
14479
#: serverguide/C/monitoring.xml:147(para)
14480
msgid ""
14481
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
14482
"is being monitored."
14483
msgstr ""
14484
14485
#: serverguide/C/monitoring.xml:152(para)
14486
msgid ""
14487
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
14488
"could group all web servers, file server, etc."
14489
msgstr ""
14490
14491
#: serverguide/C/monitoring.xml:157(para)
14492
msgid ""
14493
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
14494
"as HTTP, DNS, NFS, etc."
14495
msgstr ""
14496
14497
#: serverguide/C/monitoring.xml:162(para)
14498
msgid ""
14499
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
14500
"together. This is useful for grouping multiple HTTP for example."
14501
msgstr ""
14502
14503
#: serverguide/C/monitoring.xml:168(para)
14504
msgid ""
14505
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
14506
"place. Nagios can be configured to send emails, SMS messages, etc."
14507
msgstr ""
14508
14509
#: serverguide/C/monitoring.xml:174(para)
14510
msgid ""
14511
"By default Nagios is configured to check HTTP, disk space, SSH, current "
14512
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
14513
"will also <application>ping</application> check the "
14514
"<emphasis>gateway</emphasis>."
14515
msgstr ""
14516
14517
#: serverguide/C/monitoring.xml:179(para)
14518
msgid ""
14519
"Large Nagios installations can be quite complex to configure. It is usually "
14520
"best to start small, one or two hosts, get things configured the way you "
14521
"like then expand."
14522
msgstr ""
14523
14524
#: serverguide/C/monitoring.xml:194(para)
14525
msgid ""
14526
"First, create a <emphasis>host</emphasis> configuration file for "
14527
"<emphasis>server02</emphasis>. In a terminal enter:"
14528
msgstr ""
14529
14530
#: serverguide/C/monitoring.xml:199(command)
14531
msgid ""
14532
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
14533
"/etc/nagios3/conf.d/server02.cfg"
14534
msgstr ""
14535
14536
#: serverguide/C/monitoring.xml:203(para)
14537
msgid ""
14538
"In the above and following command examples, replace "
14539
"<emphasis>\"server01\"</emphasis>, "
14540
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
14541
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
14542
"your servers."
14543
msgstr ""
14544
14545
#: serverguide/C/monitoring.xml:212(para)
14546
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
14547
msgstr ""
14548
14549
#: serverguide/C/monitoring.xml:216(programlisting)
14550
#, no-wrap
14551
msgid ""
14552
"\n"
14553
"define host{\n"
14554
" use generic-host ; Name of host "
14555
"template to use\n"
14556
" host_name server02\n"
14557
" alias Server 02\n"
14558
" address 172.18.100.101\n"
14559
"}\n"
14560
"\n"
14561
"# check DNS service.\n"
14562
"define service {\n"
14563
" use generic-service\n"
14564
" host_name server02\n"
14565
" service_description DNS\n"
14566
" check_command check_dns!172.18.100.101\n"
14567
"}\n"
14568
msgstr ""
14569
14570
#: serverguide/C/monitoring.xml:236(para)
14571
msgid ""
14572
"Restart the <application>nagios</application> daemon to enable the new "
14573
"configuration:"
14574
msgstr ""
14575
14576
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
14577
msgid "sudo /etc/init.d/nagios3 restart"
14578
msgstr ""
14579
14580
#: serverguide/C/monitoring.xml:251(para)
14581
msgid ""
14582
"Now add a service definition for the MySQL check by adding the following to "
14583
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
14584
msgstr ""
14585
14586
#: serverguide/C/monitoring.xml:255(programlisting)
14587
#, no-wrap
14588
msgid ""
14589
"\n"
14590
"# check MySQL servers.\n"
14591
"define service {\n"
14592
" hostgroup_name mysql-servers\n"
14593
" service_description MySQL\n"
14594
" check_command "
14595
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
14596
" use generic-service\n"
14597
" notification_interval 0 ; set > 0 if you want to be "
14598
"renotified\n"
14599
"}\n"
14600
msgstr ""
14601
14602
#: serverguide/C/monitoring.xml:269(para)
14603
msgid ""
14604
"A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
14605
"Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
14606
msgstr ""
14607
14608
#: serverguide/C/monitoring.xml:274(programlisting)
14609
#, no-wrap
14610
msgid ""
14611
"\n"
14612
"# MySQL hostgroup.\n"
14613
"define hostgroup {\n"
14614
" hostgroup_name mysql-servers\n"
14615
" alias MySQL servers\n"
14616
" members localhost, server02\n"
14617
" }\n"
14618
msgstr ""
14619
14620
#: serverguide/C/monitoring.xml:286(para)
14621
msgid ""
14622
"The Nagios check needs to authenticate to MySQL. To add a "
14623
"<emphasis>nagios</emphasis> user to MySQL enter:"
14624
msgstr ""
14625
14626
#: serverguide/C/monitoring.xml:291(command)
14627
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
14628
msgstr ""
14629
14630
#: serverguide/C/monitoring.xml:295(para)
14631
msgid ""
14632
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
14633
"<emphasis>mysql-servers</emphasis> hostgroup."
14634
msgstr ""
14635
14636
#: serverguide/C/monitoring.xml:303(para)
14637
msgid ""
14638
"Restart <application>nagios</application> to start checking the MySQL "
14639
"servers."
14640
msgstr ""
14641
14642
#: serverguide/C/monitoring.xml:318(para)
14643
msgid ""
14644
"Lastly configure NRPE to check the disk space on "
14645
"<emphasis>server02</emphasis>."
14646
msgstr ""
14647
14648
#: serverguide/C/monitoring.xml:322(para)
14649
msgid ""
14650
"On <emphasis>server01</emphasis> add the service check to "
14651
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
14652
msgstr ""
14653
14654
#: serverguide/C/monitoring.xml:327(programlisting)
14655
#, no-wrap
14656
msgid ""
14657
"\n"
14658
"# NRPE disk check.\n"
14659
"define service {\n"
14660
" use generic-service\n"
14661
" host_name server02\n"
14662
" service_description nrpe-disk\n"
14663
" check_command "
14664
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
14665
"}\n"
14666
msgstr ""
14667
14668
#: serverguide/C/monitoring.xml:340(para)
14669
msgid ""
14670
"Now on <emphasis>server02</emphasis> edit "
14671
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
14672
msgstr ""
14673
14674
#: serverguide/C/monitoring.xml:344(programlisting)
14675
#, no-wrap
14676
msgid ""
14677
"\n"
14678
"allowed_hosts=172.18.100.100\n"
14679
msgstr ""
14680
14681
#: serverguide/C/monitoring.xml:348(para)
14682
msgid "And below in the command definition area add:"
14683
msgstr ""
14684
14685
#: serverguide/C/monitoring.xml:352(programlisting)
14686
#, no-wrap
14687
msgid ""
14688
"\n"
14689
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
14690
"e\n"
14691
msgstr ""
14692
14693
#: serverguide/C/monitoring.xml:359(para)
14694
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
14695
msgstr ""
14696
14697
#: serverguide/C/monitoring.xml:364(command)
14698
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
14699
msgstr ""
14700
14701
#: serverguide/C/monitoring.xml:370(para)
14702
msgid ""
14703
"Also, on <emphasis>server01</emphasis> restart "
14704
"<application>nagios</application>:"
14705
msgstr ""
14706
14707
#: serverguide/C/monitoring.xml:383(para)
14708
msgid ""
14709
"You should now be able to see the host and service checks in the Nagios CGI "
14710
"files. To access them point a browser to http://server01/nagios3. You will "
14711
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
14712
"password."
14713
msgstr ""
14714
14715
#: serverguide/C/monitoring.xml:393(para)
14716
msgid ""
14717
"This section has just scratched the surface of Nagios' features. The "
14718
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
14719
"plugins</application> contain many more service checks."
14720
msgstr ""
14721
14722
#: serverguide/C/monitoring.xml:400(para)
14723
msgid ""
14724
"For more information see <ulink "
14725
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
14726
msgstr ""
14727
14728
#: serverguide/C/monitoring.xml:405(para)
14729
msgid ""
14730
"Specifically the <ulink "
14731
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
14732
"site."
14733
msgstr ""
14734
14735
#: serverguide/C/monitoring.xml:410(para)
14736
msgid ""
14737
"There is also a list of <ulink "
14738
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
14739
"Nagios and network monitoring:"
14740
msgstr ""
14741
14742
#: serverguide/C/monitoring.xml:420(title)
14743
msgid "Munin"
14744
msgstr ""
14745
14746
#: serverguide/C/monitoring.xml:425(para)
14747
msgid ""
14748
"Before installing <application>Munin</application> on "
14749
"<emphasis>server01</emphasis><application>apache2</application> will need to "
14750
"be installed. The default configuration is fine for running a "
14751
"<application>munin</application> server. For more information see <xref "
14752
"linkend=\"httpd\"/>."
14753
msgstr ""
14754
14755
#: serverguide/C/monitoring.xml:431(para)
14756
msgid ""
14757
"First, on <emphasis>server01</emphasis> install "
14758
"<application>munin</application>. In a terminal enter:"
14759
msgstr ""
14760
14761
#: serverguide/C/monitoring.xml:436(command)
14762
msgid "sudo apt-get install munin"
14763
msgstr ""
14764
14765
#: serverguide/C/monitoring.xml:439(para)
14766
msgid ""
14767
"Now on <emphasis>server02</emphasis> install the <application>munin-"
14768
"node</application> package:"
14769
msgstr ""
14770
14771
#: serverguide/C/monitoring.xml:444(command)
14772
msgid "sudo apt-get install munin-node"
14773
msgstr ""
14774
14775
#: serverguide/C/monitoring.xml:451(para)
14776
msgid ""
14777
"On <emphasis>server01</emphasis> edit the "
14778
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
14779
"<emphasis>server02</emphasis>:"
14780
msgstr ""
14781
14782
#: serverguide/C/monitoring.xml:456(programlisting)
14783
#, no-wrap
14784
msgid ""
14785
"\n"
14786
"## First our \"normal\" host.\n"
14787
"[server02]\n"
14788
" address 172.18.100.101\n"
14789
msgstr ""
14790
14791
#: serverguide/C/monitoring.xml:463(para)
14792
msgid ""
14793
"Replace <emphasis>server02</emphasis> and "
14794
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
14795
"for your server."
14796
msgstr ""
14797
14798
#: serverguide/C/monitoring.xml:469(para)
14799
msgid ""
14800
"Next, configure <application>munin-node</application> on "
14801
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
14802
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
14803
msgstr ""
14804
14805
#: serverguide/C/monitoring.xml:474(programlisting)
14806
#, no-wrap
14807
msgid ""
14808
"\n"
14809
"allow ^172\\.18\\.100\\.100$\n"
14810
msgstr ""
14811
14812
#: serverguide/C/monitoring.xml:479(para)
14813
msgid ""
14814
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
14815
"<application>munin</application> server."
14816
msgstr ""
14817
14818
#: serverguide/C/monitoring.xml:484(para)
14819
msgid ""
14820
"Now restart <application>munin-node</application> on "
14821
"<emphasis>server02</emphasis> for the changes to take effect:"
14822
msgstr ""
14823
14824
#: serverguide/C/monitoring.xml:489(command)
14825
msgid "sudo /etc/init.d/munin-node restart"
14826
msgstr ""
14827
14828
#: serverguide/C/monitoring.xml:492(para)
14829
msgid ""
14830
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
14831
"you should see links to nice graphs displaying information from the standard "
14832
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
14833
msgstr ""
14834
14835
#: serverguide/C/monitoring.xml:498(para)
14836
msgid ""
14837
"Since this is a new install it may take some time for the graphs to display "
14838
"anything useful."
14839
msgstr ""
14840
14841
#: serverguide/C/monitoring.xml:505(title)
14842
msgid "Additional Plugins"
14843
msgstr ""
14844
14845
#: serverguide/C/monitoring.xml:507(para)
14846
msgid ""
14847
"The <application>munin-plugins-extra</application> package contains "
14848
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
14849
"install the package, from a terminal enter:"
14850
msgstr ""
14851
14852
#: serverguide/C/monitoring.xml:513(command)
14853
msgid "sudo apt-get install munin-plugins-extra"
14854
msgstr ""
14855
14856
#: serverguide/C/monitoring.xml:516(para)
14857
msgid "Be sure to install the package on both the server and node machines."
14858
msgstr ""
14859
14860
#: serverguide/C/monitoring.xml:526(para)
14861
msgid ""
14862
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
14863
"website for more details."
14864
msgstr ""
14865
14866
#: serverguide/C/monitoring.xml:531(para)
14867
msgid ""
14868
"Specifically the <ulink "
14869
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
14870
"Documentation</ulink> page includes information on additional plugins, "
14871
"writing plugins, etc."
14872
msgstr ""
14873
14874
#: serverguide/C/monitoring.xml:537(para)
14875
msgid ""
14876
"Also, there is a book in German by Open Source Press: <ulink "
14877
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
14878
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
14879
msgstr ""
14880
14881
#: serverguide/C/mail.xml:13(title)
14882
msgid "Email Services"
14883
msgstr ""
14884
14885
#: serverguide/C/mail.xml:14(para)
14886
msgid ""
14887
"The process of getting an email from one person to another over a network or "
14888
"the Internet involves many systems working together. Each of these systems "
14889
"must be correctly configured for the process to work. The sender uses a "
14890
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
14891
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
14892
"the last of which will hand it off to a <emphasis>Mail Delivery "
14893
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
14894
"it will be retrieved by the recipient's email client, usually via a POP3 or "
14895
"IMAP server."
14896
msgstr ""
14897
14898
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:804(application) serverguide/C/mail.xml:838(title) serverguide/C/mail.xml:916(title) serverguide/C/mail.xml:1475(title)
14899
msgid "Postfix"
14900
msgstr ""
14901
14902
#: serverguide/C/mail.xml:25(para)
14903
msgid ""
14904
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
14905
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
14906
"compatible with the MTA <application>sendmail</application>. This section "
14907
"explains how to install and configure <application>postfix</application>. It "
14908
"also explains how to set it up as an SMTP server using a secure connection "
14909
"(for sending emails securely)."
14910
msgstr ""
14911
14912
#: serverguide/C/mail.xml:34(para)
14913
msgid ""
14914
"This guide does not cover setting up Postfix <emphasis>Virtual "
14915
"Domains</emphasis>, for information on Virtual Domains and other advanced "
14916
"configurations see <xref linkend=\"postfix-references\"/>."
14917
msgstr ""
14918
14919
#: serverguide/C/mail.xml:41(para)
14920
msgid ""
14921
"To install <application>postfix</application> run the following command:"
14922
msgstr ""
14923
14924
#: serverguide/C/mail.xml:47(para)
14925
msgid ""
14926
"Simply press return when the installation process asks questions, the "
14927
"configuration will be done in greater detail in the next stage."
14928
msgstr ""
14929
14930
#: serverguide/C/mail.xml:52(title)
14931
msgid "Basic Configuration"
14932
msgstr ""
14933
14934
#: serverguide/C/mail.xml:53(para)
14935
msgid ""
14936
"To configure <application>postfix</application>, run the following command:"
14937
msgstr ""
14938
14939
#: serverguide/C/mail.xml:57(command)
14940
msgid "sudo dpkg-reconfigure postfix"
14941
msgstr ""
14942
14943
#: serverguide/C/mail.xml:63(para)
14944
msgid "Internet Site"
14945
msgstr ""
14946
14947
#: serverguide/C/mail.xml:64(para)
14948
msgid "mail.example.com"
14949
msgstr ""
14950
14951
#: serverguide/C/mail.xml:65(para)
14952
msgid "steve"
14953
msgstr ""
14954
14955
#: serverguide/C/mail.xml:66(para)
14956
msgid "mail.example.com, localhost.localdomain, localhost"
14957
msgstr ""
14958
14959
#: serverguide/C/mail.xml:67(para)
14960
msgid "No"
14961
msgstr ""
14962
14963
#: serverguide/C/mail.xml:68(para)
14964
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
14965
msgstr ""
14966
14967
#: serverguide/C/mail.xml:69(para)
14968
msgid "0"
14969
msgstr ""
14970
14971
#: serverguide/C/mail.xml:70(para)
14972
msgid "+"
14973
msgstr ""
14974
14975
#: serverguide/C/mail.xml:71(para)
14976
msgid "all"
14977
msgstr ""
14978
14979
#: serverguide/C/mail.xml:59(para)
14980
msgid ""
14981
"The user interface will be displayed. On each screen, select the following "
14982
"values: <placeholder-1/>"
14983
msgstr ""
14984
14985
#: serverguide/C/mail.xml:75(para)
14986
msgid ""
14987
"Replace mail.example.com with the domain for which you'll accept email, "
14988
"192.168.0/24 with the actual network and class range of your mail server, "
14989
"and steve with the appropriate username."
14990
msgstr ""
14991
14992
#: serverguide/C/mail.xml:81(para)
14993
msgid ""
14994
"Now is a good time to decide which mailbox format you want to use. By "
14995
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
14996
"mailbox format. Rather than editing the configuration file directly, you can "
14997
"use the <command>postconf</command> command to configure all "
14998
"<application>postfix</application> parameters. The configuration parameters "
14999
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
15000
"you wish to re-configure a particular parameter, you can either run the "
15001
"command or change it manually in the file."
15002
msgstr ""
15003
15004
#: serverguide/C/mail.xml:92(para)
15005
msgid ""
15006
"To configure the mailbox format for <emphasis "
15007
"role=\"strong\">Maildir:</emphasis>"
15008
msgstr ""
15009
15010
#: serverguide/C/mail.xml:97(command)
15011
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
15012
msgstr ""
15013
15014
#: serverguide/C/mail.xml:100(para)
15015
msgid ""
15016
"This will place new mail in /home/<emphasis "
15017
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
15018
"your Mail Delivery Agent (MDA) to use the same path."
15019
msgstr ""
15020
15021
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:538(title)
15022
msgid "SMTP Authentication"
15023
msgstr ""
15024
15025
#: serverguide/C/mail.xml:110(para)
15026
msgid ""
15027
"SMTP-AUTH allows a client to identify itself through an authentication "
15028
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
15029
"the authentication process. Once authenticated the SMTP server will allow "
15030
"the client to relay mail."
15031
msgstr ""
15032
15033
#: serverguide/C/mail.xml:117(para)
15034
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
15035
msgstr ""
15036
15037
#: serverguide/C/mail.xml:120(screen)
15038
#, no-wrap
15039
msgid ""
15040
"\n"
15041
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
15042
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
15043
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
15044
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
15045
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
15046
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
15047
"sudo postconf -e 'smtpd_recipient_restrictions = "
15048
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
15049
"sudo postconf -e 'inet_interfaces = all'\n"
15050
msgstr ""
15051
15052
#: serverguide/C/mail.xml:131(para)
15053
msgid ""
15054
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
15055
"the Postfix queue directory."
15056
msgstr ""
15057
15058
#: serverguide/C/mail.xml:137(para)
15059
msgid ""
15060
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
15061
"and-security\"/> for details. This example also uses a Certificate Authority "
15062
"(CA). For information on generating a CA certificate see <xref "
15063
"linkend=\"certificate-authority\"/>."
15064
msgstr ""
15065
15066
#: serverguide/C/mail.xml:143(para)
15067
msgid ""
15068
"You can get the digital certificate from a certificate authority. But unlike "
15069
"web clients, SMTP clients rarely complain about \"self-signed "
15070
"certificates\", so alternatively, you can create the certificate yourself. "
15071
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
15072
"details."
15073
msgstr ""
15074
15075
#: serverguide/C/mail.xml:155(para)
15076
msgid ""
15077
"Once you have a certificate, configure Postfix to provide TLS encryption for "
15078
"both incoming and outgoing mail:"
15079
msgstr ""
15080
15081
#: serverguide/C/mail.xml:158(screen)
15082
#, no-wrap
15083
msgid ""
15084
"\n"
15085
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
15086
"sudo postconf -e 'smtp_use_tls = yes'\n"
15087
"sudo postconf -e 'smtpd_use_tls = yes'\n"
15088
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
15089
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
15090
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
15091
"sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'\n"
15092
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
15093
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
15094
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
15095
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
15096
"sudo postconf -e 'myhostname = mail.example.com'\n"
15097
msgstr ""
15098
15099
#: serverguide/C/mail.xml:175(para)
15100
msgid ""
15101
"After running all the commands, <application>Postfix</application> is "
15102
"configured for SMTP-AUTH and a self-signed certificate has been created for "
15103
"TLS encryption."
15104
msgstr ""
15105
15106
#: serverguide/C/mail.xml:180(para)
15107
msgid ""
15108
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
15109
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
15110
msgstr ""
15111
15112
#: serverguide/C/mail.xml:184(para)
15113
msgid ""
15114
"The postfix initial configuration is complete. Run the following command to "
15115
"restart the postfix daemon:"
15116
msgstr ""
15117
15118
#: serverguide/C/mail.xml:189(para)
15119
msgid ""
15120
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
15121
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
15122
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
15123
"However it is still necessary to set up SASL authentication before you can "
15124
"use SMTP-AUTH."
15125
msgstr ""
15126
15127
#: serverguide/C/mail.xml:199(title) serverguide/C/mail.xml:591(title)
15128
msgid "Configuring SASL"
15129
msgstr ""
15130
15131
#: serverguide/C/mail.xml:200(para)
15132
msgid ""
15133
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
15134
"enable Dovecot SASL the <application>dovecot-common</application> package "
15135
"will need to be installed. From a terminal prompt enter the following:"
15136
msgstr ""
15137
15138
#: serverguide/C/mail.xml:206(command)
15139
msgid "sudo apt-get install dovecot-common"
15140
msgstr ""
15141
15142
#: serverguide/C/mail.xml:208(para)
15143
msgid ""
15144
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
15145
"In the <emphasis>auth default</emphasis> section uncomment the "
15146
"<emphasis>socket listen</emphasis> option and change the following:"
15147
msgstr ""
15148
15149
#: serverguide/C/mail.xml:212(programlisting)
15150
#, no-wrap
15151
msgid ""
15152
"\n"
15153
" socket listen {\n"
15154
" #master {\n"
15155
" # Master socket provides access to userdb information. It's typically\n"
15156
" # used to give Dovecot's local delivery agent access to userdb so it\n"
15157
" # can find mailbox locations.\n"
15158
" #path = /var/run/dovecot/auth-master\n"
15159
" #mode = 0600\n"
15160
" # Default user/group is the one who started dovecot-auth (root)\n"
15161
" #user = \n"
15162
" #group = \n"
15163
" #}\n"
15164
" client {\n"
15165
" # The client socket is generally safe to export to everyone. Typical "
15166
"use\n"
15167
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
15168
" # using it.\n"
15169
" path = /var/spool/postfix/private/auth-client\n"
15170
" mode = 0660\n"
15171
" user = postfix\n"
15172
" group = postfix\n"
15173
" }\n"
15174
" }\n"
15175
msgstr ""
15176
15177
#: serverguide/C/mail.xml:236(para)
15178
msgid ""
15179
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
15180
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
15181
"add <emphasis>\"login\"</emphasis>:"
15182
msgstr ""
15183
15184
#: serverguide/C/mail.xml:241(programlisting)
15185
#, no-wrap
15186
msgid ""
15187
"\n"
15188
" mechanisms = plain login\n"
15189
msgstr ""
15190
15191
#: serverguide/C/mail.xml:245(para)
15192
msgid ""
15193
"Once you have <application>Dovecot</application> configured restart it with:"
15194
msgstr ""
15195
15196
#: serverguide/C/mail.xml:249(command) serverguide/C/mail.xml:712(command)
15197
msgid "sudo /etc/init.d/dovecot restart"
15198
msgstr ""
15199
15200
#: serverguide/C/mail.xml:254(title)
15201
msgid "Postfix-Dovecot"
15202
msgstr ""
15203
15204
#: serverguide/C/mail.xml:256(para)
15205
msgid ""
15206
"Another option for configuring <application>Postfix</application> for SMTP-"
15207
"AUTH is using the <application>dovecot-postfix</application> package. This "
15208
"package will install <application>Dovecot</application> and configure "
15209
"<application>Postfix</application> to use it for both SASL authentication "
15210
"and as a Mail Delivery Agent (MDA). The package also configures "
15211
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
15212
msgstr ""
15213
15214
#: serverguide/C/mail.xml:265(para)
15215
msgid ""
15216
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
15217
"server. For example, if you are configuring your server to be a mail "
15218
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
15219
"the above commands to configure Postfix for SMTPAUTH."
15220
msgstr ""
15221
15222
#: serverguide/C/mail.xml:272(para)
15223
msgid "To install the package, from a terminal prompt enter:"
15224
msgstr ""
15225
15226
#: serverguide/C/mail.xml:277(command)
15227
msgid "sudo apt-get install dovecot-postfix"
15228
msgstr ""
15229
15230
#: serverguide/C/mail.xml:280(para)
15231
msgid ""
15232
"You should now have a working mail server, but there are a few options that "
15233
"you may wish to further customize. For example, the package uses the "
15234
"certificate and key from the <application>ssl-cert</application> package, "
15235
"and in a production environment you should use a certificate and key "
15236
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
15237
"for more details."
15238
msgstr ""
15239
15240
#: serverguide/C/mail.xml:286(para)
15241
msgid ""
15242
"Once you have a customized certificate and key for the host, change the "
15243
"following options in <filename>/etc/postfix/main.cf</filename>:"
15244
msgstr ""
15245
15246
#: serverguide/C/mail.xml:290(programlisting)
15247
#, no-wrap
15248
msgid ""
15249
"\n"
15250
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
15251
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
15252
msgstr ""
15253
15254
#: serverguide/C/mail.xml:295(para)
15255
msgid "Then restart Postfix:"
15256
msgstr ""
15257
15258
#: serverguide/C/mail.xml:300(command) serverguide/C/mail.xml:363(command) serverguide/C/mail.xml:956(command) serverguide/C/mail.xml:1526(command)
15259
msgid "sudo /etc/init.d/postfix restart"
15260
msgstr ""
15261
15262
#: serverguide/C/mail.xml:306(para)
15263
msgid ""
15264
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
15265
msgstr ""
15266
15267
#: serverguide/C/mail.xml:309(para)
15268
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
15269
msgstr ""
15270
15271
#: serverguide/C/mail.xml:314(command)
15272
msgid "telnet mail.example.com 25"
15273
msgstr ""
15274
15275
#: serverguide/C/mail.xml:316(para)
15276
msgid ""
15277
"After you have established the connection to the postfix mail server, type:"
15278
msgstr ""
15279
15280
#: serverguide/C/mail.xml:320(screen)
15281
#, no-wrap
15282
msgid ""
15283
"\n"
15284
"ehlo mail.example.com\n"
15285
msgstr ""
15286
15287
#: serverguide/C/mail.xml:323(para)
15288
msgid ""
15289
"If you see the following lines among others, then everything is working "
15290
"perfectly. Type <command>quit</command> to exit."
15291
msgstr ""
15292
15293
#: serverguide/C/mail.xml:327(programlisting)
15294
#, no-wrap
15295
msgid ""
15296
"\n"
15297
"250-STARTTLS\n"
15298
"250-AUTH LOGIN PLAIN\n"
15299
"250-AUTH=LOGIN PLAIN\n"
15300
"250 8BITMIME\n"
15301
msgstr ""
15302
15303
#: serverguide/C/mail.xml:337(para)
15304
msgid ""
15305
"This section introduces some common ways to determine the cause if problems "
15306
"arise."
15307
msgstr ""
15308
15309
#: serverguide/C/mail.xml:341(title)
15310
msgid "Escaping chroot"
15311
msgstr ""
15312
15313
#: serverguide/C/mail.xml:342(para)
15314
msgid ""
15315
"The Ubuntu <application>postfix</application> package will by default "
15316
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
15317
"This can add greater complexity when troubleshooting problems."
15318
msgstr ""
15319
15320
#: serverguide/C/mail.xml:346(para)
15321
msgid ""
15322
"To turn off the chroot operation locate for the following line in the "
15323
"<filename>/etc/postfix/master.cf</filename> configuration file:"
15324
msgstr ""
15325
15326
#: serverguide/C/mail.xml:350(screen)
15327
#, no-wrap
15328
msgid ""
15329
"\n"
15330
"smtp inet n - - - - smtpd\n"
15331
msgstr ""
15332
15333
#: serverguide/C/mail.xml:353(para)
15334
msgid "and modify it as follows:"
15335
msgstr ""
15336
15337
#: serverguide/C/mail.xml:356(screen)
15338
#, no-wrap
15339
msgid ""
15340
"\n"
15341
"smtp inet n - n - - smtpd\n"
15342
msgstr ""
15343
15344
#: serverguide/C/mail.xml:359(para)
15345
msgid ""
15346
"You will then need to restart Postfix to use the new configuration. From a "
15347
"terminal prompt enter:"
15348
msgstr ""
15349
15350
#: serverguide/C/mail.xml:367(title)
15351
msgid "Log Files"
15352
msgstr ""
15353
15354
#: serverguide/C/mail.xml:368(para)
15355
msgid ""
15356
"<application>Postfix</application> sends all log messages to "
15357
"<filename>/var/log/mail.log</filename>. However error and warning messages "
15358
"can sometimes get lost in the normal log output so they are also logged to "
15359
"<filename>/var/log/mail.err</filename> and "
15360
"<filename>/var/log/mail.warn</filename> respectively."
15361
msgstr ""
15362
15363
#: serverguide/C/mail.xml:373(para)
15364
msgid ""
15365
"To see messages entered into the logs in real time you can use the "
15366
"<application>tail -f</application> command:"
15367
msgstr ""
15368
15369
#: serverguide/C/mail.xml:378(command)
15370
msgid "tail -f /var/log/mail.err"
15371
msgstr ""
15372
15373
#: serverguide/C/mail.xml:380(para)
15374
msgid ""
15375
"The amount of detail that is recorded in the logs can be increased. Below "
15376
"are some configuration options for increasing the log level for some of the "
15377
"areas covered above."
15378
msgstr ""
15379
15380
#: serverguide/C/mail.xml:386(para)
15381
msgid ""
15382
"To increase <emphasis>TLS</emphasis> activity logging set the "
15383
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
15384
msgstr ""
15385
15386
#: serverguide/C/mail.xml:390(command)
15387
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
15388
msgstr ""
15389
15390
#: serverguide/C/mail.xml:394(para)
15391
msgid ""
15392
"If you are having trouble sending or receiving mail from a specific domain "
15393
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
15394
msgstr ""
15395
15396
#: serverguide/C/mail.xml:399(command)
15397
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
15398
msgstr ""
15399
15400
#: serverguide/C/mail.xml:403(para)
15401
msgid ""
15402
"You can increase the verbosity of any <application>Postfix</application> "
15403
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
15404
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
15405
"<emphasis>smtp</emphasis> entry:"
15406
msgstr ""
15407
15408
#: serverguide/C/mail.xml:407(programlisting)
15409
#, no-wrap
15410
msgid ""
15411
"\n"
15412
"smtp unix - - - - - smtp -v\n"
15413
msgstr ""
15414
15415
#: serverguide/C/mail.xml:413(para)
15416
msgid ""
15417
"It is important to note that after making one of the logging changes above "
15418
"the <application>Postfix</application> process will need to be reloaded in "
15419
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
15420
"reload</command>"
15421
msgstr ""
15422
15423
#: serverguide/C/mail.xml:420(para)
15424
msgid ""
15425
"To increase the amount of information logged when troubleshooting "
15426
"<emphasis>SASL</emphasis> issues you can set the following options in "
15427
"<filename>/etc/dovecot/dovecot.conf</filename>"
15428
msgstr ""
15429
15430
#: serverguide/C/mail.xml:424(programlisting)
15431
#, no-wrap
15432
msgid ""
15433
"\n"
15434
"auth_debug=yes\n"
15435
"auth_debug_passwords=yes\n"
15436
msgstr ""
15437
15438
#: serverguide/C/mail.xml:431(para)
15439
msgid ""
15440
"Just like <application>Postfix</application> if you change a "
15441
"<application>Dovecot</application> configuration the process will need to be "
15442
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
15443
msgstr ""
15444
15445
#: serverguide/C/mail.xml:437(para)
15446
msgid ""
15447
"Some of the options above can drastically increase the amount of information "
15448
"sent to the log files. Remember to return the log level back to normal after "
15449
"you have corrected the problem. Then reload the appropriate daemon for the "
15450
"new configuration to take affect."
15451
msgstr ""
15452
15453
#: serverguide/C/mail.xml:445(para)
15454
msgid ""
15455
"Administering a <application>Postfix</application> server can be a very "
15456
"complicated task. At some point you may need to turn to the Ubuntu community "
15457
"for more experienced help."
15458
msgstr ""
15459
15460
#: serverguide/C/mail.xml:449(para)
15461
msgid ""
15462
"A great place to ask for <application>Postfix</application> assistance, and "
15463
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
15464
"server</emphasis> IRC channel on <ulink "
15465
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
15466
"one of the <ulink "
15467
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
15468
msgstr ""
15469
15470
#: serverguide/C/mail.xml:454(para)
15471
msgid ""
15472
"For in depth <application>Postfix</application> information Ubuntu "
15473
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
15474
"Book of Postfix</ulink>."
15475
msgstr ""
15476
15477
#: serverguide/C/mail.xml:458(para)
15478
msgid ""
15479
"Finally, the <ulink "
15480
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
15481
"also has great documentation on all the different configuration options "
15482
"available."
15483
msgstr ""
15484
15485
#: serverguide/C/mail.xml:467(title) serverguide/C/mail.xml:844(title) serverguide/C/mail.xml:960(title)
15486
msgid "Exim4"
15487
msgstr ""
15488
15489
#: serverguide/C/mail.xml:468(para)
15490
msgid ""
15491
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
15492
"developed at the University of Cambridge for use on Unix systems connected "
15493
"to the Internet. Exim can be installed in place of "
15494
"<application>sendmail</application>, although the configuration of "
15495
"<application>exim</application> is quite different to that of "
15496
"<application>sendmail</application>."
15497
msgstr ""
15498
15499
#: serverguide/C/mail.xml:479(para)
15500
msgid ""
15501
"To install <application>exim4</application>, run the following command: "
15502
"<screen>\n"
15503
"<command>sudo apt-get install exim4</command>\n"
15504
"</screen>"
15505
msgstr ""
15506
15507
#: serverguide/C/mail.xml:488(para)
15508
msgid ""
15509
"To configure <application>Exim4</application>, run the following command:"
15510
msgstr ""
15511
15512
#: serverguide/C/mail.xml:492(command)
15513
msgid "sudo dpkg-reconfigure exim4-config"
15514
msgstr ""
15515
15516
#: serverguide/C/mail.xml:494(para)
15517
msgid ""
15518
"The user interface will be displayed. The user interface lets you configure "
15519
"many parameters. For example, In <application>Exim4</application> the "
15520
"configuration files are split among multiple files. If you wish to have them "
15521
"in one file you can configure accordingly in this user interface."
15522
msgstr ""
15523
15524
#: serverguide/C/mail.xml:502(para)
15525
msgid ""
15526
"All the parameters you configure in the user interface are stored in "
15527
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
15528
"re-configure, either you re-run the configuration wizard or manually edit "
15529
"this file using your favorite editor. Once you configure, you can run the "
15530
"following command to generate the master configuration file:"
15531
msgstr ""
15532
15533
#: serverguide/C/mail.xml:513(command) serverguide/C/mail.xml:586(command)
15534
msgid "sudo update-exim4.conf"
15535
msgstr ""
15536
15537
#: serverguide/C/mail.xml:515(para)
15538
msgid ""
15539
"The master configuration file, is generated and it is stored in "
15540
"<filename>/var/lib/exim4/config.autogenerated</filename>."
15541
msgstr ""
15542
15543
#: serverguide/C/mail.xml:521(para)
15544
msgid ""
15545
"At any time, you should not edit the master configuration file, "
15546
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
15547
"updated automatically every time you run <command>update-exim4.conf</command>"
15548
msgstr ""
15549
15550
#: serverguide/C/mail.xml:529(para)
15551
msgid ""
15552
"You can run the following command to start <application>Exim4</application> "
15553
"daemon."
15554
msgstr ""
15555
15556
#: serverguide/C/mail.xml:534(command) serverguide/C/mail.xml:966(command)
15557
msgid "sudo /etc/init.d/exim4 start"
15558
msgstr ""
15559
15560
#: serverguide/C/mail.xml:539(para)
15561
msgid ""
15562
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
15563
msgstr ""
15564
15565
#: serverguide/C/mail.xml:542(para)
15566
msgid ""
15567
"The first step is to create a certificate for use with TLS. Enter the "
15568
"following into a terminal prompt:"
15569
msgstr ""
15570
15571
#: serverguide/C/mail.xml:546(command)
15572
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
15573
msgstr ""
15574
15575
#: serverguide/C/mail.xml:548(para)
15576
msgid ""
15577
"Now Exim4 needs to be configured for TLS by editing "
15578
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
15579
"the following:"
15580
msgstr ""
15581
15582
#: serverguide/C/mail.xml:552(programlisting)
15583
#, no-wrap
15584
msgid ""
15585
"\n"
15586
"MAIN_TLS_ENABLE = yes\n"
15587
msgstr ""
15588
15589
#: serverguide/C/mail.xml:555(para)
15590
msgid ""
15591
"Next you need to configure <application>Exim4</application> to use the "
15592
"<application>saslauthd</application> for authentication. Edit "
15593
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
15594
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
15595
"<emphasis>login_saslauthd_server</emphasis> sections:"
15596
msgstr ""
15597
15598
#: serverguide/C/mail.xml:560(programlisting)
15599
#, no-wrap
15600
msgid ""
15601
"\n"
15602
" plain_saslauthd_server:\n"
15603
" driver = plaintext\n"
15604
" public_name = PLAIN\n"
15605
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
15606
" server_set_id = $auth2\n"
15607
" server_prompts = :\n"
15608
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
15609
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
15610
" .endif\n"
15611
"#\n"
15612
" login_saslauthd_server:\n"
15613
" driver = plaintext\n"
15614
" public_name = LOGIN\n"
15615
" server_prompts = \"Username:: : Password::\"\n"
15616
" # don't send system passwords over unencrypted connections\n"
15617
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
15618
" server_set_id = $auth1\n"
15619
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
15620
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
15621
" .endif\n"
15622
msgstr ""
15623
15624
#: serverguide/C/mail.xml:582(para)
15625
msgid "Finally, update the Exim4 configuration and restart the service:"
15626
msgstr ""
15627
15628
#: serverguide/C/mail.xml:587(command)
15629
msgid "sudo /etc/init.d/exim4 restart"
15630
msgstr ""
15631
15632
#: serverguide/C/mail.xml:592(para)
15633
msgid ""
15634
"This section provides details on configuring the saslauthd to provide "
15635
"authentication for <application>Exim4</application>."
15636
msgstr ""
15637
15638
#: serverguide/C/mail.xml:595(para)
15639
msgid ""
15640
"The first step is to install the sasl2-bin package. From a terminal prompt "
15641
"enter the following:"
15642
msgstr ""
15643
15644
#: serverguide/C/mail.xml:599(command)
15645
msgid "sudo apt-get install sasl2-bin"
15646
msgstr ""
15647
15648
#: serverguide/C/mail.xml:601(para)
15649
msgid ""
15650
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
15651
"and set START=no to:"
15652
msgstr ""
15653
15654
#: serverguide/C/mail.xml:604(programlisting)
15655
#, no-wrap
15656
msgid ""
15657
"\n"
15658
"START=yes\n"
15659
msgstr ""
15660
15661
#: serverguide/C/mail.xml:607(para)
15662
msgid ""
15663
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
15664
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
15665
"service:"
15666
msgstr ""
15667
15668
#: serverguide/C/mail.xml:612(command)
15669
msgid "sudo adduser Debian-exim sasl"
15670
msgstr ""
15671
15672
#: serverguide/C/mail.xml:614(para)
15673
msgid "Now start the <application>saslauthd</application> service:"
15674
msgstr ""
15675
15676
#: serverguide/C/mail.xml:618(command)
15677
msgid "sudo /etc/init.d/saslauthd start"
15678
msgstr ""
15679
15680
#: serverguide/C/mail.xml:620(para)
15681
msgid ""
15682
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
15683
"and SASL authentication."
15684
msgstr ""
15685
15686
#: serverguide/C/mail.xml:629(para)
15687
msgid ""
15688
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
15689
"information."
15690
msgstr ""
15691
15692
#: serverguide/C/mail.xml:634(para)
15693
msgid ""
15694
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
15695
"server\">Exim4 Book</ulink> available."
15696
msgstr ""
15697
15698
#: serverguide/C/mail.xml:643(title)
15699
msgid "Dovecot Server"
15700
msgstr ""
15701
15702
#: serverguide/C/mail.xml:644(para)
15703
msgid ""
15704
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
15705
"security primarily in mind. It supports the major mailbox formats: mbox or "
15706
"Maildir. This section explain how to set it up as an imap or pop3 server."
15707
msgstr ""
15708
15709
#: serverguide/C/mail.xml:652(para)
15710
msgid ""
15711
"To install <application>dovecot</application>, run the following command in "
15712
"the command prompt:"
15713
msgstr ""
15714
15715
#: serverguide/C/mail.xml:657(command)
15716
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
15717
msgstr ""
15718
15719
#: serverguide/C/mail.xml:662(para)
15720
msgid ""
15721
"To configure <application>dovecot</application>, you can edit the file "
15722
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
15723
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
15724
"secure). A description of these protocols is beyond the scope of this guide. "
15725
"For further information, refer to the Wikipedia articles on <ulink "
15726
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
15727
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
15728
"link>."
15729
msgstr ""
15730
15731
#: serverguide/C/mail.xml:672(para)
15732
msgid ""
15733
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
15734
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
15735
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
15736
msgstr ""
15737
15738
#: serverguide/C/mail.xml:678(programlisting)
15739
#, no-wrap
15740
msgid ""
15741
"\n"
15742
"protocols = pop3 pop3s imap imaps\n"
15743
msgstr ""
15744
15745
#: serverguide/C/mail.xml:681(para)
15746
msgid ""
15747
"Next, choose the mailbox you would like to use. "
15748
"<application>Dovecot</application> supports <emphasis "
15749
"role=\"strong\">maildir</emphasis> and <emphasis "
15750
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
15751
"mailbox formats. They both have their own benefits and are discussed on "
15752
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
15753
"site</ulink>."
15754
msgstr ""
15755
15756
#: serverguide/C/mail.xml:689(para)
15757
msgid ""
15758
"Once you have chosen your mailbox type, edit the file "
15759
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
15760
msgstr ""
15761
15762
#: serverguide/C/mail.xml:694(programlisting)
15763
#, no-wrap
15764
msgid ""
15765
"\n"
15766
"mail_location = maildir:~/Maildir # (for maildir)\n"
15767
"or\n"
15768
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
15769
msgstr ""
15770
15771
#: serverguide/C/mail.xml:700(para)
15772
msgid ""
15773
"You should configure your Mail Transport Agent (MTA) to transfer the "
15774
"incoming mail to this type of mailbox if it is different from the one you "
15775
"have configured."
15776
msgstr ""
15777
15778
#: serverguide/C/mail.xml:706(para)
15779
msgid ""
15780
"Once you have configured dovecot, restart the "
15781
"<application>dovecot</application> daemon in order to test your setup:"
15782
msgstr ""
15783
15784
#: serverguide/C/mail.xml:715(para)
15785
msgid ""
15786
"If you have enabled imap, or pop3, you can also try to log in with the "
15787
"commands <command>telnet localhost pop3</command> or <command>telnet "
15788
"localhost imap2</command>. If you see something like the following, the "
15789
"installation has been successful:"
15790
msgstr ""
15791
15792
#: serverguide/C/mail.xml:722(programlisting)
15793
#, no-wrap
15794
msgid ""
15795
"\n"
15796
"bhuvan@rainbow:~$ telnet localhost pop3\n"
15797
"Trying 127.0.0.1...\n"
15798
"Connected to localhost.localdomain.\n"
15799
"Escape character is '^]'.\n"
15800
"+OK Dovecot ready.\n"
15801
msgstr ""
15802
15803
#: serverguide/C/mail.xml:731(title)
15804
msgid "Dovecot SSL Configuration"
15805
msgstr ""
15806
15807
#: serverguide/C/mail.xml:732(para)
15808
msgid ""
15809
"To configure <application>dovecot</application> to use SSL, you can edit the "
15810
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
15811
"lines:"
15812
msgstr ""
15813
15814
#: serverguide/C/mail.xml:737(programlisting)
15815
#, no-wrap
15816
msgid ""
15817
"\n"
15818
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
15819
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
15820
"ssl_disable = no\n"
15821
"disable_plaintext_auth = no\n"
15822
msgstr ""
15823
15824
#: serverguide/C/mail.xml:743(para)
15825
msgid ""
15826
"You can get the SSL certificate from a Certificate Issuing Authority or you "
15827
"can create self signed SSL certificate. The latter is a good option for "
15828
"email, because SMTP clients rarely complain about \"self-signed "
15829
"certificates\". Please refer to <xref linkend=\"certificates-and-"
15830
"security\"/> for details about how to create self signed SSL certificate. "
15831
"Once you create the certificate, you will have a key file and a certificate "
15832
"file. Please copy them to the location pointed in the "
15833
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
15834
msgstr ""
15835
15836
#: serverguide/C/mail.xml:758(title)
15837
msgid "Firewall Configuration for an Email Server"
15838
msgstr ""
15839
15840
#: serverguide/C/mail.xml:764(para)
15841
msgid "IMAP - 143"
15842
msgstr ""
15843
15844
#: serverguide/C/mail.xml:765(para)
15845
msgid "IMAPS - 993"
15846
msgstr ""
15847
15848
#: serverguide/C/mail.xml:766(para)
15849
msgid "POP3 - 110"
15850
msgstr ""
15851
15852
#: serverguide/C/mail.xml:767(para)
15853
msgid "POP3S - 995"
15854
msgstr ""
15855
15856
#: serverguide/C/mail.xml:759(para)
15857
msgid ""
15858
"To access your mail server from another computer, you must configure your "
15859
"firewall to allow connections to the server on the necessary ports. "
15860
"<placeholder-1/>"
15861
msgstr ""
15862
15863
#: serverguide/C/mail.xml:776(para)
15864
msgid ""
15865
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
15866
"more information."
15867
msgstr ""
15868
15869
#: serverguide/C/mail.xml:785(title) serverguide/C/mail.xml:862(title) serverguide/C/mail.xml:1085(title)
15870
msgid "Mailman"
15871
msgstr ""
15872
15873
#: serverguide/C/mail.xml:786(para)
15874
msgid ""
15875
"Mailman is an open source program for managing electronic mail discussions "
15876
"and e-newsletter lists. Many open source mailing lists (including all the "
15877
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
15878
"Mailman as their mailing list software. It is powerful and easy to install "
15879
"and maintain."
15880
msgstr ""
15881
15882
#: serverguide/C/mail.xml:796(para)
15883
msgid ""
15884
"Mailman provides a web interface for the administrators and users, using an "
15885
"external mail server to send and receive emails. It works perfectly with the "
15886
"following mail servers:"
15887
msgstr ""
15888
15889
#: serverguide/C/mail.xml:807(application)
15890
msgid "Exim"
15891
msgstr ""
15892
15893
#: serverguide/C/mail.xml:810(application)
15894
msgid "Sendmail"
15895
msgstr ""
15896
15897
#: serverguide/C/mail.xml:813(application)
15898
msgid "Qmail"
15899
msgstr ""
15900
15901
#: serverguide/C/mail.xml:818(para)
15902
msgid ""
15903
"We will see how to install and configure Mailman with, the Apache web "
15904
"server, and either the Postfix or Exim mail server. If you wish to install "
15905
"Mailman with a different mail server, please refer to the references section."
15906
msgstr ""
15907
15908
#: serverguide/C/mail.xml:825(para)
15909
msgid ""
15910
"You only need to install one mail server and "
15911
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
15912
msgstr ""
15913
15914
#: serverguide/C/mail.xml:830(title) serverguide/C/mail.xml:889(title)
15915
msgid "Apache2"
15916
msgstr ""
15917
15918
#: serverguide/C/mail.xml:831(para)
15919
msgid ""
15920
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
15921
"installation\">HTTPD Installation</ulink> section for details."
15922
msgstr ""
15923
15924
#: serverguide/C/mail.xml:839(para)
15925
msgid ""
15926
"For instructions on installing and configuring Postfix refer to <xref "
15927
"linkend=\"postfix\"/>"
15928
msgstr ""
15929
15930
#: serverguide/C/mail.xml:845(para)
15931
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
15932
msgstr ""
15933
15934
#: serverguide/C/mail.xml:856(application)
15935
msgid "dc_use_split_config='true'"
15936
msgstr ""
15937
15938
#: serverguide/C/mail.xml:848(para)
15939
msgid ""
15940
"Once exim4 is installed, the configuration files are stored in the "
15941
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
15942
"configuration files are split across different files. You can change this "
15943
"behavior by changing the following variable in the "
15944
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
15945
msgstr ""
15946
15947
#: serverguide/C/mail.xml:863(para)
15948
msgid ""
15949
"To install <application>Mailman</application>, run following command at a "
15950
"terminal prompt:"
15951
msgstr ""
15952
15953
#: serverguide/C/mail.xml:867(command)
15954
msgid "sudo apt-get install mailman"
15955
msgstr ""
15956
15957
#: serverguide/C/mail.xml:869(para)
15958
msgid ""
15959
"It copies the installation files in "
15960
"<application>/var/lib/mailman</application> directory. It installs the CGI "
15961
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
15962
"creates <emphasis>list</emphasis> linux user. It creates the "
15963
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
15964
"this user."
15965
msgstr ""
15966
15967
#: serverguide/C/mail.xml:881(para)
15968
msgid ""
15969
"This section assumes you have successfully installed "
15970
"<application>mailman</application>, <application>apache2</application>, and "
15971
"<application>postfix</application> or <application>exim4</application>. Now "
15972
"you just need to configure them."
15973
msgstr ""
15974
15975
#: serverguide/C/mail.xml:890(para)
15976
msgid ""
15977
"An example Apache configuration file comes with "
15978
"<application>Mailman</application> and is placed in "
15979
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
15980
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
15981
"available</filename>:"
15982
msgstr ""
15983
15984
#: serverguide/C/mail.xml:896(command)
15985
msgid ""
15986
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
15987
msgstr ""
15988
15989
#: serverguide/C/mail.xml:898(para)
15990
msgid ""
15991
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
15992
"Mailman administration site. Now enable the new configuration and restart "
15993
"Apache:"
15994
msgstr ""
15995
15996
#: serverguide/C/mail.xml:903(command)
15997
msgid "sudo a2ensite mailman.conf"
15998
msgstr ""
15999
16000
#: serverguide/C/mail.xml:906(para)
16001
msgid ""
16002
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
16003
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
16004
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
16005
"can make changes to the <filename>/etc/apache2/sites-"
16006
"available/mailman.conf</filename> file if you wish to change this behavior."
16007
msgstr ""
16008
16009
#: serverguide/C/mail.xml:917(para)
16010
msgid ""
16011
"For <application>Postfix</application> integration, we will associate the "
16012
"domain lists.example.com with the mailing lists. Please replace "
16013
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
16014
msgstr ""
16015
16016
#: serverguide/C/mail.xml:921(para)
16017
msgid ""
16018
"You can use the postconf command to add the necessary configuration to "
16019
"<filename>/etc/postfix/main.cf</filename>:"
16020
msgstr ""
16021
16022
#: serverguide/C/mail.xml:925(command)
16023
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
16024
msgstr ""
16025
16026
#: serverguide/C/mail.xml:926(command)
16027
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
16028
msgstr ""
16029
16030
#: serverguide/C/mail.xml:927(command)
16031
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
16032
msgstr ""
16033
16034
#: serverguide/C/mail.xml:929(para)
16035
msgid ""
16036
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
16037
"the following transport:"
16038
msgstr ""
16039
16040
#: serverguide/C/mail.xml:932(programlisting)
16041
#, no-wrap
16042
msgid ""
16043
"\n"
16044
"mailman unix - n n - - pipe\n"
16045
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
16046
" ${nexthop} ${user}\n"
16047
msgstr ""
16048
16049
#: serverguide/C/mail.xml:937(para)
16050
msgid ""
16051
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
16052
"is delivered to a list."
16053
msgstr ""
16054
16055
#: serverguide/C/mail.xml:940(para)
16056
msgid ""
16057
"Associate the domain lists.example.com to the Mailman transport with the "
16058
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
16059
msgstr ""
16060
16061
#: serverguide/C/mail.xml:943(programlisting)
16062
#, no-wrap
16063
msgid ""
16064
"\n"
16065
"lists.example.com mailman:\n"
16066
msgstr ""
16067
16068
#: serverguide/C/mail.xml:946(para)
16069
msgid ""
16070
"Now have <application>Postfix</application> build the transport map by "
16071
"entering the following from a terminal prompt:"
16072
msgstr ""
16073
16074
#: serverguide/C/mail.xml:950(command)
16075
msgid "sudo postmap -v /etc/postfix/transport"
16076
msgstr ""
16077
16078
#: serverguide/C/mail.xml:952(para)
16079
msgid "Then restart Postfix to enable the new configurations:"
16080
msgstr ""
16081
16082
#: serverguide/C/mail.xml:961(para)
16083
msgid ""
16084
"Once Exim4 is installed, you can start the Exim server using the following "
16085
"command from a terminal prompt:"
16086
msgstr ""
16087
16088
#: serverguide/C/mail.xml:977(para) serverguide/C/mail.xml:992(title)
16089
msgid "Main"
16090
msgstr ""
16091
16092
#: serverguide/C/mail.xml:980(para) serverguide/C/mail.xml:1032(title)
16093
msgid "Transport"
16094
msgstr ""
16095
16096
#: serverguide/C/mail.xml:983(para) serverguide/C/mail.xml:1055(title)
16097
msgid "Router"
16098
msgstr ""
16099
16100
#: serverguide/C/mail.xml:968(para)
16101
msgid ""
16102
"In order to make mailman work with Exim4, you need to configure Exim4. As "
16103
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
16104
"different types. For details, please refer to the <ulink "
16105
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
16106
"add new a configuration file to the following configuration types: "
16107
"<placeholder-1/> Exim creates a master configuration file by sorting all "
16108
"these mini configuration files. So, the order of these configuration files "
16109
"is very important."
16110
msgstr ""
16111
16112
#: serverguide/C/mail.xml:999(programlisting)
16113
#, no-wrap
16114
msgid ""
16115
"\n"
16116
"# start\n"
16117
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
16118
"# directory.\n"
16119
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
16120
"# This is normally the same as ~mailman\n"
16121
"MM_HOME=/var/lib/mailman\n"
16122
"#\n"
16123
"# User and group for Mailman, should match your --with-mail-gid\n"
16124
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
16125
"MM_UID=list\n"
16126
"MM_GID=list\n"
16127
"#\n"
16128
"# Domains that your lists are in - colon separated list\n"
16129
"# you may wish to add these into local_domains as well\n"
16130
"domainlist mm_domains=hostname.com\n"
16131
"#\n"
16132
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
16133
"#\n"
16134
"# These values are derived from the ones above and should not need\n"
16135
"# editing unless you have munged your mailman installation\n"
16136
"#\n"
16137
"# The path of the Mailman mail wrapper script\n"
16138
"MM_WRAP=MM_HOME/mail/mailman\n"
16139
"#\n"
16140
"# The path of the list config file (used as a required file when\n"
16141
"# verifying list addresses)\n"
16142
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
16143
"# end\n"
16144
msgstr ""
16145
16146
#: serverguide/C/mail.xml:993(para)
16147
msgid ""
16148
"All the configuration files belonging to the main type are stored in the "
16149
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
16150
"following content to a new file, named <filename>04_exim4-"
16151
"config_mailman</filename>: <placeholder-1/>"
16152
msgstr ""
16153
16154
#: serverguide/C/mail.xml:1039(programlisting)
16155
#, no-wrap
16156
msgid ""
16157
"\n"
16158
" mailman_transport:\n"
16159
" driver = pipe\n"
16160
" command = MM_WRAP \\\n"
16161
" '${if def:local_part_suffix \\\n"
16162
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
16163
"\\\n"
16164
" {post}}' \\\n"
16165
" $local_part\n"
16166
" current_directory = MM_HOME\n"
16167
" home_directory = MM_HOME\n"
16168
" user = MM_UID\n"
16169
" group = MM_GID\n"
16170
msgstr ""
16171
16172
#: serverguide/C/mail.xml:1033(para)
16173
msgid ""
16174
"All the configuration files belonging to transport type are stored in the "
16175
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
16176
"following content to a new file named <filename> 40_exim4-"
16177
"config_mailman</filename>: <placeholder-1/>"
16178
msgstr ""
16179
16180
#: serverguide/C/mail.xml:1060(programlisting)
16181
#, no-wrap
16182
msgid ""
16183
"\n"
16184
" mailman_router:\n"
16185
" driver = accept\n"
16186
" require_files = MM_HOME/lists/$local_part/config.pck\n"
16187
" local_part_suffix_optional\n"
16188
" local_part_suffix = -bounces : -bounces+* : \\\n"
16189
" -confirm+* : -join : -leave : \\\n"
16190
" -owner : -request : -admin\n"
16191
" transport = mailman_transport\n"
16192
msgstr ""
16193
16194
#: serverguide/C/mail.xml:1056(para)
16195
msgid ""
16196
"All the configuration files belonging to router type are stored in the "
16197
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
16198
"following content in to a new file named <filename>101_exim4-"
16199
"config_mailman</filename>: <placeholder-1/>"
16200
msgstr ""
16201
16202
#: serverguide/C/mail.xml:1073(para)
16203
msgid ""
16204
"The order of main and transport configuration files can be in any order. "
16205
"But, the order of router configuration files must be the same. This "
16206
"particular file must appear before the <application>200_exim4-"
16207
"config_primary</application> file. These two configuration files contain "
16208
"same type of information. The first file takes the precedence. For more "
16209
"details, please refer to the references section."
16210
msgstr ""
16211
16212
#: serverguide/C/mail.xml:1086(para)
16213
msgid ""
16214
"Once mailman is installed, you can run it using the following command:"
16215
msgstr ""
16216
16217
#: serverguide/C/mail.xml:1090(command)
16218
msgid "sudo /etc/init.d/mailman start"
16219
msgstr ""
16220
16221
#: serverguide/C/mail.xml:1092(para)
16222
msgid ""
16223
"Once mailman is installed, you should create the default mailing list. Run "
16224
"the following command to create the mailing list:"
16225
msgstr ""
16226
16227
#: serverguide/C/mail.xml:1098(command)
16228
msgid "sudo /usr/sbin/newlist mailman"
16229
msgstr ""
16230
16231
#: serverguide/C/mail.xml:1101(programlisting)
16232
#, no-wrap
16233
msgid ""
16234
"\n"
16235
" Enter the email address of the person running the list: bhuvan at "
16236
"ubuntu.com\n"
16237
" Initial mailman password:\n"
16238
" To finish creating your mailing list, you must edit your "
16239
"<filename>/etc/aliases</filename> (or\n"
16240
" equivalent) file by adding the following lines, and possibly running the\n"
16241
" `newaliases' program:\n"
16242
"\n"
16243
" ## mailman mailing list\n"
16244
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
16245
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
16246
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
16247
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
16248
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
16249
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
16250
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
16251
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
16252
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
16253
"mailman\"\n"
16254
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
16255
"mailman\"\n"
16256
"\n"
16257
" Hit enter to notify mailman owner...\n"
16258
"\n"
16259
" # \n"
16260
msgstr ""
16261
16262
#: serverguide/C/mail.xml:1124(para)
16263
msgid ""
16264
"We have configured either Postfix or Exim4 to recognize all emails from "
16265
"mailman. So, it is not mandatory to make any new entries in "
16266
"<filename>/etc/aliases</filename>. If you have made any changes to the "
16267
"configuration files, please ensure that you restart those services before "
16268
"continuing to next section."
16269
msgstr ""
16270
16271
#: serverguide/C/mail.xml:1132(para)
16272
msgid ""
16273
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
16274
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
16275
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
16276
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
16277
msgstr ""
16278
16279
#: serverguide/C/mail.xml:1143(title)
16280
msgid "Administration"
16281
msgstr ""
16282
16283
#: serverguide/C/mail.xml:1144(para)
16284
msgid ""
16285
"We assume you have a default installation. The mailman cgi scripts are still "
16286
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
16287
"Mailman provides a web based administration facility. To access this page, "
16288
"point your browser to the following url:"
16289
msgstr ""
16290
16291
#: serverguide/C/mail.xml:1152(para)
16292
msgid "http://hostname/cgi-bin/mailman/admin"
16293
msgstr ""
16294
16295
#: serverguide/C/mail.xml:1156(para)
16296
msgid ""
16297
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16298
"screen. If you click the mailing list name, it will ask for your "
16299
"authentication password. If you enter the correct password, you will be able "
16300
"to change administrative settings of this mailing list. You can create a new "
16301
"mailing list using the command line utility "
16302
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
16303
"mailing list using the web interface."
16304
msgstr ""
16305
16306
#: serverguide/C/mail.xml:1169(title)
16307
msgid "Users"
16308
msgstr ""
16309
16310
#: serverguide/C/mail.xml:1170(para)
16311
msgid ""
16312
"Mailman provides a web based interface for users. To access this page, point "
16313
"your browser to the following url:"
16314
msgstr ""
16315
16316
#: serverguide/C/mail.xml:1175(para)
16317
msgid "http://hostname/cgi-bin/mailman/listinfo"
16318
msgstr ""
16319
16320
#: serverguide/C/mail.xml:1179(para)
16321
msgid ""
16322
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16323
"screen. If you click the mailing list name, it will display the subscription "
16324
"form. You can enter your email address, name (optional), and password to "
16325
"subscribe. An email invitation will be sent to you. You can follow the "
16326
"instructions in the email to subscribe."
16327
msgstr ""
16328
16329
#: serverguide/C/mail.xml:1191(ulink)
16330
msgid "GNU Mailman - Installation Manual"
16331
msgstr ""
16332
16333
#: serverguide/C/mail.xml:1195(ulink)
16334
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
16335
msgstr ""
16336
16337
#: serverguide/C/mail.xml:1201(title)
16338
msgid "Mail Filtering"
16339
msgstr ""
16340
16341
#: serverguide/C/mail.xml:1202(para)
16342
msgid ""
16343
"One of the largest issues with email today is the problem of Unsolicited "
16344
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
16345
"and other forms of malware. According to some reports these messages make up "
16346
"the bulk of all email traffic on the Internet."
16347
msgstr ""
16348
16349
#: serverguide/C/mail.xml:1207(para)
16350
msgid ""
16351
"This section will cover integrating <application>Amavisd-new</application>, "
16352
"<application>Spamassassin</application>, and "
16353
"<application>ClamAV</application> with the "
16354
"<application>Postfix</application> Mail Transport Agent (MTA). "
16355
"<application>Postfix</application> can also check email validity by passing "
16356
"it through external content filters. These filters can sometimes determine "
16357
"if a message is spam without needing to process it with more resource "
16358
"intensive applications. Two common filters are <application>dkim-"
16359
"filter</application> and <application>python-policyd-spf</application>."
16360
msgstr ""
16361
16362
#: serverguide/C/mail.xml:1217(para)
16363
msgid ""
16364
"<application>Amavisd-new</application> is a wrapper program that can call "
16365
"any number of content filtering programs for spam detection, antivirus, etc."
16366
msgstr ""
16367
16368
#: serverguide/C/mail.xml:1223(para)
16369
msgid ""
16370
"<application>Spamassassin</application> uses a variety of mechanisms to "
16371
"filter email based on the message content."
16372
msgstr ""
16373
16374
#: serverguide/C/mail.xml:1228(para)
16375
msgid ""
16376
"<application>ClamAV</application> is an open source antivirus application."
16377
msgstr ""
16378
16379
#: serverguide/C/mail.xml:1233(para)
16380
msgid ""
16381
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
16382
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
16383
msgstr ""
16384
16385
#: serverguide/C/mail.xml:1239(para)
16386
msgid ""
16387
"<application>python-policyd-spf</application> enables Sender Policy "
16388
"Framework (SPF) checking with <application>Postfix</application>."
16389
msgstr ""
16390
16391
#: serverguide/C/mail.xml:1244(para)
16392
msgid "This is how the pieces fit together:"
16393
msgstr ""
16394
16395
#: serverguide/C/mail.xml:1249(para)
16396
msgid "An email message is accepted by <application>Postfix</application>."
16397
msgstr ""
16398
16399
#: serverguide/C/mail.xml:1254(para)
16400
msgid ""
16401
"The message is passed through any external filters <application>dkim-"
16402
"filter</application> and <application>python-policyd-spf</application> in "
16403
"this case."
16404
msgstr ""
16405
16406
#: serverguide/C/mail.xml:1260(para)
16407
msgid "<application>Amavisd-new</application> then processes the message."
16408
msgstr ""
16409
16410
#: serverguide/C/mail.xml:1265(para)
16411
msgid ""
16412
"<application>ClamAV</application> is used to scan the message. If the "
16413
"message contains a virus <application>Postfix</application> will reject the "
16414
"message."
16415
msgstr ""
16416
16417
#: serverguide/C/mail.xml:1271(para)
16418
msgid ""
16419
"Clean messages will then be analyzed by "
16420
"<application>Spamassassin</application> to find out if the message is spam. "
16421
"<application>Spamassassin</application> will then add X-Header lines "
16422
"allowing <application>Amavisd-new</application> to further manipulate the "
16423
"message."
16424
msgstr ""
16425
16426
#: serverguide/C/mail.xml:1278(para)
16427
msgid ""
16428
"For example, if a message has a Spam score of over fifty the message could "
16429
"be automatically dropped from the queue without the recipient ever having to "
16430
"be bothered. Another, way to handle flagged messages is to deliver them to "
16431
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
16432
"see fit."
16433
msgstr ""
16434
16435
#: serverguide/C/mail.xml:1285(para)
16436
msgid ""
16437
"See <xref linkend=\"postfix\"/> for instructions on installing and "
16438
"configuring Postfix."
16439
msgstr ""
16440
16441
#: serverguide/C/mail.xml:1288(para)
16442
msgid ""
16443
"To install the rest of the applications enter the following from a terminal "
16444
"prompt:"
16445
msgstr ""
16446
16447
#: serverguide/C/mail.xml:1292(command)
16448
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
16449
msgstr ""
16450
16451
#: serverguide/C/mail.xml:1293(command)
16452
msgid "sudo apt-get install dkim-filter python-policyd-spf"
16453
msgstr ""
16454
16455
#: serverguide/C/mail.xml:1295(para)
16456
msgid ""
16457
"There are some optional packages that integrate with "
16458
"<application>Spamassassin</application> for better spam detection:"
16459
msgstr ""
16460
16461
#: serverguide/C/mail.xml:1299(command)
16462
msgid "sudo apt-get install pyzor razor"
16463
msgstr ""
16464
16465
#: serverguide/C/mail.xml:1301(para)
16466
msgid ""
16467
"Along with the main filtering applications compression utilities are needed "
16468
"to process some email attachments:"
16469
msgstr ""
16470
16471
#: serverguide/C/mail.xml:1305(command)
16472
msgid ""
16473
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
16474
msgstr ""
16475
16476
#: serverguide/C/mail.xml:1310(para)
16477
msgid "Now configure everything to work together and filter email."
16478
msgstr ""
16479
16480
#: serverguide/C/mail.xml:1314(title)
16481
msgid "ClamAV"
16482
msgstr ""
16483
16484
#: serverguide/C/mail.xml:1315(para)
16485
msgid ""
16486
"The default behaviour of <application>ClamAV</application> will fit our "
16487
"needs. For more ClamAV configuration options, check the configuration files "
16488
"in <filename>/etc/clamav</filename>."
16489
msgstr ""
16490
16491
#: serverguide/C/mail.xml:1320(para)
16492
msgid ""
16493
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
16494
"group in order for <application>Amavisd-new</application> to have the "
16495
"appropriate access to scan files:"
16496
msgstr ""
16497
16498
#: serverguide/C/mail.xml:1325(command)
16499
msgid "sudo adduser clamav amavis"
16500
msgstr ""
16501
16502
#: serverguide/C/mail.xml:1329(title)
16503
msgid "Spamassassin"
16504
msgstr ""
16505
16506
#: serverguide/C/mail.xml:1330(para)
16507
msgid ""
16508
"Spamassassin automatically detects optional components and will use them if "
16509
"they are present. This means that there is no need to configure "
16510
"<application>pyzor</application> and <application>razor</application>."
16511
msgstr ""
16512
16513
#: serverguide/C/mail.xml:1334(para)
16514
msgid ""
16515
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
16516
"<application>Spamassassin</application> daemon. Change "
16517
"<emphasis>ENABLED=0</emphasis> to:"
16518
msgstr ""
16519
16520
#: serverguide/C/mail.xml:1338(programlisting)
16521
#, no-wrap
16522
msgid ""
16523
"\n"
16524
"ENABLED=1\n"
16525
msgstr ""
16526
16527
#: serverguide/C/mail.xml:1341(para)
16528
msgid "Now start the daemon:"
16529
msgstr ""
16530
16531
#: serverguide/C/mail.xml:1345(command)
16532
msgid "sudo /etc/init.d/spamassassin start"
16533
msgstr ""
16534
16535
#: serverguide/C/mail.xml:1349(title)
16536
msgid "Amavisd-new"
16537
msgstr ""
16538
16539
#: serverguide/C/mail.xml:1350(para)
16540
msgid ""
16541
"First activate spam and antivirus detection in <application>Amavisd-"
16542
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
16543
"content_filter_mode</filename>:"
16544
msgstr ""
16545
16546
#: serverguide/C/mail.xml:1354(programlisting)
16547
#, no-wrap
16548
msgid ""
16549
"\n"
16550
"use strict;\n"
16551
"\n"
16552
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
16553
"# and to re-enable antivirus checking.\n"
16554
"\n"
16555
"#\n"
16556
"# Default antivirus checking mode\n"
16557
"# Uncomment the two lines below to enable it\n"
16558
"#\n"
16559
"\n"
16560
"@bypass_virus_checks_maps = (\n"
16561
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
16562
"$bypass_virus_checks_re);\n"
16563
"\n"
16564
"\n"
16565
"#\n"
16566
"# Default SPAM checking mode\n"
16567
"# Uncomment the two lines below to enable it\n"
16568
"#\n"
16569
"\n"
16570
"@bypass_spam_checks_maps = (\n"
16571
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
16572
"$bypass_spam_checks_re);\n"
16573
"\n"
16574
"1; # insure a defined return\n"
16575
msgstr ""
16576
16577
#: serverguide/C/mail.xml:1379(para)
16578
msgid ""
16579
"Bouncing spam can be a bad idea as the return address is often faked. "
16580
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
16581
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
16582
"D_BOUNCE, as follows:"
16583
msgstr ""
16584
16585
#: serverguide/C/mail.xml:1385(programlisting)
16586
#, no-wrap
16587
msgid ""
16588
"\n"
16589
"$final_spam_destiny = D_DISCARD;\n"
16590
msgstr ""
16591
16592
#: serverguide/C/mail.xml:1389(para)
16593
msgid ""
16594
"Additionally, you may want to adjust the following options to flag more "
16595
"messages as spam:"
16596
msgstr ""
16597
16598
#: serverguide/C/mail.xml:1393(programlisting)
16599
#, no-wrap
16600
msgid ""
16601
"\n"
16602
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
16603
"level\n"
16604
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
16605
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
16606
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
16607
msgstr ""
16608
16609
#: serverguide/C/mail.xml:1400(para)
16610
msgid ""
16611
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
16612
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
16613
"option. Also, if the server receives mail for multiple domains the "
16614
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
16615
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
16616
msgstr ""
16617
16618
#: serverguide/C/mail.xml:1407(programlisting)
16619
#, no-wrap
16620
msgid ""
16621
"\n"
16622
"$myhostname = 'mail.example.com';\n"
16623
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
16624
msgstr ""
16625
16626
#: serverguide/C/mail.xml:1412(para)
16627
msgid ""
16628
"After configuration <application>Amavisd-new</application> needs to be "
16629
"restarted:"
16630
msgstr ""
16631
16632
#: serverguide/C/mail.xml:1416(command) serverguide/C/mail.xml:1462(command)
16633
msgid "sudo /etc/init.d/amavis restart"
16634
msgstr ""
16635
16636
#: serverguide/C/mail.xml:1419(title)
16637
msgid "DKIM Whitelist"
16638
msgstr ""
16639
16640
#: serverguide/C/mail.xml:1421(para)
16641
msgid ""
16642
"<application>Amavisd-new</application> can be configured to automatically "
16643
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
16644
"Keys. There are some pre-configured domains in the "
16645
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
16646
msgstr ""
16647
16648
#: serverguide/C/mail.xml:1427(para)
16649
msgid "There are multiple ways to configure the Whitelist for a domain:"
16650
msgstr ""
16651
16652
#: serverguide/C/mail.xml:1433(para)
16653
msgid ""
16654
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16655
"address from the \"example.com\" domain."
16656
msgstr ""
16657
16658
#: serverguide/C/mail.xml:1438(para)
16659
msgid ""
16660
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16661
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
16662
"have a valid signature."
16663
msgstr ""
16664
16665
#: serverguide/C/mail.xml:1444(para)
16666
msgid ""
16667
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
16668
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
16669
"role=\"italic\">example.com</emphasis> the parent domain."
16670
msgstr ""
16671
16672
#: serverguide/C/mail.xml:1450(para)
16673
msgid ""
16674
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
16675
"that have a valid signature from \"example.com\". This is usually used for "
16676
"discussion groups that sign thier messages."
16677
msgstr ""
16678
16679
#: serverguide/C/mail.xml:1457(para)
16680
msgid ""
16681
"A domain can also have multiple Whitelist configurations. After, editing the "
16682
"file restart <application>amaisd-new</application>:"
16683
msgstr ""
16684
16685
#: serverguide/C/mail.xml:1466(para)
16686
msgid ""
16687
"In this context, once a domain has been added to the Whitelist the message "
16688
"will not receive any anti-virus or spam filtering. This may or may not be "
16689
"the intended behavior you wish for a domain."
16690
msgstr ""
16691
16692
#: serverguide/C/mail.xml:1476(para)
16693
msgid ""
16694
"For <application>Postfix</application> integration, enter the following from "
16695
"a terminal prompt:"
16696
msgstr ""
16697
16698
#: serverguide/C/mail.xml:1480(command)
16699
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
16700
msgstr ""
16701
16702
#: serverguide/C/mail.xml:1482(para)
16703
msgid ""
16704
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
16705
"to the end of the file:"
16706
msgstr ""
16707
16708
#: serverguide/C/mail.xml:1485(programlisting)
16709
#, no-wrap
16710
msgid ""
16711
"\n"
16712
"smtp-amavis unix - - - - 2 smtp\n"
16713
" -o smtp_data_done_timeout=1200\n"
16714
" -o smtp_send_xforward_command=yes\n"
16715
" -o disable_dns_lookups=yes\n"
16716
" -o max_use=20\n"
16717
"\n"
16718
"127.0.0.1:10025 inet n - - - - smtpd\n"
16719
" -o content_filter=\n"
16720
" -o local_recipient_maps=\n"
16721
" -o relay_recipient_maps=\n"
16722
" -o smtpd_restriction_classes=\n"
16723
" -o smtpd_delay_reject=no\n"
16724
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
16725
" -o smtpd_helo_restrictions=\n"
16726
" -o smtpd_sender_restrictions=\n"
16727
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
16728
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
16729
" -o smtpd_end_of_data_restrictions=\n"
16730
" -o mynetworks=127.0.0.0/8\n"
16731
" -o smtpd_error_sleep_time=0\n"
16732
" -o smtpd_soft_error_limit=1001\n"
16733
" -o smtpd_hard_error_limit=1000\n"
16734
" -o smtpd_client_connection_count_limit=0\n"
16735
" -o smtpd_client_connection_rate_limit=0\n"
16736
" -o "
16737
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
16738
msgstr ""
16739
16740
#: serverguide/C/mail.xml:1512(para)
16741
msgid ""
16742
"Also add the following two lines immediately below the "
16743
"<emphasis>\"pickup\"</emphasis> transport service:"
16744
msgstr ""
16745
16746
#: serverguide/C/mail.xml:1515(programlisting)
16747
#, no-wrap
16748
msgid ""
16749
"\n"
16750
" -o content_filter=\n"
16751
" -o receive_override_options=no_header_body_checks\n"
16752
msgstr ""
16753
16754
#: serverguide/C/mail.xml:1519(para)
16755
msgid ""
16756
"This will prevent messages that are generated to report on spam from being "
16757
"classified as spam."
16758
msgstr ""
16759
16760
#: serverguide/C/mail.xml:1522(para)
16761
msgid "Now restart <application>Postfix</application>:"
16762
msgstr ""
16763
16764
#: serverguide/C/mail.xml:1528(para)
16765
msgid "Content filtering with spam and virus detection is now enabled."
16766
msgstr ""
16767
16768
#: serverguide/C/mail.xml:1535(para)
16769
msgid ""
16770
"First, test that the <application>Amavisd-new</application> SMTP is "
16771
"listening:"
16772
msgstr ""
16773
16774
#: serverguide/C/mail.xml:1538(programlisting)
16775
#, no-wrap
16776
msgid ""
16777
"\n"
16778
"telnet localhost 10024\n"
16779
"Trying 127.0.0.1...\n"
16780
"Connected to localhost.\n"
16781
"Escape character is '^]'.\n"
16782
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
16783
"^]\n"
16784
msgstr ""
16785
16786
#: serverguide/C/mail.xml:1546(para)
16787
msgid ""
16788
"In the Header of messages that go through the content filter you should see:"
16789
msgstr ""
16790
16791
#: serverguide/C/mail.xml:1549(programlisting)
16792
#, no-wrap
16793
msgid ""
16794
"\n"
16795
"X-Spam-Level: \n"
16796
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
16797
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
16798
"BAYES_00\n"
16799
"X-Spam-Level: \n"
16800
msgstr ""
16801
16802
#: serverguide/C/mail.xml:1556(para)
16803
msgid ""
16804
"Your output will vary, but the important thing is that there are <emphasis>X-"
16805
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
16806
msgstr ""
16807
16808
#: serverguide/C/mail.xml:1564(para)
16809
msgid ""
16810
"The best way to figure out why something is going wrong is to check the log "
16811
"files."
16812
msgstr ""
16813
16814
#: serverguide/C/mail.xml:1569(para)
16815
msgid ""
16816
"For instructions on <application>Postfix</application> logging see the <xref "
16817
"linkend=\"postfix-troubleshooting\"/> section."
16818
msgstr ""
16819
16820
#: serverguide/C/mail.xml:1575(para)
16821
msgid ""
16822
"<application>Amavisd-new</application> uses "
16823
"<application>Syslog</application> to send messages to "
16824
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
16825
"increased by adding the <emphasis>$log_level</emphasis> option to "
16826
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
16827
"1 to 5."
16828
msgstr ""
16829
16830
#: serverguide/C/mail.xml:1580(programlisting)
16831
#, no-wrap
16832
msgid ""
16833
"\n"
16834
"$log_level = 2;\n"
16835
msgstr ""
16836
16837
#: serverguide/C/mail.xml:1584(para)
16838
msgid ""
16839
"When the <application>Amavisd-new</application> log output is increased "
16840
"<application>Spamassassin</application> log output is also increased."
16841
msgstr ""
16842
16843
#: serverguide/C/mail.xml:1591(para)
16844
msgid ""
16845
"The <application>ClamAV</application> log level can be increased by editing "
16846
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
16847
msgstr ""
16848
16849
#: serverguide/C/mail.xml:1595(programlisting)
16850
#, no-wrap
16851
msgid ""
16852
"\n"
16853
"LogVerbose true\n"
16854
msgstr ""
16855
16856
#: serverguide/C/mail.xml:1598(para)
16857
msgid ""
16858
"By default <application>ClamAV</application> will send log messages to "
16859
"<filename>/var/log/clamav/clamav.log</filename>."
16860
msgstr ""
16861
16862
#: serverguide/C/mail.xml:1604(para)
16863
msgid ""
16864
"After changing an applications log settings remember to restart the service "
16865
"for the new settings to take affect. Also, once the issue you are "
16866
"troubleshooting is resolved it is a good idea to change the log settings "
16867
"back to normal."
16868
msgstr ""
16869
16870
#: serverguide/C/mail.xml:1612(para)
16871
msgid "For more information on filtering mail see the following links:"
16872
msgstr ""
16873
16874
#: serverguide/C/mail.xml:1618(ulink)
16875
msgid "Amavisd-new Documentation"
16876
msgstr ""
16877
16878
#: serverguide/C/mail.xml:1622(para)
16879
msgid ""
16880
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
16881
"Documentation</ulink> and <ulink "
16882
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
16883
msgstr ""
16884
16885
#: serverguide/C/mail.xml:1629(ulink)
16886
msgid "Spamassassin Wiki"
16887
msgstr ""
16888
16889
#: serverguide/C/mail.xml:1634(ulink)
16890
msgid "Pyzor Homepage"
16891
msgstr ""
16892
16893
#: serverguide/C/mail.xml:1639(ulink)
16894
msgid "Razor Homepage"
16895
msgstr ""
16896
16897
#: serverguide/C/mail.xml:1644(ulink)
16898
msgid "DKIM.org"
16899
msgstr ""
16900
16901
#: serverguide/C/mail.xml:1648(para)
16902
msgid ""
16903
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
16904
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
16905
msgstr ""
16906
16907
#: serverguide/C/lamp-applications.xml:13(title)
16908
msgid "LAMP Applications"
16909
msgstr ""
16910
16911
#: serverguide/C/lamp-applications.xml:19(para)
16912
msgid ""
16913
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
16914
"Ubuntu servers. There is a plethora of Open Source applications written "
16915
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
16916
"Content Management Systems, and Management Software such as phpMyAdmin."
16917
msgstr ""
16918
16919
#: serverguide/C/lamp-applications.xml:26(para)
16920
msgid ""
16921
"One advantage of LAMP is the substantial flexibility for different database, "
16922
"web server, and scripting languages. Popular substitutes for MySQL include "
16923
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
16924
"instead of PHP."
16925
msgstr ""
16926
16927
#: serverguide/C/lamp-applications.xml:32(para)
16928
msgid ""
16929
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
16930
"is:"
16931
msgstr ""
16932
16933
#: serverguide/C/lamp-applications.xml:38(para)
16934
msgid "Download an archive containing the application source files."
16935
msgstr ""
16936
16937
#: serverguide/C/lamp-applications.xml:43(para)
16938
msgid ""
16939
"Unpack the archive, usually in a directory accessible to a web server."
16940
msgstr ""
16941
16942
#: serverguide/C/lamp-applications.xml:48(para)
16943
msgid ""
16944
"Depending on where the source was extracted, configure a web browser to "
16945
"serve the files."
16946
msgstr ""
16947
16948
#: serverguide/C/lamp-applications.xml:53(para)
16949
msgid "Configure the application to connect to the database."
16950
msgstr ""
16951
16952
#: serverguide/C/lamp-applications.xml:58(para)
16953
msgid ""
16954
"Run a script, or browse to a page of the application, to install the "
16955
"database needed by the application."
16956
msgstr ""
16957
16958
#: serverguide/C/lamp-applications.xml:63(para)
16959
msgid ""
16960
"Once the steps above, or similar steps, are completed you are ready to begin "
16961
"using the application."
16962
msgstr ""
16963
16964
#: serverguide/C/lamp-applications.xml:69(para)
16965
msgid ""
16966
"A disadvantage of using this approach is that the application files are not "
16967
"placed in the file system in a standard way, which can cause confusion as to "
16968
"where the application is installed. Another larger disadvantage is updating "
16969
"the application. When a new version is released, the same process used to "
16970
"install the application is needed to apply updates."
16971
msgstr ""
16972
16973
#: serverguide/C/lamp-applications.xml:76(para)
16974
msgid ""
16975
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
16976
"packaged for Ubuntu, and are available for installation in the same way as "
16977
"non-LAMP applications. Depending on the application some extra configuration "
16978
"and setup steps may be needed, however."
16979
msgstr ""
16980
16981
#: serverguide/C/lamp-applications.xml:82(para)
16982
msgid ""
16983
"This section covers howto install and configure the Wiki applications "
16984
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
16985
"and the MySQL management application <application>phpMyAdmin</application>."
16986
msgstr ""
16987
16988
#: serverguide/C/lamp-applications.xml:88(para)
16989
msgid ""
16990
"A Wiki is a website that allows the visitors to easily add, remove and "
16991
"modify available content easily. The ease of interaction and operation makes "
16992
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
16993
"also referred to the collaborative software."
16994
msgstr ""
16995
16996
#: serverguide/C/lamp-applications.xml:100(title)
16997
msgid "Moin Moin"
16998
msgstr ""
16999
17000
#: serverguide/C/lamp-applications.xml:102(para)
17001
msgid ""
17002
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
17003
"engine, and licensed under the GNU GPL."
17004
msgstr ""
17005
17006
#: serverguide/C/lamp-applications.xml:110(para)
17007
msgid ""
17008
"To install <application>MoinMoin</application>, run the following command in "
17009
"the command prompt:"
17010
msgstr ""
17011
17012
#: serverguide/C/lamp-applications.xml:116(command)
17013
msgid "sudo apt-get install python-moinmoin"
17014
msgstr ""
17015
17016
#: serverguide/C/lamp-applications.xml:119(para)
17017
msgid ""
17018
"You should also install <application>apache2</application> web server. For "
17019
"installing <application>apache2</application> web server, please refer to "
17020
"<xref linkend=\"http-installation\"/> sub-section in <xref "
17021
"linkend=\"httpd\"/> section."
17022
msgstr ""
17023
17024
#: serverguide/C/lamp-applications.xml:130(para)
17025
msgid ""
17026
"For configuring your first Wiki application, please run the following set of "
17027
"commands. Let us assume that you are creating a Wiki named "
17028
"<emphasis>mywiki</emphasis>:"
17029
msgstr ""
17030
17031
#: serverguide/C/lamp-applications.xml:137(command)
17032
msgid "cd /usr/share/moin"
17033
msgstr ""
17034
17035
#: serverguide/C/lamp-applications.xml:138(command)
17036
msgid "sudo mkdir mywiki"
17037
msgstr ""
17038
17039
#: serverguide/C/lamp-applications.xml:139(command)
17040
msgid "sudo cp -R data mywiki"
17041
msgstr ""
17042
17043
#: serverguide/C/lamp-applications.xml:140(command)
17044
msgid "sudo cp -R underlay mywiki"
17045
msgstr ""
17046
17047
#: serverguide/C/lamp-applications.xml:141(command)
17048
msgid "sudo cp server/moin.cgi mywiki"
17049
msgstr ""
17050
17051
#: serverguide/C/lamp-applications.xml:142(command)
17052
msgid "sudo chown -R www-data.www-data mywiki"
17053
msgstr ""
17054
17055
#: serverguide/C/lamp-applications.xml:143(command)
17056
msgid "sudo chmod -R ug+rwX mywiki"
17057
msgstr ""
17058
17059
#: serverguide/C/lamp-applications.xml:144(command)
17060
msgid "sudo chmod -R o-rwx mywiki"
17061
msgstr ""
17062
17063
#: serverguide/C/lamp-applications.xml:147(para)
17064
msgid ""
17065
"Now you should configure <application>MoinMoin</application> to find your "
17066
"new Wiki <emphasis>mywiki</emphasis>. To configure "
17067
"<application>MoinMoin</application>, open "
17068
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
17069
msgstr ""
17070
17071
#: serverguide/C/lamp-applications.xml:155(programlisting)
17072
#, no-wrap
17073
msgid "data_dir = '/org/mywiki/data'"
17074
msgstr ""
17075
17076
#: serverguide/C/lamp-applications.xml:157(para)
17077
msgid "to"
17078
msgstr ""
17079
17080
#: serverguide/C/lamp-applications.xml:161(programlisting)
17081
#, no-wrap
17082
msgid "data_dir = '/usr/share/moin/mywiki/data'"
17083
msgstr ""
17084
17085
#: serverguide/C/lamp-applications.xml:163(para)
17086
msgid ""
17087
"Also, below the <emphasis>data_dir</emphasis> option add the "
17088
"<emphasis>data_underlay_dir</emphasis>:"
17089
msgstr ""
17090
17091
#: serverguide/C/lamp-applications.xml:167(programlisting)
17092
#, no-wrap
17093
msgid ""
17094
"\n"
17095
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
17096
msgstr ""
17097
17098
#: serverguide/C/lamp-applications.xml:172(para)
17099
msgid ""
17100
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
17101
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
17102
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
17103
"change."
17104
msgstr ""
17105
17106
#: serverguide/C/lamp-applications.xml:181(para)
17107
msgid ""
17108
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
17109
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
17110
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
17111
"<quote>(\"mywiki\", r\".*\")</quote>."
17112
msgstr ""
17113
17114
#: serverguide/C/lamp-applications.xml:189(para)
17115
msgid ""
17116
"Once you have configured <application>MoinMoin</application> to find your "
17117
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
17118
"<application>apache2</application> and make it ready for your Wiki "
17119
"application."
17120
msgstr ""
17121
17122
#: serverguide/C/lamp-applications.xml:196(para)
17123
msgid ""
17124
"You should add the following lines in <filename>/etc/apache2/sites-"
17125
"available/default</filename> file inside the <quote><VirtualHost "
17126
"*></quote> tag:"
17127
msgstr ""
17128
17129
#: serverguide/C/lamp-applications.xml:202(programlisting)
17130
#, no-wrap
17131
msgid ""
17132
"\n"
17133
"### moin\n"
17134
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
17135
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
17136
" <Directory /usr/share/moin/htdocs>\n"
17137
" Order allow,deny\n"
17138
" allow from all\n"
17139
" </Directory>\n"
17140
"### end moin\n"
17141
msgstr ""
17142
17143
#: serverguide/C/lamp-applications.xml:214(para)
17144
msgid ""
17145
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
17146
"<emphasis>alias</emphasis> line above, to the "
17147
"<application>moinmoin</application> version installed."
17148
msgstr ""
17149
17150
#: serverguide/C/lamp-applications.xml:220(para)
17151
msgid ""
17152
"Once you configure the <application>apache2</application> web server and "
17153
"make it ready for your Wiki application, you should restart it. You can run "
17154
"the following command to restart the <application>apache2</application> web "
17155
"server:"
17156
msgstr ""
17157
17158
#: serverguide/C/lamp-applications.xml:233(title)
17159
msgid "Verification"
17160
msgstr ""
17161
17162
#: serverguide/C/lamp-applications.xml:235(para)
17163
msgid ""
17164
"You can verify the Wiki application and see if it works by pointing your web "
17165
"browser to the following URL:"
17166
msgstr ""
17167
17168
#: serverguide/C/lamp-applications.xml:239(programlisting)
17169
#, no-wrap
17170
msgid ""
17171
"\n"
17172
"http://localhost/mywiki\n"
17173
msgstr ""
17174
17175
#: serverguide/C/lamp-applications.xml:243(para)
17176
msgid ""
17177
"You can also run the test command by pointing your web browser to the "
17178
"following URL:"
17179
msgstr ""
17180
17181
#: serverguide/C/lamp-applications.xml:248(programlisting)
17182
#, no-wrap
17183
msgid ""
17184
"\n"
17185
"http://localhost/mywiki?action=test\n"
17186
msgstr ""
17187
17188
#: serverguide/C/lamp-applications.xml:252(para)
17189
msgid ""
17190
"For more details, please refer to the <ulink "
17191
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
17192
msgstr ""
17193
17194
#: serverguide/C/lamp-applications.xml:263(para)
17195
msgid ""
17196
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
17197
"Wiki</ulink>."
17198
msgstr ""
17199
17200
#: serverguide/C/lamp-applications.xml:272(title)
17201
msgid "MediaWiki"
17202
msgstr ""
17203
17204
#: serverguide/C/lamp-applications.xml:274(para)
17205
msgid ""
17206
"MediaWiki is an web based Wiki software written in the PHP language. It can "
17207
"either use <application>MySQL</application> or "
17208
"<application>PostgreSQL</application> Database Management System."
17209
msgstr ""
17210
17211
#: serverguide/C/lamp-applications.xml:284(para)
17212
msgid ""
17213
"Before installing <application>MediaWiki</application> you should also "
17214
"install <application>Apache2</application>, the "
17215
"<application>PHP5</application> scripting language and Database a Management "
17216
"System. <application>MySQL</application> or "
17217
"<application>PostgreSQL</application> are the most common, choose one "
17218
"depending on your need. Please refer to those sections in this manual for "
17219
"installation instructions."
17220
msgstr ""
17221
17222
#: serverguide/C/lamp-applications.xml:292(para)
17223
msgid ""
17224
"To install <application>MediaWiki</application>, run the following command "
17225
"in the command prompt:"
17226
msgstr ""
17227
17228
#: serverguide/C/lamp-applications.xml:298(command)
17229
msgid "sudo apt-get install mediawiki php5-gd"
17230
msgstr ""
17231
17232
#: serverguide/C/lamp-applications.xml:301(para)
17233
msgid ""
17234
"For additional <application>MediaWiki</application> functionality see the "
17235
"<application>mediawiki-extensions</application> package."
17236
msgstr ""
17237
17238
#: serverguide/C/lamp-applications.xml:311(para)
17239
msgid ""
17240
"The Apache configuration file <filename>mediawiki.conf</filename> for "
17241
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
17242
"directory. You should uncomment the following line in this file to access "
17243
"MediaWiki application."
17244
msgstr ""
17245
17246
#: serverguide/C/lamp-applications.xml:319(screen)
17247
#, no-wrap
17248
msgid ""
17249
"\n"
17250
"# Alias /mediawiki /var/lib/mediawiki\n"
17251
msgstr ""
17252
17253
#: serverguide/C/lamp-applications.xml:323(para)
17254
msgid ""
17255
"After you uncomment the above line, restart Apache server and access "
17256
"MediaWiki using the following url:"
17257
msgstr ""
17258
17259
#: serverguide/C/lamp-applications.xml:328(programlisting)
17260
#, no-wrap
17261
msgid ""
17262
"\n"
17263
"http://localhost/mediawiki/config/index.php\n"
17264
msgstr ""
17265
17266
#: serverguide/C/lamp-applications.xml:333(para)
17267
msgid ""
17268
"Please read the <quote>Checking environment...</quote> section in this page. "
17269
"You should be able to fix many issues by carefully reading this section."
17270
msgstr ""
17271
17272
#: serverguide/C/lamp-applications.xml:340(para)
17273
msgid ""
17274
"Once the configuration is complete, you should copy the "
17275
"<filename>/var/lib/mediawiki/LocalSettings.php</filename> file to "
17276
"<filename>/etc/mediawiki</filename> directory."
17277
msgstr ""
17278
17279
#: serverguide/C/lamp-applications.xml:348(title)
17280
msgid "Extensions"
17281
msgstr ""
17282
17283
#: serverguide/C/lamp-applications.xml:349(para)
17284
msgid ""
17285
"The extensions add new features and enhancements for the MediaWiki "
17286
"application. The extensions give wiki administrators and end users the "
17287
"ability to customize MediaWiki to their requirements."
17288
msgstr ""
17289
17290
#: serverguide/C/lamp-applications.xml:355(para)
17291
msgid ""
17292
"You can download MediaWiki extensions as an archive file or checkout from "
17293
"the Subversion repository. You should copy it to "
17294
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
17295
"also add the following line at the end of file: "
17296
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
17297
msgstr ""
17298
17299
#: serverguide/C/lamp-applications.xml:363(programlisting)
17300
#, no-wrap
17301
msgid ""
17302
"\n"
17303
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
17304
msgstr ""
17305
17306
#: serverguide/C/lamp-applications.xml:373(para)
17307
msgid ""
17308
"For more details, please refer to the <ulink "
17309
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
17310
msgstr ""
17311
17312
#: serverguide/C/lamp-applications.xml:379(para)
17313
msgid ""
17314
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
17315
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
17316
"new MediaWiki administrators."
17317
msgstr ""
17318
17319
#: serverguide/C/lamp-applications.xml:389(title)
17320
msgid "phpMyAdmin"
17321
msgstr ""
17322
17323
#: serverguide/C/lamp-applications.xml:391(para)
17324
msgid ""
17325
"<application>phpMyAdmin</application> is a LAMP application specifically "
17326
"written for administering <application>MySQL</application> servers. Written "
17327
"in <application>PHP</application>, and accessed through a web browser, "
17328
"phpMyAdmin provides a graphical interface for database administration tasks."
17329
msgstr ""
17330
17331
#: serverguide/C/lamp-applications.xml:400(para)
17332
msgid ""
17333
"Before installing <application>phpMyAdmin</application> you will need access "
17334
"to a <application>MySQL</application> database either on the same host as "
17335
"that phpMyAdmin is installed on, or on a host accessible over the network. "
17336
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
17337
"enter:"
17338
msgstr ""
17339
17340
#: serverguide/C/lamp-applications.xml:407(command)
17341
msgid "sudo apt-get install phpmyadmin"
17342
msgstr ""
17343
17344
#: serverguide/C/lamp-applications.xml:410(para)
17345
msgid ""
17346
"At the prompt choose which web server to be configured for "
17347
"<application>phpMyAdmin</application>. The rest of this section will use "
17348
"<application>Apache2</application> for the web server."
17349
msgstr ""
17350
17351
#: serverguide/C/lamp-applications.xml:415(para)
17352
msgid ""
17353
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
17354
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
17355
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
17356
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
17357
"user if you any setup, and enter the <application>MySQL</application> user's "
17358
"password."
17359
msgstr ""
17360
17361
#: serverguide/C/lamp-applications.xml:422(para)
17362
msgid ""
17363
"Once logged in you can reset the <emphasis>root</emphasis> password if "
17364
"needed, create users, create/destroy databases and tables, etc."
17365
msgstr ""
17366
17367
#: serverguide/C/lamp-applications.xml:430(para)
17368
msgid ""
17369
"The configuration files for <application>phpMyAdmin</application> are "
17370
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
17371
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
17372
"configuration options that apply globally to "
17373
"<application>phpMyAdmin</application>."
17374
msgstr ""
17375
17376
#: serverguide/C/lamp-applications.xml:436(para)
17377
msgid ""
17378
"To use <application>phpMyAdmin</application> to administer a MySQL database "
17379
"hosted on another server, adjust the following in "
17380
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
17381
msgstr ""
17382
17383
#: serverguide/C/lamp-applications.xml:441(programlisting)
17384
#, no-wrap
17385
msgid ""
17386
"\n"
17387
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
17388
msgstr ""
17389
17390
#: serverguide/C/lamp-applications.xml:446(para)
17391
msgid ""
17392
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
17393
"remote database server name or IP address. Also, be sure that the "
17394
"<application>phpMyAdmin</application> host has permissions to access the "
17395
"remote database."
17396
msgstr ""
17397
17398
#: serverguide/C/lamp-applications.xml:452(para)
17399
msgid ""
17400
"Once configured, log out of <application>phpMyAdmin</application> and back "
17401
"in, and you should be accessing the new server."
17402
msgstr ""
17403
17404
#: serverguide/C/lamp-applications.xml:456(para)
17405
msgid ""
17406
"The <filename>config.header.inc.php</filename> and "
17407
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
17408
"header and footer to <application>phpMyAdmin</application>."
17409
msgstr ""
17410
17411
#: serverguide/C/lamp-applications.xml:461(para)
17412
msgid ""
17413
"Another important configuration file is "
17414
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
17415
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
17416
"configure <application>Apache2</application> to serve the "
17417
"<application>phpMyAdmin</application> site. The file contains directives for "
17418
"loading <application>PHP</application>, directory permissions, etc. For more "
17419
"information on configuring <application>Apache2</application> see <xref "
17420
"linkend=\"httpd\"/>."
17421
msgstr ""
17422
17423
#: serverguide/C/lamp-applications.xml:475(para)
17424
msgid ""
17425
"The <application>phpMyAdmin</application> documentation comes installed with "
17426
"the package and can be accessed from the <emphasis>phpMyAdmin "
17427
"Documentation</emphasis> link (a question mark with a box around it) under "
17428
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
17429
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
17430
msgstr ""
17431
17432
#: serverguide/C/lamp-applications.xml:482(para)
17433
msgid ""
17434
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
17435
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
17436
msgstr ""
17437
17438
#: serverguide/C/introduction.xml:14(para)
17439
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
17440
msgstr ""
17441
17442
#: serverguide/C/introduction.xml:15(para)
17443
msgid ""
17444
"Here you can find information on how to install and configure various server "
17445
"applications. It is a step-by-step, task-oriented guide for configuring and "
17446
"customizing your system."
17447
msgstr ""
17448
17449
#: serverguide/C/introduction.xml:19(para)
17450
msgid ""
17451
"This guide assumes you have a basic understanding of your Ubuntu system. "
17452
"Some installation details are covered in <xref linkend=\"installation\"/>, "
17453
"but if you need detailed instructions installing Ubuntu please refer to the "
17454
"<ulink url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu "
17455
"Installation Guide</ulink>."
17456
msgstr ""
17457
17458
#: serverguide/C/introduction.xml:25(para)
17459
msgid ""
17460
"A HTML version of the manual is available online at <ulink "
17461
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
17462
"HTML files are also available in the <application>ubuntu-"
17463
"serverguide</application> package. See <xref linkend=\"package-"
17464
"management\"/> for details on installing packages."
17465
msgstr ""
17466
17467
#: serverguide/C/introduction.xml:32(para)
17468
msgid ""
17469
"If you choose to install the <application>ubuntu-serverguide</application> "
17470
"you can view this document from a console by:"
17471
msgstr ""
17472
17473
#: serverguide/C/introduction.xml:36(command)
17474
msgid "w3m /usr/share/ubuntu-serverguide/html/en_GB/index.html"
17475
msgstr ""
17476
17477
#: serverguide/C/introduction.xml:39(para)
17478
msgid "Replace <emphasis>en_GB</emphasis> with your language localization."
17479
msgstr ""
17480
17481
#: serverguide/C/introduction.xml:53(title)
17482
msgid "Support"
17483
msgstr ""
17484
17485
#: serverguide/C/introduction.xml:55(para)
17486
msgid ""
17487
"There a couple of different ways that Ubuntu Server Edition is supported, "
17488
"commercial support and community support. The main commercial support (and "
17489
"development funding) is available from Canonical Ltd. They supply reasonably "
17490
"priced support contracts on a per desktop or per server basis. For more "
17491
"information see the <ulink "
17492
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
17493
"page."
17494
msgstr ""
17495
17496
#: serverguide/C/introduction.xml:62(para)
17497
msgid ""
17498
"Community support is also provided by dedicated individuals, and companies, "
17499
"that wish to make Ubuntu the best distribution possible. Support is provided "
17500
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
17501
"large amount of information available can be overwhelming, but a good search "
17502
"engine query can usually provide an answer to your questions. See the <ulink "
17503
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
17504
"information."
17505
msgstr ""
17506
17507
#: serverguide/C/installation.xml:14(para)
17508
msgid ""
17509
"This chapter provides a quick overview of installing Ubuntu 9.10 Server "
17510
"Edition. For more detailed instructions, please refer to the <ulink "
17511
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
17512
"Guide</ulink>."
17513
msgstr ""
17514
17515
#: serverguide/C/installation.xml:19(title)
17516
msgid "Preparing to Install"
17517
msgstr ""
17518
17519
#: serverguide/C/installation.xml:20(para)
17520
msgid ""
17521
"This section explains various aspects to consider before starting the "
17522
"installation."
17523
msgstr ""
17524
17525
#: serverguide/C/installation.xml:24(title)
17526
msgid "System Requirements"
17527
msgstr ""
17528
17529
#: serverguide/C/installation.xml:25(para)
17530
msgid ""
17531
"Ubuntu 9.10 Server Edition supports two (2) major architectures: Intel x86 "
17532
"and AMD64. The table below lists recommended hardware specifications. "
17533
"Depending on your needs, you might manage with less than this. However, most "
17534
"users risk being frustrated if they ignore these suggestions."
17535
msgstr ""
17536
17537
#: serverguide/C/installation.xml:27(title)
17538
msgid "Recommended Minimum Requirements"
17539
msgstr ""
17540
17541
#: serverguide/C/installation.xml:35(para)
17542
msgid "Install Type"
17543
msgstr ""
17544
17545
#: serverguide/C/installation.xml:36(para)
17546
msgid "RAM"
17547
msgstr ""
17548
17549
#: serverguide/C/installation.xml:37(para)
17550
msgid "Hard Drive Space"
17551
msgstr ""
17552
17553
#: serverguide/C/installation.xml:40(para)
17554
msgid "Base System"
17555
msgstr ""
17556
17557
#: serverguide/C/installation.xml:41(para)
17558
msgid "All Tasks Installed"
17559
msgstr ""
17560
17561
#: serverguide/C/installation.xml:46(para)
17562
msgid "Server"
17563
msgstr ""
17564
17565
#: serverguide/C/installation.xml:47(para)
17566
msgid "128 megabytes"
17567
msgstr ""
17568
17569
#: serverguide/C/installation.xml:48(para)
17570
msgid "500 megabytes"
17571
msgstr ""
17572
17573
#: serverguide/C/installation.xml:49(para)
17574
msgid "1 gigabyte"
17575
msgstr ""
17576
17577
#: serverguide/C/installation.xml:54(para)
17578
msgid ""
17579
"The Server Edition provides a common base for all sorts of server "
17580
"applications. It is a minimalist design providing a platform for the desired "
17581
"services, such as file/print services, web hosting, email hosting, etc."
17582
msgstr ""
17583
17584
#: serverguide/C/installation.xml:62(title)
17585
msgid "Server and Desktop Differences"
17586
msgstr ""
17587
17588
#: serverguide/C/installation.xml:63(para)
17589
msgid ""
17590
"There are a few differences between the <emphasis>Ubuntu Server "
17591
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
17592
"should be noted that both editions use the same "
17593
"<application>apt</application> repositories. Making it just as easy to "
17594
"install a <emphasis role=\"italic\">server</emphasis> application on the "
17595
"Desktop Edition as it is on the Server Edition."
17596
msgstr ""
17597
17598
#: serverguide/C/installation.xml:69(para)
17599
msgid ""
17600
"The differences between the two editions are the lack of an X window "
17601
"environment in the Server Edition, the installation process, and different "
17602
"Kernel options."
17603
msgstr ""
17604
17605
#: serverguide/C/installation.xml:76(title)
17606
msgid "Kernel Differences:"
17607
msgstr ""
17608
17609
#: serverguide/C/installation.xml:79(para)
17610
msgid ""
17611
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
17612
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
17613
"Edition."
17614
msgstr ""
17615
17616
#: serverguide/C/installation.xml:85(para)
17617
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
17618
msgstr ""
17619
17620
#: serverguide/C/installation.xml:90(para)
17621
msgid ""
17622
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
17623
"Desktop Edition."
17624
msgstr ""
17625
17626
#: serverguide/C/installation.xml:96(para)
17627
msgid ""
17628
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
17629
"limited by memory addressing space."
17630
msgstr ""
17631
17632
#: serverguide/C/installation.xml:101(para)
17633
msgid ""
17634
"To see all kernel configuration options you can look through "
17635
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
17636
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
17637
"great resource on the options available."
17638
msgstr ""
17639
17640
#: serverguide/C/installation.xml:110(title)
17641
msgid "Backing Up"
17642
msgstr ""
17643
17644
#: serverguide/C/installation.xml:113(para)
17645
msgid ""
17646
"Before installing <application>Ubuntu Server Edition</application> you "
17647
"should make sure all data on the system is backed up. See <xref "
17648
"linkend=\"backups\"/> for backup options."
17649
msgstr ""
17650
17651
#: serverguide/C/installation.xml:117(para)
17652
msgid ""
17653
"If this is not the first time an operating system has been installed on your "
17654
"computer, it is likely you will need to re-partition your disk to make room "
17655
"for Ubuntu."
17656
msgstr ""
17657
17658
#: serverguide/C/installation.xml:121(para)
17659
msgid ""
17660
"Any time you partition your disk, you should be prepared to lose everything "
17661
"on the disk should you make a mistake or something goes wrong during "
17662
"partitioning. The programs used in installation are quite reliable, most "
17663
"have seen years of use, but they also perform destructive actions."
17664
msgstr ""
17665
17666
#: serverguide/C/installation.xml:133(title)
17667
msgid "Installing from CD"
17668
msgstr ""
17669
17670
#: serverguide/C/installation.xml:134(para)
17671
msgid ""
17672
"The basic steps to install Ubuntu Server Edition from CD are the same for "
17673
"installing any operating system from CD. Unlike the <emphasis>Desktop "
17674
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
17675
"a graphical installation program. Instead the Server Edition uses a console "
17676
"menu based process."
17677
msgstr ""
17678
17679
#: serverguide/C/installation.xml:141(para)
17680
msgid ""
17681
"First, download and burn the appropriate ISO file from the <ulink "
17682
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
17683
msgstr ""
17684
17685
#: serverguide/C/installation.xml:147(para)
17686
msgid "Boot the system from the CD-ROM drive."
17687
msgstr ""
17688
17689
#: serverguide/C/installation.xml:152(para)
17690
msgid ""
17691
"At the boot prompt you will be asked to select the language. Afterwards the "
17692
"installation process begins by asking for your keyboard layout."
17693
msgstr ""
17694
17695
#: serverguide/C/installation.xml:158(para)
17696
msgid ""
17697
"The installer then discovers your hardware configuration, and configures the "
17698
"network settings using DHCP. If you do not wish to use DHCP at the next "
17699
"screen choose \"Go Back\", and you have the option to \"Configure the "
17700
"network manually\"."
17701
msgstr ""
17702
17703
#: serverguide/C/installation.xml:165(para)
17704
msgid "Next, the installer asks for the system's hostname and Time Zone."
17705
msgstr ""
17706
17707
#: serverguide/C/installation.xml:170(para)
17708
msgid ""
17709
"You can then choose from several options to configure the hard drive layout. "
17710
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
17711
msgstr ""
17712
17713
#: serverguide/C/installation.xml:176(para)
17714
msgid "The Ubuntu base system is then installed."
17715
msgstr ""
17716
17717
#: serverguide/C/installation.xml:181(para)
17718
msgid ""
17719
"A new user is setup, this user will have <emphasis>root</emphasis> access "
17720
"through the <application>sudo</application> utility."
17721
msgstr ""
17722
17723
#: serverguide/C/installation.xml:187(para)
17724
msgid ""
17725
"After the user is setup, you will be asked to encrypt your <filename "
17726
"role=\"directory\">home</filename> directory."
17727
msgstr ""
17728
17729
#: serverguide/C/installation.xml:193(para)
17730
msgid ""
17731
"The next step in the installation process is to decide how you want to "
17732
"update the system. There are three options:"
17733
msgstr ""
17734
17735
#: serverguide/C/installation.xml:199(para)
17736
msgid ""
17737
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
17738
"log into the machine and manually install updates."
17739
msgstr ""
17740
17741
#: serverguide/C/installation.xml:205(para)
17742
msgid ""
17743
"<emphasis>Install security updates Automatically</emphasis>: will install "
17744
"the <application>unattended-upgrades</application> package, which will "
17745
"install security updates without the intervention of an administrator. For "
17746
"more details see <xref linkend=\"automatic-updates\"/>."
17747
msgstr ""
17748
17749
#: serverguide/C/installation.xml:212(para)
17750
msgid ""
17751
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
17752
"service provided by Canonical to help manage your Ubuntu machines. See the "
17753
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
17754
"site for details."
17755
msgstr ""
17756
17757
#: serverguide/C/installation.xml:221(para)
17758
msgid ""
17759
"You now have the option to install, or not install, several package tasks. "
17760
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
17761
"to launch <application>aptitude</application> to choose specific packages to "
17762
"install. For more information see <xref linkend=\"aptitude\"/>."
17763
msgstr ""
17764
17765
#: serverguide/C/installation.xml:229(para)
17766
msgid "Finally, the last step before rebooting is to set the clock to UTC."
17767
msgstr ""
17768
17769
#: serverguide/C/installation.xml:235(para)
17770
msgid ""
17771
"If at any point during installation you are not satisfied by the default "
17772
"setting, use the \"Go Back\" function at any prompt to be brought to a "
17773
"detailed installation menu that will allow you to modify the default "
17774
"settings."
17775
msgstr ""
17776
17777
#: serverguide/C/installation.xml:240(para)
17778
msgid ""
17779
"At some point during the installation process you may want to read the help "
17780
"screen provided by the installation system. To do this, press F1."
17781
msgstr ""
17782
17783
#: serverguide/C/installation.xml:245(para)
17784
msgid ""
17785
"Once again, for detailed instructions see the <ulink "
17786
"url=\"https://help.ubuntu.com/9.10/installation-guide/\"> Ubuntu "
17787
"Installation Guide</ulink>."
17788
msgstr ""
17789
17790
#: serverguide/C/installation.xml:251(title)
17791
msgid "Package Tasks"
17792
msgstr ""
17793
17794
#: serverguide/C/installation.xml:252(para)
17795
msgid ""
17796
"During the Server Edition installation you have the option of installing "
17797
"additional packages from the CD. The packages are grouped by the type of "
17798
"service they provide."
17799
msgstr ""
17800
17801
#: serverguide/C/installation.xml:258(para)
17802
msgid "DNS server: Selects the BIND DNS server and its documentation."
17803
msgstr ""
17804
17805
#: serverguide/C/installation.xml:263(para)
17806
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
17807
msgstr ""
17808
17809
#: serverguide/C/installation.xml:268(para)
17810
msgid ""
17811
"Mail server: This task selects a variety of package useful for a general "
17812
"purpose mail server system."
17813
msgstr ""
17814
17815
#: serverguide/C/installation.xml:273(para)
17816
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
17817
msgstr ""
17818
17819
#: serverguide/C/installation.xml:278(para)
17820
msgid ""
17821
"PostgreSQL database: This task selects client and server packages for the "
17822
"PostgreSQL database."
17823
msgstr ""
17824
17825
#: serverguide/C/installation.xml:283(para)
17826
msgid "Print server: This task sets up your system to be a print server."
17827
msgstr ""
17828
17829
#: serverguide/C/installation.xml:288(para)
17830
msgid ""
17831
"Samba File server: This task sets up your system to be a Samba file server, "
17832
"which is especially suitable in networks with both Windows and Linux systems."
17833
msgstr ""
17834
17835
#: serverguide/C/installation.xml:294(para)
17836
msgid ""
17837
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
17838
"etc."
17839
msgstr ""
17840
17841
#: serverguide/C/installation.xml:299(para)
17842
msgid ""
17843
"Virtual machine host: Includes packages needed to run KVM virtual machines."
17844
msgstr ""
17845
17846
#: serverguide/C/installation.xml:304(para)
17847
msgid ""
17848
"Installing the package groups is accomplished using the "
17849
"<application>tasksel</application> utility. One of the important difference "
17850
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
17851
"installed, a package is also configured to reasonable defaults, eventually "
17852
"prompting you for additional required information. Likewise, when installing "
17853
"a task, the packages are not only installed, but also configured to provided "
17854
"a fully integrated service."
17855
msgstr ""
17856
17857
#: serverguide/C/installation.xml:311(para)
17858
msgid ""
17859
"Once the installation process has finished you can view a list of available "
17860
"tasks by entering the following from a terminal prompt:"
17861
msgstr ""
17862
17863
#: serverguide/C/installation.xml:316(command)
17864
msgid "tasksel --list-tasks"
17865
msgstr ""
17866
17867
#: serverguide/C/installation.xml:319(para)
17868
msgid ""
17869
"The output will list tasks from other Ubuntu based distributions such as "
17870
"Kubuntu and Edubuntu. Note that you can also invoke the "
17871
"<command>tasksel</command> command by itself, which will bring up a menu of "
17872
"the different tasks available."
17873
msgstr ""
17874
17875
#: serverguide/C/installation.xml:325(para)
17876
msgid ""
17877
"You can view a list of which packages are installed with each task using the "
17878
"<emphasis>--task-packages</emphasis> option. For example, to list the "
17879
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
17880
"following:"
17881
msgstr ""
17882
17883
#: serverguide/C/installation.xml:330(command)
17884
msgid "tasksel --task-packages dns-server"
17885
msgstr ""
17886
17887
#: serverguide/C/installation.xml:332(para)
17888
msgid "The output of the command should list:"
17889
msgstr ""
17890
17891
#: serverguide/C/installation.xml:335(programlisting)
17892
#, no-wrap
17893
msgid ""
17894
"\n"
17895
"bind9-doc \n"
17896
"bind9utils \n"
17897
"bind9\n"
17898
msgstr ""
17899
17900
#: serverguide/C/installation.xml:340(para)
17901
msgid ""
17902
"Also, if you did not install one of the tasks during the installation "
17903
"process, but for example you decide to make your new LAMP server a DNS "
17904
"server as well. Simply insert the installation CD and from a terminal:"
17905
msgstr ""
17906
17907
#: serverguide/C/installation.xml:345(command)
17908
msgid "sudo tasksel install dns-server"
17909
msgstr ""
17910
17911
#: serverguide/C/installation.xml:350(title)
17912
msgid "Upgrading"
17913
msgstr ""
17914
17915
#: serverguide/C/installation.xml:351(para)
17916
msgid ""
17917
"There are several ways to upgrade from one Ubuntu release to another. This "
17918
"section gives an overview of the recommended upgrade method."
17919
msgstr ""
17920
17921
#: serverguide/C/installation.xml:355(title) serverguide/C/installation.xml:370(command)
17922
msgid "do-release-upgrade"
17923
msgstr ""
17924
17925
#: serverguide/C/installation.xml:356(para)
17926
msgid ""
17927
"The recommended way to upgrade a Server Edition installation is to use the "
17928
"<application>do-release-upgrade</application> utility. Part of the "
17929
"<emphasis>update-manager-core</emphasis> package, it does not have any "
17930
"graphical dependencies and is installed by default."
17931
msgstr ""
17932
17933
#: serverguide/C/installation.xml:361(para)
17934
msgid ""
17935
"Debian based systems can also be upgraded by using <command>apt-get dist-"
17936
"upgrade</command>. However, using <application>do-release-"
17937
"upgrade</application> is recommended because it has the ability to handle "
17938
"system configuration changes sometimes needed between releases."
17939
msgstr ""
17940
17941
#: serverguide/C/installation.xml:366(para)
17942
msgid "To upgrade to a newer release, from a terminal prompt enter:"
17943
msgstr ""
17944
17945
#: serverguide/C/installation.xml:372(para)
17946
msgid ""
17947
"It is also possible to use <application>do-release-upgrade</application> to "
17948
"upgrade to a development version of Ubuntu. To accomplish this use the "
17949
"<emphasis>-d</emphasis> switch:"
17950
msgstr ""
17951
17952
#: serverguide/C/installation.xml:377(command)
17953
msgid "do-release-upgrade -d"
17954
msgstr ""
17955
17956
#: serverguide/C/installation.xml:380(para)
17957
msgid ""
17958
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
17959
"for production environments."
17960
msgstr ""
17961
17962
#: serverguide/C/installation.xml:387(title)
17963
msgid "Advanced Installation"
17964
msgstr ""
17965
17966
#: serverguide/C/installation.xml:390(title)
17967
msgid "Software RAID"
17968
msgstr ""
17969
17970
#: serverguide/C/installation.xml:392(para)
17971
msgid ""
17972
"RAID is a method of configuring multiple hard drives to act as one, reducing "
17973
"the probability of catastrophic data loss in case of drive failure. RAID is "
17974
"implemented in either software (where the operating system knows about both "
17975
"drives and actively maintains both of them) or hardware (where a special "
17976
"controller makes the OS think there's only one drive and maintains the "
17977
"drives 'invisibly')."
17978
msgstr ""
17979
17980
#: serverguide/C/installation.xml:399(para)
17981
msgid ""
17982
"The RAID software included with current versions of Linux (and Ubuntu) is "
17983
"based on the <application>'mdadm'</application> driver and works very well, "
17984
"better even than many so-called 'hardware' RAID controllers. This section "
17985
"will guide you through installing Ubuntu Server Edition using two RAID1 "
17986
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
17987
"another for <emphasis>swap</emphasis>."
17988
msgstr ""
17989
17990
#: serverguide/C/installation.xml:409(para) serverguide/C/installation.xml:926(para)
17991
msgid ""
17992
"Follow the installation steps until you get to the <emphasis>Partition "
17993
"disks</emphasis> step, then:"
17994
msgstr ""
17995
17996
#: serverguide/C/installation.xml:416(para)
17997
msgid "Select <emphasis>Manual</emphasis> as the partition method."
17998
msgstr ""
17999
18000
#: serverguide/C/installation.xml:423(para)
18001
msgid ""
18002
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
18003
"partition table on this device?\"</emphasis>."
18004
msgstr ""
18005
18006
#: serverguide/C/installation.xml:427(para)
18007
msgid ""
18008
"Repeat this step for each drive you wish to be part of the RAID array."
18009
msgstr ""
18010
18011
#: serverguide/C/installation.xml:434(para)
18012
msgid ""
18013
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
18014
"select <emphasis>\"Create a new partition\"</emphasis>."
18015
msgstr ""
18016
18017
#: serverguide/C/installation.xml:441(para)
18018
msgid ""
18019
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
18020
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
18021
"size is twice that of RAM. Enter the partition size, then choose "
18022
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18023
msgstr ""
18024
18025
#: serverguide/C/installation.xml:450(para)
18026
msgid ""
18027
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18028
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
18029
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18030
"<emphasis>\"Done setting up partition\"</emphasis>."
18031
msgstr ""
18032
18033
#: serverguide/C/installation.xml:459(para)
18034
msgid ""
18035
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18036
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18037
"partition\"</emphasis>."
18038
msgstr ""
18039
18040
#: serverguide/C/installation.xml:467(para)
18041
msgid ""
18042
"Use the rest of the free space on the drive and choose "
18043
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18044
msgstr ""
18045
18046
#: serverguide/C/installation.xml:474(para)
18047
msgid ""
18048
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18049
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18050
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
18051
msgstr ""
18052
18053
#: serverguide/C/installation.xml:482(para)
18054
msgid "Repeat steps three through eight for the other disk and partitions."
18055
msgstr ""
18056
18057
#: serverguide/C/installation.xml:491(title)
18058
msgid "RAID Configuration"
18059
msgstr ""
18060
18061
#: serverguide/C/installation.xml:493(para)
18062
msgid "With the partitions setup the arrays are ready to be configured:"
18063
msgstr ""
18064
18065
#: serverguide/C/installation.xml:500(para)
18066
msgid ""
18067
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18068
"Software RAID\"</emphasis> at the top."
18069
msgstr ""
18070
18071
#: serverguide/C/installation.xml:507(para)
18072
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18073
msgstr ""
18074
18075
#: serverguide/C/installation.xml:514(para)
18076
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
18077
msgstr ""
18078
18079
#: serverguide/C/installation.xml:521(para)
18080
msgid ""
18081
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18082
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18083
msgstr ""
18084
18085
#: serverguide/C/installation.xml:527(para)
18086
msgid ""
18087
"In order to use <emphasis>RAID5</emphasis> you need at least "
18088
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18089
"<emphasis>two</emphasis> drives are required."
18090
msgstr ""
18091
18092
#: serverguide/C/installation.xml:536(para)
18093
msgid ""
18094
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18095
"of hard drives you have, for the array. Then select "
18096
"<emphasis>\"Continue\"</emphasis>."
18097
msgstr ""
18098
18099
#: serverguide/C/installation.xml:544(para)
18100
msgid ""
18101
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18102
"default, then choose <emphasis>\"Continue\"</emphasis>."
18103
msgstr ""
18104
18105
#: serverguide/C/installation.xml:551(para)
18106
msgid ""
18107
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18108
"etc. The numbers will usually match and the different letters correspond to "
18109
"different hard drives."
18110
msgstr ""
18111
18112
#: serverguide/C/installation.xml:556(para)
18113
msgid ""
18114
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18115
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18116
"go to the next step."
18117
msgstr ""
18118
18119
#: serverguide/C/installation.xml:564(para)
18120
msgid ""
18121
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18122
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18123
"and <emphasis>sdb2</emphasis>."
18124
msgstr ""
18125
18126
#: serverguide/C/installation.xml:572(para)
18127
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18128
msgstr ""
18129
18130
#: serverguide/C/installation.xml:582(title)
18131
msgid "Formatting"
18132
msgstr ""
18133
18134
#: serverguide/C/installation.xml:584(para)
18135
msgid ""
18136
"There should now be a list of hard drives and RAID devices. The next step is "
18137
"to format and set the mount point for the RAID devices. Treat the RAID "
18138
"device as a local hard drive, format and mount accordingly."
18139
msgstr ""
18140
18141
#: serverguide/C/installation.xml:592(para)
18142
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
18143
msgstr ""
18144
18145
#: serverguide/C/installation.xml:599(para)
18146
msgid ""
18147
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18148
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18149
msgstr ""
18150
18151
#: serverguide/C/installation.xml:607(para)
18152
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
18153
msgstr ""
18154
18155
#: serverguide/C/installation.xml:614(para)
18156
msgid ""
18157
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
18158
"journaling file system\"</emphasis>."
18159
msgstr ""
18160
18161
#: serverguide/C/installation.xml:621(para)
18162
msgid ""
18163
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18164
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
18165
"options as appropriate, then select <emphasis>\"Done setting up "
18166
"partition\"</emphasis>."
18167
msgstr ""
18168
18169
#: serverguide/C/installation.xml:629(para)
18170
msgid ""
18171
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18172
"disk\"</emphasis>."
18173
msgstr ""
18174
18175
#: serverguide/C/installation.xml:636(para)
18176
msgid ""
18177
"If you choose to place the root partition on a RAID array, the installer "
18178
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
18179
"state. See <xref linkend=\"raid-degraded\"/> for further details."
18180
msgstr ""
18181
18182
#: serverguide/C/installation.xml:641(para)
18183
msgid "The installation process will then continue normally."
18184
msgstr ""
18185
18186
#: serverguide/C/installation.xml:647(title)
18187
msgid "Degraded RAID"
18188
msgstr ""
18189
18190
#: serverguide/C/installation.xml:649(para)
18191
msgid ""
18192
"At some point in the life of the computer a disk failure event may occur. "
18193
"When this happens, using Software RAID, the operating system will place the "
18194
"array into what is known as a <emphasis>degraded</emphasis> state."
18195
msgstr ""
18196
18197
#: serverguide/C/installation.xml:654(para)
18198
msgid ""
18199
"If the array has become degraded, due to the chance of data corruption, by "
18200
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
18201
"after thirty seconds. Once the initramfs has booted there is a fifteen "
18202
"second prompt giving you the option to go ahead and boot the system, or "
18203
"attempt manual recover. Booting to the initramfs prompt may or may not be "
18204
"the desired behavior, especially if the machine is in a remote location. "
18205
"Booting to a degraded array can be configured several ways:"
18206
msgstr ""
18207
18208
#: serverguide/C/installation.xml:665(para)
18209
msgid ""
18210
"The <application>dpkg-reconfigure</application> utility can be used to "
18211
"configure the default behavior, and during the process you will be queried "
18212
"about additional settings related to the array. Such as monitoring, email "
18213
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
18214
"following:"
18215
msgstr ""
18216
18217
#: serverguide/C/installation.xml:672(command)
18218
msgid "sudo dpkg-reconfigure mdadm"
18219
msgstr ""
18220
18221
#: serverguide/C/installation.xml:678(para)
18222
msgid ""
18223
"The <command>dpkg-reconfigure mdadm</command> process will change the "
18224
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
18225
"The file has the advantage of being able to pre-configure the system's "
18226
"behavior, and can also be manually edited:"
18227
msgstr ""
18228
18229
#: serverguide/C/installation.xml:684(programlisting)
18230
#, no-wrap
18231
msgid ""
18232
"\n"
18233
"BOOT_DEGRADED=true\n"
18234
msgstr ""
18235
18236
#: serverguide/C/installation.xml:689(para)
18237
msgid "The configuration file can be overridden by using a Kernel argument."
18238
msgstr ""
18239
18240
#: serverguide/C/installation.xml:697(para)
18241
msgid ""
18242
"Using a Kernel argument will allow the system to boot to a degraded array as "
18243
"well:"
18244
msgstr ""
18245
18246
#: serverguide/C/installation.xml:703(para)
18247
msgid ""
18248
"When the server is booting press <emphasis>ESC</emphasis> to open the "
18249
"<application>Grub</application> menu."
18250
msgstr ""
18251
18252
#: serverguide/C/installation.xml:708(para)
18253
msgid "Press <emphasis>\"e\"</emphasis> to edit your Kernel command options."
18254
msgstr ""
18255
18256
#: serverguide/C/installation.xml:713(para)
18257
msgid ""
18258
"Press the <emphasis>DOWN</emphasis> arrow to highlight the kernel line."
18259
msgstr ""
18260
18261
#: serverguide/C/installation.xml:718(para)
18262
msgid ""
18263
"Press the <emphasis>\"e\"</emphasis> key again to edit the kernel line."
18264
msgstr ""
18265
18266
#: serverguide/C/installation.xml:723(para)
18267
msgid ""
18268
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
18269
"end of the line."
18270
msgstr ""
18271
18272
#: serverguide/C/installation.xml:728(para)
18273
msgid "Press <emphasis>\"ENTER\"</emphasis>."
18274
msgstr ""
18275
18276
#: serverguide/C/installation.xml:733(para)
18277
msgid "Finally, press <emphasis>\"b\"</emphasis> to boot the system."
18278
msgstr ""
18279
18280
#: serverguide/C/installation.xml:742(para)
18281
msgid ""
18282
"Once the system has booted you can either repair the array see <xref "
18283
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
18284
"another machine due to major hardware failure."
18285
msgstr ""
18286
18287
#: serverguide/C/installation.xml:749(title)
18288
msgid "RAID Maintenance"
18289
msgstr ""
18290
18291
#: serverguide/C/installation.xml:751(para)
18292
msgid ""
18293
"The <application>mdadm</application> utility can be used to view the status "
18294
"of an array, add disks to an array, remove disks, etc:"
18295
msgstr ""
18296
18297
#: serverguide/C/installation.xml:758(para)
18298
msgid "To view the status of an array, from a terminal prompt enter:"
18299
msgstr ""
18300
18301
#: serverguide/C/installation.xml:762(command)
18302
msgid "sudo mdadm -D /dev/md0"
18303
msgstr ""
18304
18305
#: serverguide/C/installation.xml:765(para)
18306
msgid ""
18307
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
18308
"display <emphasis>detailed</emphasis> information about the "
18309
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
18310
"with the appropriate RAID device."
18311
msgstr ""
18312
18313
#: serverguide/C/installation.xml:771(para)
18314
msgid "To view the status of a disk in an array:"
18315
msgstr ""
18316
18317
#: serverguide/C/installation.xml:775(command)
18318
msgid "sudo mdadm -E /dev/sda1"
18319
msgstr ""
18320
18321
#: serverguide/C/installation.xml:777(para)
18322
msgid ""
18323
"The output if very similar to the <command>mdadm -D</command> command, "
18324
"adjust <filename>/dev/sda1</filename> for each disk."
18325
msgstr ""
18326
18327
#: serverguide/C/installation.xml:782(para)
18328
msgid "If a disk fails and needs to be removed from an array enter:"
18329
msgstr ""
18330
18331
#: serverguide/C/installation.xml:786(command)
18332
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
18333
msgstr ""
18334
18335
#: serverguide/C/installation.xml:788(para)
18336
msgid ""
18337
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
18338
"the appropriate RAID device and disk."
18339
msgstr ""
18340
18341
#: serverguide/C/installation.xml:793(para)
18342
msgid "Similarly, to add a new disk:"
18343
msgstr ""
18344
18345
#: serverguide/C/installation.xml:797(command)
18346
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
18347
msgstr ""
18348
18349
#: serverguide/C/installation.xml:802(para)
18350
msgid ""
18351
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
18352
"though there is nothing physically wrong with the drive. It is usually "
18353
"worthwhile to remove the drive from the array then re-add it. This will "
18354
"cause the drive to re-sync with the array. If the drive will not sync with "
18355
"the array, it is a good indication of hardware failure."
18356
msgstr ""
18357
18358
#: serverguide/C/installation.xml:808(para)
18359
msgid ""
18360
"The <filename>/proc/mdstat</filename> file also contains useful information "
18361
"about the system's RAID devices:"
18362
msgstr ""
18363
18364
#: serverguide/C/installation.xml:813(command)
18365
msgid "cat /proc/mdstat"
18366
msgstr ""
18367
18368
#: serverguide/C/installation.xml:814(computeroutput)
18369
#, no-wrap
18370
msgid ""
18371
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
18372
"[raid10] \n"
18373
"md0 : active raid1 sda1[0] sdb1[1]\n"
18374
" 10016384 blocks [2/2] [UU]\n"
18375
" \n"
18376
"unused devices: <none>"
18377
msgstr ""
18378
18379
#: serverguide/C/installation.xml:821(para)
18380
msgid ""
18381
"The following command is great for watching the status of a syncing drive:"
18382
msgstr ""
18383
18384
#: serverguide/C/installation.xml:826(command)
18385
msgid "watch -n1 cat /proc/mdstat"
18386
msgstr ""
18387
18388
#: serverguide/C/installation.xml:829(para)
18389
msgid ""
18390
"Press <emphasis>Ctrl+c</emphasis> to stop the "
18391
"<application>watch</application> command."
18392
msgstr ""
18393
18394
#: serverguide/C/installation.xml:833(para)
18395
msgid ""
18396
"If you do need to replace a faulty drive, after the drive has been replaced "
18397
"and synced, <application>grub</application> will need to be installed. To "
18398
"install <application>grub</application> on the new drive, enter the "
18399
"following:"
18400
msgstr ""
18401
18402
#: serverguide/C/installation.xml:839(command)
18403
msgid "sudo grub-install /dev/md0"
18404
msgstr ""
18405
18406
#: serverguide/C/installation.xml:842(para)
18407
msgid ""
18408
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
18409
msgstr ""
18410
18411
#: serverguide/C/installation.xml:850(para)
18412
msgid ""
18413
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
18414
"can be configured. Please see the following links for more information:"
18415
msgstr ""
18416
18417
#: serverguide/C/installation.xml:858(ulink)
18418
msgid "Software RAID HOWTO"
18419
msgstr ""
18420
18421
#: serverguide/C/installation.xml:863(ulink)
18422
msgid "Managing RAID on Linux"
18423
msgstr ""
18424
18425
#: serverguide/C/installation.xml:870(title)
18426
msgid "Logical Volume Manager (LVM)"
18427
msgstr ""
18428
18429
#: serverguide/C/installation.xml:872(para)
18430
msgid ""
18431
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
18432
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
18433
"hard disks. LVM volumes can be created on both software RAID partitions and "
18434
"standard partitions residing on a single disk. Volumes can also be extended, "
18435
"giving greater flexibility to systems as requirements change."
18436
msgstr ""
18437
18438
#: serverguide/C/installation.xml:881(para)
18439
msgid ""
18440
"A side effect of LVM's power and flexibility is a greater degree of "
18441
"complication. Before diving into the LVM installation process, it is best to "
18442
"get familiar with some terms."
18443
msgstr ""
18444
18445
#: serverguide/C/installation.xml:888(para)
18446
msgid ""
18447
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
18448
"Volumes (LV)."
18449
msgstr ""
18450
18451
#: serverguide/C/installation.xml:893(para)
18452
msgid ""
18453
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
18454
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
18455
"which resides the actual EXT3, XFS, JFS, etc filesystem."
18456
msgstr ""
18457
18458
#: serverguide/C/installation.xml:899(para)
18459
msgid ""
18460
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
18461
"RAID partition. The Volume Group can be extended by adding more PVs."
18462
msgstr ""
18463
18464
#: serverguide/C/installation.xml:910(para)
18465
msgid ""
18466
"As an example this section covers installing Ubuntu Server Edition with "
18467
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
18468
"the initial install only one Physical Volume (PV) will be part of the Volume "
18469
"Group (VG). Another PV will be added after install to demonstrate how a VG "
18470
"can be extended."
18471
msgstr ""
18472
18473
#: serverguide/C/installation.xml:916(para)
18474
msgid ""
18475
"There are several installation options for LVM, <emphasis>\"Guided - use the "
18476
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
18477
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
18478
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
18479
"partitions and configure LVM. At this time the only way to configure a "
18480
"system with both LVM and standard partitions, during installation, is to use "
18481
"the Manual approach."
18482
msgstr ""
18483
18484
#: serverguide/C/installation.xml:933(para)
18485
msgid ""
18486
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
18487
"<emphasis>\"Manual\"</emphasis>."
18488
msgstr ""
18489
18490
#: serverguide/C/installation.xml:940(para)
18491
msgid ""
18492
"Select the hard disk and on the next screen choose \"yes\" to "
18493
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
18494
msgstr ""
18495
18496
#: serverguide/C/installation.xml:947(para)
18497
msgid ""
18498
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
18499
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
18500
msgstr ""
18501
18502
#: serverguide/C/installation.xml:955(para)
18503
msgid ""
18504
"For the LVM <emphasis>/srv</emphasis>, create a new "
18505
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
18506
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
18507
"<emphasis>\"Done setting up the partition\"</emphasis>."
18508
msgstr ""
18509
18510
#: serverguide/C/installation.xml:963(para)
18511
msgid ""
18512
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
18513
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
18514
"disk."
18515
msgstr ""
18516
18517
#: serverguide/C/installation.xml:971(para)
18518
msgid ""
18519
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
18520
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
18521
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
18522
"After entering a name, select the partition configured for LVM, and choose "
18523
"<emphasis>\"Continue\"</emphasis>."
18524
msgstr ""
18525
18526
#: serverguide/C/installation.xml:980(para)
18527
msgid ""
18528
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
18529
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
18530
"volume group, and enter a name for the new LV, for example "
18531
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
18532
"a size, which may be the full partition because it can always be extended "
18533
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
18534
"main <emphasis>\"Partition Disks\"</emphasis> screen."
18535
msgstr ""
18536
18537
#: serverguide/C/installation.xml:990(para)
18538
msgid ""
18539
"Now add a filesystem to the new LVM. Select the partition under "
18540
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
18541
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
18542
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
18543
"select <emphasis>\"Done setting up the partition\"</emphasis>."
18544
msgstr ""
18545
18546
#: serverguide/C/installation.xml:999(para)
18547
msgid ""
18548
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18549
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
18550
"the installation."
18551
msgstr ""
18552
18553
#: serverguide/C/installation.xml:1007(para)
18554
msgid "There are some useful utilities to view information about LVM:"
18555
msgstr ""
18556
18557
#: serverguide/C/installation.xml:1012(para)
18558
msgid ""
18559
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
18560
msgstr ""
18561
18562
#: serverguide/C/installation.xml:1013(para)
18563
msgid ""
18564
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
18565
msgstr ""
18566
18567
#: serverguide/C/installation.xml:1014(para)
18568
msgid ""
18569
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
18570
"Physical Volumes."
18571
msgstr ""
18572
18573
#: serverguide/C/installation.xml:1019(title)
18574
msgid "Extending Volume Groups"
18575
msgstr ""
18576
18577
#: serverguide/C/installation.xml:1021(para)
18578
msgid ""
18579
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
18580
"section covers adding a second hard disk, creating a Physical Volume (PV), "
18581
"adding it to the volume group (VG), extending the logical volume <filename "
18582
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
18583
"example assumes a second hard disk has been added to the system. This hard "
18584
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
18585
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
18586
"before issuing the commands below. You could lose some data if you issue "
18587
"those commands on a non-empty disk. In our example we will use the entire "
18588
"disk as a physical volume (you could choose to create partitions and use "
18589
"them as different physical volumes)"
18590
msgstr ""
18591
18592
#: serverguide/C/installation.xml:1033(para)
18593
msgid "First, create the physical volume, in a terminal execute:"
18594
msgstr ""
18595
18596
#: serverguide/C/installation.xml:1038(command)
18597
msgid "sudo pvcreate /dev/sdb"
18598
msgstr ""
18599
18600
#: serverguide/C/installation.xml:1044(para)
18601
msgid "Now extend the Volume Group (VG):"
18602
msgstr ""
18603
18604
#: serverguide/C/installation.xml:1049(command)
18605
msgid "sudo vgextend vg01 /dev/sdb"
18606
msgstr ""
18607
18608
#: serverguide/C/installation.xml:1055(para)
18609
msgid ""
18610
"Use <application>vgdisplay</application> to find out the free physical "
18611
"extents - Free PE / size (the size you can allocate). We will assume a free "
18612
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
18613
"whole free space available. Use your own PE and/or free space."
18614
msgstr ""
18615
18616
#: serverguide/C/installation.xml:1061(para)
18617
msgid ""
18618
"The Logical Volume (LV) can now be extended by different methods, we will "
18619
"only see how to use the PE to extend the LV:"
18620
msgstr ""
18621
18622
#: serverguide/C/installation.xml:1066(command)
18623
msgid "sudo lvextend /dev/vg01/srv -l +511"
18624
msgstr ""
18625
18626
#: serverguide/C/installation.xml:1069(para)
18627
msgid ""
18628
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
18629
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
18630
"Gig, Tera, etc bytes."
18631
msgstr ""
18632
18633
#: serverguide/C/installation.xml:1077(para)
18634
msgid ""
18635
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
18636
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
18637
"pratice to unmount it anyway and check the filesystem, so that you don't "
18638
"mess up the day you want to reduce a logical volume (in that case unmounting "
18639
"first is compulsory)."
18640
msgstr ""
18641
18642
#: serverguide/C/installation.xml:1083(para)
18643
msgid ""
18644
"The following commands are for an <emphasis>EXT3</emphasis> or "
18645
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
18646
"there may be other utilities available."
18647
msgstr ""
18648
18649
#: serverguide/C/installation.xml:1090(command)
18650
msgid "sudo e2fsck -f /dev/vg01/srv"
18651
msgstr ""
18652
18653
#: serverguide/C/installation.xml:1093(para)
18654
msgid ""
18655
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
18656
"forces checking even if the system seems clean."
18657
msgstr ""
18658
18659
#: serverguide/C/installation.xml:1100(para)
18660
msgid "Finally, resize the filesystem:"
18661
msgstr ""
18662
18663
#: serverguide/C/installation.xml:1105(command)
18664
msgid "sudo resize2fs /dev/vg01/srv"
18665
msgstr ""
18666
18667
#: serverguide/C/installation.xml:1111(para)
18668
msgid "Now mount the partition and check its size."
18669
msgstr ""
18670
18671
#: serverguide/C/installation.xml:1116(command)
18672
msgid "mount /dev/vg01/srv /srv && df -h /srv"
18673
msgstr ""
18674
18675
#: serverguide/C/installation.xml:1128(para)
18676
msgid ""
18677
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
18678
"HOWTO</ulink> for more information."
18679
msgstr ""
18680
18681
#: serverguide/C/installation.xml:1133(para)
18682
msgid ""
18683
"Another good article is <ulink "
18684
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
18685
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
18686
"linuxdevcenter.com site."
18687
msgstr ""
18688
18689
#: serverguide/C/installation.xml:1140(para)
18690
msgid ""
18691
"For more information on <application>fdisk</application> see the <ulink "
18692
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/fdisk.8.html\">fdisk"
18693
" man page</ulink>."
18694
msgstr ""
18695
18696
#: serverguide/C/file-server.xml:13(title)
18697
msgid "File Servers"
18698
msgstr ""
18699
18700
#: serverguide/C/file-server.xml:15(para)
18701
msgid ""
18702
"If you have more than one computer on a single network. At some point you "
18703
"will probably need to share files between them. In this section we cover "
18704
"installing and configuring FTP, NFS, and CUPS."
18705
msgstr ""
18706
18707
#: serverguide/C/file-server.xml:22(title)
18708
msgid "FTP Server"
18709
msgstr ""
18710
18711
#: serverguide/C/file-server.xml:24(para)
18712
msgid ""
18713
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
18714
"files between computers. FTP works on a client/server model. The server "
18715
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
18716
"listens for FTP requests from remote clients. When a request is received, it "
18717
"manages the login and sets up the connection. For the duration of the "
18718
"session it executes any of commands sent by the FTP client."
18719
msgstr ""
18720
18721
#: serverguide/C/file-server.xml:33(para)
18722
msgid "Access to an FTP server can be managed in two ways:"
18723
msgstr ""
18724
18725
#: serverguide/C/file-server.xml:37(para)
18726
msgid "Anonymous"
18727
msgstr ""
18728
18729
#: serverguide/C/file-server.xml:40(para)
18730
msgid "Authenticated"
18731
msgstr ""
18732
18733
#: serverguide/C/file-server.xml:43(para)
18734
msgid ""
18735
"In the Anonymous mode, remote clients can access the FTP server by using the "
18736
"default user account called \"anonymous\" or \"ftp\" and sending an email "
18737
"address as the password. In the Authenticated mode a user must have an "
18738
"account and a password. User access to the FTP server directories and files "
18739
"is dependent on the permissions defined for the account used at login. As a "
18740
"general rule, the FTP daemon will hide the root directory of the FTP server "
18741
"and change it to the FTP Home directory. This hides the rest of the file "
18742
"system from remote sessions."
18743
msgstr ""
18744
18745
#: serverguide/C/file-server.xml:55(title)
18746
msgid "vsftpd - FTP Server Installation"
18747
msgstr ""
18748
18749
#: serverguide/C/file-server.xml:57(para)
18750
msgid ""
18751
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
18752
"and maintain. To install <application>vsftpd</application> you can run the "
18753
"following command:"
18754
msgstr ""
18755
18756
#: serverguide/C/file-server.xml:65(command)
18757
msgid "sudo apt-get install vsftpd"
18758
msgstr ""
18759
18760
#: serverguide/C/file-server.xml:71(title)
18761
msgid "Anonymous FTP Configuration"
18762
msgstr ""
18763
18764
#: serverguide/C/file-server.xml:73(para)
18765
msgid ""
18766
"By default <application>vsftpd</application> is configured to only allow "
18767
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
18768
"created with a home directory of <filename>/home/ftp</filename>. This is the "
18769
"default FTP directory."
18770
msgstr ""
18771
18772
#: serverguide/C/file-server.xml:80(para)
18773
msgid ""
18774
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
18775
"example, simply create a directory in another location and change the "
18776
"<emphasis>ftp</emphasis> user's home directory:"
18777
msgstr ""
18778
18779
#: serverguide/C/file-server.xml:87(command)
18780
msgid "sudo mkdir /srv/ftp"
18781
msgstr ""
18782
18783
#: serverguide/C/file-server.xml:88(command)
18784
msgid "sudo usermod -d /srv/ftp ftp"
18785
msgstr ""
18786
18787
#: serverguide/C/file-server.xml:91(para)
18788
msgid "After making the change restart <application>vsftpd</application>:"
18789
msgstr ""
18790
18791
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
18792
msgid "sudo /etc/init.d/vsftpd restart"
18793
msgstr ""
18794
18795
#: serverguide/C/file-server.xml:99(para)
18796
msgid ""
18797
"Finally, copy any files and directories you would like to make available "
18798
"through anonymous FTP to <filename>/srv/ftp</filename>."
18799
msgstr ""
18800
18801
#: serverguide/C/file-server.xml:106(title)
18802
msgid "User Authenticated FTP Configuration"
18803
msgstr ""
18804
18805
#: serverguide/C/file-server.xml:108(para)
18806
msgid ""
18807
"To configure <application>vsftpd</application> to authenticate system users "
18808
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
18809
msgstr ""
18810
18811
#: serverguide/C/file-server.xml:114(programlisting)
18812
#, no-wrap
18813
msgid ""
18814
"\n"
18815
"local_enable=YES\n"
18816
"write_enable=YES\n"
18817
msgstr ""
18818
18819
#: serverguide/C/file-server.xml:119(para)
18820
msgid "Now restart <application>vsftpd</application>:"
18821
msgstr ""
18822
18823
#: serverguide/C/file-server.xml:127(para)
18824
msgid ""
18825
"Now when system users login to FTP they will start in their "
18826
"<emphasis>home</emphasis> directories where they can download, upload, "
18827
"create directories, etc."
18828
msgstr ""
18829
18830
#: serverguide/C/file-server.xml:133(para)
18831
msgid ""
18832
"Similarly, by default, the anonymous users are not allowed to upload files "
18833
"to FTP server. To change this setting, you should uncomment the following "
18834
"line, and restart <application>vsftpd</application>:"
18835
msgstr ""
18836
18837
#: serverguide/C/file-server.xml:140(programlisting)
18838
#, no-wrap
18839
msgid ""
18840
"\n"
18841
"anon_upload_enable=YES\n"
18842
msgstr ""
18843
18844
#: serverguide/C/file-server.xml:145(para)
18845
msgid ""
18846
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
18847
"not enable anonymous upload on servers accessed directly from the Internet."
18848
msgstr ""
18849
18850
#: serverguide/C/file-server.xml:151(para)
18851
msgid ""
18852
"The configuration file consists of many configuration parameters. The "
18853
"information about each parameter is available in the configuration file. "
18854
"Alternatively, you can refer to the man page, <command>man 5 "
18855
"vsftpd.conf</command> for details of each parameter."
18856
msgstr ""
18857
18858
#: serverguide/C/file-server.xml:162(title)
18859
msgid "Securing FTP"
18860
msgstr ""
18861
18862
#: serverguide/C/file-server.xml:164(para)
18863
msgid ""
18864
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
18865
"<application>vsftpd</application> more secure. For example users can be "
18866
"limited to their home directories by uncommenting:"
18867
msgstr ""
18868
18869
#: serverguide/C/file-server.xml:170(programlisting)
18870
#, no-wrap
18871
msgid ""
18872
"\n"
18873
"chroot_local_user=YES\n"
18874
msgstr ""
18875
18876
#: serverguide/C/file-server.xml:174(para)
18877
msgid ""
18878
"You can also limit a specific list of users to just their home directories:"
18879
msgstr ""
18880
18881
#: serverguide/C/file-server.xml:178(programlisting)
18882
#, no-wrap
18883
msgid ""
18884
"\n"
18885
"chroot_list_enable=YES\n"
18886
"chroot_list_file=/etc/vsftpd.chroot_list\n"
18887
msgstr ""
18888
18889
#: serverguide/C/file-server.xml:183(para)
18890
msgid ""
18891
"After uncommenting the above options, create a "
18892
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
18893
"per line. Then restart <application>vsftpd</application>:"
18894
msgstr ""
18895
18896
#: serverguide/C/file-server.xml:192(para)
18897
msgid ""
18898
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
18899
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
18900
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
18901
"add them to the list."
18902
msgstr ""
18903
18904
#: serverguide/C/file-server.xml:199(para)
18905
msgid ""
18906
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
18907
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
18908
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
18909
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
18910
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
18911
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
18912
"with a shell may not be ideal for some environments, such as a shared web "
18913
"host."
18914
msgstr ""
18915
18916
#: serverguide/C/file-server.xml:208(para)
18917
msgid ""
18918
"To configure <emphasis>FTPS</emphasis>, edit "
18919
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
18920
msgstr ""
18921
18922
#: serverguide/C/file-server.xml:212(programlisting)
18923
#, no-wrap
18924
msgid ""
18925
"\n"
18926
"ssl_enable=Yes\n"
18927
msgstr ""
18928
18929
#: serverguide/C/file-server.xml:216(para)
18930
msgid "Also, notice the certificate and key related options:"
18931
msgstr ""
18932
18933
#: serverguide/C/file-server.xml:220(programlisting)
18934
#, no-wrap
18935
msgid ""
18936
"\n"
18937
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18938
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
18939
msgstr ""
18940
18941
#: serverguide/C/file-server.xml:225(para)
18942
msgid ""
18943
"By default these options are set the certificate and key provided by the "
18944
"<application>ssl-cert</application> package. In a production environment "
18945
"these should be replaced with a certificate and key generated for the "
18946
"specific host. For more information on certificates see <xref "
18947
"linkend=\"certificates-and-security\"/>."
18948
msgstr ""
18949
18950
#: serverguide/C/file-server.xml:231(para)
18951
msgid ""
18952
"Now restart <application>vsftpd</application>, and non-anonymous users will "
18953
"be forced to use <emphasis>FTPS</emphasis>:"
18954
msgstr ""
18955
18956
#: serverguide/C/file-server.xml:240(para)
18957
msgid ""
18958
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
18959
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
18960
"adding the <emphasis>nologin</emphasis> shell:"
18961
msgstr ""
18962
18963
#: serverguide/C/file-server.xml:245(programlisting)
18964
#, no-wrap
18965
msgid ""
18966
"\n"
18967
"# /etc/shells: valid login shells\n"
18968
"/bin/csh\n"
18969
"/bin/sh\n"
18970
"/usr/bin/es\n"
18971
"/usr/bin/ksh\n"
18972
"/bin/ksh\n"
18973
"/usr/bin/rc\n"
18974
"/usr/bin/tcsh\n"
18975
"/bin/tcsh\n"
18976
"/usr/bin/esh\n"
18977
"/bin/dash\n"
18978
"/bin/bash\n"
18979
"/bin/rbash\n"
18980
"/usr/bin/screen\n"
18981
"/usr/sbin/nologin\n"
18982
msgstr ""
18983
18984
#: serverguide/C/file-server.xml:263(para)
18985
msgid ""
18986
"This is necessary because, by default <application>vsftpd</application> uses "
18987
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
18988
"configuration file contains:"
18989
msgstr ""
18990
18991
#: serverguide/C/file-server.xml:268(programlisting)
18992
#, no-wrap
18993
msgid ""
18994
"\n"
18995
"auth required pam_shells.so\n"
18996
msgstr ""
18997
18998
#: serverguide/C/file-server.xml:272(para)
18999
msgid ""
19000
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
19001
"in the <filename>/etc/shells</filename> file."
19002
msgstr ""
19003
19004
#: serverguide/C/file-server.xml:277(para)
19005
msgid ""
19006
"Most popular FTP clients can be configured connect using FTPS. The "
19007
"<application>lftp</application> command line FTP client has the ability to "
19008
"use FTPS as well."
19009
msgstr ""
19010
19011
#: serverguide/C/file-server.xml:288(para)
19012
msgid ""
19013
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
19014
"website</ulink> for more information."
19015
msgstr ""
19016
19017
#: serverguide/C/file-server.xml:293(para)
19018
msgid ""
19019
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
19020
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/vsftpd.conf.5.html\""
19021
">vsftpd.conf man page</ulink>."
19022
msgstr ""
19023
19024
#: serverguide/C/file-server.xml:299(para)
19025
msgid ""
19026
"The CodeGurus article <ulink "
19027
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
19028
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
19029
"contrasting FTPS and SFTP."
19030
msgstr ""
19031
19032
#: serverguide/C/file-server.xml:310(title)
19033
msgid "Network File System (NFS)"
19034
msgstr ""
19035
19036
#: serverguide/C/file-server.xml:311(para)
19037
msgid ""
19038
"NFS allows a system to share directories and files with others over a "
19039
"network. By using NFS, users and programs can access files on remote systems "
19040
"almost as if they were local files."
19041
msgstr ""
19042
19043
#: serverguide/C/file-server.xml:317(para)
19044
msgid "Some of the most notable benefits that NFS can provide are:"
19045
msgstr ""
19046
19047
#: serverguide/C/file-server.xml:323(para)
19048
msgid ""
19049
"Local workstations use less disk space because commonly used data can be "
19050
"stored on a single machine and still remain accessible to others over the "
19051
"network."
19052
msgstr ""
19053
19054
#: serverguide/C/file-server.xml:328(para)
19055
msgid ""
19056
"There is no need for users to have separate home directories on every "
19057
"network machine. Home directories could be set up on the NFS server and made "
19058
"available throughout the network."
19059
msgstr ""
19060
19061
#: serverguide/C/file-server.xml:334(para)
19062
msgid ""
19063
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
19064
"be used by other machines on the network. This may reduce the number of "
19065
"removable media drives throughout the network."
19066
msgstr ""
19067
19068
#: serverguide/C/file-server.xml:344(para)
19069
msgid ""
19070
"At a terminal prompt enter the following command to install the NFS Server:"
19071
msgstr ""
19072
19073
#: serverguide/C/file-server.xml:350(command)
19074
msgid "sudo apt-get install nfs-kernel-server"
19075
msgstr ""
19076
19077
#: serverguide/C/file-server.xml:356(para)
19078
msgid ""
19079
"You can configure the directories to be exported by adding them to the "
19080
"<filename>/etc/exports</filename> file. For example:"
19081
msgstr ""
19082
19083
#: serverguide/C/file-server.xml:361(screen)
19084
#, no-wrap
19085
msgid ""
19086
"\n"
19087
"/ubuntu *(ro,sync,no_root_squash)\n"
19088
"/home *(rw,sync,no_root_squash)\n"
19089
msgstr ""
19090
19091
#: serverguide/C/file-server.xml:367(para)
19092
msgid ""
19093
"You can replace * with one of the hostname formats. Make the hostname "
19094
"declaration as specific as possible so unwanted systems cannot access the "
19095
"NFS mount."
19096
msgstr ""
19097
19098
#: serverguide/C/file-server.xml:373(para)
19099
msgid ""
19100
"To start the NFS server, you can run the following command at a terminal "
19101
"prompt:"
19102
msgstr ""
19103
19104
#: serverguide/C/file-server.xml:378(command)
19105
msgid "sudo /etc/init.d/nfs-kernel-server start"
19106
msgstr ""
19107
19108
#: serverguide/C/file-server.xml:383(title)
19109
msgid "NFS Client Configuration"
19110
msgstr ""
19111
19112
#: serverguide/C/file-server.xml:384(para)
19113
msgid ""
19114
"Use the <application>mount</application> command to mount a shared NFS "
19115
"directory from another machine, by typing a command line similar to the "
19116
"following at a terminal prompt:"
19117
msgstr ""
19118
19119
#: serverguide/C/file-server.xml:390(command)
19120
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
19121
msgstr ""
19122
19123
#: serverguide/C/file-server.xml:394(para)
19124
msgid ""
19125
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
19126
"There should be no files or subdirectories in the "
19127
"<filename>/local/ubuntu</filename> directory."
19128
msgstr ""
19129
19130
#: serverguide/C/file-server.xml:401(para)
19131
msgid ""
19132
"An alternate way to mount an NFS share from another machine is to add a line "
19133
"to the <filename>/etc/fstab</filename> file. The line must state the "
19134
"hostname of the NFS server, the directory on the server being exported, and "
19135
"the directory on the local machine where the NFS share is to be mounted."
19136
msgstr ""
19137
19138
#: serverguide/C/file-server.xml:409(para)
19139
msgid ""
19140
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
19141
"as follows:"
19142
msgstr ""
19143
19144
#: serverguide/C/file-server.xml:415(programlisting)
19145
#, no-wrap
19146
msgid ""
19147
"\n"
19148
"example.hostname.com:/ubuntu /local/ubuntu nfs "
19149
"rsize=8192,wsize=8192,timeo=14,intr\n"
19150
msgstr ""
19151
19152
#: serverguide/C/file-server.xml:419(para)
19153
msgid ""
19154
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
19155
"common</application> package is installed on your client. To install "
19156
"<application>nfs-common</application> enter the following command at the "
19157
"terminal prompt: <screen>\n"
19158
"<command>sudo apt-get install nfs-common</command>\n"
19159
"</screen>"
19160
msgstr ""
19161
19162
#: serverguide/C/file-server.xml:432(ulink)
19163
msgid "Linux NFS faq"
19164
msgstr ""
19165
19166
#: serverguide/C/file-server.xml:437(title)
19167
msgid "CUPS - Print Server"
19168
msgstr ""
19169
19170
#: serverguide/C/file-server.xml:438(para)
19171
msgid ""
19172
"The primary mechanism for Ubuntu printing and print services is the "
19173
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
19174
"printing system is a freely available, portable printing layer which has "
19175
"become the new standard for printing in most Linux distributions."
19176
msgstr ""
19177
19178
#: serverguide/C/file-server.xml:445(para)
19179
msgid ""
19180
"CUPS manages print jobs and queues and provides network printing using the "
19181
"standard Internet Printing Protocol (IPP), while offering support for a very "
19182
"large range of printers, from dot-matrix to laser and many in between. CUPS "
19183
"also supports PostScript Printer Description (PPD) and auto-detection of "
19184
"network printers, and features a simple web-based configuration and "
19185
"administration tool."
19186
msgstr ""
19187
19188
#: serverguide/C/file-server.xml:455(para)
19189
msgid ""
19190
"To install CUPS on your Ubuntu computer, simply use "
19191
"<application>sudo</application> with the <application>apt-get</application> "
19192
"command and give the packages to install as the first parameter. A complete "
19193
"CUPS install has many package dependencies, but they may all be specified on "
19194
"the same command line. Enter the following at a terminal prompt to install "
19195
"CUPS:"
19196
msgstr ""
19197
19198
#: serverguide/C/file-server.xml:460(command)
19199
msgid "sudo apt-get install cups"
19200
msgstr ""
19201
19202
#: serverguide/C/file-server.xml:463(para)
19203
msgid ""
19204
"Upon authenticating with your user password, the packages should be "
19205
"downloaded and installed without error. Upon the conclusion of installation, "
19206
"the CUPS server will be started automatically."
19207
msgstr ""
19208
19209
#: serverguide/C/file-server.xml:468(para)
19210
msgid ""
19211
"For troubleshooting purposes, you can access CUPS server errors via the "
19212
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
19213
"error log does not show enough information to troubleshoot any problems you "
19214
"encounter, the verbosity of the CUPS log can be increased by changing the "
19215
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
19216
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
19217
"everything, from the default of \"info\". If you make this change, remember "
19218
"to change it back once you've solved your problem, to prevent the log file "
19219
"from becoming overly large."
19220
msgstr ""
19221
19222
#: serverguide/C/file-server.xml:481(para)
19223
msgid ""
19224
"The Common UNIX Printing System server's behavior is configured through the "
19225
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
19226
"The CUPS configuration file follows the same syntax as the primary "
19227
"configuration file for the Apache HTTP server, so users familiar with "
19228
"editing Apache's configuration file should feel at ease when editing the "
19229
"CUPS configuration file. Some examples of settings you may wish to change "
19230
"initially will be presented here."
19231
msgstr ""
19232
19233
#: serverguide/C/file-server.xml:491(para)
19234
msgid ""
19235
"Prior to editing the configuration file, you should make a copy of the "
19236
"original file and protect it from writing, so you will have the original "
19237
"settings as a reference, and to reuse as necessary."
19238
msgstr ""
19239
19240
#: serverguide/C/file-server.xml:495(para)
19241
msgid ""
19242
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
19243
"writing with the following commands, issued at a terminal prompt:"
19244
msgstr ""
19245
19246
#: serverguide/C/file-server.xml:501(command)
19247
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
19248
msgstr ""
19249
19250
#: serverguide/C/file-server.xml:502(command)
19251
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
19252
msgstr ""
19253
19254
#: serverguide/C/file-server.xml:507(para)
19255
msgid ""
19256
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
19257
"address of the designated administrator of the CUPS server, simply edit the "
19258
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
19259
"preferred text editor, and add or modify the <emphasis "
19260
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
19261
"you are the Administrator for the CUPS server, and your e-mail address is "
19262
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
19263
"as such:"
19264
msgstr ""
19265
19266
#: serverguide/C/file-server.xml:518(screen)
19267
#, no-wrap
19268
msgid ""
19269
"\n"
19270
"ServerAdmin bjoy@somebigco.com\n"
19271
msgstr ""
19272
19273
#: serverguide/C/file-server.xml:524(para)
19274
msgid ""
19275
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
19276
"server installation listens only on the loopback interface at IP address "
19277
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
19278
"listen on an actual network adapter's IP address, you must specify either a "
19279
"hostname, the IP address, or optionally, an IP address/port pairing via the "
19280
"addition of a Listen directive. For example, if your CUPS server resides on "
19281
"a local network at the IP address <emphasis "
19282
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
19283
"accessible to the other systems on this subnetwork, you would edit the "
19284
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
19285
"such:"
19286
msgstr ""
19287
19288
#: serverguide/C/file-server.xml:538(screen)
19289
#, no-wrap
19290
msgid ""
19291
"\n"
19292
"Listen 127.0.0.1:631 # existing loopback Listen\n"
19293
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
19294
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
19295
"(IPP)\n"
19296
msgstr ""
19297
19298
#: serverguide/C/file-server.xml:544(para)
19299
msgid ""
19300
"In the example above, you may comment out or remove the reference to the "
19301
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
19302
"</application> to listen on that interface, but would rather have it only "
19303
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
19304
"listening for all network interfaces for which a certain hostname is bound, "
19305
"including the Loopback, you could create a Listen entry for the hostname "
19306
"<emphasis>socrates</emphasis> as such:"
19307
msgstr ""
19308
19309
#: serverguide/C/file-server.xml:554(screen)
19310
#, no-wrap
19311
msgid ""
19312
"\n"
19313
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
19314
msgstr ""
19315
19316
#: serverguide/C/file-server.xml:558(para)
19317
msgid ""
19318
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
19319
"instead, as in:"
19320
msgstr ""
19321
19322
#: serverguide/C/file-server.xml:560(screen)
19323
#, no-wrap
19324
msgid ""
19325
"\n"
19326
"Port 631 # Listen on port 631 on all interfaces\n"
19327
msgstr ""
19328
19329
#: serverguide/C/file-server.xml:567(para)
19330
msgid ""
19331
"For more examples of configuration directives in the CUPS server "
19332
"configuration file, view the associated system manual page by entering the "
19333
"following command at a terminal prompt:"
19334
msgstr ""
19335
19336
#: serverguide/C/file-server.xml:574(command)
19337
msgid "man cupsd.conf"
19338
msgstr ""
19339
19340
#: serverguide/C/file-server.xml:578(para)
19341
msgid ""
19342
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
19343
"configuration file, you'll need to restart the CUPS server by typing the "
19344
"following command at a terminal prompt:"
19345
msgstr ""
19346
19347
#: serverguide/C/file-server.xml:584(command)
19348
msgid "sudo /etc/init.d/cups restart"
19349
msgstr ""
19350
19351
#: serverguide/C/file-server.xml:590(title)
19352
msgid "Web Interface"
19353
msgstr ""
19354
19355
#: serverguide/C/file-server.xml:592(para)
19356
msgid ""
19357
"CUPS can be configured and monitored using a web interface, which by default "
19358
"is available at <ulink "
19359
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
19360
"web interface can be used to perform all printer management tasks."
19361
msgstr ""
19362
19363
#: serverguide/C/file-server.xml:596(para)
19364
msgid ""
19365
"In order to perform administrative tasks via the web interface, you must "
19366
"either have the root account enabled on your server, or authenticate as a "
19367
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
19368
"reasons, CUPS won't authenticate a user that doesn't have a password."
19369
msgstr ""
19370
19371
#: serverguide/C/file-server.xml:599(para)
19372
msgid ""
19373
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
19374
"at the terminal prompt: <screen>\n"
19375
"<command>sudo usermod -aG lpadmin username</command>\n"
19376
"</screen>"
19377
msgstr ""
19378
19379
#: serverguide/C/file-server.xml:605(para)
19380
msgid ""
19381
"Further documentation is available in the <emphasis "
19382
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
19383
msgstr ""
19384
19385
#: serverguide/C/file-server.xml:613(ulink)
19386
msgid "CUPS Website"
19387
msgstr ""
19388
19389
#: serverguide/C/dns.xml:13(title)
19390
msgid "Domain Name Service (DNS)"
19391
msgstr ""
19392
19393
#: serverguide/C/dns.xml:14(para)
19394
msgid ""
19395
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
19396
"fully qualified domain names (FQDN) to one another. In this way, DNS "
19397
"alleviates the need to remember IP addresses. Computers that run DNS are "
19398
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
19399
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
19400
"common program used for maintaining a name server on Linux."
19401
msgstr ""
19402
19403
#: serverguide/C/dns.xml:24(para)
19404
msgid ""
19405
"At a terminal prompt, enter the following command to install "
19406
"<application>dns</application>:"
19407
msgstr ""
19408
19409
#: serverguide/C/dns.xml:28(command)
19410
msgid "sudo apt-get install bind9"
19411
msgstr ""
19412
19413
#: serverguide/C/dns.xml:30(para)
19414
msgid ""
19415
"A very useful package for testing and troubleshooting DNS issues is the "
19416
"dnsutils package. To install <application>dnsutils</application> enter the "
19417
"following:"
19418
msgstr ""
19419
19420
#: serverguide/C/dns.xml:35(command)
19421
msgid "sudo apt-get install dnsutils"
19422
msgstr ""
19423
19424
#: serverguide/C/dns.xml:40(para)
19425
msgid ""
19426
"There a many ways to configure <application>BIND9</application>. Some of the "
19427
"most common configurations are a caching nameserver, primary master, and a "
19428
"as a secondary master."
19429
msgstr ""
19430
19431
#: serverguide/C/dns.xml:46(para)
19432
msgid ""
19433
"When configured as a caching nameserver BIND9 will find the answer to name "
19434
"queries and remember the answer when the domain is queried again."
19435
msgstr ""
19436
19437
#: serverguide/C/dns.xml:52(para)
19438
msgid ""
19439
"As a primary master server BIND9 reads the data for a zone from a file on "
19440
"it's host and is authoritative for that zone."
19441
msgstr ""
19442
19443
#: serverguide/C/dns.xml:57(para)
19444
msgid ""
19445
"In a secondary master configuration BIND9 gets the zone data from another "
19446
"nameserver authoritative for the zone."
19447
msgstr ""
19448
19449
#: serverguide/C/dns.xml:65(para)
19450
msgid ""
19451
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
19452
"directory. The primary configuration file is "
19453
"<filename>/etc/bind/named.conf</filename>."
19454
msgstr ""
19455
19456
#: serverguide/C/dns.xml:72(para)
19457
msgid ""
19458
"The <emphasis>include</emphasis> line specifies the filename which contains "
19459
"the DNS options. The <emphasis>directory</emphasis> line in the "
19460
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
19461
"look for files. All files BIND uses will be relative to this directory."
19462
msgstr ""
19463
19464
#: serverguide/C/dns.xml:80(para)
19465
msgid ""
19466
"The file named <filename>/etc/bind/db.root</filename> describes the root "
19467
"nameservers in the world. The servers change over time, so the "
19468
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
19469
"This is usually done as updates to the <application>bind9</application> "
19470
"package. The <emphasis>zone</emphasis> section defines a master server, and "
19471
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
19472
msgstr ""
19473
19474
#: serverguide/C/dns.xml:90(para)
19475
msgid ""
19476
"It is possible to configure the same server to be a caching name server, "
19477
"primary master, and secondary master. A server can be the Start of Authority "
19478
"(SOA) for one zone, while providing secondary service for another zone. All "
19479
"the while providing caching services for hosts on the local LAN."
19480
msgstr ""
19481
19482
#: serverguide/C/dns.xml:98(title)
19483
msgid "Caching Nameserver"
19484
msgstr ""
19485
19486
#: serverguide/C/dns.xml:99(para)
19487
msgid ""
19488
"The default configuration is setup to act as a caching server. All that is "
19489
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
19490
"uncomment and edit the following in "
19491
"<filename>/etc/bind/named.conf.options</filename>:"
19492
msgstr ""
19493
19494
#: serverguide/C/dns.xml:103(programlisting)
19495
#, no-wrap
19496
msgid ""
19497
"\n"
19498
"forwarders {\n"
19499
" 1.2.3.4;\n"
19500
" 5.6.7.8;\n"
19501
" };\n"
19502
msgstr ""
19503
19504
#: serverguide/C/dns.xml:110(para)
19505
msgid ""
19506
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
19507
"the IP Adresses of actual nameservers."
19508
msgstr ""
19509
19510
#: serverguide/C/dns.xml:114(para)
19511
msgid ""
19512
"Now restart the DNS server, to enable the new configuration. From a terminal "
19513
"prompt:"
19514
msgstr ""
19515
19516
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
19517
msgid "sudo /etc/init.d/bind9 restart"
19518
msgstr ""
19519
19520
#: serverguide/C/dns.xml:120(para)
19521
msgid ""
19522
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
19523
"DNS server."
19524
msgstr ""
19525
19526
#: serverguide/C/dns.xml:125(title)
19527
msgid "Primary Master"
19528
msgstr ""
19529
19530
#: serverguide/C/dns.xml:126(para)
19531
msgid ""
19532
"In this section <application>BIND9</application> will be configured as the "
19533
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
19534
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
19535
"(Fully Qualified Domain Name)."
19536
msgstr ""
19537
19538
#: serverguide/C/dns.xml:132(title)
19539
msgid "Forward Zone File"
19540
msgstr ""
19541
19542
#: serverguide/C/dns.xml:133(para)
19543
msgid ""
19544
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
19545
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
19546
msgstr ""
19547
19548
#: serverguide/C/dns.xml:137(programlisting)
19549
#, no-wrap
19550
msgid ""
19551
"\n"
19552
"zone \"example.com\" {\n"
19553
"\ttype master;\n"
19554
" file \"/etc/bind/db.example.com\";\n"
19555
"};\n"
19556
msgstr ""
19557
19558
#: serverguide/C/dns.xml:143(para)
19559
msgid ""
19560
"Now use an existing zone file as a template to create the "
19561
"<filename>/etc/bind/db.example.com</filename> file:"
19562
msgstr ""
19563
19564
#: serverguide/C/dns.xml:147(command)
19565
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
19566
msgstr ""
19567
19568
#: serverguide/C/dns.xml:149(para)
19569
msgid ""
19570
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
19571
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
19572
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
19573
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
19574
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
19575
"leaving the \".\" at the end."
19576
msgstr ""
19577
19578
#: serverguide/C/dns.xml:155(para)
19579
msgid ""
19580
"Also, create an <emphasis>A record</emphasis> for <emphasis "
19581
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
19582
msgstr ""
19583
19584
#: serverguide/C/dns.xml:159(programlisting)
19585
#, no-wrap
19586
msgid ""
19587
"\n"
19588
";\n"
19589
"; BIND data file for local loopback interface\n"
19590
";\n"
19591
"$TTL 604800\n"
19592
"@ IN SOA ns.example.com. root.example.com. (\n"
19593
" 2 ; Serial\n"
19594
" 604800 ; Refresh\n"
19595
" 86400 ; Retry\n"
19596
" 2419200 ; Expire\n"
19597
" 604800 ) ; Negative Cache TTL\n"
19598
";\n"
19599
"@ IN NS ns.example.com.\n"
19600
"@ IN A 127.0.0.1\n"
19601
"@ IN AAAA ::1\n"
19602
"ns IN A 192.168.1.10\n"
19603
msgstr ""
19604
19605
#: serverguide/C/dns.xml:176(para)
19606
msgid ""
19607
"You must increment the <emphasis>Serial Number</emphasis> every time you "
19608
"make changes to the zone file. If you make multiple changes before "
19609
"restarting BIND9, simply increment the Serial once."
19610
msgstr ""
19611
19612
#: serverguide/C/dns.xml:180(para)
19613
msgid ""
19614
"Now, you can add DNS records to the bottom of the zone file. See <xref "
19615
"linkend=\"dns-record-types\"/> for details."
19616
msgstr ""
19617
19618
#: serverguide/C/dns.xml:184(para)
19619
msgid ""
19620
"Many admins like to use the last date edited as the serial of a zone, such "
19621
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
19622
"<emphasis>ss</emphasis> is the Serial Number)"
19623
msgstr ""
19624
19625
#: serverguide/C/dns.xml:189(para)
19626
msgid ""
19627
"Once you have made a change to the zone file "
19628
"<application>BIND9</application> will need to be restarted for the changes "
19629
"to take effect:"
19630
msgstr ""
19631
19632
#: serverguide/C/dns.xml:198(title)
19633
msgid "Reverse Zone File"
19634
msgstr ""
19635
19636
#: serverguide/C/dns.xml:199(para)
19637
msgid ""
19638
"Now that the zone is setup and resolving names to IP Adresses a "
19639
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
19640
"DNS to resolve an address to a name."
19641
msgstr ""
19642
19643
#: serverguide/C/dns.xml:203(para)
19644
msgid "Edit /etc/bind/named.conf.local and add the following:"
19645
msgstr ""
19646
19647
#: serverguide/C/dns.xml:206(programlisting)
19648
#, no-wrap
19649
msgid ""
19650
"\n"
19651
"zone \"1.168.192.in-addr.arpa\" {\n"
19652
" type master;\n"
19653
" notify no;\n"
19654
" file \"/etc/bind/db.192\";\n"
19655
"};\n"
19656
msgstr ""
19657
19658
#: serverguide/C/dns.xml:214(para)
19659
msgid ""
19660
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
19661
"whatever network you are using. Also, name the zone file "
19662
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
19663
"first octet of your network."
19664
msgstr ""
19665
19666
#: serverguide/C/dns.xml:219(para)
19667
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
19668
msgstr ""
19669
19670
#: serverguide/C/dns.xml:223(command)
19671
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
19672
msgstr ""
19673
19674
#: serverguide/C/dns.xml:225(para)
19675
msgid ""
19676
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
19677
"same options as <filename>/etc/bind/db.example.com</filename>:"
19678
msgstr ""
19679
19680
#: serverguide/C/dns.xml:229(programlisting)
19681
#, no-wrap
19682
msgid ""
19683
"\n"
19684
";\n"
19685
"; BIND reverse data file for local loopback interface\n"
19686
";\n"
19687
"$TTL 604800\n"
19688
"@ IN SOA ns.example.com. root.example.com. (\n"
19689
" 2 ; Serial\n"
19690
" 604800 ; Refresh\n"
19691
" 86400 ; Retry\n"
19692
" 2419200 ; Expire\n"
19693
" 604800 ) ; Negative Cache TTL\n"
19694
";\n"
19695
"@ IN NS ns.\n"
19696
"10 IN PTR ns.example.com.\n"
19697
msgstr ""
19698
19699
#: serverguide/C/dns.xml:244(para)
19700
msgid ""
19701
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
19702
"incremented on each changes as well. For each <emphasis>A record</emphasis> "
19703
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
19704
"create a <emphasis>PTR record</emphasis> in "
19705
"<filename>/etc/bind/db.192</filename>."
19706
msgstr ""
19707
19708
#: serverguide/C/dns.xml:249(para)
19709
msgid ""
19710
"After creating the reverse zone file restart "
19711
"<application>BIND9</application>:"
19712
msgstr ""
19713
19714
#: serverguide/C/dns.xml:258(title)
19715
msgid "Secondary Master"
19716
msgstr ""
19717
19718
#: serverguide/C/dns.xml:259(para)
19719
msgid ""
19720
"Once a <emphasis>Primary Master</emphasis> has been configured a "
19721
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
19722
"availability of the domain should the Primary become unavailable."
19723
msgstr ""
19724
19725
#: serverguide/C/dns.xml:263(para)
19726
msgid ""
19727
"First, on the Primary Master server, the zone transfer needs to be allowed. "
19728
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
19729
"and Reverse zone definitions in "
19730
"<filename>/etc/bind/named.conf.local</filename>:"
19731
msgstr ""
19732
19733
#: serverguide/C/dns.xml:267(programlisting)
19734
#, no-wrap
19735
msgid ""
19736
"\n"
19737
"zone \"example.com\" {\n"
19738
" type master;\n"
19739
"\tfile \"/etc/bind/db.example.com\";\n"
19740
" allow-transfer { 192.168.1.11; };\n"
19741
"};\n"
19742
"\n"
19743
"zone \"1.168.192.in-addr.arpa\" {\n"
19744
" type master;\n"
19745
" notify no;\n"
19746
" file \"/etc/bind/db.192\";\n"
19747
"\tallow-transfer { 192.168.1.11; };\n"
19748
"};\n"
19749
msgstr ""
19750
19751
#: serverguide/C/dns.xml:282(para)
19752
msgid ""
19753
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
19754
"Secondary nameserver."
19755
msgstr ""
19756
19757
#: serverguide/C/dns.xml:286(para)
19758
msgid ""
19759
"Next, on the Secondary Master, install the <application>bind9</application> "
19760
"package the same way as on the Primary. Then edit the "
19761
"<filename>/etc/bind/named.conf.local</filename> and add the following "
19762
"declarations for the Forward and Reverse zones:"
19763
msgstr ""
19764
19765
#: serverguide/C/dns.xml:290(programlisting)
19766
#, no-wrap
19767
msgid ""
19768
"\n"
19769
"zone \"example.com\" {\n"
19770
"\ttype slave;\n"
19771
" file \"/var/cache/bind/db.example.com\";\n"
19772
" masters { 192.168.1.10; };\n"
19773
"}; \n"
19774
" \n"
19775
"zone \"1.168.192.in-addr.arpa\" {\n"
19776
"\ttype slave;\n"
19777
" file \"/var/cache/bind/db.192\";\n"
19778
" masters { 192.168.1.10; };\n"
19779
"};\n"
19780
msgstr ""
19781
19782
#: serverguide/C/dns.xml:304(para)
19783
msgid ""
19784
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
19785
"Primary nameserver."
19786
msgstr ""
19787
19788
#: serverguide/C/dns.xml:308(para)
19789
msgid "Restart <application>BIND9</application> on the Secondary Master:"
19790
msgstr ""
19791
19792
#: serverguide/C/dns.xml:314(para)
19793
msgid ""
19794
"In <filename>/var/log/syslog</filename> you should see something similar to:"
19795
msgstr ""
19796
19797
#: serverguide/C/dns.xml:317(programlisting)
19798
#, no-wrap
19799
msgid ""
19800
"\n"
19801
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
19802
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
19803
msgstr ""
19804
19805
#: serverguide/C/dns.xml:322(para)
19806
msgid ""
19807
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
19808
"on the Primary is larger than the one on the Secondary."
19809
msgstr ""
19810
19811
#: serverguide/C/dns.xml:328(para)
19812
msgid ""
19813
"The default directory for non-authoritative zone files is "
19814
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
19815
"<application>AppArmor</application> to allow the "
19816
"<application>named</application> daemon to write to. For more information on "
19817
"AppArmor see <xref linkend=\"apparmor\"/>."
19818
msgstr ""
19819
19820
#: serverguide/C/dns.xml:339(para)
19821
msgid ""
19822
"This section covers ways to help determine the cause when problems happen "
19823
"with DNS and <application>BIND9</application>."
19824
msgstr ""
19825
19826
#: serverguide/C/dns.xml:345(title)
19827
msgid "resolv.conf"
19828
msgstr ""
19829
19830
#: serverguide/C/dns.xml:346(para)
19831
msgid ""
19832
"The first step in testing <application>BIND9</application> is to add the "
19833
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
19834
"be configured as well as another host to double check things. Simply edit "
19835
"<filename>/etc/resolv.conf</filename> and add the following:"
19836
msgstr ""
19837
19838
#: serverguide/C/dns.xml:351(programlisting)
19839
#, no-wrap
19840
msgid ""
19841
"\n"
19842
"nameserver\t192.168.1.10\n"
19843
"nameserver\t192.168.1.11\n"
19844
msgstr ""
19845
19846
#: serverguide/C/dns.xml:356(para)
19847
msgid ""
19848
"You should also add the IP Address of the Secondary nameserver in case the "
19849
"Primary becomes unavailable."
19850
msgstr ""
19851
19852
#: serverguide/C/dns.xml:362(title)
19853
msgid "dig"
19854
msgstr ""
19855
19856
#: serverguide/C/dns.xml:363(para)
19857
msgid ""
19858
"If you installed the <application>dnsutils</application> package you can "
19859
"test your setup using the DNS lookup utility <application>dig</application>:"
19860
msgstr ""
19861
19862
#: serverguide/C/dns.xml:369(para)
19863
msgid ""
19864
"After installing <application>BIND9</application> use "
19865
"<application>dig</application> against the loopback interface to make sure "
19866
"it is listening on port 53. From a terminal prompt:"
19867
msgstr ""
19868
19869
#: serverguide/C/dns.xml:374(command)
19870
msgid "dig -x 127.0.0.1"
19871
msgstr ""
19872
19873
#: serverguide/C/dns.xml:376(para)
19874
msgid "You should see lines similar to the following in the command output:"
19875
msgstr ""
19876
19877
#: serverguide/C/dns.xml:379(programlisting)
19878
#, no-wrap
19879
msgid ""
19880
"\n"
19881
";; Query time: 1 msec\n"
19882
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
19883
msgstr ""
19884
19885
#: serverguide/C/dns.xml:385(para)
19886
msgid ""
19887
"If you have configured <application>BIND9</application> as a "
19888
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
19889
"the query time:"
19890
msgstr ""
19891
19892
#: serverguide/C/dns.xml:390(command)
19893
msgid "dig ubuntu.com"
19894
msgstr ""
19895
19896
#: serverguide/C/dns.xml:392(para)
19897
msgid "Note the query time toward the end of the command output:"
19898
msgstr ""
19899
19900
#: serverguide/C/dns.xml:395(programlisting)
19901
#, no-wrap
19902
msgid ""
19903
"\n"
19904
";; Query time: 49 msec\n"
19905
msgstr ""
19906
19907
#: serverguide/C/dns.xml:398(para)
19908
msgid "After a second dig there should be improvement:"
19909
msgstr ""
19910
19911
#: serverguide/C/dns.xml:401(programlisting)
19912
#, no-wrap
19913
msgid ""
19914
"\n"
19915
";; Query time: 1 msec\n"
19916
msgstr ""
19917
19918
#: serverguide/C/dns.xml:408(title)
19919
msgid "ping"
19920
msgstr ""
19921
19922
#: serverguide/C/dns.xml:410(para)
19923
msgid ""
19924
"Now to demonstrate how applications make use of DNS to resolve a host name "
19925
"use the <application>ping</application> utility to send an ICMP echo "
19926
"request. From a terminal prompt enter:"
19927
msgstr ""
19928
19929
#: serverguide/C/dns.xml:416(command)
19930
msgid "ping example.com"
19931
msgstr ""
19932
19933
#: serverguide/C/dns.xml:418(para)
19934
msgid ""
19935
"This tests if the nameserver can resolve the name "
19936
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
19937
"should resemble:"
19938
msgstr ""
19939
19940
#: serverguide/C/dns.xml:422(programlisting)
19941
#, no-wrap
19942
msgid ""
19943
"\n"
19944
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
19945
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
19946
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
19947
msgstr ""
19948
19949
#: serverguide/C/dns.xml:429(title)
19950
msgid "named-checkzone"
19951
msgstr ""
19952
19953
#: serverguide/C/dns.xml:430(para)
19954
msgid ""
19955
"A great way to test your zone files is by using the <application>named-"
19956
"checkzone</application> utility installed with the "
19957
"<application>bind9</application> package. This utility allows you to make "
19958
"sure the configuration is correct before restarting "
19959
"<application>BIND9</application> and making the changes live."
19960
msgstr ""
19961
19962
#: serverguide/C/dns.xml:437(para)
19963
msgid ""
19964
"To test our example Forward zone file enter the following from a command "
19965
"prompt:"
19966
msgstr ""
19967
19968
#: serverguide/C/dns.xml:441(command)
19969
msgid "named-checkzone example.com /etc/bind/db.example.com"
19970
msgstr ""
19971
19972
#: serverguide/C/dns.xml:443(para)
19973
msgid ""
19974
"If everything is configured correctly you should see output similar to:"
19975
msgstr ""
19976
19977
#: serverguide/C/dns.xml:446(programlisting)
19978
#, no-wrap
19979
msgid ""
19980
"\n"
19981
"zone example.com/IN: loaded serial 6\n"
19982
"OK\n"
19983
msgstr ""
19984
19985
#: serverguide/C/dns.xml:452(para)
19986
msgid "Similarly, to test the Reverse zone file enter the following:"
19987
msgstr ""
19988
19989
#: serverguide/C/dns.xml:456(command)
19990
msgid "named-checkzone example.com /etc/bind/db.192"
19991
msgstr ""
19992
19993
#: serverguide/C/dns.xml:458(para)
19994
msgid "The output should be similar to:"
19995
msgstr ""
19996
19997
#: serverguide/C/dns.xml:461(programlisting)
19998
#, no-wrap
19999
msgid ""
20000
"\n"
20001
"zone example.com/IN: loaded serial 3\n"
20002
"OK\n"
20003
msgstr ""
20004
20005
#: serverguide/C/dns.xml:468(para)
20006
msgid ""
20007
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
20008
"different."
20009
msgstr ""
20010
20011
#: serverguide/C/dns.xml:475(title)
20012
msgid "Logging"
20013
msgstr ""
20014
20015
#: serverguide/C/dns.xml:476(para)
20016
msgid ""
20017
"<application>BIND9</application> has a wide variety of logging configuration "
20018
"options available. There are two main options. The "
20019
"<emphasis>channel</emphasis> option configures where logs go, and the "
20020
"<emphasis>category</emphasis> option determines what information to log."
20021
msgstr ""
20022
20023
#: serverguide/C/dns.xml:480(para)
20024
msgid "If no logging option is configured the default option is:"
20025
msgstr ""
20026
20027
#: serverguide/C/dns.xml:483(programlisting)
20028
#, no-wrap
20029
msgid ""
20030
"\n"
20031
"logging {\n"
20032
" category default { default_syslog; default_debug; };\n"
20033
" category unmatched { null; };\n"
20034
"};\n"
20035
msgstr ""
20036
20037
#: serverguide/C/dns.xml:489(para)
20038
msgid ""
20039
"This section covers configuring <application>BIND9</application> to send "
20040
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
20041
"file."
20042
msgstr ""
20043
20044
#: serverguide/C/dns.xml:494(para)
20045
msgid ""
20046
"First, we need to configure a channel to specify which file to send the "
20047
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
20048
"the following:"
20049
msgstr ""
20050
20051
#: serverguide/C/dns.xml:498(programlisting)
20052
#, no-wrap
20053
msgid ""
20054
"\n"
20055
"logging {\n"
20056
" channel query.log { \n"
20057
" file \"/var/log/query.log\";\n"
20058
" severity debug 3; \n"
20059
" }; \n"
20060
"};\n"
20061
msgstr ""
20062
20063
#: serverguide/C/dns.xml:508(para)
20064
msgid "Next, configure a category to send all DNS queries to the query file:"
20065
msgstr ""
20066
20067
#: serverguide/C/dns.xml:511(programlisting)
20068
#, no-wrap
20069
msgid ""
20070
"\n"
20071
"logging {\n"
20072
" channel query.log { \n"
20073
" file \"/var/log/query.log\"; \n"
20074
" severity debug 3; \n"
20075
" }; \n"
20076
" <emphasis>category queries { query.log; };</emphasis> \n"
20077
"};\n"
20078
msgstr ""
20079
20080
#: serverguide/C/dns.xml:523(para)
20081
msgid ""
20082
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
20083
"level isn't specified level 1 is the default."
20084
msgstr ""
20085
20086
#: serverguide/C/dns.xml:529(para)
20087
msgid ""
20088
"Since the <emphasis>named daemon</emphasis> runs as the "
20089
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
20090
"file must be created and the ownership changed:"
20091
msgstr ""
20092
20093
#: serverguide/C/dns.xml:534(command)
20094
msgid "sudo touch /var/log/query.log"
20095
msgstr ""
20096
20097
#: serverguide/C/dns.xml:535(command)
20098
msgid "sudo chown bind /var/log/query.log"
20099
msgstr ""
20100
20101
#: serverguide/C/dns.xml:539(para)
20102
msgid ""
20103
"Before <application>named</application> daemon can write to the new log file "
20104
"the <application>AppArmor</application> profile must be updated. First, edit "
20105
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
20106
msgstr ""
20107
20108
#: serverguide/C/dns.xml:543(programlisting)
20109
#, no-wrap
20110
msgid ""
20111
"\n"
20112
"/var/log/query.log w,\n"
20113
msgstr ""
20114
20115
#: serverguide/C/dns.xml:546(para)
20116
msgid "Next, reload the profile:"
20117
msgstr ""
20118
20119
#: serverguide/C/dns.xml:550(command)
20120
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
20121
msgstr ""
20122
20123
#: serverguide/C/dns.xml:552(para)
20124
msgid ""
20125
"For more information on <application>AppArmor</application> see <xref "
20126
"linkend=\"apparmor\"/>"
20127
msgstr ""
20128
20129
#: serverguide/C/dns.xml:557(para)
20130
msgid ""
20131
"Now restart <application>BIND9</application> for the changes to take effect:"
20132
msgstr ""
20133
20134
#: serverguide/C/dns.xml:565(para)
20135
msgid ""
20136
"You should see the file <filename>/var/log/query.log</filename> fill with "
20137
"query information. This is a simple example of the "
20138
"<application>BIND9</application> logging options. For coverage of advanced "
20139
"options see <xref linkend=\"dns-more-info\"/>."
20140
msgstr ""
20141
20142
#: serverguide/C/dns.xml:574(title)
20143
msgid "Common Record Types"
20144
msgstr ""
20145
20146
#: serverguide/C/dns.xml:575(para)
20147
msgid "This section covers some of the most common DNS record types."
20148
msgstr ""
20149
20150
#: serverguide/C/dns.xml:580(para)
20151
msgid ""
20152
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
20153
msgstr ""
20154
20155
#: serverguide/C/dns.xml:583(programlisting)
20156
#, no-wrap
20157
msgid ""
20158
"\n"
20159
"www IN A 192.168.1.12\n"
20160
msgstr ""
20161
20162
#: serverguide/C/dns.xml:588(para)
20163
msgid ""
20164
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
20165
"record. You cannot create a CNAME record pointing to another CNAME record."
20166
msgstr ""
20167
20168
#: serverguide/C/dns.xml:591(programlisting)
20169
#, no-wrap
20170
msgid ""
20171
"\n"
20172
"web IN CNAME www\n"
20173
msgstr ""
20174
20175
#: serverguide/C/dns.xml:596(para)
20176
msgid ""
20177
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
20178
"to. Must point to an A record, not a CNAME."
20179
msgstr ""
20180
20181
#: serverguide/C/dns.xml:599(programlisting)
20182
#, no-wrap
20183
msgid ""
20184
"\n"
20185
" IN MX 1 mail.example.com.\n"
20186
"mail IN A 192.168.1.13\n"
20187
msgstr ""
20188
20189
#: serverguide/C/dns.xml:605(para)
20190
msgid ""
20191
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
20192
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
20193
"Secondary servers are defined."
20194
msgstr ""
20195
20196
#: serverguide/C/dns.xml:609(programlisting)
20197
#, no-wrap
20198
msgid ""
20199
"\n"
20200
" IN NS ns.example.com.\n"
20201
"\tIN NS ns2.example.com.\n"
20202
"ns IN A 192.168.1.10\n"
20203
"ns2\tIN A\t 192.168.1.11\n"
20204
msgstr ""
20205
20206
#: serverguide/C/dns.xml:619(title)
20207
msgid "More Information"
20208
msgstr ""
20209
20210
#: serverguide/C/dns.xml:620(para)
20211
msgid ""
20212
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
20213
"HOWTO</ulink> explains more advanced options for configuring BIND9."
20214
msgstr ""
20215
20216
#: serverguide/C/dns.xml:623(para)
20217
msgid ""
20218
"For in depth coverage of <emphasis>DNS</emphasis> and "
20219
"<application>BIND9</application> see <ulink "
20220
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
20221
msgstr ""
20222
20223
#: serverguide/C/dns.xml:626(para)
20224
msgid ""
20225
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
20226
"BIND</ulink> is a popular book now in it's fifth edition."
20227
msgstr ""
20228
20229
#: serverguide/C/dns.xml:629(para)
20230
msgid ""
20231
"A great place to ask for <application>BIND9</application> assistance, and "
20232
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20233
"server</emphasis> IRC channel on <ulink "
20234
"url=\"http://freenode.net\">freenode</ulink>."
20235
msgstr ""
20236
20237
#: serverguide/C/databases.xml:13(title)
20238
msgid "Databases"
20239
msgstr ""
20240
20241
#: serverguide/C/databases.xml:14(para)
20242
msgid "Ubuntu provides two popular database servers. They are:"
20243
msgstr ""
20244
20245
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:152(title)
20246
msgid "PostgreSQL"
20247
msgstr ""
20248
20249
#: serverguide/C/databases.xml:25(para)
20250
msgid ""
20251
"They are available in the main repository. This section explains how to "
20252
"install and configure these database servers."
20253
msgstr ""
20254
20255
#: serverguide/C/databases.xml:32(para)
20256
msgid ""
20257
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
20258
"It is intended for mission-critical, heavy-load production systems as well "
20259
"as for embedding into mass-deployed software."
20260
msgstr ""
20261
20262
#: serverguide/C/databases.xml:41(para)
20263
msgid "To install MySQL, run the following command from a terminal prompt:"
20264
msgstr ""
20265
20266
#: serverguide/C/databases.xml:46(command)
20267
msgid "sudo apt-get install mysql-server"
20268
msgstr ""
20269
20270
#: serverguide/C/databases.xml:48(para)
20271
msgid ""
20272
"During the installation process you will be prompted to enter a password for "
20273
"the <application>MySQL</application> root user."
20274
msgstr ""
20275
20276
#: serverguide/C/databases.xml:53(para)
20277
msgid ""
20278
"Once the installation is complete, the MySQL server should be started "
20279
"automatically. You can run the following command from a terminal prompt to "
20280
"check whether the MySQL server is running:"
20281
msgstr ""
20282
20283
#: serverguide/C/databases.xml:61(command)
20284
msgid "sudo netstat -tap | grep mysql"
20285
msgstr ""
20286
20287
#: serverguide/C/databases.xml:70(programlisting)
20288
#, no-wrap
20289
msgid ""
20290
"\n"
20291
"tcp 0 0 localhost:mysql *:* LISTEN "
20292
" 2556/mysqld\n"
20293
msgstr ""
20294
20295
#: serverguide/C/databases.xml:74(para)
20296
msgid ""
20297
"If the server is not running correctly, you can type the following command "
20298
"to start it:"
20299
msgstr ""
20300
20301
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
20302
msgid "sudo /etc/init.d/mysql restart"
20303
msgstr ""
20304
20305
#: serverguide/C/databases.xml:85(para)
20306
msgid ""
20307
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
20308
"the basic settings -- log file, port number, etc. For example, to configure "
20309
"<application>MySQL</application> to listen for connections from network "
20310
"hosts, change the <emphasis>bind_address</emphasis> directive to the "
20311
"server's IP address:"
20312
msgstr ""
20313
20314
#: serverguide/C/databases.xml:91(programlisting)
20315
#, no-wrap
20316
msgid ""
20317
"\n"
20318
"bind-address = 192.168.0.5\n"
20319
msgstr ""
20320
20321
#: serverguide/C/databases.xml:95(para)
20322
msgid "Replace 192.168.0.5 with the appropriate address."
20323
msgstr ""
20324
20325
#: serverguide/C/databases.xml:99(para)
20326
msgid ""
20327
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
20328
"<application>mysql</application> daemon will need to be restarted:"
20329
msgstr ""
20330
20331
#: serverguide/C/databases.xml:107(para)
20332
msgid ""
20333
"If you would like to change the "
20334
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
20335
"terminal enter:"
20336
msgstr ""
20337
20338
#: serverguide/C/databases.xml:113(command)
20339
msgid "sudo dpkg-reconfigure mysql-server-5.0"
20340
msgstr ""
20341
20342
#: serverguide/C/databases.xml:116(para)
20343
msgid ""
20344
"The <application>mysql</application> daemon will be stopped, and you will be "
20345
"prompted to enter a new password."
20346
msgstr ""
20347
20348
#: serverguide/C/databases.xml:125(para)
20349
msgid ""
20350
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
20351
"more information."
20352
msgstr ""
20353
20354
#: serverguide/C/databases.xml:130(para)
20355
msgid ""
20356
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
20357
"<application>mysql-doc-5.0</application> package. To install the package "
20358
"enter the following in a terminal:"
20359
msgstr ""
20360
20361
#: serverguide/C/databases.xml:135(command)
20362
msgid "sudo apt-get install mysql-doc-5.0"
20363
msgstr ""
20364
20365
#: serverguide/C/databases.xml:137(para)
20366
msgid ""
20367
"The documentation is in HTML format, to view them enter "
20368
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
20369
"chapter/index.html</command> in your browser's address bar."
20370
msgstr ""
20371
20372
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:285(para)
20373
msgid ""
20374
"For general SQL information see <ulink "
20375
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
20376
"Special Edition</ulink> by Rafe Colburn."
20377
msgstr ""
20378
20379
#: serverguide/C/databases.xml:153(para)
20380
msgid ""
20381
"PostgreSQL is an object-relational database system that has the features of "
20382
"traditional commercial database systems with enhancements to be found in "
20383
"next-generation DBMS systems."
20384
msgstr ""
20385
20386
#: serverguide/C/databases.xml:160(para)
20387
msgid ""
20388
"To install PostgreSQL, run the following command in the command prompt:"
20389
msgstr ""
20390
20391
#: serverguide/C/databases.xml:167(command)
20392
msgid "sudo apt-get install postgresql"
20393
msgstr ""
20394
20395
#: serverguide/C/databases.xml:171(para)
20396
msgid ""
20397
"Once the installation is complete, you should configure the PostgreSQL "
20398
"server based on your needs, although the default configuration is viable."
20399
msgstr ""
20400
20401
#: serverguide/C/databases.xml:179(para)
20402
msgid ""
20403
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
20404
"client authentication methods. By default, IDENT authentication method is "
20405
"used for <application>postgres</application> and local users. Please refer "
20406
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
20407
"PostgreSQL Administrator's Guide</ulink>."
20408
msgstr ""
20409
20410
#: serverguide/C/databases.xml:186(para)
20411
msgid ""
20412
"The following discussion assumes that you wish to enable TCP/IP connections "
20413
"and use the MD5 method for client authentication. PostgreSQL configuration "
20414
"files are stored in the "
20415
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
20416
"example, if you install PostgreSQL 8.4, the configuration files are stored "
20417
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
20418
msgstr ""
20419
20420
#: serverguide/C/databases.xml:196(para)
20421
msgid ""
20422
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
20423
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
20424
msgstr ""
20425
20426
#: serverguide/C/databases.xml:203(para)
20427
msgid ""
20428
"To enable TCP/IP connections, edit the file "
20429
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
20430
msgstr ""
20431
20432
#: serverguide/C/databases.xml:205(para)
20433
msgid ""
20434
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
20435
"change it to:"
20436
msgstr ""
20437
20438
#: serverguide/C/databases.xml:208(programlisting)
20439
#, no-wrap
20440
msgid ""
20441
"\n"
20442
"listen_addresses = 'localhost'\n"
20443
msgstr ""
20444
20445
#: serverguide/C/databases.xml:212(para)
20446
msgid ""
20447
"To allow other computers to connect to your "
20448
"<application>PostgreSQL</application> server replace 'localhost' with the "
20449
"<emphasis>IP Address</emphasis> of your server."
20450
msgstr ""
20451
20452
#: serverguide/C/databases.xml:217(para)
20453
msgid ""
20454
"You may also edit all other parameters, if you know what you are doing! For "
20455
"details, refer to the configuration file or to the PostgreSQL documentation."
20456
msgstr ""
20457
20458
#: serverguide/C/databases.xml:222(para)
20459
msgid ""
20460
"Now that we can connect to our <application>PostgreSQL</application> server, "
20461
"the next step is to set a password for the <emphasis>postgres</emphasis> "
20462
"user. Run the following command at a terminal prompt to connect to the "
20463
"default PostgreSQL template database:"
20464
msgstr ""
20465
20466
#: serverguide/C/databases.xml:229(command)
20467
msgid "sudo -u postgres psql template1"
20468
msgstr ""
20469
20470
#: serverguide/C/databases.xml:231(para)
20471
msgid ""
20472
"The above command connects to PostgreSQL database "
20473
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
20474
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
20475
"run the following SQL command at the <application>psql</application> prompt "
20476
"to configure the password for the user <emphasis "
20477
"role=\"italics\">postgres</emphasis>."
20478
msgstr ""
20479
20480
#: serverguide/C/databases.xml:239(command)
20481
msgid "ALTER USER postgres with encrypted password 'your_password';"
20482
msgstr ""
20483
20484
#: serverguide/C/databases.xml:241(para)
20485
msgid ""
20486
"After configuring the password, edit the file "
20487
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
20488
"<emphasis>MD5</emphasis> authentication with the "
20489
"<emphasis>postgres</emphasis> user:"
20490
msgstr ""
20491
20492
#: serverguide/C/databases.xml:247(programlisting)
20493
#, no-wrap
20494
msgid ""
20495
"\n"
20496
"local all postgres md5 sameuser\n"
20497
msgstr ""
20498
20499
#: serverguide/C/databases.xml:251(para)
20500
msgid ""
20501
"Finally, you should restart the <application>PostgreSQL</application> "
20502
"service to initialize the new configuration. From a terminal prompt enter "
20503
"the following to restart <application>PostgreSQL</application>:"
20504
msgstr ""
20505
20506
#: serverguide/C/databases.xml:257(command)
20507
msgid "sudo /etc/init.d/postgresql-8.4 restart"
20508
msgstr ""
20509
20510
#: serverguide/C/databases.xml:260(para)
20511
msgid ""
20512
"The above configuration is not complete by any means. Please refer <ulink "
20513
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
20514
"Administrator's Guide</ulink> to configure more parameters."
20515
msgstr ""
20516
20517
#: serverguide/C/databases.xml:271(para)
20518
msgid ""
20519
"As mentioned above the <ulink "
20520
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
20521
"Guide</ulink> is an excellent resource. The guide is also available in the "
20522
"<application>postgresql-doc-8.4</application> package. Execute the following "
20523
"in a terminal to install the package:"
20524
msgstr ""
20525
20526
#: serverguide/C/databases.xml:277(command)
20527
msgid "sudo apt-get install postgresql-doc-8.4"
20528
msgstr ""
20529
20530
#: serverguide/C/databases.xml:279(para)
20531
msgid ""
20532
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
20533
"8.4/html/index.html</command> into the address bar of your browser."
20534
msgstr ""
20535
20536
#: serverguide/C/clustering.xml:13(title)
20537
msgid "Clustering"
20538
msgstr ""
20539
20540
#: serverguide/C/clustering.xml:16(title)
20541
msgid "DRBD"
20542
msgstr ""
20543
20544
#: serverguide/C/clustering.xml:18(para)
20545
msgid ""
20546
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
20547
"multiple hosts. The replication is transparent to other applications on the "
20548
"host systems. Any block device hard disks, partitions, RAID devices, logical "
20549
"volumes, etc can be mirrored."
20550
msgstr ""
20551
20552
#: serverguide/C/clustering.xml:24(para)
20553
msgid ""
20554
"To get started using <application>drbd</application>, first install the "
20555
"necessary packages. From a terminal enter:"
20556
msgstr ""
20557
20558
#: serverguide/C/clustering.xml:29(command)
20559
msgid "sudo apt-get install drbd8-utils"
20560
msgstr ""
20561
20562
#: serverguide/C/clustering.xml:33(para)
20563
msgid ""
20564
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
20565
"virtual machine you will need to manually compile the "
20566
"<application>drbd</application> module. It may be easier to install the "
20567
"<application>linux-server</application> package inside the virtual machine."
20568
msgstr ""
20569
20570
#: serverguide/C/clustering.xml:40(para)
20571
msgid ""
20572
"This section covers setting up a <application>drbd</application> to "
20573
"replicate a separate <filename>/srv</filename> partition, with an "
20574
"<application>ext3</application> filesystem between two hosts. The partition "
20575
"size is not particularly relevant, but both partitions need to be the same "
20576
"size."
20577
msgstr ""
20578
20579
#: serverguide/C/clustering.xml:49(para)
20580
msgid ""
20581
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
20582
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
20583
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
20584
"See <xref linkend=\"dns\"/> for details."
20585
msgstr ""
20586
20587
#: serverguide/C/clustering.xml:57(para)
20588
msgid ""
20589
"To configure <application>drbd</application>, on the first host edit "
20590
"<filename>/etc/drbd.conf</filename>:"
20591
msgstr ""
20592
20593
#: serverguide/C/clustering.xml:61(programlisting)
20594
#, no-wrap
20595
msgid ""
20596
"\n"
20597
"global { usage-count no; }\n"
20598
"common { syncer { rate 100M; } }\n"
20599
"resource r0 {\n"
20600
" protocol C;\n"
20601
" startup {\n"
20602
" wfc-timeout 15;\n"
20603
" degr-wfc-timeout 60;\n"
20604
" }\n"
20605
" net {\n"
20606
" cram-hmac-alg sha1;\n"
20607
" shared-secret \"secret\";\n"
20608
" }\n"
20609
" on drbd01 {\n"
20610
" device /dev/drbd0;\n"
20611
" disk /dev/sdb1;\n"
20612
" address 192.168.0.1:7788;\n"
20613
" meta-disk internal;\n"
20614
" }\n"
20615
" on drbd02 {\n"
20616
" device /dev/drbd0;\n"
20617
" disk /dev/sdb1;\n"
20618
" address 192.168.0.2:7788;\n"
20619
" meta-disk internal;\n"
20620
" }\n"
20621
"} \n"
20622
msgstr ""
20623
20624
#: serverguide/C/clustering.xml:90(para)
20625
msgid ""
20626
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
20627
"this example their default values are fine."
20628
msgstr ""
20629
20630
#: serverguide/C/clustering.xml:98(para)
20631
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
20632
msgstr ""
20633
20634
#: serverguide/C/clustering.xml:103(command)
20635
msgid "scp /etc/drbd.conf drbd02:~"
20636
msgstr ""
20637
20638
#: serverguide/C/clustering.xml:109(para)
20639
msgid ""
20640
"And, on <emphasis>drbd02</emphasis> move the file to "
20641
"<filename>/etc</filename>:"
20642
msgstr ""
20643
20644
#: serverguide/C/clustering.xml:114(command)
20645
msgid "sudo mv drbd.conf /etc/"
20646
msgstr ""
20647
20648
#: serverguide/C/clustering.xml:120(para)
20649
msgid ""
20650
"Next, on both hosts, start the <application>drbd</application> daemon:"
20651
msgstr ""
20652
20653
#: serverguide/C/clustering.xml:125(command)
20654
msgid "sudo /etc/init.d/drbd start"
20655
msgstr ""
20656
20657
#: serverguide/C/clustering.xml:131(para)
20658
msgid ""
20659
"Now using the <application>drbdadm</application> utility initialize the meta "
20660
"data storage. On each server execute:"
20661
msgstr ""
20662
20663
#: serverguide/C/clustering.xml:137(command)
20664
msgid "sudo drbdadm create-md r0"
20665
msgstr ""
20666
20667
#: serverguide/C/clustering.xml:143(para)
20668
msgid ""
20669
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
20670
"primary, enter the following:"
20671
msgstr ""
20672
20673
#: serverguide/C/clustering.xml:148(command)
20674
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
20675
msgstr ""
20676
20677
#: serverguide/C/clustering.xml:154(para)
20678
msgid ""
20679
"After executing the above command, the data will start syncing with the "
20680
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
20681
"the following:"
20682
msgstr ""
20683
20684
#: serverguide/C/clustering.xml:160(command)
20685
msgid "watch -n1 cat /proc/drbd"
20686
msgstr ""
20687
20688
#: serverguide/C/clustering.xml:163(para)
20689
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
20690
msgstr ""
20691
20692
#: serverguide/C/clustering.xml:170(para)
20693
msgid ""
20694
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
20695
msgstr ""
20696
20697
#: serverguide/C/clustering.xml:175(command)
20698
msgid "sudo mkfs.ext3 /dev/drbd0"
20699
msgstr ""
20700
20701
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
20702
msgid "sudo mount /dev/drbd0 /srv"
20703
msgstr ""
20704
20705
#: serverguide/C/clustering.xml:186(para)
20706
msgid ""
20707
"To test that the data is actually syncing between the hosts copy some files "
20708
"on the <emphasis>drbd01</emphasis>, the primary, to "
20709
"<filename>/srv</filename>:"
20710
msgstr ""
20711
20712
#: serverguide/C/clustering.xml:195(para)
20713
msgid "Next, unmount <filename>/srv</filename>:"
20714
msgstr ""
20715
20716
#: serverguide/C/clustering.xml:203(para)
20717
msgid ""
20718
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
20719
"<emphasis>secondary</emphasis> role:"
20720
msgstr ""
20721
20722
#: serverguide/C/clustering.xml:208(command)
20723
msgid "sudo drbdadm secondary r0"
20724
msgstr ""
20725
20726
#: serverguide/C/clustering.xml:211(para)
20727
msgid ""
20728
"Now on the <emphasis>secondary</emphasis> server "
20729
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
20730
msgstr ""
20731
20732
#: serverguide/C/clustering.xml:216(command)
20733
msgid "sudo drbdadm primary r0"
20734
msgstr ""
20735
20736
#: serverguide/C/clustering.xml:219(para)
20737
msgid "Lastly, mount the partition:"
20738
msgstr ""
20739
20740
#: serverguide/C/clustering.xml:227(para)
20741
msgid ""
20742
"Using <emphasis>ls</emphasis> you should see "
20743
"<filename>/srv/default</filename> copied from the former "
20744
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
20745
msgstr ""
20746
20747
#: serverguide/C/clustering.xml:238(para)
20748
msgid ""
20749
"For more information on <application>DRBD</application> see the <ulink "
20750
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
20751
msgstr ""
20752
20753
#: serverguide/C/clustering.xml:243(para)
20754
msgid ""
20755
"The <ulink "
20756
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">d"
20757
"rbd.conf man page</ulink> contains details on the options not covered in "
20758
"this guide."
20759
msgstr ""
20760
20761
#: serverguide/C/clustering.xml:249(para)
20762
msgid ""
20763
"Also, see the <ulink "
20764
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drb"
20765
"dadm man page</ulink>."
20766
msgstr ""
20767
20768
#: serverguide/C/chat.xml:13(title)
20769
msgid "Chat Applications"
20770
msgstr ""
20771
20772
#: serverguide/C/chat.xml:19(para)
20773
msgid ""
20774
"In this section, we will discuss how to install and configure a IRC server, "
20775
"<application>ircd-irc2</application>. We will also discuss how to install "
20776
"and configure Jabber, an instance messaging server."
20777
msgstr ""
20778
20779
#: serverguide/C/chat.xml:28(title)
20780
msgid "IRC Server"
20781
msgstr ""
20782
20783
#: serverguide/C/chat.xml:30(para)
20784
msgid ""
20785
"The Ubuntu repository has many Internet Relay Chat servers. This section "
20786
"explains how to install and configure the original IRC server "
20787
"<application>ircd-irc2</application>."
20788
msgstr ""
20789
20790
#: serverguide/C/chat.xml:39(para)
20791
msgid ""
20792
"To install <application>ircd-irc2</application>, run the following command "
20793
"in the command prompt:"
20794
msgstr ""
20795
20796
#: serverguide/C/chat.xml:45(command)
20797
msgid "sudo apt-get install ircd-irc2"
20798
msgstr ""
20799
20800
#: serverguide/C/chat.xml:48(para)
20801
msgid ""
20802
"The configuration files are stored in <filename>/etc/ircd</filename> "
20803
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
20804
"irc2</filename> directory."
20805
msgstr ""
20806
20807
#: serverguide/C/chat.xml:59(para)
20808
msgid ""
20809
"The IRC settings can be done in the configuration file "
20810
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
20811
"this file by editing the following line:"
20812
msgstr ""
20813
20814
#: serverguide/C/chat.xml:64(programlisting)
20815
#, no-wrap
20816
msgid ""
20817
"\n"
20818
"M:irc.localhost::Debian ircd default configuration::000A\n"
20819
msgstr ""
20820
20821
#: serverguide/C/chat.xml:68(para)
20822
msgid ""
20823
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
20824
"you set irc.livecipher.com as IRC host name, please make sure "
20825
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
20826
"name should not be same as the host name."
20827
msgstr ""
20828
20829
#: serverguide/C/chat.xml:75(para)
20830
msgid ""
20831
"The IRC admin details can be configured by editting the following line:"
20832
msgstr ""
20833
20834
#: serverguide/C/chat.xml:80(programlisting)
20835
#, no-wrap
20836
msgid ""
20837
"\n"
20838
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
20839
"Server::IRCnet:\n"
20840
msgstr ""
20841
20842
#: serverguide/C/chat.xml:84(para)
20843
msgid ""
20844
"You should add specific lines to configure the list of IRC ports to listen "
20845
"on, to configure Operator credentials, to configure client authentication, "
20846
"etc. For details, please refer to the example configuration file "
20847
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
20848
msgstr ""
20849
20850
#: serverguide/C/chat.xml:92(para)
20851
msgid ""
20852
"The IRC banner to be displayed in the IRC client, when the user connects to "
20853
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
20854
msgstr ""
20855
20856
#: serverguide/C/chat.xml:97(para)
20857
msgid ""
20858
"After making necessary changes to the configuration file, you can restart "
20859
"the IRC server using following command:"
20860
msgstr ""
20861
20862
#: serverguide/C/chat.xml:101(programlisting)
20863
#, no-wrap
20864
msgid ""
20865
"\n"
20866
"sudo /etc/init.d/ircd-irc2 restart\n"
20867
msgstr ""
20868
20869
#: serverguide/C/chat.xml:109(para)
20870
msgid ""
20871
"You may also be interested to take a look at other IRC servers available in "
20872
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
20873
"<application>ircd-hybrid</application>."
20874
msgstr ""
20875
20876
#: serverguide/C/chat.xml:117(para)
20877
msgid ""
20878
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
20879
"FAQ</ulink> for more details about the IRC Server."
20880
msgstr ""
20881
20882
#: serverguide/C/chat.xml:127(title)
20883
msgid "Jabber Instant Messaging Server"
20884
msgstr ""
20885
20886
#: serverguide/C/chat.xml:129(para)
20887
msgid ""
20888
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
20889
"XMPP, an open standard for instant messaging, and used by many popular "
20890
"applications. This section covers setting up a <emphasis>Jabberd "
20891
"2</emphasis> server on a local LAN. This configuration can also be adapted "
20892
"to providing messaging services to users over the Internet."
20893
msgstr ""
20894
20895
#: serverguide/C/chat.xml:138(para)
20896
msgid "To install <application>jabberd2</application>, in a terminal enter:"
20897
msgstr ""
20898
20899
#: serverguide/C/chat.xml:143(command)
20900
msgid "sudo apt-get install jabberd2"
20901
msgstr ""
20902
20903
#: serverguide/C/chat.xml:150(para)
20904
msgid ""
20905
"A couple of XML configuration files will be used to configure "
20906
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
20907
"authentication. This is a very simple form of authentication. However, "
20908
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
20909
"Postgresql, etc for for user authentication."
20910
msgstr ""
20911
20912
#: serverguide/C/chat.xml:157(para)
20913
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
20914
msgstr ""
20915
20916
#: serverguide/C/chat.xml:161(programlisting)
20917
#, no-wrap
20918
msgid ""
20919
"\n"
20920
" <id>jabber.example.com</id>\n"
20921
msgstr ""
20922
20923
#: serverguide/C/chat.xml:166(para)
20924
msgid ""
20925
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
20926
"id, of your server."
20927
msgstr ""
20928
20929
#: serverguide/C/chat.xml:171(para)
20930
msgid "Now in the <storage> section change the <driver> to:"
20931
msgstr ""
20932
20933
#: serverguide/C/chat.xml:175(programlisting)
20934
#, no-wrap
20935
msgid ""
20936
"\n"
20937
" <driver>db</driver>\n"
20938
msgstr ""
20939
20940
#: serverguide/C/chat.xml:179(para)
20941
msgid ""
20942
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
20943
"<emphasis><local></emphasis> section change:"
20944
msgstr ""
20945
20946
#: serverguide/C/chat.xml:183(programlisting)
20947
#, no-wrap
20948
msgid ""
20949
"\n"
20950
" <id>jabber.example.com</id>\n"
20951
msgstr ""
20952
20953
#: serverguide/C/chat.xml:187(para)
20954
msgid ""
20955
"And in the <authreg> section adjust the <module> section to:"
20956
msgstr ""
20957
20958
#: serverguide/C/chat.xml:191(programlisting)
20959
#, no-wrap
20960
msgid ""
20961
"\n"
20962
" <module>db</module>\n"
20963
msgstr ""
20964
20965
#: serverguide/C/chat.xml:195(para)
20966
msgid ""
20967
"Finally, restart <application>jabberd2</application> to enable the new "
20968
"settings:"
20969
msgstr ""
20970
20971
#: serverguide/C/chat.xml:200(command)
20972
msgid "sudo /etc/init.d/jabberd2 restart"
20973
msgstr ""
20974
20975
#: serverguide/C/chat.xml:203(para)
20976
msgid ""
20977
"You should now be able to connect to the server using a Jabber client like "
20978
"<application>Pidgin</application> for example."
20979
msgstr ""
20980
20981
#: serverguide/C/chat.xml:208(para)
20982
msgid ""
20983
"The advantage of using Berkeley DB for user data is that after being "
20984
"configured no additional maintenance is required. If you need more control "
20985
"over user accounts and credentials another authentication method is "
20986
"recommended."
20987
msgstr ""
20988
20989
#: serverguide/C/chat.xml:220(para)
20990
msgid ""
20991
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
20992
"Site</ulink> contains more details on configuring "
20993
"<application>Jabberd2</application>."
20994
msgstr ""
20995
20996
#: serverguide/C/chat.xml:226(para)
20997
msgid ""
20998
"For more authentication options see the <ulink "
20999
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
21000
"Guide</ulink>."
21001
msgstr ""
21002
21003
#: serverguide/C/backups.xml:13(title)
21004
msgid "Backups"
21005
msgstr ""
21006
21007
#: serverguide/C/backups.xml:14(para)
21008
msgid ""
21009
"There are many ways to backup an Ubuntu installation. The most important "
21010
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
21011
"consisting of what to backup, where to back it up to, and how to restore it."
21012
msgstr ""
21013
21014
#: serverguide/C/backups.xml:18(para)
21015
msgid ""
21016
"The following sections discuss various ways of accomplishing these tasks."
21017
msgstr ""
21018
21019
#: serverguide/C/backups.xml:22(title)
21020
msgid "Shell Scripts"
21021
msgstr ""
21022
21023
#: serverguide/C/backups.xml:23(para)
21024
msgid ""
21025
"One of the simplest ways to backup a system is using a <emphasis>shell "
21026
"script</emphasis>. For example, a script can be used to configure which "
21027
"directories to backup, and use those directories as arguments to the "
21028
"<application>tar</application> utility creating an archive file. The archive "
21029
"file can then be moved or copied to another location. The archive can also "
21030
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
21031
msgstr ""
21032
21033
#: serverguide/C/backups.xml:29(para)
21034
msgid ""
21035
"The <application>tar</application> utility creates one archive file out of "
21036
"many files or directories. <application>tar</application> can also filter "
21037
"the files through compression utilities reducing the size of the archive "
21038
"file."
21039
msgstr ""
21040
21041
#: serverguide/C/backups.xml:35(title)
21042
msgid "Simple Shell Script"
21043
msgstr ""
21044
21045
#: serverguide/C/backups.xml:36(para)
21046
msgid ""
21047
"The following shell script uses <application>tar</application> to create an "
21048
"archive file on a remotely mounted NFS file system. The archive filename is "
21049
"determined using additional command line utilities."
21050
msgstr ""
21051
21052
#: serverguide/C/backups.xml:40(programlisting)
21053
#, no-wrap
21054
msgid ""
21055
"\n"
21056
"#!/bin/sh\n"
21057
"####################################\n"
21058
"#\n"
21059
"# Backup to NFS mount script.\n"
21060
"#\n"
21061
"####################################\n"
21062
"\n"
21063
"# What to backup. \n"
21064
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
21065
"\n"
21066
"# Where to backup to.\n"
21067
"dest=\"/mnt/backup\"\n"
21068
"\n"
21069
"# Create archive filename.\n"
21070
"day=$(date +%A)\n"
21071
"hostname=$(hostname -s)\n"
21072
"archive_file=\"$hostname-$day.tgz\"\n"
21073
"\n"
21074
"# Print start status message.\n"
21075
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
21076
"date\n"
21077
"echo\n"
21078
"\n"
21079
"# Backup the files using tar.\n"
21080
"tar czf $dest/$archive_file $backup_files\n"
21081
"\n"
21082
"# Print end status message.\n"
21083
"echo\n"
21084
"echo \"Backup finished\"\n"
21085
"date\n"
21086
"\n"
21087
"# Long listing of files in $dest to check file sizes.\n"
21088
"ls -lh $dest\n"
21089
msgstr ""
21090
21091
#: serverguide/C/backups.xml:77(para)
21092
msgid ""
21093
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
21094
"would like to backup. The list should be customized to fit your needs."
21095
msgstr ""
21096
21097
#: serverguide/C/backups.xml:83(para)
21098
msgid ""
21099
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
21100
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
21101
"day of the week, giving a backup history of seven days. There are other ways "
21102
"to accomplish this including other ways using the "
21103
"<application>date</application> utility."
21104
msgstr ""
21105
21106
#: serverguide/C/backups.xml:90(para)
21107
msgid ""
21108
"<emphasis>$hostname:</emphasis> variable containing the "
21109
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
21110
"archive filename gives you the option of placing daily archive files from "
21111
"multiple systems in the same directory."
21112
msgstr ""
21113
21114
#: serverguide/C/backups.xml:97(para)
21115
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
21116
msgstr ""
21117
21118
#: serverguide/C/backups.xml:102(para)
21119
msgid ""
21120
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
21121
"needs to be created and in this case <emphasis>mounted</emphasis> before "
21122
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
21123
"details using <emphasis>NFS</emphasis>."
21124
msgstr ""
21125
21126
#: serverguide/C/backups.xml:109(para)
21127
msgid ""
21128
"<emphasis>status messages:</emphasis> optional messages printed to the "
21129
"console using the <application>echo</application> utility."
21130
msgstr ""
21131
21132
#: serverguide/C/backups.xml:115(para)
21133
msgid ""
21134
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
21135
"<application>tar</application> command used to create the archive file."
21136
msgstr ""
21137
21138
#: serverguide/C/backups.xml:121(para)
21139
msgid "<emphasis>c:</emphasis> creates an archive."
21140
msgstr ""
21141
21142
#: serverguide/C/backups.xml:126(para)
21143
msgid ""
21144
"<emphasis>z:</emphasis> filter the archive through the "
21145
"<application>gzip</application> utility compressing the archive."
21146
msgstr ""
21147
21148
#: serverguide/C/backups.xml:131(para)
21149
msgid ""
21150
"<emphasis>f:</emphasis> use archive file. Otherwise the "
21151
"<application>tar</application> output will be sent to STDOUT."
21152
msgstr ""
21153
21154
#: serverguide/C/backups.xml:138(para)
21155
msgid ""
21156
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
21157
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
21158
"of the destination directory. This is useful for a quick file size check of "
21159
"the archive file. This check should not replace testing the archive file."
21160
msgstr ""
21161
21162
#: serverguide/C/backups.xml:145(para)
21163
msgid ""
21164
"This is a simple example of a backup shell script. There are large amount of "
21165
"options that can be included in a backup script. See <xref linkend=\"backup-"
21166
"shellscript-references\"/> for links to resources providing more in depth "
21167
"shell scripting information."
21168
msgstr ""
21169
21170
#: serverguide/C/backups.xml:152(title)
21171
msgid "Executing the Script"
21172
msgstr ""
21173
21174
#: serverguide/C/backups.xml:154(title)
21175
msgid "Executing from a Terminal"
21176
msgstr ""
21177
21178
#: serverguide/C/backups.xml:155(para)
21179
msgid ""
21180
"The simplest way of executing the above backup script is to copy and paste "
21181
"the contents into a file. <filename>backup.sh</filename> for example. Then "
21182
"from a terminal prompt:"
21183
msgstr ""
21184
21185
#: serverguide/C/backups.xml:160(command)
21186
msgid "sudo bash backup.sh"
21187
msgstr ""
21188
21189
#: serverguide/C/backups.xml:162(para)
21190
msgid ""
21191
"This is a great way to test the script to make sure everything works as "
21192
"expected."
21193
msgstr ""
21194
21195
#: serverguide/C/backups.xml:167(title)
21196
msgid "Executing with cron"
21197
msgstr ""
21198
21199
#: serverguide/C/backups.xml:168(para)
21200
msgid ""
21201
"The <application>cron</application> utility can be used to automate the "
21202
"script execution. The <application>cron</application> daemon allows the "
21203
"execution of scripts, or commands, at a specified time and date."
21204
msgstr ""
21205
21206
#: serverguide/C/backups.xml:172(para)
21207
msgid ""
21208
"<application>cron</application> is configured through entries in a "
21209
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
21210
"separated into fields:"
21211
msgstr ""
21212
21213
#: serverguide/C/backups.xml:176(programlisting)
21214
#, no-wrap
21215
msgid ""
21216
"\n"
21217
"# m h dom mon dow command\n"
21218
msgstr ""
21219
21220
#: serverguide/C/backups.xml:181(para)
21221
msgid ""
21222
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
21223
msgstr ""
21224
21225
#: serverguide/C/backups.xml:186(para)
21226
msgid ""
21227
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
21228
msgstr ""
21229
21230
#: serverguide/C/backups.xml:191(para)
21231
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
21232
msgstr ""
21233
21234
#: serverguide/C/backups.xml:196(para)
21235
msgid ""
21236
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
21237
msgstr ""
21238
21239
#: serverguide/C/backups.xml:201(para)
21240
msgid ""
21241
"<emphasis>dow:</emphasis> the day of the week the command executes on "
21242
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
21243
"valid."
21244
msgstr ""
21245
21246
#: serverguide/C/backups.xml:206(para)
21247
msgid "<emphasis>command:</emphasis> the command to execute."
21248
msgstr ""
21249
21250
#: serverguide/C/backups.xml:211(para)
21251
msgid ""
21252
"To add or change entries in a <filename>crontab</filename> file the "
21253
"<application>crontab -e</application> command should be used. Also, the "
21254
"contents of a <filename>crontab</filename> file can be viewed using the "
21255
"<application>crontab -l</application> command."
21256
msgstr ""
21257
21258
#: serverguide/C/backups.xml:215(para)
21259
msgid ""
21260
"To execute the <application>backup.sh</application> script listed above "
21261
"using <application>cron</application>. Enter the following from a terminal "
21262
"prompt:"
21263
msgstr ""
21264
21265
#: serverguide/C/backups.xml:220(command)
21266
msgid "sudo crontab -e"
21267
msgstr ""
21268
21269
#: serverguide/C/backups.xml:223(para)
21270
msgid ""
21271
"Using <application>sudo</application> with the <application>crontab -"
21272
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
21273
"This is necessary if you are backing up directories only the root user has "
21274
"access to."
21275
msgstr ""
21276
21277
#: serverguide/C/backups.xml:228(para)
21278
msgid "Add the following entry to the <filename>crontab</filename> file:"
21279
msgstr ""
21280
21281
#: serverguide/C/backups.xml:231(programlisting)
21282
#, no-wrap
21283
msgid ""
21284
"\n"
21285
"# m h dom mon dow command\n"
21286
"0 0 * * * bash /usr/local/bin/backup.sh\n"
21287
msgstr ""
21288
21289
#: serverguide/C/backups.xml:235(para)
21290
msgid ""
21291
"The <application>backup.sh</application> script will now be executed every "
21292
"day at 12:00 am."
21293
msgstr ""
21294
21295
#: serverguide/C/backups.xml:239(para)
21296
msgid ""
21297
"The <application>backup.sh</application> script will need to be copied to "
21298
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
21299
"to execute properly. The script can reside anywhere on the file system "
21300
"simply change the script path appropriately."
21301
msgstr ""
21302
21303
#: serverguide/C/backups.xml:244(para)
21304
msgid ""
21305
"For more in depth <application>crontab</application> options see <xref "
21306
"linkend=\"backup-shellscript-references\"/>."
21307
msgstr ""
21308
21309
#: serverguide/C/backups.xml:250(title)
21310
msgid "Restoring from the Archive"
21311
msgstr ""
21312
21313
#: serverguide/C/backups.xml:251(para)
21314
msgid ""
21315
"Once an archive has been created it is important to test the archive. The "
21316
"archive can be tested by listing the files it contains, but the best test is "
21317
"to <emphasis>restore</emphasis> a file from the archive."
21318
msgstr ""
21319
21320
#: serverguide/C/backups.xml:257(para)
21321
msgid "To see a listing of the archive contents. From a terminal prompt:"
21322
msgstr ""
21323
21324
#: serverguide/C/backups.xml:261(command)
21325
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
21326
msgstr ""
21327
21328
#: serverguide/C/backups.xml:265(para)
21329
msgid "To restore a file from the archive to a different directory enter:"
21330
msgstr ""
21331
21332
#: serverguide/C/backups.xml:269(command)
21333
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
21334
msgstr ""
21335
21336
#: serverguide/C/backups.xml:271(para)
21337
msgid ""
21338
"The <emphasis>-C</emphasis> option to <application>tar</application> "
21339
"redirects the extracted files to the specified directory. The above example "
21340
"will extract the <filename>/etc/hosts</filename> file to "
21341
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
21342
"recreates the directory structure that it contains."
21343
msgstr ""
21344
21345
#: serverguide/C/backups.xml:276(para)
21346
msgid ""
21347
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
21348
"the file to restore."
21349
msgstr ""
21350
21351
#: serverguide/C/backups.xml:281(para)
21352
msgid "To restore all files in the archive enter the following:"
21353
msgstr ""
21354
21355
#: serverguide/C/backups.xml:285(command)
21356
msgid "cd /"
21357
msgstr ""
21358
21359
#: serverguide/C/backups.xml:286(command)
21360
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
21361
msgstr ""
21362
21363
#: serverguide/C/backups.xml:291(para)
21364
msgid "This will overwrite the files currently on the file system."
21365
msgstr ""
21366
21367
#: serverguide/C/backups.xml:300(para)
21368
msgid ""
21369
"For more information on shell scripting see the <ulink "
21370
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
21371
msgstr ""
21372
21373
#: serverguide/C/backups.xml:305(para)
21374
msgid ""
21375
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
21376
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
21377
"great resource for shell scripting."
21378
msgstr ""
21379
21380
#: serverguide/C/backups.xml:311(para)
21381
msgid ""
21382
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
21383
"Wiki Page</ulink> contains details on advanced "
21384
"<application>cron</application> options."
21385
msgstr ""
21386
21387
#: serverguide/C/backups.xml:318(para)
21388
msgid ""
21389
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
21390
"tar Manual</ulink> for more <application>tar</application> options."
21391
msgstr ""
21392
21393
#: serverguide/C/backups.xml:324(para)
21394
msgid ""
21395
"The Wikipedia <ulink "
21396
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
21397
"Scheme</ulink> article contains information on other backup rotation schemes."
21398
msgstr ""
21399
21400
#: serverguide/C/backups.xml:330(para)
21401
msgid ""
21402
"The shell script uses <application>tar</application> to create the archive, "
21403
"but there many other command line utilities that can be used. For example:"
21404
msgstr ""
21405
21406
#: serverguide/C/backups.xml:336(para)
21407
msgid ""
21408
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
21409
"files to and from archives."
21410
msgstr ""
21411
21412
#: serverguide/C/backups.xml:341(para)
21413
msgid ""
21414
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
21415
"the <application>coreutils</application> package. A low level utility that "
21416
"can copy data from one format to another"
21417
msgstr ""
21418
21419
#: serverguide/C/backups.xml:347(para)
21420
msgid ""
21421
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
21422
"snap shot utility used to create copies of an entire file system."
21423
msgstr ""
21424
21425
#: serverguide/C/backups.xml:358(title)
21426
msgid "Archive Rotation"
21427
msgstr ""
21428
21429
#: serverguide/C/backups.xml:359(para)
21430
msgid ""
21431
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
21432
"allows for seven different archives. For a server whose data doesn't change "
21433
"often this may be enough. If the server has a large amount of data a more "
21434
"robust rotation scheme should be used."
21435
msgstr ""
21436
21437
#: serverguide/C/backups.xml:365(title)
21438
msgid "Rotating NFS Archives"
21439
msgstr ""
21440
21441
#: serverguide/C/backups.xml:366(para)
21442
msgid ""
21443
"In this section the shell script will be slightly modified to implement a "
21444
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
21445
msgstr ""
21446
21447
#: serverguide/C/backups.xml:372(para)
21448
msgid ""
21449
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
21450
"Friday."
21451
msgstr ""
21452
21453
#: serverguide/C/backups.xml:377(para)
21454
msgid ""
21455
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
21456
"weekly backups a month."
21457
msgstr ""
21458
21459
#: serverguide/C/backups.xml:382(para)
21460
msgid ""
21461
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
21462
"rotating two monthly backups based on if the month is odd or even."
21463
msgstr ""
21464
21465
#: serverguide/C/backups.xml:388(para)
21466
msgid "Here is the new script:"
21467
msgstr ""
21468
21469
#: serverguide/C/backups.xml:391(programlisting)
21470
#, no-wrap
21471
msgid ""
21472
"\n"
21473
"#!/bin/bash\n"
21474
"####################################\n"
21475
"#\n"
21476
"# Backup to NFS mount script with\n"
21477
"# grandfather-father-son rotation.\n"
21478
"#\n"
21479
"####################################\n"
21480
"\n"
21481
"# What to backup. \n"
21482
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
21483
"\n"
21484
"# Where to backup to.\n"
21485
"dest=\"/mnt/backup\"\n"
21486
"\n"
21487
"# Setup variables for the archive filename.\n"
21488
"day=$(date +%A)\n"
21489
"hostname=$(hostname -s)\n"
21490
"\n"
21491
"# Find which week of the month 1-4 it is.\n"
21492
"day_num=$(date +%d)\n"
21493
"if (( $day_num <= 7 )); then\n"
21494
" week_file=\"$hostname-week1.tgz\"\n"
21495
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
21496
" week_file=\"$hostname-week2.tgz\"\n"
21497
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
21498
" week_file=\"$hostname-week3.tgz\"\n"
21499
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
21500
" week_file=\"$hostname-week4.tgz\"\n"
21501
"fi\n"
21502
"\n"
21503
"# Find if the Month is odd or even.\n"
21504
"month_num=$(date +%m)\n"
21505
"month=$(expr $month_num % 2)\n"
21506
"if [ $month -eq 0 ]; then\n"
21507
" month_file=\"$hostname-month2.tgz\"\n"
21508
"else\n"
21509
" month_file=\"$hostname-month1.tgz\"\n"
21510
"fi\n"
21511
"\n"
21512
"# Create archive filename.\n"
21513
"if [ $day_num == 1 ]; then\n"
21514
"\tarchive_file=$month_file\n"
21515
"elif [ $day != \"Saturday\" ]; then\n"
21516
" archive_file=\"$hostname-$day.tgz\"\n"
21517
"else \n"
21518
"\tarchive_file=$week_file\n"
21519
"fi\n"
21520
"\n"
21521
"# Print start status message.\n"
21522
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
21523
"date\n"
21524
"echo\n"
21525
"\n"
21526
"# Backup the files using tar.\n"
21527
"tar czf $dest/$archive_file $backup_files\n"
21528
"\n"
21529
"# Print end status message.\n"
21530
"echo\n"
21531
"echo \"Backup finished\"\n"
21532
"date\n"
21533
"\n"
21534
"# Long listing of files in $dest to check file sizes.\n"
21535
"ls -lh $dest/\n"
21536
msgstr ""
21537
21538
#: serverguide/C/backups.xml:456(para)
21539
msgid ""
21540
"The script can be executed using the same methods as in <xref "
21541
"linkend=\"backup-executing-shellscript\"/>."
21542
msgstr ""
21543
21544
#: serverguide/C/backups.xml:459(para)
21545
msgid ""
21546
"It is good practice to take backup media off site in case of a disaster. In "
21547
"the shell script example the backup media is another server providing an NFS "
21548
"share. In all likelihood taking the NFS server to another location would not "
21549
"be practical. Depending upon connection speeds it may be an option to copy "
21550
"the archive file over a WAN link to a server in another location."
21551
msgstr ""
21552
21553
#: serverguide/C/backups.xml:465(para)
21554
msgid ""
21555
"Another option is to copy the archive file to an external hard drive which "
21556
"can then be taken off site. Since the price of external hard drives continue "
21557
"to decrease it may be cost affective to use two drives for each archive "
21558
"level. This would allow you to have one external drive attached to the "
21559
"backup server and one in another location."
21560
msgstr ""
21561
21562
#: serverguide/C/backups.xml:472(title)
21563
msgid "Tape Drives"
21564
msgstr ""
21565
21566
#: serverguide/C/backups.xml:473(para)
21567
msgid ""
21568
"A tape drive attached to the server can be used instead of a NFS share. "
21569
"Using a tape drive simplifies archive rotation, and taking the media off "
21570
"site as well."
21571
msgstr ""
21572
21573
#: serverguide/C/backups.xml:477(para)
21574
msgid ""
21575
"When using a tape drive the filename portions of the script aren't needed "
21576
"because the date is sent directly to the tape device. Some commands to "
21577
"manipulate the tape are needed. This is accomplished using "
21578
"<application>mt</application>, a magnetic tape control utility part of the "
21579
"<application>cpio</application> package."
21580
msgstr ""
21581
21582
#: serverguide/C/backups.xml:482(para)
21583
msgid "Here is the shell script modified to use a tape drive:"
21584
msgstr ""
21585
21586
#: serverguide/C/backups.xml:485(programlisting)
21587
#, no-wrap
21588
msgid ""
21589
"\n"
21590
"#!/bin/bash\n"
21591
"####################################\n"
21592
"#\n"
21593
"# Backup to tape drive script.\n"
21594
"#\n"
21595
"####################################\n"
21596
"\n"
21597
"# What to backup. \n"
21598
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
21599
"\n"
21600
"# Where to backup to.\n"
21601
"dest=\"/dev/st0\"\n"
21602
"\n"
21603
"# Print start status message.\n"
21604
"echo \"Backing up $backup_files to $dest\"\n"
21605
"date\n"
21606
"echo\n"
21607
"\n"
21608
"# Make sure the tape is rewound.\n"
21609
"mt -f $dest rewind\n"
21610
"\n"
21611
"# Backup the files using tar.\n"
21612
"tar czf $dest $backup_files\n"
21613
"\n"
21614
"# Rewind and eject the tape.\n"
21615
"mt -f $dest rewoffl\n"
21616
"\n"
21617
"# Print end status message.\n"
21618
"echo\n"
21619
"echo \"Backup finished\"\n"
21620
"date\n"
21621
msgstr ""
21622
21623
#: serverguide/C/backups.xml:519(para)
21624
msgid ""
21625
"The default device name for a SCSI tape drive is "
21626
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
21627
"system."
21628
msgstr ""
21629
21630
#: serverguide/C/backups.xml:524(para)
21631
msgid ""
21632
"Restoring from a tape drive is basically the same as restoring from a file. "
21633
"Simply rewind the tape and use the device path instead of a file path. For "
21634
"example to restore the <filename>/etc/hosts</filename> file to "
21635
"<filename>/tmp/etc/hosts</filename>:"
21636
msgstr ""
21637
21638
#: serverguide/C/backups.xml:529(command)
21639
msgid "mt -f /dev/st0 rewind"
21640
msgstr ""
21641
21642
#: serverguide/C/backups.xml:530(command)
21643
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
21644
msgstr ""
21645
21646
#: serverguide/C/backups.xml:535(title)
21647
msgid "Bacula"
21648
msgstr ""
21649
21650
#: serverguide/C/backups.xml:536(para)
21651
msgid ""
21652
"<application>Bacula</application> is a backup program enabling you to "
21653
"backup, restore, and verify data across your network. There are Bacula "
21654
"clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
21655
"wide solution."
21656
msgstr ""
21657
21658
#: serverguide/C/backups.xml:542(para)
21659
msgid ""
21660
"<application>Bacula</application> is made up of several components and "
21661
"services used to manage which files to backup and where to back them up to:"
21662
msgstr ""
21663
21664
#: serverguide/C/backups.xml:548(para)
21665
msgid ""
21666
"<application>Bacula Director:</application> a service that controls all "
21667
"backup, restore, verify, and archive operations."
21668
msgstr ""
21669
21670
#: serverguide/C/backups.xml:553(para)
21671
msgid ""
21672
"<application>Bacula Console:</application> an application allowing "
21673
"communication with the Director. There are three versions of the Console:"
21674
msgstr ""
21675
21676
#: serverguide/C/backups.xml:558(para)
21677
msgid "Text based command line version."
21678
msgstr ""
21679
21680
#: serverguide/C/backups.xml:559(para)
21681
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
21682
msgstr ""
21683
21684
#: serverguide/C/backups.xml:560(para)
21685
msgid "wxWidgets GUI interface."
21686
msgstr ""
21687
21688
#: serverguide/C/backups.xml:564(para)
21689
msgid ""
21690
"<application>Bacula File:</application> also known as the "
21691
"<application>Bacula Client</application> program. This application is "
21692
"installed on machines to be backed up, and is responsible for the data "
21693
"requested by the Director."
21694
msgstr ""
21695
21696
#: serverguide/C/backups.xml:570(para)
21697
msgid ""
21698
"<application>Bacula Storage:</application> the programs that perform the "
21699
"storage and recovery of data to the physical media."
21700
msgstr ""
21701
21702
#: serverguide/C/backups.xml:575(para)
21703
msgid ""
21704
"<application>Bacula Catalog:</application> is responsible for maintaining "
21705
"the file indexes and volume databases for all files backed up, enabling "
21706
"quick location and restoration of archived files. The Catalog supports three "
21707
"different databases MySQL, PostgreSQL, and SQLite."
21708
msgstr ""
21709
21710
#: serverguide/C/backups.xml:581(para)
21711
msgid ""
21712
"<application>Bacula Monitor:</application> allows the monitoring of the "
21713
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
21714
"available as a GTK+ GUI application."
21715
msgstr ""
21716
21717
#: serverguide/C/backups.xml:587(para)
21718
msgid ""
21719
"These services and applications can be run on multiple servers and clients, "
21720
"or they can be installed on one machine if backing up a single disk or "
21721
"volume."
21722
msgstr ""
21723
21724
#: serverguide/C/backups.xml:594(para)
21725
msgid ""
21726
"There are multiple packages containing the different "
21727
"<application>Bacula</application> components. To install Bacula, from a "
21728
"terminal prompt enter:"
21729
msgstr ""
21730
21731
#: serverguide/C/backups.xml:599(command)
21732
msgid "sudo apt-get install bacula"
21733
msgstr ""
21734
21735
#: serverguide/C/backups.xml:601(para)
21736
msgid ""
21737
"By default installing the <application>bacula</application> package will use "
21738
"a <application>MySQL</application> database for the Catalog. If you want to "
21739
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
21740
"director-sqlite3</application> or <application>bacula-director-"
21741
"pgsql</application> respectively."
21742
msgstr ""
21743
21744
#: serverguide/C/backups.xml:607(para)
21745
msgid ""
21746
"During the install process you will be asked to supply credentials for the "
21747
"database <emphasis>administrator</emphasis> and the "
21748
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
21749
"database administrator will need to have the appropriate rights to create a "
21750
"database, see <xref linkend=\"mysql\"/> for more information."
21751
msgstr ""
21752
21753
#: serverguide/C/backups.xml:617(para)
21754
msgid ""
21755
"<application>Bacula</application> configuration files are formatted based on "
21756
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
21757
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
21758
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
21759
"directory."
21760
msgstr ""
21761
21762
#: serverguide/C/backups.xml:622(para)
21763
msgid ""
21764
"The various <application>Bacula</application> components must authorize "
21765
"themselves to each other. This is accomplished using the "
21766
"<emphasis>password</emphasis> directive. For example, the "
21767
"<emphasis>Storage</emphasis> resource password in the "
21768
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
21769
"<emphasis>Director</emphasis> resource password in "
21770
"<filename>/etc/bacula/bacula-sd.conf</filename>."
21771
msgstr ""
21772
21773
#: serverguide/C/backups.xml:628(para)
21774
msgid ""
21775
"By default the backup job named <emphasis>Client1</emphasis> is configured "
21776
"to archive the <application>Bacula</application> Catalog. If you plan on "
21777
"using the server to backup more than one client you should change the name "
21778
"of this job to something more descriptive. To change the name edit "
21779
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
21780
msgstr ""
21781
21782
#: serverguide/C/backups.xml:633(programlisting)
21783
#, no-wrap
21784
msgid ""
21785
"\n"
21786
"#\n"
21787
"# Define the main nightly save backup job\n"
21788
"# By default, this job will back up to disk in \n"
21789
"Job {\n"
21790
" Name = \"BackupServer\"\n"
21791
" JobDefs = \"DefaultJob\"\n"
21792
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
21793
"}\n"
21794
msgstr ""
21795
21796
#: serverguide/C/backups.xml:644(para)
21797
msgid ""
21798
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
21799
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
21800
"your appropriate hostname, or other descriptive name."
21801
msgstr ""
21802
21803
#: serverguide/C/backups.xml:649(para)
21804
msgid ""
21805
"The <emphasis>Console</emphasis> can be used to query the "
21806
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
21807
"<emphasis>non-root</emphasis> user, the user needs to be in the "
21808
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
21809
"the following from a terminal:"
21810
msgstr ""
21811
21812
#: serverguide/C/backups.xml:655(command)
21813
msgid "sudo adduser $username bacula"
21814
msgstr ""
21815
21816
#: serverguide/C/backups.xml:658(para)
21817
msgid ""
21818
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
21819
"you are adding the current user to the group you should log out and back in "
21820
"for the new permissions to take effect."
21821
msgstr ""
21822
21823
#: serverguide/C/backups.xml:665(title)
21824
msgid "Localhost Backup"
21825
msgstr ""
21826
21827
#: serverguide/C/backups.xml:666(para)
21828
msgid ""
21829
"This section describes how to backup specified directories on a single host "
21830
"to a local tape drive."
21831
msgstr ""
21832
21833
#: serverguide/C/backups.xml:671(para)
21834
msgid ""
21835
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
21836
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
21837
msgstr ""
21838
21839
#: serverguide/C/backups.xml:674(programlisting)
21840
#, no-wrap
21841
msgid ""
21842
"\n"
21843
"Device {\n"
21844
" Name = \"Tape Drive\"\n"
21845
" Device Type = tape\n"
21846
" Media Type = DDS-4\n"
21847
" Archive Device = /dev/st0\n"
21848
" Hardware end of medium = No;\n"
21849
" AutomaticMount = yes; # when device opened, read it\n"
21850
" AlwaysOpen = Yes;\n"
21851
" RemovableMedia = yes;\n"
21852
" RandomAccess = no;\n"
21853
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
21854
"}\n"
21855
msgstr ""
21856
21857
#: serverguide/C/backups.xml:688(para)
21858
msgid ""
21859
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
21860
"Type and Archive Device to match your hardware."
21861
msgstr ""
21862
21863
#: serverguide/C/backups.xml:691(para)
21864
msgid "You could also uncomment one of the other examples in the file."
21865
msgstr ""
21866
21867
#: serverguide/C/backups.xml:696(para)
21868
msgid ""
21869
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
21870
"<application>Storage</application> daemon will need to be restarted:"
21871
msgstr ""
21872
21873
#: serverguide/C/backups.xml:701(command)
21874
msgid "sudo /etc/init.d/bacula-sd restart"
21875
msgstr ""
21876
21877
#: serverguide/C/backups.xml:705(para)
21878
msgid ""
21879
"Now add a <emphasis>Storage</emphasis> resource in "
21880
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
21881
msgstr ""
21882
21883
#: serverguide/C/backups.xml:708(programlisting)
21884
#, no-wrap
21885
msgid ""
21886
"\n"
21887
"# Definition of \"Tape Drive\" storage device\n"
21888
"Storage {\n"
21889
" Name = TapeDrive\n"
21890
" # Do not use \"localhost\" here \n"
21891
" Address = backupserver # N.B. Use a fully qualified name "
21892
"here\n"
21893
" SDPort = 9103\n"
21894
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
21895
" Device = \"Tape Drive\"\n"
21896
" Media Type = tape\n"
21897
"}\n"
21898
msgstr ""
21899
21900
#: serverguide/C/backups.xml:720(para)
21901
msgid ""
21902
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
21903
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
21904
"to the actual host name."
21905
msgstr ""
21906
21907
#: serverguide/C/backups.xml:724(para)
21908
msgid ""
21909
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
21910
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
21911
msgstr ""
21912
21913
#: serverguide/C/backups.xml:730(para)
21914
msgid ""
21915
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
21916
"directories to backup, by adding:"
21917
msgstr ""
21918
21919
#: serverguide/C/backups.xml:733(programlisting)
21920
#, no-wrap
21921
msgid ""
21922
"\n"
21923
"# LocalhostBacup FileSet.\n"
21924
"FileSet {\n"
21925
" Name = \"LocalhostFiles\"\n"
21926
" Include {\n"
21927
" Options {\n"
21928
" signature = MD5\n"
21929
" compression=GZIP\n"
21930
" }\n"
21931
" File = /etc\n"
21932
" File = /home\n"
21933
" }\n"
21934
"}\n"
21935
msgstr ""
21936
21937
#: serverguide/C/backups.xml:747(para)
21938
msgid ""
21939
"This <emphasis>FileSet</emphasis> will backup the <filename "
21940
"role=\"directory\">/etc</filename> and <filename "
21941
"role=\"directory\">/home</filename> directories. The "
21942
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
21943
"create a MD5 signature for each file backed up, and to compress the files "
21944
"using GZIP."
21945
msgstr ""
21946
21947
#: serverguide/C/backups.xml:754(para)
21948
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
21949
msgstr ""
21950
21951
#: serverguide/C/backups.xml:757(programlisting)
21952
#, no-wrap
21953
msgid ""
21954
"\n"
21955
"# LocalhostBackup Schedule -- Daily.\n"
21956
"Schedule {\n"
21957
" Name = \"LocalhostDaily\"\n"
21958
" Run = Full daily at 00:01\n"
21959
"}\n"
21960
msgstr ""
21961
21962
#: serverguide/C/backups.xml:764(para)
21963
msgid ""
21964
"The job will run every day at 00:01 or 12:01 am. There are many other "
21965
"scheduling options available."
21966
msgstr ""
21967
21968
#: serverguide/C/backups.xml:769(para)
21969
msgid "Finally create the <emphasis>Job</emphasis>:"
21970
msgstr ""
21971
21972
#: serverguide/C/backups.xml:772(programlisting)
21973
#, no-wrap
21974
msgid ""
21975
"\n"
21976
"# Localhost backup.\n"
21977
"Job {\n"
21978
" Name = \"LocalhostBackup\"\n"
21979
" JobDefs = \"DefaultJob\"\n"
21980
" Enabled = yes\n"
21981
" Level = Full\n"
21982
" FileSet = \"LocalhostFiles\"\n"
21983
" Schedule = \"LocalhostDaily\"\n"
21984
" Storage = TapeDrive\n"
21985
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
21986
"} \n"
21987
msgstr ""
21988
21989
#: serverguide/C/backups.xml:785(para)
21990
msgid ""
21991
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
21992
"drive."
21993
msgstr ""
21994
21995
#: serverguide/C/backups.xml:790(para)
21996
msgid ""
21997
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
21998
"current tape does not have a label <application>Bacula</application> will "
21999
"send an email letting you know. To label a tape using the "
22000
"<application>Console</application> enter the following from a terminal:"
22001
msgstr ""
22002
22003
#: serverguide/C/backups.xml:796(command)
22004
msgid "bconsole"
22005
msgstr ""
22006
22007
#: serverguide/C/backups.xml:800(para)
22008
msgid "At the Bacula Console prompt enter:"
22009
msgstr ""
22010
22011
#: serverguide/C/backups.xml:804(command)
22012
msgid "label"
22013
msgstr ""
22014
22015
#: serverguide/C/backups.xml:808(para)
22016
msgid ""
22017
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
22018
msgstr ""
22019
22020
#: serverguide/C/backups.xml:818(userinput)
22021
#, no-wrap
22022
msgid "2"
22023
msgstr ""
22024
22025
#: serverguide/C/backups.xml:812(computeroutput)
22026
#, no-wrap
22027
msgid ""
22028
"\n"
22029
"Automatically selected Catalog: MyCatalog\n"
22030
"Using Catalog \"MyCatalog\"\n"
22031
"The defined Storage resources are:\n"
22032
" 1: File\n"
22033
" 2: TapeDrive\n"
22034
"Select Storage resource (1-2):<placeholder-1/>\n"
22035
msgstr ""
22036
22037
#: serverguide/C/backups.xml:823(para)
22038
msgid "Enter the new <emphasis>Volume</emphasis> name:"
22039
msgstr ""
22040
22041
#: serverguide/C/backups.xml:828(userinput)
22042
#, no-wrap
22043
msgid "Sunday"
22044
msgstr ""
22045
22046
#: serverguide/C/backups.xml:827(computeroutput)
22047
#, no-wrap
22048
msgid ""
22049
"\n"
22050
"Enter new Volume name: <placeholder-1/>\n"
22051
"Defined Pools:\n"
22052
" 1: Default\n"
22053
" 2: Scratch"
22054
msgstr ""
22055
22056
#: serverguide/C/backups.xml:833(para)
22057
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
22058
msgstr ""
22059
22060
#: serverguide/C/backups.xml:838(para)
22061
msgid "Now, select the <emphasis>Pool</emphasis>:"
22062
msgstr ""
22063
22064
#: serverguide/C/backups.xml:843(userinput)
22065
#, no-wrap
22066
msgid "1"
22067
msgstr ""
22068
22069
#: serverguide/C/backups.xml:842(computeroutput)
22070
#, no-wrap
22071
msgid ""
22072
"\n"
22073
"Select the Pool (1-2): <placeholder-1/>\n"
22074
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
22075
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
22076
msgstr ""
22077
22078
#: serverguide/C/backups.xml:850(para)
22079
msgid ""
22080
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
22081
"backup the localhost to an attached tape drive."
22082
msgstr ""
22083
22084
#: serverguide/C/backups.xml:858(para)
22085
msgid ""
22086
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
22087
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
22088
"Manual</ulink>"
22089
msgstr ""
22090
22091
#: serverguide/C/backups.xml:864(para)
22092
msgid ""
22093
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
22094
"the latest Bacula news and developments."
22095
msgstr ""
22096
22097
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
22098
#: serverguide/C/backups.xml:0(None)
22099
msgid "translator-credits"
22100
msgstr ""
22101
"Launchpad Contributions:\n"
22102
" Michael Moroni https://launchpad.net/~haikara90"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1