3301
#: serverguide/C/vpn.xml:13(title)
3305
#: serverguide/C/vpn.xml:15(para)
3307
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3308
"network connection between two or more networks. There are several ways to "
3309
"create a VPN using software as well as dedicated hardware appliances. This "
3310
"chapter will cover installing and configuring "
3311
"<application>OpenVPN</application> to create a VPN between two servers."
3314
#: serverguide/C/vpn.xml:23(title)
3318
#: serverguide/C/vpn.xml:25(para)
3320
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3321
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3322
"clients through a bridge interface on the VPN server. This guide will assume "
3323
"that one VPN node, the server in this case, has a bridge interface "
3324
"configured. For more information on setting up a bridge see <xref "
3325
"linkend=\"bridging\"/>."
3328
#: serverguide/C/vpn.xml:35(para)
3329
msgid "To install <application>openvpn</application> in a terminal enter:"
3332
#: serverguide/C/vpn.xml:41(command)
3333
msgid "sudo apt-get install openvpn"
3336
#: serverguide/C/vpn.xml:45(title)
3337
msgid "Server Certificates"
3340
#: serverguide/C/vpn.xml:47(para)
3342
"Now that the <application>openvpn</application> package is installed, the "
3343
"certificates for the VPN server need to be created."
3346
#: serverguide/C/vpn.xml:52(para)
3348
"First, copy the <filename>easy-rsa</filename> directory to "
3349
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3350
"scripts will not be lost when the package is updated. From a terminal enter:"
3353
#: serverguide/C/vpn.xml:58(command)
3354
msgid "sudo mkdir /etc/openvpn/easy-rsa/"
3357
#: serverguide/C/vpn.xml:59(command)
3359
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/"
3362
#: serverguide/C/vpn.xml:62(para)
3364
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3365
"following to your environment:"
3368
#: serverguide/C/vpn.xml:66(programlisting)
3372
"export KEY_COUNTRY=\"US\"\n"
3373
"export KEY_PROVINCE=\"NC\"\n"
3374
"export KEY_CITY=\"Winston-Salem\"\n"
3375
"export KEY_ORG=\"Example Company\"\n"
3376
"export KEY_EMAIL=\"steve@example.com\"\n"
3379
#: serverguide/C/vpn.xml:74(para)
3380
msgid "Enter the following to create the server certificates:"
3383
#: serverguide/C/vpn.xml:79(command)
3384
msgid "cd /etc/openvpn/easy-rsa/easy-rsa"
3387
#: serverguide/C/vpn.xml:80(command) serverguide/C/vpn.xml:101(command)
3391
#: serverguide/C/vpn.xml:81(command)
3395
#: serverguide/C/vpn.xml:82(command)
3399
#: serverguide/C/vpn.xml:83(command)
3400
msgid "./pkitool --initca"
3403
#: serverguide/C/vpn.xml:84(command)
3404
msgid "./pkitool --server server"
3407
#: serverguide/C/vpn.xml:85(command)
3411
#: serverguide/C/vpn.xml:86(command)
3412
msgid "openvpn --genkey --secret ta.key"
3415
#: serverguide/C/vpn.xml:87(command)
3416
msgid "sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/"
3419
#: serverguide/C/vpn.xml:92(title)
3420
msgid "Client Certificates"
3423
#: serverguide/C/vpn.xml:94(para)
3425
"The VPN client will also need a certificate to authenticate itself to the "
3426
"server. To create the certificate, enter the following in a terminal:"
3429
#: serverguide/C/vpn.xml:100(command)
3430
msgid "cd /etc/openvpn/easy-rsa/"
3433
#: serverguide/C/vpn.xml:102(command)
3434
msgid "./pkitool hostname"
3437
#: serverguide/C/vpn.xml:106(para)
3439
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3440
"machine connecting to the VPN."
3443
#: serverguide/C/vpn.xml:111(para)
3444
msgid "Copy the following files to the client:"
3447
#: serverguide/C/vpn.xml:116(para)
3448
msgid "/etc/openvpn/easy-rsa/hostname.ovpn"
3451
#: serverguide/C/vpn.xml:117(para)
3452
msgid "/etc/openvpn/easy-rsa/ca.crt"
3455
#: serverguide/C/vpn.xml:118(para)
3456
msgid "/etc/openvpn/easy-rsa/hostname.crt"
3459
#: serverguide/C/vpn.xml:119(para)
3460
msgid "/etc/openvpn/easy-rsa/hostname.key"
3463
#: serverguide/C/vpn.xml:120(para)
3464
msgid "/etc/openvpn/easy-rsa/ta.key"
3467
#: serverguide/C/vpn.xml:124(para)
3469
"Remember to adjust the above file names for your client machine's "
3470
"<emphasis>hostname</emphasis>."
3473
#: serverguide/C/vpn.xml:129(para)
3475
"It is best to use a secure method to copy the certificate and key files. The "
3476
"<application>scp</application> utility is a good choice, but copying the "
3477
"files to removable media then to the client, also works well."
3480
#: serverguide/C/vpn.xml:140(title) serverguide/C/vcs.xml:107(title)
3481
msgid "Server Configuration"
3484
#: serverguide/C/vpn.xml:142(para)
3486
"Now configure the <application>openvpn</application> server by creating "
3487
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3491
#: serverguide/C/vpn.xml:148(command)
3493
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3497
#: serverguide/C/vpn.xml:149(command)
3498
msgid "sudo gzip -d /etc/openvpn/server.conf.gz"
3501
#: serverguide/C/vpn.xml:152(para)
3503
"Edit <filename>etc/openvpn/server.conf</filename> changing the following "
3507
#: serverguide/C/vpn.xml:156(programlisting)
3511
"local 172.18.100.101\n"
3513
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3514
"push \"route 172.18.100.1 255.255.255.0\"\n"
3515
"push \"dhcp-option DNS 172.18.100.20\"\n"
3516
"push \"dhcp-option DOMAIN example.com\"\n"
3517
"tls-auth ta.key 0 # This file is secret\n"
3522
#: serverguide/C/vpn.xml:170(para)
3524
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
3527
#: serverguide/C/vpn.xml:175(para)
3529
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3530
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3531
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3532
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3536
#: serverguide/C/vpn.xml:182(para)
3538
"<emphasis>push</emphasis>: are directives to add networking options for "
3542
#: serverguide/C/vpn.xml:187(para)
3544
"<emphasis>user and group</emphasis>: configure which user and group the "
3545
"<application>openvpn</application> daemon executes as."
3548
#: serverguide/C/vpn.xml:194(para)
3550
"Replace all IP addresses and domain names above with those of your network."
3553
#: serverguide/C/vpn.xml:199(para)
3555
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3556
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3559
#: serverguide/C/vpn.xml:203(programlisting)
3568
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3569
"/usr/sbin/brctl addif $BR $DEV\n"
3572
#: serverguide/C/vpn.xml:213(para)
3573
msgid "And <filename>/etc/openvpn/down.sh</filename>:"
3576
#: serverguide/C/vpn.xml:217(programlisting)
3585
"/usr/sbin/brctl delif $BR $DEV\n"
3586
"/sbin/ifconfig $DEV down\n"
3589
#: serverguide/C/vpn.xml:227(para)
3590
msgid "Then make them executable:"
3593
#: serverguide/C/vpn.xml:232(command)
3594
msgid "sudo chmod 755 /etc/openvpn/down.sh"
3597
#: serverguide/C/vpn.xml:233(command)
3598
msgid "sudo chmod 755 /etc/openvpn/up.sh"
3601
#: serverguide/C/vpn.xml:236(para)
3603
"After configuring the server, restart <application>openvpn</application> by "
3607
#: serverguide/C/vpn.xml:241(command) serverguide/C/vpn.xml:281(command)
3608
msgid "sudo /etc/init.d/openvpn restart"
3611
#: serverguide/C/vpn.xml:246(title)
3612
msgid "Client Configuration"
3615
#: serverguide/C/vpn.xml:248(para)
3617
"With the server configured and the client certificates copied over, create a "
3618
"client configuration file by copying the example. In a terminal on the "
3619
"client machine enter:"
3622
#: serverguide/C/vpn.xml:254(command)
3624
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3628
#: serverguide/C/vpn.xml:257(para)
3630
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3631
"following options:"
3634
#: serverguide/C/vpn.xml:261(programlisting)
3639
"remote vpn.example.com 1194\n"
3640
"cert hostname.crt\n"
3641
"key hostname.key\n"
3642
"tls-auth ta.key 1\n"
3645
#: serverguide/C/vpn.xml:270(para)
3647
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3648
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3652
#: serverguide/C/vpn.xml:276(para)
3653
msgid "Finally, restart <application>openvpn</application>:"
3656
#: serverguide/C/vpn.xml:284(para)
3657
msgid "You should now be able to connect to the remote LAN through the VPN."
3660
#: serverguide/C/vpn.xml:295(para)
3662
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3663
"additional information."
3666
#: serverguide/C/vpn.xml:300(para)
3668
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3669
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
3253
3672
#: serverguide/C/virtualization.xml:13(title)
3254
3673
msgid "Virtualization"
4009
4428
"192.168.0.0/255 is usually a good choice."
4012
#: serverguide/C/virtualization.xml:625(para) serverguide/C/jeos.xml:244(para)
4431
#: serverguide/C/virtualization.xml:625(para)
4013
4432
msgid "To do this we'll use the following parameters:"
4016
#: serverguide/C/virtualization.xml:631(para) serverguide/C/jeos.xml:250(para)
4435
#: serverguide/C/virtualization.xml:631(para)
4018
4437
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4019
4438
"dhcp if not specified)"
4022
#: serverguide/C/virtualization.xml:636(para) serverguide/C/jeos.xml:255(para)
4441
#: serverguide/C/virtualization.xml:636(para)
4024
4443
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4025
4444
"255.255.255.0)"
4028
#: serverguide/C/virtualization.xml:641(para) serverguide/C/jeos.xml:260(para)
4447
#: serverguide/C/virtualization.xml:641(para)
4029
4448
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
4032
#: serverguide/C/virtualization.xml:646(para) serverguide/C/jeos.xml:265(para)
4451
#: serverguide/C/virtualization.xml:646(para)
4033
4452
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
4036
#: serverguide/C/virtualization.xml:651(para) serverguide/C/jeos.xml:270(para)
4455
#: serverguide/C/virtualization.xml:651(para)
4037
4456
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
4040
#: serverguide/C/virtualization.xml:656(para) serverguide/C/jeos.xml:275(para)
4459
#: serverguide/C/virtualization.xml:656(para)
4042
4461
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4045
#: serverguide/C/virtualization.xml:662(para) serverguide/C/jeos.xml:281(para)
4464
#: serverguide/C/virtualization.xml:662(para)
4047
4466
"We assume for now that default values are good enough, so the resulting "
4048
4467
"invocation becomes:"
4051
#: serverguide/C/virtualization.xml:667(command) serverguide/C/jeos.xml:286(command)
4470
#: serverguide/C/virtualization.xml:667(command)
4053
"sudo vmbuilder kvm ubuntu --suite jaunty --flavour virtual --arch i386 -o --"
4472
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4054
4473
"libvirt qemu:///system --ip 192.168.0.100"
4057
#: serverguide/C/virtualization.xml:672(title) serverguide/C/jeos.xml:291(title)
4476
#: serverguide/C/virtualization.xml:672(title)
4058
4477
msgid "Modifying the libvirt Template to use Bridging"
4061
#: serverguide/C/virtualization.xml:674(para) serverguide/C/jeos.xml:293(para)
4480
#: serverguide/C/virtualization.xml:674(para)
4063
4482
"Because our appliance will be likely to need to be accessed by remote hosts, "
4064
4483
"we need to configure libvirt so that the appliance uses bridge networking. "
4065
4484
"To do this we use vmbuilder template mechanism to modify the default one."
4068
#: serverguide/C/virtualization.xml:679(para) serverguide/C/jeos.xml:298(para)
4487
#: serverguide/C/virtualization.xml:679(para)
4070
4489
"In our working directory we create the template hierarchy and copy the "
4071
4490
"default template:"
4074
#: serverguide/C/virtualization.xml:684(command) serverguide/C/jeos.xml:303(command)
4493
#: serverguide/C/virtualization.xml:684(command)
4075
4494
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4078
#: serverguide/C/virtualization.xml:685(command) serverguide/C/jeos.xml:304(command)
4497
#: serverguide/C/virtualization.xml:685(command)
4079
4498
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4082
#: serverguide/C/virtualization.xml:688(para) serverguide/C/jeos.xml:307(para)
4501
#: serverguide/C/virtualization.xml:688(para)
4084
4503
"We can then edit "
4085
4504
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4089
#: serverguide/C/virtualization.xml:692(programlisting) serverguide/C/jeos.xml:311(programlisting)
4508
#: serverguide/C/virtualization.xml:692(programlisting)
9728
10160
"The main configuration file, "
9729
10161
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
9730
"main options being which VCS and which package management system to use. By "
9731
"default <application>etckeeper</application> is configured to use "
9732
"<application>bzr</application> for version control, "
9733
"<application>apt</application> for high level package mangement, and "
9734
"<application>dpkg</application> for low level package management."
9737
#: serverguide/C/other-apps.xml:200(para)
10162
"main option is which VCS to use. By default "
10163
"<application>etckeeper</application> is configured to use "
10164
"<application>bzr</application> for version control. The repository is "
10165
"automatically initialized (and committed for the first time) during package "
10166
"installation. It is possible to undo this by entering the following command:"
10169
#: serverguide/C/other-apps.xml:203(command)
10170
msgid "sudo etckeeper uninit"
10173
#: serverguide/C/other-apps.xml:206(para)
9739
"With the package installed, it is time to initialize the repository. In a "
9743
#: serverguide/C/other-apps.xml:205(command)
9744
msgid "sudo etckeeper init"
9747
#: serverguide/C/other-apps.xml:208(para)
9748
msgid "Next, commit the files to the repository:"
9751
#: serverguide/C/other-apps.xml:213(command)
9752
msgid "sudo etckeeper commit \"initial import\""
9755
#: serverguide/C/other-apps.xml:216(para)
10175
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
10176
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
10177
"It will also automatically commit changes before and after package "
10178
"installation. For a more precise tracking of changes, it is recommended to "
10179
"commit your changes manually, together with a commit message, using:"
10182
#: serverguide/C/other-apps.xml:215(command)
10183
msgid "sudo etckeeper commit \"..Reason for configuration change..\""
10186
#: serverguide/C/other-apps.xml:218(para)
9757
10188
"Using the VCS commands you can view log information about files in "
9758
10189
"<filename>/etc</filename>:"
9761
#: serverguide/C/other-apps.xml:221(command)
9762
msgid "sudo bzr log /etc/passswd"
10192
#: serverguide/C/other-apps.xml:223(command)
10193
msgid "sudo bzr log /etc/passwd"
9765
#: serverguide/C/other-apps.xml:224(para)
10196
#: serverguide/C/other-apps.xml:226(para)
9767
10198
"To demonstrate the integration with the package management system, install "
9768
10199
"<application>postfix</application>:"
9771
#: serverguide/C/other-apps.xml:229(command) serverguide/C/mail.xml:38(command)
10202
#: serverguide/C/other-apps.xml:231(command) serverguide/C/mail.xml:45(command)
9772
10203
msgid "sudo apt-get install postfix"
9775
#: serverguide/C/other-apps.xml:232(para)
10206
#: serverguide/C/other-apps.xml:234(para)
9777
10208
"When the installation is finished, all the "
9778
10209
"<application>postfix</application> configuration files should be committed "
9779
10210
"to the repository:"
9782
#: serverguide/C/other-apps.xml:238(computeroutput)
10213
#: serverguide/C/other-apps.xml:240(computeroutput)
9785
10216
"Committing to: /etc/\n"
12012
12430
"LDAP. To install the packages from, a terminal prompt enter:"
12015
#: serverguide/C/network-auth.xml:899(command)
12433
#: serverguide/C/network-auth.xml:912(command)
12016
12434
msgid "sudo apt-get install libnss-ldap"
12019
#: serverguide/C/network-auth.xml:902(para)
12437
#: serverguide/C/network-auth.xml:915(para)
12021
12439
"During the install a menu dialog will ask you connection details about your "
12022
12440
"LDAP server."
12025
#: serverguide/C/network-auth.xml:906(para)
12443
#: serverguide/C/network-auth.xml:919(para)
12027
12445
"If you make a mistake when entering your information you can execute the "
12028
12446
"dialog again using:"
12031
#: serverguide/C/network-auth.xml:911(command)
12449
#: serverguide/C/network-auth.xml:924(command)
12032
12450
msgid "sudo dpkg-reconfigure ldap-auth-config"
12035
#: serverguide/C/network-auth.xml:914(para)
12453
#: serverguide/C/network-auth.xml:927(para)
12037
12455
"The results of the dialog can be seen in "
12038
12456
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
12039
12457
"covered in the menu edit this file accordingly."
12042
#: serverguide/C/network-auth.xml:919(para)
12460
#: serverguide/C/network-auth.xml:932(para)
12044
12462
"Now that <application>libnss-ldap</application> is configured enable the "
12045
12463
"<application>auth-client-config</application> LDAP profile by entering:"
12048
#: serverguide/C/network-auth.xml:925(command)
12466
#: serverguide/C/network-auth.xml:938(command)
12049
12467
msgid "sudo auth-client-config -t nss -p lac_ldap"
12052
#: serverguide/C/network-auth.xml:930(para)
12470
#: serverguide/C/network-auth.xml:943(para)
12054
12472
"<emphasis>-t:</emphasis> only modifies "
12055
12473
"<filename>/etc/nsswitch.conf</filename>."
12058
#: serverguide/C/network-auth.xml:935(para)
12476
#: serverguide/C/network-auth.xml:948(para)
12059
12477
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
12062
#: serverguide/C/network-auth.xml:940(para)
12480
#: serverguide/C/network-auth.xml:953(para)
12064
12482
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
12065
12483
"config</application> profile that is part of the <application>ldap-auth-"
12066
12484
"config</application> package."
12069
#: serverguide/C/network-auth.xml:947(para)
12487
#: serverguide/C/network-auth.xml:960(para)
12071
12489
"Using the <application>pam-auth-update</application> utility, configure the "
12072
12490
"system to use LDAP for authentication:"
12075
#: serverguide/C/network-auth.xml:952(command)
12493
#: serverguide/C/network-auth.xml:965(command)
12076
12494
msgid "sudo pam-auth-update"
12079
#: serverguide/C/network-auth.xml:955(para)
12497
#: serverguide/C/network-auth.xml:968(para)
12081
12499
"From the <application>pam-auth-update</application> menu, choose LDAP and "
12082
12500
"any other authentication mechanisms you need."
12085
#: serverguide/C/network-auth.xml:959(para)
12503
#: serverguide/C/network-auth.xml:972(para)
12087
12505
"You should now be able to login using user credentials stored in the LDAP "
12091
#: serverguide/C/network-auth.xml:964(para)
12509
#: serverguide/C/network-auth.xml:977(para)
12093
12511
"If you are going to use LDAP to store Samba users you will need to configure "
12094
12512
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
12095
12513
"for details."
12098
#: serverguide/C/network-auth.xml:972(title)
12516
#: serverguide/C/network-auth.xml:985(title)
12099
12517
msgid "User and Group Management"
12102
#: serverguide/C/network-auth.xml:974(para)
12520
#: serverguide/C/network-auth.xml:987(para)
12104
12522
"The <application>ldap-utils</application> package comes with multiple "
12105
12523
"utilities to manage the directory, but the long string of options needed, "
12138
12556
"MIDSTART=10000\n"
12141
#: serverguide/C/network-auth.xml:1006(para)
12559
#: serverguide/C/network-auth.xml:1019(para)
12143
12561
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
12144
12562
"authenticated access to the directory:"
12147
#: serverguide/C/network-auth.xml:1011(command)
12565
#: serverguide/C/network-auth.xml:1024(command)
12149
12567
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
12152
#: serverguide/C/network-auth.xml:1012(command)
12570
#: serverguide/C/network-auth.xml:1025(command)
12153
12571
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
12156
#: serverguide/C/network-auth.xml:1016(para)
12574
#: serverguide/C/network-auth.xml:1029(para)
12158
12576
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
12162
#: serverguide/C/network-auth.xml:1021(para)
12580
#: serverguide/C/network-auth.xml:1034(para)
12164
12582
"The <application>ldapscripts</application> are now ready to help manage your "
12165
12583
"directory. The following are some examples of how to use the scripts:"
12168
#: serverguide/C/network-auth.xml:1028(para)
12586
#: serverguide/C/network-auth.xml:1041(para)
12169
12587
msgid "Create a new user:"
12172
#: serverguide/C/network-auth.xml:1032(command)
12590
#: serverguide/C/network-auth.xml:1045(command)
12173
12591
msgid "sudo ldapadduser george example"
12176
#: serverguide/C/network-auth.xml:1034(para)
12594
#: serverguide/C/network-auth.xml:1047(para)
12178
12596
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
12179
12597
"and set the user's primary group (gid) to <emphasis "
12180
12598
"role=\"italic\">example</emphasis>"
12183
#: serverguide/C/network-auth.xml:1040(para)
12601
#: serverguide/C/network-auth.xml:1053(para)
12184
12602
msgid "Change a user's password:"
12187
#: serverguide/C/network-auth.xml:1044(command)
12605
#: serverguide/C/network-auth.xml:1057(command)
12188
12606
msgid "sudo ldapsetpasswd george"
12191
#: serverguide/C/network-auth.xml:1045(computeroutput)
12609
#: serverguide/C/network-auth.xml:1058(computeroutput)
12193
12611
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
12196
#: serverguide/C/network-auth.xml:1046(userinput)
12614
#: serverguide/C/network-auth.xml:1059(userinput)
12198
12616
msgid "New Password: "
12201
#: serverguide/C/network-auth.xml:1047(userinput)
12619
#: serverguide/C/network-auth.xml:1060(userinput)
12203
12621
msgid "New Password (verify): "
12206
#: serverguide/C/network-auth.xml:1051(para)
12624
#: serverguide/C/network-auth.xml:1064(para)
12207
12625
msgid "Delete a user:"
12210
#: serverguide/C/network-auth.xml:1055(command)
12628
#: serverguide/C/network-auth.xml:1068(command)
12211
12629
msgid "sudo ldapdeleteuser george"
12214
#: serverguide/C/network-auth.xml:1060(para)
12632
#: serverguide/C/network-auth.xml:1073(para)
12215
12633
msgid "Add a group:"
12218
#: serverguide/C/network-auth.xml:1064(command)
12636
#: serverguide/C/network-auth.xml:1077(command)
12219
12637
msgid "sudo ldapaddgroup qa"
12222
#: serverguide/C/network-auth.xml:1068(para)
12640
#: serverguide/C/network-auth.xml:1081(para)
12223
12641
msgid "Delete a group:"
12226
#: serverguide/C/network-auth.xml:1072(command)
12644
#: serverguide/C/network-auth.xml:1085(command)
12227
12645
msgid "sudo ldapdeletegroup qa"
12230
#: serverguide/C/network-auth.xml:1076(para)
12648
#: serverguide/C/network-auth.xml:1089(para)
12231
12649
msgid "Add a user to a group:"
12234
#: serverguide/C/network-auth.xml:1080(command)
12652
#: serverguide/C/network-auth.xml:1093(command)
12235
12653
msgid "sudo ldapaddusertogroup george qa"
12238
#: serverguide/C/network-auth.xml:1082(para)
12656
#: serverguide/C/network-auth.xml:1095(para)
12240
12658
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
12241
12659
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
12242
12660
"role=\"italic\">george</emphasis>."
12245
#: serverguide/C/network-auth.xml:1088(para)
12663
#: serverguide/C/network-auth.xml:1101(para)
12246
12664
msgid "Remove a user from a group:"
12249
#: serverguide/C/network-auth.xml:1092(command)
12667
#: serverguide/C/network-auth.xml:1105(command)
12250
12668
msgid "sudo ldapdeleteuserfromgroup george qa"
12253
#: serverguide/C/network-auth.xml:1094(para)
12671
#: serverguide/C/network-auth.xml:1107(para)
12255
12673
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
12256
12674
"<emphasis role=\"italic\">qa</emphasis> group."
12259
#: serverguide/C/network-auth.xml:1100(para)
12677
#: serverguide/C/network-auth.xml:1113(para)
12261
12679
"The <application>ldapmodifyuser</application> script allows you to add, "
12262
12680
"remove, or replace a user's attributes. The script uses the same syntax as "
12263
12681
"the <application>ldapmodify</application> utility. For example:"
12266
#: serverguide/C/network-auth.xml:1105(command)
12684
#: serverguide/C/network-auth.xml:1118(command)
12267
12685
msgid "sudo ldapmodifyuser george"
12270
#: serverguide/C/network-auth.xml:1106(computeroutput)
12688
#: serverguide/C/network-auth.xml:1119(computeroutput)
12273
12691
"# About to modify the following entry :\n"
13170
13592
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
13173
#: serverguide/C/network-auth.xml:1897(para)
13595
#: serverguide/C/network-auth.xml:1910(para)
13175
13597
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
13176
13598
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
13180
#: serverguide/C/network-auth.xml:1903(para)
13602
#: serverguide/C/network-auth.xml:1916(para)
13182
13604
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
13185
#: serverguide/C/network-auth.xml:1910(para)
13607
#: serverguide/C/network-auth.xml:1923(para)
13186
13608
msgid "Your new Kerberos Realm is now ready to authenticate clients."
13189
#: serverguide/C/network-auth.xml:1917(title)
13611
#: serverguide/C/network-auth.xml:1930(title)
13190
13612
msgid "Secondary KDC"
13193
#: serverguide/C/network-auth.xml:1919(para)
13615
#: serverguide/C/network-auth.xml:1932(para)
13195
13617
"Once you have one Key Distribution Center (KDC) on your network, it is good "
13196
13618
"practice to have a Secondary KDC in case the primary becomes unavailable."
13199
#: serverguide/C/network-auth.xml:1927(para)
13621
#: serverguide/C/network-auth.xml:1940(para)
13201
13623
"First, install the packages, and when asked for the Kerberos and Admin "
13202
13624
"server names enter the name of the Primary KDC:"
13205
#: serverguide/C/network-auth.xml:1938(para)
13627
#: serverguide/C/network-auth.xml:1951(para)
13207
13629
"Once you have the packages installed, create the Secondary KDC's host "
13208
13630
"principal. From a terminal prompt, enter:"
13211
#: serverguide/C/network-auth.xml:1943(command)
13633
#: serverguide/C/network-auth.xml:1956(command)
13212
13634
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
13215
#: serverguide/C/network-auth.xml:1947(para)
13637
#: serverguide/C/network-auth.xml:1960(para)
13217
13639
"After, issuing any <application>kadmin</application> commands you will be "
13218
13640
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
13222
#: serverguide/C/network-auth.xml:1956(para)
13644
#: serverguide/C/network-auth.xml:1969(para)
13223
13645
msgid "Extract the <emphasis>keytab</emphasis> file:"
13226
#: serverguide/C/network-auth.xml:1961(command)
13648
#: serverguide/C/network-auth.xml:1974(command)
13227
13649
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
13230
#: serverguide/C/network-auth.xml:1967(para)
13652
#: serverguide/C/network-auth.xml:1980(para)
13232
13654
"There should now be a <filename>keytab.kdc02</filename> in the current "
13233
13655
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
13236
#: serverguide/C/network-auth.xml:1973(command)
13658
#: serverguide/C/network-auth.xml:1986(command)
13237
13659
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
13240
#: serverguide/C/network-auth.xml:1977(para)
13662
#: serverguide/C/network-auth.xml:1990(para)
13242
13664
"If the path to the <filename>keytab.kdc02</filename> file is different "
13243
13665
"adjust accordingly."
13246
#: serverguide/C/network-auth.xml:1982(para)
13668
#: serverguide/C/network-auth.xml:1995(para)
13248
13670
"Also, you can list the principals in a Keytab file, which can be useful when "
13249
13671
"troubleshooting, using the <application>klist</application> utility:"
13252
#: serverguide/C/network-auth.xml:1988(command)
13674
#: serverguide/C/network-auth.xml:2001(command)
13253
13675
msgid "sudo klist -k /etc/krb5.keytab"
13256
#: serverguide/C/network-auth.xml:1994(para)
13678
#: serverguide/C/network-auth.xml:2007(para)
13258
13680
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
13259
13681
"that lists all KDCs for the Realm. For example, on both primary and "
13260
13682
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
13263
#: serverguide/C/network-auth.xml:1999(programlisting)
13685
#: serverguide/C/network-auth.xml:2012(programlisting)
14004
14429
"l\">kdb5_ldap_util man page</ulink>."
14007
#: serverguide/C/network-auth.xml:2745(para)
14432
#: serverguide/C/network-auth.xml:2757(para)
14009
14434
"Another useful link is the <ulink "
14010
14435
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">k"
14011
14436
"rb5.conf man page</ulink>."
14439
#: serverguide/C/monitoring.xml:13(title)
14443
#: serverguide/C/monitoring.xml:17(para)
14445
"The monitoring of essential servers and services is an important part of "
14446
"system administration. Most network services are monitored for performance, "
14447
"availability, or both. This section will cover installation and "
14448
"configuration of <application>Nagios</application> for availability "
14449
"monitoring, and <application>Munin</application> for performance monitoring."
14452
#: serverguide/C/monitoring.xml:24(para)
14454
"The examples in this section will use two servers with hostnames "
14455
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
14456
"<emphasis>Server01</emphasis> will be configured with "
14457
"<application>Nagios</application> to monitor services on itself and "
14458
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
14459
"<application>munin</application> package to gather information from the "
14460
"network. Using the <application>munin-node</application> package, "
14461
"<emphasis>server02</emphasis> will be configured to send information to "
14462
"<emphasis>server01</emphasis>."
14465
#: serverguide/C/monitoring.xml:33(para)
14467
"Hopefully these simple examples will allow you to monitor additional servers "
14468
"and services on your network."
14471
#: serverguide/C/monitoring.xml:39(title)
14475
#: serverguide/C/monitoring.xml:44(para)
14477
"First, on <emphasis>server01</emphasis> install the "
14478
"<application>nagios</application> package. In a terminal enter:"
14481
#: serverguide/C/monitoring.xml:50(command)
14482
msgid "sudo apt-get install nagios3 nagios-nrpe-plugin"
14485
#: serverguide/C/monitoring.xml:53(para)
14487
"You will be asked to enter a password for the "
14488
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
14489
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
14490
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
14491
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
14492
"of the <application>apache2-utils</application> package."
14495
#: serverguide/C/monitoring.xml:60(para)
14497
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
14501
#: serverguide/C/monitoring.xml:65(command)
14502
msgid "sudo htpasswd /etc/nagios3/htpasswd.users nagiosadmin"
14505
#: serverguide/C/monitoring.xml:68(para)
14506
msgid "To add a user:"
14509
#: serverguide/C/monitoring.xml:73(command)
14510
msgid "sudo htpasswd /etc/nagios3/htpasswd.users steve"
14513
#: serverguide/C/monitoring.xml:76(para)
14515
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
14516
"server</application> package. From a terminal on server02 enter:"
14519
#: serverguide/C/monitoring.xml:82(command)
14520
msgid "sudo apt-get install nagios-nrpe-server"
14523
#: serverguide/C/monitoring.xml:86(para)
14525
"<application>NRPE</application> allows you to execute local checks on remote "
14526
"hosts. There are other ways of accomplishing this through other Nagios "
14527
"plugins as well as other checks."
14530
#: serverguide/C/monitoring.xml:94(title)
14531
msgid "Configuration Overview"
14534
#: serverguide/C/monitoring.xml:96(para)
14536
"There are a couple of directories containing "
14537
"<application>Nagios</application> configuration and check files."
14540
#: serverguide/C/monitoring.xml:102(para)
14542
"<filename>/etc/nagios3</filename>: contains configuration files for the "
14543
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
14547
#: serverguide/C/monitoring.xml:108(para)
14549
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
14553
#: serverguide/C/monitoring.xml:113(para)
14555
"<filename>/etc/nagios</filename>: on the remote host contains the "
14556
"<application>nagios-nrpe-server</application> configuration files."
14559
#: serverguide/C/monitoring.xml:118(para)
14561
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
14562
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
14565
#: serverguide/C/monitoring.xml:123(para)
14566
msgid "For example: <command>/usr/lib/nagios/plugins/check_dhcp -h</command>"
14569
#: serverguide/C/monitoring.xml:129(para)
14571
"There are a plethora of checks <application>Nagios</application> can be "
14572
"configured to execute for any given host. For this example Nagios will be "
14573
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
14574
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
14575
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
14578
#: serverguide/C/monitoring.xml:136(para)
14580
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
14581
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
14584
#: serverguide/C/monitoring.xml:141(para)
14586
"Additionally, there are some terms that once explained will hopefully make "
14587
"understanding Nagios configuration easier:"
14590
#: serverguide/C/monitoring.xml:147(para)
14592
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
14593
"is being monitored."
14596
#: serverguide/C/monitoring.xml:152(para)
14598
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
14599
"could group all web servers, file server, etc."
14602
#: serverguide/C/monitoring.xml:157(para)
14604
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
14605
"as HTTP, DNS, NFS, etc."
14608
#: serverguide/C/monitoring.xml:162(para)
14610
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
14611
"together. This is useful for grouping multiple HTTP for example."
14614
#: serverguide/C/monitoring.xml:168(para)
14616
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
14617
"place. Nagios can be configured to send emails, SMS messages, etc."
14620
#: serverguide/C/monitoring.xml:174(para)
14622
"By default Nagios is configured to check HTTP, disk space, SSH, current "
14623
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
14624
"will also <application>ping</application> check the "
14625
"<emphasis>gateway</emphasis>."
14628
#: serverguide/C/monitoring.xml:179(para)
14630
"Large Nagios installations can be quite complex to configure. It is usually "
14631
"best to start small, one or two hosts, get things configured the way you "
14632
"like then expand."
14635
#: serverguide/C/monitoring.xml:194(para)
14637
"First, create a <emphasis>host</emphasis> configuration file for "
14638
"<emphasis>server02</emphasis>. In a terminal enter:"
14641
#: serverguide/C/monitoring.xml:199(command)
14643
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
14644
"/etc/nagios3/conf.d/server02.cfg"
14647
#: serverguide/C/monitoring.xml:203(para)
14649
"In the above and following command examples, replace "
14650
"<emphasis>\"server01\"</emphasis>, "
14651
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
14652
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
14656
#: serverguide/C/monitoring.xml:212(para)
14657
msgid "Next, edit <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
14660
#: serverguide/C/monitoring.xml:216(programlisting)
14665
" use generic-host ; Name of host "
14666
"template to use\n"
14667
" host_name server02\n"
14668
" alias Server 02\n"
14669
" address 172.18.100.101\n"
14672
"# check DNS service.\n"
14673
"define service {\n"
14674
" use generic-service\n"
14675
" host_name server02\n"
14676
" service_description DNS\n"
14677
" check_command check_dns!172.18.100.101\n"
14681
#: serverguide/C/monitoring.xml:236(para)
14683
"Restart the <application>nagios</application> daemon to enable the new "
14687
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
14688
msgid "sudo /etc/init.d/nagios3 restart"
14691
#: serverguide/C/monitoring.xml:251(para)
14693
"Now add a service definition for the MySQL check by adding the following to "
14694
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
14697
#: serverguide/C/monitoring.xml:255(programlisting)
14701
"# check MySQL servers.\n"
14702
"define service {\n"
14703
" hostgroup_name mysql-servers\n"
14704
" service_description MySQL\n"
14706
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
14707
" use generic-service\n"
14708
" notification_interval 0 ; set > 0 if you want to be "
14713
#: serverguide/C/monitoring.xml:269(para)
14715
"A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
14716
"Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
14719
#: serverguide/C/monitoring.xml:274(programlisting)
14723
"# MySQL hostgroup.\n"
14724
"define hostgroup {\n"
14725
" hostgroup_name mysql-servers\n"
14726
" alias MySQL servers\n"
14727
" members localhost, server02\n"
14731
#: serverguide/C/monitoring.xml:286(para)
14733
"The Nagios check needs to authenticate to MySQL. To add a "
14734
"<emphasis>nagios</emphasis> user to MySQL enter:"
14737
#: serverguide/C/monitoring.xml:291(command)
14738
msgid "mysql -u root -p -e \"create user nagios identified by 'secret';\""
14741
#: serverguide/C/monitoring.xml:295(para)
14743
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
14744
"<emphasis>mysql-servers</emphasis> hostgroup."
14747
#: serverguide/C/monitoring.xml:303(para)
14749
"Restart <application>nagios</application> to start checking the MySQL "
14753
#: serverguide/C/monitoring.xml:318(para)
14755
"Lastly configure NRPE to check the disk space on "
14756
"<emphasis>server02</emphasis>."
14759
#: serverguide/C/monitoring.xml:322(para)
14761
"On <emphasis>server01</emphasis> add the service check to "
14762
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
14765
#: serverguide/C/monitoring.xml:327(programlisting)
14769
"# NRPE disk check.\n"
14770
"define service {\n"
14771
" use generic-service\n"
14772
" host_name server02\n"
14773
" service_description nrpe-disk\n"
14775
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
14779
#: serverguide/C/monitoring.xml:340(para)
14781
"Now on <emphasis>server02</emphasis> edit "
14782
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
14785
#: serverguide/C/monitoring.xml:344(programlisting)
14789
"allowed_hosts=172.18.100.100\n"
14792
#: serverguide/C/monitoring.xml:348(para)
14793
msgid "And below in the command definition area add:"
14796
#: serverguide/C/monitoring.xml:352(programlisting)
14800
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
14804
#: serverguide/C/monitoring.xml:359(para)
14805
msgid "Finally, restart <application>nagios-nrpe-server</application>:"
14808
#: serverguide/C/monitoring.xml:364(command)
14809
msgid "sudo /etc/init.d/nagios-nrpe-server restart"
14812
#: serverguide/C/monitoring.xml:370(para)
14814
"Also, on <emphasis>server01</emphasis> restart "
14815
"<application>nagios</application>:"
14818
#: serverguide/C/monitoring.xml:383(para)
14820
"You should now be able to see the host and service checks in the Nagios CGI "
14821
"files. To access them point a browser to http://server01/nagios3. You will "
14822
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
14826
#: serverguide/C/monitoring.xml:393(para)
14828
"This section has just scratched the surface of Nagios' features. The "
14829
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
14830
"plugins</application> contain many more service checks."
14833
#: serverguide/C/monitoring.xml:400(para)
14835
"For more information see <ulink "
14836
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
14839
#: serverguide/C/monitoring.xml:405(para)
14841
"Specifically the <ulink "
14842
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
14846
#: serverguide/C/monitoring.xml:410(para)
14848
"There is also a list of <ulink "
14849
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
14850
"Nagios and network monitoring:"
14853
#: serverguide/C/monitoring.xml:420(title)
14857
#: serverguide/C/monitoring.xml:425(para)
14859
"Before installing <application>Munin</application> on "
14860
"<emphasis>server01</emphasis><application>apache2</application> will need to "
14861
"be installed. The default configuration is fine for running a "
14862
"<application>munin</application> server. For more information see <xref "
14863
"linkend=\"httpd\"/>."
14866
#: serverguide/C/monitoring.xml:431(para)
14868
"First, on <emphasis>server01</emphasis> install "
14869
"<application>munin</application>. In a terminal enter:"
14872
#: serverguide/C/monitoring.xml:436(command)
14873
msgid "sudo apt-get install munin"
14876
#: serverguide/C/monitoring.xml:439(para)
14878
"Now on <emphasis>server02</emphasis> install the <application>munin-"
14879
"node</application> package:"
14882
#: serverguide/C/monitoring.xml:444(command)
14883
msgid "sudo apt-get install munin-node"
14886
#: serverguide/C/monitoring.xml:451(para)
14888
"On <emphasis>server01</emphasis> edit the "
14889
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
14890
"<emphasis>server02</emphasis>:"
14893
#: serverguide/C/monitoring.xml:456(programlisting)
14897
"## First our \"normal\" host.\n"
14899
" address 172.18.100.101\n"
14902
#: serverguide/C/monitoring.xml:463(para)
14904
"Replace <emphasis>server02</emphasis> and "
14905
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
14909
#: serverguide/C/monitoring.xml:469(para)
14911
"Next, configure <application>munin-node</application> on "
14912
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
14913
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
14916
#: serverguide/C/monitoring.xml:474(programlisting)
14920
"allow ^172\\.18\\.100\\.100$\n"
14923
#: serverguide/C/monitoring.xml:479(para)
14925
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
14926
"<application>munin</application> server."
14929
#: serverguide/C/monitoring.xml:484(para)
14931
"Now restart <application>munin-node</application> on "
14932
"<emphasis>server02</emphasis> for the changes to take effect:"
14935
#: serverguide/C/monitoring.xml:489(command)
14936
msgid "sudo /etc/init.d/munin-node restart"
14939
#: serverguide/C/monitoring.xml:492(para)
14941
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
14942
"you should see links to nice graphs displaying information from the standard "
14943
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
14946
#: serverguide/C/monitoring.xml:498(para)
14948
"Since this is a new install it may take some time for the graphs to display "
14952
#: serverguide/C/monitoring.xml:505(title)
14953
msgid "Additional Plugins"
14956
#: serverguide/C/monitoring.xml:507(para)
14958
"The <application>munin-plugins-extra</application> package contains "
14959
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
14960
"install the package, from a terminal enter:"
14963
#: serverguide/C/monitoring.xml:513(command)
14964
msgid "sudo apt-get install munin-plugins-extra"
14967
#: serverguide/C/monitoring.xml:516(para)
14968
msgid "Be sure to install the package on both the server and node machines."
14971
#: serverguide/C/monitoring.xml:526(para)
14973
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
14974
"website for more details."
14977
#: serverguide/C/monitoring.xml:531(para)
14979
"Specifically the <ulink "
14980
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
14981
"Documentation</ulink> page includes information on additional plugins, "
14982
"writing plugins, etc."
14985
#: serverguide/C/monitoring.xml:537(para)
14987
"Also, there is a book in German by Open Source Press: <ulink "
14988
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
14989
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
14014
14992
#: serverguide/C/mail.xml:13(title)
14015
14993
msgid "Email Services"
14045
15023
#: serverguide/C/mail.xml:34(para)
15025
"This guide does not cover setting up Postfix <emphasis>Virtual "
15026
"Domains</emphasis>, for information on Virtual Domains and other advanced "
15027
"configurations see <xref linkend=\"postfix-references\"/>."
15030
#: serverguide/C/mail.xml:41(para)
14047
15032
"To install <application>postfix</application> run the following command:"
14050
#: serverguide/C/mail.xml:40(para)
15035
#: serverguide/C/mail.xml:47(para)
14052
15037
"Simply press return when the installation process asks questions, the "
14053
15038
"configuration will be done in greater detail in the next stage."
14056
#: serverguide/C/mail.xml:45(title)
15041
#: serverguide/C/mail.xml:52(title)
14057
15042
msgid "Basic Configuration"
14060
#: serverguide/C/mail.xml:46(para)
15045
#: serverguide/C/mail.xml:53(para)
14062
15047
"To configure <application>postfix</application>, run the following command:"
14065
#: serverguide/C/mail.xml:50(command)
15050
#: serverguide/C/mail.xml:57(command)
14066
15051
msgid "sudo dpkg-reconfigure postfix"
14069
#: serverguide/C/mail.xml:56(para)
15054
#: serverguide/C/mail.xml:63(para)
14070
15055
msgid "Internet Site"
14073
#: serverguide/C/mail.xml:57(para)
15058
#: serverguide/C/mail.xml:64(para)
14074
15059
msgid "mail.example.com"
14077
#: serverguide/C/mail.xml:58(para)
15062
#: serverguide/C/mail.xml:65(para)
14078
15063
msgid "steve"
14081
#: serverguide/C/mail.xml:59(para)
15066
#: serverguide/C/mail.xml:66(para)
14082
15067
msgid "mail.example.com, localhost.localdomain, localhost"
14085
#: serverguide/C/mail.xml:60(para)
15070
#: serverguide/C/mail.xml:67(para)
14089
#: serverguide/C/mail.xml:61(para)
15074
#: serverguide/C/mail.xml:68(para)
14090
15075
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
14093
#: serverguide/C/mail.xml:62(para)
15078
#: serverguide/C/mail.xml:69(para)
14097
#: serverguide/C/mail.xml:63(para)
15082
#: serverguide/C/mail.xml:70(para)
14101
#: serverguide/C/mail.xml:64(para)
15086
#: serverguide/C/mail.xml:71(para)
14105
#: serverguide/C/mail.xml:52(para)
15090
#: serverguide/C/mail.xml:59(para)
14107
15092
"The user interface will be displayed. On each screen, select the following "
14108
15093
"values: <placeholder-1/>"
14111
#: serverguide/C/mail.xml:68(para)
14113
"Replace mail.example.com with your mail server hostname, 192.168.0/24 with "
14114
"the actual network and class range of your mail server, and steve with the "
14115
"appropriate username."
14118
#: serverguide/C/mail.xml:76(title) serverguide/C/mail.xml:357(title)
15096
#: serverguide/C/mail.xml:75(para)
15098
"Replace mail.example.com with the domain for which you'll accept email, "
15099
"192.168.0/24 with the actual network and class range of your mail server, "
15100
"and steve with the appropriate username."
15103
#: serverguide/C/mail.xml:81(para)
15105
"Now is a good time to decide which mailbox format you want to use. By "
15106
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
15107
"mailbox format. Rather than editing the configuration file directly, you can "
15108
"use the <command>postconf</command> command to configure all "
15109
"<application>postfix</application> parameters. The configuration parameters "
15110
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
15111
"you wish to re-configure a particular parameter, you can either run the "
15112
"command or change it manually in the file."
15115
#: serverguide/C/mail.xml:92(para)
15117
"To configure the mailbox format for <emphasis "
15118
"role=\"strong\">Maildir:</emphasis>"
15121
#: serverguide/C/mail.xml:97(command)
15122
msgid "sudo postconf -e 'home_mailbox = Maildir/'"
15125
#: serverguide/C/mail.xml:100(para)
15127
"This will place new mail in /home/<emphasis "
15128
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
15129
"your Mail Delivery Agent (MDA) to use the same path."
15132
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:538(title)
14119
15133
msgid "SMTP Authentication"
14122
#: serverguide/C/mail.xml:78(para)
15136
#: serverguide/C/mail.xml:110(para)
14124
15138
"SMTP-AUTH allows a client to identify itself through an authentication "
14125
15139
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
14127
15141
"the client to relay mail."
14130
#: serverguide/C/mail.xml:84(para)
14132
"Configuring <application>Postfix</application> for SMTP-AUTH is very simple "
14133
"using the <application>dovecot-postfix</application> package. This package "
14134
"will install <application>Dovecot</application> and configure "
15144
#: serverguide/C/mail.xml:117(para)
15145
msgid "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):"
15148
#: serverguide/C/mail.xml:120(screen)
15152
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
15153
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
15154
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
15155
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
15156
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
15157
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
15158
"sudo postconf -e 'smtpd_recipient_restrictions = "
15159
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
15160
"sudo postconf -e 'inet_interfaces = all'\n"
15163
#: serverguide/C/mail.xml:131(para)
15165
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
15166
"the Postfix queue directory."
15169
#: serverguide/C/mail.xml:137(para)
15171
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
15172
"and-security\"/> for details. This example also uses a Certificate Authority "
15173
"(CA). For information on generating a CA certificate see <xref "
15174
"linkend=\"certificate-authority\"/>."
15177
#: serverguide/C/mail.xml:143(para)
15179
"You can get the digital certificate from a certificate authority. But unlike "
15180
"web clients, SMTP clients rarely complain about \"self-signed "
15181
"certificates\", so alternatively, you can create the certificate yourself. "
15182
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
15186
#: serverguide/C/mail.xml:155(para)
15188
"Once you have a certificate, configure Postfix to provide TLS encryption for "
15189
"both incoming and outgoing mail:"
15192
#: serverguide/C/mail.xml:158(screen)
15196
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
15197
"sudo postconf -e 'smtp_use_tls = yes'\n"
15198
"sudo postconf -e 'smtpd_use_tls = yes'\n"
15199
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
15200
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
15201
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
15202
"sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'\n"
15203
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
15204
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
15205
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
15206
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
15207
"sudo postconf -e 'myhostname = mail.example.com'\n"
15210
#: serverguide/C/mail.xml:175(para)
15212
"After running all the commands, <application>Postfix</application> is "
15213
"configured for SMTP-AUTH and a self-signed certificate has been created for "
15217
#: serverguide/C/mail.xml:180(para)
15219
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
15220
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
15223
#: serverguide/C/mail.xml:184(para)
15225
"The postfix initial configuration is complete. Run the following command to "
15226
"restart the postfix daemon:"
15229
#: serverguide/C/mail.xml:189(para)
15231
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
15232
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
15233
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
15234
"However it is still necessary to set up SASL authentication before you can "
15238
#: serverguide/C/mail.xml:199(title) serverguide/C/mail.xml:591(title)
15239
msgid "Configuring SASL"
15242
#: serverguide/C/mail.xml:200(para)
15244
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
15245
"enable Dovecot SASL the <application>dovecot-common</application> package "
15246
"will need to be installed. From a terminal prompt enter the following:"
15249
#: serverguide/C/mail.xml:206(command)
15250
msgid "sudo apt-get install dovecot-common"
15253
#: serverguide/C/mail.xml:208(para)
15255
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
15256
"In the <emphasis>auth default</emphasis> section uncomment the "
15257
"<emphasis>socket listen</emphasis> option and change the following:"
15260
#: serverguide/C/mail.xml:212(programlisting)
15264
" socket listen {\n"
15266
" # Master socket provides access to userdb information. It's typically\n"
15267
" # used to give Dovecot's local delivery agent access to userdb so it\n"
15268
" # can find mailbox locations.\n"
15269
" #path = /var/run/dovecot/auth-master\n"
15271
" # Default user/group is the one who started dovecot-auth (root)\n"
15276
" # The client socket is generally safe to export to everyone. Typical "
15278
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
15280
" path = /var/spool/postfix/private/auth-client\n"
15282
" user = postfix\n"
15283
" group = postfix\n"
15288
#: serverguide/C/mail.xml:236(para)
15290
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
15291
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
15292
"add <emphasis>\"login\"</emphasis>:"
15295
#: serverguide/C/mail.xml:241(programlisting)
15299
" mechanisms = plain login\n"
15302
#: serverguide/C/mail.xml:245(para)
15304
"Once you have <application>Dovecot</application> configured restart it with:"
15307
#: serverguide/C/mail.xml:249(command) serverguide/C/mail.xml:712(command)
15308
msgid "sudo /etc/init.d/dovecot restart"
15311
#: serverguide/C/mail.xml:254(title)
15312
msgid "Postfix-Dovecot"
15315
#: serverguide/C/mail.xml:256(para)
15317
"Another option for configuring <application>Postfix</application> for SMTP-"
15318
"AUTH is using the <application>dovecot-postfix</application> package. This "
15319
"package will install <application>Dovecot</application> and configure "
14135
15320
"<application>Postfix</application> to use it for both SASL authentication "
14136
15321
"and as a Mail Delivery Agent (MDA). The package also configures "
14137
15322
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
14140
#: serverguide/C/mail.xml:91(para)
15325
#: serverguide/C/mail.xml:265(para)
15327
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
15328
"server. For example, if you are configuring your server to be a mail "
15329
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
15330
"the above commands to configure Postfix for SMTPAUTH."
15333
#: serverguide/C/mail.xml:272(para)
14141
15334
msgid "To install the package, from a terminal prompt enter:"
14144
#: serverguide/C/mail.xml:96(command)
15337
#: serverguide/C/mail.xml:277(command)
14145
15338
msgid "sudo apt-get install dovecot-postfix"
14148
#: serverguide/C/mail.xml:99(para)
15341
#: serverguide/C/mail.xml:280(para)
14150
15343
"You should now have a working mail server, but there are a few options that "
14151
15344
"you may wish to further customize. For example, the package uses the "
14542
#: serverguide/C/mail.xml:401(para)
15735
#: serverguide/C/mail.xml:582(para)
14543
15736
msgid "Finally, update the Exim4 configuration and restart the service:"
14546
#: serverguide/C/mail.xml:406(command)
15739
#: serverguide/C/mail.xml:587(command)
14547
15740
msgid "sudo /etc/init.d/exim4 restart"
14550
#: serverguide/C/mail.xml:410(title)
14551
msgid "Configuring SASL"
14554
#: serverguide/C/mail.xml:411(para)
15743
#: serverguide/C/mail.xml:592(para)
14556
15745
"This section provides details on configuring the saslauthd to provide "
14557
15746
"authentication for <application>Exim4</application>."
14560
#: serverguide/C/mail.xml:414(para)
15749
#: serverguide/C/mail.xml:595(para)
14562
15751
"The first step is to install the sasl2-bin package. From a terminal prompt "
14563
15752
"enter the following:"
14566
#: serverguide/C/mail.xml:418(command)
15755
#: serverguide/C/mail.xml:599(command)
14567
15756
msgid "sudo apt-get install sasl2-bin"
14570
#: serverguide/C/mail.xml:420(para)
15759
#: serverguide/C/mail.xml:601(para)
14572
15761
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
14573
15762
"and set START=no to:"
14576
#: serverguide/C/mail.xml:423(programlisting)
15765
#: serverguide/C/mail.xml:604(programlisting)
14580
15769
"START=yes\n"
14583
#: serverguide/C/mail.xml:426(para)
15772
#: serverguide/C/mail.xml:607(para)
14585
15774
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
14586
15775
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
14590
#: serverguide/C/mail.xml:431(command)
15779
#: serverguide/C/mail.xml:612(command)
14591
15780
msgid "sudo adduser Debian-exim sasl"
14594
#: serverguide/C/mail.xml:433(para)
15783
#: serverguide/C/mail.xml:614(para)
14595
15784
msgid "Now start the <application>saslauthd</application> service:"
14598
#: serverguide/C/mail.xml:437(command)
15787
#: serverguide/C/mail.xml:618(command)
14599
15788
msgid "sudo /etc/init.d/saslauthd start"
14602
#: serverguide/C/mail.xml:439(para)
15791
#: serverguide/C/mail.xml:620(para)
14604
15793
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
14605
15794
"and SASL authentication."
14608
#: serverguide/C/mail.xml:448(para)
15797
#: serverguide/C/mail.xml:629(para)
14610
15799
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
14611
15800
"information."
14614
#: serverguide/C/mail.xml:453(para)
15803
#: serverguide/C/mail.xml:634(para)
14616
15805
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
14617
15806
"server\">Exim4 Book</ulink> available."
14620
#: serverguide/C/mail.xml:462(title)
15809
#: serverguide/C/mail.xml:643(title)
14621
15810
msgid "Dovecot Server"
14624
#: serverguide/C/mail.xml:463(para)
15813
#: serverguide/C/mail.xml:644(para)
14626
15815
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
14627
15816
"security primarily in mind. It supports the major mailbox formats: mbox or "
14628
15817
"Maildir. This section explain how to set it up as an imap or pop3 server."
14631
#: serverguide/C/mail.xml:471(para)
15820
#: serverguide/C/mail.xml:652(para)
14633
15822
"To install <application>dovecot</application>, run the following command in "
14634
15823
"the command prompt:"
14637
#: serverguide/C/mail.xml:476(command)
15826
#: serverguide/C/mail.xml:657(command)
14638
15827
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
14641
#: serverguide/C/mail.xml:481(para)
15830
#: serverguide/C/mail.xml:662(para)
14643
15832
"To configure <application>dovecot</application>, you can edit the file "
14644
15833
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
15353
#: serverguide/C/mail.xml:1095(para)
16546
#: serverguide/C/mail.xml:1285(para)
15355
16548
"See <xref linkend=\"postfix\"/> for instructions on installing and "
15356
16549
"configuring Postfix."
15359
#: serverguide/C/mail.xml:1098(para)
16552
#: serverguide/C/mail.xml:1288(para)
15361
16554
"To install the rest of the applications enter the following from a terminal "
15365
#: serverguide/C/mail.xml:1102(command)
16558
#: serverguide/C/mail.xml:1292(command)
15366
16559
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
15369
#: serverguide/C/mail.xml:1103(command)
16562
#: serverguide/C/mail.xml:1293(command)
15370
16563
msgid "sudo apt-get install dkim-filter python-policyd-spf"
15373
#: serverguide/C/mail.xml:1105(para)
16566
#: serverguide/C/mail.xml:1295(para)
15375
16568
"There are some optional packages that integrate with "
15376
16569
"<application>Spamassassin</application> for better spam detection:"
15379
#: serverguide/C/mail.xml:1109(command)
16572
#: serverguide/C/mail.xml:1299(command)
15380
16573
msgid "sudo apt-get install pyzor razor"
15383
#: serverguide/C/mail.xml:1111(para)
16576
#: serverguide/C/mail.xml:1301(para)
15385
16578
"Along with the main filtering applications compression utilities are needed "
15386
16579
"to process some email attachments:"
15389
#: serverguide/C/mail.xml:1115(command)
16582
#: serverguide/C/mail.xml:1305(command)
15391
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip "
16584
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
15395
#: serverguide/C/mail.xml:1120(para)
16587
#: serverguide/C/mail.xml:1310(para)
15396
16588
msgid "Now configure everything to work together and filter email."
15399
#: serverguide/C/mail.xml:1124(title)
16591
#: serverguide/C/mail.xml:1314(title)
15400
16592
msgid "ClamAV"
15403
#: serverguide/C/mail.xml:1125(para)
16595
#: serverguide/C/mail.xml:1315(para)
15405
16597
"The default behaviour of <application>ClamAV</application> will fit our "
15406
16598
"needs. For more ClamAV configuration options, check the configuration files "
15407
16599
"in <filename>/etc/clamav</filename>."
15410
#: serverguide/C/mail.xml:1130(para)
16602
#: serverguide/C/mail.xml:1320(para)
15412
16604
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
15413
16605
"group in order for <application>Amavisd-new</application> to have the "
15414
16606
"appropriate access to scan files:"
15417
#: serverguide/C/mail.xml:1135(command)
16609
#: serverguide/C/mail.xml:1325(command)
15418
16610
msgid "sudo adduser clamav amavis"
15421
#: serverguide/C/mail.xml:1139(title)
16613
#: serverguide/C/mail.xml:1329(title)
15422
16614
msgid "Spamassassin"
15425
#: serverguide/C/mail.xml:1140(para)
16617
#: serverguide/C/mail.xml:1330(para)
15427
16619
"Spamassassin automatically detects optional components and will use them if "
15428
16620
"they are present. This means that there is no need to configure "
15429
16621
"<application>pyzor</application> and <application>razor</application>."
15432
#: serverguide/C/mail.xml:1144(para)
16624
#: serverguide/C/mail.xml:1334(para)
15434
16626
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
15435
16627
"<application>Spamassassin</application> daemon. Change "
15436
16628
"<emphasis>ENABLED=0</emphasis> to:"
15439
#: serverguide/C/mail.xml:1148(programlisting)
16631
#: serverguide/C/mail.xml:1338(programlisting)
15443
16635
"ENABLED=1\n"
15446
#: serverguide/C/mail.xml:1151(para)
16638
#: serverguide/C/mail.xml:1341(para)
15447
16639
msgid "Now start the daemon:"
15450
#: serverguide/C/mail.xml:1155(command)
16642
#: serverguide/C/mail.xml:1345(command)
15451
16643
msgid "sudo /etc/init.d/spamassassin start"
15454
#: serverguide/C/mail.xml:1159(title)
16646
#: serverguide/C/mail.xml:1349(title)
15455
16647
msgid "Amavisd-new"
15458
#: serverguide/C/mail.xml:1160(para)
16650
#: serverguide/C/mail.xml:1350(para)
15460
16652
"First activate spam and antivirus detection in <application>Amavisd-"
15461
16653
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
15462
16654
"content_filter_mode</filename>:"
15465
#: serverguide/C/mail.xml:1164(programlisting)
16657
#: serverguide/C/mail.xml:1354(programlisting)
16114
17330
"installation instructions."
16117
#: serverguide/C/lamp-applications.xml:285(para)
17333
#: serverguide/C/lamp-applications.xml:292(para)
16119
17335
"To install <application>MediaWiki</application>, run the following command "
16120
17336
"in the command prompt:"
16123
#: serverguide/C/lamp-applications.xml:291(command)
17339
#: serverguide/C/lamp-applications.xml:298(command)
16124
17340
msgid "sudo apt-get install mediawiki php5-gd"
16127
#: serverguide/C/lamp-applications.xml:294(para)
17343
#: serverguide/C/lamp-applications.xml:301(para)
16129
17345
"For additional <application>MediaWiki</application> functionality see the "
16130
17346
"<application>mediawiki-extensions</application> package."
16133
#: serverguide/C/lamp-applications.xml:304(para)
16134
msgid "Run the following commands to configure MediaWiki:"
16137
#: serverguide/C/lamp-applications.xml:309(command)
16138
msgid "sudo ln -s /var/lib/mediawiki /var/www/mediawiki"
16141
#: serverguide/C/lamp-applications.xml:312(para)
16142
msgid "Point your web browser to the following URL for MediaWiki setup:"
16145
#: serverguide/C/lamp-applications.xml:316(programlisting)
17349
#: serverguide/C/lamp-applications.xml:311(para)
17351
"The Apache configuration file <filename>mediawiki.conf</filename> for "
17352
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
17353
"directory. You should uncomment the following line in this file to access "
17354
"MediaWiki application."
17357
#: serverguide/C/lamp-applications.xml:319(screen)
17361
"# Alias /mediawiki /var/lib/mediawiki\n"
17364
#: serverguide/C/lamp-applications.xml:323(para)
17366
"After you uncomment the above line, restart Apache server and access "
17367
"MediaWiki using the following url:"
17370
#: serverguide/C/lamp-applications.xml:328(programlisting)
16149
17374
"http://localhost/mediawiki/config/index.php\n"
16152
#: serverguide/C/lamp-applications.xml:321(para)
17377
#: serverguide/C/lamp-applications.xml:333(para)
16154
17379
"Please read the <quote>Checking environment...</quote> section in this page. "
16155
17380
"You should be able to fix many issues by carefully reading this section."
16158
#: serverguide/C/lamp-applications.xml:334(para)
17383
#: serverguide/C/lamp-applications.xml:340(para)
17385
"Once the configuration is complete, you should copy the "
17386
"<filename>/var/lib/mediawiki/LocalSettings.php</filename> file to "
17387
"<filename>/etc/mediawiki</filename> directory."
17390
#: serverguide/C/lamp-applications.xml:348(title)
17394
#: serverguide/C/lamp-applications.xml:349(para)
17396
"The extensions add new features and enhancements for the MediaWiki "
17397
"application. The extensions give wiki administrators and end users the "
17398
"ability to customize MediaWiki to their requirements."
17401
#: serverguide/C/lamp-applications.xml:355(para)
17403
"You can download MediaWiki extensions as an archive file or checkout from "
17404
"the Subversion repository. You should copy it to "
17405
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
17406
"also add the following line at the end of file: "
17407
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
17410
#: serverguide/C/lamp-applications.xml:363(programlisting)
17414
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
17417
#: serverguide/C/lamp-applications.xml:373(para)
16160
17419
"For more details, please refer to the <ulink "
16161
17420
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
16164
#: serverguide/C/lamp-applications.xml:340(para)
17423
#: serverguide/C/lamp-applications.xml:379(para)
16166
17425
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
16167
17426
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
16168
17427
"new MediaWiki administrators."
16171
#: serverguide/C/lamp-applications.xml:350(title)
17430
#: serverguide/C/lamp-applications.xml:389(title)
16172
17431
msgid "phpMyAdmin"
16175
#: serverguide/C/lamp-applications.xml:352(para)
17434
#: serverguide/C/lamp-applications.xml:391(para)
16177
17436
"<application>phpMyAdmin</application> is a LAMP application specifically "
16178
17437
"written for administering <application>MySQL</application> servers. Written "
16917
18141
"<emphasis>\"Done setting up partition\"</emphasis>."
16920
#: serverguide/C/installation.xml:458(para)
18144
#: serverguide/C/installation.xml:459(para)
16922
18146
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
16923
18147
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
16924
18148
"partition\"</emphasis>."
16927
#: serverguide/C/installation.xml:466(para)
18151
#: serverguide/C/installation.xml:467(para)
16929
18153
"Use the rest of the free space on the drive and choose "
16930
18154
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
16933
#: serverguide/C/installation.xml:473(para)
18157
#: serverguide/C/installation.xml:474(para)
16935
18159
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
16936
18160
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
16937
18161
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
16940
#: serverguide/C/installation.xml:481(para)
18164
#: serverguide/C/installation.xml:482(para)
16941
18165
msgid "Repeat steps three through eight for the other disk and partitions."
16944
#: serverguide/C/installation.xml:490(title)
18168
#: serverguide/C/installation.xml:491(title)
16945
18169
msgid "RAID Configuration"
16948
#: serverguide/C/installation.xml:492(para)
18172
#: serverguide/C/installation.xml:493(para)
16949
18173
msgid "With the partitions setup the arrays are ready to be configured:"
16952
#: serverguide/C/installation.xml:499(para)
18176
#: serverguide/C/installation.xml:500(para)
16954
18178
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
16955
18179
"Software RAID\"</emphasis> at the top."
16958
#: serverguide/C/installation.xml:506(para)
18182
#: serverguide/C/installation.xml:507(para)
16959
18183
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
16962
#: serverguide/C/installation.xml:513(para)
18186
#: serverguide/C/installation.xml:514(para)
16963
18187
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
16966
#: serverguide/C/installation.xml:520(para)
18190
#: serverguide/C/installation.xml:521(para)
16968
18192
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
16969
18193
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
16972
#: serverguide/C/installation.xml:526(para)
18196
#: serverguide/C/installation.xml:527(para)
16974
18198
"In order to use <emphasis>RAID5</emphasis> you need at least "
16975
18199
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
16976
18200
"<emphasis>two</emphasis> drives are required."
16979
#: serverguide/C/installation.xml:535(para)
18203
#: serverguide/C/installation.xml:536(para)
16981
18205
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
16982
18206
"of hard drives you have, for the array. Then select "
16983
18207
"<emphasis>\"Continue\"</emphasis>."
16986
#: serverguide/C/installation.xml:543(para)
18210
#: serverguide/C/installation.xml:544(para)
16988
18212
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
16989
18213
"default, then choose <emphasis>\"Continue\"</emphasis>."
16992
#: serverguide/C/installation.xml:550(para)
18216
#: serverguide/C/installation.xml:551(para)
16994
18218
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
16995
18219
"etc. The numbers will usually match and the different letters correspond to "
16996
18220
"different hard drives."
16999
#: serverguide/C/installation.xml:555(para)
18223
#: serverguide/C/installation.xml:556(para)
17001
18225
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
17002
18226
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
17003
18227
"go to the next step."
17006
#: serverguide/C/installation.xml:563(para)
18230
#: serverguide/C/installation.xml:564(para)
17008
18232
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
17009
18233
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
17010
18234
"and <emphasis>sdb2</emphasis>."
17013
#: serverguide/C/installation.xml:571(para)
18237
#: serverguide/C/installation.xml:572(para)
17014
18238
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
17017
#: serverguide/C/installation.xml:581(title)
18241
#: serverguide/C/installation.xml:582(title)
17018
18242
msgid "Formatting"
17021
#: serverguide/C/installation.xml:583(para)
18245
#: serverguide/C/installation.xml:584(para)
17023
18247
"There should now be a list of hard drives and RAID devices. The next step is "
17024
18248
"to format and set the mount point for the RAID devices. Treat the RAID "
17025
18249
"device as a local hard drive, format and mount accordingly."
17028
#: serverguide/C/installation.xml:591(para)
18252
#: serverguide/C/installation.xml:592(para)
17029
18253
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
17032
#: serverguide/C/installation.xml:598(para)
18256
#: serverguide/C/installation.xml:599(para)
17034
18258
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
17035
18259
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
17038
#: serverguide/C/installation.xml:606(para)
18262
#: serverguide/C/installation.xml:607(para)
17039
18263
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
17042
#: serverguide/C/installation.xml:613(para)
18266
#: serverguide/C/installation.xml:614(para)
17044
18268
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
17045
18269
"journaling file system\"</emphasis>."
17048
#: serverguide/C/installation.xml:620(para)
18272
#: serverguide/C/installation.xml:621(para)
17050
18274
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
17051
18275
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
19476
#: serverguide/C/clustering.xml:83(para)
20735
#: serverguide/C/clustering.xml:90(para)
19478
20737
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
19479
20738
"this example their default values are fine."
19482
#: serverguide/C/clustering.xml:91(para)
20741
#: serverguide/C/clustering.xml:98(para)
19483
20742
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
19486
#: serverguide/C/clustering.xml:96(command)
20745
#: serverguide/C/clustering.xml:103(command)
19487
20746
msgid "scp /etc/drbd.conf drbd02:~"
19490
#: serverguide/C/clustering.xml:102(para)
20749
#: serverguide/C/clustering.xml:109(para)
19492
20751
"And, on <emphasis>drbd02</emphasis> move the file to "
19493
20752
"<filename>/etc</filename>:"
19496
#: serverguide/C/clustering.xml:107(command)
20755
#: serverguide/C/clustering.xml:114(command)
19497
20756
msgid "sudo mv drbd.conf /etc/"
19500
#: serverguide/C/clustering.xml:113(para)
20759
#: serverguide/C/clustering.xml:120(para)
19502
20761
"Next, on both hosts, start the <application>drbd</application> daemon:"
19505
#: serverguide/C/clustering.xml:118(command)
20764
#: serverguide/C/clustering.xml:125(command)
19506
20765
msgid "sudo /etc/init.d/drbd start"
19509
#: serverguide/C/clustering.xml:124(para)
20768
#: serverguide/C/clustering.xml:131(para)
19511
20770
"Now using the <application>drbdadm</application> utility initialize the meta "
19512
20771
"data storage. On each server execute:"
19515
#: serverguide/C/clustering.xml:130(command)
20774
#: serverguide/C/clustering.xml:137(command)
19516
20775
msgid "sudo drbdadm create-md r0"
19519
#: serverguide/C/clustering.xml:136(para)
20778
#: serverguide/C/clustering.xml:143(para)
19521
20780
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
19522
20781
"primary, enter the following:"
19525
#: serverguide/C/clustering.xml:141(command)
20784
#: serverguide/C/clustering.xml:148(command)
19526
20785
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
19529
#: serverguide/C/clustering.xml:147(para)
20788
#: serverguide/C/clustering.xml:154(para)
19531
20790
"After executing the above command, the data will start syncing with the "
19532
20791
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
19533
20792
"the following:"
19536
#: serverguide/C/clustering.xml:153(command)
20795
#: serverguide/C/clustering.xml:160(command)
19537
20796
msgid "watch -n1 cat /proc/drbd"
19540
#: serverguide/C/clustering.xml:156(para)
20799
#: serverguide/C/clustering.xml:163(para)
19541
20800
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
19544
#: serverguide/C/clustering.xml:163(para)
20803
#: serverguide/C/clustering.xml:170(para)
19546
20805
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
19549
#: serverguide/C/clustering.xml:168(command)
20808
#: serverguide/C/clustering.xml:175(command)
19550
20809
msgid "sudo mkfs.ext3 /dev/drbd0"
19553
#: serverguide/C/clustering.xml:169(command) serverguide/C/clustering.xml:217(command)
20812
#: serverguide/C/clustering.xml:176(command) serverguide/C/clustering.xml:224(command)
19554
20813
msgid "sudo mount /dev/drbd0 /srv"
19557
#: serverguide/C/clustering.xml:179(para)
20816
#: serverguide/C/clustering.xml:186(para)
19559
20818
"To test that the data is actually syncing between the hosts copy some files "
19560
20819
"on the <emphasis>drbd01</emphasis>, the primary, to "
19561
20820
"<filename>/srv</filename>:"
19564
#: serverguide/C/clustering.xml:188(para)
20823
#: serverguide/C/clustering.xml:195(para)
19565
20824
msgid "Next, unmount <filename>/srv</filename>:"
19568
#: serverguide/C/clustering.xml:196(para)
20827
#: serverguide/C/clustering.xml:203(para)
19570
20829
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
19571
20830
"<emphasis>secondary</emphasis> role:"
19574
#: serverguide/C/clustering.xml:201(command)
20833
#: serverguide/C/clustering.xml:208(command)
19575
20834
msgid "sudo drbdadm secondary r0"
19578
#: serverguide/C/clustering.xml:204(para)
20837
#: serverguide/C/clustering.xml:211(para)
19580
"Now on the the <emphasis>secondary</emphasis> server "
20839
"Now on the <emphasis>secondary</emphasis> server "
19581
20840
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
19584
#: serverguide/C/clustering.xml:209(command)
20843
#: serverguide/C/clustering.xml:216(command)
19585
20844
msgid "sudo drbdadm primary r0"
19588
#: serverguide/C/clustering.xml:212(para)
20847
#: serverguide/C/clustering.xml:219(para)
19589
20848
msgid "Lastly, mount the partition:"
19592
#: serverguide/C/clustering.xml:220(para)
20851
#: serverguide/C/clustering.xml:227(para)
19594
20853
"Using <emphasis>ls</emphasis> you should see "
19595
20854
"<filename>/srv/default</filename> copied from the former "
19596
20855
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
19599
#: serverguide/C/clustering.xml:231(para)
20858
#: serverguide/C/clustering.xml:238(para)
19601
20860
"For more information on <application>DRBD</application> see the <ulink "
19602
20861
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
19605
#: serverguide/C/clustering.xml:236(para)
20864
#: serverguide/C/clustering.xml:243(para)
19607
20866
"The <ulink "
19608
20867
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">d"
19610
20869
"this guide."
19613
#: serverguide/C/clustering.xml:242(para)
20872
#: serverguide/C/clustering.xml:249(para)
19615
20874
"Also, see the <ulink "
19616
20875
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drb"
19617
20876
"dadm man page</ulink>."
20879
#: serverguide/C/chat.xml:13(title)
20880
msgid "Chat Applications"
20883
#: serverguide/C/chat.xml:19(para)
20885
"In this section, we will discuss how to install and configure a IRC server, "
20886
"<application>ircd-irc2</application>. We will also discuss how to install "
20887
"and configure Jabber, an instance messaging server."
20890
#: serverguide/C/chat.xml:28(title)
20894
#: serverguide/C/chat.xml:30(para)
20896
"The Ubuntu repository has many Internet Relay Chat servers. This section "
20897
"explains how to install and configure the original IRC server "
20898
"<application>ircd-irc2</application>."
20901
#: serverguide/C/chat.xml:39(para)
20903
"To install <application>ircd-irc2</application>, run the following command "
20904
"in the command prompt:"
20907
#: serverguide/C/chat.xml:45(command)
20908
msgid "sudo apt-get install ircd-irc2"
20911
#: serverguide/C/chat.xml:48(para)
20913
"The configuration files are stored in <filename>/etc/ircd</filename> "
20914
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
20915
"irc2</filename> directory."
20918
#: serverguide/C/chat.xml:59(para)
20920
"The IRC settings can be done in the configuration file "
20921
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
20922
"this file by editing the following line:"
20925
#: serverguide/C/chat.xml:64(programlisting)
20929
"M:irc.localhost::Debian ircd default configuration::000A\n"
20932
#: serverguide/C/chat.xml:68(para)
20934
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
20935
"you set irc.livecipher.com as IRC host name, please make sure "
20936
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
20937
"name should not be same as the host name."
20940
#: serverguide/C/chat.xml:75(para)
20942
"The IRC admin details can be configured by editting the following line:"
20945
#: serverguide/C/chat.xml:80(programlisting)
20949
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
20950
"Server::IRCnet:\n"
20953
#: serverguide/C/chat.xml:84(para)
20955
"You should add specific lines to configure the list of IRC ports to listen "
20956
"on, to configure Operator credentials, to configure client authentication, "
20957
"etc. For details, please refer to the example configuration file "
20958
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
20961
#: serverguide/C/chat.xml:92(para)
20963
"The IRC banner to be displayed in the IRC client, when the user connects to "
20964
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
20967
#: serverguide/C/chat.xml:97(para)
20969
"After making necessary changes to the configuration file, you can restart "
20970
"the IRC server using following command:"
20973
#: serverguide/C/chat.xml:101(programlisting)
20977
"sudo /etc/init.d/ircd-irc2 restart\n"
20980
#: serverguide/C/chat.xml:109(para)
20982
"You may also be interested to take a look at other IRC servers available in "
20983
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
20984
"<application>ircd-hybrid</application>."
20987
#: serverguide/C/chat.xml:117(para)
20989
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
20990
"FAQ</ulink> for more details about the IRC Server."
20993
#: serverguide/C/chat.xml:127(title)
20994
msgid "Jabber Instant Messaging Server"
20997
#: serverguide/C/chat.xml:129(para)
20999
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
21000
"XMPP, an open standard for instant messaging, and used by many popular "
21001
"applications. This section covers setting up a <emphasis>Jabberd "
21002
"2</emphasis> server on a local LAN. This configuration can also be adapted "
21003
"to providing messaging services to users over the Internet."
21006
#: serverguide/C/chat.xml:138(para)
21007
msgid "To install <application>jabberd2</application>, in a terminal enter:"
21010
#: serverguide/C/chat.xml:143(command)
21011
msgid "sudo apt-get install jabberd2"
21014
#: serverguide/C/chat.xml:150(para)
21016
"A couple of XML configuration files will be used to configure "
21017
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
21018
"authentication. This is a very simple form of authentication. However, "
21019
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
21020
"Postgresql, etc for for user authentication."
21023
#: serverguide/C/chat.xml:157(para)
21024
msgid "First, edit <filename>/etc/jabberd2/sm.xml</filename> changing:"
21027
#: serverguide/C/chat.xml:161(programlisting)
21031
" <id>jabber.example.com</id>\n"
21034
#: serverguide/C/chat.xml:166(para)
21036
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
21037
"id, of your server."
21040
#: serverguide/C/chat.xml:171(para)
21041
msgid "Now in the <storage> section change the <driver> to:"
21044
#: serverguide/C/chat.xml:175(programlisting)
21048
" <driver>db</driver>\n"
21051
#: serverguide/C/chat.xml:179(para)
21053
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
21054
"<emphasis><local></emphasis> section change:"
21057
#: serverguide/C/chat.xml:183(programlisting)
21061
" <id>jabber.example.com</id>\n"
21064
#: serverguide/C/chat.xml:187(para)
21066
"And in the <authreg> section adjust the <module> section to:"
21069
#: serverguide/C/chat.xml:191(programlisting)
21073
" <module>db</module>\n"
21076
#: serverguide/C/chat.xml:195(para)
21078
"Finally, restart <application>jabberd2</application> to enable the new "
21082
#: serverguide/C/chat.xml:200(command)
21083
msgid "sudo /etc/init.d/jabberd2 restart"
21086
#: serverguide/C/chat.xml:203(para)
21088
"You should now be able to connect to the server using a Jabber client like "
21089
"<application>Pidgin</application> for example."
21092
#: serverguide/C/chat.xml:208(para)
21094
"The advantage of using Berkeley DB for user data is that after being "
21095
"configured no additional maintenance is required. If you need more control "
21096
"over user accounts and credentials another authentication method is "
21100
#: serverguide/C/chat.xml:220(para)
21102
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
21103
"Site</ulink> contains more details on configuring "
21104
"<application>Jabberd2</application>."
21107
#: serverguide/C/chat.xml:226(para)
21109
"For more authentication options see the <ulink "
21110
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
19620
21114
#: serverguide/C/backups.xml:13(title)
19621
21115
msgid "Backups"