« back to all changes in this revision
Viewing changes to jaunty/serverguide/po/lt.po
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Arnau Alcázar Lleopart
- Date: 2009-07-15 17:38:44 UTC
- Revision ID: arnau@alcalleop.net-20090715173844-67maxucr1l9enivg
Afegida la traducció de la Jaunty
- files added:
- jaunty
- jaunty/about-ubuntu
- jaunty/about-ubuntu/C
- jaunty/about-ubuntu/ca
- jaunty/about-ubuntu/po
- jaunty/add-applications
- jaunty/add-applications/C
- jaunty/add-applications/ca
- jaunty/add-applications/po
- jaunty/administrative
- jaunty/administrative/C
- jaunty/administrative/ca
- jaunty/administrative/po
- jaunty/advanced-topics
- jaunty/advanced-topics/C
- jaunty/advanced-topics/ca
- jaunty/advanced-topics/po
- jaunty/basic-commands
- jaunty/basic-commands/C
- jaunty/basic-commands/ca
- jaunty/basic-commands/po
- jaunty/build
- jaunty/build/html
- jaunty/build/html/about-ubuntu
- jaunty/build/html/add-applications
- jaunty/build/html/administrative
- jaunty/build/html/advanced-topics
- jaunty/build/html/basic-commands
- jaunty/build/html/config-desktop
- jaunty/build/html/desktop-effects
- jaunty/build/html/files-and-docs
- jaunty/build/html/games
- jaunty/build/html/hardware
- jaunty/build/html/internet
- jaunty/build/html/keeping-safe
- jaunty/build/html/libs
- jaunty/build/html/libs/C
- jaunty/build/html/libs/admon
- jaunty/build/html/libs/authors
- jaunty/build/html/libs/callouts
- jaunty/build/html/libs/img
- jaunty/build/html/libs/navig
- jaunty/build/html/musicvideophotos
- jaunty/build/html/newtoubuntu
- jaunty/build/html/office
- jaunty/build/html/printing
- jaunty/build/html/programming
- jaunty/build/html/serverguide
- jaunty/build/html/windows
- jaunty/config-desktop
- jaunty/config-desktop/C
- jaunty/config-desktop/ca
- jaunty/config-desktop/po
- jaunty/desktop-effects
- jaunty/desktop-effects/C
- jaunty/desktop-effects/ca
- jaunty/desktop-effects/po
- jaunty/files-and-docs
- jaunty/files-and-docs/C
- jaunty/files-and-docs/ca
- jaunty/files-and-docs/po
- jaunty/games
- jaunty/games/C
- jaunty/games/ca
- jaunty/games/po
- jaunty/hardware
- jaunty/hardware/C
- jaunty/hardware/ca
- jaunty/hardware/po
- jaunty/internet
- jaunty/internet/C
- jaunty/internet/ca
- jaunty/internet/po
- jaunty/keeping-safe
- jaunty/keeping-safe/C
- jaunty/keeping-safe/ca
- jaunty/keeping-safe/po
- jaunty/libs
- jaunty/libs/C
- jaunty/libs/admon
- jaunty/libs/authors
- jaunty/libs/callouts
- jaunty/libs/img
- jaunty/libs/navig
- jaunty/musicvideophotos
- jaunty/musicvideophotos/C
- jaunty/musicvideophotos/ca
- jaunty/musicvideophotos/po
- jaunty/newtoubuntu
- jaunty/newtoubuntu/C
- jaunty/newtoubuntu/ca
- jaunty/newtoubuntu/po
- jaunty/office
- jaunty/office/C
- jaunty/office/ca
- jaunty/office/po
- jaunty/printing
- jaunty/printing/C
- jaunty/printing/ca
- jaunty/printing/po
- jaunty/programming
- jaunty/programming/C
- jaunty/programming/ca
- jaunty/programming/po
- jaunty/scripts
- jaunty/serverguide
- jaunty/serverguide/C
- jaunty/serverguide/ca
- jaunty/serverguide/po
- jaunty/switching
- jaunty/windows
- jaunty/windows/C
- jaunty/windows/ca
- jaunty/windows/po
added
removed
jaunty/serverguide/po/lt.po
1
# Lithuanian translation for ubuntu-docs
2
# Copyright (c) (c) 2006 Canonical Ltd, and Rosetta Contributors 2006
3
# This file is distributed under the same license as the ubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2006.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: ubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2009-04-09 23:58+0100\n"
11
"PO-Revision-Date: 2009-04-10 07:31+0000\n"
12
"Last-Translator: Launchpad Translations Administrators "
13
"<rosetta@launchpad.net>\n"
14
"Language-Team: Lithuanian <lt@li.org>\n"
15
"MIME-Version: 1.0\n"
16
"Content-Type: text/plain; charset=UTF-8\n"
17
"Content-Transfer-Encoding: 8bit\n"
18
"X-Launchpad-Export-Date: 2009-07-13 07:26+0000\n"
19
"X-Generator: Launchpad (build Unknown)\n"
20
21
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
22
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
23
msgstr ""
24
25
#: serverguide/C/serverguide-C.omf:8(title) serverguide/C/serverguide-C.omf:11(description) serverguide/C/serverguide.xml:14(title) serverguide/C/bookinfo.xml:13(title)
26
msgid "Ubuntu Server Guide"
27
msgstr ""
28
29
#: serverguide/C/serverguide-C.omf:9(date)
30
msgid "2007-09-30"
31
msgstr ""
32
33
#: serverguide/C/windows-networking.xml:13(title)
34
msgid "Windows Networking"
35
msgstr "Windows'ų tinklas"
36
37
#: serverguide/C/windows-networking.xml:15(para)
38
msgid ""
39
"Computer networks are often comprised of diverse systems, and while "
40
"operating a network made up entirely of Ubuntu desktop and server computers "
41
"would certainly be fun, some network environments must consist of both "
42
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
43
"class=\"registered\">Windows</trademark> systems working together in "
44
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
45
"principles and tools used in configuring your Ubuntu Server for sharing "
46
"network resources with Windows computers."
47
msgstr ""
48
49
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:397(title) serverguide/C/security.xml:412(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/jeos.xml:16(title) serverguide/C/introduction.xml:13(title)
50
msgid "Introduction"
51
msgstr "Įvadas"
52
53
#: serverguide/C/windows-networking.xml:27(para)
54
msgid ""
55
"Successfully networking your Ubuntu system with Windows clients involves "
56
"providing and integrating with services common to Windows environments. Such "
57
"services assist the sharing of data and information about the computers and "
58
"users involved in the network, and may be classified under three major "
59
"categories of functionality:"
60
msgstr ""
61
62
#: serverguide/C/windows-networking.xml:35(para)
63
msgid ""
64
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
65
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
66
"folders, volumes, and the sharing of printers throughout the network."
67
msgstr ""
68
69
#: serverguide/C/windows-networking.xml:41(para)
70
msgid ""
71
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
72
"information about the computers and users of the network with such "
73
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
74
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
75
msgstr ""
76
77
#: serverguide/C/windows-networking.xml:48(para)
78
msgid ""
79
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
80
"the identity of a computer or user of the network and determining the "
81
"information the computer or user is authorized to access using such "
82
"principles and technologies as file permissions, group policies, and the "
83
"Kerberos authentication service."
84
msgstr ""
85
86
#: serverguide/C/windows-networking.xml:56(para)
87
msgid ""
88
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
89
"clients and share network resources among them. One of the principal pieces "
90
"of software your Ubuntu system includes for Windows networking is the Samba "
91
"suite of SMB server applications and tools."
92
msgstr ""
93
94
#: serverguide/C/windows-networking.xml:62(para)
95
msgid ""
96
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
97
"of the common Samba use cases, and how to install and configure the "
98
"necessary packages. Additional detailed documentation and information on "
99
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
100
"website</ulink>."
101
msgstr ""
102
103
#: serverguide/C/windows-networking.xml:70(title)
104
msgid "Samba File Server"
105
msgstr ""
106
107
#: serverguide/C/windows-networking.xml:72(para)
108
msgid ""
109
"One of the most common ways to network Ubuntu and Windows computers is to "
110
"configure Samba as a File Server. This section covers setting up a "
111
"<application>Samba</application> server to share files with Windows clients."
112
msgstr ""
113
114
#: serverguide/C/windows-networking.xml:77(para)
115
msgid ""
116
"The server will be configured to share files with any client on the network "
117
"without prompting for a password. If your environment requires stricter "
118
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
119
msgstr ""
120
121
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:282(title) serverguide/C/windows-networking.xml:1279(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:669(title) serverguide/C/web-servers.xml:804(title) serverguide/C/web-servers.xml:925(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:1341(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:400(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:220(title) serverguide/C/network-config.xml:625(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1230(title) serverguide/C/network-auth.xml:1736(title) serverguide/C/network-auth.xml:2127(title) serverguide/C/mail.xml:33(title) serverguide/C/mail.xml:297(title) serverguide/C/mail.xml:470(title) serverguide/C/mail.xml:614(title) serverguide/C/mail.xml:1103(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:275(title) serverguide/C/lamp-applications.xml:391(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:907(title) serverguide/C/file-server.xml:342(title) serverguide/C/file-server.xml:454(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:159(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:134(title) serverguide/C/backups.xml:593(title)
122
msgid "Installation"
123
msgstr "Įdiegimas"
124
125
#: serverguide/C/windows-networking.xml:85(para)
126
msgid ""
127
"The first step is to install the <application>samba</application> package. "
128
"From a terminal prompt enter:"
129
msgstr ""
130
131
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:294(command)
132
msgid "sudo apt-get install samba"
133
msgstr ""
134
135
#: serverguide/C/windows-networking.xml:93(para)
136
msgid ""
137
"That's all there is to it; you are now ready to configure Samba to share "
138
"files."
139
msgstr ""
140
141
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:299(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:720(title) serverguide/C/web-servers.xml:815(title) serverguide/C/web-servers.xml:952(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/virtualization.xml:1226(title) serverguide/C/virtualization.xml:1415(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:418(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:245(title) serverguide/C/package-management.xml:365(title) serverguide/C/network-config.xml:647(title) serverguide/C/network-auth.xml:88(title) serverguide/C/network-auth.xml:1775(title) serverguide/C/network-auth.xml:2148(title) serverguide/C/mail.xml:306(title) serverguide/C/mail.xml:480(title) serverguide/C/mail.xml:699(title) serverguide/C/mail.xml:1128(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:302(title) serverguide/C/lamp-applications.xml:421(title) serverguide/C/file-server.xml:355(title) serverguide/C/file-server.xml:480(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:178(title) serverguide/C/clustering.xml:39(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:142(title) serverguide/C/backups.xml:616(title)
142
msgid "Configuration"
143
msgstr ""
144
145
#: serverguide/C/windows-networking.xml:101(para)
146
msgid ""
147
"The main Samba configuration file is located in "
148
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
149
"a significant amount of comments in order to document various configuration "
150
"directives."
151
msgstr ""
152
153
#: serverguide/C/windows-networking.xml:106(para)
154
msgid ""
155
"Not all the available options are included in the default configuration "
156
"file. See the <filename>smb.conf</filename><application>man</application> "
157
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
158
"Collection/\">Samba HOWTO Collection</ulink> for more details."
159
msgstr ""
160
161
#: serverguide/C/windows-networking.xml:116(para)
162
msgid ""
163
"First, edit the following key/value pairs in the "
164
"<emphasis>[global]</emphasis> section of "
165
"<filename>/etc/samba/smb.conf</filename>:"
166
msgstr ""
167
168
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:306(programlisting) serverguide/C/windows-networking.xml:975(programlisting)
169
#, no-wrap
170
msgid ""
171
"\n"
172
" workgroup = EXAMPLE\n"
173
" ...\n"
174
" security = user\n"
175
msgstr ""
176
177
#: serverguide/C/windows-networking.xml:127(para)
178
msgid ""
179
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
180
"section, and is commented by default. Also, change "
181
"<emphasis>EXAMPLE</emphasis> to better match your environment."
182
msgstr ""
183
184
#: serverguide/C/windows-networking.xml:135(para)
185
msgid ""
186
"Create a new section at the bottom of the file, or uncomment one of the "
187
"examples, for the directory to be shared:"
188
msgstr ""
189
190
#: serverguide/C/windows-networking.xml:139(programlisting)
191
#, no-wrap
192
msgid ""
193
"\n"
194
"[share]\n"
195
" comment = Ubuntu File Server Share\n"
196
" path = /srv/samba/share\n"
197
" browsable = yes\n"
198
" guest ok = yes\n"
199
" read only = no\n"
200
" create mask = 0755\n"
201
msgstr ""
202
203
#: serverguide/C/windows-networking.xml:151(para)
204
msgid ""
205
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
206
"fit your needs."
207
msgstr ""
208
209
#: serverguide/C/windows-networking.xml:156(para)
210
msgid "<emphasis>path:</emphasis> the path to the directory to share."
211
msgstr ""
212
213
#: serverguide/C/windows-networking.xml:159(para)
214
msgid ""
215
"This example uses <filename>/srv/samba/sharename</filename> because, "
216
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
217
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
218
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
219
"specific data should be served. Technically Samba shares can be placed "
220
"anywhere on the filesystem as long as the permissions are correct, but "
221
"adhering to standards is recommended."
222
msgstr ""
223
224
#: serverguide/C/windows-networking.xml:168(para)
225
msgid ""
226
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
227
"directory using <application>Windows Explorer</application>."
228
msgstr ""
229
230
#: serverguide/C/windows-networking.xml:174(para)
231
msgid ""
232
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
233
"without supplying a password."
234
msgstr ""
235
236
#: serverguide/C/windows-networking.xml:179(para)
237
msgid ""
238
"<emphasis>read only:</emphasis> gives write access to the shared directory."
239
msgstr ""
240
241
#: serverguide/C/windows-networking.xml:184(para)
242
msgid ""
243
"<emphasis>create mask:</emphasis> determines the permissions new files will "
244
"have when created."
245
msgstr ""
246
247
#: serverguide/C/windows-networking.xml:193(para)
248
msgid ""
249
"Now that <application>Samba</application> is configured, the directory needs "
250
"to be created and the permissions changed. From a terminal enter:"
251
msgstr ""
252
253
#: serverguide/C/windows-networking.xml:199(command)
254
msgid "sudo mkdir -p /srv/samba/share"
255
msgstr ""
256
257
#: serverguide/C/windows-networking.xml:200(command)
258
msgid "sudo chown nobody.nogroup /srv/samba/share/"
259
msgstr ""
260
261
#: serverguide/C/windows-networking.xml:204(para)
262
msgid ""
263
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
264
"directory tree if it doesn't exist. Change the share name to fit your "
265
"environment."
266
msgstr ""
267
268
#: serverguide/C/windows-networking.xml:213(para)
269
msgid ""
270
"Finally, restart the <application>samba</application> services to enable the "
271
"new configuration:"
272
msgstr ""
273
274
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:326(command) serverguide/C/windows-networking.xml:458(command) serverguide/C/windows-networking.xml:557(command) serverguide/C/windows-networking.xml:922(command) serverguide/C/windows-networking.xml:1032(command) serverguide/C/windows-networking.xml:1142(command) serverguide/C/network-auth.xml:1510(command)
275
msgid "sudo /etc/init.d/samba restart"
276
msgstr ""
277
278
#: serverguide/C/windows-networking.xml:225(para)
279
msgid ""
280
"Once again, the above configuration gives all access to any client on the "
281
"local network. For a more secure configuration see <xref linkend=\"samba-"
282
"fileprint-security\"/>."
283
msgstr ""
284
285
#: serverguide/C/windows-networking.xml:231(para)
286
msgid ""
287
"From a Windows client you should now be able to browse to the Ubuntu file "
288
"server and see the shared directory. To check that everything is working try "
289
"creating a directory from Windows."
290
msgstr ""
291
292
#: serverguide/C/windows-networking.xml:236(para)
293
msgid ""
294
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
295
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
296
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
297
"share actually exists and the permissions are correct."
298
msgstr ""
299
300
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:336(title) serverguide/C/windows-networking.xml:686(title) serverguide/C/windows-networking.xml:1051(title) serverguide/C/windows-networking.xml:1253(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1163(title) serverguide/C/remote-administration.xml:478(title) serverguide/C/network-config.xml:269(title) serverguide/C/network-config.xml:512(title) serverguide/C/network-auth.xml:1186(title) serverguide/C/network-auth.xml:1625(title) serverguide/C/network-auth.xml:2223(title) serverguide/C/network-auth.xml:2727(title) serverguide/C/jeos.xml:782(title) serverguide/C/installation.xml:847(title) serverguide/C/installation.xml:1123(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:268(title) serverguide/C/backups.xml:855(title)
301
msgid "Resources"
302
msgstr ""
303
304
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:340(para) serverguide/C/windows-networking.xml:690(para) serverguide/C/windows-networking.xml:1055(para)
305
msgid ""
306
"For in depth Samba configurations see the <ulink "
307
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
308
"Collection</ulink>"
309
msgstr ""
310
311
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:346(para) serverguide/C/windows-networking.xml:696(para) serverguide/C/windows-networking.xml:1061(para)
312
msgid ""
313
"The guide is also available in <ulink "
314
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
315
"format</ulink>."
316
msgstr ""
317
318
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:352(para)
319
msgid ""
320
"O'Reilly's <ulink "
321
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
322
"another good reference."
323
msgstr ""
324
325
#: serverguide/C/windows-networking.xml:269(title)
326
msgid "Samba Print Server"
327
msgstr ""
328
329
#: serverguide/C/windows-networking.xml:271(para)
330
msgid ""
331
"Another common use of Samba is to configure it to share printers installed, "
332
"either locally or over the network, on an Ubuntu server. Similar to <xref "
333
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
334
"any client on the local network to use the installed printers without "
335
"prompting for a username and password."
336
msgstr ""
337
338
#: serverguide/C/windows-networking.xml:277(para)
339
msgid ""
340
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
341
"security\"/>."
342
msgstr ""
343
344
#: serverguide/C/windows-networking.xml:284(para)
345
msgid ""
346
"Before installing and configuring Samba it is best to already have a working "
347
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
348
"for details."
349
msgstr ""
350
351
#: serverguide/C/windows-networking.xml:289(para)
352
msgid ""
353
"To install the <application>samba</application> package, from a terminal "
354
"enter:"
355
msgstr ""
356
357
#: serverguide/C/windows-networking.xml:300(para)
358
msgid ""
359
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
360
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
361
"network, and change <emphasis>security</emphasis> to <emphasis "
362
"role=\"italic\">share</emphasis>:"
363
msgstr ""
364
365
#: serverguide/C/windows-networking.xml:312(para)
366
msgid ""
367
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
368
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
369
msgstr ""
370
371
#: serverguide/C/windows-networking.xml:316(programlisting)
372
#, no-wrap
373
msgid ""
374
"\n"
375
" browsable = yes\n"
376
" guest ok = yes\n"
377
msgstr ""
378
379
#: serverguide/C/windows-networking.xml:321(para)
380
msgid "After editing <filename>smb.conf</filename> restart Samba:"
381
msgstr ""
382
383
#: serverguide/C/windows-networking.xml:329(para)
384
msgid ""
385
"The default Samba configuration will automatically share any printers "
386
"installed. Simply install the printer locally on your Windows clients."
387
msgstr ""
388
389
#: serverguide/C/windows-networking.xml:358(para)
390
msgid ""
391
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
392
"more information on configuring CUPS."
393
msgstr ""
394
395
#: serverguide/C/windows-networking.xml:367(title)
396
msgid "Securing a Samba File and Print Server"
397
msgstr ""
398
399
#: serverguide/C/windows-networking.xml:370(title)
400
msgid "Samba Security Modes"
401
msgstr ""
402
403
#: serverguide/C/windows-networking.xml:372(para)
404
msgid ""
405
"There are two security levels available to the Common Internet Filesystem "
406
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
407
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
408
"allows more flexibility, providing four ways of implementing user-level "
409
"security and one way to implement share-level:"
410
msgstr ""
411
412
#: serverguide/C/windows-networking.xml:381(para)
413
msgid ""
414
"<emphasis>security = user:</emphasis> requires clients to supply a username "
415
"and password to connect to shares. Samba user accounts are separate from "
416
"system accounts, but the <application>libpam-smbpass</application> package "
417
"will sync system users and passwords with the Samba user database."
418
msgstr ""
419
420
#: serverguide/C/windows-networking.xml:388(para)
421
msgid ""
422
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
423
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
424
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
425
"linkend=\"samba-dc\"/> for further information."
426
msgstr ""
427
428
#: serverguide/C/windows-networking.xml:395(para)
429
msgid ""
430
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
431
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
432
"integration\"/> for details."
433
msgstr ""
434
435
#: serverguide/C/windows-networking.xml:401(para)
436
msgid ""
437
"<emphasis>security = server:</emphasis> this mode is left over from before "
438
"Samba could become a member server, and due to some security issues should "
439
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
440
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
441
"of the Samba guide for more details."
442
msgstr ""
443
444
#: serverguide/C/windows-networking.xml:409(para)
445
msgid ""
446
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
447
"without supplying a username and password."
448
msgstr ""
449
450
#: serverguide/C/windows-networking.xml:416(para)
451
msgid ""
452
"The security mode you choose will depend on your environment and what you "
453
"need the Samba server to accomplish."
454
msgstr ""
455
456
#: serverguide/C/windows-networking.xml:422(title)
457
msgid "Security = User"
458
msgstr ""
459
460
#: serverguide/C/windows-networking.xml:424(para)
461
msgid ""
462
"This section will reconfigure the Samba file and print server, from <xref "
463
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
464
"require authentication."
465
msgstr ""
466
467
#: serverguide/C/windows-networking.xml:429(para)
468
msgid ""
469
"First, install the <application>libpam-smbpass</application> package which "
470
"will sync the system users to the Samba user database:"
471
msgstr ""
472
473
#: serverguide/C/windows-networking.xml:435(command)
474
msgid "sudo apt-get install libpam-smbpass"
475
msgstr ""
476
477
#: serverguide/C/windows-networking.xml:439(para)
478
msgid ""
479
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
480
"<application>libpam-smbpass</application> is already installed."
481
msgstr ""
482
483
#: serverguide/C/windows-networking.xml:445(para)
484
msgid ""
485
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
486
"<emphasis>[share]</emphasis> section change:"
487
msgstr ""
488
489
#: serverguide/C/windows-networking.xml:449(programlisting)
490
#, no-wrap
491
msgid ""
492
"\n"
493
" guest ok = no\n"
494
msgstr ""
495
496
#: serverguide/C/windows-networking.xml:453(para)
497
msgid "Finally, restart Samba for the new settings to take effect:"
498
msgstr ""
499
500
#: serverguide/C/windows-networking.xml:461(para)
501
msgid ""
502
"Now when connecting to the shared directories or printers you should be "
503
"prompted for a username and password."
504
msgstr ""
505
506
#: serverguide/C/windows-networking.xml:466(para)
507
msgid ""
508
"If you choose to map a network drive to the share you can check the "
509
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
510
"enter the username and password once, at least until the password changes."
511
msgstr ""
512
513
#: serverguide/C/windows-networking.xml:474(title)
514
msgid "Share Security"
515
msgstr ""
516
517
#: serverguide/C/windows-networking.xml:476(para)
518
msgid ""
519
"There are several options available to increase the security for each "
520
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
521
"this section will cover some common options."
522
msgstr ""
523
524
#: serverguide/C/windows-networking.xml:482(title)
525
msgid "Groups"
526
msgstr ""
527
528
#: serverguide/C/windows-networking.xml:484(para)
529
msgid ""
530
"Groups define a collection of computers or users which have a common level "
531
"of access to particular network resources and offer a level of granularity "
532
"in controlling access to such resources. For example, if a group <emphasis "
533
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
534
"role=\"italic\">freda</emphasis>, <emphasis "
535
"role=\"italic\">danika</emphasis>, and <emphasis "
536
"role=\"italic\">rob</emphasis> and a second group <emphasis "
537
"role=\"italic\">support</emphasis> is defined and consists of users "
538
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
539
"role=\"italic\">jeremy</emphasis>, and <emphasis "
540
"role=\"italic\">vincent</emphasis> then certain network resources configured "
541
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
542
"subsequently enable access by freda, danika, and rob, but not jeremy or "
543
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
544
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
545
"role=\"italic\">support</emphasis> groups, she will be able to access "
546
"resources configured for access by both groups, whereas all other users will "
547
"have only access to resources explicitly allowing the group they are part of."
548
msgstr ""
549
550
#: serverguide/C/windows-networking.xml:498(para)
551
msgid ""
552
"By default Samba looks for the local system groups defined in "
553
"<filename>/etc/group</filename> to determine which users belong to which "
554
"groups. For more information on adding and removing users from groups see "
555
"<xref linkend=\"adding-deleting-users\"/>."
556
msgstr ""
557
558
#: serverguide/C/windows-networking.xml:504(para)
559
msgid ""
560
"When defining groups in the Samba configuration file, "
561
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
562
"preface the group name with an \"@\" symbol. For example, if you wished to "
563
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
564
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
565
"do so by entering the group name as <emphasis "
566
"role=\"bold\">@sysadmin</emphasis>."
567
msgstr ""
568
569
#: serverguide/C/windows-networking.xml:513(title)
570
msgid "File Permissions"
571
msgstr "Failų Teisės"
572
573
#: serverguide/C/windows-networking.xml:515(para)
574
msgid ""
575
"File Permissions define the explicit rights a computer or user has to a "
576
"particular directory, file, or set of files. Such permissions may be defined "
577
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
578
"the explicit permissions of a defined file share."
579
msgstr ""
580
581
#: serverguide/C/windows-networking.xml:521(para)
582
msgid ""
583
"For example, if you have defined a Samba share called "
584
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
585
"only</emphasis> permissions to the group of users known as <emphasis "
586
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
587
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
588
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
589
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
590
"under the <emphasis>[share]</emphasis> entry:"
591
msgstr ""
592
593
#: serverguide/C/windows-networking.xml:530(programlisting)
594
#, no-wrap
595
msgid ""
596
"\n"
597
" read list = @qa\n"
598
" write list = @sysadmin, vincent\n"
599
msgstr ""
600
601
#: serverguide/C/windows-networking.xml:535(para)
602
msgid ""
603
"Another possible Samba permission is to declare "
604
"<emphasis>administrative</emphasis> permissions to a particular shared "
605
"resource. Users having administrative permissions may read, write, or modify "
606
"any information contained in the resource the user has been given explicit "
607
"administrative permissions to."
608
msgstr ""
609
610
#: serverguide/C/windows-networking.xml:541(para)
611
msgid ""
612
"For example, if you wanted to give the user <emphasis "
613
"role=\"italic\">melissa</emphasis> administrative permissions to the "
614
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
615
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
616
"under the <emphasis>[share]</emphasis> entry:"
617
msgstr ""
618
619
#: serverguide/C/windows-networking.xml:548(programlisting)
620
#, no-wrap
621
msgid ""
622
"\n"
623
" admin users = melissa\n"
624
msgstr ""
625
626
#: serverguide/C/windows-networking.xml:552(para)
627
msgid ""
628
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
629
"the changes to take effect:"
630
msgstr ""
631
632
#: serverguide/C/windows-networking.xml:561(para)
633
msgid ""
634
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
635
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
636
"<emphasis role=\"italic\">security = share</emphasis>"
637
msgstr ""
638
639
#: serverguide/C/windows-networking.xml:567(para)
640
msgid ""
641
"Now that Samba has been configured to limit which groups have access to the "
642
"shared directory, the filesystem permissions need to be updated."
643
msgstr ""
644
645
#: serverguide/C/windows-networking.xml:572(para)
646
msgid ""
647
"Traditional Linux file permissions do not map well to Windows NT Access "
648
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
649
"providing more fine grained control. For example, to enable ACLs on "
650
"<filename>/srv</filename> an EXT3 filesystem, edit "
651
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
652
msgstr ""
653
654
#: serverguide/C/windows-networking.xml:579(programlisting)
655
#, no-wrap
656
msgid ""
657
"\n"
658
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
659
"0 1\n"
660
msgstr ""
661
662
#: serverguide/C/windows-networking.xml:583(para)
663
msgid "Then remount the partition:"
664
msgstr ""
665
666
#: serverguide/C/windows-networking.xml:588(command)
667
msgid "sudo mount -v -o remount /srv"
668
msgstr ""
669
670
#: serverguide/C/windows-networking.xml:592(para)
671
msgid ""
672
"The above example assumes <filename>/srv</filename> on a separate partition. "
673
"If <filename>/srv</filename>, or wherever you have configured your share "
674
"path, is part of the <filename>/</filename> partition a reboot may be "
675
"required."
676
msgstr ""
677
678
#: serverguide/C/windows-networking.xml:599(para)
679
msgid ""
680
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
681
"group will be given read, write, and execute permissions to "
682
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
683
"will be given read and execute permissions, and the files will be owned by "
684
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
685
msgstr ""
686
687
#: serverguide/C/windows-networking.xml:607(command)
688
msgid "sudo chown -R melissa /srv/samba/share/"
689
msgstr ""
690
691
#: serverguide/C/windows-networking.xml:608(command)
692
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
693
msgstr ""
694
695
#: serverguide/C/windows-networking.xml:609(command)
696
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
697
msgstr ""
698
699
#: serverguide/C/windows-networking.xml:613(para)
700
msgid ""
701
"The <application>setfacl</application> command above gives "
702
"<emphasis>execute</emphasis> permissions to all files in the "
703
"<filename>/srv/samba/share</filename> directory, which you may or may not "
704
"want."
705
msgstr ""
706
707
#: serverguide/C/windows-networking.xml:619(para)
708
msgid ""
709
"Now from a Windows client you should notice the new file permissions are "
710
"implemented. See the <application>acl</application> and "
711
"<application>setfacl</application> man pages for more information on POSIX "
712
"ACLs."
713
msgstr ""
714
715
#: serverguide/C/windows-networking.xml:627(title)
716
msgid "Samba AppArmor Profile"
717
msgstr ""
718
719
#: serverguide/C/windows-networking.xml:629(para)
720
msgid ""
721
"Ubuntu comes with the <application>AppArmor</application> security module, "
722
"which provides mandatory access controls. The default AppArmor profile for "
723
"Samba will need to be adapted to your configuration. For more details on "
724
"using AppArmor see <xref linkend=\"apparmor\"/>."
725
msgstr ""
726
727
#: serverguide/C/windows-networking.xml:635(para)
728
msgid ""
729
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
730
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
731
"of the <application>apparmor-profiles</application> packages. To install the "
732
"package, from a terminal prompt enter:"
733
msgstr ""
734
735
#: serverguide/C/windows-networking.xml:642(command) serverguide/C/security.xml:978(command)
736
msgid "sudo apt-get install apparmor-profiles"
737
msgstr ""
738
739
#: serverguide/C/windows-networking.xml:646(para)
740
msgid "This package contains profiles for several other binaries."
741
msgstr ""
742
743
#: serverguide/C/windows-networking.xml:651(para)
744
msgid ""
745
"By default the profiles for <application>smbd</application> and "
746
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
747
"allowing Samba to work without modifying the profile, and only logging "
748
"errors. To place the <application>smbd</application> profile into "
749
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
750
"profile will need to be modified to reflect any directories that are shared."
751
msgstr ""
752
753
#: serverguide/C/windows-networking.xml:658(para)
754
msgid ""
755
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
756
"for <emphasis>[share]</emphasis> from the file server example:"
757
msgstr ""
758
759
#: serverguide/C/windows-networking.xml:663(programlisting)
760
#, no-wrap
761
msgid ""
762
"\n"
763
" /srv/samba/share/ r,\n"
764
" /srv/samba/share/** rwkix,\n"
765
msgstr ""
766
767
#: serverguide/C/windows-networking.xml:668(para)
768
msgid ""
769
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
770
msgstr ""
771
772
#: serverguide/C/windows-networking.xml:673(command)
773
msgid "sudo aa-enforce /usr/sbin/smbd"
774
msgstr ""
775
776
#: serverguide/C/windows-networking.xml:674(command)
777
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
778
msgstr ""
779
780
#: serverguide/C/windows-networking.xml:677(para)
781
msgid ""
782
"You should now be able to read, write, and execute files in the shared "
783
"directory as normal, and the <application>smbd</application> binary will "
784
"have access to only the configured files and direcotories. Be sure to add "
785
"entries for each directory you configure Samba to share. Also, any errors "
786
"will be logged to <filename>/var/log/syslog</filename>."
787
msgstr ""
788
789
#: serverguide/C/windows-networking.xml:702(para) serverguide/C/windows-networking.xml:1067(para)
790
msgid ""
791
"O'Reilly's <ulink "
792
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
793
"also a good reference."
794
msgstr ""
795
796
#: serverguide/C/windows-networking.xml:708(para)
797
msgid ""
798
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
799
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
800
"security."
801
msgstr ""
802
803
#: serverguide/C/windows-networking.xml:714(para)
804
msgid ""
805
"For more information on Samba and ACLs see the <ulink "
806
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
807
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
808
msgstr ""
809
810
#: serverguide/C/windows-networking.xml:725(title)
811
msgid "Samba as a Domain Controller"
812
msgstr ""
813
814
#: serverguide/C/windows-networking.xml:727(para)
815
msgid ""
816
"Although it cannot act as an Active Directory Primary Domain Controller "
817
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
818
"domain controller. A major advantage of this configuration is the ability to "
819
"centralize user and machine credentials. Samba can also use multiple "
820
"backends to store the user information."
821
msgstr ""
822
823
#: serverguide/C/windows-networking.xml:734(title)
824
msgid "Primary Domain Controller"
825
msgstr ""
826
827
#: serverguide/C/windows-networking.xml:736(para)
828
msgid ""
829
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
830
"using the default smbpasswd backend."
831
msgstr ""
832
833
#: serverguide/C/windows-networking.xml:743(para)
834
msgid ""
835
"First, install Samba, and <application>libpam-smbpass</application> to sync "
836
"the user accounts, by entering the following in a terminal prompt:"
837
msgstr ""
838
839
#: serverguide/C/windows-networking.xml:749(command) serverguide/C/windows-networking.xml:965(command)
840
msgid "sudo apt-get install samba libpam-smbpass"
841
msgstr ""
842
843
#: serverguide/C/windows-networking.xml:755(para)
844
msgid ""
845
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
846
"The <emphasis>security</emphasis> mode should be set to <emphasis "
847
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
848
"should relate to your organization:"
849
msgstr ""
850
851
#: serverguide/C/windows-networking.xml:761(programlisting)
852
#, no-wrap
853
msgid ""
854
"\n"
855
" workgroup = EXAMPLE\n"
856
" ...\n"
857
" security = domain\n"
858
msgstr ""
859
860
#: serverguide/C/windows-networking.xml:770(para)
861
msgid ""
862
"In the commented <quote>Domains</quote> section add or uncomment the "
863
"following:"
864
msgstr ""
865
866
#: serverguide/C/windows-networking.xml:774(programlisting)
867
#, no-wrap
868
msgid ""
869
"\n"
870
" domain logons = yes\n"
871
" logon path = \\\\%N\\%U\\profile\n"
872
" logon drive = H:\n"
873
" logon home = \\\\%N\\%U\n"
874
" logon script = logon.cmd\n"
875
" add machine script = sudo /usr/sbin/useradd -n -g machines -c Machine -d "
876
"/var/lib/samba -s /bin/false %u\n"
877
msgstr ""
878
879
#: serverguide/C/windows-networking.xml:785(para)
880
msgid ""
881
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
882
"Samba to act as a domain controller."
883
msgstr ""
884
885
#: serverguide/C/windows-networking.xml:790(para)
886
msgid ""
887
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
888
"their home directory. It is also possible to configure a "
889
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
890
"directory."
891
msgstr ""
892
893
#: serverguide/C/windows-networking.xml:796(para)
894
msgid ""
895
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
896
msgstr ""
897
898
#: serverguide/C/windows-networking.xml:801(para)
899
msgid ""
900
"<emphasis>logon home:</emphasis> specifies the home directory location."
901
msgstr ""
902
903
#: serverguide/C/windows-networking.xml:806(para)
904
msgid ""
905
"<emphasis>logon script:</emphasis> determines the script to be run locally "
906
"once a user has logged in. The script needs to be placed in the "
907
"<emphasis>[netlogon]</emphasis> share."
908
msgstr ""
909
910
#: serverguide/C/windows-networking.xml:812(para)
911
msgid ""
912
"<emphasis>add machine script:</emphasis> a script that will automatically "
913
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
914
"workstation to join the domain."
915
msgstr ""
916
917
#: serverguide/C/windows-networking.xml:816(para)
918
msgid ""
919
"In this example the <emphasis>machines</emphasis> group will need to be "
920
"created using the <application>addgroup</application> utility see <xref "
921
"linkend=\"adding-deleting-users\"/> for details."
922
msgstr ""
923
924
#: serverguide/C/windows-networking.xml:824(para)
925
msgid ""
926
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
927
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
928
"commented."
929
msgstr ""
930
931
#: serverguide/C/windows-networking.xml:833(para)
932
msgid ""
933
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
934
"role=\"italic\">logon home</emphasis> to be mapped:"
935
msgstr ""
936
937
#: serverguide/C/windows-networking.xml:838(programlisting)
938
#, no-wrap
939
msgid ""
940
"\n"
941
"[homes]\n"
942
" comment = Home Directories\n"
943
" browseable = no\n"
944
" read only = no\n"
945
" create mask = 0700\n"
946
" directory mask = 0700\n"
947
" valid users = %S\n"
948
msgstr ""
949
950
#: serverguide/C/windows-networking.xml:851(para)
951
msgid ""
952
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
953
"share needs to be configured. To enable the share, uncomment:"
954
msgstr ""
955
956
#: serverguide/C/windows-networking.xml:856(programlisting)
957
#, no-wrap
958
msgid ""
959
"\n"
960
"[netlogon]\n"
961
" comment = Network Logon Service\n"
962
" path = /srv/samba/netlogon\n"
963
" guest ok = yes\n"
964
" read only = yes\n"
965
" share modes = no\n"
966
msgstr ""
967
968
#: serverguide/C/windows-networking.xml:866(para)
969
msgid ""
970
"The original <emphasis>netlogon</emphasis> share path is "
971
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
972
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
973
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
974
"location for site-specific data provided by the system."
975
msgstr ""
976
977
#: serverguide/C/windows-networking.xml:877(para)
978
msgid ""
979
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
980
"and an empty (for now) <filename>logon.cmd</filename> script file:"
981
msgstr ""
982
983
#: serverguide/C/windows-networking.xml:883(command)
984
msgid "sudo mkdir -p /srv/samba/netlogon"
985
msgstr ""
986
987
#: serverguide/C/windows-networking.xml:884(command)
988
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
989
msgstr ""
990
991
#: serverguide/C/windows-networking.xml:887(para)
992
msgid ""
993
"You can enter any normal Windows logon script commands in "
994
"<filename>logon.cmd</filename> to customize the client's environment."
995
msgstr ""
996
997
#: serverguide/C/windows-networking.xml:895(para)
998
msgid ""
999
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1000
"workstation to the domain, a system group needs to be mapped to the Windows "
1001
"<emphasis>Domain Admins</emphasis> group. Using the "
1002
"<application>net</application> utility, from a terminal enter:"
1003
msgstr ""
1004
1005
#: serverguide/C/windows-networking.xml:902(command)
1006
msgid ""
1007
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1008
"type=d"
1009
msgstr ""
1010
1011
#: serverguide/C/windows-networking.xml:906(para)
1012
msgid ""
1013
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1014
"prefer. Also, the user used to join the domain needs to be a member of the "
1015
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1016
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1017
"allows <application>sudo</application> use."
1018
msgstr ""
1019
1020
#: serverguide/C/windows-networking.xml:917(para)
1021
msgid "Finally, restart Samba to enable the new domain controller:"
1022
msgstr ""
1023
1024
#: serverguide/C/windows-networking.xml:928(para)
1025
msgid ""
1026
"You should now be able to join Windows clients to the Domain in the same "
1027
"manner as joining them to an NT4 domain running on a Windows server."
1028
msgstr ""
1029
1030
#: serverguide/C/windows-networking.xml:938(title)
1031
msgid "Backup Domain Controller"
1032
msgstr ""
1033
1034
#: serverguide/C/windows-networking.xml:940(para)
1035
msgid ""
1036
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1037
"Backup Domain Controller (BDC) as well. This will allow clients to "
1038
"authenticate in case the PDC becomes unavailable."
1039
msgstr ""
1040
1041
#: serverguide/C/windows-networking.xml:945(para)
1042
msgid ""
1043
"When configuring Samba as a BDC you need a way to sync account information "
1044
"with the PDC. There are multiple ways of accomplishing this "
1045
"<application>scp</application>, <application>rsync</application>, or by "
1046
"using <application>LDAP</application> as the <emphasis>passdb "
1047
"backend</emphasis>."
1048
msgstr ""
1049
1050
#: serverguide/C/windows-networking.xml:951(para)
1051
msgid ""
1052
"Using LDAP is the most robust way to sync account information, because both "
1053
"domain controllers can use the same information in real time. However, "
1054
"setting up a LDAP server may be overly complicated for a small number of "
1055
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1056
msgstr ""
1057
1058
#: serverguide/C/windows-networking.xml:960(para)
1059
msgid ""
1060
"First, install <application>samba</application> and <application>libpam-"
1061
"smbpass</application>. From a terminal enter:"
1062
msgstr ""
1063
1064
#: serverguide/C/windows-networking.xml:971(para)
1065
msgid ""
1066
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1067
"following in the <emphasis>[global]</emphasis>:"
1068
msgstr ""
1069
1070
#: serverguide/C/windows-networking.xml:984(para)
1071
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1072
msgstr ""
1073
1074
#: serverguide/C/windows-networking.xml:988(programlisting)
1075
#, no-wrap
1076
msgid ""
1077
"\n"
1078
" domain logons = yes\n"
1079
" domain master = no\n"
1080
msgstr ""
1081
1082
#: serverguide/C/windows-networking.xml:996(para)
1083
msgid ""
1084
"Make sure a user has rights to read the files in "
1085
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1086
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1087
"files, enter:"
1088
msgstr ""
1089
1090
#: serverguide/C/windows-networking.xml:1002(command)
1091
msgid "sudo chgrp -R admin /var/lib/samba"
1092
msgstr ""
1093
1094
#: serverguide/C/windows-networking.xml:1008(para)
1095
msgid ""
1096
"Next, sync the user accounts, using <application>scp</application> to copy "
1097
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1098
msgstr ""
1099
1100
#: serverguide/C/windows-networking.xml:1014(command)
1101
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1102
msgstr ""
1103
1104
#: serverguide/C/windows-networking.xml:1018(para)
1105
msgid ""
1106
"Replace <emphasis>username</emphasis> with a valid username and "
1107
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1108
msgstr ""
1109
1110
#: serverguide/C/windows-networking.xml:1027(para)
1111
msgid "Finally, restart <application>samba</application>:"
1112
msgstr ""
1113
1114
#: serverguide/C/windows-networking.xml:1038(para)
1115
msgid ""
1116
"You can test that your Backup Domain controller is working by stopping the "
1117
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1118
"the domain."
1119
msgstr ""
1120
1121
#: serverguide/C/windows-networking.xml:1043(para)
1122
msgid ""
1123
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1124
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1125
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1126
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1127
"home</emphasis> to reside on a separate file server from the PDC and BDC."
1128
msgstr ""
1129
1130
#: serverguide/C/windows-networking.xml:1073(para)
1131
msgid ""
1132
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1133
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1134
"up a Primary Domain Controller."
1135
msgstr ""
1136
1137
#: serverguide/C/windows-networking.xml:1079(para)
1138
msgid ""
1139
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1140
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1141
"explains setting up a Backup Domain Controller."
1142
msgstr ""
1143
1144
#: serverguide/C/windows-networking.xml:1089(title)
1145
msgid "Samba Active Directory Integration"
1146
msgstr ""
1147
1148
#: serverguide/C/windows-networking.xml:1092(title)
1149
msgid "Accessing a Samba Share"
1150
msgstr ""
1151
1152
#: serverguide/C/windows-networking.xml:1094(para)
1153
msgid ""
1154
"Another, use for Samba is to integrate into an existing Windows network. "
1155
"Once part of an Active Directory domain, Samba can provide file and print "
1156
"services to AD users."
1157
msgstr ""
1158
1159
#: serverguide/C/windows-networking.xml:1099(para)
1160
msgid ""
1161
"The simplest way to join an AD domain is to use <application>Likewise-"
1162
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1163
"open\"/>."
1164
msgstr ""
1165
1166
#: serverguide/C/windows-networking.xml:1104(para)
1167
msgid "Once part of the domain, install the following packages:"
1168
msgstr ""
1169
1170
#: serverguide/C/windows-networking.xml:1109(command)
1171
msgid "sudo apt-get install samba smbfs smbclient"
1172
msgstr ""
1173
1174
#: serverguide/C/windows-networking.xml:1112(para)
1175
msgid ""
1176
"Since the <application>likewise-open</application> and "
1177
"<application>samba</application> packages use separate "
1178
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1179
"<filename role=\"directory\">/var/lib/samba</filename>:"
1180
msgstr ""
1181
1182
#: serverguide/C/windows-networking.xml:1118(command)
1183
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1184
msgstr ""
1185
1186
#: serverguide/C/windows-networking.xml:1119(command)
1187
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1188
msgstr ""
1189
1190
#: serverguide/C/windows-networking.xml:1122(para)
1191
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1192
msgstr ""
1193
1194
#: serverguide/C/windows-networking.xml:1126(programlisting)
1195
#, no-wrap
1196
msgid ""
1197
"\n"
1198
" workgroup = EXAMPLE\n"
1199
" ...\n"
1200
" security = ads\n"
1201
" realm = EXAMPLE.COM\n"
1202
" ...\n"
1203
" idmap backend = lwopen\n"
1204
" idmap uid = 50-9999999999\n"
1205
" idmap gid = 50-9999999999\n"
1206
msgstr ""
1207
1208
#: serverguide/C/windows-networking.xml:1137(para)
1209
msgid ""
1210
"Restart <application>samba</application> for the new settings to take effect:"
1211
msgstr ""
1212
1213
#: serverguide/C/windows-networking.xml:1145(para)
1214
msgid ""
1215
"You should now be able to access any <application>Samba</application> shares "
1216
"from a Windows client. However, be sure to give the appropriate AD users or "
1217
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1218
"security\"/> for more details."
1219
msgstr ""
1220
1221
#: serverguide/C/windows-networking.xml:1153(title)
1222
msgid "Accessing a Windows Share"
1223
msgstr ""
1224
1225
#: serverguide/C/windows-networking.xml:1155(para)
1226
msgid ""
1227
"Now that the Samba server is part of the Active Directory domain you can "
1228
"access any Windows server shares:"
1229
msgstr ""
1230
1231
#: serverguide/C/windows-networking.xml:1162(para)
1232
msgid ""
1233
"To mount a Windows file share enter the following in a terminal prompt:"
1234
msgstr ""
1235
1236
#: serverguide/C/windows-networking.xml:1166(command)
1237
msgid "mount.cifs //fs01.example.com/share mount_point"
1238
msgstr ""
1239
1240
#: serverguide/C/windows-networking.xml:1169(para)
1241
msgid ""
1242
"It is also possible to access shares on computers not part of an AD domain, "
1243
"but a username and password will need to be provided."
1244
msgstr ""
1245
1246
#: serverguide/C/windows-networking.xml:1177(para)
1247
msgid ""
1248
"To mount the share during boot place an entry in "
1249
"<filename>/etc/fstab</filename>, for example:"
1250
msgstr ""
1251
1252
#: serverguide/C/windows-networking.xml:1181(programlisting)
1253
#, no-wrap
1254
msgid ""
1255
"\n"
1256
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1257
"0 0\n"
1258
msgstr ""
1259
1260
#: serverguide/C/windows-networking.xml:1188(para)
1261
msgid ""
1262
"Another way to copy files from a Windows server is to use the "
1263
"<application>smbclient</application> utility. To list the files in a Windows "
1264
"share:"
1265
msgstr ""
1266
1267
#: serverguide/C/windows-networking.xml:1194(command)
1268
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1269
msgstr ""
1270
1271
#: serverguide/C/windows-networking.xml:1200(para)
1272
msgid "To copy a file from the share, enter:"
1273
msgstr ""
1274
1275
#: serverguide/C/windows-networking.xml:1205(command)
1276
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1277
msgstr ""
1278
1279
#: serverguide/C/windows-networking.xml:1208(para)
1280
msgid ""
1281
"This will copy the <filename>file.txt</filename> into the current directory."
1282
msgstr ""
1283
1284
#: serverguide/C/windows-networking.xml:1215(para)
1285
msgid "And to copy a file to the share:"
1286
msgstr ""
1287
1288
#: serverguide/C/windows-networking.xml:1220(command)
1289
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1290
msgstr ""
1291
1292
#: serverguide/C/windows-networking.xml:1223(para)
1293
msgid ""
1294
"This will copy the the <filename>/etc/hosts</filename> to "
1295
"<filename>//fs01.example.com/share/hosts</filename>."
1296
msgstr ""
1297
1298
#: serverguide/C/windows-networking.xml:1230(para)
1299
msgid ""
1300
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1301
"<application>smbclient</application> command all at once. This is useful for "
1302
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1303
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1304
"and directory commands, simply execute:"
1305
msgstr ""
1306
1307
#: serverguide/C/windows-networking.xml:1237(command)
1308
msgid "smbclient //fs01.example.com/share -k"
1309
msgstr ""
1310
1311
#: serverguide/C/windows-networking.xml:1244(para)
1312
msgid ""
1313
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1314
"<emphasis>//192.168.0.5/share</emphasis>, "
1315
"<emphasis>username=steve,password=secret</emphasis>, and "
1316
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1317
"file name, and an actual username and password with rights to the share."
1318
msgstr ""
1319
1320
#: serverguide/C/windows-networking.xml:1255(para)
1321
msgid ""
1322
"For more <application>smbclient</application> options see the man page: "
1323
"<command>man smbclient</command>, also available <ulink "
1324
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1325
"nline</ulink>."
1326
msgstr ""
1327
1328
#: serverguide/C/windows-networking.xml:1260(para)
1329
msgid ""
1330
"The <application>mount.cifs</application><ulink "
1331
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1332
"man page</ulink> is also useful for more detailed information."
1333
msgstr ""
1334
1335
#: serverguide/C/windows-networking.xml:1270(title)
1336
msgid "Likewise Open"
1337
msgstr ""
1338
1339
#: serverguide/C/windows-networking.xml:1272(para)
1340
msgid ""
1341
"<application>Likewise Open</application> simplifies the necessary "
1342
"configuration needed to authenticate a Linux machine to an Active Directory "
1343
"domain. Based on <application>winbind</application>, the "
1344
"<application>likewise-open</application> package takes the pain out of "
1345
"integrating Ubuntu authentication into an existing Windows network."
1346
msgstr ""
1347
1348
#: serverguide/C/windows-networking.xml:1281(para)
1349
msgid ""
1350
"There are two ways to use Likewise Open, <application>likewise-"
1351
"open</application> the command line utility and <application>likewise-open-"
1352
"gui</application>. This section focuses on the command line utility."
1353
msgstr ""
1354
1355
#: serverguide/C/windows-networking.xml:1286(para)
1356
msgid ""
1357
"To install the <application>likewise-open</application> package, open a "
1358
"terminal prompt and enter:"
1359
msgstr ""
1360
1361
#: serverguide/C/windows-networking.xml:1291(command)
1362
msgid "sudo apt-get install likewise-open"
1363
msgstr ""
1364
1365
#: serverguide/C/windows-networking.xml:1294(para)
1366
msgid ""
1367
"With Ubuntu 9.04 <application>Likewise Open 5.0</application> is available "
1368
"in the <emphasis>Universe</emphasis> repository. However, since upgrading "
1369
"from <application>Likewise Open 4.1</application> currently requires the "
1370
"system to leave the domain and re-join, a separate package for version five "
1371
"was created."
1372
msgstr ""
1373
1374
#: serverguide/C/windows-networking.xml:1300(para)
1375
msgid "To install <application>Likewise Open 5.0</application> enter:"
1376
msgstr ""
1377
1378
#: serverguide/C/windows-networking.xml:1305(command)
1379
msgid "sudo apt-get install likewise-open5"
1380
msgstr ""
1381
1382
#: serverguide/C/windows-networking.xml:1309(para)
1383
msgid ""
1384
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1385
"will replace it. You will have to rejoin the domain after install."
1386
msgstr ""
1387
1388
#: serverguide/C/windows-networking.xml:1316(para)
1389
msgid ""
1390
"The command line tools, and GUI interface, for likewise-open5 are the same "
1391
"as version four."
1392
msgstr ""
1393
1394
#: serverguide/C/windows-networking.xml:1324(title)
1395
msgid "Joining a Domain"
1396
msgstr ""
1397
1398
#: serverguide/C/windows-networking.xml:1326(para)
1399
msgid ""
1400
"The main executable file of the <application>likewise-open</application> "
1401
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1402
"join your computer to the domain. Before you join a domain you will need to "
1403
"make sure you have:"
1404
msgstr ""
1405
1406
#: serverguide/C/windows-networking.xml:1334(para)
1407
msgid ""
1408
"Access to an Active Directory user with appropriate rights to join the "
1409
"domain."
1410
msgstr ""
1411
1412
#: serverguide/C/windows-networking.xml:1339(para)
1413
msgid ""
1414
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1415
"you want to join. If your AD domain does not match a valid domain such as "
1416
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1417
"the form of <emphasis>domainname.local</emphasis>."
1418
msgstr ""
1419
1420
#: serverguide/C/windows-networking.xml:1346(para)
1421
msgid ""
1422
"DNS for the domain setup properly. In a production AD environment this "
1423
"should be the case. Proper Microsoft DNS is needed so that client "
1424
"workstations can determine the Active Directory domain is available."
1425
msgstr ""
1426
1427
#: serverguide/C/windows-networking.xml:1350(para)
1428
msgid ""
1429
"If you don't have a Windows DNS server on your network, see <xref "
1430
"linkend=\"likewise-open-ms-dns\"/> for details."
1431
msgstr ""
1432
1433
#: serverguide/C/windows-networking.xml:1357(para)
1434
msgid "To join a domain, from a terminal prompt enter:"
1435
msgstr ""
1436
1437
#: serverguide/C/windows-networking.xml:1362(command)
1438
msgid "sudo domainjoin-cli join example.com Administrator"
1439
msgstr ""
1440
1441
#: serverguide/C/windows-networking.xml:1366(para)
1442
msgid ""
1443
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1444
"<emphasis>Administrator</emphasis> with the appropriate user name."
1445
msgstr ""
1446
1447
#: serverguide/C/windows-networking.xml:1372(para)
1448
msgid ""
1449
"You will then be prompted for the user's password. If all goes well a "
1450
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1451
msgstr ""
1452
1453
#: serverguide/C/windows-networking.xml:1377(para)
1454
msgid ""
1455
"After successfully joining an Ubuntu machine to an Active Directory domain "
1456
"you can authenticate using any valid AD user. To login you will need to "
1457
"enter the user name as 'domain\\username'. For example to ssh to a server "
1458
"joined to the domain enter:"
1459
msgstr ""
1460
1461
#: serverguide/C/windows-networking.xml:1384(command)
1462
msgid "ssh 'example\\steve'@hostname"
1463
msgstr ""
1464
1465
#: serverguide/C/windows-networking.xml:1388(para)
1466
msgid ""
1467
"If configuring a Desktop the user name will need to be prefixed with "
1468
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1469
msgstr ""
1470
1471
#: serverguide/C/windows-networking.xml:1394(para)
1472
msgid ""
1473
"To make likewise-open use a default domain, you can add the following "
1474
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1475
msgstr ""
1476
1477
#: serverguide/C/windows-networking.xml:1398(programlisting)
1478
#, no-wrap
1479
msgid ""
1480
"\n"
1481
"winbind use default domain = yes\n"
1482
msgstr ""
1483
1484
#: serverguide/C/windows-networking.xml:1402(para)
1485
msgid "Then restart the <application>likewise-open</application> daemons:"
1486
msgstr ""
1487
1488
#: serverguide/C/windows-networking.xml:1407(command)
1489
msgid "sudo /etc/init.d/likewise-open restart"
1490
msgstr ""
1491
1492
#: serverguide/C/windows-networking.xml:1411(para)
1493
msgid ""
1494
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1495
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1496
"using only their username."
1497
msgstr ""
1498
1499
#: serverguide/C/windows-networking.xml:1417(para)
1500
msgid ""
1501
"The <application>domainjoin-cli</application> utility can also be used to "
1502
"leave the domain. From a terminal:"
1503
msgstr ""
1504
1505
#: serverguide/C/windows-networking.xml:1422(command)
1506
msgid "sudo domainjoin-cli leave"
1507
msgstr ""
1508
1509
#: serverguide/C/windows-networking.xml:1427(title) serverguide/C/security.xml:1830(title)
1510
msgid "Other Utilities"
1511
msgstr ""
1512
1513
#: serverguide/C/windows-networking.xml:1429(para)
1514
msgid ""
1515
"The <application>likewise-open</application> package comes with a few other "
1516
"utilities that may be useful for gathering information about the Active "
1517
"Directory environment. These utilities are used to join the machine to the "
1518
"domain, and are the same as those available in the <application>samba-"
1519
"common</application> and <application>winbind</application> packages:"
1520
msgstr ""
1521
1522
#: serverguide/C/windows-networking.xml:1438(para)
1523
msgid ""
1524
"<application>lwinet</application>: Returns information about the network and "
1525
"the domain."
1526
msgstr ""
1527
1528
#: serverguide/C/windows-networking.xml:1443(para)
1529
msgid ""
1530
"<application>lwimsg</application>: Allows interaction with the "
1531
"<application>likewise-winbindd</application> daemon."
1532
msgstr ""
1533
1534
#: serverguide/C/windows-networking.xml:1448(para)
1535
msgid ""
1536
"<application>lwiinfo</application>: Displays information about various parts "
1537
"of the Domain."
1538
msgstr ""
1539
1540
#: serverguide/C/windows-networking.xml:1454(para)
1541
msgid "Please refer to each utility's man page specific for details."
1542
msgstr ""
1543
1544
#: serverguide/C/windows-networking.xml:1460(title) serverguide/C/mail.xml:155(title) serverguide/C/mail.xml:1370(title) serverguide/C/dns.xml:338(title)
1545
msgid "Troubleshooting"
1546
msgstr ""
1547
1548
#: serverguide/C/windows-networking.xml:1464(para)
1549
msgid ""
1550
"If the client has trouble joining the domain, double check that the "
1551
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1552
"example:"
1553
msgstr ""
1554
1555
#: serverguide/C/windows-networking.xml:1469(programlisting)
1556
#, no-wrap
1557
msgid ""
1558
"\n"
1559
"nameserver 192.168.0.1\n"
1560
msgstr ""
1561
1562
#: serverguide/C/windows-networking.xml:1474(para)
1563
msgid ""
1564
"For more information when joining a domain, use the <emphasis>--loglevel "
1565
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1566
"<application>domainjoin-cli</application> utility:"
1567
msgstr ""
1568
1569
#: serverguide/C/windows-networking.xml:1480(command)
1570
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1571
msgstr ""
1572
1573
#: serverguide/C/windows-networking.xml:1484(para)
1574
msgid ""
1575
"If an Active Directory user has trouble logging in, check the "
1576
"<filename>/var/log/auth.log</filename> for details."
1577
msgstr ""
1578
1579
#: serverguide/C/windows-networking.xml:1489(para)
1580
msgid ""
1581
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1582
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1583
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1584
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1585
"option. For example:"
1586
msgstr ""
1587
1588
#: serverguide/C/windows-networking.xml:1495(programlisting)
1589
#, no-wrap
1590
msgid ""
1591
"\n"
1592
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1593
msgstr ""
1594
1595
#: serverguide/C/windows-networking.xml:1499(para)
1596
msgid "Change the above to:"
1597
msgstr ""
1598
1599
#: serverguide/C/windows-networking.xml:1503(programlisting)
1600
#, no-wrap
1601
msgid ""
1602
"\n"
1603
"hosts: files dns [NOTFOUND=return]\n"
1604
msgstr ""
1605
1606
#: serverguide/C/windows-networking.xml:1507(para)
1607
msgid "Then restart networking by entering:"
1608
msgstr ""
1609
1610
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1611
msgid "sudo /etc/init.d/networking restart"
1612
msgstr ""
1613
1614
#: serverguide/C/windows-networking.xml:1515(para)
1615
msgid "You should now be able to join the Active Directory domain."
1616
msgstr ""
1617
1618
#: serverguide/C/windows-networking.xml:1523(title)
1619
msgid "Microsoft DNS"
1620
msgstr ""
1621
1622
#: serverguide/C/windows-networking.xml:1525(para)
1623
msgid ""
1624
"The following are instructions for installing DNS on an Active Directory "
1625
"domain controller running Windows Server 2003, but the instructions should "
1626
"be similar for other versions:"
1627
msgstr ""
1628
1629
#: serverguide/C/windows-networking.xml:1532(para)
1630
msgid ""
1631
"Click "
1632
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1633
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1634
"This will open the <application>Server Role Mangement</application> utility."
1635
msgstr ""
1636
1637
#: serverguide/C/windows-networking.xml:1540(para)
1638
msgid "Click Add or remove a role"
1639
msgstr ""
1640
1641
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1642
msgid "Click Next"
1643
msgstr ""
1644
1645
#: serverguide/C/windows-networking.xml:1542(para)
1646
msgid "Select \"DNS Server\""
1647
msgstr ""
1648
1649
#: serverguide/C/windows-networking.xml:1544(para)
1650
msgid "Next"
1651
msgstr ""
1652
1653
#: serverguide/C/windows-networking.xml:1545(para)
1654
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1655
msgstr ""
1656
1657
#: serverguide/C/windows-networking.xml:1547(para)
1658
msgid ""
1659
"Make sure \"This server maintains the zone\" is selected and click Next."
1660
msgstr ""
1661
1662
#: serverguide/C/windows-networking.xml:1548(para)
1663
msgid "Enter your domain name and click Next"
1664
msgstr ""
1665
1666
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1667
msgid "Click Next to \"Allow only secure dynamic updates\""
1668
msgstr ""
1669
1670
#: serverguide/C/windows-networking.xml:1552(para)
1671
msgid ""
1672
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1673
"should not forward queries\" and click Next."
1674
msgstr ""
1675
1676
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1677
msgid "Click Finish"
1678
msgstr ""
1679
1680
#: serverguide/C/windows-networking.xml:1559(para)
1681
msgid ""
1682
"DNS is now installed and can be further configured using the "
1683
"<application>Microsoft Management Console</application> DNS snap-in."
1684
msgstr ""
1685
1686
#: serverguide/C/windows-networking.xml:1567(para)
1687
msgid "Click Start"
1688
msgstr ""
1689
1690
#: serverguide/C/windows-networking.xml:1568(para)
1691
msgid "Control Panel"
1692
msgstr ""
1693
1694
#: serverguide/C/windows-networking.xml:1569(para)
1695
msgid "Network Connections"
1696
msgstr ""
1697
1698
#: serverguide/C/windows-networking.xml:1570(para)
1699
msgid "Right Click \"Local Area Connection\""
1700
msgstr ""
1701
1702
#: serverguide/C/windows-networking.xml:1571(para)
1703
msgid "Click Properties"
1704
msgstr ""
1705
1706
#: serverguide/C/windows-networking.xml:1572(para)
1707
msgid "Double click \"Internet Protocol (TCP/IP)\""
1708
msgstr ""
1709
1710
#: serverguide/C/windows-networking.xml:1573(para)
1711
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1712
msgstr ""
1713
1714
#: serverguide/C/windows-networking.xml:1574(para)
1715
msgid "Click Ok"
1716
msgstr ""
1717
1718
#: serverguide/C/windows-networking.xml:1575(para)
1719
msgid "Click Ok again to save the settings"
1720
msgstr ""
1721
1722
#: serverguide/C/windows-networking.xml:1564(para)
1723
msgid ""
1724
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1725
msgstr ""
1726
1727
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:534(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:379(title) serverguide/C/network-config.xml:694(title) serverguide/C/mail.xml:263(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:591(title) serverguide/C/mail.xml:1008(title) serverguide/C/mail.xml:1418(title) serverguide/C/lamp-applications.xml:252(title) serverguide/C/lamp-applications.xml:362(title) serverguide/C/lamp-applications.xml:464(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:592(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:227(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:150(title) serverguide/C/backups.xml:297(title)
1728
msgid "References"
1729
msgstr ""
1730
1731
#: serverguide/C/windows-networking.xml:1584(para)
1732
msgid ""
1733
"Please refer to the <ulink "
1734
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1735
"further information."
1736
msgstr ""
1737
1738
#: serverguide/C/windows-networking.xml:1588(para)
1739
msgid ""
1740
"For more <application>domainjoin-cli</application> options see the man page: "
1741
"<command>man domainjoin-cli</command>."
1742
msgstr ""
1743
1744
#: serverguide/C/web-servers.xml:13(title)
1745
msgid "Web Servers"
1746
msgstr "Žiniatinklio Serveriai"
1747
1748
#: serverguide/C/web-servers.xml:14(para)
1749
msgid ""
1750
"A Web server is a software responsible for accepting HTTP requests from "
1751
"clients, which are known as Web browsers, and serving them HTTP responses "
1752
"along with optional data contents, which usually are Web pages such as HTML "
1753
"documents and linked objects (images, etc.)."
1754
msgstr ""
1755
1756
#: serverguide/C/web-servers.xml:19(title)
1757
msgid "HTTPD - Apache2 Web Server"
1758
msgstr "HTTPD - Apache2 Žiniatinklio serveris"
1759
1760
#: serverguide/C/web-servers.xml:20(para)
1761
msgid ""
1762
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1763
"are used to serve Web Pages requested by client computers. Clients typically "
1764
"request and view Web Pages using Web Browser applications such as "
1765
"<application>Firefox</application>, <application>Opera</application>, or "
1766
"<application>Mozilla</application>."
1767
msgstr ""
1768
1769
#: serverguide/C/web-servers.xml:24(para)
1770
msgid ""
1771
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1772
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1773
"resource. For example, to view the home page of the <ulink "
1774
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1775
"the FQDN. To request specific information about <ulink "
1776
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1777
"enter the FQDN followed by a path."
1778
msgstr ""
1779
1780
#: serverguide/C/web-servers.xml:29(para)
1781
msgid ""
1782
"The most common protocol used to transfer Web pages is the Hyper Text "
1783
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1784
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1785
"protocol for uploading and downloading files, are also supported."
1786
msgstr ""
1787
1788
#: serverguide/C/web-servers.xml:33(para)
1789
msgid ""
1790
"Apache Web Servers are often used in combination with the "
1791
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1792
"(<application>PHP</application>) scripting language, and other popular "
1793
"scripting languages such as <application>Python</application> and "
1794
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1795
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1796
"for the development and deployment of Web-based applications."
1797
msgstr ""
1798
1799
#: serverguide/C/web-servers.xml:42(para)
1800
msgid ""
1801
"The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
1802
msgstr ""
1803
"Apache2 žiniatinklio serveris pasiekiamas Ubuntu Linux. Apache2 įdiegimui:"
1804
1805
#: serverguide/C/web-servers.xml:48(para)
1806
msgid "At a terminal prompt enter the following command:"
1807
msgstr ""
1808
1809
#: serverguide/C/web-servers.xml:53(command)
1810
msgid "sudo apt-get install apache2"
1811
msgstr ""
1812
1813
#: serverguide/C/web-servers.xml:63(para)
1814
msgid ""
1815
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1816
"text configuration files. The configuration files are separated between the "
1817
"following files and directories:"
1818
msgstr ""
1819
1820
#: serverguide/C/web-servers.xml:71(para)
1821
msgid ""
1822
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1823
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1824
msgstr ""
1825
1826
#: serverguide/C/web-servers.xml:77(para)
1827
msgid ""
1828
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1829
"<emphasis>globally</emphasis> to Apache. Other packages that use Apache2 to "
1830
"serve content may add files, or symlinks, to this directory."
1831
msgstr ""
1832
1833
#: serverguide/C/web-servers.xml:83(para)
1834
msgid ""
1835
"<emphasis>envvars:</emphasis> file where Apache2 "
1836
"<emphasis>environment</emphasis> variables are set."
1837
msgstr ""
1838
1839
#: serverguide/C/web-servers.xml:88(para)
1840
msgid ""
1841
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1842
"file, named after the <application>httpd</application> daemon. The file can "
1843
"be used for <emphasis>user specific</emphasis> configuration options that "
1844
"globally effect Apache2."
1845
msgstr ""
1846
1847
#: serverguide/C/web-servers.xml:95(para)
1848
msgid ""
1849
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1850
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1851
"modules will have specific configuration files, however."
1852
msgstr ""
1853
1854
#: serverguide/C/web-servers.xml:101(para)
1855
msgid ""
1856
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1857
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1858
"configuration file is symlinked it will be enabled the next time "
1859
"<application>apache2</application> is restarted."
1860
msgstr ""
1861
1862
#: serverguide/C/web-servers.xml:108(para)
1863
msgid ""
1864
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1865
"TCP ports Apache2 is listening on."
1866
msgstr ""
1867
1868
#: serverguide/C/web-servers.xml:113(para)
1869
msgid ""
1870
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1871
"for Apache <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1872
"to be configured for multiple sites that have separate configurations."
1873
msgstr ""
1874
1875
#: serverguide/C/web-servers.xml:119(para)
1876
msgid ""
1877
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1878
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1879
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1880
"a configuration file in sites-available is symlinked it will be active once "
1881
"Apache is restarted."
1882
msgstr ""
1883
1884
#: serverguide/C/web-servers.xml:127(para)
1885
msgid ""
1886
"In addition, other configuration files may be added using the "
1887
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1888
"many configuration files. Any directive may be placed in any of these "
1889
"configuration files. Changes to the main configuration files are only "
1890
"recognized by Apache2 when it is started or restarted."
1891
msgstr ""
1892
1893
#: serverguide/C/web-servers.xml:136(para)
1894
msgid ""
1895
"The server also reads a file containing mime document types; the filename is "
1896
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1897
"<filename>/etc/mime.types</filename> by default."
1898
msgstr ""
1899
1900
#: serverguide/C/web-servers.xml:141(title)
1901
msgid "Basic Settings"
1902
msgstr ""
1903
1904
#: serverguide/C/web-servers.xml:142(para)
1905
msgid ""
1906
"This section explains Apache2 server essential configuration parameters. "
1907
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1908
"Documentation</ulink> for more details."
1909
msgstr ""
1910
1911
#: serverguide/C/web-servers.xml:150(para)
1912
msgid ""
1913
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1914
"it is configured with a single default virtual host (using the "
1915
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1916
"if you have a single site, or used as a template for additional virtual "
1917
"hosts if you have multiple sites. If left alone, the default virtual host "
1918
"will serve as your default site, or the site users will see if the URL they "
1919
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1920
"your custom sites. To modify the default virtual host, edit the file "
1921
"<filename>/etc/apache2/sites-available/default</filename>."
1922
msgstr ""
1923
1924
#: serverguide/C/web-servers.xml:163(para)
1925
msgid ""
1926
"The directives set for a virtual host only apply to that particular virtual "
1927
"host. If a directive is set server-wide and not defined within the virtual "
1928
"host settings, the default setting is used. For example, you can define a "
1929
"Webmaster email address and not define individual email addresses for each "
1930
"virtual host."
1931
msgstr ""
1932
1933
#: serverguide/C/web-servers.xml:171(para)
1934
msgid ""
1935
"If you wish to configure a new virtual host or site, copy that file into the "
1936
"same directory with a name you choose. For example:"
1937
msgstr ""
1938
1939
#: serverguide/C/web-servers.xml:177(command)
1940
msgid ""
1941
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1942
"available/mynewsite"
1943
msgstr ""
1944
1945
#: serverguide/C/web-servers.xml:180(para)
1946
msgid ""
1947
"Edit the new file to configure the new site using some of the directives "
1948
"described below."
1949
msgstr ""
1950
1951
#: serverguide/C/web-servers.xml:187(para)
1952
msgid ""
1953
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1954
"to be advertised for the server's administrator. The default value is "
1955
"webmaster@localhost. This should be changed to an email address that is "
1956
"delivered to you (if you are the server's administrator). If your website "
1957
"has a problem, Apache2 will display an error message containing this email "
1958
"address to report the problem to. Find this directive in your site's "
1959
"configuration file in /etc/apache2/sites-available."
1960
msgstr ""
1961
1962
#: serverguide/C/web-servers.xml:198(para)
1963
msgid ""
1964
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1965
"the IP address, Apache2 should listen on. If the IP address is not "
1966
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1967
"it runs on. The default value for the Listen directive is 80. Change this to "
1968
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1969
"that it will not be available to the Internet, to (for example) 81 to change "
1970
"the port that it listens on, or leave it as is for normal operation. This "
1971
"directive can be found and changed in its own file, "
1972
"<filename>/etc/apache2/ports.conf</filename>"
1973
msgstr ""
1974
1975
#: serverguide/C/web-servers.xml:211(para)
1976
msgid ""
1977
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1978
"FQDN your site should answer to. The default virtual host has no ServerName "
1979
"directive specified, so it will respond to all requests that do not match a "
1980
"ServerName directive in another virtual host. If you have just acquired the "
1981
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1982
"value of the ServerName directive in your virtual host configuration file "
1983
"should be ubunturocks.com. Add this directive to the new virtual host file "
1984
"you created earlier (<filename>/etc/apache2/sites-"
1985
"available/mynewsite</filename>)."
1986
msgstr ""
1987
1988
#: serverguide/C/web-servers.xml:223(para)
1989
msgid ""
1990
"You may also want your site to respond to www.ubunturocks.com, since many "
1991
"users will assume the www prefix is appropriate. Use the "
1992
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
1993
"wildcards in the ServerAlias directive."
1994
msgstr ""
1995
1996
#: serverguide/C/web-servers.xml:230(para)
1997
msgid ""
1998
"For example, the following configuration will cause your site to respond to "
1999
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
2000
msgstr ""
2001
2002
#: serverguide/C/web-servers.xml:236(programlisting)
2003
#, no-wrap
2004
msgid ""
2005
"\n"
2006
"ServerAlias *.ubunturocks.com\n"
2007
msgstr ""
2008
2009
#: serverguide/C/web-servers.xml:242(para)
2010
msgid ""
2011
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache "
2012
"should look for the files that make up the site. The default value is "
2013
"/var/www. No site is configured there, but if you uncomment the "
2014
"<emphasis>RedirectMatch</emphasis> directive in "
2015
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2016
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2017
"this value in your site's virtual host file, and remember to create that "
2018
"directory if necessary!"
2019
msgstr ""
2020
2021
#: serverguide/C/web-servers.xml:254(para)
2022
msgid ""
2023
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2024
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2025
"enabled point to \"available\" sites."
2026
msgstr ""
2027
2028
#: serverguide/C/web-servers.xml:260(para)
2029
msgid ""
2030
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2031
"<application>a2ensite</application> utility and restart Apache:"
2032
msgstr ""
2033
2034
#: serverguide/C/web-servers.xml:266(command)
2035
msgid "sudo a2ensite mynewsite"
2036
msgstr ""
2037
2038
#: serverguide/C/web-servers.xml:267(command) serverguide/C/web-servers.xml:285(command) serverguide/C/web-servers.xml:538(command) serverguide/C/web-servers.xml:547(command) serverguide/C/web-servers.xml:606(command) serverguide/C/mail.xml:723(command) serverguide/C/lamp-applications.xml:221(command)
2039
msgid "sudo /etc/init.d/apache2 restart"
2040
msgstr ""
2041
2042
#: serverguide/C/web-servers.xml:271(para)
2043
msgid ""
2044
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2045
"name for the VirtualHost. One method is to name the file after the "
2046
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
2047
msgstr ""
2048
2049
#: serverguide/C/web-servers.xml:278(para)
2050
msgid ""
2051
"Similarly, use the <application>a2dissite</application> utility to disable "
2052
"sites. This is can be useful when troubleshooting configuration problems "
2053
"with multiple VirtualHosts:"
2054
msgstr ""
2055
2056
#: serverguide/C/web-servers.xml:284(command)
2057
msgid "sudo a2dissite mynewsite"
2058
msgstr ""
2059
2060
#: serverguide/C/web-servers.xml:290(title)
2061
msgid "Default Settings"
2062
msgstr "Nuostatos pagal nutylėjimą"
2063
2064
#: serverguide/C/web-servers.xml:292(para)
2065
msgid ""
2066
"This section explains configuration of the Apache2 server default settings. "
2067
"For example, if you add a virtual host, the settings you configure for the "
2068
"virtual host take precedence for that virtual host. For a directive not "
2069
"defined within the virtual host settings, the default value is used."
2070
msgstr ""
2071
2072
#: serverguide/C/web-servers.xml:304(para)
2073
msgid ""
2074
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2075
"server when a user requests an index of a directory by specifying a forward "
2076
"slash (/) at the end of the directory name."
2077
msgstr ""
2078
2079
#: serverguide/C/web-servers.xml:311(para)
2080
msgid ""
2081
"For example, when a user requests the page "
2082
"http://www.example.com/this_directory/, he or she will get either the "
2083
"DirectoryIndex page if it exists, a server-generated directory list if it "
2084
"does not and the Indexes option is specified, or a Permission Denied page if "
2085
"neither is true. The server will try to find one of the files listed in the "
2086
"DirectoryIndex directive and will return the first one it finds. If it does "
2087
"not find any of these files and if Options Indexes is set for that "
2088
"directory, the server will generate and return a list, in HTML format, of "
2089
"the subdirectories and files in the directory. The default value, found in "
2090
"<filename>/etc/apache2/apache2.conf</filename> is \" index.html index.cgi "
2091
"index.pl index.php index.xhtml\". Thus, if Apache2 finds a file in a "
2092
"requested directory matching any of these names, the first will be displayed."
2093
msgstr ""
2094
2095
#: serverguide/C/web-servers.xml:332(para)
2096
msgid ""
2097
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2098
"file for Apache to use for specific error events. For example, if a user "
2099
"requests a resource that does not exist, a 404 error will occur, and per "
2100
"Apache2's default configuration, the file "
2101
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2102
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2103
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2104
"redirects requests to the /error directory to "
2105
"<filename>/usr/share/apache2/error/</filename>."
2106
msgstr ""
2107
2108
#: serverguide/C/web-servers.xml:344(para)
2109
msgid ""
2110
"To see a list of the default ErrorDocument directives, use this command:"
2111
msgstr ""
2112
2113
#: serverguide/C/web-servers.xml:350(command)
2114
msgid "grep ErrorDocument /etc/apache2/apache2.conf"
2115
msgstr ""
2116
2117
#: serverguide/C/web-servers.xml:355(para)
2118
msgid ""
2119
"By default, the server writes the transfer log to the file "
2120
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2121
"per-site basis in your virtual host configuration files with the "
2122
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2123
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2124
"specify the file to which errors are logged, via the "
2125
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2126
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2127
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2128
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2129
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2130
"/etc/apache2/apache2.conf</filename> for the default value)."
2131
msgstr ""
2132
2133
#: serverguide/C/web-servers.xml:370(para)
2134
msgid ""
2135
"Some options are specified on a per-directory basis rather than per-server. "
2136
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2137
"is enclosed in XML-like tags, like so:"
2138
msgstr ""
2139
2140
#: serverguide/C/web-servers.xml:376(programlisting)
2141
#, no-wrap
2142
msgid ""
2143
"\n"
2144
"<Directory /var/www/mynewsite>\n"
2145
"...\n"
2146
"</Directory>\n"
2147
msgstr ""
2148
2149
#: serverguide/C/web-servers.xml:382(para)
2150
msgid ""
2151
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2152
"one or more of the following values (among others), separated by spaces:"
2153
msgstr ""
2154
2155
#: serverguide/C/web-servers.xml:394(para)
2156
msgid ""
2157
"Most files should not be executed as CGI scripts. This would be very "
2158
"dangerous. CGI scripts should kept in a directory separate from and outside "
2159
"your DocumentRoot, and only this directory should have the ExecCGI option "
2160
"set. This is the default, and the default location for CGI scripts is "
2161
"<filename>/usr/lib/cgi-bin</filename>."
2162
msgstr ""
2163
2164
#: serverguide/C/web-servers.xml:389(para)
2165
msgid ""
2166
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2167
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2168
msgstr ""
2169
2170
#: serverguide/C/web-servers.xml:405(para)
2171
msgid ""
2172
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2173
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2174
"other files. This is not a common option. See <ulink "
2175
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2176
"HOWTO</ulink> for more information."
2177
msgstr ""
2178
2179
#: serverguide/C/web-servers.xml:414(para)
2180
msgid ""
2181
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2182
"includes, but disable the <emphasis>#exec</emphasis> and "
2183
"<emphasis>#include</emphasis> commands in CGI scripts."
2184
msgstr ""
2185
2186
#: serverguide/C/web-servers.xml:426(para)
2187
msgid ""
2188
"For security reasons, this should usually not be set, and certainly should "
2189
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2190
"per-directory basis only if you are certain you want users to see the entire "
2191
"contents of the directory."
2192
msgstr ""
2193
2194
#: serverguide/C/web-servers.xml:421(para)
2195
msgid ""
2196
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2197
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2198
"index.html) exists in the requested directory. <placeholder-1/>"
2199
msgstr ""
2200
2201
#: serverguide/C/web-servers.xml:436(para)
2202
msgid ""
2203
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2204
"multiviews; this option is disabled by default for security reasons. See the "
2205
"<ulink "
2206
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2207
"Apache2 documentation on this option</ulink>."
2208
msgstr ""
2209
2210
#: serverguide/C/web-servers.xml:444(para)
2211
msgid ""
2212
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2213
"symbolic links if the target file or directory has the same owner as the "
2214
"link."
2215
msgstr ""
2216
2217
#: serverguide/C/web-servers.xml:456(title)
2218
msgid "httpd Settings"
2219
msgstr ""
2220
2221
#: serverguide/C/web-servers.xml:458(para)
2222
msgid ""
2223
"This section explains some basic <application>httpd</application> daemon "
2224
"configuration settings."
2225
msgstr ""
2226
2227
#: serverguide/C/web-servers.xml:462(para)
2228
msgid ""
2229
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2230
"the path to the lockfile used when the server is compiled with either "
2231
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2232
"stored on the local disk. It should be left to the default value unless the "
2233
"logs directory is located on an NFS share. If this is the case, the default "
2234
"value should be changed to a location on the local disk and to a directory "
2235
"that is readable only by root."
2236
msgstr ""
2237
2238
#: serverguide/C/web-servers.xml:471(para)
2239
msgid ""
2240
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2241
"file in which the server records its process ID (pid). This file should only "
2242
"be readable by root. In most cases, it should be left to the default value."
2243
msgstr ""
2244
2245
#: serverguide/C/web-servers.xml:477(para)
2246
msgid ""
2247
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2248
"used by the server to answer requests. This setting determines the server's "
2249
"access. Any files inaccessible to this user will also be inaccessible to "
2250
"your website's visitors. The default value for User is www-data."
2251
msgstr ""
2252
2253
#: serverguide/C/web-servers.xml:484(para)
2254
msgid ""
2255
"Unless you know exactly what you are doing, do not set the User directive to "
2256
"root. Using root as the User will create large security holes for your Web "
2257
"server."
2258
msgstr ""
2259
2260
#: serverguide/C/web-servers.xml:490(para)
2261
msgid ""
2262
"The Group directive is similar to the User directive. Group sets the group "
2263
"under which the server will answer requests. The default group is also www-"
2264
"data."
2265
msgstr ""
2266
2267
#: serverguide/C/web-servers.xml:496(title)
2268
msgid "Apache Modules"
2269
msgstr "Apache Moduliai"
2270
2271
#: serverguide/C/web-servers.xml:498(para)
2272
msgid ""
2273
"Apache is a modular server. This implies that only the most basic "
2274
"functionality is included in the core server. Extended features are "
2275
"available through modules which can be loaded into Apache. By default, a "
2276
"base set of modules is included in the server at compile-time. If the server "
2277
"is compiled to use dynamically loaded modules, then modules can be compiled "
2278
"separately, and added at any time using the LoadModule directive. Otherwise, "
2279
"Apache must be recompiled to add or remove modules."
2280
msgstr ""
2281
2282
#: serverguide/C/web-servers.xml:510(para)
2283
msgid ""
2284
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2285
"Configuration directives may be conditionally included on the presence of a "
2286
"particular module by enclosing them in an "
2287
"<emphasis><IfModule></emphasis> block."
2288
msgstr ""
2289
2290
#: serverguide/C/web-servers.xml:517(para)
2291
msgid ""
2292
"You can install additional Apache2 modules and use them with your Web "
2293
"server. For example, run the following command from a terminal prompt to "
2294
"install the <emphasis>MySQL Authentication</emphasis> module:"
2295
msgstr ""
2296
2297
#: serverguide/C/web-servers.xml:524(command)
2298
msgid "sudo apt-get install libapache2-mod-auth-mysql"
2299
msgstr "sudo apt-get install libapache2-mod-auth-mysql"
2300
2301
#: serverguide/C/web-servers.xml:527(para)
2302
msgid ""
2303
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2304
"additional modules."
2305
msgstr ""
2306
2307
#: serverguide/C/web-servers.xml:531(para)
2308
msgid ""
2309
"Use the <application>a2enmod</application> utility to enable a module:"
2310
msgstr ""
2311
2312
#: serverguide/C/web-servers.xml:537(command)
2313
msgid "sudo a2enmod auth_mysql"
2314
msgstr ""
2315
2316
#: serverguide/C/web-servers.xml:541(para)
2317
msgid "Similarly, <application>a2dismod</application> will disable a module:"
2318
msgstr ""
2319
2320
#: serverguide/C/web-servers.xml:546(command)
2321
msgid "sudo a2dismod auth_mysql"
2322
msgstr ""
2323
2324
#: serverguide/C/web-servers.xml:553(title)
2325
msgid "HTTPS Configuration"
2326
msgstr "HTTPS Konfigūracija"
2327
2328
#: serverguide/C/web-servers.xml:555(para)
2329
msgid ""
2330
"The <application>mod_ssl</application> module adds an important feature to "
2331
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2332
"browser is communicating using SSL, the https:// prefix is used at the "
2333
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2334
"bar."
2335
msgstr ""
2336
2337
#: serverguide/C/web-servers.xml:564(para)
2338
msgid ""
2339
"The <application>mod_ssl</application> module is available in "
2340
"<application>apache2-common</application> package. Execute the following "
2341
"command from a terminal prompt to enable the "
2342
"<application>mod_ssl</application> module:"
2343
msgstr ""
2344
2345
#: serverguide/C/web-servers.xml:571(command)
2346
msgid "sudo a2enmod ssl"
2347
msgstr "sudo a2enmod ssl"
2348
2349
#: serverguide/C/web-servers.xml:574(para)
2350
msgid ""
2351
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2352
"available/default-ssl</filename>. In order for "
2353
"<application>Apache</application> to provide HTTPS, a "
2354
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2355
"needed. The default HTTPS configuration will use a certificate and key "
2356
"generated by the <application>ssl-cert</application> package. They are good "
2357
"for testing, but the auto-generated certificate and key should be replaced "
2358
"by a certificate specific to the site or server. For information on "
2359
"generating a key and obtaining a certificate see <xref "
2360
"linkend=\"certificates-and-security\"/>"
2361
msgstr ""
2362
2363
#: serverguide/C/web-servers.xml:584(para)
2364
msgid ""
2365
"To configure <application>Apache</application> for HTTPS, enter the "
2366
"following:"
2367
msgstr ""
2368
2369
#: serverguide/C/web-servers.xml:589(command)
2370
msgid "sudo a2ensite default-ssl"
2371
msgstr ""
2372
2373
#: serverguide/C/web-servers.xml:593(para)
2374
msgid ""
2375
"The directories <filename>/etc/ssl/certs</filename> and "
2376
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2377
"install the certificate and key in another directory make sure to change "
2378
"<emphasis>SSLCertificateFile</emphasis> and "
2379
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2380
msgstr ""
2381
2382
#: serverguide/C/web-servers.xml:600(para)
2383
msgid ""
2384
"With Apache now configured for HTTPS, restart the service to enable the new "
2385
"settings:"
2386
msgstr ""
2387
2388
#: serverguide/C/web-servers.xml:611(para)
2389
msgid ""
2390
"Depending on how you obtained your certificate you may need to enter a "
2391
"passphrase when <application>Apache</application> starts."
2392
msgstr ""
2393
2394
#: serverguide/C/web-servers.xml:617(para)
2395
msgid ""
2396
"You can access the secure server pages by typing https://your_hostname/url/ "
2397
"in your browser address bar."
2398
msgstr ""
2399
2400
#: serverguide/C/web-servers.xml:628(para)
2401
msgid ""
2402
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2403
"Documentation</ulink> contains in depth information on Apache2 configuration "
2404
"directives. Also, see the <application>apache2-doc</application> package for "
2405
"the official Apache2 docs."
2406
msgstr ""
2407
2408
#: serverguide/C/web-servers.xml:635(para)
2409
msgid ""
2410
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2411
"Documentation</ulink> site for more SSL related information."
2412
msgstr ""
2413
2414
#: serverguide/C/web-servers.xml:641(para)
2415
msgid ""
2416
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2417
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2418
"configurations."
2419
msgstr ""
2420
2421
#: serverguide/C/web-servers.xml:647(para)
2422
msgid ""
2423
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2424
"server</emphasis> IRC channel on <ulink "
2425
"url=\"http://freenode.net/\">freenode.net</ulink>."
2426
msgstr ""
2427
2428
#: serverguide/C/web-servers.xml:658(title)
2429
msgid "PHP5 - Scripting Language"
2430
msgstr ""
2431
2432
#: serverguide/C/web-servers.xml:659(para)
2433
msgid ""
2434
"PHP is a general-purpose scripting language suited for Web development. The "
2435
"PHP script can be embedded into HTML. This section explains how to install "
2436
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2437
msgstr ""
2438
2439
#: serverguide/C/web-servers.xml:663(para)
2440
msgid ""
2441
"This section assumes you have installed and configured Apache 2 Web Server "
2442
"and MySQL Database Server. You can refer to Apache 2 section and MySQL "
2443
"sections in this document to install and configure Apache 2 and MySQL "
2444
"respectively."
2445
msgstr ""
2446
2447
#: serverguide/C/web-servers.xml:670(para)
2448
msgid "The PHP5 is available in Ubuntu Linux."
2449
msgstr ""
2450
2451
#: serverguide/C/web-servers.xml:672(para)
2452
msgid ""
2453
"To install PHP5 you can enter the following command in the terminal prompt: "
2454
"<screen>\n"
2455
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2456
"</screen>"
2457
msgstr ""
2458
2459
#: serverguide/C/web-servers.xml:681(para)
2460
msgid ""
2461
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2462
"line you should install <application>php5-cli</application> package. To "
2463
"install <application>php5-cli</application> you can enter the following "
2464
"command in the terminal prompt: <screen>\n"
2465
"<command>sudo apt-get install php5-cli</command>\n"
2466
"</screen>"
2467
msgstr ""
2468
2469
#: serverguide/C/web-servers.xml:690(para)
2470
msgid ""
2471
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2472
"accomplish this, you should install <application>php5-cgi</application> "
2473
"package. You can run the following command in a terminal prompt to install "
2474
"<application>php5-cgi</application> package: <screen>\n"
2475
"<command>sudo apt-get install php5-cgi</command>\n"
2476
"</screen>"
2477
msgstr ""
2478
2479
#: serverguide/C/web-servers.xml:700(para)
2480
msgid ""
2481
"To use <application>MySQL</application> with PHP5 you should install "
2482
"<application>php5-mysql</application> package. To install <application>php5-"
2483
"mysql</application> you can enter the following command in the terminal "
2484
"prompt: <screen>\n"
2485
"<command>sudo apt-get install php5-mysql</command>\n"
2486
"</screen>"
2487
msgstr ""
2488
2489
#: serverguide/C/web-servers.xml:708(para)
2490
msgid ""
2491
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2492
"install <application>php5-pgsql</application> package. To install "
2493
"<application>php5-pgsql</application> you can enter the following command in "
2494
"the terminal prompt: <screen>\n"
2495
"<command>sudo apt-get install php5-pgsql</command>\n"
2496
"</screen>"
2497
msgstr ""
2498
2499
#: serverguide/C/web-servers.xml:721(para)
2500
msgid ""
2501
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2502
"you have installed <application>php5-cli</application> package, you can run "
2503
"PHP5 scripts from your command prompt."
2504
msgstr ""
2505
2506
#: serverguide/C/web-servers.xml:728(para)
2507
msgid ""
2508
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2509
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2510
"when you install the module. Please verify if the files "
2511
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2512
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2513
"not exists, you can enable the module using <command>a2enmod</command> "
2514
"command."
2515
msgstr ""
2516
2517
#: serverguide/C/web-servers.xml:739(para)
2518
msgid ""
2519
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2520
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2521
"following command at a terminal prompt to restart your web server: "
2522
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2523
msgstr ""
2524
2525
#: serverguide/C/web-servers.xml:747(title) serverguide/C/mail.xml:124(title) serverguide/C/mail.xml:1341(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:177(title)
2526
msgid "Testing"
2527
msgstr "Testavimas"
2528
2529
#: serverguide/C/web-servers.xml:748(para)
2530
msgid ""
2531
"To verify your installation, you can run following PHP5 phpinfo script:"
2532
msgstr ""
2533
2534
#: serverguide/C/web-servers.xml:751(programlisting)
2535
#, no-wrap
2536
msgid ""
2537
"\n"
2538
"<?php\n"
2539
"print_r (phpinfo());\n"
2540
"?>\n"
2541
msgstr ""
2542
2543
#: serverguide/C/web-servers.xml:756(para)
2544
msgid ""
2545
"You can save the content in a file <filename>phpinfo.php</filename> and "
2546
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2547
"server. When point your browser to "
2548
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2549
"various PHP5 configuration parameters."
2550
msgstr ""
2551
2552
#: serverguide/C/web-servers.xml:770(para)
2553
msgid ""
2554
"For more in depth information see <ulink "
2555
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2556
msgstr ""
2557
2558
#: serverguide/C/web-servers.xml:775(para)
2559
msgid ""
2560
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2561
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2562
"5</ulink> and the <ulink "
2563
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2564
msgstr ""
2565
2566
#: serverguide/C/web-servers.xml:787(title)
2567
msgid "Squid - Proxy Server"
2568
msgstr "Squid - Įgaliotasis Serveris"
2569
2570
#: serverguide/C/web-servers.xml:788(para)
2571
msgid ""
2572
"Squid is a full-featured web proxy cache server application which provides "
2573
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2574
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2575
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2576
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2577
"caching. Squid also supports a wide variety of caching protocols, such as "
2578
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2579
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2580
"Protocol. (WCCP)"
2581
msgstr ""
2582
2583
#: serverguide/C/web-servers.xml:796(para)
2584
msgid ""
2585
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2586
"and caching server needs, and scales from the branch office to enterprise "
2587
"level networks while providing extensive, granular access control mechanisms "
2588
"and monitoring of critical parameters via the Simple Network Management "
2589
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2590
"Squid proxy, or caching servers, ensure your system is configured with a "
2591
"large amount of physical memory, as Squid maintains an in-memory cache for "
2592
"increased performance."
2593
msgstr ""
2594
2595
#: serverguide/C/web-servers.xml:805(para)
2596
msgid ""
2597
"At a terminal prompt, enter the following command to install the Squid "
2598
"server:"
2599
msgstr ""
2600
2601
#: serverguide/C/web-servers.xml:810(command)
2602
msgid "sudo apt-get install squid"
2603
msgstr ""
2604
2605
#: serverguide/C/web-servers.xml:816(para)
2606
msgid ""
2607
"Squid is configured by editing the directives contained within the "
2608
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2609
"examples illustrate some of the directives which may be modified to affect "
2610
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2611
"see the References section."
2612
msgstr ""
2613
2614
#: serverguide/C/web-servers.xml:822(para)
2615
msgid ""
2616
"Prior to editing the configuration file, you should make a copy of the "
2617
"original file and protect it from writing so you will have the original "
2618
"settings as a reference, and to re-use as necessary."
2619
msgstr ""
2620
2621
#: serverguide/C/web-servers.xml:825(para)
2622
msgid ""
2623
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2624
"writing with the following commands entered at a terminal prompt:"
2625
msgstr ""
2626
2627
#: serverguide/C/web-servers.xml:830(command)
2628
msgid "sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original"
2629
msgstr ""
2630
2631
#: serverguide/C/web-servers.xml:831(command)
2632
msgid "sudo chmod a-w /etc/squid/squid.conf.original"
2633
msgstr ""
2634
2635
#: serverguide/C/web-servers.xml:837(para)
2636
msgid ""
2637
"To set your Squid server to listen on TCP port 8888 instead of the default "
2638
"TCP port 3128, change the http_port directive as such:"
2639
msgstr ""
2640
2641
#: serverguide/C/web-servers.xml:841(programlisting)
2642
#, no-wrap
2643
msgid ""
2644
"\n"
2645
"http_port 8888\n"
2646
msgstr ""
2647
2648
#: serverguide/C/web-servers.xml:846(para)
2649
msgid ""
2650
"Change the visible_hostname directive in order to give the Squid server a "
2651
"specific hostname. This hostname does not necessarily need to be the "
2652
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2653
msgstr ""
2654
2655
#: serverguide/C/web-servers.xml:850(programlisting)
2656
#, no-wrap
2657
msgid ""
2658
"\n"
2659
"visible_hostname weezie\n"
2660
msgstr ""
2661
2662
#: serverguide/C/web-servers.xml:855(para)
2663
msgid ""
2664
"Again, Using Squid's access control, you may configure use of Internet "
2665
"services proxied by Squid to be available only users with certain Internet "
2666
"Protocol (IP) addresses. For example, we will illustrate access by users of "
2667
"the 192.168.42.0/24 subnetwork only:"
2668
msgstr ""
2669
2670
#: serverguide/C/web-servers.xml:860(para) serverguide/C/web-servers.xml:880(para)
2671
msgid ""
2672
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2673
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2674
msgstr ""
2675
2676
#: serverguide/C/web-servers.xml:863(programlisting)
2677
#, no-wrap
2678
msgid ""
2679
"\n"
2680
"acl fortytwo_network src 192.168.42.0/24\n"
2681
msgstr ""
2682
2683
#: serverguide/C/web-servers.xml:866(para) serverguide/C/web-servers.xml:887(para)
2684
msgid ""
2685
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2686
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2687
msgstr ""
2688
2689
#: serverguide/C/web-servers.xml:870(programlisting)
2690
#, no-wrap
2691
msgid ""
2692
"\n"
2693
"http_access allow fortytwo_network\n"
2694
msgstr ""
2695
2696
#: serverguide/C/web-servers.xml:875(para)
2697
msgid ""
2698
"Using the excellent access control features of Squid, you may configure use "
2699
"of Internet services proxied by Squid to be available only during normal "
2700
"business hours. For example, we'll illustrate access by employees of a "
2701
"business which is operating between 9:00AM and 5:00PM, Monday through "
2702
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
2703
msgstr ""
2704
2705
#: serverguide/C/web-servers.xml:883(programlisting)
2706
#, no-wrap
2707
msgid ""
2708
"\n"
2709
"acl biz_network src 10.1.42.0/24\n"
2710
"acl biz_hours time M T W T F 9:00-17:00\n"
2711
msgstr ""
2712
2713
#: serverguide/C/web-servers.xml:891(programlisting)
2714
#, no-wrap
2715
msgid ""
2716
"\n"
2717
"http_access allow biz_network biz_hours\n"
2718
msgstr ""
2719
2720
#: serverguide/C/web-servers.xml:898(para)
2721
msgid ""
2722
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2723
"save the file and restart the <application>squid</application> server "
2724
"application to effect the changes using the following command entered at a "
2725
"terminal prompt:"
2726
msgstr ""
2727
2728
#: serverguide/C/web-servers.xml:905(command)
2729
msgid "sudo /etc/init.d/squid restart"
2730
msgstr ""
2731
2732
#: serverguide/C/web-servers.xml:912(ulink)
2733
msgid "Squid Website"
2734
msgstr ""
2735
2736
#: serverguide/C/web-servers.xml:918(title)
2737
msgid "Ruby on Rails"
2738
msgstr ""
2739
2740
#: serverguide/C/web-servers.xml:919(para)
2741
msgid ""
2742
"Ruby on Rails is an open source web framework for developing database backed "
2743
"web applications. It is optimized for sustainable productivity of the "
2744
"programmer since it lets the programmer to write code by favouring "
2745
"convention over configuration."
2746
msgstr ""
2747
2748
#: serverguide/C/web-servers.xml:926(para)
2749
msgid ""
2750
"Before installing <application>Rails</application> you should install "
2751
"<application>Apache</application> and <application>MySQL</application>. To "
2752
"install the <application>Apache</application> package, please refer to <xref "
2753
"linkend=\"httpd\"/>. For instructions on installing "
2754
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2755
msgstr ""
2756
2757
#: serverguide/C/web-servers.xml:934(para)
2758
msgid ""
2759
"Once you have <application>Apache</application> and "
2760
"<application>MySQL</application> packages installed, you are ready to "
2761
"install <application>Ruby on Rails</application> package."
2762
msgstr ""
2763
2764
#: serverguide/C/web-servers.xml:941(para)
2765
msgid ""
2766
"To install the <application>Ruby</application> base packages and "
2767
"<application>Ruby on Rails</application>, you can enter the following "
2768
"command in the terminal prompt:"
2769
msgstr ""
2770
2771
#: serverguide/C/web-servers.xml:947(command)
2772
msgid "sudo apt-get install rails"
2773
msgstr ""
2774
2775
#: serverguide/C/web-servers.xml:953(para)
2776
msgid ""
2777
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2778
"configuration file to setup your domains."
2779
msgstr ""
2780
2781
#: serverguide/C/web-servers.xml:957(para)
2782
msgid ""
2783
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2784
msgstr ""
2785
2786
#: serverguide/C/web-servers.xml:961(programlisting)
2787
#, no-wrap
2788
msgid ""
2789
"\n"
2790
"DocumentRoot /path/to/rails/application/public\n"
2791
msgstr ""
2792
2793
#: serverguide/C/web-servers.xml:964(para)
2794
msgid ""
2795
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2796
"directive:"
2797
msgstr ""
2798
2799
#: serverguide/C/web-servers.xml:968(programlisting)
2800
#, no-wrap
2801
msgid ""
2802
"\n"
2803
"<Directory \"/path/to/rails/application/public\">\n"
2804
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2805
" AllowOverride All\n"
2806
" Order allow,deny\n"
2807
" allow from all\n"
2808
" AddHandler cgi-script .cgi\n"
2809
"</Directory>\n"
2810
msgstr ""
2811
2812
#: serverguide/C/web-servers.xml:978(para)
2813
msgid ""
2814
"You should also enable the <application>mod_rewrite</application> module for "
2815
"Apache. To enable <application>mod_rewrite</application> module, please "
2816
"enter the following command in a terminal prompt:"
2817
msgstr ""
2818
2819
#: serverguide/C/web-servers.xml:984(command)
2820
msgid "sudo a2enmod rewrite"
2821
msgstr ""
2822
2823
#: serverguide/C/web-servers.xml:987(para)
2824
msgid ""
2825
"Finally you will need to change the ownership of the "
2826
"<filename>/path/to/rails/application/public</filename> and "
2827
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2828
"used to run the <application>Apache</application> process:"
2829
msgstr ""
2830
2831
#: serverguide/C/web-servers.xml:993(command)
2832
msgid "sudo chown -R www-data:www-data /path/to/rails/application/public"
2833
msgstr ""
2834
2835
#: serverguide/C/web-servers.xml:994(command)
2836
msgid "sudo chown -R www-data:www-data /path/to/rails/application/tmp"
2837
msgstr ""
2838
2839
#: serverguide/C/web-servers.xml:997(para)
2840
msgid ""
2841
"That's it! Now you have your Server ready for your <application>Ruby on "
2842
"Rails</application> applications."
2843
msgstr ""
2844
2845
#: serverguide/C/web-servers.xml:1006(para)
2846
msgid ""
2847
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2848
"for more information."
2849
msgstr ""
2850
2851
#: serverguide/C/web-servers.xml:1011(para)
2852
msgid ""
2853
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2854
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2855
"resource."
2856
msgstr ""
2857
2858
#: serverguide/C/web-servers.xml:1022(title)
2859
msgid "Apache Tomcat"
2860
msgstr ""
2861
2862
#: serverguide/C/web-servers.xml:1023(para)
2863
msgid ""
2864
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2865
"JSP (Java Server Pages) web applications."
2866
msgstr ""
2867
2868
#: serverguide/C/web-servers.xml:1025(para)
2869
msgid ""
2870
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2871
"different ways of running Tomcat. You can install them as a classic unique "
2872
"system-wide instance, that will be started at boot time and will run as the "
2873
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2874
"will run with your own user rights, and that you should start and stop by "
2875
"yourself. This second way is particularly useful in a development server "
2876
"context where multiple users need to test on their own private Tomcat "
2877
"instances."
2878
msgstr ""
2879
2880
#: serverguide/C/web-servers.xml:1035(title)
2881
msgid "System-wide installation"
2882
msgstr ""
2883
2884
#: serverguide/C/web-servers.xml:1036(para)
2885
msgid ""
2886
"To install the <application>Tomcat</application> server, you can enter the "
2887
"following command in the terminal prompt:"
2888
msgstr ""
2889
2890
#: serverguide/C/web-servers.xml:1039(command)
2891
msgid "sudo apt-get install tomcat6"
2892
msgstr ""
2893
2894
#: serverguide/C/web-servers.xml:1041(para)
2895
msgid ""
2896
"This will install a Tomcat server with just a default ROOT webapp that "
2897
"displays a minimal \"It works\" page by default."
2898
msgstr ""
2899
2900
#: serverguide/C/web-servers.xml:1047(para)
2901
msgid ""
2902
"Tomcat configuration files can be found in "
2903
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2904
"will be described here, please see <ulink "
2905
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2906
"documentation</ulink> for more."
2907
msgstr ""
2908
2909
#: serverguide/C/web-servers.xml:1053(title)
2910
msgid "Changing default ports"
2911
msgstr ""
2912
2913
#: serverguide/C/web-servers.xml:1054(para)
2914
msgid ""
2915
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2916
"connector on port 8009. You might want to change those default ports to "
2917
"avoid conflict with another server on the system. This is done by changing "
2918
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2919
msgstr ""
2920
2921
#: serverguide/C/web-servers.xml:1059(programlisting)
2922
#, no-wrap
2923
msgid ""
2924
"\n"
2925
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2926
" connectionTimeout=\"20000\" \n"
2927
" redirectPort=\"8443\" />\n"
2928
"...\n"
2929
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2930
"/>\n"
2931
msgstr ""
2932
2933
#: serverguide/C/web-servers.xml:1068(title)
2934
msgid "Changing JVM used"
2935
msgstr ""
2936
2937
#: serverguide/C/web-servers.xml:1069(para)
2938
msgid ""
2939
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2940
"then try some other JVMs. If you have various JVMs installed, you can set "
2941
"which should be used by setting JAVA_HOME in "
2942
"<filename>/etc/default/tomcat6</filename>:"
2943
msgstr ""
2944
2945
#: serverguide/C/web-servers.xml:1073(programlisting)
2946
#, no-wrap
2947
msgid ""
2948
"\n"
2949
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2950
msgstr ""
2951
2952
#: serverguide/C/web-servers.xml:1078(title)
2953
msgid "Declaring users and roles"
2954
msgstr ""
2955
2956
#: serverguide/C/web-servers.xml:1079(para)
2957
msgid ""
2958
"Usernames, passwords and roles (groups) can be defined centrally in a "
2959
"Servlet container. In Tomcat 6.0 this is done in the "
2960
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2961
msgstr ""
2962
2963
#: serverguide/C/web-servers.xml:1082(programlisting)
2964
#, no-wrap
2965
msgid ""
2966
"\n"
2967
"<role rolename=\"admin\"/>\n"
2968
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2969
msgstr ""
2970
2971
#: serverguide/C/web-servers.xml:1090(title)
2972
msgid "Using Tomcat standard webapps"
2973
msgstr ""
2974
2975
#: serverguide/C/web-servers.xml:1091(para)
2976
msgid ""
2977
"Tomcat is shipped with webapps that you can install for documentation, "
2978
"administration or demo purposes."
2979
msgstr ""
2980
2981
#: serverguide/C/web-servers.xml:1094(title)
2982
msgid "Tomcat documentation"
2983
msgstr ""
2984
2985
#: serverguide/C/web-servers.xml:1095(para)
2986
msgid ""
2987
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
2988
"documentation, packaged as a webapp that you can access by default at "
2989
"http://yourserver:8080/docs. You can install it by entering the following "
2990
"command in the terminal prompt:"
2991
msgstr ""
2992
2993
#: serverguide/C/web-servers.xml:1100(command)
2994
msgid "sudo apt-get install tomcat6-docs"
2995
msgstr ""
2996
2997
#: serverguide/C/web-servers.xml:1104(title)
2998
msgid "Tomcat administration webapps"
2999
msgstr ""
3000
3001
#: serverguide/C/web-servers.xml:1105(para)
3002
msgid ""
3003
"The <application>tomcat6-admin</application> package contains two webapps "
3004
"that can be used to administer the Tomcat server using a web interface. You "
3005
"can install them by entering the following command in the terminal prompt:"
3006
msgstr ""
3007
3008
#: serverguide/C/web-servers.xml:1110(command)
3009
msgid "sudo apt-get install tomcat6-admin"
3010
msgstr ""
3011
3012
#: serverguide/C/web-servers.xml:1112(para)
3013
msgid ""
3014
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3015
"access by default at http://yourserver:8080/manager/html. It is primarily "
3016
"used to get server status and restart webapps."
3017
msgstr ""
3018
3019
#: serverguide/C/web-servers.xml:1115(para)
3020
msgid ""
3021
"Access to the <emphasis>manager</emphasis> application is protected by "
3022
"default: you need to define a user with the role \"manager\" in "
3023
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3024
msgstr ""
3025
3026
#: serverguide/C/web-servers.xml:1119(para)
3027
msgid ""
3028
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3029
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3030
"used to create virtual hosts dynamically."
3031
msgstr ""
3032
3033
#: serverguide/C/web-servers.xml:1123(para)
3034
msgid ""
3035
"Access to the <emphasis>host-manager</emphasis> application is also "
3036
"protected by default: you need to define a user with the role \"admin\" in "
3037
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3038
msgstr ""
3039
3040
#: serverguide/C/web-servers.xml:1128(para)
3041
msgid ""
3042
"For security reasons, the tomcat6 user cannot write to the "
3043
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3044
"these admin webapps (application deployment, virtual host creation) need "
3045
"write access to that directory. If you want to use these features execute "
3046
"the following, to give users in the tomcat6 group the necessary rights:"
3047
msgstr ""
3048
3049
#: serverguide/C/web-servers.xml:1135(command)
3050
msgid "sudo chgrp -R tomcat6 /etc/tomcat6"
3051
msgstr ""
3052
3053
#: serverguide/C/web-servers.xml:1136(command)
3054
msgid "sudo chmod -R g+w /etc/tomcat6"
3055
msgstr ""
3056
3057
#: serverguide/C/web-servers.xml:1141(title)
3058
msgid "Tomcat examples webapps"
3059
msgstr ""
3060
3061
#: serverguide/C/web-servers.xml:1142(para)
3062
msgid ""
3063
"The <application>tomcat6-examples</application> package contains two webapps "
3064
"that can be used to test or demonstrate Servlets and JSP features, which you "
3065
"can access them by default at http://yourserver:8080/examples. You can "
3066
"install them by entering the following command in the terminal prompt:"
3067
msgstr ""
3068
3069
#: serverguide/C/web-servers.xml:1148(command)
3070
msgid "sudo apt-get install tomcat6-examples"
3071
msgstr ""
3072
3073
#: serverguide/C/web-servers.xml:1154(title)
3074
msgid "Using private instances"
3075
msgstr ""
3076
3077
#: serverguide/C/web-servers.xml:1155(para)
3078
msgid ""
3079
"Tomcat is heavily used in development and testing scenarios where using a "
3080
"single system-wide instance doesn't meet the requirements of multiple users "
3081
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3082
"help deploy your own user-oriented instances, allowing every user on a "
3083
"system to run (without root rights) separate private instances while still "
3084
"using the system-installed libraries."
3085
msgstr ""
3086
3087
#: serverguide/C/web-servers.xml:1162(para)
3088
msgid ""
3089
"It is possible to run the system-wide instance and the private instances in "
3090
"parallel, as long as they do not use the same TCP ports."
3091
msgstr ""
3092
3093
#: serverguide/C/web-servers.xml:1166(title)
3094
msgid "Installing private instance support"
3095
msgstr ""
3096
3097
#: serverguide/C/web-servers.xml:1167(para)
3098
msgid ""
3099
"You can install everything necessary to run private instances by entering "
3100
"the following command in the terminal prompt:"
3101
msgstr ""
3102
3103
#: serverguide/C/web-servers.xml:1170(command)
3104
msgid "sudo apt-get install tomcat6-user"
3105
msgstr ""
3106
3107
#: serverguide/C/web-servers.xml:1174(title)
3108
msgid "Creating a private instance"
3109
msgstr ""
3110
3111
#: serverguide/C/web-servers.xml:1175(para)
3112
msgid ""
3113
"You can create a private instance directory by entering the following "
3114
"command in the terminal prompt:"
3115
msgstr ""
3116
3117
#: serverguide/C/web-servers.xml:1178(command)
3118
msgid "tomcat6-instance-create my-instance"
3119
msgstr ""
3120
3121
#: serverguide/C/web-servers.xml:1180(para)
3122
msgid ""
3123
"This will create a new <filename>my-instance</filename> directory with all "
3124
"the necessary subdirectories and scripts. You can for example install your "
3125
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3126
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3127
"are deployed by default."
3128
msgstr ""
3129
3130
#: serverguide/C/web-servers.xml:1188(title)
3131
msgid "Configuring your private instance"
3132
msgstr ""
3133
3134
#: serverguide/C/web-servers.xml:1189(para)
3135
msgid ""
3136
"You will find the classic Tomcat configuration files for your private "
3137
"instance in the <filename>conf/</filename> subdirectory. You should for "
3138
"example certainly edit the <filename>conf/server.xml</filename> file to "
3139
"change the default ports used by your private Tomcat instance to avoid "
3140
"conflict with other instances that might be running."
3141
msgstr ""
3142
3143
#: serverguide/C/web-servers.xml:1197(title)
3144
msgid "Starting/stopping your private instance"
3145
msgstr ""
3146
3147
#: serverguide/C/web-servers.xml:1198(para)
3148
msgid ""
3149
"You can start your private instance by entering the following command in the "
3150
"terminal prompt (supposing your instance is located in the <filename>my-"
3151
"instance</filename> directory):"
3152
msgstr ""
3153
3154
#: serverguide/C/web-servers.xml:1202(command)
3155
msgid "my-instance/bin/startup.sh"
3156
msgstr ""
3157
3158
#: serverguide/C/web-servers.xml:1204(para)
3159
msgid ""
3160
"You should check the <filename>logs/</filename> subdirectory for any error. "
3161
"If you have a <emphasis>java.net.BindException: Address already in "
3162
"use<null>:8080</emphasis> error, it means that the port you're using "
3163
"is already taken and that you should change it."
3164
msgstr ""
3165
3166
#: serverguide/C/web-servers.xml:1209(para)
3167
msgid ""
3168
"You can stop your instance by entering the following command in the terminal "
3169
"prompt (supposing your instance is located in the <filename>my-"
3170
"instance</filename> directory):"
3171
msgstr ""
3172
3173
#: serverguide/C/web-servers.xml:1213(command)
3174
msgid "my-instance/bin/shutdown.sh"
3175
msgstr ""
3176
3177
#: serverguide/C/web-servers.xml:1222(para)
3178
msgid ""
3179
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3180
"website for more information."
3181
msgstr ""
3182
3183
#: serverguide/C/web-servers.xml:1227(para)
3184
msgid ""
3185
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3186
"Definitive Guide</ulink> is a good resource for building web applications "
3187
"with Tomcat."
3188
msgstr ""
3189
3190
#: serverguide/C/web-servers.xml:1233(para)
3191
msgid ""
3192
"For additional books see the <ulink "
3193
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3194
"page."
3195
msgstr ""
3196
3197
#: serverguide/C/virtualization.xml:13(title)
3198
msgid "Virtualization"
3199
msgstr ""
3200
3201
#: serverguide/C/virtualization.xml:14(para)
3202
msgid ""
3203
"Virtualization is being adopted in many different environments and "
3204
"situations. If you are a developer, virtualization can provide you with a "
3205
"contained environment where you can safely do almost any sort of development "
3206
"safe from messing up your main working environment. If you are a systems "
3207
"administrator, you can use virtualization to more easily separate your "
3208
"services and move them around based on demand."
3209
msgstr ""
3210
3211
#: serverguide/C/virtualization.xml:20(para)
3212
msgid ""
3213
"The default virtualization technology supported in Ubuntu is "
3214
"<application>KVM</application>, a technology that takes advantage of "
3215
"virtualization extensions built into Intel and AMD hardware. For hardware "
3216
"without virtualization extensions <application>Xen</application> and "
3217
"<application>Qemu</application> are popular solutions."
3218
msgstr ""
3219
3220
#: serverguide/C/virtualization.xml:27(title)
3221
msgid "libvirt"
3222
msgstr ""
3223
3224
#: serverguide/C/virtualization.xml:28(para)
3225
msgid ""
3226
"The <application>libvirt</application> library is used to interface with "
3227
"different virtualization technologies. Before getting started with "
3228
"<application>libvirt</application> it is best to make sure your hardware "
3229
"supports the necessary virtualization extensions for "
3230
"<application>KVM</application>. Enter the following from a terminal prompt:"
3231
msgstr ""
3232
3233
#: serverguide/C/virtualization.xml:34(command)
3234
msgid "egrep '(vmx|svm)' /proc/cpuinfo"
3235
msgstr ""
3236
3237
#: serverguide/C/virtualization.xml:36(para)
3238
msgid ""
3239
"If nothing is printed, it means that your cpu does <emphasis>not</emphasis> "
3240
"support hardware virtualization."
3241
msgstr ""
3242
3243
#: serverguide/C/virtualization.xml:40(para)
3244
msgid ""
3245
"On most computer whose processor supports virtualization, it is necessary to "
3246
"activate an option in the bios to enable it. The method described above does "
3247
"not show the status of it's activation."
3248
msgstr ""
3249
3250
#: serverguide/C/virtualization.xml:47(title)
3251
msgid "Virtual Networking"
3252
msgstr ""
3253
3254
#: serverguide/C/virtualization.xml:49(para)
3255
msgid ""
3256
"There are a few different ways to allow a virtual machine access to the "
3257
"external network. The default virtual network configuration is "
3258
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3259
"traffic is NATed through the host interface to the outside network."
3260
msgstr ""
3261
3262
#: serverguide/C/virtualization.xml:54(para)
3263
msgid ""
3264
"To enable external hosts to directly access services on virtual machines a "
3265
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3266
"interfaces to connect to the outside network through the physical interface, "
3267
"making them appear as normal hosts to the rest of the network. For "
3268
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
3269
msgstr ""
3270
3271
#: serverguide/C/virtualization.xml:63(para)
3272
msgid "To install the necessary packages, from a terminal prompt enter:"
3273
msgstr ""
3274
3275
#: serverguide/C/virtualization.xml:67(command)
3276
msgid "sudo apt-get install kvm libvirt-bin"
3277
msgstr ""
3278
3279
#: serverguide/C/virtualization.xml:69(para)
3280
msgid ""
3281
"After installing <application>libvirt-bin</application>, the user used to "
3282
"manage virtual machines will need to be added to the "
3283
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3284
"the advanced networking options."
3285
msgstr ""
3286
3287
#: serverguide/C/virtualization.xml:73(para)
3288
msgid "In a terminal enter:"
3289
msgstr ""
3290
3291
#: serverguide/C/virtualization.xml:77(command)
3292
msgid "sudo adduser $USER libvirtd"
3293
msgstr ""
3294
3295
#: serverguide/C/virtualization.xml:80(para)
3296
msgid ""
3297
"If the user chosen is the current user, you will need to log out and back in "
3298
"for the new group membership to take effect."
3299
msgstr ""
3300
3301
#: serverguide/C/virtualization.xml:84(para)
3302
msgid ""
3303
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3304
"Installing a virtual machine follows the same process as installing the "
3305
"operating system directly on the hardware. You either need a way to automate "
3306
"the installation, or a keyboard and monitor will need to be attached to the "
3307
"physical machine."
3308
msgstr ""
3309
3310
#: serverguide/C/virtualization.xml:89(para)
3311
msgid ""
3312
"In the case of virtual machines a Graphical User Interface (GUI) is "
3313
"analogous to using a physical keyboard and mouse. Instead of installing a "
3314
"GUI the <application>virt-viewer</application> application can be used to "
3315
"connect to a virtual machine's console using <application>VNC</application>. "
3316
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3317
msgstr ""
3318
3319
#: serverguide/C/virtualization.xml:94(para)
3320
msgid ""
3321
"There are several ways to automate the Ubuntu installation process, for "
3322
"example using preseeds, kickstart, etc. Refer to the <ulink "
3323
"url=\"https://help.ubuntu.com/9.04/installation-guide/\">Ubuntu Installation "
3324
"Guide</ulink> for details."
3325
msgstr ""
3326
3327
#: serverguide/C/virtualization.xml:98(para)
3328
msgid ""
3329
"Yet another way to install an Ubuntu virtual machine is to use "
3330
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3331
"builder</application> allows you to setup advanced partitions, execute "
3332
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3333
"vmbuilder\"/>"
3334
msgstr ""
3335
3336
#: serverguide/C/virtualization.xml:104(title)
3337
msgid "virt-install"
3338
msgstr ""
3339
3340
#: serverguide/C/virtualization.xml:105(para)
3341
msgid ""
3342
"<application>virt-install</application> is part of the <application>python-"
3343
"virtinst</application> package. To install it, from a terminal prompt enter:"
3344
msgstr ""
3345
3346
#: serverguide/C/virtualization.xml:109(command)
3347
msgid "sudo apt-get install python-virtinst"
3348
msgstr ""
3349
3350
#: serverguide/C/virtualization.xml:111(para)
3351
msgid ""
3352
"There are several options available when using <application>virt-"
3353
"install</application>. For example:"
3354
msgstr ""
3355
3356
#: serverguide/C/virtualization.xml:115(command)
3357
msgid ""
3358
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3359
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3360
msgstr ""
3361
3362
#: serverguide/C/virtualization.xml:122(para)
3363
msgid ""
3364
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3365
"be <emphasis>web_devel</emphasis> in this example."
3366
msgstr ""
3367
3368
#: serverguide/C/virtualization.xml:127(para)
3369
msgid ""
3370
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3371
"machine will use."
3372
msgstr ""
3373
3374
#: serverguide/C/virtualization.xml:132(para)
3375
msgid ""
3376
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3377
"disk which can be a file, partition, or logical volume. In this example a "
3378
"file named <filename>web_devel.img</filename>."
3379
msgstr ""
3380
3381
#: serverguide/C/virtualization.xml:138(para)
3382
msgid "<emphasis>-s 4:</emphasis> the size of the virtual disk."
3383
msgstr ""
3384
3385
#: serverguide/C/virtualization.xml:143(para)
3386
msgid ""
3387
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3388
"file can be either an ISO file or the path to the host's CDROM device."
3389
msgstr ""
3390
3391
#: serverguide/C/virtualization.xml:149(para)
3392
msgid ""
3393
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3394
"technologies."
3395
msgstr ""
3396
3397
#: serverguide/C/virtualization.xml:154(para)
3398
msgid ""
3399
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3400
msgstr ""
3401
3402
#: serverguide/C/virtualization.xml:159(para)
3403
msgid ""
3404
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3405
"virtual machine's console."
3406
msgstr ""
3407
3408
#: serverguide/C/virtualization.xml:164(para)
3409
msgid "<emphasis>-v:</emphasis> creates a fully virtualized guest."
3410
msgstr ""
3411
3412
#: serverguide/C/virtualization.xml:169(para)
3413
msgid ""
3414
"After launching <application>virt-install</application> you can connect to "
3415
"the virtual machine's console either locally using a GUI or with the "
3416
"<application>virt-viewer</application> utility."
3417
msgstr ""
3418
3419
#: serverguide/C/virtualization.xml:175(title)
3420
msgid "virt-clone"
3421
msgstr ""
3422
3423
#: serverguide/C/virtualization.xml:176(para)
3424
msgid ""
3425
"The <application>virt-clone</application> application can be used to copy "
3426
"one virtual machine to another. For example:"
3427
msgstr ""
3428
3429
#: serverguide/C/virtualization.xml:180(command)
3430
msgid ""
3431
"sudo virt-clone -o web_devel -n database_devel -f "
3432
"/path/to/database_devel.img --connect=qemu:///system"
3433
msgstr ""
3434
3435
#: serverguide/C/virtualization.xml:184(para)
3436
msgid "<emphasis>-o:</emphasis> original virtual machine."
3437
msgstr ""
3438
3439
#: serverguide/C/virtualization.xml:189(para)
3440
msgid "<emphasis>-n:</emphasis> name of the new virtual machine."
3441
msgstr ""
3442
3443
#: serverguide/C/virtualization.xml:194(para)
3444
msgid ""
3445
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3446
"be used by the new virtual machine."
3447
msgstr ""
3448
3449
#: serverguide/C/virtualization.xml:199(para)
3450
msgid ""
3451
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3452
msgstr ""
3453
3454
#: serverguide/C/virtualization.xml:204(para)
3455
msgid ""
3456
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3457
"help troubleshoot problems with <application>virt-clone</application>."
3458
msgstr ""
3459
3460
#: serverguide/C/virtualization.xml:209(para)
3461
msgid ""
3462
"Replace <emphasis>web_devel</emphasis> and "
3463
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
3464
msgstr ""
3465
3466
#: serverguide/C/virtualization.xml:215(title)
3467
msgid "Virtual Machine Management"
3468
msgstr ""
3469
3470
#: serverguide/C/virtualization.xml:217(title)
3471
msgid "virsh"
3472
msgstr ""
3473
3474
#: serverguide/C/virtualization.xml:218(para)
3475
msgid ""
3476
"There are several utilities available to manage virtual machines and "
3477
"<application>libvirt</application>. The <application>virsh</application> "
3478
"utility can be used from the command line. Some examples:"
3479
msgstr ""
3480
3481
#: serverguide/C/virtualization.xml:224(para)
3482
msgid "To list running virtual machines:"
3483
msgstr ""
3484
3485
#: serverguide/C/virtualization.xml:228(command)
3486
msgid "virsh -c qemu:///system list"
3487
msgstr ""
3488
3489
#: serverguide/C/virtualization.xml:232(para)
3490
msgid "To start a virtual machine:"
3491
msgstr ""
3492
3493
#: serverguide/C/virtualization.xml:236(command)
3494
msgid "virsh -c qemu:///system start web_devel"
3495
msgstr ""
3496
3497
#: serverguide/C/virtualization.xml:240(para)
3498
msgid "Similarly, to start a virtual machine at boot:"
3499
msgstr ""
3500
3501
#: serverguide/C/virtualization.xml:244(command)
3502
msgid "virsh -c qemu:///system autostart web_devel"
3503
msgstr ""
3504
3505
#: serverguide/C/virtualization.xml:248(para)
3506
msgid "Reboot a virtual machine with:"
3507
msgstr ""
3508
3509
#: serverguide/C/virtualization.xml:252(command)
3510
msgid "virsh -c qemu:///system reboot web_devel"
3511
msgstr ""
3512
3513
#: serverguide/C/virtualization.xml:256(para)
3514
msgid ""
3515
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3516
"order to be restored later. The following will save the virtual machine "
3517
"state into a file named according to the date:"
3518
msgstr ""
3519
3520
#: serverguide/C/virtualization.xml:261(command)
3521
msgid "virsh -c qemu:///system save web_devel web_devel-022708.state"
3522
msgstr ""
3523
3524
#: serverguide/C/virtualization.xml:263(para)
3525
msgid "Once saved the virtual machine will no longer be running."
3526
msgstr ""
3527
3528
#: serverguide/C/virtualization.xml:268(para)
3529
msgid "A saved virtual machine can be restored using:"
3530
msgstr ""
3531
3532
#: serverguide/C/virtualization.xml:272(command)
3533
msgid "virsh -c qemu:///system restore web_devel-022708.state"
3534
msgstr ""
3535
3536
#: serverguide/C/virtualization.xml:276(para)
3537
msgid "To shutdown a virtual machine do:"
3538
msgstr ""
3539
3540
#: serverguide/C/virtualization.xml:280(command)
3541
msgid "virsh -c qemu:///system shutdown web_devel"
3542
msgstr ""
3543
3544
#: serverguide/C/virtualization.xml:284(para)
3545
msgid "A CDROM device can be mounted in a virtual machine by entering:"
3546
msgstr ""
3547
3548
#: serverguide/C/virtualization.xml:288(command)
3549
msgid "virsh -c qemu:///system attach-disk web_devel /dev/cdrom /media/cdrom"
3550
msgstr ""
3551
3552
#: serverguide/C/virtualization.xml:293(para)
3553
msgid ""
3554
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3555
"appropriate virtual machine name, and <filename>web_devel-"
3556
"022708.state</filename> with a descriptive file name."
3557
msgstr ""
3558
3559
#: serverguide/C/virtualization.xml:300(title)
3560
msgid "Virtual Machine Manager"
3561
msgstr ""
3562
3563
#: serverguide/C/virtualization.xml:301(para)
3564
msgid ""
3565
"The <application>virt-manager</application> package contains a graphical "
3566
"utility to manage local and remote virtual machines. To install virt-manager "
3567
"enter:"
3568
msgstr ""
3569
3570
#: serverguide/C/virtualization.xml:306(command)
3571
msgid "sudo apt-get install virt-manager"
3572
msgstr ""
3573
3574
#: serverguide/C/virtualization.xml:308(para)
3575
msgid ""
3576
"Since <application>virt-manager</application> requires a Graphical User "
3577
"Interface (GUI) environment it is recommended to be installed on a "
3578
"workstation or test machine instead of a production server. To connect to "
3579
"the local <application>libvirt</application> service enter:"
3580
msgstr ""
3581
3582
#: serverguide/C/virtualization.xml:314(command)
3583
msgid "virt-manager -c qemu:///system"
3584
msgstr ""
3585
3586
#: serverguide/C/virtualization.xml:316(para)
3587
msgid ""
3588
"You can connect to the <application>libvirt</application> service running on "
3589
"another host by entering the following in a terminal prompt:"
3590
msgstr ""
3591
3592
#: serverguide/C/virtualization.xml:320(command)
3593
msgid "virt-manager -c qemu+ssh://virtnode1.mydomain.com/system"
3594
msgstr ""
3595
3596
#: serverguide/C/virtualization.xml:323(para)
3597
msgid ""
3598
"The above example assumes that <application>SSH</application> connectivity "
3599
"between the management system and virtnode1.mydomain.com has already been "
3600
"configured, and uses SSH keys for authentication. SSH "
3601
"<emphasis>keys</emphasis> are needed because "
3602
"<application>libvirt</application> sends the password prompt to another "
3603
"process. For details on configuring <application>SSH</application> see <xref "
3604
"linkend=\"openssh-server\"/>"
3605
msgstr ""
3606
3607
#: serverguide/C/virtualization.xml:333(title)
3608
msgid "Virtual Machine Viewer"
3609
msgstr ""
3610
3611
#: serverguide/C/virtualization.xml:334(para)
3612
msgid ""
3613
"The <application>virt-viewer</application> application allows you to connect "
3614
"to a virtual machine's console. <application>virt-viewer</application> does "
3615
"require a Graphical User Interface (GUI) to interface with the virtual "
3616
"machine."
3617
msgstr ""
3618
3619
#: serverguide/C/virtualization.xml:338(para)
3620
msgid ""
3621
"To install <application>virt-viewer</application> from a terminal enter:"
3622
msgstr ""
3623
3624
#: serverguide/C/virtualization.xml:342(command)
3625
msgid "sudo apt-get install virt-viewer"
3626
msgstr ""
3627
3628
#: serverguide/C/virtualization.xml:344(para)
3629
msgid ""
3630
"Once a virtual machine is installed and running you can connect to the "
3631
"virtual machine's console by using:"
3632
msgstr ""
3633
3634
#: serverguide/C/virtualization.xml:348(command)
3635
msgid "virt-viewer -c qemu:///system web_devel"
3636
msgstr ""
3637
3638
#: serverguide/C/virtualization.xml:350(para)
3639
msgid ""
3640
"Similar to <application>virt-manager</application>, <application>virt-"
3641
"viewer</application> can connect to a remote host using "
3642
"<emphasis>SSH</emphasis> with key authentication, as well:"
3643
msgstr ""
3644
3645
#: serverguide/C/virtualization.xml:355(command)
3646
msgid "virt-viewer -c qemu+ssh://virtnode1.mydomain.com/system web_devel"
3647
msgstr ""
3648
3649
#: serverguide/C/virtualization.xml:357(para)
3650
msgid ""
3651
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
3652
"appropriate virtual machine name."
3653
msgstr ""
3654
3655
#: serverguide/C/virtualization.xml:360(para)
3656
msgid ""
3657
"If configured to use a <emphasis>bridged</emphasis> network interface you "
3658
"can also setup <application>SSH</application> access to the virtual machine. "
3659
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
3660
"more details."
3661
msgstr ""
3662
3663
#: serverguide/C/virtualization.xml:369(para)
3664
msgid ""
3665
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
3666
"for more details."
3667
msgstr ""
3668
3669
#: serverguide/C/virtualization.xml:374(para)
3670
msgid ""
3671
"For more information on <application>libvirt</application> see the <ulink "
3672
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
3673
msgstr ""
3674
3675
#: serverguide/C/virtualization.xml:379(para)
3676
msgid ""
3677
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
3678
"Manager</ulink> site has more information on <application>virt-"
3679
"manager</application> development."
3680
msgstr ""
3681
3682
#: serverguide/C/virtualization.xml:385(para)
3683
msgid ""
3684
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
3685
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
3686
"technology in Ubuntu."
3687
msgstr ""
3688
3689
#: serverguide/C/virtualization.xml:394(title) serverguide/C/jeos.xml:13(title)
3690
msgid "JeOS and vmbuilder"
3691
msgstr ""
3692
3693
#: serverguide/C/virtualization.xml:400(title) serverguide/C/jeos.xml:19(title)
3694
msgid "What is JeOS"
3695
msgstr ""
3696
3697
#: serverguide/C/virtualization.xml:402(para) serverguide/C/jeos.xml:21(para)
3698
msgid ""
3699
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
3700
"variant of the Ubuntu Server operating system, configured specifically for "
3701
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
3702
"only as an option either:"
3703
msgstr ""
3704
3705
#: serverguide/C/virtualization.xml:409(para)
3706
msgid ""
3707
"While installing from the Server Edition ISO (pressing "
3708
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
3709
"installation\", which is the package selection equivalent to JeOS)."
3710
msgstr ""
3711
3712
#: serverguide/C/virtualization.xml:415(para) serverguide/C/jeos.xml:34(para)
3713
msgid "Or to be built using Ubuntu's vmbuilder, which is described here."
3714
msgstr ""
3715
3716
#: serverguide/C/virtualization.xml:421(para) serverguide/C/jeos.xml:40(para)
3717
msgid ""
3718
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
3719
"kernel that only contains the base elements needed to run within a "
3720
"virtualized environment."
3721
msgstr ""
3722
3723
#: serverguide/C/virtualization.xml:426(para) serverguide/C/jeos.xml:45(para)
3724
msgid ""
3725
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
3726
"in the latest virtualization products from VMware. This combination of "
3727
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
3728
"delivers a highly efficient use of server resources in large virtual "
3729
"deployments."
3730
msgstr ""
3731
3732
#: serverguide/C/virtualization.xml:432(para) serverguide/C/jeos.xml:51(para)
3733
msgid ""
3734
"Without unnecessary drivers, and only the minimal required packages, ISVs "
3735
"can configure their supporting OS exactly as they require. They have the "
3736
"peace of mind that updates, whether for security or enhancement reasons, "
3737
"will be limited to the bare minimum of what is required in their specific "
3738
"environment. In turn, users deploying virtual appliances built on top of "
3739
"JeOS will have to go through fewer updates and therefore less maintenance "
3740
"than they would have had to with a standard full installation of a server."
3741
msgstr ""
3742
3743
#: serverguide/C/virtualization.xml:441(title) serverguide/C/jeos.xml:60(title)
3744
msgid "What is vmbuilder"
3745
msgstr ""
3746
3747
#: serverguide/C/virtualization.xml:443(para) serverguide/C/jeos.xml:62(para)
3748
msgid ""
3749
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
3750
"will fetch the various package and build a virtual machine tailored for our "
3751
"need in about a minute for us. Vmbuilder is a Script that automates the "
3752
"process of creating a ready to use Linux based VM. The currently supported "
3753
"hypervisors are KVM and Xen."
3754
msgstr ""
3755
3756
#: serverguide/C/virtualization.xml:449(para) serverguide/C/jeos.xml:68(para)
3757
msgid ""
3758
"You can pass command line options to add extra packages, remove packages, "
3759
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
3760
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
3761
"a local mirror, you can bootstrap a VM in less than a minute."
3762
msgstr ""
3763
3764
#: serverguide/C/virtualization.xml:455(para) serverguide/C/jeos.xml:74(para)
3765
msgid ""
3766
"First introduced as a shell script in Ubuntu 8.04LTS, <application>ubuntu-vm-"
3767
"builder</application> started with little emphasis as a hack to help "
3768
"developers test their new code in a virtual machine without having to "
3769
"restart from scratch each time. As a few Ubuntu administrators started to "
3770
"notice this script, a few of them went on improving it and adapting it for "
3771
"so many use case that Soren Hansen (the author of the script and Ubuntu "
3772
"virtualization specialist, not the golf player) decided to rewrite it from "
3773
"scratch for Intrepid as a python script with a few new design goals:"
3774
msgstr ""
3775
3776
#: serverguide/C/virtualization.xml:465(para) serverguide/C/jeos.xml:84(para)
3777
msgid "Develop it so that it can be reused by other distributions."
3778
msgstr ""
3779
3780
#: serverguide/C/virtualization.xml:470(para) serverguide/C/jeos.xml:89(para)
3781
msgid ""
3782
"Use a plugin mechanisms for all virtualization interactions so that others "
3783
"can easily add logic for other virtualization environments."
3784
msgstr ""
3785
3786
#: serverguide/C/virtualization.xml:475(para) serverguide/C/jeos.xml:94(para)
3787
msgid ""
3788
"Provide an easy to maintain web interface as an option to the command line "
3789
"interface."
3790
msgstr ""
3791
3792
#: serverguide/C/virtualization.xml:481(para) serverguide/C/jeos.xml:100(para)
3793
msgid "But the general principles and commands remain the same."
3794
msgstr ""
3795
3796
#: serverguide/C/virtualization.xml:488(title) serverguide/C/jeos.xml:107(title)
3797
msgid "Initial Setup"
3798
msgstr ""
3799
3800
#: serverguide/C/virtualization.xml:490(para) serverguide/C/jeos.xml:109(para)
3801
msgid ""
3802
"It is assumed that you have installed and configured "
3803
"<application>libvirt</application> and <application>KVM</application> "
3804
"locally on the machine you are using. For details on how to perform this, "
3805
"please refer to:"
3806
msgstr ""
3807
3808
#: serverguide/C/virtualization.xml:502(para) serverguide/C/jeos.xml:121(para)
3809
msgid ""
3810
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
3811
"page."
3812
msgstr ""
3813
3814
#: serverguide/C/virtualization.xml:508(para) serverguide/C/jeos.xml:127(para)
3815
msgid ""
3816
"We also assume that you know how to use a text based text editor such as "
3817
"nano or vi. If you have not used any of them before, you can get an overview "
3818
"of the various text editors available by reading the <ulink "
3819
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
3820
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
3821
"principle should remain on other virtualization technologies."
3822
msgstr ""
3823
3824
#: serverguide/C/virtualization.xml:516(title) serverguide/C/jeos.xml:135(title)
3825
msgid "Install vmbuilder"
3826
msgstr ""
3827
3828
#: serverguide/C/virtualization.xml:518(para) serverguide/C/jeos.xml:137(para)
3829
msgid ""
3830
"The name of the package that we need to install is <application>python-vm-"
3831
"builder</application>. In a terminal prompt enter:"
3832
msgstr ""
3833
3834
#: serverguide/C/virtualization.xml:523(command) serverguide/C/jeos.xml:142(command)
3835
msgid "sudo apt-get install python-vm-builder"
3836
msgstr ""
3837
3838
#: serverguide/C/virtualization.xml:527(para) serverguide/C/jeos.xml:146(para)
3839
msgid ""
3840
"If you are running Hardy, you can still perform most of this using the older "
3841
"version of the package named <application>ubuntu-vm-builder</application>, "
3842
"there are only a few changes to the syntax of the tool."
3843
msgstr ""
3844
3845
#: serverguide/C/virtualization.xml:536(title) serverguide/C/jeos.xml:155(title)
3846
msgid "Defining Your Virtual Machine"
3847
msgstr ""
3848
3849
#: serverguide/C/virtualization.xml:538(para) serverguide/C/jeos.xml:157(para)
3850
msgid ""
3851
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
3852
"are a few thing to consider:"
3853
msgstr ""
3854
3855
#: serverguide/C/virtualization.xml:544(para) serverguide/C/jeos.xml:163(para)
3856
msgid ""
3857
"If you plan on shipping a virtual appliance, do not assume that the end-user "
3858
"will know how to extend disk size to fit their need, so either plan for a "
3859
"large virtual disk to allow for your appliance to grow, or explain fairly "
3860
"well in your documentation how to allocate more space. It might actually be "
3861
"a good idea to store data on some separate external storage."
3862
msgstr ""
3863
3864
#: serverguide/C/virtualization.xml:551(para) serverguide/C/jeos.xml:170(para)
3865
msgid ""
3866
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
3867
"whatever you think is a safe minimum for your appliance."
3868
msgstr ""
3869
3870
#: serverguide/C/virtualization.xml:557(para) serverguide/C/jeos.xml:176(para)
3871
msgid ""
3872
"The <application>vmbuilder</application> command has 2 main parameters: the "
3873
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
3874
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
3875
"and can be found using the following command:"
3876
msgstr ""
3877
3878
#: serverguide/C/virtualization.xml:563(command) serverguide/C/jeos.xml:182(command)
3879
msgid "vmbuilder --help"
3880
msgstr ""
3881
3882
#: serverguide/C/virtualization.xml:567(title) serverguide/C/jeos.xml:186(title)
3883
msgid "Base Parameters"
3884
msgstr ""
3885
3886
#: serverguide/C/virtualization.xml:569(para) serverguide/C/jeos.xml:188(para)
3887
msgid ""
3888
"As this example is based on <application>KVM</application> and Ubuntu 9.04 "
3889
"(Jaunty Jackalope), and we are likely to rebuild the same virtual machine "
3890
"multiple time, we'll invoke vmbuilder with the following first parameters:"
3891
msgstr ""
3892
3893
#: serverguide/C/virtualization.xml:575(command) serverguide/C/jeos.xml:194(command)
3894
msgid ""
3895
"sudo vmbuilder kvm ubuntu --suite jaunty --flavour virtual --arch i386 -o --"
3896
"libvirt qemu:///system"
3897
msgstr ""
3898
3899
#: serverguide/C/virtualization.xml:578(para) serverguide/C/jeos.xml:197(para)
3900
msgid ""
3901
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
3902
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
3903
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
3904
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
3905
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
3906
"libvirt</emphasis> tells to inform the local virtualization environment to "
3907
"add the resulting VM to the list of available machines."
3908
msgstr ""
3909
3910
#: serverguide/C/virtualization.xml:586(para) serverguide/C/jeos.xml:205(para)
3911
msgid "Notes:"
3912
msgstr ""
3913
3914
#: serverguide/C/virtualization.xml:592(para)
3915
msgid ""
3916
"Because of the nature of operations performed by vmbuilder, it needs to have "
3917
"root privilege, hence the use of sudo."
3918
msgstr ""
3919
3920
#: serverguide/C/virtualization.xml:597(para) serverguide/C/jeos.xml:216(para)
3921
msgid ""
3922
"If your virtual machine needs to use more than 3Gb of ram, you should build "
3923
"a 64 bit machine (--arch amd64)."
3924
msgstr ""
3925
3926
#: serverguide/C/virtualization.xml:602(para) serverguide/C/jeos.xml:221(para)
3927
msgid ""
3928
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
3929
"architecture, so if you want to define an amd64 machine on Hardy, you should "
3930
"use <emphasis>--flavour</emphasis> server instead."
3931
msgstr ""
3932
3933
#: serverguide/C/virtualization.xml:610(title) serverguide/C/jeos.xml:229(title)
3934
msgid "JeOS Installation Parameters"
3935
msgstr ""
3936
3937
#: serverguide/C/virtualization.xml:613(title) serverguide/C/jeos.xml:232(title)
3938
msgid "JeOS Networking"
3939
msgstr ""
3940
3941
#: serverguide/C/virtualization.xml:616(title) serverguide/C/jeos.xml:235(title)
3942
msgid "Assigning a fixed IP address"
3943
msgstr ""
3944
3945
#: serverguide/C/virtualization.xml:618(para) serverguide/C/jeos.xml:237(para)
3946
msgid ""
3947
"As a virtual appliance that may be deployed on various very different "
3948
"networks, it is very difficult to know what the actual network will look "
3949
"like. In order to simplify configuration, it is a good idea to take an "
3950
"approach similar to what network hardware vendors usually do, namely "
3951
"assigning an initial fixed IP address to the appliance in a private class "
3952
"network that you will provide in your documentation. An address in the range "
3953
"192.168.0.0/255 is usually a good choice."
3954
msgstr ""
3955
3956
#: serverguide/C/virtualization.xml:625(para) serverguide/C/jeos.xml:244(para)
3957
msgid "To do this we'll use the following parameters:"
3958
msgstr ""
3959
3960
#: serverguide/C/virtualization.xml:631(para) serverguide/C/jeos.xml:250(para)
3961
msgid ""
3962
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
3963
"dhcp if not specified)"
3964
msgstr ""
3965
3966
#: serverguide/C/virtualization.xml:636(para) serverguide/C/jeos.xml:255(para)
3967
msgid ""
3968
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
3969
"255.255.255.0)"
3970
msgstr ""
3971
3972
#: serverguide/C/virtualization.xml:641(para) serverguide/C/jeos.xml:260(para)
3973
msgid "<emphasis>--net VALUE</emphasis>: IP net address (default: X.X.X.0)"
3974
msgstr ""
3975
3976
#: serverguide/C/virtualization.xml:646(para) serverguide/C/jeos.xml:265(para)
3977
msgid "<emphasis>--bcast VALUE</emphasis>: IP broadcast (default: X.X.X.255)"
3978
msgstr ""
3979
3980
#: serverguide/C/virtualization.xml:651(para) serverguide/C/jeos.xml:270(para)
3981
msgid "<emphasis>--gw ADDRESS</emphasis>: Gateway address (default: X.X.X.1)"
3982
msgstr ""
3983
3984
#: serverguide/C/virtualization.xml:656(para) serverguide/C/jeos.xml:275(para)
3985
msgid ""
3986
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
3987
msgstr ""
3988
3989
#: serverguide/C/virtualization.xml:662(para) serverguide/C/jeos.xml:281(para)
3990
msgid ""
3991
"We assume for now that default values are good enough, so the resulting "
3992
"invocation becomes:"
3993
msgstr ""
3994
3995
#: serverguide/C/virtualization.xml:667(command) serverguide/C/jeos.xml:286(command)
3996
msgid ""
3997
"sudo vmbuilder kvm ubuntu --suite jaunty --flavour virtual --arch i386 -o --"
3998
"libvirt qemu:///system --ip 192.168.0.100"
3999
msgstr ""
4000
4001
#: serverguide/C/virtualization.xml:672(title) serverguide/C/jeos.xml:291(title)
4002
msgid "Modifying the libvirt Template to use Bridging"
4003
msgstr ""
4004
4005
#: serverguide/C/virtualization.xml:674(para) serverguide/C/jeos.xml:293(para)
4006
msgid ""
4007
"Because our appliance will be likely to need to be accessed by remote hosts, "
4008
"we need to configure libvirt so that the appliance uses bridge networking. "
4009
"To do this we use vmbuilder template mechanism to modify the default one."
4010
msgstr ""
4011
4012
#: serverguide/C/virtualization.xml:679(para) serverguide/C/jeos.xml:298(para)
4013
msgid ""
4014
"In our working directory we create the template hierarchy and copy the "
4015
"default template:"
4016
msgstr ""
4017
4018
#: serverguide/C/virtualization.xml:684(command) serverguide/C/jeos.xml:303(command)
4019
msgid "mkdir -p VMBuilder/plugins/libvirt/templates"
4020
msgstr ""
4021
4022
#: serverguide/C/virtualization.xml:685(command) serverguide/C/jeos.xml:304(command)
4023
msgid "cp /etc/vmbuilder/libvirt/* VMBuilder/plugins/libvirt/templates/"
4024
msgstr ""
4025
4026
#: serverguide/C/virtualization.xml:688(para) serverguide/C/jeos.xml:307(para)
4027
msgid ""
4028
"We can then edit "
4029
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4030
"change:"
4031
msgstr ""
4032
4033
#: serverguide/C/virtualization.xml:692(programlisting) serverguide/C/jeos.xml:311(programlisting)
4034
#, no-wrap
4035
msgid ""
4036
"\n"
4037
" <interface type='network'>\n"
4038
" <source network='default'/>\n"
4039
" </interface>\n"
4040
msgstr ""
4041
4042
#: serverguide/C/virtualization.xml:698(para) serverguide/C/jeos.xml:317(para)
4043
msgid "To:"
4044
msgstr ""
4045
4046
#: serverguide/C/virtualization.xml:702(programlisting)
4047
#, no-wrap
4048
msgid ""
4049
"\n"
4050
" <interface type='bridge'>\n"
4051
" <source bridge='br0'/>\n"
4052
" </interface>\n"
4053
msgstr ""
4054
4055
#: serverguide/C/virtualization.xml:712(title) serverguide/C/jeos.xml:331(title) serverguide/C/installation.xml:406(title)
4056
msgid "Partitioning"
4057
msgstr ""
4058
4059
#: serverguide/C/virtualization.xml:714(para) serverguide/C/jeos.xml:333(para)
4060
msgid ""
4061
"Partitioning of the virtual appliance will have to take into consideration "
4062
"what you are planning to do with is. Because most appliances want to have a "
4063
"separate storage for data, having a separate <filename>/var</filename> would "
4064
"make sense."
4065
msgstr ""
4066
4067
#: serverguide/C/virtualization.xml:719(para) serverguide/C/jeos.xml:338(para)
4068
msgid ""
4069
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4070
msgstr ""
4071
4072
#: serverguide/C/virtualization.xml:723(programlisting) serverguide/C/jeos.xml:342(programlisting)
4073
#, no-wrap
4074
msgid ""
4075
"\n"
4076
"--part PATH\n"
4077
" Allows to specify a partition table in partfile each line of partfile "
4078
"should specify\n"
4079
" (root first):\n"
4080
" mountpoint size\n"
4081
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4082
"disk starts on a\n"
4083
" line with ’---’. ie :\n"
4084
" root 1000\n"
4085
" /opt 1000\n"
4086
" swap 256\n"
4087
" ---\n"
4088
" /var 2000\n"
4089
" /log 1500\n"
4090
msgstr ""
4091
4092
#: serverguide/C/virtualization.xml:738(para) serverguide/C/jeos.xml:357(para)
4093
msgid ""
4094
"In our case we will define a text file name "
4095
"<filename>vmbuilder.partition</filename> which will contain the following:"
4096
msgstr ""
4097
4098
#: serverguide/C/virtualization.xml:742(programlisting) serverguide/C/jeos.xml:361(programlisting)
4099
#, no-wrap
4100
msgid ""
4101
"\n"
4102
"root 8000\n"
4103
"swap 4000\n"
4104
"---\n"
4105
"/var 20000\n"
4106
msgstr ""
4107
4108
#: serverguide/C/virtualization.xml:750(para) serverguide/C/jeos.xml:369(para)
4109
msgid ""
4110
"Note that as we are using virtual disk images, the actual sizes that we put "
4111
"here are maximum sizes for these volumes."
4112
msgstr ""
4113
4114
#: serverguide/C/virtualization.xml:755(para) serverguide/C/jeos.xml:374(para)
4115
msgid "Our command line now looks like:"
4116
msgstr ""
4117
4118
#: serverguide/C/virtualization.xml:760(command) serverguide/C/jeos.xml:379(command)
4119
msgid ""
4120
"sudo vmbuilder kvm ubuntu --suite jaunty --flavour virtual --arch i386 \\ -o "
4121
"--libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4122
msgstr ""
4123
4124
#: serverguide/C/virtualization.xml:765(para) serverguide/C/jeos.xml:384(para)
4125
msgid ""
4126
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4127
"next line."
4128
msgstr ""
4129
4130
#: serverguide/C/virtualization.xml:772(title) serverguide/C/jeos.xml:391(title)
4131
msgid "User and Password"
4132
msgstr ""
4133
4134
#: serverguide/C/virtualization.xml:774(para) serverguide/C/jeos.xml:393(para)
4135
msgid ""
4136
"Again setting up a virtual appliance, you will need to provide a default "
4137
"user and password that is generic so that you can include it in your "
4138
"documentation. We will see later on in this tutorial how we will provide "
4139
"some security by defining a script that will be run the first time a user "
4140
"actually logs in the appliance, that will, among other things, ask him to "
4141
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4142
"as my user name, and <emphasis>'default'</emphasis> as the password."
4143
msgstr ""
4144
4145
#: serverguide/C/virtualization.xml:782(para) serverguide/C/jeos.xml:401(para)
4146
msgid "To do this we use the following optional parameters:"
4147
msgstr ""
4148
4149
#: serverguide/C/virtualization.xml:788(para) serverguide/C/jeos.xml:407(para)
4150
msgid ""
4151
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4152
"Default: ubuntu."
4153
msgstr ""
4154
4155
#: serverguide/C/virtualization.xml:793(para) serverguide/C/jeos.xml:412(para)
4156
msgid ""
4157
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4158
"added. Default: Ubuntu."
4159
msgstr ""
4160
4161
#: serverguide/C/virtualization.xml:798(para) serverguide/C/jeos.xml:417(para)
4162
msgid ""
4163
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4164
"Default: ubuntu."
4165
msgstr ""
4166
4167
#: serverguide/C/virtualization.xml:804(para) serverguide/C/jeos.xml:423(para)
4168
msgid "Our resulting command line becomes:"
4169
msgstr ""
4170
4171
#: serverguide/C/virtualization.xml:809(command) serverguide/C/jeos.xml:428(command)
4172
msgid ""
4173
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
4174
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4175
"-user user --name user --pass default"
4176
msgstr ""
4177
4178
#: serverguide/C/virtualization.xml:817(title) serverguide/C/jeos.xml:436(title)
4179
msgid "Installing Required Packages"
4180
msgstr ""
4181
4182
#: serverguide/C/virtualization.xml:819(para) serverguide/C/jeos.xml:438(para)
4183
msgid ""
4184
"In this example we will be installing a package "
4185
"<application>(Limesurvey)</application> that accesses a "
4186
"<application>MySQL</application> database and has a web interface. We will "
4187
"therefore require our OS to provide us with:"
4188
msgstr ""
4189
4190
#: serverguide/C/virtualization.xml:826(para) serverguide/C/jeos.xml:445(para)
4191
msgid "Apache"
4192
msgstr ""
4193
4194
#: serverguide/C/virtualization.xml:827(para) serverguide/C/jeos.xml:446(para)
4195
msgid "PHP"
4196
msgstr ""
4197
4198
#: serverguide/C/virtualization.xml:828(para) serverguide/C/jeos.xml:447(para) serverguide/C/databases.xml:19(trademark) serverguide/C/databases.xml:31(title)
4199
msgid "MySQL"
4200
msgstr "MySQL"
4201
4202
#: serverguide/C/virtualization.xml:829(para) serverguide/C/remote-administration.xml:20(title) serverguide/C/jeos.xml:448(para)
4203
msgid "OpenSSH Server"
4204
msgstr ""
4205
4206
#: serverguide/C/virtualization.xml:830(para) serverguide/C/jeos.xml:449(para)
4207
msgid "Limesurvey (as an example application that we have packaged)"
4208
msgstr ""
4209
4210
#: serverguide/C/virtualization.xml:833(para) serverguide/C/jeos.xml:452(para)
4211
msgid ""
4212
"This is done using vmbuilder by specifying the --addpkg command multiple "
4213
"times:"
4214
msgstr ""
4215
4216
#: serverguide/C/virtualization.xml:837(programlisting) serverguide/C/jeos.xml:456(programlisting)
4217
#, no-wrap
4218
msgid ""
4219
"\n"
4220
"--addpkg PKG\n"
4221
" Install PKG into the guest (can be specfied multiple times)\n"
4222
msgstr ""
4223
4224
#: serverguide/C/virtualization.xml:842(para) serverguide/C/jeos.xml:461(para)
4225
msgid ""
4226
"However, due to the way vmbuilder operates, packages that have to ask "
4227
"questions to the user during the post install phase are not supported and "
4228
"should instead be installed while interactivity can occur. This is the case "
4229
"of Limesurvey, which we will have to install later, once the user logs in."
4230
msgstr ""
4231
4232
#: serverguide/C/virtualization.xml:848(para) serverguide/C/jeos.xml:467(para)
4233
msgid ""
4234
"Other packages that ask simple debconf question, such as <application>mysql-"
4235
"server</application> asking to set a password, the package can be installed "
4236
"immediately, but we will have to reconfigure it the first time the user logs "
4237
"in."
4238
msgstr ""
4239
4240
#: serverguide/C/virtualization.xml:854(para) serverguide/C/jeos.xml:473(para)
4241
msgid ""
4242
"If some packages that we need to install are not in main, we need to enable "
4243
"the additional repositories using --comp and --ppa:"
4244
msgstr ""
4245
4246
#: serverguide/C/virtualization.xml:858(programlisting) serverguide/C/jeos.xml:477(programlisting)
4247
#, no-wrap
4248
msgid ""
4249
"\n"
4250
"--components COMP1,COMP2,...,COMPN\n"
4251
" A comma separated list of distro components to include (e.g. "
4252
"main,universe). This defaults\n"
4253
" to \"main\"\n"
4254
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4255
msgstr ""
4256
4257
#: serverguide/C/virtualization.xml:865(para) serverguide/C/jeos.xml:484(para)
4258
msgid ""
4259
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4260
"PPA (personal package archive) address so that it is added to the VM "
4261
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4262
"to the command line:"
4263
msgstr ""
4264
4265
#: serverguide/C/virtualization.xml:871(command) serverguide/C/jeos.xml:490(command)
4266
msgid ""
4267
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4268
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4269
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4270
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4271
"server --ppa nijaba"
4272
msgstr ""
4273
4274
#: serverguide/C/virtualization.xml:878(title) serverguide/C/jeos.xml:497(title)
4275
msgid "OpenSSH"
4276
msgstr ""
4277
4278
#: serverguide/C/virtualization.xml:880(para)
4279
msgid ""
4280
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4281
"it will allow our admins to access the appliance remotely. However, pushing "
4282
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4283
"security risk as all these server will share the same secret key, making it "
4284
"very easy for hackers to target our appliance with all the tools they need "
4285
"to crack it open in a breeze. As for the user password, we will instead rely "
4286
"on a script that will install OpenSSH the first time a user logs in so that "
4287
"the key generated will be different for each appliance. For this we'll use a "
4288
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4289
"interaction."
4290
msgstr ""
4291
4292
#: serverguide/C/virtualization.xml:892(title) serverguide/C/jeos.xml:511(title)
4293
msgid "Speed Considerations"
4294
msgstr ""
4295
4296
#: serverguide/C/virtualization.xml:895(title) serverguide/C/jeos.xml:514(title)
4297
msgid "Package Caching"
4298
msgstr ""
4299
4300
#: serverguide/C/virtualization.xml:897(para) serverguide/C/jeos.xml:516(para)
4301
msgid ""
4302
"When vmbuilder creates builds your system, it has to go fetch each one of "
4303
"the packages that composes it over the network to one of the official "
4304
"repositories, which, depending on your internet connection speed and the "
4305
"load of the mirror, can have a big impact on the actual build time. In order "
4306
"to reduce this, it is recommended to either have a local repository (which "
4307
"can be created using <application>apt-mirror</application>) or using a "
4308
"caching proxy such as <application>apt-cache</application>. The later option "
4309
"being much simpler to implement and requiring less disk space, it is the one "
4310
"we will pick in this tutorial. To install it, simply type:"
4311
msgstr ""
4312
4313
#: serverguide/C/virtualization.xml:907(command) serverguide/C/jeos.xml:526(command)
4314
msgid "sudo apt-get install apt-proxy"
4315
msgstr ""
4316
4317
#: serverguide/C/virtualization.xml:910(para) serverguide/C/jeos.xml:529(para)
4318
msgid ""
4319
"Once this is complete, your (empty) proxy is ready for use on "
4320
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4321
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4322
"option:"
4323
msgstr ""
4324
4325
#: serverguide/C/virtualization.xml:915(programlisting) serverguide/C/jeos.xml:534(programlisting)
4326
#, no-wrap
4327
msgid ""
4328
"\n"
4329
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4330
" is http://archive.ubuntu.com/ubuntu for official\n"
4331
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4332
" otherwise\n"
4333
msgstr ""
4334
4335
#: serverguide/C/virtualization.xml:922(para) serverguide/C/jeos.xml:541(para)
4336
msgid "So we add to the command line:"
4337
msgstr ""
4338
4339
#: serverguide/C/virtualization.xml:927(command) serverguide/C/jeos.xml:546(command)
4340
msgid "--mirror http://mirroraddress:9999/ubuntu"
4341
msgstr ""
4342
4343
#: serverguide/C/virtualization.xml:931(para) serverguide/C/jeos.xml:550(para)
4344
msgid ""
4345
"The mirror address specified here will also be used in the "
4346
"<filename>/etc/apt/source.list</filename> of the newly created guest, so it "
4347
"is usefull to specify here an address that can be resolved by the guest or "
4348
"to plan on reseting this address later on, such as in a <emphasis>--"
4349
"firstboot</emphasis> script."
4350
msgstr ""
4351
4352
#: serverguide/C/virtualization.xml:940(title) serverguide/C/jeos.xml:559(title)
4353
msgid "Install a Local Mirror"
4354
msgstr ""
4355
4356
#: serverguide/C/virtualization.xml:942(para) serverguide/C/jeos.xml:561(para)
4357
msgid ""
4358
"If we are in a larger environment, it may make sense to setup a local mirror "
4359
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4360
"script that will handle the mirroring for you. You should plan on having "
4361
"about 20 gigabyte of free space per supported release and architecture."
4362
msgstr ""
4363
4364
#: serverguide/C/virtualization.xml:948(para) serverguide/C/jeos.xml:567(para)
4365
msgid ""
4366
"By default, <application>apt-mirror</application> uses the configuration "
4367
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4368
"replicate only the architecture of the local machine. If you would like to "
4369
"support other architectures on your mirror, simply duplicate the lines "
4370
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4371
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4372
"archives as well, you will have:"
4373
msgstr ""
4374
4375
#: serverguide/C/virtualization.xml:955(programlisting) serverguide/C/jeos.xml:574(programlisting)
4376
#, no-wrap
4377
msgid ""
4378
"\n"
4379
"deb http://archive.ubuntu.com/ubuntu jaunty main restricted universe "
4380
"multiverse \n"
4381
"/deb-i386 http://archive.ubuntu.com/ubuntu jaunty main restricted universe "
4382
"multiverse\n"
4383
"\n"
4384
"deb http://archive.ubuntu.com/ubuntu jaunty-updates main restricted "
4385
"universe multiverse \n"
4386
"/deb-i386 http://archive.ubuntu.com/ubuntu jaunty-updates main restricted "
4387
"universe multiverse \n"
4388
"\n"
4389
"deb http://archive.ubuntu.com/ubuntu/ jaunty-backports main restricted "
4390
"universe multiverse \n"
4391
"/deb-i386 http://archive.ubuntu.com/ubuntu jaunty-backports main restricted "
4392
"universe multiverse \n"
4393
"\n"
4394
"deb http://security.ubuntu.com/ubuntu jaunty-security main restricted "
4395
"universe multiverse \n"
4396
"/deb-i386 http://security.ubuntu.com/ubuntu jaunty-security main restricted "
4397
"universe multiverse \n"
4398
"\n"
4399
"deb http://archive.ubuntu.com/ubuntu jaunty main/debian-installer "
4400
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4401
"installer \n"
4402
"/deb-i386 http://archive.ubuntu.com/ubuntu jaunty main/debian-installer "
4403
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4404
"installer \n"
4405
msgstr ""
4406
4407
#: serverguide/C/virtualization.xml:972(para) serverguide/C/jeos.xml:591(para)
4408
msgid ""
4409
"Notice that the source packages are not mirrored as they are seldom used "
4410
"compared to the binaries and they do take a lot more space, but they can be "
4411
"easily added to the list."
4412
msgstr ""
4413
4414
#: serverguide/C/virtualization.xml:977(para) serverguide/C/jeos.xml:596(para)
4415
msgid ""
4416
"Once the mirror has finished replicating (and this can be quite long), you "
4417
"need to configure Apache so that your mirror files (in "
4418
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4419
"default), are published by your Apache server. For more information on "
4420
"Apache see <xref linkend=\"httpd\"/>."
4421
msgstr ""
4422
4423
#: serverguide/C/virtualization.xml:986(title) serverguide/C/jeos.xml:605(title)
4424
msgid "Installing in a RAM Disk"
4425
msgstr ""
4426
4427
#: serverguide/C/virtualization.xml:988(para) serverguide/C/jeos.xml:607(para)
4428
msgid ""
4429
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4430
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4431
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4432
"-tmpfs</emphasis> will help you do just that:"
4433
msgstr ""
4434
4435
#: serverguide/C/virtualization.xml:994(programlisting) serverguide/C/jeos.xml:613(programlisting)
4436
#, no-wrap
4437
msgid ""
4438
"\n"
4439
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4440
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4441
msgstr ""
4442
4443
#: serverguide/C/virtualization.xml:999(para) serverguide/C/jeos.xml:618(para)
4444
msgid ""
4445
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4446
"have 1G of free ram."
4447
msgstr ""
4448
4449
#: serverguide/C/virtualization.xml:1006(title) serverguide/C/jeos.xml:625(title)
4450
msgid "Package the Application"
4451
msgstr ""
4452
4453
#: serverguide/C/virtualization.xml:1008(para) serverguide/C/jeos.xml:627(para)
4454
msgid "Two option are available to us:"
4455
msgstr ""
4456
4457
#: serverguide/C/virtualization.xml:1014(para) serverguide/C/jeos.xml:633(para)
4458
msgid ""
4459
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4460
"package. Since this is outside of the scope of this tutorial, we will not "
4461
"perform this here and invite the reader to read the documentation on how to "
4462
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4463
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4464
"repository for your package so that updates can be conveniently pulled from "
4465
"it. See the <ulink url=\"http://www.debian-"
4466
"administration.org/articles/286\">Debian Administration</ulink> article for "
4467
"a tutorial on this."
4468
msgstr ""
4469
4470
#: serverguide/C/virtualization.xml:1023(para) serverguide/C/jeos.xml:642(para)
4471
msgid ""
4472
"Manually install the application under <filename>/opt</filename> as "
4473
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4474
"guidelines</ulink>."
4475
msgstr ""
4476
4477
#: serverguide/C/virtualization.xml:1030(para) serverguide/C/jeos.xml:649(para)
4478
msgid ""
4479
"In our case we'll use <application>Limesurvey</application> as example web "
4480
"application for which we wish to provide a virtual appliance. As noted "
4481
"before, we've made a version of the package available in a PPA (Personal "
4482
"Package Archive)."
4483
msgstr ""
4484
4485
#: serverguide/C/virtualization.xml:1037(title) serverguide/C/jeos.xml:656(title)
4486
msgid "Finishing Install"
4487
msgstr ""
4488
4489
#: serverguide/C/virtualization.xml:1040(title) serverguide/C/jeos.xml:659(title)
4490
msgid "First Boot"
4491
msgstr ""
4492
4493
#: serverguide/C/virtualization.xml:1042(para) serverguide/C/jeos.xml:661(para)
4494
msgid ""
4495
"As we mentioned earlier, the first time the machine boots we'll need to "
4496
"install <application>openssh-server</application> so that the key generated "
4497
"for it is unique for each machine. To do this, we'll write a script called "
4498
"<filename>boot.sh</filename> as follows:"
4499
msgstr ""
4500
4501
#: serverguide/C/virtualization.xml:1048(programlisting) serverguide/C/jeos.xml:667(programlisting)
4502
#, no-wrap
4503
msgid ""
4504
"\n"
4505
"# This script will run the first time the virtual machine boots\n"
4506
"# It is ran as root.\n"
4507
"\n"
4508
"apt-get update\n"
4509
"apt-get install -qqy --force-yes openssh-server\n"
4510
msgstr ""
4511
4512
#: serverguide/C/virtualization.xml:1056(para) serverguide/C/jeos.xml:675(para)
4513
msgid ""
4514
"And we add the <command>--firstboot boot.sh</command> option to our command "
4515
"line."
4516
msgstr ""
4517
4518
#: serverguide/C/virtualization.xml:1062(title) serverguide/C/jeos.xml:681(title)
4519
msgid "First Login"
4520
msgstr ""
4521
4522
#: serverguide/C/virtualization.xml:1064(para) serverguide/C/jeos.xml:683(para)
4523
msgid ""
4524
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4525
"set them up the first time a user logs in using a script named login.sh. "
4526
"We'll also use this script to let the user specify:"
4527
msgstr ""
4528
4529
#: serverguide/C/virtualization.xml:1070(para) serverguide/C/jeos.xml:689(para)
4530
msgid "His own password"
4531
msgstr ""
4532
4533
#: serverguide/C/virtualization.xml:1071(para) serverguide/C/jeos.xml:690(para)
4534
msgid "Define the keyboard and other locale info he wants to use"
4535
msgstr ""
4536
4537
#: serverguide/C/virtualization.xml:1074(para) serverguide/C/jeos.xml:693(para)
4538
msgid "So we'll define <filename>login.sh</filename> as follows:"
4539
msgstr ""
4540
4541
#: serverguide/C/virtualization.xml:1078(programlisting) serverguide/C/jeos.xml:697(programlisting)
4542
#, no-wrap
4543
msgid ""
4544
"\n"
4545
"# This script is ran the first time a user logs in\n"
4546
"\n"
4547
"echo \"Your appliance is about to be finished to be set up.\"\n"
4548
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4549
"echo \"starting by changing your user password.\"\n"
4550
"\n"
4551
"passwd\n"
4552
"\n"
4553
"#give the opportunity to change the keyboard\n"
4554
"sudo dpkg-reconfigure console-setup\n"
4555
"\n"
4556
"#configure the mysql server root password\n"
4557
"sudo dpkg-reconfigure mysql-server-5.0\n"
4558
"\n"
4559
"#install limesurvey\n"
4560
"sudo apt-get install -qqy --force-yes limesurvey\n"
4561
"\n"
4562
"echo \"Your appliance is now configured. To use it point your\"\n"
4563
"echo \"browser to http://serverip/limesurvey/admin\"\n"
4564
msgstr ""
4565
4566
#: serverguide/C/virtualization.xml:1100(para) serverguide/C/jeos.xml:719(para)
4567
msgid ""
4568
"And we add the <command>--firstlogin login.sh</command> option to our "
4569
"command line."
4570
msgstr ""
4571
4572
#: serverguide/C/virtualization.xml:1107(title) serverguide/C/jeos.xml:726(title)
4573
msgid "Useful Additions"
4574
msgstr ""
4575
4576
#: serverguide/C/virtualization.xml:1110(title) serverguide/C/jeos.xml:729(title)
4577
msgid "Configuring Automatic Updates"
4578
msgstr ""
4579
4580
#: serverguide/C/virtualization.xml:1112(para) serverguide/C/jeos.xml:731(para)
4581
msgid ""
4582
"To have your system be configured to update itself on a regular basis, we "
4583
"will just install <application>unattended-upgrades</application>, so we add "
4584
"the following option to our command line:"
4585
msgstr ""
4586
4587
#: serverguide/C/virtualization.xml:1118(command) serverguide/C/jeos.xml:737(command)
4588
msgid "--addpkg unattended-upgrades"
4589
msgstr ""
4590
4591
#: serverguide/C/virtualization.xml:1121(para) serverguide/C/jeos.xml:740(para)
4592
msgid ""
4593
"As we have put our application package in a PPA, the process will update not "
4594
"only the system, but also the application each time we update the version in "
4595
"the PPA."
4596
msgstr ""
4597
4598
#: serverguide/C/virtualization.xml:1128(title) serverguide/C/jeos.xml:747(title)
4599
msgid "ACPI Event Handling"
4600
msgstr ""
4601
4602
#: serverguide/C/virtualization.xml:1130(para) serverguide/C/jeos.xml:749(para)
4603
msgid ""
4604
"For your virtual machine to be able to handle restart and shutdown events it "
4605
"is being sent, it is a good idea to install the acpid package as well. To do "
4606
"this we just add the following option:"
4607
msgstr ""
4608
4609
#: serverguide/C/virtualization.xml:1136(command) serverguide/C/jeos.xml:755(command)
4610
msgid "--addpkg acpid"
4611
msgstr ""
4612
4613
#: serverguide/C/virtualization.xml:1142(title) serverguide/C/jeos.xml:761(title)
4614
msgid "Final Command"
4615
msgstr ""
4616
4617
#: serverguide/C/virtualization.xml:1144(para) serverguide/C/jeos.xml:763(para)
4618
msgid "Here is what the command with all the options discussed above:"
4619
msgstr ""
4620
4621
#: serverguide/C/virtualization.xml:1149(command) serverguide/C/jeos.xml:768(command)
4622
msgid ""
4623
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
4624
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
4625
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
4626
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
4627
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
4628
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
4629
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
4630
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
4631
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
4632
"firstlogin login.sh es"
4633
msgstr ""
4634
4635
#: serverguide/C/virtualization.xml:1164(para) serverguide/C/jeos.xml:783(para)
4636
msgid ""
4637
"If you are interested in learning more, have questions or suggestions, "
4638
"please contact the Ubuntu Server Team at:"
4639
msgstr ""
4640
4641
#: serverguide/C/virtualization.xml:1169(para) serverguide/C/jeos.xml:788(para)
4642
msgid "IRC: #ubuntu-server on freenode"
4643
msgstr ""
4644
4645
#: serverguide/C/virtualization.xml:1174(para) serverguide/C/jeos.xml:793(para)
4646
msgid ""
4647
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
4648
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
4649
msgstr ""
4650
4651
#: serverguide/C/virtualization.xml:1182(title)
4652
msgid "Eucalyptus"
4653
msgstr ""
4654
4655
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1670(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:878(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
4656
msgid "Overview"
4657
msgstr ""
4658
4659
#: serverguide/C/virtualization.xml:1187(para)
4660
msgid ""
4661
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
4662
"for implementing \"cloud computing\" on your own clusters. "
4663
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
4664
"computing environment in order to maximize computing resources and provide a "
4665
"cloud computing environment to your users."
4666
msgstr ""
4667
4668
#: serverguide/C/virtualization.xml:1193(para)
4669
msgid ""
4670
"This section will cover setting up a Cloud Computing environment using "
4671
"<application>Eucalyptus</application> with <application>KVM</application>. "
4672
"For more information on KVM see <xref linkend=\"libvirt\"/>."
4673
msgstr ""
4674
4675
#: serverguide/C/virtualization.xml:1198(para)
4676
msgid ""
4677
"The Cloud Computing environment will consist of three components, typically "
4678
"installed on at least two separate machines (termed the 'front-end' and "
4679
"'node(s)' for the rest of this document):"
4680
msgstr ""
4681
4682
#: serverguide/C/virtualization.xml:1205(para)
4683
msgid ""
4684
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
4685
"Web configuration interface, and a Cluster Controller, which determines "
4686
"where virtual machines (VMs) will be housed and manages cluster level VM "
4687
"networking."
4688
msgstr ""
4689
4690
#: serverguide/C/virtualization.xml:1211(para)
4691
msgid ""
4692
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
4693
"component of Eucalyptus, which allows the machine to be part of the cloud as "
4694
"a host for VMs."
4695
msgstr ""
4696
4697
#: serverguide/C/virtualization.xml:1218(para)
4698
msgid ""
4699
"The simple <emphasis>System</emphasis> networking option will be used by "
4700
"default. This network method allows virtual machine instances, to obtain IP "
4701
"addresses from the local LAN, assuming that a DHCP server is properly "
4702
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
4703
"Each node will be configured for bridge networking. For more details see "
4704
"<xref linkend=\"bridging\"/>."
4705
msgstr ""
4706
4707
#: serverguide/C/virtualization.xml:1228(para)
4708
msgid ""
4709
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
4710
"packages. In a terminal prompt on the Front-End enter:"
4711
msgstr ""
4712
4713
#: serverguide/C/virtualization.xml:1233(command)
4714
msgid "sudo apt-get install eucalyptus-cloud eucalyptus-cc"
4715
msgstr ""
4716
4717
#: serverguide/C/virtualization.xml:1236(para)
4718
msgid ""
4719
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
4720
"controller package. In a terminal prompt on each Compute Node enter:"
4721
msgstr ""
4722
4723
#: serverguide/C/virtualization.xml:1241(command)
4724
msgid "sudo apt-get install eucalyptus-nc"
4725
msgstr ""
4726
4727
#: serverguide/C/virtualization.xml:1244(para)
4728
msgid ""
4729
"Once the installation is complete, and it may take a while, in a browser go "
4730
"to <emphasis>https://front-end:8443</emphasis> and login to the "
4731
"administration interface using the default username and password of "
4732
"<emphasis>admin</emphasis>. You will then be prompted to change the "
4733
"password, configure an email address for the admin user, and set the storage "
4734
"URL."
4735
msgstr ""
4736
4737
#: serverguide/C/virtualization.xml:1250(para)
4738
msgid ""
4739
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
4740
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
4741
"configuration, the cluster controller is on the same system as the cloud "
4742
"controller, so entering 'localhost' as the cluster hostname is correct). "
4743
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
4744
"button."
4745
msgstr ""
4746
4747
#: serverguide/C/virtualization.xml:1256(para)
4748
msgid ""
4749
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
4750
"cluster:"
4751
msgstr ""
4752
4753
#: serverguide/C/virtualization.xml:1261(command)
4754
msgid "sudo euca_conf -addnode hostname_of_node"
4755
msgstr ""
4756
4757
#: serverguide/C/virtualization.xml:1264(para)
4758
msgid ""
4759
"You will then be prompted to log into your Node, install the "
4760
"<application>eucalyptus-nc</application> package, and add the "
4761
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
4762
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
4763
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
4764
"synchronizing the eucalyptus component keys and node registration is "
4765
"complete."
4766
msgstr ""
4767
4768
#: serverguide/C/virtualization.xml:1270(para)
4769
msgid ""
4770
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
4771
"configuration file will need editing to use your node's bridge interface "
4772
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
4773
msgstr ""
4774
4775
#: serverguide/C/virtualization.xml:1275(programlisting)
4776
#, no-wrap
4777
msgid ""
4778
"\n"
4779
"VNET_INTERFACE=\"br0\"\n"
4780
"...\n"
4781
"VNET_BRIDGE=\"br0\"\n"
4782
msgstr ""
4783
4784
#: serverguide/C/virtualization.xml:1281(para)
4785
msgid "Finally, restart <application>eucalyptus-nc</application>:"
4786
msgstr ""
4787
4788
#: serverguide/C/virtualization.xml:1286(command)
4789
msgid "sudo /etc/init.d/eucalyptus-nc restart"
4790
msgstr ""
4791
4792
#: serverguide/C/virtualization.xml:1291(para)
4793
msgid ""
4794
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
4795
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
4796
"hostnames."
4797
msgstr ""
4798
4799
#: serverguide/C/virtualization.xml:1297(para)
4800
msgid ""
4801
"<application>Eucalyptus</application> is now ready to host images on the "
4802
"cloud."
4803
msgstr ""
4804
4805
#: serverguide/C/virtualization.xml:1307(para)
4806
msgid ""
4807
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
4808
"website</ulink> for more information."
4809
msgstr ""
4810
4811
#: serverguide/C/virtualization.xml:1312(para)
4812
msgid ""
4813
"For information on loading instances see the <ulink "
4814
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
4815
"page."
4816
msgstr ""
4817
4818
#: serverguide/C/virtualization.xml:1317(para)
4819
msgid ""
4820
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
4821
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
4822
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
4823
msgstr ""
4824
4825
#: serverguide/C/virtualization.xml:1327(title)
4826
msgid "OpenNebula"
4827
msgstr ""
4828
4829
#: serverguide/C/virtualization.xml:1329(para)
4830
msgid ""
4831
"<application>OpenNebula</application> allows virtual machines to be placed "
4832
"and re-placed dynamically on a pool of physical resources. This allows a "
4833
"virtual machine to be hosted from any location available."
4834
msgstr ""
4835
4836
#: serverguide/C/virtualization.xml:1334(para)
4837
msgid ""
4838
"This section will detail configuring an OpenNebula cluster using three "
4839
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
4840
"Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
4841
"also need a bridge configured to allow the virtual machines access to the "
4842
"local network. For details see <xref linkend=\"bridging\"/>."
4843
msgstr ""
4844
4845
#: serverguide/C/virtualization.xml:1343(para)
4846
msgid "First, from a terminal on the Front-End enter:"
4847
msgstr ""
4848
4849
#: serverguide/C/virtualization.xml:1348(command)
4850
msgid "sudo apt-get install opennebula"
4851
msgstr ""
4852
4853
#: serverguide/C/virtualization.xml:1351(para)
4854
msgid "On each Compute Node install:"
4855
msgstr ""
4856
4857
#: serverguide/C/virtualization.xml:1356(command)
4858
msgid "sudo apt-get install opennebula-node"
4859
msgstr ""
4860
4861
#: serverguide/C/virtualization.xml:1359(para)
4862
msgid ""
4863
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
4864
"to have a password. On each machine execute:"
4865
msgstr ""
4866
4867
#: serverguide/C/virtualization.xml:1364(command)
4868
msgid "sudo passwd oneadmin"
4869
msgstr ""
4870
4871
#: serverguide/C/virtualization.xml:1367(para)
4872
msgid ""
4873
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
4874
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
4875
msgstr ""
4876
4877
#: serverguide/C/virtualization.xml:1372(command)
4878
msgid ""
4879
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
4880
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
4881
msgstr ""
4882
4883
#: serverguide/C/virtualization.xml:1373(command)
4884
msgid ""
4885
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
4886
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
4887
msgstr ""
4888
4889
#: serverguide/C/virtualization.xml:1374(command)
4890
msgid ""
4891
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
4892
"/var/lib/one/.ssh/authorized_keys\""
4893
msgstr ""
4894
4895
#: serverguide/C/virtualization.xml:1377(para)
4896
msgid ""
4897
"The SSH key for the Compute Nodes needs to be added to the "
4898
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
4899
"accomplish this <application>ssh</application> to each Compute Node as a "
4900
"user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
4901
"session, and execute the following to copy the SSH key from "
4902
"<filename>~/.ssh/known_hosts</filename> to "
4903
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
4904
msgstr ""
4905
4906
#: serverguide/C/virtualization.xml:1384(command)
4907
msgid ""
4908
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
4909
"/etc/ssh/ssh_known_hosts\""
4910
msgstr ""
4911
4912
#: serverguide/C/virtualization.xml:1385(command)
4913
msgid ""
4914
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
4915
"/etc/ssh/ssh_known_hosts\""
4916
msgstr ""
4917
4918
#: serverguide/C/virtualization.xml:1389(para)
4919
msgid ""
4920
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
4921
"appropriate host names."
4922
msgstr ""
4923
4924
#: serverguide/C/virtualization.xml:1394(para)
4925
msgid ""
4926
"This allows the <emphasis>oneadmin</emphasis> to use "
4927
"<application>scp</application>, without a password or manual intervention, "
4928
"to deploy an image to the Compute Nodes."
4929
msgstr ""
4930
4931
#: serverguide/C/virtualization.xml:1399(para)
4932
msgid ""
4933
"On the Front-End create a directory to store the VM images, giving the "
4934
"<emphasis>oneadmin</emphasis> user access to the directory:"
4935
msgstr ""
4936
4937
#: serverguide/C/virtualization.xml:1404(command)
4938
msgid "sudo mkdir /var/lib/one/images"
4939
msgstr ""
4940
4941
#: serverguide/C/virtualization.xml:1405(command)
4942
msgid "sudo chown oneadmin /var/lib/one/images/"
4943
msgstr ""
4944
4945
#: serverguide/C/virtualization.xml:1408(para)
4946
msgid ""
4947
"Finally, copy a virtual machine disk file into "
4948
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
4949
"machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
4950
"and-vmbuilder\"/> for details."
4951
msgstr ""
4952
4953
#: serverguide/C/virtualization.xml:1417(para)
4954
msgid ""
4955
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
4956
"and virtual machines added to the cluster."
4957
msgstr ""
4958
4959
#: serverguide/C/virtualization.xml:1421(para)
4960
msgid "From a terminal prompt enter:"
4961
msgstr ""
4962
4963
#: serverguide/C/virtualization.xml:1426(command)
4964
msgid "onehost create node01 im_kvm vmm_kvm tm_ssh"
4965
msgstr ""
4966
4967
#: serverguide/C/virtualization.xml:1427(command)
4968
msgid "onehost create node02 im_kvm vmm_kvm tm_ssh"
4969
msgstr ""
4970
4971
#: serverguide/C/virtualization.xml:1430(para)
4972
msgid ""
4973
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
4974
"<filename>vnet01.template</filename>:"
4975
msgstr ""
4976
4977
#: serverguide/C/virtualization.xml:1434(programlisting)
4978
#, no-wrap
4979
msgid ""
4980
"\n"
4981
"NAME = \"LAN\"\n"
4982
"TYPE = RANGED\n"
4983
"BRIDGE = br0\n"
4984
"NETWORK_SIZE = C\n"
4985
"NETWORK_ADDRESS = 192.168.0.0\n"
4986
msgstr ""
4987
4988
#: serverguide/C/virtualization.xml:1443(para)
4989
msgid ""
4990
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
4991
msgstr ""
4992
4993
#: serverguide/C/virtualization.xml:1448(para)
4994
msgid ""
4995
"Using the <application>onevnet</application> utility, add the virtual "
4996
"network to OpenNebula:"
4997
msgstr ""
4998
4999
#: serverguide/C/virtualization.xml:1453(command)
5000
msgid "onevnet create vnet01.template"
5001
msgstr ""
5002
5003
#: serverguide/C/virtualization.xml:1456(para)
5004
msgid ""
5005
"Now create a <emphasis>VM Template</emphasis> file named "
5006
"<filename>vm01.template</filename>:"
5007
msgstr ""
5008
5009
#: serverguide/C/virtualization.xml:1460(programlisting)
5010
#, no-wrap
5011
msgid ""
5012
"\n"
5013
"NAME = vm01\n"
5014
"CPU = 0.5\n"
5015
"MEMORY = 512\n"
5016
"\n"
5017
"OS = [ BOOT = hd ]\n"
5018
"\n"
5019
"DISK = [\n"
5020
" source = \"/var/lib/one/images/vm01.qcow2\",\n"
5021
" target = \"hda\",\n"
5022
" readonly = \"no\" ]\n"
5023
"\n"
5024
"NIC = [ NETWORK=\"LAN\" ]\n"
5025
"\n"
5026
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
5027
msgstr ""
5028
5029
#: serverguide/C/virtualization.xml:1477(para)
5030
msgid "Start the virtual machine using <application>onevm</application>:"
5031
msgstr ""
5032
5033
#: serverguide/C/virtualization.xml:1482(command)
5034
msgid "onevm submit vm01.template"
5035
msgstr ""
5036
5037
#: serverguide/C/virtualization.xml:1485(para)
5038
msgid ""
5039
"Use the <application>onevm list</application> option to view information "
5040
"about virtual machines. Also, the <application>onevm show vm01</application> "
5041
"option will display more details about a specific virtual machine."
5042
msgstr ""
5043
5044
#: serverguide/C/virtualization.xml:1496(para)
5045
msgid ""
5046
"See the <ulink "
5047
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
5048
"> for more information."
5049
msgstr ""
5050
5051
#: serverguide/C/virtualization.xml:1501(para)
5052
msgid ""
5053
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
5054
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
5055
"url=\"http://freenode.net\">Freenode</ulink>."
5056
msgstr ""
5057
5058
#: serverguide/C/vcs.xml:13(title)
5059
msgid "Version Control System"
5060
msgstr ""
5061
5062
#: serverguide/C/vcs.xml:14(para)
5063
msgid ""
5064
"Version control is the art of managing changes to information. It has long "
5065
"been a critical tool for programmers, who typically spend their time making "
5066
"small changes to software and then undoing those changes the next day. But "
5067
"the usefulness of version control software extends far beyond the bounds of "
5068
"the software development world. Anywhere you can find people using computers "
5069
"to manage information that changes often, there is room for version control."
5070
msgstr ""
5071
5072
#: serverguide/C/vcs.xml:17(title)
5073
msgid "Bazaar"
5074
msgstr ""
5075
5076
#: serverguide/C/vcs.xml:18(para)
5077
msgid ""
5078
"Bazaar is a new version control system sponsored by Canonical, the "
5079
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
5080
"support a central repository model, Bazaar also supports "
5081
"<emphasis>distributed version control</emphasis>, giving people the ability "
5082
"to collaborate more efficiently. In particular, Bazaar is designed to "
5083
"maximize the level of community participation in open source projects."
5084
msgstr ""
5085
5086
#: serverguide/C/vcs.xml:29(para)
5087
msgid ""
5088
"At a terminal prompt, enter the following command to install "
5089
"<application>bzr</application>: <screen>\n"
5090
"<command>sudo apt-get install bzr</command>\n"
5091
"</screen>"
5092
msgstr ""
5093
5094
#: serverguide/C/vcs.xml:40(para)
5095
msgid ""
5096
"To introduce yourself to <application>bzr</application>, use the "
5097
"<emphasis>whoami</emphasis> command like this: <screen>\n"
5098
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
5099
"</screen>"
5100
msgstr ""
5101
5102
#: serverguide/C/vcs.xml:49(title)
5103
msgid "Learning Bazaar"
5104
msgstr ""
5105
5106
#: serverguide/C/vcs.xml:50(para)
5107
msgid ""
5108
"Bazaar comes with bundled documentation installed into "
5109
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
5110
"is a good place to start. The <application>bzr</application> command also "
5111
"comes with built-in help: <screen>\n"
5112
"<command>$ bzr help</command>\n"
5113
"</screen>"
5114
msgstr ""
5115
5116
#: serverguide/C/vcs.xml:60(para)
5117
msgid ""
5118
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
5119
"<command>$ bzr help foo</command>\n"
5120
"</screen>"
5121
msgstr ""
5122
5123
#: serverguide/C/vcs.xml:68(title)
5124
msgid "Launchpad Integration"
5125
msgstr ""
5126
5127
#: serverguide/C/vcs.xml:69(para)
5128
msgid ""
5129
"While highly useful as a stand-alone system, Bazaar has good, optional "
5130
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
5131
"the collaborative development system used by Canonical and the broader open "
5132
"source community to manage and extend Ubuntu itself. For information on how "
5133
"Bazaar can be used with Launchpad to collaborate on open source projects, "
5134
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
5135
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
5136
msgstr ""
5137
5138
#: serverguide/C/vcs.xml:81(title)
5139
msgid "Subversion"
5140
msgstr "Poversijis"
5141
5142
#: serverguide/C/vcs.xml:82(para)
5143
msgid ""
5144
"Subversion is an open source version control system. Using Subversion, you "
5145
"can record the history of source files and documents. It manages files and "
5146
"directories over time. A tree of files is placed into a central repository. "
5147
"The repository is much like an ordinary file server, except that it "
5148
"remembers every change ever made to files and directories."
5149
msgstr ""
5150
5151
#: serverguide/C/vcs.xml:87(para)
5152
msgid ""
5153
"To access Subversion repository using the HTTP protocol, you must install "
5154
"and configure a web server. Apache2 is proven to work with Subversion. "
5155
"Please refer to the HTTP subsection in the Apache2 section to install and "
5156
"configure Apache2. To access the Subversion repository using the HTTPS "
5157
"protocol, you must install and configure a digital certificate in your "
5158
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
5159
"section to install and configure the digital certificate."
5160
msgstr ""
5161
5162
#: serverguide/C/vcs.xml:96(para)
5163
msgid ""
5164
"To install Subversion, run the following command from a terminal prompt:"
5165
msgstr ""
5166
5167
#: serverguide/C/vcs.xml:101(command)
5168
msgid "sudo apt-get install subversion libapache2-svn"
5169
msgstr ""
5170
5171
#: serverguide/C/vcs.xml:107(title)
5172
msgid "Server Configuration"
5173
msgstr "Serverio Konfigūracija"
5174
5175
#: serverguide/C/vcs.xml:108(para)
5176
msgid ""
5177
"This step assumes you have installed above mentioned packages on your "
5178
"system. This section explains how to create a Subversion repository and "
5179
"access the project."
5180
msgstr ""
5181
5182
#: serverguide/C/vcs.xml:111(title)
5183
msgid "Create Subversion Repository"
5184
msgstr ""
5185
5186
#: serverguide/C/vcs.xml:112(para)
5187
msgid ""
5188
"The Subversion repository can be created using the following command from a "
5189
"terminal prompt:"
5190
msgstr ""
5191
5192
#: serverguide/C/vcs.xml:116(command)
5193
msgid "svnadmin create /path/to/repos/project"
5194
msgstr ""
5195
5196
#: serverguide/C/vcs.xml:121(title)
5197
msgid "Importing Files"
5198
msgstr ""
5199
5200
#: serverguide/C/vcs.xml:122(para)
5201
msgid ""
5202
"Once you create the repository you can <emphasis>import</emphasis> files "
5203
"into the repository. To import a directory, enter the following from a "
5204
"terminal prompt: <screen>\n"
5205
"<command>svn import /path/to/import/directory "
5206
"file:///path/to/repos/project</command>\n"
5207
"</screen>"
5208
msgstr ""
5209
5210
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
5211
msgid "Access Methods"
5212
msgstr ""
5213
5214
#: serverguide/C/vcs.xml:135(para)
5215
msgid ""
5216
"Subversion repositories can be accessed (checked out) through many different "
5217
"methods --on local disk, or through various network protocols. A repository "
5218
"location, however, is always a URL. The table describes how different URL "
5219
"schemes map to the available access methods."
5220
msgstr ""
5221
5222
#: serverguide/C/vcs.xml:146(para)
5223
msgid "Schema"
5224
msgstr ""
5225
5226
#: serverguide/C/vcs.xml:147(para)
5227
msgid "Access Method"
5228
msgstr "Prieigos Metodas"
5229
5230
#: serverguide/C/vcs.xml:152(para)
5231
msgid "file://"
5232
msgstr "failas://"
5233
5234
#: serverguide/C/vcs.xml:153(para)
5235
msgid "direct repository access (on local disk)"
5236
msgstr ""
5237
5238
#: serverguide/C/vcs.xml:156(para)
5239
msgid "http://"
5240
msgstr "http://"
5241
5242
#: serverguide/C/vcs.xml:157(para)
5243
msgid "Access via WebDAV protocol to Subversion-aware Apache2 web server"
5244
msgstr ""
5245
5246
#: serverguide/C/vcs.xml:160(para)
5247
msgid "https://"
5248
msgstr "https://"
5249
5250
#: serverguide/C/vcs.xml:161(para)
5251
msgid "Same as http://, but with SSL encryption"
5252
msgstr ""
5253
5254
#: serverguide/C/vcs.xml:164(para)
5255
msgid "svn://"
5256
msgstr "svn://"
5257
5258
#: serverguide/C/vcs.xml:165(para)
5259
msgid "Access via custom protocol to an svnserve server"
5260
msgstr ""
5261
5262
#: serverguide/C/vcs.xml:168(para)
5263
msgid "svn+ssh://"
5264
msgstr "svn+ssh://"
5265
5266
#: serverguide/C/vcs.xml:169(para)
5267
msgid "Same as svn://, but through an SSH tunnel"
5268
msgstr ""
5269
5270
#: serverguide/C/vcs.xml:175(para)
5271
msgid ""
5272
"In this section, we will see how to configure Subversion for all these "
5273
"access methods. Here, we cover the basics. For more advanced usage details, "
5274
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5275
msgstr ""
5276
5277
#: serverguide/C/vcs.xml:182(title)
5278
msgid "Direct repository access (file://)"
5279
msgstr ""
5280
5281
#: serverguide/C/vcs.xml:183(para)
5282
msgid ""
5283
"This is the simplest of all access methods. It does not require any "
5284
"Subversion server process to be running. This access method is used to "
5285
"access Subversion from the same machine. The syntax of the command, entered "
5286
"at a terminal prompt, is as follows:"
5287
msgstr ""
5288
5289
#: serverguide/C/vcs.xml:190(command)
5290
msgid "svn co file:///path/to/repos/project"
5291
msgstr ""
5292
5293
#: serverguide/C/vcs.xml:193(para)
5294
msgid "or"
5295
msgstr ""
5296
5297
#: serverguide/C/vcs.xml:196(command)
5298
msgid "svn co file://localhost/path/to/repos/project"
5299
msgstr ""
5300
5301
#: serverguide/C/vcs.xml:200(para)
5302
msgid ""
5303
"If you do not specify the hostname, there are three forward slashes (///) -- "
5304
"two for the protocol (file, in this case) plus the leading slash in the "
5305
"path. If you specify the hostname, you must use two forward slashes (//)."
5306
msgstr ""
5307
5308
#: serverguide/C/vcs.xml:202(para)
5309
msgid ""
5310
"The repository permissions depend on filesystem permissions. If the user has "
5311
"read/write permission, he can checkout from and commit to the repository."
5312
msgstr ""
5313
5314
#: serverguide/C/vcs.xml:205(title)
5315
msgid "Access via WebDAV protocol (http://)"
5316
msgstr ""
5317
5318
#: serverguide/C/vcs.xml:206(para)
5319
msgid ""
5320
"To access the Subversion repository via WebDAV protocol, you must configure "
5321
"your Apache 2 web server. You must add the following snippet in your "
5322
"<filename>/etc/apache2/apache2.conf</filename> file:"
5323
msgstr ""
5324
5325
#: serverguide/C/vcs.xml:208(programlisting)
5326
#, no-wrap
5327
msgid ""
5328
" <Location /svn>\n"
5329
" DAV svn\n"
5330
" SVNParentPath /home/svn\n"
5331
" AuthType Basic\n"
5332
" AuthName \"Your repository name\"\n"
5333
" AuthUserFile /etc/subversion/passwd\n"
5334
" <LimitExcept GET PROPFIND OPTIONS REPORT>\n"
5335
" Require valid-user\n"
5336
" </LimitExcept>\n"
5337
" </Location> "
5338
msgstr ""
5339
5340
#: serverguide/C/vcs.xml:219(para)
5341
msgid ""
5342
"The above configuration snippet assumes that Subversion repositories are "
5343
"created under <filename>/home/svn/</filename> directory using "
5344
"<command>svnadmin</command> command. They can be accessible using "
5345
"<command>htpp://hostname/svn/repos_name</command> url."
5346
msgstr ""
5347
5348
#: serverguide/C/vcs.xml:225(para)
5349
msgid ""
5350
"To import or commit files to your Subversion repository over HTTP, the "
5351
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
5352
"HTTP user is <command>www-data</command>. To change the ownership of the "
5353
"repository files enter the following command from terminal prompt:"
5354
msgstr ""
5355
5356
#: serverguide/C/vcs.xml:234(command)
5357
msgid "sudo chown -R www-data:www-data /path/to/repos"
5358
msgstr ""
5359
5360
#: serverguide/C/vcs.xml:237(para)
5361
msgid ""
5362
"By changing the ownership of repository as <command>www-data</command> you "
5363
"will not be able to import or commit files into the repository by running "
5364
"<command>svn import file:///</command> command as any user other than "
5365
"<command>www-data</command>."
5366
msgstr ""
5367
5368
#: serverguide/C/vcs.xml:246(para)
5369
msgid ""
5370
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5371
"that will contain user authentication details. To create a file issue the "
5372
"following command at a command prompt (which will create the file and add "
5373
"the first user):"
5374
msgstr ""
5375
5376
#: serverguide/C/vcs.xml:252(command)
5377
msgid "sudo htpasswd -c /etc/subversion/passwd user_name"
5378
msgstr ""
5379
5380
#: serverguide/C/vcs.xml:255(para)
5381
msgid ""
5382
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5383
"option replaces the old file. Instead use this form:"
5384
msgstr ""
5385
5386
#: serverguide/C/vcs.xml:260(command)
5387
msgid "sudo htpasswd /etc/subversion/password user_name"
5388
msgstr ""
5389
5390
#: serverguide/C/vcs.xml:264(para)
5391
msgid ""
5392
"This command will prompt you to enter the password. Once you enter the "
5393
"password, the user is added. Now, to access the repository you can run the "
5394
"following command:"
5395
msgstr ""
5396
5397
#: serverguide/C/vcs.xml:265(command)
5398
msgid "svn co http://servername/svn"
5399
msgstr ""
5400
5401
#: serverguide/C/vcs.xml:267(para)
5402
msgid ""
5403
"The password is transmitted as plain text. If you are worried about password "
5404
"snooping, you are advised to use SSL encryption. For details, please refer "
5405
"next section."
5406
msgstr ""
5407
5408
#: serverguide/C/vcs.xml:273(title)
5409
msgid "Access via WebDAV protocol with SSL encryption (https://)"
5410
msgstr ""
5411
5412
#: serverguide/C/vcs.xml:274(para)
5413
msgid ""
5414
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5415
"(https://) is similar to http:// except that you must install and configure "
5416
"the digital certificate in your Apache2 web server."
5417
msgstr ""
5418
5419
#: serverguide/C/vcs.xml:281(para)
5420
msgid ""
5421
"You can install a digital certificate issued by a signing authority like "
5422
"Verisign. Alternatively, you can install your own self-signed certificate."
5423
msgstr ""
5424
5425
#: serverguide/C/vcs.xml:286(para)
5426
msgid ""
5427
"This step assumes you have installed and configured a digital certificate in "
5428
"your Apache 2 web server. Now, to access the Subversion repository, please "
5429
"refer to the above section! The access methods are exactly the same, except "
5430
"the protocol. You must use https:// to access the Subversion repository."
5431
msgstr ""
5432
5433
#: serverguide/C/vcs.xml:296(title)
5434
msgid "Access via custom protocol (svn://)"
5435
msgstr ""
5436
5437
#: serverguide/C/vcs.xml:297(para)
5438
msgid ""
5439
"Once the Subversion repository is created, you can configure the access "
5440
"control. You can edit the <filename> "
5441
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
5442
"access control. For example, to set up authentication, you can uncomment the "
5443
"following lines in the configuration file:"
5444
msgstr ""
5445
5446
#: serverguide/C/vcs.xml:304(programlisting)
5447
#, no-wrap
5448
msgid ""
5449
"# [general]\n"
5450
"# password-db = passwd"
5451
msgstr ""
5452
5453
#: serverguide/C/vcs.xml:307(para)
5454
msgid ""
5455
"After uncommenting the above lines, you can maintain the user list in the "
5456
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5457
"directory and add the new user. The syntax is as follows:"
5458
msgstr ""
5459
5460
#: serverguide/C/vcs.xml:313(programlisting)
5461
#, no-wrap
5462
msgid "username = password"
5463
msgstr "vartotojo vardas = slaptažodis"
5464
5465
#: serverguide/C/vcs.xml:314(para)
5466
msgid "For more details, please refer to the file."
5467
msgstr ""
5468
5469
#: serverguide/C/vcs.xml:318(para)
5470
msgid ""
5471
"Now, to access Subversion via the svn:// custom protocol, either from the "
5472
"same machine or a different machine, you can run svnserver using svnserve "
5473
"command. The syntax is as follows:"
5474
msgstr ""
5475
5476
#: serverguide/C/vcs.xml:323(programlisting)
5477
#, no-wrap
5478
msgid ""
5479
"$ svnserve -d --foreground -r /path/to/repos\n"
5480
"# -d -- daemon mode\n"
5481
"# --foreground -- run in foreground (useful for debugging)\n"
5482
"# -r -- root of directory to serve\n"
5483
"\n"
5484
"For more usage details, please refer to:\n"
5485
"$ svnserve --help"
5486
msgstr ""
5487
5488
#: serverguide/C/vcs.xml:331(para)
5489
msgid ""
5490
"Once you run this command, Subversion starts listening on default port "
5491
"(3690). To access the project repository, you must run the following command "
5492
"from a terminal prompt:"
5493
msgstr ""
5494
5495
#: serverguide/C/vcs.xml:334(command)
5496
msgid "svn co svn://hostname/project project --username user_name"
5497
msgstr ""
5498
5499
#: serverguide/C/vcs.xml:337(para)
5500
msgid ""
5501
"Based on server configuration, it prompts for password. Once you are "
5502
"authenticated, it checks out the code from Subversion repository. To "
5503
"synchronize the project repository with the local copy, you can run the "
5504
"<command>update</command> sub-command. The syntax of the command, entered at "
5505
"a terminal prompt, is as follows:"
5506
msgstr ""
5507
5508
#: serverguide/C/vcs.xml:345(command)
5509
msgid "cd project_dir ; svn update"
5510
msgstr ""
5511
5512
#: serverguide/C/vcs.xml:348(para)
5513
msgid ""
5514
"For more details about using each Subversion sub-command, you can refer to "
5515
"the manual. For example, to learn more about the co (checkout) command, "
5516
"please run the following command from a terminal prompt:"
5517
msgstr ""
5518
5519
#: serverguide/C/vcs.xml:352(command)
5520
msgid "svn co help"
5521
msgstr ""
5522
5523
#: serverguide/C/vcs.xml:356(title)
5524
msgid "Access via custom protocol with SSL encryption (svn+ssh://)"
5525
msgstr ""
5526
5527
#: serverguide/C/vcs.xml:357(para)
5528
msgid ""
5529
"The configuration and server process is same as in the svn:// method. For "
5530
"details, please refer to the above section. This step assumes you have "
5531
"followed the above step and started the Subversion server using "
5532
"<application>svnserve</application> command."
5533
msgstr ""
5534
5535
#: serverguide/C/vcs.xml:363(para)
5536
msgid ""
5537
"It is also assumed that the ssh server is running on that machine and that "
5538
"it is allowing incoming connections. To confirm, please try to login to that "
5539
"machine using ssh. If you can login, everything is perfect. If you cannot "
5540
"login, please address it before continuing further."
5541
msgstr ""
5542
5543
#: serverguide/C/vcs.xml:369(para)
5544
msgid ""
5545
"The svn+ssh:// protocol is used to access the Subversion repository using "
5546
"SSL encryption. The data transfer is encrypted using this method. To access "
5547
"the project repository (for example with a checkout), you must use the "
5548
"following command syntax:"
5549
msgstr ""
5550
5551
#: serverguide/C/vcs.xml:376(command)
5552
msgid "svn co svn+ssh://hostname/var/svn/repos/project"
5553
msgstr ""
5554
5555
#: serverguide/C/vcs.xml:380(para)
5556
msgid ""
5557
"You must use the full path (/path/to/repos/project) to access the Subversion "
5558
"repository using this access method."
5559
msgstr ""
5560
5561
#: serverguide/C/vcs.xml:383(para)
5562
msgid ""
5563
"Based on server configuration, it prompts for password. You must enter the "
5564
"password you use to login via ssh. Once you are authenticated, it checks out "
5565
"the code from the Subversion repository."
5566
msgstr ""
5567
5568
#: serverguide/C/vcs.xml:394(title)
5569
msgid "CVS Server"
5570
msgstr "CVS Serveris"
5571
5572
#: serverguide/C/vcs.xml:395(para)
5573
msgid ""
5574
"CVS is a version control system. You can use it to record the history of "
5575
"source files."
5576
msgstr ""
5577
5578
#: serverguide/C/vcs.xml:401(para)
5579
msgid ""
5580
"To install <application>CVS</application>, run the following command from a "
5581
"terminal prompt: <screen>\n"
5582
"<command>sudo apt-get install cvs</command>\n"
5583
"</screen> After you install <application>cvs</application>, you should "
5584
"install <application>xinetd</application> to start/stop the cvs server. At "
5585
"the prompt, enter the following command to install "
5586
"<application>xinetd</application>: <screen>\n"
5587
"<command>sudo apt-get install xinetd</command>\n"
5588
"</screen>"
5589
msgstr ""
5590
5591
#: serverguide/C/vcs.xml:434(programlisting)
5592
#, no-wrap
5593
msgid ""
5594
"\n"
5595
"service cvspserver\n"
5596
"{\n"
5597
" port = 2401\n"
5598
" socket_type = stream\n"
5599
" protocol = tcp\n"
5600
" user = root\n"
5601
" wait = no\n"
5602
" type = UNLISTED\n"
5603
" server = /usr/bin/cvs\n"
5604
" server_args = -f --allow-root /var/lib/cvs pserver\n"
5605
" disable = no\n"
5606
"}\n"
5607
msgstr ""
5608
5609
#: serverguide/C/vcs.xml:450(para)
5610
msgid ""
5611
"Be sure to edit the repository if you have changed the default repository "
5612
"(<application>/var/lib/cvs</application>) directory."
5613
msgstr ""
5614
5615
#: serverguide/C/vcs.xml:419(para)
5616
msgid ""
5617
"Once you install cvs, the repository will be automatically initialized. By "
5618
"default, the repository resides under the "
5619
"<application>/var/lib/cvs</application> directory. You can change this path "
5620
"by running following command: <screen>\n"
5621
"<command>cvs -d /your/new/cvs/repo init</command>\n"
5622
"</screen> Once the initial repository is set up, you can configure "
5623
"<application>xinetd</application> to start the CVS server. You can copy the "
5624
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
5625
"<placeholder-1/><placeholder-2/> Once you have configured "
5626
"<application>xinetd</application> you can start the cvs server by running "
5627
"following command: <screen>\n"
5628
"<command>sudo /etc/init.d/xinetd restart</command>\n"
5629
"</screen>"
5630
msgstr ""
5631
5632
#: serverguide/C/vcs.xml:463(para)
5633
msgid ""
5634
"You can confirm that the CVS server is running by issuing the following "
5635
"command:"
5636
msgstr ""
5637
5638
#: serverguide/C/vcs.xml:470(command)
5639
msgid "sudo netstat -tap | grep cvs"
5640
msgstr ""
5641
5642
#: serverguide/C/vcs.xml:474(para) serverguide/C/databases.xml:65(para)
5643
msgid ""
5644
"When you run this command, you should see the following line or something "
5645
"similar:"
5646
msgstr ""
5647
5648
#: serverguide/C/vcs.xml:479(programlisting)
5649
#, no-wrap
5650
msgid ""
5651
"\n"
5652
"tcp 0 0 *:cvspserver *:* LISTEN \n"
5653
msgstr ""
5654
5655
#: serverguide/C/vcs.xml:483(para)
5656
msgid ""
5657
"From here you can continue to add users, add new projects, and manage the "
5658
"CVS server."
5659
msgstr ""
5660
5661
#: serverguide/C/vcs.xml:488(para)
5662
msgid ""
5663
"CVS allows the user to add users independently of the underlying OS "
5664
"installation. Probably the easiest way is to use the Linux Users for CVS, "
5665
"although it has potential security issues. Please refer to the CVS manual "
5666
"for details."
5667
msgstr ""
5668
5669
#: serverguide/C/vcs.xml:498(title)
5670
msgid "Add Projects"
5671
msgstr ""
5672
5673
#: serverguide/C/vcs.xml:510(para)
5674
msgid ""
5675
"You can use the CVSROOT environment variable to store the CVS root "
5676
"directory. Once you export the CVSROOT environment variable, you can avoid "
5677
"using -d option in the above cvs command."
5678
msgstr ""
5679
5680
#: serverguide/C/vcs.xml:522(para)
5681
msgid ""
5682
"When you add a new project, the CVS user you use must have write access to "
5683
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
5684
"the <application>src</application> group has write access to the CVS "
5685
"repository. So, you can add the user to this group, and he can then add and "
5686
"manage projects in the CVS repository."
5687
msgstr ""
5688
5689
#: serverguide/C/vcs.xml:499(para)
5690
msgid ""
5691
"This section explains how to add new project to the CVS repository. Create "
5692
"the directory and add necessary document and source files to the directory. "
5693
"Now, run the following command to add this project to CVS repository: "
5694
"<screen>\n"
5695
"<command>cd your/project</command>\n"
5696
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
5697
"\"Importing my project to CVS repository\" . new_project start</command>\n"
5698
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
5699
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
5700
"purpose in this context, but since CVS requires them, they must be present. "
5701
"<placeholder-2/>"
5702
msgstr ""
5703
5704
#: serverguide/C/vcs.xml:535(ulink)
5705
msgid "Bazaar Home Page"
5706
msgstr ""
5707
5708
#: serverguide/C/vcs.xml:536(ulink)
5709
msgid "Launchpad"
5710
msgstr ""
5711
5712
#: serverguide/C/vcs.xml:537(ulink)
5713
msgid "Subversion Home Page"
5714
msgstr "Namų Puslapio Poversijis"
5715
5716
#: serverguide/C/vcs.xml:538(ulink)
5717
msgid "Subversion Book"
5718
msgstr ""
5719
5720
#: serverguide/C/vcs.xml:540(ulink)
5721
msgid "CVS Manual"
5722
msgstr "CVS Vadovas"
5723
5724
#: serverguide/C/serverguide.xml:3(title) serverguide/C/bookinfo.xml:3(title)
5725
msgid "Credits and License"
5726
msgstr ""
5727
5728
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
5729
msgid ""
5730
"This document is maintained by the Ubuntu documentation team "
5731
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
5732
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
5733
msgstr ""
5734
5735
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
5736
msgid ""
5737
"This document is made available under the Creative Commons ShareAlike 2.5 "
5738
"License (CC-BY-SA)."
5739
msgstr ""
5740
5741
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
5742
msgid ""
5743
"You are free to modify, extend, and improve the Ubuntu documentation source "
5744
"code under the terms of this license. All derivative works must be released "
5745
"under this license."
5746
msgstr ""
5747
5748
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
5749
msgid ""
5750
"This documentation is distributed in the hope that it will be useful, but "
5751
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
5752
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
5753
msgstr ""
5754
5755
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
5756
msgid ""
5757
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
5758
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
5759
msgstr ""
5760
5761
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
5762
msgid "2008"
5763
msgstr ""
5764
5765
#: serverguide/C/serverguide.xml:15(ulink) serverguide/C/bookinfo.xml:15(ulink)
5766
msgid "Ubuntu Documentation Project"
5767
msgstr ""
5768
5769
#: serverguide/C/serverguide.xml:15(holder) serverguide/C/bookinfo.xml:15(holder)
5770
msgid "Canonical Ltd. and members of the <placeholder-1/>"
5771
msgstr ""
5772
5773
#: serverguide/C/serverguide.xml:18(publishername) serverguide/C/bookinfo.xml:18(publishername)
5774
msgid "The Ubuntu Documentation Project"
5775
msgstr ""
5776
5777
#: serverguide/C/serverguide.xml:17(para)
5778
msgid ""
5779
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
5780
"information on how to install and configure various server applications on "
5781
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
5782
"guide for configuring and customizing your system."
5783
msgstr ""
5784
5785
#: serverguide/C/security.xml:13(title)
5786
msgid "Security"
5787
msgstr "Saugumas"
5788
5789
#: serverguide/C/security.xml:14(para)
5790
msgid ""
5791
"Security should always be considered when installing, deploying, and using "
5792
"any type of computer system. Although a fresh installation of Ubuntu is "
5793
"relatively safe for immediate use on the Internet, it is important to have a "
5794
"balanced understanding of your systems security posture based on how it will "
5795
"be used after deployment."
5796
msgstr ""
5797
5798
#: serverguide/C/security.xml:17(para)
5799
msgid ""
5800
"This chapter provides an overview of security related topics as they pertain "
5801
"to Ubuntu 9.04 Server Edition, and outlines simple measures you may use to "
5802
"protect your server and network from any number of potential security "
5803
"threats."
5804
msgstr ""
5805
5806
#: serverguide/C/security.xml:21(title)
5807
msgid "User Management"
5808
msgstr ""
5809
5810
#: serverguide/C/security.xml:22(para)
5811
msgid ""
5812
"User management is a critical part of maintaining a secure system. "
5813
"Ineffective user and privilege management often lead many systems into being "
5814
"compromised. Therefore, it is important that you understand how you can "
5815
"protect your server through simple and effective user account management "
5816
"techniques."
5817
msgstr ""
5818
5819
#: serverguide/C/security.xml:26(title)
5820
msgid "Where is root?"
5821
msgstr ""
5822
5823
#: serverguide/C/security.xml:27(para)
5824
msgid ""
5825
"Ubuntu developers made a conscientious decision to disable the "
5826
"administrative root account by default in all Ubuntu installations. This "
5827
"does not mean that the root account has been deleted or that it may not be "
5828
"accessed. It merely has been given a password which matches no possible "
5829
"encrypted value, therefore may not log in directly by itself."
5830
msgstr ""
5831
5832
#: serverguide/C/security.xml:30(para)
5833
msgid ""
5834
"Instead, users are encouraged to make use of a tool by the name of "
5835
"<application>sudo</application> to carry out system administrative duties. "
5836
"<application>Sudo</application> allows an authorized user to temporarily "
5837
"elevate their privileges using their own password instead of having to know "
5838
"the password belonging to the root account. This simple yet effective "
5839
"methodology provides accountability for all user actions, and gives the "
5840
"administrator granular control over which actions a user can perform with "
5841
"said privileges."
5842
msgstr ""
5843
5844
#: serverguide/C/security.xml:35(para)
5845
msgid ""
5846
"If for some reason you wish to enable the root account, simply give it a "
5847
"password:"
5848
msgstr ""
5849
5850
#: serverguide/C/security.xml:39(command)
5851
msgid "sudo passwd"
5852
msgstr ""
5853
5854
#: serverguide/C/security.xml:41(para)
5855
msgid ""
5856
"Sudo will prompt you for your password, and then ask you to supply a new "
5857
"password for root as shown below:"
5858
msgstr ""
5859
5860
#: serverguide/C/security.xml:44(userinput)
5861
#, no-wrap
5862
msgid "(enter your own password)"
5863
msgstr ""
5864
5865
#: serverguide/C/security.xml:45(userinput)
5866
#, no-wrap
5867
msgid "(enter a new password for root)"
5868
msgstr ""
5869
5870
#: serverguide/C/security.xml:46(userinput)
5871
#, no-wrap
5872
msgid "(repeat new password for root)"
5873
msgstr ""
5874
5875
#: serverguide/C/security.xml:44(computeroutput)
5876
#, no-wrap
5877
msgid ""
5878
"[sudo] password for username: <placeholder-1/>\n"
5879
"Enter new UNIX password: <placeholder-2/>\n"
5880
"Retype new UNIX password: <placeholder-3/>\n"
5881
"passwd: password updated successfully"
5882
msgstr ""
5883
5884
#: serverguide/C/security.xml:51(para)
5885
msgid "To disable the root account, use the following passwd syntax:"
5886
msgstr ""
5887
5888
#: serverguide/C/security.xml:55(command)
5889
msgid "sudo passwd -l root"
5890
msgstr ""
5891
5892
#: serverguide/C/security.xml:59(para)
5893
msgid ""
5894
"You should read more on <application>Sudo</application> by checking out it's "
5895
"man page:"
5896
msgstr ""
5897
5898
#: serverguide/C/security.xml:63(command)
5899
msgid "man sudo"
5900
msgstr ""
5901
5902
#: serverguide/C/security.xml:67(para)
5903
msgid ""
5904
"By default, the initial user created by the Ubuntu installer is a member of "
5905
"the group \"admin\" which is added to the file "
5906
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
5907
"give any other account full root access through "
5908
"<application>sudo</application>, simply add them to the admin group."
5909
msgstr ""
5910
5911
#: serverguide/C/security.xml:73(title)
5912
msgid "Adding and Deleting Users"
5913
msgstr ""
5914
5915
#: serverguide/C/security.xml:74(para)
5916
msgid ""
5917
"The process for managing local users and groups is straight forward and "
5918
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
5919
"other Debian based distributions, encourage the use of the \"adduser\" "
5920
"package for account management."
5921
msgstr ""
5922
5923
#: serverguide/C/security.xml:79(para)
5924
msgid ""
5925
"To add a user account, use the following syntax, and follow the prompts to "
5926
"give the account a password and identifiable characteristics such as a full "
5927
"name, phone number, etc."
5928
msgstr ""
5929
5930
#: serverguide/C/security.xml:83(command)
5931
msgid "sudo adduser username"
5932
msgstr ""
5933
5934
#: serverguide/C/security.xml:87(para)
5935
msgid ""
5936
"To delete a user account and its primary group, use the following syntax:"
5937
msgstr ""
5938
5939
#: serverguide/C/security.xml:91(command)
5940
msgid "sudo deluser username"
5941
msgstr ""
5942
5943
#: serverguide/C/security.xml:93(para)
5944
msgid ""
5945
"Deleting an account does not remove their respective home folder. It is up "
5946
"to you whether or not you wish to delete the folder manually or keep it "
5947
"according to your desired retention policies."
5948
msgstr ""
5949
5950
#: serverguide/C/security.xml:96(para)
5951
msgid ""
5952
"Remember, any user added later on with the same UID/GID as the previous "
5953
"owner will now have access to this folder if you have not taken the "
5954
"necessary precautions."
5955
msgstr ""
5956
5957
#: serverguide/C/security.xml:99(para)
5958
msgid ""
5959
"You may want to change these UID/GID values to something more appropriate, "
5960
"such as the root account, and perhaps even relocate the folder to avoid "
5961
"future conflicts:"
5962
msgstr ""
5963
5964
#: serverguide/C/security.xml:103(command)
5965
msgid "sudo chown -R root:root /home/username/"
5966
msgstr ""
5967
5968
#: serverguide/C/security.xml:104(command)
5969
msgid "sudo mkdir /home/archived_users/"
5970
msgstr ""
5971
5972
#: serverguide/C/security.xml:105(command)
5973
msgid "sudo mv /home/username /home/archived_users/"
5974
msgstr ""
5975
5976
#: serverguide/C/security.xml:109(para)
5977
msgid ""
5978
"To temporarily lock or unlock a user account, use the following syntax, "
5979
"respectively:"
5980
msgstr ""
5981
5982
#: serverguide/C/security.xml:113(command)
5983
msgid "sudo passwd -l username"
5984
msgstr ""
5985
5986
#: serverguide/C/security.xml:114(command)
5987
msgid "sudo passwd -u username"
5988
msgstr ""
5989
5990
#: serverguide/C/security.xml:118(para)
5991
msgid ""
5992
"To add or delete a personalized group, use the following syntax, "
5993
"respectively:"
5994
msgstr ""
5995
5996
#: serverguide/C/security.xml:122(command)
5997
msgid "sudo addgroup groupname"
5998
msgstr ""
5999
6000
#: serverguide/C/security.xml:123(command)
6001
msgid "sudo delgroup groupname"
6002
msgstr ""
6003
6004
#: serverguide/C/security.xml:127(para)
6005
msgid "To add a user to a group, use the following syntax:"
6006
msgstr ""
6007
6008
#: serverguide/C/security.xml:131(command)
6009
msgid "sudo adduser username groupname"
6010
msgstr ""
6011
6012
#: serverguide/C/security.xml:138(title)
6013
msgid "User Profile Security"
6014
msgstr ""
6015
6016
#: serverguide/C/security.xml:139(para)
6017
msgid ""
6018
"When a new user is created, the adduser utility creates a brand new home "
6019
"directory named <filename class=\"directory\">/home/username</filename>, "
6020
"respectively. The default profile is modeled after the contents found in the "
6021
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6022
"includes all profile basics."
6023
msgstr ""
6024
6025
#: serverguide/C/security.xml:142(para)
6026
msgid ""
6027
"If your server will be home to multiple users, you should pay close "
6028
"attention to the user home directory permissions to ensure confidentiality. "
6029
"By default, user home directories in Ubuntu are created with world "
6030
"read/execute permissions. This means that all users can browse and access "
6031
"the contents of other users home directories. This may not be suitable for "
6032
"your environment."
6033
msgstr ""
6034
6035
#: serverguide/C/security.xml:147(para)
6036
msgid ""
6037
"To verify your current users home directory permissions, use the following "
6038
"syntax:"
6039
msgstr ""
6040
6041
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
6042
msgid "ls -ld /home/username"
6043
msgstr ""
6044
6045
#: serverguide/C/security.xml:153(para)
6046
msgid ""
6047
"The following output shows that the directory <filename "
6048
"class=\"directory\">/home/username</filename> has world readable permissions:"
6049
msgstr ""
6050
6051
#: serverguide/C/security.xml:156(computeroutput)
6052
#, no-wrap
6053
msgid "drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username"
6054
msgstr ""
6055
6056
#: serverguide/C/security.xml:160(para)
6057
msgid ""
6058
"You can remove the world readable permissions using the following syntax:"
6059
msgstr ""
6060
6061
#: serverguide/C/security.xml:164(command)
6062
msgid "sudo chmod 0750 /home/username"
6063
msgstr ""
6064
6065
#: serverguide/C/security.xml:167(para)
6066
msgid ""
6067
"Some people tend to use the recursive option (-R) indiscriminately which "
6068
"modifies all child folders and files, but this is not necessary, and may "
6069
"yield other undesirable results. The parent directory alone is sufficient "
6070
"for preventing unauthorized access to anything below the parent."
6071
msgstr ""
6072
6073
#: serverguide/C/security.xml:171(para)
6074
msgid ""
6075
"A much more efficient approach to the matter would be to modify the "
6076
"<application>adduser</application> global default permissions when creating "
6077
"user home folders. Simply edit the file "
6078
"<filename>/etc/adduser.conf</filename> and modify the "
6079
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
6080
"new home directories will receive the correct permissions."
6081
msgstr ""
6082
6083
#: serverguide/C/security.xml:174(programlisting)
6084
#, no-wrap
6085
msgid ""
6086
"\n"
6087
"DIR_MODE=0750\n"
6088
msgstr ""
6089
6090
#: serverguide/C/security.xml:179(para)
6091
msgid ""
6092
"After correcting the directory permissions using any of the previously "
6093
"mentioned techniques, verify the results using the following syntax:"
6094
msgstr ""
6095
6096
#: serverguide/C/security.xml:185(para)
6097
msgid ""
6098
"The results below show that world readable permissions have been removed:"
6099
msgstr ""
6100
6101
#: serverguide/C/security.xml:188(computeroutput)
6102
#, no-wrap
6103
msgid "drwxr-x--- 2 username username 4096 2007-10-02 20:03 username"
6104
msgstr ""
6105
6106
#: serverguide/C/security.xml:195(title)
6107
msgid "Password Policy"
6108
msgstr ""
6109
6110
#: serverguide/C/security.xml:196(para)
6111
msgid ""
6112
"A strong password policy is one of the most important aspects of your "
6113
"security posture. Many successful security breaches involve simple brute "
6114
"force and dictionary attacks against weak passwords. If you intend to offer "
6115
"any form of remote access involving your local password system, make sure "
6116
"you adequately address minimum password complexity requirements, maximum "
6117
"password lifetimes, and frequent audits of your authentication systems."
6118
msgstr ""
6119
6120
#: serverguide/C/security.xml:200(title)
6121
msgid "Minimum Password Length"
6122
msgstr ""
6123
6124
#: serverguide/C/security.xml:201(para)
6125
msgid ""
6126
"By default, Ubuntu requires a minimum password length of 4 characters, as "
6127
"well as some basic entropy checks. These values are controlled in the file "
6128
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
6129
msgstr ""
6130
6131
#: serverguide/C/security.xml:204(programlisting)
6132
#, no-wrap
6133
msgid ""
6134
"\n"
6135
"password required pam_unix.so nullok obscure min=4 max=8 md5\n"
6136
msgstr ""
6137
6138
#: serverguide/C/security.xml:207(para)
6139
msgid ""
6140
"If you would like to adjust the minimum length to 6 characters, change the "
6141
"appropriate variable to min=6. The modification is outlined below."
6142
msgstr ""
6143
6144
#: serverguide/C/security.xml:210(programlisting)
6145
#, no-wrap
6146
msgid ""
6147
"\n"
6148
"password required pam_unix.so nullok obscure min=6 max=8 md5\n"
6149
msgstr ""
6150
6151
#: serverguide/C/security.xml:214(para)
6152
msgid ""
6153
"The <varname>max=8</varname> variable does not represent the maximum length "
6154
"of a password. It only means that complexity requirements will not be "
6155
"checked on passwords over 8 characters. You may want to look at the "
6156
"<application>libpam-cracklib</application> package for additional password "
6157
"entropy assistance."
6158
msgstr ""
6159
6160
#: serverguide/C/security.xml:220(title)
6161
msgid "Password Expiration"
6162
msgstr ""
6163
6164
#: serverguide/C/security.xml:221(para)
6165
msgid ""
6166
"When creating user accounts, you should make it a policy to have a minimum "
6167
"and maximum password age forcing users to change their passwords when they "
6168
"expire."
6169
msgstr ""
6170
6171
#: serverguide/C/security.xml:226(para)
6172
msgid ""
6173
"To easily view the current status of a user account, use the following "
6174
"syntax:"
6175
msgstr ""
6176
6177
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
6178
msgid "sudo chage -l username"
6179
msgstr ""
6180
6181
#: serverguide/C/security.xml:232(para)
6182
msgid ""
6183
"The output below shows interesting facts about the user account, namely that "
6184
"there are no policies applied:"
6185
msgstr ""
6186
6187
#: serverguide/C/security.xml:235(computeroutput)
6188
#, no-wrap
6189
msgid ""
6190
"Last password change : Jan 20, 2008\n"
6191
"Password expires : never\n"
6192
"Password inactive : never\n"
6193
"Account expires : never\n"
6194
"Minimum number of days between password change : 0\n"
6195
"Maximum number of days between password change : 99999\n"
6196
"Number of days of warning before password expires : 7"
6197
msgstr ""
6198
6199
#: serverguide/C/security.xml:245(para)
6200
msgid ""
6201
"To set any of these values, simply use the following syntax, and follow the "
6202
"interactive prompts:"
6203
msgstr ""
6204
6205
#: serverguide/C/security.xml:249(command)
6206
msgid "sudo chage username"
6207
msgstr ""
6208
6209
#: serverguide/C/security.xml:251(para)
6210
msgid ""
6211
"The following is also an example of how you can manually change the explicit "
6212
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6213
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6214
"password expiration, and a warning time period (-W) of 14 days before "
6215
"password expiration."
6216
msgstr ""
6217
6218
#: serverguide/C/security.xml:255(command)
6219
msgid "sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14 username"
6220
msgstr ""
6221
6222
#: serverguide/C/security.xml:259(para)
6223
msgid "To verify changes, use the same syntax as mentioned previously:"
6224
msgstr ""
6225
6226
#: serverguide/C/security.xml:265(para)
6227
msgid ""
6228
"The output below shows the new policies that have been established for the "
6229
"account:"
6230
msgstr ""
6231
6232
#: serverguide/C/security.xml:268(computeroutput)
6233
#, no-wrap
6234
msgid ""
6235
"Last password change : Jan 20, 2008\n"
6236
"Password expires : Apr 19, 2008\n"
6237
"Password inactive : May 19, 2008\n"
6238
"Account expires : Jan 31, 2008\n"
6239
"Minimum number of days between password change : 5\n"
6240
"Maximum number of days between password change : 90\n"
6241
"Number of days of warning before password expires : 14"
6242
msgstr ""
6243
6244
#: serverguide/C/security.xml:284(title)
6245
msgid "Other Security Considerations"
6246
msgstr ""
6247
6248
#: serverguide/C/security.xml:285(para)
6249
msgid ""
6250
"Many applications use alternate authentication mechanisms that can be easily "
6251
"overlooked by even experienced system administrators. Therefore, it is "
6252
"important to understand and control how users authenticate and gain access "
6253
"to services and applications on your server."
6254
msgstr ""
6255
6256
#: serverguide/C/security.xml:290(title)
6257
msgid "SSH Access by Disabled Users"
6258
msgstr ""
6259
6260
#: serverguide/C/security.xml:291(para)
6261
msgid ""
6262
"Simply disabling/locking a user account will not prevent a user from logging "
6263
"into your server remotely if they have previously set up RSA public key "
6264
"authentication. They will still be able to gain shell access to the server, "
6265
"without the need for any password. Remember to check the users home "
6266
"directory for files that will allow for this type of authenticated SSH "
6267
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6268
msgstr ""
6269
6270
#: serverguide/C/security.xml:294(para)
6271
msgid ""
6272
"Remove or rename the directory <filename "
6273
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6274
"further SSH authentication capabilities."
6275
msgstr ""
6276
6277
#: serverguide/C/security.xml:297(para)
6278
msgid ""
6279
"Be sure to check for any established SSH connections by the disabled user, "
6280
"as it is possible they may have existing inbound or outbound connections. "
6281
"Kill any that are found."
6282
msgstr ""
6283
6284
#: serverguide/C/security.xml:300(para)
6285
msgid ""
6286
"Restrict SSH access to only user accounts that should have it. For example, "
6287
"you may create a group called \"sshlogin\" and add the group name as the "
6288
"value associated with the <varname>AllowGroups</varname> variable located in "
6289
"the file <filename>/etc/ssh/sshd_config</filename>."
6290
msgstr ""
6291
6292
#: serverguide/C/security.xml:303(programlisting)
6293
#, no-wrap
6294
msgid ""
6295
"\n"
6296
"AllowGroups sshlogin\n"
6297
msgstr ""
6298
6299
#: serverguide/C/security.xml:306(para)
6300
msgid ""
6301
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6302
"SSH service."
6303
msgstr ""
6304
6305
#: serverguide/C/security.xml:310(command)
6306
msgid "sudo adduser username sshlogin"
6307
msgstr ""
6308
6309
#: serverguide/C/security.xml:311(command) serverguide/C/remote-administration.xml:150(command)
6310
msgid "sudo /etc/init.d/ssh restart"
6311
msgstr ""
6312
6313
#: serverguide/C/security.xml:315(title)
6314
msgid "External User Database Authentication"
6315
msgstr ""
6316
6317
#: serverguide/C/security.xml:316(para)
6318
msgid ""
6319
"Most enterprise networks require centralized authentication and access "
6320
"controls for all system resources. If you have configured your server to "
6321
"authenticate users against external databases, be sure to disable the user "
6322
"accounts both externally and locally, this way you ensure that local "
6323
"fallback authentication is not possible."
6324
msgstr ""
6325
6326
#: serverguide/C/security.xml:325(title)
6327
msgid "Console Security"
6328
msgstr ""
6329
6330
#: serverguide/C/security.xml:326(para)
6331
msgid ""
6332
"As with any other security barrier you put in place to protect your server, "
6333
"it is pretty tough to defend against untold damage caused by someone with "
6334
"physical access to your environment, for example, theft of hard drives, "
6335
"power or service disruption and so on. Therefore, console security should be "
6336
"addressed merely as one component of your overall physical security "
6337
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
6338
"very least slow down a determined one, so it is still advisable to perform "
6339
"basic precautions with regard to console security."
6340
msgstr ""
6341
6342
#: serverguide/C/security.xml:329(para)
6343
msgid ""
6344
"The following instructions will help defend your server against issues that "
6345
"could otherwise yield very serious consequences."
6346
msgstr ""
6347
6348
#: serverguide/C/security.xml:334(title)
6349
msgid "Disable Ctrl+Alt+Delete"
6350
msgstr ""
6351
6352
#: serverguide/C/security.xml:335(para)
6353
msgid ""
6354
"First and foremost, anyone that has physical access to the keyboard can "
6355
"simply use the "
6356
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6357
"eycombo> key combination to reboot the server without having to log on. "
6358
"Sure, someone could simply unplug the power source, but you should still "
6359
"prevent the use of this key combination on a production server. This forces "
6360
"an attacker to take more drastic measures to reboot the server, and will "
6361
"prevent accidental reboots at the same time."
6362
msgstr ""
6363
6364
#: serverguide/C/security.xml:340(para)
6365
msgid ""
6366
"To disable the reboot action taken by pressing the "
6367
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6368
"eycombo> key combination, comment out the following line in the file "
6369
"<filename>/etc/event.d/control-alt-delete</filename>."
6370
msgstr ""
6371
6372
#: serverguide/C/security.xml:343(programlisting)
6373
#, no-wrap
6374
msgid ""
6375
"\n"
6376
"#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
6377
msgstr ""
6378
6379
#: serverguide/C/security.xml:350(title)
6380
msgid "GRUB Password Security"
6381
msgstr ""
6382
6383
#: serverguide/C/security.xml:351(para)
6384
msgid ""
6385
"Ubuntu installs GNU GRUB as its default boot loader, which allows for great "
6386
"flexibility and recovery options. For example, when you install additional "
6387
"kernel images, these are automatically added as available boot options in "
6388
"the <application>grub</application> menu. Also, by default, alternate boot "
6389
"options are available for each kernel entry that may be used for system "
6390
"recovery, aptly labeled (recovery mode). Recovery mode simply boots the "
6391
"corresponding kernel image into single user mode (init 1), which lands the "
6392
"administrator at a root prompt without the need for any password."
6393
msgstr ""
6394
6395
#: serverguide/C/security.xml:354(para)
6396
msgid ""
6397
"Therefore, it is important to control who may edit the "
6398
"<application>grub</application> menu items which, would otherwise allow for "
6399
"someone to perform the following dangerous actions:"
6400
msgstr ""
6401
6402
#: serverguide/C/security.xml:359(para)
6403
msgid "Pass kernel options at boot up."
6404
msgstr ""
6405
6406
#: serverguide/C/security.xml:364(para)
6407
msgid "Boot the server into single user mode."
6408
msgstr ""
6409
6410
#: serverguide/C/security.xml:369(para)
6411
msgid ""
6412
"You can prevent these actions by adding a password to GRUB's configuration "
6413
"file of <filename>/boot/grub/menu.lst</filename>, which will be required to "
6414
"unlock GRUB's more advanced features prior to use."
6415
msgstr ""
6416
6417
#: serverguide/C/security.xml:374(para)
6418
msgid ""
6419
"To add a password for use with <application>grub</application>, first you "
6420
"must generate an md5 password hash using the <application>grub-md5-"
6421
"crypt</application> utility:"
6422
msgstr ""
6423
6424
#: serverguide/C/security.xml:378(command)
6425
msgid "grub-md5-crypt"
6426
msgstr ""
6427
6428
#: serverguide/C/security.xml:380(para)
6429
msgid ""
6430
"The command will ask you to enter a password and offer a resulting hash "
6431
"value as shown below:"
6432
msgstr ""
6433
6434
#: serverguide/C/security.xml:383(userinput)
6435
#, no-wrap
6436
msgid "(enter new password)"
6437
msgstr ""
6438
6439
#: serverguide/C/security.xml:384(userinput)
6440
#, no-wrap
6441
msgid "(repeat password)"
6442
msgstr ""
6443
6444
#: serverguide/C/security.xml:383(computeroutput)
6445
#, no-wrap
6446
msgid ""
6447
"Password: <placeholder-1/>\n"
6448
"Retype password: <placeholder-2/>\n"
6449
"$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6450
msgstr ""
6451
6452
#: serverguide/C/security.xml:389(para)
6453
msgid ""
6454
"Add the resulting hash value to the file "
6455
"<filename>/boot/grub/menu.lst</filename> in the following format:"
6456
msgstr ""
6457
6458
#: serverguide/C/security.xml:392(programlisting)
6459
#, no-wrap
6460
msgid "password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6461
msgstr ""
6462
6463
#: serverguide/C/security.xml:395(para)
6464
msgid ""
6465
"To require use of the password for entering single user mode, change the "
6466
"value of the <varname>lockalternative</varname> variable in the file "
6467
"<filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as "
6468
"shown in the following example."
6469
msgstr ""
6470
6471
#: serverguide/C/security.xml:398(programlisting)
6472
#, no-wrap
6473
msgid "# lockalternative=true"
6474
msgstr ""
6475
6476
#: serverguide/C/security.xml:402(para)
6477
msgid ""
6478
"This does not prevent someone from booting the server from alternate media. "
6479
"A determined attacker would simply boot into an alternate environment, "
6480
"overwrite your master boot record, mount or copy your physical volumes, "
6481
"destroy your data, or anything else they can imagine. Please explore other "
6482
"countermeasures that may help you with these types of attacks."
6483
msgstr ""
6484
6485
#: serverguide/C/security.xml:410(title)
6486
msgid "Firewall"
6487
msgstr ""
6488
6489
#: serverguide/C/security.xml:413(para)
6490
msgid ""
6491
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6492
"which is used to manipulate or decide the fate of network traffic headed "
6493
"into or through your server. All modern Linux firewall solutions use this "
6494
"system for packet filtering."
6495
msgstr ""
6496
6497
#: serverguide/C/security.xml:418(para)
6498
msgid ""
6499
"The kernel's packet filtering system would be of little use to "
6500
"administrators without a userspace interface to manage it. This is the "
6501
"purpose of iptables. When a packet reaches your server, it will be handed "
6502
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6503
"based on the rules supplied to it from userspace via iptables. Thus, "
6504
"iptables is all you need to manage your firewall if you're familiar with it, "
6505
"but many frontends are available to simplify the task."
6506
msgstr ""
6507
6508
#: serverguide/C/security.xml:428(title)
6509
msgid "ufw - Uncomplicated Firewall"
6510
msgstr ""
6511
6512
#: serverguide/C/security.xml:429(para)
6513
msgid ""
6514
"The default firewall configuration tool for Ubuntu is "
6515
"<application>ufw</application>. Developed to ease iptables firewall "
6516
"configuration, <application>ufw</application> provides a user friendly way "
6517
"to create an IPv4 or IPv6 host-based firewall."
6518
msgstr ""
6519
6520
#: serverguide/C/security.xml:433(para)
6521
msgid ""
6522
"<application>ufw</application> by default is initially disabled. From the "
6523
"<application>ufw</application> man page:"
6524
msgstr ""
6525
6526
#: serverguide/C/security.xml:437(quote)
6527
msgid ""
6528
"ufw is not intended to provide complete firewall functionality via its "
6529
"command interface, but instead provides an easy way to add or remove simple "
6530
"rules. It is currently mainly used for host-based firewalls."
6531
msgstr ""
6532
6533
#: serverguide/C/security.xml:441(para)
6534
msgid ""
6535
"The following are some examples of how to use <application>ufw</application>:"
6536
msgstr ""
6537
6538
#: serverguide/C/security.xml:446(para)
6539
msgid ""
6540
"First, <application>ufw</application> needs to be enabled. From a terminal "
6541
"prompt enter:"
6542
msgstr ""
6543
6544
#: serverguide/C/security.xml:450(command)
6545
msgid "sudo ufw enable"
6546
msgstr ""
6547
6548
#: serverguide/C/security.xml:454(para)
6549
msgid "To open a port (ssh in this example):"
6550
msgstr ""
6551
6552
#: serverguide/C/security.xml:458(command)
6553
msgid "sudo ufw allow 22"
6554
msgstr ""
6555
6556
#: serverguide/C/security.xml:462(para)
6557
msgid "Rules can also be added using a <emphasis>numbered</emphasis> format:"
6558
msgstr ""
6559
6560
#: serverguide/C/security.xml:466(command)
6561
msgid "sudo ufw insert 1 allow 80"
6562
msgstr ""
6563
6564
#: serverguide/C/security.xml:470(para)
6565
msgid "Similarly, to close an opened port:"
6566
msgstr ""
6567
6568
#: serverguide/C/security.xml:474(command)
6569
msgid "sudo ufw deny 22"
6570
msgstr ""
6571
6572
#: serverguide/C/security.xml:478(para)
6573
msgid "To remove a rule, use delete followed by the rule:"
6574
msgstr ""
6575
6576
#: serverguide/C/security.xml:482(command)
6577
msgid "sudo ufw delete deny 22"
6578
msgstr ""
6579
6580
#: serverguide/C/security.xml:486(para)
6581
msgid ""
6582
"It is also possible to allow access from specific hosts or networks to a "
6583
"port. The following example allows ssh access from host 192.168.0.2 to any "
6584
"ip address on this host:"
6585
msgstr ""
6586
6587
#: serverguide/C/security.xml:491(command)
6588
msgid "sudo ufw allow proto tcp from 192.168.0.2 to any port 22"
6589
msgstr ""
6590
6591
#: serverguide/C/security.xml:493(para)
6592
msgid ""
6593
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6594
"subnet."
6595
msgstr ""
6596
6597
#: serverguide/C/security.xml:499(para)
6598
msgid ""
6599
"Adding the <emphasis>--dry-run</emphasis> option to a "
6600
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6601
"apply them. For example, the following is what would be applied if opening "
6602
"the HTTP port:"
6603
msgstr ""
6604
6605
#: serverguide/C/security.xml:505(command)
6606
msgid "sudo ufw --dry-run allow http"
6607
msgstr ""
6608
6609
#: serverguide/C/security.xml:509(computeroutput)
6610
#, no-wrap
6611
msgid ""
6612
"*filter\n"
6613
":ufw-user-input - [0:0]\n"
6614
":ufw-user-output - [0:0]\n"
6615
":ufw-user-forward - [0:0]\n"
6616
":ufw-user-limit - [0:0]\n"
6617
":ufw-user-limit-accept - [0:0]\n"
6618
"### RULES ###\n"
6619
"\n"
6620
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
6621
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
6622
"\n"
6623
"### END RULES ###\n"
6624
"-A ufw-user-input -j RETURN\n"
6625
"-A ufw-user-output -j RETURN\n"
6626
"-A ufw-user-forward -j RETURN\n"
6627
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
6628
"LIMIT]: \"\n"
6629
"-A ufw-user-limit -j REJECT\n"
6630
"-A ufw-user-limit-accept -j ACCEPT\n"
6631
"COMMIT\n"
6632
"Rules updated"
6633
msgstr ""
6634
6635
#: serverguide/C/security.xml:533(para)
6636
msgid "<application>ufw</application> can be disabled by:"
6637
msgstr ""
6638
6639
#: serverguide/C/security.xml:537(command)
6640
msgid "sudo ufw disable"
6641
msgstr ""
6642
6643
#: serverguide/C/security.xml:541(para)
6644
msgid "To see the firewall status, enter:"
6645
msgstr ""
6646
6647
#: serverguide/C/security.xml:545(command)
6648
msgid "sudo ufw status"
6649
msgstr ""
6650
6651
#: serverguide/C/security.xml:549(para)
6652
msgid "And for more verbose status information use:"
6653
msgstr ""
6654
6655
#: serverguide/C/security.xml:553(command)
6656
msgid "sudo ufw status verbose"
6657
msgstr ""
6658
6659
#: serverguide/C/security.xml:557(para)
6660
msgid "To view the <emphasis>numbered</emphasis> format:"
6661
msgstr ""
6662
6663
#: serverguide/C/security.xml:561(command)
6664
msgid "sudo ufw status numbered"
6665
msgstr ""
6666
6667
#: serverguide/C/security.xml:566(para)
6668
msgid ""
6669
"If the port you want to open or close is defined in "
6670
"<filename>/etc/services</filename>, you can use the port name instead of the "
6671
"number. In the above examples, replace <emphasis>22</emphasis> with "
6672
"<emphasis>ssh</emphasis>."
6673
msgstr ""
6674
6675
#: serverguide/C/security.xml:572(para)
6676
msgid ""
6677
"This is a quick introduction to using <application>ufw</application>. Please "
6678
"refer to the <application>ufw</application> man page for more information."
6679
msgstr ""
6680
6681
#: serverguide/C/security.xml:578(title)
6682
msgid "ufw Application Integration"
6683
msgstr ""
6684
6685
#: serverguide/C/security.xml:580(para)
6686
msgid ""
6687
"Applications that open ports can include an <application>ufw</application> "
6688
"profile, which details the ports needed for the application to function "
6689
"properly. The profiles are kept in <filename "
6690
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
6691
"the default ports have been changed."
6692
msgstr ""
6693
6694
#: serverguide/C/security.xml:589(para)
6695
msgid ""
6696
"To view which applications have installed a profile, enter the following in "
6697
"a terminal:"
6698
msgstr ""
6699
6700
#: serverguide/C/security.xml:594(command)
6701
msgid "sudo ufw app list"
6702
msgstr ""
6703
6704
#: serverguide/C/security.xml:600(para)
6705
msgid ""
6706
"Similar to allowing traffic to a port, using an application profile is "
6707
"accomplished by entering:"
6708
msgstr ""
6709
6710
#: serverguide/C/security.xml:605(command)
6711
msgid "sudo ufw allow Samba"
6712
msgstr ""
6713
6714
#: serverguide/C/security.xml:611(para)
6715
msgid "An extended syntax is available as well:"
6716
msgstr ""
6717
6718
#: serverguide/C/security.xml:616(command)
6719
msgid "ufw allow from 192.168.0.0/24 to any app Samba"
6720
msgstr ""
6721
6722
#: serverguide/C/security.xml:619(para)
6723
msgid ""
6724
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
6725
"with the application profile you are using and the IP range for your network."
6726
msgstr ""
6727
6728
#: serverguide/C/security.xml:625(para)
6729
msgid ""
6730
"There is no need to specify the <emphasis>protocol</emphasis> for the "
6731
"application, because that information is detailed in the profile. Also, note "
6732
"that the <emphasis>app</emphasis> name replaces the "
6733
"<emphasis>port</emphasis> number."
6734
msgstr ""
6735
6736
#: serverguide/C/security.xml:634(para)
6737
msgid ""
6738
"To view details about which ports, protocols, etc are defined for an "
6739
"application, enter:"
6740
msgstr ""
6741
6742
#: serverguide/C/security.xml:639(command)
6743
msgid "sudo ufw app info Samba"
6744
msgstr ""
6745
6746
#: serverguide/C/security.xml:645(para)
6747
msgid ""
6748
"Not all applications that require opening a network port come with "
6749
"<application>ufw</application> profiles, but if you have profiled an "
6750
"application and want the file to be included with the package, please file a "
6751
"bug against the package in <ulink "
6752
"url=\"https://launchpad.net/\">Launchpad</ulink>."
6753
msgstr ""
6754
6755
#: serverguide/C/security.xml:654(title)
6756
msgid "IP Masquerading"
6757
msgstr ""
6758
6759
#: serverguide/C/security.xml:655(para)
6760
msgid ""
6761
"The purpose of IP Masquerading is to allow machines with private, non-"
6762
"routable IP addresses on your network to access the Internet through the "
6763
"machine doing the masquerading. Traffic from your private network destined "
6764
"for the Internet must be manipulated for replies to be routable back to the "
6765
"machine that made the request. To do this, the kernel must modify the "
6766
"<emphasis>source</emphasis> IP address of each packet so that replies will "
6767
"be routed back to it, rather than to the private IP address that made the "
6768
"request, which is impossible over the Internet. Linux uses "
6769
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
6770
"connections belong to which machines and reroute each return packet "
6771
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
6772
"having originated from your Ubuntu gateway machine. This process is referred "
6773
"to in Microsoft documentation as Internet Connection Sharing."
6774
msgstr ""
6775
6776
#: serverguide/C/security.xml:671(title)
6777
msgid "ufw Masquerading"
6778
msgstr ""
6779
6780
#: serverguide/C/security.xml:672(para)
6781
msgid ""
6782
"IP Masquerading can be achieved using custom <application>ufw</application> "
6783
"rules. This is possible because the current back-end for "
6784
"<application>ufw</application> is <application>iptables-"
6785
"restore</application> with the rules files located in "
6786
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
6787
"legacy iptables rules used without <application>ufw</application>, and rules "
6788
"that are more network gateway or bridge related."
6789
msgstr ""
6790
6791
#: serverguide/C/security.xml:678(para)
6792
msgid ""
6793
"The rules are split into two different files, rules that should be executed "
6794
"before <application>ufw</application> command line rules, and rules that are "
6795
"executed after <application>ufw</application> command line rules."
6796
msgstr ""
6797
6798
#: serverguide/C/security.xml:684(para)
6799
msgid ""
6800
"First, packet forwarding needs to be enabled in "
6801
"<application>ufw</application>. Two configuration files will need to be "
6802
"adjusted, in <filename>/etc/default/ufw</filename> change the "
6803
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
6804
msgstr ""
6805
6806
#: serverguide/C/security.xml:688(programlisting)
6807
#, no-wrap
6808
msgid ""
6809
"\n"
6810
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
6811
msgstr ""
6812
6813
#: serverguide/C/security.xml:691(para)
6814
msgid "Then edit <filename>/etc/ufw/sysctl.conf</filename> and uncomment:"
6815
msgstr ""
6816
6817
#: serverguide/C/security.xml:694(programlisting) serverguide/C/security.xml:772(programlisting)
6818
#, no-wrap
6819
msgid ""
6820
"\n"
6821
"net.ipv4.ip_forward=1\n"
6822
msgstr ""
6823
6824
#: serverguide/C/security.xml:697(para)
6825
msgid "Similarly, for IPv6 forwarding uncomment:"
6826
msgstr ""
6827
6828
#: serverguide/C/security.xml:700(programlisting) serverguide/C/security.xml:778(programlisting)
6829
#, no-wrap
6830
msgid ""
6831
"\n"
6832
"net.ipv6.conf.default.forwarding=1\n"
6833
msgstr ""
6834
6835
#: serverguide/C/security.xml:705(para)
6836
msgid ""
6837
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
6838
"file. The default rules only configure the <emphasis>filter</emphasis> "
6839
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
6840
"need to be configured. Add the following to the top of the file just after "
6841
"the header comments:"
6842
msgstr ""
6843
6844
#: serverguide/C/security.xml:710(programlisting)
6845
#, no-wrap
6846
msgid ""
6847
"\n"
6848
"# nat Table rules\n"
6849
"*nat\n"
6850
":POSTROUTING ACCEPT [0:0]\n"
6851
"\n"
6852
"# Forward traffic from eth1 through eth0.\n"
6853
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
6854
"\n"
6855
"# don't delete the 'COMMIT' line or these nat table rules won't be "
6856
"processed\n"
6857
"COMMIT\n"
6858
msgstr ""
6859
6860
#: serverguide/C/security.xml:721(para)
6861
msgid ""
6862
"The comments are not strictly necessary, but it is considered good practice "
6863
"to document your configuration. Also, when modifying any of the "
6864
"<emphasis>rules</emphasis> files in <filename "
6865
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
6866
"line for each table modified:"
6867
msgstr ""
6868
6869
#: serverguide/C/security.xml:727(programlisting)
6870
#, no-wrap
6871
msgid ""
6872
"\n"
6873
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
6874
"COMMIT\n"
6875
msgstr ""
6876
6877
#: serverguide/C/security.xml:732(para)
6878
msgid ""
6879
"For each <emphasis>Table</emphasis> a corresponding "
6880
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
6881
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
6882
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
6883
"<emphasis>mangle</emphasis> tables."
6884
msgstr ""
6885
6886
#: serverguide/C/security.xml:739(para)
6887
msgid ""
6888
"In the above example replace <emphasis>eth0</emphasis>, "
6889
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
6890
"appropriate interfaces and IP range for your network."
6891
msgstr ""
6892
6893
#: serverguide/C/security.xml:747(para)
6894
msgid ""
6895
"Finally, disable and re-enable <application>ufw</application> to apply the "
6896
"changes:"
6897
msgstr ""
6898
6899
#: serverguide/C/security.xml:751(command)
6900
msgid "sudo ufw disable && sudo ufw enable"
6901
msgstr ""
6902
6903
#: serverguide/C/security.xml:755(para)
6904
msgid ""
6905
"IP Masquerading should now be enabled. You can also add any additional "
6906
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
6907
"recommended that these additional rules be added to the <emphasis>ufw-before-"
6908
"forward</emphasis> chain."
6909
msgstr ""
6910
6911
#: serverguide/C/security.xml:762(title)
6912
msgid "iptables Masquerading"
6913
msgstr ""
6914
6915
#: serverguide/C/security.xml:763(para)
6916
msgid ""
6917
"<application>iptables</application> can also be used to enable masquerading."
6918
msgstr ""
6919
6920
#: serverguide/C/security.xml:768(para)
6921
msgid ""
6922
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
6923
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
6924
"uncomment the following line"
6925
msgstr ""
6926
6927
#: serverguide/C/security.xml:775(para)
6928
msgid "If you wish to enable IPv6 forwarding also uncomment:"
6929
msgstr ""
6930
6931
#: serverguide/C/security.xml:783(para)
6932
msgid ""
6933
"Next, execute the <application>sysctl</application> command to enable the "
6934
"new settings in the configuration file:"
6935
msgstr ""
6936
6937
#: serverguide/C/security.xml:787(command)
6938
msgid "sudo sysctl -p"
6939
msgstr ""
6940
6941
#: serverguide/C/security.xml:791(para)
6942
msgid ""
6943
"IP Masquerading can now be accomplished with a single iptables rule, which "
6944
"may differ slightly based on your network configuration:"
6945
msgstr ""
6946
6947
#: serverguide/C/security.xml:794(screen)
6948
#, no-wrap
6949
msgid ""
6950
"\n"
6951
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
6952
msgstr ""
6953
6954
#: serverguide/C/security.xml:797(para)
6955
msgid ""
6956
"The above command assumes that your private address space is 192.168.0.0/16 "
6957
"and that your Internet-facing device is ppp0. The syntax is broken down as "
6958
"follows:"
6959
msgstr ""
6960
6961
#: serverguide/C/security.xml:802(para)
6962
msgid "-t nat -- the rule is to go into the nat table"
6963
msgstr ""
6964
6965
#: serverguide/C/security.xml:803(para)
6966
msgid ""
6967
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
6968
msgstr ""
6969
6970
#: serverguide/C/security.xml:804(para)
6971
msgid ""
6972
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
6973
"specified address space"
6974
msgstr ""
6975
6976
#: serverguide/C/security.xml:805(para)
6977
msgid ""
6978
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
6979
"specified network device"
6980
msgstr ""
6981
6982
#: serverguide/C/security.xml:807(para)
6983
msgid ""
6984
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
6985
"MASQUERADE target to be manipulated as described above"
6986
msgstr ""
6987
6988
#: serverguide/C/security.xml:815(para)
6989
msgid ""
6990
"Also, each chain in the filter table (the default table, and where most or "
6991
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
6992
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
6993
"you may have set the policies to DROP or REJECT, in which case your "
6994
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
6995
"above rule to work:"
6996
msgstr ""
6997
6998
#: serverguide/C/security.xml:822(screen)
6999
#, no-wrap
7000
msgid ""
7001
"\n"
7002
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
7003
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
7004
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
7005
msgstr ""
7006
7007
#: serverguide/C/security.xml:826(para)
7008
msgid ""
7009
"The above commands will allow all connections from your local network to the "
7010
"Internet and all traffic related to those connections to return to the "
7011
"machine that initiated them."
7012
msgstr ""
7013
7014
#: serverguide/C/security.xml:833(para)
7015
msgid ""
7016
"If you want masquerading to be enabled on reboot, which you probably do, "
7017
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
7018
"example add the first command with no filtering:"
7019
msgstr ""
7020
7021
#: serverguide/C/security.xml:837(screen)
7022
#, no-wrap
7023
msgid ""
7024
"\n"
7025
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7026
msgstr ""
7027
7028
#: serverguide/C/security.xml:845(title)
7029
msgid "Logs"
7030
msgstr "Žurnalai"
7031
7032
#: serverguide/C/security.xml:846(para)
7033
msgid ""
7034
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7035
"firewall rules, and noticing unusual activity on your network. You must "
7036
"include logging rules in your firewall for them to be generated, though, and "
7037
"logging rules must come before any applicable terminating rule (a rule with "
7038
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
7039
"REJECT)."
7040
msgstr ""
7041
7042
#: serverguide/C/security.xml:853(para)
7043
msgid ""
7044
"If you are using <application>ufw</application>, you can turn on logging by "
7045
"entering the following in a terminal:"
7046
msgstr ""
7047
7048
#: serverguide/C/security.xml:857(command)
7049
msgid "sudo ufw logging on"
7050
msgstr ""
7051
7052
#: serverguide/C/security.xml:859(para)
7053
msgid ""
7054
"To turn logging off in <application>ufw</application>, simply replace "
7055
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7056
"role=\"italic\">off</emphasis> in the above command."
7057
msgstr ""
7058
7059
#: serverguide/C/security.xml:862(para)
7060
msgid ""
7061
"If using <application>iptables</application> instead of "
7062
"<application>ufw</application>, enter:"
7063
msgstr ""
7064
7065
#: serverguide/C/security.xml:865(screen)
7066
#, no-wrap
7067
msgid ""
7068
"\n"
7069
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
7070
"prefix \"NEW_HTTP_CONN: \"\n"
7071
msgstr ""
7072
7073
#: serverguide/C/security.xml:868(para)
7074
msgid ""
7075
"A request on port 80 from the local machine, then, would generate a log in "
7076
"dmesg that looks like this:"
7077
msgstr ""
7078
7079
#: serverguide/C/security.xml:873(programlisting)
7080
#, no-wrap
7081
msgid ""
7082
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
7083
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
7084
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
7085
"WINDOW=32767 RES=0x00 SYN URGP=0"
7086
msgstr ""
7087
7088
#: serverguide/C/security.xml:875(para)
7089
msgid ""
7090
"The above log will also appear in <filename>/var/log/messages</filename>, "
7091
"<filename>/var/log/syslog</filename>, and "
7092
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
7093
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
7094
"and configuring <application>ulogd</application> and using the ULOG target "
7095
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
7096
"server that listens for logging instructions from the kernel specifically "
7097
"for firewalls, and can log to any file you like, or even to a "
7098
"<application>PostgreSQL</application> or <application>MySQL</application> "
7099
"database. Making sense of your firewall logs can be simplified by using a "
7100
"log analyzing tool such as <application>fwanalog</application>, "
7101
"<application> fwlogwatch</application>, or <application>lire</application>."
7102
msgstr ""
7103
7104
#: serverguide/C/security.xml:890(title)
7105
msgid "Other Tools"
7106
msgstr ""
7107
7108
#: serverguide/C/security.xml:891(para)
7109
msgid ""
7110
"There are many tools available to help you construct a complete firewall "
7111
"without intimate knowledge of iptables. For the GUI-inclined:"
7112
msgstr ""
7113
7114
#: serverguide/C/security.xml:897(para)
7115
msgid ""
7116
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
7117
"popular and easy to use."
7118
msgstr ""
7119
7120
#: serverguide/C/security.xml:902(para)
7121
msgid ""
7122
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7123
"and will look familiar to an administrator who has used a commercial "
7124
"firewall utility such as <application>Checkpoint FireWall-1</application>."
7125
msgstr ""
7126
7127
#: serverguide/C/security.xml:908(para)
7128
msgid ""
7129
"If you prefer a command-line tool with plain-text configuration files:"
7130
msgstr ""
7131
7132
#: serverguide/C/security.xml:913(para)
7133
msgid ""
7134
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7135
"powerful solution to help you configure an advanced firewall for any network."
7136
msgstr ""
7137
7138
#: serverguide/C/security.xml:919(para)
7139
msgid ""
7140
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
7141
"a working firewall \"out of the box\" with zero configuration, and will "
7142
"allow you to easily set up a more advanced firewall by editing simple, well-"
7143
"documented configuration files."
7144
msgstr ""
7145
7146
#: serverguide/C/security.xml:926(para)
7147
msgid ""
7148
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
7149
"designed to be a desktop firewall application. It is made up of a server "
7150
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
7151
"like many popular interactive firewall applications for Windows."
7152
msgstr ""
7153
7154
#: serverguide/C/security.xml:938(para)
7155
msgid ""
7156
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
7157
"Firewall</ulink> wiki page contains information on the development of "
7158
"<application>ufw</application>."
7159
msgstr ""
7160
7161
#: serverguide/C/security.xml:944(para)
7162
msgid ""
7163
"Also, the <application>ufw</application> manual page contains some very "
7164
"useful information: <command>man ufw</command>."
7165
msgstr ""
7166
7167
#: serverguide/C/security.xml:949(para)
7168
msgid ""
7169
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7170
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7171
"on using <application>iptables</application>."
7172
msgstr ""
7173
7174
#: serverguide/C/security.xml:955(para)
7175
msgid ""
7176
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7177
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7178
msgstr ""
7179
7180
#: serverguide/C/security.xml:964(title)
7181
msgid "AppArmor"
7182
msgstr ""
7183
7184
#: serverguide/C/security.xml:965(para)
7185
msgid ""
7186
"<application>AppArmor</application> is a Linux Security Module "
7187
"implementation of name-based mandatory access controls. AppArmor confines "
7188
"individual programs to a set of listed files and posix 1003.1e draft "
7189
"capabilities."
7190
msgstr ""
7191
7192
#: serverguide/C/security.xml:969(para)
7193
msgid ""
7194
"<application>AppArmor</application> is installed and loaded by default. It "
7195
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7196
"and permissions the application requires. Some packages will install their "
7197
"own profiles, and additional profiles can be found in the "
7198
"<application>apparmor-profiles</application> package."
7199
msgstr ""
7200
7201
#: serverguide/C/security.xml:974(para)
7202
msgid ""
7203
"To install the <application>apparmor-profiles</application> package from a "
7204
"terminal prompt:"
7205
msgstr ""
7206
7207
#: serverguide/C/security.xml:980(para)
7208
msgid "AppArmor profiles have two modes of execution:"
7209
msgstr ""
7210
7211
#: serverguide/C/security.xml:985(para)
7212
msgid ""
7213
"Complaining/Learning: profile violations are permitted and logged. Useful "
7214
"for testing and developing new profiles."
7215
msgstr ""
7216
7217
#: serverguide/C/security.xml:990(para)
7218
msgid ""
7219
"Enforced/Confined: enforces profile policy as well as logging the violation."
7220
msgstr ""
7221
7222
#: serverguide/C/security.xml:996(title)
7223
msgid "Using AppArmor"
7224
msgstr ""
7225
7226
#: serverguide/C/security.xml:997(para)
7227
msgid ""
7228
"The <application>apparmor-utils</application> package contains command line "
7229
"utilities that you can use to change the <application>AppArmor</application> "
7230
"execution mode, find the status of a profile, create new profiles, etc."
7231
msgstr ""
7232
7233
#: serverguide/C/security.xml:1003(para)
7234
msgid ""
7235
"<application>apparmor_status</application> is used to view the current "
7236
"status of AppArmor profiles."
7237
msgstr ""
7238
7239
#: serverguide/C/security.xml:1007(command)
7240
msgid "sudo apparmor_status"
7241
msgstr ""
7242
7243
#: serverguide/C/security.xml:1011(para)
7244
msgid ""
7245
"<application>aa-complain</application> places a profile into "
7246
"<emphasis>complain</emphasis> mode."
7247
msgstr ""
7248
7249
#: serverguide/C/security.xml:1015(command)
7250
msgid "sudo aa-complain /path/to/bin"
7251
msgstr ""
7252
7253
#: serverguide/C/security.xml:1019(para)
7254
msgid ""
7255
"<application>aa-enforce</application> places a profile into "
7256
"<emphasis>enforce</emphasis> mode."
7257
msgstr ""
7258
7259
#: serverguide/C/security.xml:1023(command)
7260
msgid "sudo aa-enforce /path/to/bin"
7261
msgstr ""
7262
7263
#: serverguide/C/security.xml:1027(para)
7264
msgid ""
7265
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7266
"profiles are located. It can be used to manipulate the "
7267
"<emphasis>mode</emphasis> of all profiles."
7268
msgstr ""
7269
7270
#: serverguide/C/security.xml:1031(para)
7271
msgid "Enter the following to place all profiles into complain mode:"
7272
msgstr ""
7273
7274
#: serverguide/C/security.xml:1035(command)
7275
msgid "sudo aa-complain /etc/apparmor.d/*"
7276
msgstr ""
7277
7278
#: serverguide/C/security.xml:1037(para)
7279
msgid "To place all profiles in enforce mode:"
7280
msgstr ""
7281
7282
#: serverguide/C/security.xml:1041(command)
7283
msgid "sudo aa-enforce /etc/apparmor.d/*"
7284
msgstr ""
7285
7286
#: serverguide/C/security.xml:1045(para)
7287
msgid ""
7288
"<application>apparmor_parser</application> is used to load a profile into "
7289
"the kernel. It can also be used to reload a currently loaded profile using "
7290
"the <emphasis>-r</emphasis> option. To load a profile:"
7291
msgstr ""
7292
7293
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
7294
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -a"
7295
msgstr ""
7296
7297
#: serverguide/C/security.xml:1052(para)
7298
msgid "To reload a profile:"
7299
msgstr ""
7300
7301
#: serverguide/C/security.xml:1056(command)
7302
msgid "cat /etc/apparmor.d/profile.name | sudo apparmor_parser -r"
7303
msgstr ""
7304
7305
#: serverguide/C/security.xml:1060(para)
7306
msgid ""
7307
"<filename>/etc/init.d/apparmor</filename> can be used to "
7308
"<emphasis>reload</emphasis> all profiles:"
7309
msgstr ""
7310
7311
#: serverguide/C/security.xml:1064(command)
7312
msgid "sudo /etc/init.d/apparmor reload"
7313
msgstr ""
7314
7315
#: serverguide/C/security.xml:1068(para)
7316
msgid ""
7317
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7318
"with the <application>apparmor_parser -R</application> option to "
7319
"<emphasis>disable</emphasis> a profile."
7320
msgstr ""
7321
7322
#: serverguide/C/security.xml:1073(command)
7323
msgid "sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/"
7324
msgstr ""
7325
7326
#: serverguide/C/security.xml:1074(command)
7327
msgid "sudo apparmor_parser -R /etc/apparmor.d/profile.name"
7328
msgstr ""
7329
7330
#: serverguide/C/security.xml:1076(para)
7331
msgid ""
7332
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7333
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7334
"load the profile using the <emphasis>-a</emphasis> option."
7335
msgstr ""
7336
7337
#: serverguide/C/security.xml:1081(command)
7338
msgid "sudo rm /etc/apparmor.d/disable/profile.name"
7339
msgstr ""
7340
7341
#: serverguide/C/security.xml:1086(para)
7342
msgid ""
7343
"<application>AppArmor</application> can be disabled, and the kernel module "
7344
"unloaded by entering the following:"
7345
msgstr ""
7346
7347
#: serverguide/C/security.xml:1090(command)
7348
msgid "sudo /etc/init.d/apparmor stop"
7349
msgstr ""
7350
7351
#: serverguide/C/security.xml:1091(command)
7352
msgid "sudo update-rc.d -f apparmor remove"
7353
msgstr ""
7354
7355
#: serverguide/C/security.xml:1095(para)
7356
msgid "To re-enable <application>AppArmor</application> enter:"
7357
msgstr ""
7358
7359
#: serverguide/C/security.xml:1099(command)
7360
msgid "sudo /etc/init.d/apparmor start"
7361
msgstr ""
7362
7363
#: serverguide/C/security.xml:1100(command)
7364
msgid "sudo update-rc.d apparmor defaults"
7365
msgstr ""
7366
7367
#: serverguide/C/security.xml:1105(para)
7368
msgid ""
7369
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7370
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7371
"the actual executable file path. For example for the "
7372
"<application>ping</application> command use <filename>/bin/ping</filename>"
7373
msgstr ""
7374
7375
#: serverguide/C/security.xml:1113(title)
7376
msgid "Profiles"
7377
msgstr ""
7378
7379
#: serverguide/C/security.xml:1114(para)
7380
msgid ""
7381
"<application>AppArmor</application> profiles are simple text files located "
7382
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7383
"path to the executable they profile replacing the \"/\" with \".\". For "
7384
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
7385
"profile for the <filename>/bin/ping</filename> command."
7386
msgstr ""
7387
7388
#: serverguide/C/security.xml:1120(para)
7389
msgid "There are two main type of rules used in profiles:"
7390
msgstr ""
7391
7392
#: serverguide/C/security.xml:1125(para)
7393
msgid ""
7394
"<emphasis>Path entries:</emphasis> which detail which files an application "
7395
"can access in the file system."
7396
msgstr ""
7397
7398
#: serverguide/C/security.xml:1130(para)
7399
msgid ""
7400
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7401
"confined process is allowed to use."
7402
msgstr ""
7403
7404
#: serverguide/C/security.xml:1135(para)
7405
msgid ""
7406
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7407
msgstr ""
7408
7409
#: serverguide/C/security.xml:1138(programlisting)
7410
#, no-wrap
7411
msgid ""
7412
"\n"
7413
"#include <tunables/global>\n"
7414
"/bin/ping flags=(complain) {\n"
7415
" #include <abstractions/base>\n"
7416
" #include <abstractions/consoles>\n"
7417
" #include <abstractions/nameservice>\n"
7418
"\n"
7419
" capability net_raw,\n"
7420
" capability setuid,\n"
7421
" network inet raw,\n"
7422
" \n"
7423
" /bin/ping mixr,\n"
7424
" /etc/modules.conf r,\n"
7425
"}\n"
7426
msgstr ""
7427
7428
#: serverguide/C/security.xml:1155(para)
7429
msgid ""
7430
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7431
"from other files. This allows statements pertaining to multiple applications "
7432
"to be placed in a common file."
7433
msgstr ""
7434
7435
#: serverguide/C/security.xml:1161(para)
7436
msgid ""
7437
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7438
"program, also setting the mode to <emphasis>complain</emphasis>."
7439
msgstr ""
7440
7441
#: serverguide/C/security.xml:1167(para)
7442
msgid ""
7443
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7444
"the CAP_NET_RAW Posix.1e capability."
7445
msgstr ""
7446
7447
#: serverguide/C/security.xml:1172(para)
7448
msgid ""
7449
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7450
"execute access to the file."
7451
msgstr ""
7452
7453
#: serverguide/C/security.xml:1178(para)
7454
msgid ""
7455
"After editing a profile file the profile must be reloaded. See <xref "
7456
"linkend=\"apparmor-usage\"/> for details."
7457
msgstr ""
7458
7459
#: serverguide/C/security.xml:1183(title)
7460
msgid "Creating a Profile"
7461
msgstr ""
7462
7463
#: serverguide/C/security.xml:1186(para)
7464
msgid ""
7465
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7466
"application should be exercised. The test plan should be divided into small "
7467
"test cases. Each test case should have a small description and list the "
7468
"steps to follow."
7469
msgstr ""
7470
7471
#: serverguide/C/security.xml:1190(para)
7472
msgid "Some standard test cases are:"
7473
msgstr ""
7474
7475
#: serverguide/C/security.xml:1195(para)
7476
msgid "Starting the program."
7477
msgstr ""
7478
7479
#: serverguide/C/security.xml:1200(para)
7480
msgid "Stopping the program."
7481
msgstr ""
7482
7483
#: serverguide/C/security.xml:1205(para)
7484
msgid "Reloading the program."
7485
msgstr ""
7486
7487
#: serverguide/C/security.xml:1210(para)
7488
msgid "Testing all the commands supported by the init script."
7489
msgstr ""
7490
7491
#: serverguide/C/security.xml:1217(para)
7492
msgid ""
7493
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7494
"genprof</application> to generate a new profile. From a terminal:"
7495
msgstr ""
7496
7497
#: serverguide/C/security.xml:1222(command)
7498
msgid "sudo aa-genprof executable"
7499
msgstr ""
7500
7501
#: serverguide/C/security.xml:1224(para)
7502
msgid "For example:"
7503
msgstr ""
7504
7505
#: serverguide/C/security.xml:1228(command)
7506
msgid "sudo aa-genprof slapd"
7507
msgstr ""
7508
7509
#: serverguide/C/security.xml:1232(para)
7510
msgid ""
7511
"To get your new profile included in the <application>apparmor-"
7512
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7513
"against the <ulink "
7514
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
7515
"/ulink> package:"
7516
msgstr ""
7517
7518
#: serverguide/C/security.xml:1239(para)
7519
msgid "Include your test plan and test cases."
7520
msgstr ""
7521
7522
#: serverguide/C/security.xml:1244(para)
7523
msgid "Attach your new profile to the bug."
7524
msgstr ""
7525
7526
#: serverguide/C/security.xml:1253(title)
7527
msgid "Updating Profiles"
7528
msgstr ""
7529
7530
#: serverguide/C/security.xml:1254(para)
7531
msgid ""
7532
"When the program is misbehaving, audit messages are sent to the log files. "
7533
"The program <application>aa-logprof</application> can be used to scan log "
7534
"files for <application>AppArmor</application> audit messages, review them "
7535
"and update the profiles. From a terminal:"
7536
msgstr ""
7537
7538
#: serverguide/C/security.xml:1259(command)
7539
msgid "sudo aa-logprof"
7540
msgstr ""
7541
7542
#: serverguide/C/security.xml:1267(para)
7543
msgid ""
7544
"See the <ulink "
7545
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7546
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
7547
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
7548
"configuration options."
7549
msgstr ""
7550
7551
#: serverguide/C/security.xml:1274(para)
7552
msgid ""
7553
"For details using AppArmor with other Ubuntu releases see the <ulink "
7554
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7555
"Wiki</ulink> page."
7556
msgstr ""
7557
7558
#: serverguide/C/security.xml:1282(para)
7559
msgid ""
7560
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
7561
"page is another introduction to AppArmor."
7562
msgstr ""
7563
7564
#: serverguide/C/security.xml:1289(para)
7565
msgid ""
7566
"A great place to ask for <application>AppArmor</application> assistance, and "
7567
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7568
"server</emphasis> IRC channel on <ulink "
7569
"url=\"http://freenode.net\">freenode</ulink>."
7570
msgstr ""
7571
7572
#: serverguide/C/security.xml:1299(title)
7573
msgid "Certificates"
7574
msgstr ""
7575
7576
#: serverguide/C/security.xml:1300(para)
7577
msgid ""
7578
"One of the most common forms of cryptography today is <emphasis>public-"
7579
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7580
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
7581
"system works by <emphasis>encrypting</emphasis> information using the public "
7582
"key. The information can then only be <emphasis>decrypted</emphasis> using "
7583
"the private key."
7584
msgstr ""
7585
7586
#: serverguide/C/security.xml:1306(para)
7587
msgid ""
7588
"A common use for public-key cryptography is encrypting application traffic "
7589
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7590
"connection. For example, configuring Apache to provide "
7591
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7592
"encrypt traffic using a protocol that does not itself provide encryption."
7593
msgstr ""
7594
7595
#: serverguide/C/security.xml:1311(para)
7596
msgid ""
7597
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7598
"<emphasis>public key</emphasis> and other information about a server and the "
7599
"organization who is responsible for it. Certificates can be digitally signed "
7600
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7601
"third party that has confirmed that the information contained in the "
7602
"certificate is accurate."
7603
msgstr ""
7604
7605
#: serverguide/C/security.xml:1318(title)
7606
msgid "Types of Certificates"
7607
msgstr "Sertifikatų rūšys"
7608
7609
#: serverguide/C/security.xml:1319(para)
7610
msgid ""
7611
"To set up a secure server using public-key cryptography, in most cases, you "
7612
"send your certificate request (including your public key), proof of your "
7613
"company's identity, and payment to a CA. The CA verifies the certificate "
7614
"request and your identity, and then sends back a certificate for your secure "
7615
"server. Alternatively, you can create your own <emphasis>self-"
7616
"signed</emphasis> certificate."
7617
msgstr ""
7618
7619
#: serverguide/C/security.xml:1329(para)
7620
msgid ""
7621
"Note, that self-signed certificates should not be used in most production "
7622
"environments."
7623
msgstr ""
7624
7625
#: serverguide/C/security.xml:1333(para)
7626
msgid ""
7627
"Continuing the HTTPS example, a CA-signed certificate provides two important "
7628
"capabilities that a self-signed certificate does not:"
7629
msgstr ""
7630
7631
#: serverguide/C/security.xml:1340(para)
7632
msgid ""
7633
"Browsers (usually) automatically recognize the certificate and allow a "
7634
"secure connection to be made without prompting the user."
7635
msgstr ""
7636
7637
#: serverguide/C/security.xml:1347(para)
7638
msgid ""
7639
"When a CA issues a signed certificate, it is guaranteeing the identity of "
7640
"the organization that is providing the web pages to the browser."
7641
msgstr ""
7642
7643
#: serverguide/C/security.xml:1355(para)
7644
msgid ""
7645
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
7646
"certificates they automatically accept. If a browser encounters a "
7647
"certificate whose authorizing CA is not in the list, the browser asks the "
7648
"user to either accept or decline the connection. Also, other applications "
7649
"may generate an error message when using a self-singed certificate."
7650
msgstr ""
7651
7652
#: serverguide/C/security.xml:1363(para)
7653
msgid ""
7654
"The process of getting a certificate from a CA is fairly easy. A quick "
7655
"overview is as follows:"
7656
msgstr ""
7657
7658
#: serverguide/C/security.xml:1370(para)
7659
msgid "Create a private and public encryption key pair."
7660
msgstr ""
7661
7662
#: serverguide/C/security.xml:1373(para)
7663
msgid ""
7664
"Create a certificate request based on the public key. The certificate "
7665
"request contains information about your server and the company hosting it."
7666
msgstr ""
7667
7668
#: serverguide/C/security.xml:1378(para)
7669
msgid ""
7670
"Send the certificate request, along with documents proving your identity, to "
7671
"a CA. We cannot tell you which certificate authority to choose. Your "
7672
"decision may be based on your past experiences, or on the experiences of "
7673
"your friends or colleagues, or purely on monetary factors."
7674
msgstr ""
7675
7676
#: serverguide/C/security.xml:1384(para)
7677
msgid ""
7678
"Once you have decided upon a CA, you need to follow the instructions they "
7679
"provide on how to obtain a certificate from them."
7680
msgstr ""
7681
7682
#: serverguide/C/security.xml:1389(para)
7683
msgid ""
7684
"When the CA is satisfied that you are indeed who you claim to be, they send "
7685
"you a digital certificate."
7686
msgstr ""
7687
7688
#: serverguide/C/security.xml:1393(para)
7689
msgid ""
7690
"Install this certificate on your secure server, and configure the "
7691
"appropriate applications to use the certificate."
7692
msgstr ""
7693
7694
#: serverguide/C/security.xml:1402(title)
7695
msgid "Generating a Certificate Signing Request (CSR)"
7696
msgstr ""
7697
7698
#: serverguide/C/security.xml:1404(para)
7699
msgid ""
7700
"Whether you are getting a certificate from a CA or generating your own self-"
7701
"signed certificate, the first step is to generate a key."
7702
msgstr ""
7703
7704
#: serverguide/C/security.xml:1409(para)
7705
msgid ""
7706
"If the certificate will be used by service daemons, such as Apache, Postfix, "
7707
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
7708
"passphrase allows the services to start without manual intervention, usually "
7709
"the preferred way to start a daemon."
7710
msgstr ""
7711
7712
#: serverguide/C/security.xml:1415(para)
7713
msgid ""
7714
"This section will cover generating a key with a passphrase, and one without. "
7715
"The non-passphrase key will then be used to generate a certificate that can "
7716
"be used with various service daemons."
7717
msgstr ""
7718
7719
#: serverguide/C/security.xml:1421(para)
7720
msgid ""
7721
"Running your secure service without a passphrase is convenient because you "
7722
"will not need to enter the passphrase every time you start your secure "
7723
"service. But it is insecure and a compromise of the key means a compromise "
7724
"of the server as well."
7725
msgstr ""
7726
7727
#: serverguide/C/security.xml:1428(para)
7728
msgid ""
7729
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
7730
"Request (CSR) run the following command from a terminal prompt:"
7731
msgstr ""
7732
7733
#: serverguide/C/security.xml:1434(command)
7734
msgid "openssl genrsa -des3 -out server.key 1024"
7735
msgstr ""
7736
7737
#: serverguide/C/security.xml:1437(programlisting)
7738
#, no-wrap
7739
msgid ""
7740
"\n"
7741
"Generating RSA private key, 1024 bit long modulus\n"
7742
".....................++++++\n"
7743
".................++++++\n"
7744
"unable to write 'random state'\n"
7745
"e is 65537 (0x10001)\n"
7746
"Enter pass phrase for server.key:\n"
7747
msgstr ""
7748
7749
#: serverguide/C/security.xml:1446(para)
7750
msgid ""
7751
"You can now enter your passphrase. For best security, it should at least "
7752
"contain eight characters. The minimum length when specifying -des3 is four "
7753
"characters. It should include numbers and/or punctuation and not be a word "
7754
"in a dictionary. Also remember that your passphrase is case-sensitive."
7755
msgstr ""
7756
7757
#: serverguide/C/security.xml:1454(para)
7758
msgid ""
7759
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
7760
"server key is generated and stored in the <filename>server.key</filename> "
7761
"file."
7762
msgstr ""
7763
7764
#: serverguide/C/security.xml:1460(para)
7765
msgid ""
7766
"Now create the insecure key, the one without a passphrase, and shuffle the "
7767
"key names:"
7768
msgstr ""
7769
7770
#: serverguide/C/security.xml:1466(command)
7771
msgid "openssl rsa -in server.key -out server.key.insecure"
7772
msgstr "openssl rsa -in server.key -out server.key.insecure"
7773
7774
#: serverguide/C/security.xml:1467(command)
7775
msgid "mv server.key server.key.secure"
7776
msgstr ""
7777
7778
#: serverguide/C/security.xml:1468(command)
7779
msgid "mv server.key.insecure server.key"
7780
msgstr ""
7781
7782
#: serverguide/C/security.xml:1471(para)
7783
msgid ""
7784
"The insecure key is now named <filename>server.key</filename>, and you can "
7785
"use this file to generate the CSR without passphrase."
7786
msgstr ""
7787
7788
#: serverguide/C/security.xml:1476(para)
7789
msgid "To create the CSR, run the following command at a terminal prompt:"
7790
msgstr ""
7791
7792
#: serverguide/C/security.xml:1481(command)
7793
msgid "openssl req -new -key server.key -out server.csr"
7794
msgstr "openssl req -new -key server.key -out server.csr"
7795
7796
#: serverguide/C/security.xml:1484(para)
7797
msgid ""
7798
"It will prompt you enter the passphrase. If you enter the correct "
7799
"passphrase, it will prompt you to enter Company Name, Once you enter all "
7800
"these details, your CSR will be created and it will be stored in the "
7801
"<filename>server.csr</filename> file. Site Name, Email Id, etc."
7802
msgstr ""
7803
7804
#: serverguide/C/security.xml:1492(para)
7805
msgid ""
7806
"You can now submit this CSR file to a CA for processing. The CA will use "
7807
"this CSR file and issue the certificate. On the other hand, you can create "
7808
"self-signed certificate using this CSR."
7809
msgstr ""
7810
7811
#: serverguide/C/security.xml:1500(title)
7812
msgid "Creating a Self-Signed Certificate"
7813
msgstr ""
7814
7815
#: serverguide/C/security.xml:1501(para)
7816
msgid ""
7817
"To create the self-signed certificate, run the following command at a "
7818
"terminal prompt:"
7819
msgstr ""
7820
7821
#: serverguide/C/security.xml:1506(command)
7822
msgid ""
7823
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7824
"server.crt"
7825
msgstr ""
7826
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
7827
"server.crt"
7828
7829
#: serverguide/C/security.xml:1509(para)
7830
msgid ""
7831
"The above command will prompt you to enter the passphrase. Once you enter "
7832
"the correct passphrase, your certificate will be created and it will be "
7833
"stored in the <filename>server.crt</filename> file."
7834
msgstr ""
7835
7836
#: serverguide/C/security.xml:1514(para)
7837
msgid ""
7838
"If your secure server is to be used in a production environment, you "
7839
"probably need a CA-signed certificate. It is not recommended to use self-"
7840
"signed certificate."
7841
msgstr ""
7842
7843
#: serverguide/C/security.xml:1522(title)
7844
msgid "Installing the Certificate"
7845
msgstr "Diegiamas Sertifikatas"
7846
7847
#: serverguide/C/security.xml:1524(para)
7848
msgid ""
7849
"You can install the key file <filename>server.key</filename> and certificate "
7850
"file <filename>server.crt</filename>, or the certificate file issued by your "
7851
"CA, by running following commands at a terminal prompt:"
7852
msgstr ""
7853
7854
#: serverguide/C/security.xml:1530(command)
7855
msgid "sudo cp server.crt /etc/ssl/certs"
7856
msgstr ""
7857
7858
#: serverguide/C/security.xml:1531(command)
7859
msgid "sudo cp server.key /etc/ssl/private"
7860
msgstr ""
7861
7862
#: serverguide/C/security.xml:1533(para)
7863
msgid ""
7864
"Now simply configure any applications, with the ability to use public-key "
7865
"cryptography, to use the <emphasis>certificate</emphasis> and "
7866
"<emphasis>key</emphasis> files. For example, "
7867
"<application>Apache</application> can provide HTTPS, "
7868
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
7869
msgstr ""
7870
7871
#: serverguide/C/security.xml:1540(title)
7872
msgid "Certification Authority"
7873
msgstr ""
7874
7875
#: serverguide/C/security.xml:1542(para)
7876
msgid ""
7877
"If the services on your network require more than a few self-signed "
7878
"certificates it may be worth the additional effort to setup your own "
7879
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
7880
"certificates signed by your own CA, allows the various services using the "
7881
"certificates to easily trust other services using certificates issued from "
7882
"the same CA."
7883
msgstr ""
7884
7885
#: serverguide/C/security.xml:1552(para)
7886
msgid ""
7887
"First, create the directories to hold the CA certificate and related files:"
7888
msgstr ""
7889
7890
#: serverguide/C/security.xml:1557(command)
7891
msgid "sudo mkdir /etc/ssl/CA"
7892
msgstr ""
7893
7894
#: serverguide/C/security.xml:1558(command)
7895
msgid "sudo mkdir /etc/ssl/newcerts"
7896
msgstr ""
7897
7898
#: serverguide/C/security.xml:1564(para)
7899
msgid ""
7900
"The CA needs a few additional files to operate, one to keep track of the "
7901
"last serial number used by the CA, each certificate must have a unique "
7902
"serial number, and another file to record which certificates have been "
7903
"issued:"
7904
msgstr ""
7905
7906
#: serverguide/C/security.xml:1571(command)
7907
msgid "sudo sh -c \"echo '01' > /etc/ssl/CA/serial\""
7908
msgstr ""
7909
7910
#: serverguide/C/security.xml:1572(command)
7911
msgid "sudo touch /etc/ssl/CA/index.txt"
7912
msgstr ""
7913
7914
#: serverguide/C/security.xml:1578(para)
7915
msgid ""
7916
"The third file is a CA configuration file. Though not strictly necessary, it "
7917
"is very convenient when issuing multiple certificates. Edit "
7918
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
7919
"]</emphasis> change:"
7920
msgstr ""
7921
7922
#: serverguide/C/security.xml:1584(programlisting)
7923
#, no-wrap
7924
msgid ""
7925
"\n"
7926
"dir = /etc/ssl/ # Where everything is kept\n"
7927
"database = $dir/CA/index.txt # database index file.\n"
7928
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
7929
"serial = $dir/CA/serial # The current serial number\n"
7930
"private_key = $dir/private/cakey.pem# The private key\n"
7931
msgstr ""
7932
7933
#: serverguide/C/security.xml:1595(para)
7934
msgid "Next, create the self-singed root certificate:"
7935
msgstr ""
7936
7937
#: serverguide/C/security.xml:1600(command)
7938
msgid ""
7939
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
7940
"days 3650"
7941
msgstr ""
7942
7943
#: serverguide/C/security.xml:1603(para)
7944
msgid "You will then be asked to enter the details about the certificate."
7945
msgstr ""
7946
7947
#: serverguide/C/security.xml:1610(para)
7948
msgid "Now install the root certificate and key:"
7949
msgstr ""
7950
7951
#: serverguide/C/security.xml:1615(command)
7952
msgid "sudo mv cakey.pem /etc/ssl/private/"
7953
msgstr ""
7954
7955
#: serverguide/C/security.xml:1616(command)
7956
msgid "sudo mv cacert.pem /etc/ssl/certs/"
7957
msgstr ""
7958
7959
#: serverguide/C/security.xml:1622(para)
7960
msgid ""
7961
"You are now ready to start signing certificates. The first item needed is a "
7962
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
7963
"for details. Once you have a CSR, enter the following to generate a "
7964
"certificate signed by the CA:"
7965
msgstr ""
7966
7967
#: serverguide/C/security.xml:1629(command)
7968
msgid "sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf"
7969
msgstr ""
7970
7971
#: serverguide/C/security.xml:1632(para)
7972
msgid ""
7973
"After entering the password for the CA key, you will be prompted to sign the "
7974
"certificate, and again to commit the new certificate. You should then see a "
7975
"somewhat large amount of output related to the certificate creation."
7976
msgstr ""
7977
7978
#: serverguide/C/security.xml:1641(para)
7979
msgid ""
7980
"There should now be a new file, "
7981
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
7982
"Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
7983
"</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
7984
"file named after the hostname of the server where the certificate will be "
7985
"installed. For example <filename>mail.example.com.crt</filename>, is a nice "
7986
"descriptive name."
7987
msgstr ""
7988
7989
#: serverguide/C/security.xml:1649(para)
7990
msgid ""
7991
"Subsequent certificates will be named <filename>02.pem</filename>, "
7992
"<filename>03.pem</filename>, etc."
7993
msgstr ""
7994
7995
#: serverguide/C/security.xml:1654(para)
7996
msgid ""
7997
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
7998
"name."
7999
msgstr ""
8000
8001
#: serverguide/C/security.xml:1662(para)
8002
msgid ""
8003
"Finally, copy the new certificate to the host that needs it, and configure "
8004
"the appropriate applications to use it. The default location to install "
8005
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
8006
"enables multiple services to use the same certificate without overly "
8007
"complicated file permissions."
8008
msgstr ""
8009
8010
#: serverguide/C/security.xml:1668(para)
8011
msgid ""
8012
"For applications that can be configured to use a CA certificate, you should "
8013
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
8014
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
8015
"server."
8016
msgstr ""
8017
8018
#: serverguide/C/security.xml:1682(para)
8019
msgid ""
8020
"For more detailed instructions on using cryptography see the <ulink "
8021
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
8022
"Certificates HOWTO</ulink> by tlpd.org"
8023
msgstr ""
8024
8025
#: serverguide/C/security.xml:1688(para)
8026
msgid ""
8027
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
8028
"of Certificate Authorities."
8029
msgstr ""
8030
8031
#: serverguide/C/security.xml:1693(para)
8032
msgid ""
8033
"The Wikipedia <ulink "
8034
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8035
"information regarding HTTPS."
8036
msgstr ""
8037
8038
#: serverguide/C/security.xml:1698(para)
8039
msgid ""
8040
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8041
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8042
msgstr ""
8043
8044
#: serverguide/C/security.xml:1703(para)
8045
msgid ""
8046
"Also, O'Reilly's <ulink "
8047
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8048
"OpenSSL</ulink> is a good in depth reference."
8049
msgstr ""
8050
8051
#: serverguide/C/security.xml:1712(title)
8052
msgid "eCryptfs"
8053
msgstr ""
8054
8055
#: serverguide/C/security.xml:1714(para)
8056
msgid ""
8057
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
8058
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
8059
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
8060
"filesystem, partition type, etc."
8061
msgstr ""
8062
8063
#: serverguide/C/security.xml:1720(para)
8064
msgid ""
8065
"During installation there is an option to encrypt the <filename "
8066
"role=\"directory\">/home</filename> partition. This will automatically "
8067
"configure everything needed to encrypt and mount the partition."
8068
msgstr ""
8069
8070
#: serverguide/C/security.xml:1725(para)
8071
msgid ""
8072
"As an example, this section will cover configuring <filename "
8073
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
8074
msgstr ""
8075
8076
#: serverguide/C/security.xml:1730(title)
8077
msgid "Using eCryptfs"
8078
msgstr ""
8079
8080
#: serverguide/C/security.xml:1732(para)
8081
msgid "First, install the necessary packages. From a terminal prompt enter:"
8082
msgstr ""
8083
8084
#: serverguide/C/security.xml:1737(command)
8085
msgid "sudo apt-get install ecryptfs-utils"
8086
msgstr ""
8087
8088
#: serverguide/C/security.xml:1740(para)
8089
msgid "Now mount the partition to be encrypted:"
8090
msgstr ""
8091
8092
#: serverguide/C/security.xml:1745(command)
8093
msgid "sudo mount -t ecryptfs /srv /srv"
8094
msgstr ""
8095
8096
#: serverguide/C/security.xml:1748(para)
8097
msgid ""
8098
"You will then be prompted for some details on how "
8099
"<application>ecryptfs</application> should encrypt the data."
8100
msgstr ""
8101
8102
#: serverguide/C/security.xml:1752(para)
8103
msgid ""
8104
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8105
"copy the <filename>/etc/default</filename> folder to "
8106
"<filename>/srv</filename>:"
8107
msgstr ""
8108
8109
#: serverguide/C/security.xml:1758(command) serverguide/C/clustering.xml:185(command)
8110
msgid "sudo cp -r /etc/default /srv"
8111
msgstr ""
8112
8113
#: serverguide/C/security.xml:1761(para)
8114
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8115
msgstr ""
8116
8117
#: serverguide/C/security.xml:1766(command) serverguide/C/installation.xml:1088(command) serverguide/C/clustering.xml:193(command)
8118
msgid "sudo umount /srv"
8119
msgstr ""
8120
8121
#: serverguide/C/security.xml:1767(command)
8122
msgid "cat /srv/default/cron"
8123
msgstr ""
8124
8125
#: serverguide/C/security.xml:1770(para)
8126
msgid ""
8127
"Remounting <filename>/srv</filename> using "
8128
"<application>ecryptfs</application> will make the data viewable once again."
8129
msgstr ""
8130
8131
#: serverguide/C/security.xml:1776(title)
8132
msgid "Automatically Mounting Encrypted Partitions"
8133
msgstr ""
8134
8135
#: serverguide/C/security.xml:1778(para)
8136
msgid ""
8137
"There are a couple of ways to automatically mount an "
8138
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8139
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
8140
"mount options, along with a passphrase file residing on a USB key."
8141
msgstr ""
8142
8143
#: serverguide/C/security.xml:1784(para)
8144
msgid "First, create <filename>/root/.ecryptfsrc</filename> containing:"
8145
msgstr ""
8146
8147
#: serverguide/C/security.xml:1788(programlisting)
8148
#, no-wrap
8149
msgid ""
8150
"\n"
8151
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
8152
"ecryptfs_sig=5826dd62cf81c615\n"
8153
"ecryptfs_cipher=aes\n"
8154
"ecryptfs_key_bytes=16\n"
8155
"ecryptfs_passthrough=n\n"
8156
"ecryptfs_enable_filename_crypto=n\n"
8157
msgstr ""
8158
8159
#: serverguide/C/security.xml:1798(para)
8160
msgid ""
8161
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8162
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
8163
msgstr ""
8164
8165
#: serverguide/C/security.xml:1803(para)
8166
msgid ""
8167
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8168
"file:"
8169
msgstr ""
8170
8171
#: serverguide/C/security.xml:1807(programlisting)
8172
#, no-wrap
8173
msgid ""
8174
"\n"
8175
"passphrase_passwd=[secrets]\n"
8176
msgstr ""
8177
8178
#: serverguide/C/security.xml:1811(para)
8179
msgid "Now add the necessary lines to <filename>/etc/fstab</filename>:"
8180
msgstr ""
8181
8182
#: serverguide/C/security.xml:1815(programlisting)
8183
#, no-wrap
8184
msgid ""
8185
"\n"
8186
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
8187
"/srv /srv ecryptfs defaults 0 0\n"
8188
msgstr ""
8189
8190
#: serverguide/C/security.xml:1820(para)
8191
msgid "Make sure the USB drive is mounted before the encrypted partition."
8192
msgstr ""
8193
8194
#: serverguide/C/security.xml:1824(para)
8195
msgid ""
8196
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8197
"ecryptfs."
8198
msgstr ""
8199
8200
#: serverguide/C/security.xml:1832(para)
8201
msgid ""
8202
"The <application>ecryptfs-utils</application> package includes several other "
8203
"useful utilities:"
8204
msgstr ""
8205
8206
#: serverguide/C/security.xml:1838(para)
8207
msgid ""
8208
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8209
"<filename>~/Private</filename> directory to contain encrypted information. "
8210
"This utility can be run by unprivileged users to keep data private from "
8211
"other users on the system."
8212
msgstr ""
8213
8214
#: serverguide/C/security.xml:1845(para)
8215
msgid ""
8216
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8217
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8218
"directory."
8219
msgstr ""
8220
8221
#: serverguide/C/security.xml:1851(para)
8222
msgid ""
8223
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8224
"kernel keyring."
8225
msgstr ""
8226
8227
#: serverguide/C/security.xml:1856(para)
8228
msgid ""
8229
"<emphasis>ecryptfs-manager:</emphasis> manages "
8230
"<application>eCryptfs</application> objects such as keys."
8231
msgstr ""
8232
8233
#: serverguide/C/security.xml:1861(para)
8234
msgid ""
8235
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8236
"<application>ecryptfs</application> meta information for a file."
8237
msgstr ""
8238
8239
#: serverguide/C/security.xml:1874(para)
8240
msgid ""
8241
"For more information on eCryptfs see the <ulink "
8242
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
8243
msgstr ""
8244
8245
#: serverguide/C/security.xml:1879(para)
8246
msgid ""
8247
"There is also a <ulink "
8248
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8249
"article covering eCryptfs."
8250
msgstr ""
8251
8252
#: serverguide/C/security.xml:1884(para)
8253
msgid ""
8254
"Also, for more <application>ecryptfs</application> options see the <ulink "
8255
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8256
"ryptfs man page</ulink>."
8257
msgstr ""
8258
8259
#: serverguide/C/remote-administration.xml:13(title)
8260
msgid "Remote Administration"
8261
msgstr ""
8262
8263
#: serverguide/C/remote-administration.xml:14(para)
8264
msgid ""
8265
"There are many ways to remotely administer a Linux server. This chapter will "
8266
"cover one of the most popular <application>SSH</application> as well as "
8267
"<application>eBox</application>, a web based administration framework."
8268
msgstr ""
8269
8270
#: serverguide/C/remote-administration.xml:23(para)
8271
msgid ""
8272
"This section of the Ubuntu Server Guide introduces a powerful collection of "
8273
"tools for the remote control of networked computers and transfer of data "
8274
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
8275
"also learn about some of the configuration settings possible with the "
8276
"OpenSSH server application and how to change them on your Ubuntu system."
8277
msgstr ""
8278
8279
#: serverguide/C/remote-administration.xml:30(para)
8280
msgid ""
8281
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
8282
"family of tools for remotely controlling a computer or transferring files "
8283
"between computers. Traditional tools used to accomplish these functions, "
8284
"such as <application>telnet</application> or <application>rcp</application>, "
8285
"are insecure and transmit the user's password in cleartext when used. "
8286
"OpenSSH provides a server daemon and client tools to facilitate secure, "
8287
"encrypted remote control and file transfer operations, effectively replacing "
8288
"the legacy tools."
8289
msgstr ""
8290
8291
#: serverguide/C/remote-administration.xml:39(para)
8292
msgid ""
8293
"The OpenSSH server component, <application>sshd</application>, listens "
8294
"continuously for client connections from any of the client tools. When a "
8295
"connection request occurs, <application>sshd</application> sets up the "
8296
"correct connection depending on the type of client tool connecting. For "
8297
"example, if the remote computer is connecting with the "
8298
"<application>ssh</application> client application, the OpenSSH server sets "
8299
"up a remote control session after authentication. If a remote user connects "
8300
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
8301
"daemon initiates a secure copy of files between the server and client after "
8302
"authentication. OpenSSH can use many authentication methods, including plain "
8303
"password, public key, and <application>Kerberos</application> tickets."
8304
msgstr ""
8305
8306
#: serverguide/C/remote-administration.xml:53(para)
8307
msgid ""
8308
"Installation of the OpenSSH client and server applications is simple. To "
8309
"install the OpenSSH client applications on your Ubuntu system, use this "
8310
"command at a terminal prompt:"
8311
msgstr ""
8312
8313
#: serverguide/C/remote-administration.xml:59(command)
8314
msgid "sudo apt-get install openssh-client"
8315
msgstr ""
8316
8317
#: serverguide/C/remote-administration.xml:61(para)
8318
msgid ""
8319
"To install the OpenSSH server application, and related support files, use "
8320
"this command at a terminal prompt:"
8321
msgstr ""
8322
8323
#: serverguide/C/remote-administration.xml:66(command)
8324
msgid "sudo apt-get install openssh-server"
8325
msgstr ""
8326
8327
#: serverguide/C/remote-administration.xml:68(para)
8328
msgid ""
8329
"The <application>openssh-server</application> package can also be selected "
8330
"to install during the Server Edition installation process."
8331
msgstr ""
8332
8333
#: serverguide/C/remote-administration.xml:75(para)
8334
msgid ""
8335
"You may configure the default behavior of the OpenSSH server application, "
8336
"<application>sshd</application>, by editing the file "
8337
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
8338
"configuration directives used in this file, you may view the appropriate "
8339
"manual page with the following command, issued at a terminal prompt:"
8340
msgstr ""
8341
8342
#: serverguide/C/remote-administration.xml:83(command)
8343
msgid "man sshd_config"
8344
msgstr ""
8345
8346
#: serverguide/C/remote-administration.xml:85(para)
8347
msgid ""
8348
"There are many directives in the <application>sshd</application> "
8349
"configuration file controlling such things as communication settings and "
8350
"authentication modes. The following are examples of configuration directives "
8351
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
8352
"file."
8353
msgstr ""
8354
8355
#: serverguide/C/remote-administration.xml:92(para)
8356
msgid ""
8357
"Prior to editing the configuration file, you should make a copy of the "
8358
"original file and protect it from writing so you will have the original "
8359
"settings as a reference and to reuse as necessary."
8360
msgstr ""
8361
8362
#: serverguide/C/remote-administration.xml:96(para)
8363
msgid ""
8364
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
8365
"writing with the following commands, issued at a terminal prompt:"
8366
msgstr ""
8367
8368
#: serverguide/C/remote-administration.xml:101(command)
8369
msgid "sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original"
8370
msgstr ""
8371
8372
#: serverguide/C/remote-administration.xml:102(command)
8373
msgid "sudo chmod a-w /etc/ssh/sshd_config.original"
8374
msgstr ""
8375
8376
#: serverguide/C/remote-administration.xml:104(para)
8377
msgid ""
8378
"The following are examples of configuration directives you may change:"
8379
msgstr ""
8380
8381
#: serverguide/C/remote-administration.xml:109(para)
8382
msgid ""
8383
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
8384
"port 22, change the Port directive as such:"
8385
msgstr ""
8386
8387
#: serverguide/C/remote-administration.xml:113(para)
8388
msgid "Port 2222"
8389
msgstr ""
8390
8391
#: serverguide/C/remote-administration.xml:118(para)
8392
msgid ""
8393
"To have <application>sshd</application> allow public key-based login "
8394
"credentials, simply add or modify the line:"
8395
msgstr ""
8396
8397
#: serverguide/C/remote-administration.xml:122(para)
8398
msgid "PubkeyAuthentication yes"
8399
msgstr ""
8400
8401
#: serverguide/C/remote-administration.xml:125(para)
8402
msgid ""
8403
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
8404
"present, ensure the line is not commented out."
8405
msgstr ""
8406
8407
#: serverguide/C/remote-administration.xml:131(para)
8408
msgid ""
8409
"To make your OpenSSH server display the contents of the "
8410
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
8411
"or modify the line:"
8412
msgstr ""
8413
8414
#: serverguide/C/remote-administration.xml:136(para)
8415
msgid "Banner /etc/issue.net"
8416
msgstr ""
8417
8418
#: serverguide/C/remote-administration.xml:139(para)
8419
msgid "In the <filename>/etc/ssh/sshd_config</filename> file."
8420
msgstr ""
8421
8422
#: serverguide/C/remote-administration.xml:144(para)
8423
msgid ""
8424
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
8425
"save the file, and restart the <application>sshd</application> server "
8426
"application to effect the changes using the following command at a terminal "
8427
"prompt:"
8428
msgstr ""
8429
8430
#: serverguide/C/remote-administration.xml:153(para)
8431
msgid ""
8432
"Many other configuration directives for <application>sshd</application> are "
8433
"available for changing the server application's behavior to fit your needs. "
8434
"Be advised, however, if your only method of access to a server is "
8435
"<application>ssh</application>, and you make a mistake in configuring "
8436
"<application>sshd</application> via the "
8437
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
8438
"out of the server upon restarting it, or that the "
8439
"<application>sshd</application> server refuses to start due to an incorrect "
8440
"configuration directive, so be extra careful when editing this file on a "
8441
"remote server."
8442
msgstr ""
8443
8444
#: serverguide/C/remote-administration.xml:168(title)
8445
msgid "SSH Keys"
8446
msgstr ""
8447
8448
#: serverguide/C/remote-administration.xml:169(para)
8449
msgid ""
8450
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
8451
"the need of a password. SSH key authentication uses two keys a "
8452
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
8453
msgstr ""
8454
8455
#: serverguide/C/remote-administration.xml:173(para)
8456
msgid "To generate the keys, from a terminal prompt enter:"
8457
msgstr ""
8458
8459
#: serverguide/C/remote-administration.xml:177(command)
8460
msgid "ssh-keygen -t dsa"
8461
msgstr ""
8462
8463
#: serverguide/C/remote-administration.xml:179(para)
8464
msgid ""
8465
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
8466
"identity of the user. During the process you will be prompted for a "
8467
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
8468
"key."
8469
msgstr ""
8470
8471
#: serverguide/C/remote-administration.xml:183(para)
8472
msgid ""
8473
"By default the <emphasis>public</emphasis> key is saved in the file "
8474
"<filename>~/.ssh/id_dsa.pub</filename>, while "
8475
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
8476
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
8477
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
8478
msgstr ""
8479
8480
#: serverguide/C/remote-administration.xml:189(command)
8481
msgid "ssh-copy-id username@remotehost"
8482
msgstr ""
8483
8484
#: serverguide/C/remote-administration.xml:191(para)
8485
msgid ""
8486
"Finally, double check the permissions on the "
8487
"<filename>authorized_keys</filename> file, only the authenticated user "
8488
"should have read and write permissions. If the permissions are not correct "
8489
"change them by:"
8490
msgstr ""
8491
8492
#: serverguide/C/remote-administration.xml:196(command)
8493
msgid "chmod 644 .ssh/authorized_keys"
8494
msgstr ""
8495
8496
#: serverguide/C/remote-administration.xml:198(para)
8497
msgid ""
8498
"You should now be able to SSH to the host without being prompted for a "
8499
"password."
8500
msgstr ""
8501
8502
#: serverguide/C/remote-administration.xml:205(ulink)
8503
msgid "OpenSSH Website"
8504
msgstr ""
8505
8506
#: serverguide/C/remote-administration.xml:208(ulink)
8507
msgid "Advanced OpenSSH Wiki Page"
8508
msgstr ""
8509
8510
#: serverguide/C/remote-administration.xml:213(title)
8511
msgid "eBox"
8512
msgstr ""
8513
8514
#: serverguide/C/remote-administration.xml:214(para)
8515
msgid ""
8516
"<application>eBox</application> is a web framework used to manage server "
8517
"application configuration. The modular design of eBox allows you to pick and "
8518
"choose which services you want to configure using eBox."
8519
msgstr ""
8520
8521
#: serverguide/C/remote-administration.xml:221(para)
8522
msgid ""
8523
"The different <application>eBox</application> modules are split into "
8524
"different packages, allowing you to only install those necessary. One way to "
8525
"view the available packages is to enter the following from a terminal:"
8526
msgstr ""
8527
8528
#: serverguide/C/remote-administration.xml:227(command)
8529
msgid "apt-cache rdepends ebox | uniq"
8530
msgstr ""
8531
8532
#: serverguide/C/remote-administration.xml:229(para)
8533
msgid ""
8534
"To install the <application>ebox</application> package, which contains the "
8535
"default modules, enter the following:"
8536
msgstr ""
8537
8538
#: serverguide/C/remote-administration.xml:234(command)
8539
msgid "sudo apt-get install ebox"
8540
msgstr ""
8541
8542
#: serverguide/C/remote-administration.xml:237(para)
8543
msgid ""
8544
"During the installation you will be asked to supply a password for the ebox "
8545
"user. After installing eBox the web interface can be accessed from: "
8546
"<emphasis>https://yourserver/ebox</emphasis>."
8547
msgstr ""
8548
8549
#: serverguide/C/remote-administration.xml:246(para)
8550
msgid ""
8551
"An important thing to remember when using <application>eBox</application> is "
8552
"that when configuring most modules there is a <emphasis>Change</emphasis> "
8553
"button that implements the new configuration. After clicking the Change "
8554
"button most, but not all, modules will then need to be "
8555
"<emphasis>Saved</emphasis>. To save the new configuration click on the "
8556
"<quote>Save changes</quote> link in the top right hand corner."
8557
msgstr ""
8558
8559
#: serverguide/C/remote-administration.xml:254(para)
8560
msgid ""
8561
"Once you make a change that requires a Save, the link will change from green "
8562
"to red."
8563
msgstr ""
8564
8565
#: serverguide/C/remote-administration.xml:260(title)
8566
msgid "eBox Modules"
8567
msgstr ""
8568
8569
#: serverguide/C/remote-administration.xml:261(para)
8570
msgid ""
8571
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
8572
"new module is installed it will not be automatically enabled."
8573
msgstr ""
8574
8575
#: serverguide/C/remote-administration.xml:265(para)
8576
msgid ""
8577
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
8578
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
8579
"which modules you would like to enable and click the <quote>Save</quote> "
8580
"link."
8581
msgstr ""
8582
8583
#: serverguide/C/remote-administration.xml:271(title)
8584
msgid "Default Modules"
8585
msgstr ""
8586
8587
#: serverguide/C/remote-administration.xml:272(para)
8588
msgid ""
8589
"This section provides a quick summary of the default "
8590
"<application>eBox</application> modules."
8591
msgstr ""
8592
8593
#: serverguide/C/remote-administration.xml:278(para)
8594
msgid ""
8595
"<emphasis>System:</emphasis> contains options allowing configuration of "
8596
"general eBox items."
8597
msgstr ""
8598
8599
#: serverguide/C/remote-administration.xml:284(para)
8600
msgid ""
8601
"<emphasis>General:</emphasis> allows you to set the language, port number, "
8602
"and contains a change password form."
8603
msgstr ""
8604
8605
#: serverguide/C/remote-administration.xml:290(para)
8606
msgid ""
8607
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
8608
"about disk usage."
8609
msgstr ""
8610
8611
#: serverguide/C/remote-administration.xml:296(para)
8612
msgid ""
8613
"<emphasis>Backup:</emphasis> is used to backup "
8614
"<application>eBox</application> configuration information, and the "
8615
"<emphasis>Full Backup</emphasis> option allows you to save all eBox "
8616
"information not included in the <emphasis>Configuration</emphasis> option "
8617
"such as log files."
8618
msgstr ""
8619
8620
#: serverguide/C/remote-administration.xml:304(para)
8621
msgid ""
8622
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
8623
msgstr ""
8624
8625
#: serverguide/C/remote-administration.xml:309(para)
8626
msgid ""
8627
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
8628
"when reporting bugs to the eBox developers."
8629
msgstr ""
8630
8631
#: serverguide/C/remote-administration.xml:317(para)
8632
msgid ""
8633
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
8634
"queried depending on the purge time configured."
8635
msgstr ""
8636
8637
#: serverguide/C/remote-administration.xml:323(para)
8638
msgid ""
8639
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
8640
"through rss, jabber, and log file."
8641
msgstr ""
8642
8643
#: serverguide/C/remote-administration.xml:330(emphasis)
8644
msgid "Available Events:"
8645
msgstr ""
8646
8647
#: serverguide/C/remote-administration.xml:334(para)
8648
msgid ""
8649
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
8650
"drops below a configured percentage, 10% by default."
8651
msgstr ""
8652
8653
#: serverguide/C/remote-administration.xml:340(para)
8654
msgid ""
8655
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
8656
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
8657
msgstr ""
8658
8659
#: serverguide/C/remote-administration.xml:346(para)
8660
msgid ""
8661
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
8662
"any issues arise."
8663
msgstr ""
8664
8665
#: serverguide/C/remote-administration.xml:352(para)
8666
msgid ""
8667
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
8668
"times in a short time period."
8669
msgstr ""
8670
8671
#: serverguide/C/remote-administration.xml:358(para)
8672
msgid ""
8673
"<emphasis>State:</emphasis> alerts on the state of "
8674
"<application>eBox</application>, either up or down."
8675
msgstr ""
8676
8677
#: serverguide/C/remote-administration.xml:367(emphasis)
8678
msgid "Dispatchers:"
8679
msgstr ""
8680
8681
#: serverguide/C/remote-administration.xml:371(para)
8682
msgid ""
8683
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
8684
"<application>eBox</application> log file "
8685
"<filename>/var/log/ebox/ebox.log</filename>."
8686
msgstr ""
8687
8688
#: serverguide/C/remote-administration.xml:378(para)
8689
msgid ""
8690
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
8691
"configure it by clicking on the <quote>Configure</quote> icon."
8692
msgstr ""
8693
8694
#: serverguide/C/remote-administration.xml:384(para)
8695
msgid ""
8696
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
8697
"subscribe to the link in order to view event alerts."
8698
msgstr ""
8699
8700
#: serverguide/C/remote-administration.xml:397(title)
8701
msgid "Additional Modules"
8702
msgstr ""
8703
8704
#: serverguide/C/remote-administration.xml:398(para)
8705
msgid ""
8706
"Here is a quick description of other available "
8707
"<application>eBox</application> modules:"
8708
msgstr ""
8709
8710
#: serverguide/C/remote-administration.xml:403(para)
8711
msgid ""
8712
"<emphasis>Network:</emphasis> allows configuration of the server's network "
8713
"options through eBox."
8714
msgstr ""
8715
8716
#: serverguide/C/remote-administration.xml:409(para)
8717
msgid ""
8718
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
8719
msgstr ""
8720
8721
#: serverguide/C/remote-administration.xml:414(para)
8722
msgid ""
8723
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
8724
"groups contained in an <application>OpenLDAP</application> LDAP directory."
8725
msgstr ""
8726
8727
#: serverguide/C/remote-administration.xml:420(para)
8728
msgid ""
8729
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
8730
"server."
8731
msgstr ""
8732
8733
#: serverguide/C/remote-administration.xml:425(para)
8734
msgid ""
8735
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
8736
"server configuration options."
8737
msgstr ""
8738
8739
#: serverguide/C/remote-administration.xml:431(para)
8740
msgid ""
8741
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
8742
"Objects</emphasis>, which allow you to assign a name to an IP address or "
8743
"group of IPs."
8744
msgstr ""
8745
8746
#: serverguide/C/remote-administration.xml:438(para)
8747
msgid ""
8748
"<emphasis>Services:</emphasis> displays configuration information for "
8749
"services that are available to the network."
8750
msgstr ""
8751
8752
#: serverguide/C/remote-administration.xml:444(para)
8753
msgid ""
8754
"<emphasis>Squid:</emphasis> configuration options for the "
8755
"<application>Squid</application> proxy server."
8756
msgstr ""
8757
8758
#: serverguide/C/remote-administration.xml:450(para)
8759
msgid ""
8760
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
8761
msgstr ""
8762
8763
#: serverguide/C/remote-administration.xml:455(para)
8764
msgid "<emphasis>NTP:</emphasis> set Network Time Protocol options."
8765
msgstr ""
8766
8767
#: serverguide/C/remote-administration.xml:460(para)
8768
msgid "<emphasis>Printers:</emphasis> allows the configuration of printers."
8769
msgstr ""
8770
8771
#: serverguide/C/remote-administration.xml:465(para)
8772
msgid "<emphasis>Samba:</emphasis> configuration options for Samba."
8773
msgstr ""
8774
8775
#: serverguide/C/remote-administration.xml:470(para)
8776
msgid ""
8777
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
8778
"Network application."
8779
msgstr ""
8780
8781
#: serverguide/C/remote-administration.xml:481(para)
8782
msgid ""
8783
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
8784
"Home Page</ulink>."
8785
msgstr ""
8786
8787
#: serverguide/C/package-management.xml:13(title)
8788
msgid "Package Management"
8789
msgstr "Paketų Tvarkymas"
8790
8791
#: serverguide/C/package-management.xml:14(para)
8792
msgid ""
8793
"Ubuntu features a comprehensive package management system for the "
8794
"installation, upgrade, configuration, and removal of software. In addition "
8795
"to providing access to an organized base of over 24,000 software packages "
8796
"for your Ubuntu computer, the package management facilities also feature "
8797
"dependency resolution capabilities and software update checking."
8798
msgstr ""
8799
8800
#: serverguide/C/package-management.xml:16(para)
8801
msgid ""
8802
"Several tools are available for interacting with Ubuntu's package management "
8803
"system, from simple command-line utilities which may be easily automated by "
8804
"system administrators, to a simple graphical interface which is easy to use "
8805
"by those new to Ubuntu."
8806
msgstr ""
8807
8808
#: serverguide/C/package-management.xml:21(para)
8809
msgid ""
8810
"Ubuntu's package management system is derived from the same system used by "
8811
"the Debian GNU/Linux distribution. The package files contain all of the "
8812
"necessary files, meta-data, and instructions to implement a particular "
8813
"functionality or software application on your Ubuntu computer."
8814
msgstr ""
8815
8816
#: serverguide/C/package-management.xml:24(para)
8817
msgid ""
8818
"Debian package files typically have the extension '.deb', and typically "
8819
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
8820
"collections of packages found on various media, such as CD-ROM discs, or "
8821
"online. Packages are normally of the pre-compiled binary format; thus "
8822
"installation is quick and requires no compiling of software."
8823
msgstr ""
8824
8825
#: serverguide/C/package-management.xml:27(para)
8826
msgid ""
8827
"Many complex packages use the concept of <emphasis "
8828
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
8829
"packages required by the principal package in order to function properly. "
8830
"For example, the speech synthesis package "
8831
"<application>Festival</application> depends upon the package "
8832
"<application>libasound2</application>, which is a package supplying the "
8833
"<application>ALSA</application> sound library needed for audio playback. In "
8834
"order for <application>Festival</application> to function, it and all of its "
8835
"dependencies must be installed. The software management tools in Ubuntu will "
8836
"do this automatically."
8837
msgstr ""
8838
8839
#: serverguide/C/package-management.xml:32(title)
8840
msgid "dpkg"
8841
msgstr ""
8842
8843
#: serverguide/C/package-management.xml:34(para)
8844
msgid ""
8845
"<application>dpkg</application> is a package manager for "
8846
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
8847
"packages, but unlike other package management system's it can not "
8848
"automatically download and install packages and their dependencies. This "
8849
"section covers using <application>dpkg</application> to manage locally "
8850
"installed packages:"
8851
msgstr ""
8852
8853
#: serverguide/C/package-management.xml:43(para)
8854
msgid ""
8855
"To list all packages installed on the system, from a terminal prompt enter:"
8856
msgstr ""
8857
8858
#: serverguide/C/package-management.xml:48(command)
8859
msgid "dpkg -l"
8860
msgstr ""
8861
8862
#: serverguide/C/package-management.xml:54(para)
8863
msgid ""
8864
"Depending on the amount of packages on your system, this can generate a "
8865
"large amount of output. Pipe the output through "
8866
"<application>grep</application> to see if a specific package is installed:"
8867
msgstr ""
8868
8869
#: serverguide/C/package-management.xml:60(command)
8870
msgid "dpkg -l | grep apache2"
8871
msgstr ""
8872
8873
#: serverguide/C/package-management.xml:63(para)
8874
msgid ""
8875
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
8876
"package name, or other regular expression."
8877
msgstr ""
8878
8879
#: serverguide/C/package-management.xml:70(para)
8880
msgid ""
8881
"To list the files installed by a package, in this case the "
8882
"<application>ufw</application> package, enter:"
8883
msgstr ""
8884
8885
#: serverguide/C/package-management.xml:75(command)
8886
msgid "dpkg -L ufw"
8887
msgstr ""
8888
8889
#: serverguide/C/package-management.xml:81(para)
8890
msgid ""
8891
"If you are not sure which package installed a file, <application>dpkg -"
8892
"S</application> may be able to tell you. For example:"
8893
msgstr ""
8894
8895
#: serverguide/C/package-management.xml:87(command)
8896
msgid "dpkg -S /etc/host.conf"
8897
msgstr ""
8898
8899
#: serverguide/C/package-management.xml:88(computeroutput)
8900
#, no-wrap
8901
msgid "base-files: /etc/host.conf"
8902
msgstr ""
8903
8904
#: serverguide/C/package-management.xml:91(para)
8905
msgid ""
8906
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
8907
"<application>base-files</application> package."
8908
msgstr ""
8909
8910
#: serverguide/C/package-management.xml:96(para)
8911
msgid ""
8912
"Many files are automatically generated during the package install process, "
8913
"and even though they are on the filesystem <command>dpkg -S</command> may "
8914
"not know which package they belong to."
8915
msgstr ""
8916
8917
#: serverguide/C/package-management.xml:105(para)
8918
msgid "You can install a local <emphasis>.deb</emphasis> file by entering:"
8919
msgstr ""
8920
8921
#: serverguide/C/package-management.xml:110(command)
8922
msgid "sudo dpkg -i zip_2.32-1_i386.deb"
8923
msgstr ""
8924
8925
#: serverguide/C/package-management.xml:113(para)
8926
msgid ""
8927
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
8928
"the local .deb file."
8929
msgstr ""
8930
8931
#: serverguide/C/package-management.xml:120(para)
8932
msgid "Uninstalling a package can be accomplished by:"
8933
msgstr ""
8934
8935
#: serverguide/C/package-management.xml:125(command)
8936
msgid "sudo dpkg -r zip"
8937
msgstr ""
8938
8939
#: serverguide/C/package-management.xml:129(para)
8940
msgid ""
8941
"Uninstalling packages using <application>dpkg</application>, in most cases, "
8942
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
8943
"manager that handles dependencies, to ensure that the system is in a "
8944
"consistent state. For example using <command>dpkg -r</command> you can "
8945
"remove the <application>zip</application> package, but any packages that "
8946
"depend on it will still be installed and may no longer function correctly."
8947
msgstr ""
8948
8949
#: serverguide/C/package-management.xml:140(para)
8950
msgid ""
8951
"For more <application>dpkg</application> options see the man page: "
8952
"<command>man dpkg</command>."
8953
msgstr ""
8954
8955
#: serverguide/C/package-management.xml:146(title)
8956
msgid "Apt-Get"
8957
msgstr ""
8958
8959
#: serverguide/C/package-management.xml:147(para)
8960
msgid ""
8961
"The <application>apt-get</application> command is a powerful command-line "
8962
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
8963
"(APT) performing such functions as installation of new software packages, "
8964
"upgrade of existing software packages, updating of the package list index, "
8965
"and even upgrading the entire Ubuntu system."
8966
msgstr ""
8967
8968
#: serverguide/C/package-management.xml:150(para)
8969
msgid ""
8970
"Being a simple command-line tool, <application>apt-get</application> has "
8971
"numerous advantages over other package management tools available in Ubuntu "
8972
"for server administrators. Some of these advantages include ease of use over "
8973
"simple terminal connections (SSH) and the ability to be used in system "
8974
"administration scripts, which can in turn be automated by the "
8975
"<application>cron</application> scheduling utility."
8976
msgstr ""
8977
8978
#: serverguide/C/package-management.xml:157(para)
8979
msgid ""
8980
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
8981
"packages using the <application>apt-get</application> tool is quite simple. "
8982
"For example, to install the network scanner <emphasis "
8983
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
8984
"<command>sudo apt-get install nmap</command>\n"
8985
"</screen>"
8986
msgstr ""
8987
8988
#: serverguide/C/package-management.xml:165(para)
8989
msgid ""
8990
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
8991
"packages is also a straightforward and simple process. To remove the nmap "
8992
"package installed in the previous example, type the following: <screen>\n"
8993
"<command>sudo apt-get remove nmap</command>\n"
8994
"</screen>"
8995
msgstr ""
8996
8997
#: serverguide/C/package-management.xml:172(para)
8998
msgid ""
8999
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
9000
"multiple packages to be installed or removed, separated by spaces."
9001
msgstr ""
9002
9003
#: serverguide/C/package-management.xml:175(para)
9004
msgid ""
9005
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
9006
"remove</command> will remove the package configuration files as well. This "
9007
"may or may not be the desired effect so use with caution."
9008
msgstr ""
9009
9010
#: serverguide/C/package-management.xml:181(para)
9011
msgid ""
9012
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
9013
"index is essentially a database of available packages from the repositories "
9014
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
9015
"the local package index with the latest changes made in repositories, type "
9016
"the following: <screen>\n"
9017
"<command>sudo apt-get update</command>\n"
9018
"</screen>"
9019
msgstr ""
9020
9021
#: serverguide/C/package-management.xml:189(para)
9022
msgid ""
9023
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
9024
"versions of packages currently installed on your computer may become "
9025
"available from the package repositories (for example security updates). To "
9026
"upgrade your system, first update your package index as outlined above, and "
9027
"then type: <screen>\n"
9028
"<command>sudo apt-get upgrade</command>\n"
9029
"</screen>"
9030
msgstr ""
9031
9032
#: serverguide/C/package-management.xml:195(para)
9033
msgid ""
9034
"For information on upgrading to a new Ubuntu release see <xref "
9035
"linkend=\"installing-upgrading\"/>."
9036
msgstr ""
9037
9038
#: serverguide/C/package-management.xml:153(para)
9039
msgid ""
9040
"Some examples of popular uses for the <application>apt-get</application> "
9041
"utility: <placeholder-1/>"
9042
msgstr ""
9043
9044
#: serverguide/C/package-management.xml:201(para)
9045
msgid ""
9046
"Actions of the <application>apt-get</application> command, such as "
9047
"installation and removal of packages, are logged in the /var/log/dpkg.log "
9048
"log file."
9049
msgstr ""
9050
9051
#: serverguide/C/package-management.xml:204(para)
9052
msgid ""
9053
"For further information about the use of <application>APT</application>, "
9054
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
9055
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
9056
"help</screen>"
9057
msgstr ""
9058
9059
#: serverguide/C/package-management.xml:208(title)
9060
msgid "Aptitude"
9061
msgstr ""
9062
9063
#: serverguide/C/package-management.xml:209(para)
9064
msgid ""
9065
"<application>Aptitude</application> is a menu-driven, text-based front-end "
9066
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
9067
"the common package management functions, such as installation, removal, and "
9068
"upgrade, are performed in <application>Aptitude</application> with single-"
9069
"key commands, which are typically lowercase letters."
9070
msgstr ""
9071
9072
#: serverguide/C/package-management.xml:212(para)
9073
msgid ""
9074
"<application>Aptitude</application> is best suited for use in a non-"
9075
"graphical terminal environment to ensure proper functioning of the command "
9076
"keys. You may start <application>Aptitude</application> as a normal user "
9077
"with the following command at a terminal prompt: <screen>\n"
9078
"<command>sudo aptitude</command>\n"
9079
"</screen>"
9080
msgstr ""
9081
9082
#: serverguide/C/package-management.xml:219(para)
9083
msgid ""
9084
"When <application>Aptitude</application> starts, you will see a menu bar at "
9085
"the top of the screen and two panes below the menu bar. The top pane "
9086
"contains package categories, such as <emphasis role=\"italics\">New "
9087
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
9088
"Packages</emphasis>. The bottom pane contains information related to the "
9089
"packages and package categories."
9090
msgstr ""
9091
9092
#: serverguide/C/package-management.xml:222(para)
9093
msgid ""
9094
"Using <application>Aptitude</application> for package management is "
9095
"relatively straightforward, and the user interface makes common tasks simple "
9096
"to perform. The following are examples of common package management "
9097
"functions as performed in <application>Aptitude</application>:"
9098
msgstr ""
9099
9100
#: serverguide/C/package-management.xml:226(para)
9101
msgid ""
9102
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
9103
"locate the package via the Not Installed Packages package category, for "
9104
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
9105
"key, and highlight the package you wish to install. After highlighting the "
9106
"package you wish to install, press the <keycap>+</keycap> key, and the "
9107
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
9108
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
9109
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
9110
"again, and you will be prompted to become root to complete the installation. "
9111
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
9112
"your user password to become root. Finally, press <keycap>g</keycap> once "
9113
"more and you'll be prompted to download the package. Press "
9114
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
9115
"prompt, and downloading and installation of the package will commence."
9116
msgstr ""
9117
9118
#: serverguide/C/package-management.xml:230(para)
9119
msgid ""
9120
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
9121
"locate the package via the Installed Packages package category, for example, "
9122
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
9123
"highlight the package you wish to remove. After highlighting the package you "
9124
"wish to install, press the <keycap>-</keycap> key, and the package entry "
9125
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
9126
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
9127
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
9128
"prompted to become root to complete the installation. Press "
9129
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
9130
"user password to become root. Finally, press <keycap>g</keycap> once more, "
9131
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
9132
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
9133
"the package will commence."
9134
msgstr ""
9135
9136
#: serverguide/C/package-management.xml:234(para)
9137
msgid ""
9138
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
9139
"package index, simply press the <keycap>u</keycap> key and you will be "
9140
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
9141
"which will result in a Password: prompt. Enter your user password to become "
9142
"root. Updating of the package index will commence. Press "
9143
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
9144
"presented to complete the process."
9145
msgstr ""
9146
9147
#: serverguide/C/package-management.xml:238(para)
9148
msgid ""
9149
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
9150
"perform the update of the package index as detailed above, and then press "
9151
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
9152
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
9153
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
9154
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
9155
"result in a Password: prompt. Enter your user password to become root. "
9156
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
9157
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
9158
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
9159
"will commence."
9160
msgstr ""
9161
9162
#: serverguide/C/package-management.xml:245(para)
9163
msgid "<emphasis role=\"bold\">i</emphasis>: Installed package"
9164
msgstr ""
9165
9166
#: serverguide/C/package-management.xml:250(para)
9167
msgid ""
9168
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
9169
"configuration remains on system"
9170
msgstr ""
9171
9172
#: serverguide/C/package-management.xml:254(para)
9173
msgid "<emphasis role=\"bold\">p</emphasis>: Purged from system"
9174
msgstr ""
9175
9176
#: serverguide/C/package-management.xml:258(para)
9177
msgid "<emphasis role=\"bold\">v</emphasis>: Virtual package"
9178
msgstr ""
9179
9180
#: serverguide/C/package-management.xml:262(para)
9181
msgid "<emphasis role=\"bold\">B</emphasis>: Broken package"
9182
msgstr ""
9183
9184
#: serverguide/C/package-management.xml:266(para)
9185
msgid ""
9186
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
9187
"configured"
9188
msgstr ""
9189
9190
#: serverguide/C/package-management.xml:270(para)
9191
msgid ""
9192
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
9193
"and requires fix"
9194
msgstr ""
9195
9196
#: serverguide/C/package-management.xml:274(para)
9197
msgid ""
9198
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
9199
"requires fix"
9200
msgstr ""
9201
9202
#: serverguide/C/package-management.xml:242(para)
9203
msgid ""
9204
"The first column of information displayed in the package list in the top "
9205
"pane, when actually viewing packages lists the current state of the package, "
9206
"and uses the following key to describe the state of the package: "
9207
"<placeholder-1/>"
9208
msgstr ""
9209
9210
#: serverguide/C/package-management.xml:280(para)
9211
msgid ""
9212
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
9213
"wish to exit. Many other functions are available from the Aptitude menu by "
9214
"pressing the <keycap>F10</keycap> key."
9215
msgstr ""
9216
9217
#: serverguide/C/package-management.xml:285(title)
9218
msgid "Automatic Updates"
9219
msgstr ""
9220
9221
#: serverguide/C/package-management.xml:287(para)
9222
msgid ""
9223
"The <application>unattended-upgrades</application> package can be used to "
9224
"automatically install updated packages, and can be configured to update all "
9225
"packages or just install security updates. First, install the package by "
9226
"entering the following in a terminal:"
9227
msgstr ""
9228
9229
#: serverguide/C/package-management.xml:293(command)
9230
msgid "sudo apt-get install unattended-upgrades"
9231
msgstr ""
9232
9233
#: serverguide/C/package-management.xml:296(para)
9234
msgid ""
9235
"To configure <application>unattended-upgrades</application>, edit "
9236
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
9237
"the following to fit your needs:"
9238
msgstr ""
9239
9240
#: serverguide/C/package-management.xml:301(programlisting)
9241
#, no-wrap
9242
msgid ""
9243
"\n"
9244
"Unattended-Upgrade::Allowed-Origins {\n"
9245
" \"Ubuntu jaunty-security\";\n"
9246
"// \"Ubuntu jaunty-updates\";\n"
9247
"};\n"
9248
msgstr ""
9249
9250
#: serverguide/C/package-management.xml:308(para)
9251
msgid ""
9252
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
9253
"will not be automatically updated. To blacklist a package, add it to the "
9254
"list:"
9255
msgstr ""
9256
9257
#: serverguide/C/package-management.xml:313(programlisting)
9258
#, no-wrap
9259
msgid ""
9260
"\n"
9261
"Unattended-Upgrade::Package-Blacklist {\n"
9262
"// \"vim\";\n"
9263
"// \"libc6\";\n"
9264
"// \"libc6-dev\";\n"
9265
"// \"libc6-i686\";\n"
9266
"};\n"
9267
msgstr ""
9268
9269
#: serverguide/C/package-management.xml:323(para)
9270
msgid ""
9271
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
9272
"whatever follows \"//\" will not be evaluated."
9273
msgstr ""
9274
9275
#: serverguide/C/package-management.xml:328(para)
9276
msgid ""
9277
"The results of <application>unattended-upgrades</application> will be logged "
9278
"to <filename>/var/log/unattended-upgrades</filename>."
9279
msgstr ""
9280
9281
#: serverguide/C/package-management.xml:333(title)
9282
msgid "Notifications"
9283
msgstr ""
9284
9285
#: serverguide/C/package-management.xml:335(para)
9286
msgid ""
9287
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
9288
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
9289
"<application>unattended-upgrades</application> to email an administrator "
9290
"detailing any packages that need upgrading or have problems."
9291
msgstr ""
9292
9293
#: serverguide/C/package-management.xml:340(para)
9294
msgid ""
9295
"Another useful package is <application>apticron</application>. "
9296
"<application>apticron</application> will configure a "
9297
"<application>cron</application> job to email an administrator information "
9298
"about any packages on the system that need updated as well as a summary of "
9299
"changes in each package."
9300
msgstr ""
9301
9302
#: serverguide/C/package-management.xml:346(para)
9303
msgid ""
9304
"To install the <application>apticron</application> package, in a terminal "
9305
"enter:"
9306
msgstr ""
9307
9308
#: serverguide/C/package-management.xml:351(command)
9309
msgid "sudo apt-get install apticron"
9310
msgstr ""
9311
9312
#: serverguide/C/package-management.xml:354(para)
9313
msgid ""
9314
"Once the package is installed edit "
9315
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
9316
"and other options:"
9317
msgstr ""
9318
9319
#: serverguide/C/package-management.xml:358(programlisting)
9320
#, no-wrap
9321
msgid ""
9322
"\n"
9323
"EMAIL=\"root@example.com\"\n"
9324
msgstr ""
9325
9326
#: serverguide/C/package-management.xml:367(para)
9327
msgid ""
9328
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
9329
"system repositories is stored in the /etc/apt/sources.list configuration "
9330
"file. An example of this file is referenced here, along with information on "
9331
"adding or removing repository references from the file."
9332
msgstr ""
9333
9334
#: serverguide/C/package-management.xml:373(para)
9335
msgid ""
9336
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
9337
"typical <filename>/etc/apt/sources.list</filename> file."
9338
msgstr ""
9339
9340
#: serverguide/C/package-management.xml:377(para)
9341
msgid ""
9342
"You may edit the file to enable repositories or disable them. For example, "
9343
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
9344
"operations occur, simply comment out the appropriate line for the CD-ROM, "
9345
"which appears at the top of the file:"
9346
msgstr ""
9347
9348
#: serverguide/C/package-management.xml:382(screen)
9349
#, no-wrap
9350
msgid ""
9351
"\n"
9352
"# no more prompting for CD-ROM please\n"
9353
"# deb cdrom:[Ubuntu 9.04_Jaunty_Jackalope - Release i386 (20070419.1)]/ "
9354
"jaunty main restricted\n"
9355
msgstr ""
9356
9357
#: serverguide/C/package-management.xml:388(title)
9358
msgid "Extra Repositories"
9359
msgstr ""
9360
9361
#: serverguide/C/package-management.xml:389(para)
9362
msgid ""
9363
"In addition to the officially supported package repositories available for "
9364
"Ubuntu, there exist additional community-maintained repositories which add "
9365
"thousands more potential packages for installation. Two of the most popular "
9366
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
9367
"repositories. These repositories are not officially supported by Ubuntu, but "
9368
"because they are maintained by the community they generally provide packages "
9369
"which are safe for use with your Ubuntu computer."
9370
msgstr ""
9371
9372
#: serverguide/C/package-management.xml:392(para)
9373
msgid ""
9374
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
9375
"licensing issues that prevent them from being distributed with a free "
9376
"operating system, and they may be illegal in your locality."
9377
msgstr ""
9378
9379
#: serverguide/C/package-management.xml:394(para)
9380
msgid ""
9381
"Be advised that neither the <emphasis>Universe</emphasis> or "
9382
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
9383
"packages. In particular, there may not be security updates for these "
9384
"packages."
9385
msgstr ""
9386
9387
#: serverguide/C/package-management.xml:398(para)
9388
msgid ""
9389
"Many other package sources are available, sometimes even offering only one "
9390
"package, as in the case of package sources provided by the developer of a "
9391
"single application. You should always be very careful and cautious when "
9392
"using non-standard package sources, however. Research the source and "
9393
"packages carefully before performing any installation, as some package "
9394
"sources and their packages could render your system unstable or non-"
9395
"functional in some respects."
9396
msgstr ""
9397
9398
#: serverguide/C/package-management.xml:401(para)
9399
msgid ""
9400
"By default, the <emphasis>Universe</emphasis> and "
9401
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
9402
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
9403
"comment the following lines:"
9404
msgstr ""
9405
9406
#: serverguide/C/package-management.xml:408(programlisting)
9407
#, no-wrap
9408
msgid ""
9409
"\n"
9410
"deb http://archive.ubuntu.com/ubuntu jaunty universe multiverse\n"
9411
"deb-src http://archive.ubuntu.com/ubuntu jaunty universe multiverse\n"
9412
"\n"
9413
"deb http://us.archive.ubuntu.com/ubuntu/ jaunty universe\n"
9414
"deb-src http://us.archive.ubuntu.com/ubuntu/ jaunty universe\n"
9415
"deb http://us.archive.ubuntu.com/ubuntu/ jaunty-updates universe\n"
9416
"deb-src http://us.archive.ubuntu.com/ubuntu/ jaunty-updates universe\n"
9417
"\n"
9418
"deb http://us.archive.ubuntu.com/ubuntu/ jaunty multiverse\n"
9419
"deb-src http://us.archive.ubuntu.com/ubuntu/ jaunty multiverse\n"
9420
"deb http://us.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse\n"
9421
"deb-src http://us.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse\n"
9422
"\n"
9423
"deb http://security.ubuntu.com/ubuntu jaunty-security universe\n"
9424
"deb-src http://security.ubuntu.com/ubuntu jaunty-security universe\n"
9425
"deb http://security.ubuntu.com/ubuntu jaunty-security multiverse\n"
9426
"deb-src http://security.ubuntu.com/ubuntu jaunty-security multiverse\n"
9427
msgstr ""
9428
9429
#: serverguide/C/package-management.xml:434(para)
9430
msgid ""
9431
"Most of the material covered in this chapter is available in "
9432
"<application>man</application> pages, many of which are available online."
9433
msgstr ""
9434
9435
#: serverguide/C/package-management.xml:441(para)
9436
msgid ""
9437
"For more <application>dpkg</application> details see the <ulink "
9438
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/dpkg.1.html\">dpkg "
9439
"man page</ulink>."
9440
msgstr ""
9441
9442
#: serverguide/C/package-management.xml:447(para)
9443
msgid ""
9444
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
9445
"HOWTO</ulink> and <ulink "
9446
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/apt-"
9447
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
9448
"<application>apt-get</application> usage."
9449
msgstr ""
9450
9451
#: serverguide/C/package-management.xml:454(para)
9452
msgid ""
9453
"See the <ulink "
9454
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man8/aptitude.8.html\">aptit"
9455
"ude man page</ulink> for more <application>aptitude</application> options."
9456
msgstr ""
9457
9458
#: serverguide/C/package-management.xml:460(para)
9459
msgid ""
9460
"The <ulink "
9461
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
9462
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
9463
"adding repositories."
9464
msgstr ""
9465
9466
#: serverguide/C/other-apps.xml:13(title)
9467
msgid "Other Useful Applications"
9468
msgstr ""
9469
9470
#: serverguide/C/other-apps.xml:15(para)
9471
msgid ""
9472
"There are many very useful applications developed by the Ubuntu Server Team, "
9473
"and others that are well integrated with Ubuntu Server Edition, that might "
9474
"not be well known. This chapter will showcase some useful applications that "
9475
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
9476
"easier."
9477
msgstr ""
9478
9479
#: serverguide/C/other-apps.xml:23(title)
9480
msgid "Update MOTD"
9481
msgstr ""
9482
9483
#: serverguide/C/other-apps.xml:25(para)
9484
msgid ""
9485
"When logging into an Ubuntu server you may have noticed the informative "
9486
"Message Of The Day (MOTD). This information is obtained and displayed using "
9487
"a couple of packages:"
9488
msgstr ""
9489
9490
#: serverguide/C/other-apps.xml:32(para)
9491
msgid ""
9492
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
9493
"<application>landscape-client</application>, which can be used to manage "
9494
"systems using the web based <emphasis>Landscape</emphasis> application. The "
9495
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
9496
"utility which is used to gather the information displayed in the MOTD."
9497
msgstr ""
9498
9499
#: serverguide/C/other-apps.xml:40(para)
9500
msgid ""
9501
"<emphasis>update-motd:</emphasis> is used to automatically update the MOTD "
9502
"via <application>cron</application>."
9503
msgstr ""
9504
9505
#: serverguide/C/other-apps.xml:46(para)
9506
msgid ""
9507
"The <application>update-motd</application> utility has several options to "
9508
"further customize the MOTD:"
9509
msgstr ""
9510
9511
#: serverguide/C/other-apps.xml:52(para)
9512
msgid ""
9513
"<emphasis>--disable:</emphasis> prevents automatic updates of the MOTD. "
9514
"Using this option creates the <filename>/var/lib/update-"
9515
"motd/disabled</filename> file, which if present stops <application>update-"
9516
"motd</application> from modifying <filename>/etc/motd</filename>."
9517
msgstr ""
9518
9519
#: serverguide/C/other-apps.xml:59(para)
9520
msgid ""
9521
"<emphasis>--enable:</emphasis> enables the automatic MOTD updates. If "
9522
"<filename>/var/lib/update-motd</filename> is present it will be removed."
9523
msgstr ""
9524
9525
#: serverguide/C/other-apps.xml:65(para)
9526
msgid ""
9527
"<emphasis>--force:</emphasis> does a one time update of "
9528
"<filename>/etc/motd</filename>, overriding <application>update-"
9529
"motd</application> if it has been disabled."
9530
msgstr ""
9531
9532
#: serverguide/C/other-apps.xml:71(para)
9533
msgid ""
9534
"<emphasis>d, hourly, weekly, monthly:</emphasis> option will run the scripts "
9535
"in <filename>/etc/update-motd.d/</filename> (default), <filename>/etc/update-"
9536
"motd.d/hourly</filename>, <filename>/etc/update-motd.d/weekly</filename>, or "
9537
"<filename>/etc/update-motd.d/monthly</filename> respectively."
9538
msgstr ""
9539
9540
#: serverguide/C/other-apps.xml:79(para)
9541
msgid ""
9542
"<application>update-motd</application> executes the scripts in "
9543
"<filename>/etc/update-motd.d</filename> in order based on the number "
9544
"prepended to the script. Separate <application>cron</application> scripts "
9545
"execute every ten minutes, hourly, weekly, and monthly running the "
9546
"corresponding scripts in <filename>/etc/update-motd.d</filename>. The output "
9547
"of the scripts is written to <filename>/var/run/update-motd/</filename>, "
9548
"keeping the numerical order, then concatenated with "
9549
"<filename>/etc/motd.tail</filename> and written to "
9550
"<filename>/etc/motd</filename>."
9551
msgstr ""
9552
9553
#: serverguide/C/other-apps.xml:87(para)
9554
msgid ""
9555
"You can add your own dynamic information to the MOTD. For example, to add "
9556
"local weather information:"
9557
msgstr ""
9558
9559
#: serverguide/C/other-apps.xml:93(para)
9560
msgid "First, install the <application>weather-util</application> package:"
9561
msgstr ""
9562
9563
#: serverguide/C/other-apps.xml:98(command)
9564
msgid "sudo apt-get install weather-util"
9565
msgstr ""
9566
9567
#: serverguide/C/other-apps.xml:103(para)
9568
msgid ""
9569
"The <application>weather</application> utility uses METAR data from the "
9570
"National Oceanic and Atmospheric Administration and forecasts from the "
9571
"National Weather Service. In order to find local information you will need "
9572
"the 4-character ICAO location indicator. This can be determined by browsing "
9573
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
9574
"Weather Service</ulink> site."
9575
msgstr ""
9576
9577
#: serverguide/C/other-apps.xml:110(para)
9578
msgid ""
9579
"Although the National Weather Service is a United States government agency "
9580
"there are weather stations available world wide. However, local weather "
9581
"information for all locations outside the U.S. may not be available."
9582
msgstr ""
9583
9584
#: serverguide/C/other-apps.xml:116(para)
9585
msgid ""
9586
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
9587
"script to use <application>weather</application> with your local ICAO "
9588
"indicator:"
9589
msgstr ""
9590
9591
#: serverguide/C/other-apps.xml:121(programlisting)
9592
#, no-wrap
9593
msgid ""
9594
"\n"
9595
"#!/bin/sh\n"
9596
"##########################################################################\n"
9597
"#\n"
9598
"# Prints the local weather to /var/run/update-motd/60-local-weather \n"
9599
"# for update-motd.\n"
9600
"#\n"
9601
"##########################################################################\n"
9602
"\n"
9603
"# Replace KINT with your local weather station.\n"
9604
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
9605
"\n"
9606
"echo \"\" > /var/run/update-motd/60-local-weather\n"
9607
"weather -i KINT >> /var/run/update-motd/60-local-weather\n"
9608
"\n"
9609
msgstr ""
9610
9611
#: serverguide/C/other-apps.xml:139(para)
9612
msgid "Make the script executable:"
9613
msgstr ""
9614
9615
#: serverguide/C/other-apps.xml:144(command)
9616
msgid "sudo chmod 755 /usr/local/bin/local-weather"
9617
msgstr ""
9618
9619
#: serverguide/C/other-apps.xml:148(para)
9620
msgid ""
9621
"Next, create a symlink to <filename>/etc/update-motd.d/60-local-"
9622
"weather</filename>:"
9623
msgstr ""
9624
9625
#: serverguide/C/other-apps.xml:153(command)
9626
msgid ""
9627
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
9628
msgstr ""
9629
9630
#: serverguide/C/other-apps.xml:157(para)
9631
msgid "Finally, update the MOTD:"
9632
msgstr ""
9633
9634
#: serverguide/C/other-apps.xml:162(command)
9635
msgid "sudo update-motd"
9636
msgstr ""
9637
9638
#: serverguide/C/other-apps.xml:167(para)
9639
msgid ""
9640
"You should now be greeted with some useful information, and some information "
9641
"about the local weather that may not be quite so useful. Hopefully the "
9642
"<application>local-weather</application> example demonstrates the "
9643
"flexibility of <application>update-motd</application>."
9644
msgstr ""
9645
9646
#: serverguide/C/other-apps.xml:175(title)
9647
msgid "etckeeper"
9648
msgstr ""
9649
9650
#: serverguide/C/other-apps.xml:177(para)
9651
msgid ""
9652
"<application>etckeeper</application> allows the contents of <filename "
9653
"role=\"directory\">/etc</filename> be easily stored in Version Control "
9654
"System (VCS) repository. It hooks into <application>apt</application> to "
9655
"automatically commit changes to <filename>/etc</filename> when packages are "
9656
"installed or upgraded. Placing <filename>/etc</filename> under version "
9657
"control is considered an industry best practice, and the goal of "
9658
"<application>etckeeper</application> is to make this process as painless as "
9659
"possible."
9660
msgstr ""
9661
9662
#: serverguide/C/other-apps.xml:185(para)
9663
msgid ""
9664
"Install <application>etckeeper</application> by entering the following in a "
9665
"terminal:"
9666
msgstr ""
9667
9668
#: serverguide/C/other-apps.xml:190(command)
9669
msgid "sudo apt-get install etckeeper"
9670
msgstr ""
9671
9672
#: serverguide/C/other-apps.xml:193(para)
9673
msgid ""
9674
"The main configuration file, "
9675
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
9676
"main options being which VCS and which package management system to use. By "
9677
"default <application>etckeeper</application> is configured to use "
9678
"<application>bzr</application> for version control, "
9679
"<application>apt</application> for high level package mangement, and "
9680
"<application>dpkg</application> for low level package management."
9681
msgstr ""
9682
9683
#: serverguide/C/other-apps.xml:200(para)
9684
msgid ""
9685
"With the package installed, it is time to initialize the repository. In a "
9686
"terminal enter:"
9687
msgstr ""
9688
9689
#: serverguide/C/other-apps.xml:205(command)
9690
msgid "sudo etckeeper init"
9691
msgstr ""
9692
9693
#: serverguide/C/other-apps.xml:208(para)
9694
msgid "Next, commit the files to the repository:"
9695
msgstr ""
9696
9697
#: serverguide/C/other-apps.xml:213(command)
9698
msgid "sudo etckeeper commit \"initial import\""
9699
msgstr ""
9700
9701
#: serverguide/C/other-apps.xml:216(para)
9702
msgid ""
9703
"Using the VCS commands you can view log information about files in "
9704
"<filename>/etc</filename>:"
9705
msgstr ""
9706
9707
#: serverguide/C/other-apps.xml:221(command)
9708
msgid "sudo bzr log /etc/passswd"
9709
msgstr ""
9710
9711
#: serverguide/C/other-apps.xml:224(para)
9712
msgid ""
9713
"To demonstrate the integration with the package management system, install "
9714
"<application>postfix</application>:"
9715
msgstr ""
9716
9717
#: serverguide/C/other-apps.xml:229(command) serverguide/C/mail.xml:38(command)
9718
msgid "sudo apt-get install postfix"
9719
msgstr ""
9720
9721
#: serverguide/C/other-apps.xml:232(para)
9722
msgid ""
9723
"When the installation is finished, all the "
9724
"<application>postfix</application> configuration files should be committed "
9725
"to the repository:"
9726
msgstr ""
9727
9728
#: serverguide/C/other-apps.xml:238(computeroutput)
9729
#, no-wrap
9730
msgid ""
9731
"Committing to: /etc/\n"
9732
"added aliases.db\n"
9733
"modified group\n"
9734
"modified group-\n"
9735
"modified gshadow\n"
9736
"modified gshadow-\n"
9737
"modified passwd\n"
9738
"modified passwd-\n"
9739
"added postfix\n"
9740
"added resolvconf\n"
9741
"added rsyslog.d\n"
9742
"modified shadow\n"
9743
"modified shadow-\n"
9744
"added init.d/postfix\n"
9745
"added network/if-down.d/postfix\n"
9746
"added network/if-up.d/postfix\n"
9747
"added postfix/dynamicmaps.cf\n"
9748
"added postfix/main.cf\n"
9749
"added postfix/master.cf\n"
9750
"added postfix/post-install\n"
9751
"added postfix/postfix-files\n"
9752
"added postfix/postfix-script\n"
9753
"added postfix/sasl\n"
9754
"added ppp/ip-down.d\n"
9755
"added ppp/ip-down.d/postfix\n"
9756
"added ppp/ip-up.d/postfix\n"
9757
"added rc0.d/K20postfix\n"
9758
"added rc1.d/K20postfix\n"
9759
"added rc2.d/S20postfix\n"
9760
"added rc3.d/S20postfix\n"
9761
"added rc4.d/S20postfix\n"
9762
"added rc5.d/S20postfix\n"
9763
"added rc6.d/K20postfix\n"
9764
"added resolvconf/update-libc.d\n"
9765
"added resolvconf/update-libc.d/postfix\n"
9766
"added rsyslog.d/postfix.conf\n"
9767
"added ufw/applications.d/postfix\n"
9768
"Committed revision 2."
9769
msgstr ""
9770
9771
#: serverguide/C/other-apps.xml:278(para)
9772
msgid ""
9773
"For an example of how <application>etckeeper</application> tracks manual "
9774
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
9775
"<application>bzr</application> you can see which files have been modified:"
9776
msgstr ""
9777
9778
#: serverguide/C/other-apps.xml:284(command)
9779
msgid "sudo bzr status /etc/"
9780
msgstr ""
9781
9782
#: serverguide/C/other-apps.xml:285(computeroutput)
9783
#, no-wrap
9784
msgid ""
9785
"modified:\n"
9786
" hosts"
9787
msgstr ""
9788
9789
#: serverguide/C/other-apps.xml:289(para)
9790
msgid "Now commit the changes:"
9791
msgstr ""
9792
9793
#: serverguide/C/other-apps.xml:294(command)
9794
msgid "sudo etckeeper commit \"new host\""
9795
msgstr ""
9796
9797
#: serverguide/C/other-apps.xml:297(para)
9798
msgid ""
9799
"For more information on <application>bzr</application> see <xref "
9800
"linkend=\"bazaar\"/>."
9801
msgstr ""
9802
9803
#: serverguide/C/other-apps.xml:303(title)
9804
msgid "Screen Profiles"
9805
msgstr ""
9806
9807
#: serverguide/C/other-apps.xml:305(para)
9808
msgid ""
9809
"One of the most useful applications for any system administrator is "
9810
"<application>screen</application>. It allows the execution of multiple "
9811
"shells in one terminal. To make some of the advanced "
9812
"<application>screen</application> features more user friendly, and provide "
9813
"some useful information about the system, the <application>screen-"
9814
"profiles</application> package was created."
9815
msgstr ""
9816
9817
#: serverguide/C/other-apps.xml:312(para)
9818
msgid ""
9819
"When executing <application>screen</application> for the first time you will "
9820
"be presented with the <application>screen-profiles-helper</application> "
9821
"menu. This menu will allow you to:"
9822
msgstr ""
9823
9824
#: serverguide/C/other-apps.xml:318(para)
9825
msgid "View the Help menu"
9826
msgstr ""
9827
9828
#: serverguide/C/other-apps.xml:319(para)
9829
msgid "Change the key binding set"
9830
msgstr ""
9831
9832
#: serverguide/C/other-apps.xml:320(para)
9833
msgid "Change screen profiles"
9834
msgstr ""
9835
9836
#: serverguide/C/other-apps.xml:321(para)
9837
msgid "Change the escape sequence"
9838
msgstr ""
9839
9840
#: serverguide/C/other-apps.xml:322(para)
9841
msgid "Create new screen windows"
9842
msgstr ""
9843
9844
#: serverguide/C/other-apps.xml:323(para)
9845
msgid "Manage the default windows"
9846
msgstr ""
9847
9848
#: serverguide/C/other-apps.xml:324(para)
9849
msgid "Install screen by default at login"
9850
msgstr ""
9851
9852
#: serverguide/C/other-apps.xml:327(para)
9853
msgid ""
9854
"The <emphasis>key bindings</emphasis> determine such things as the escape "
9855
"sequence, new window, change window, etc. There are two key binding sets to "
9856
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
9857
"you wish to use the original key bindings choose the "
9858
"<emphasis>none</emphasis> set."
9859
msgstr ""
9860
9861
#: serverguide/C/other-apps.xml:333(para)
9862
msgid ""
9863
"The Ubuntu <application>screen-profiles</application> provide a menu which "
9864
"displays the Ubuntu release, processor information, memory information, and "
9865
"the time and date. The effect is similar to a desktop menu. When a profile "
9866
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
9867
"<application>select-screen-profile</application> utility can also be used to "
9868
"change profiles, in a terminal enter:"
9869
msgstr ""
9870
9871
#: serverguide/C/other-apps.xml:341(command)
9872
msgid "select-screen-profile -s ubuntu-light"
9873
msgstr ""
9874
9875
#: serverguide/C/other-apps.xml:344(para)
9876
msgid ""
9877
"The <emphasis>plain</emphasis> profile will change "
9878
"<application>screen</application> back to the defaults, which does not "
9879
"include the information menu at the bottom."
9880
msgstr ""
9881
9882
#: serverguide/C/other-apps.xml:349(para)
9883
msgid ""
9884
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
9885
"will cause screen to be executed any time a terminal is opened. Changes made "
9886
"to <application>screen</application> are on a per user basis, and will not "
9887
"affect other users on the system."
9888
msgstr ""
9889
9890
#: serverguide/C/other-apps.xml:354(para)
9891
msgid ""
9892
"One difference when using screen is the <emphasis>scrollback</emphasis> "
9893
"mode. If you are using one of the Ubuntu profiles press the "
9894
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
9895
"scrollback mode. Scrollback mode allows you to navigate past output using "
9896
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
9897
"commands:"
9898
msgstr ""
9899
9900
#: serverguide/C/other-apps.xml:361(para)
9901
msgid "<emphasis>h</emphasis> - Move the cursor left by one character"
9902
msgstr ""
9903
9904
#: serverguide/C/other-apps.xml:362(para)
9905
msgid "<emphasis>j</emphasis> - Move the cursor down by one line"
9906
msgstr ""
9907
9908
#: serverguide/C/other-apps.xml:363(para)
9909
msgid "<emphasis>k</emphasis> - Move the cursor up by one line"
9910
msgstr ""
9911
9912
#: serverguide/C/other-apps.xml:364(para)
9913
msgid "<emphasis>l</emphasis> - Move the cursor right by one character"
9914
msgstr ""
9915
9916
#: serverguide/C/other-apps.xml:365(para)
9917
msgid "<emphasis>0</emphasis> - Move to the beginning of the current line"
9918
msgstr ""
9919
9920
#: serverguide/C/other-apps.xml:366(para)
9921
msgid "<emphasis>$</emphasis> - Move to the end of the current line"
9922
msgstr ""
9923
9924
#: serverguide/C/other-apps.xml:367(para)
9925
msgid ""
9926
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
9927
"the buffer)"
9928
msgstr ""
9929
9930
#: serverguide/C/other-apps.xml:368(para)
9931
msgid "<emphasis>C-u</emphasis> - Scrolls a half page up"
9932
msgstr ""
9933
9934
#: serverguide/C/other-apps.xml:369(para)
9935
msgid "<emphasis>C-b</emphasis> - Scrolls a full page up"
9936
msgstr ""
9937
9938
#: serverguide/C/other-apps.xml:370(para)
9939
msgid "<emphasis>C-d</emphasis> - Scrolls a half page down"
9940
msgstr ""
9941
9942
#: serverguide/C/other-apps.xml:371(para)
9943
msgid "<emphasis>C-f</emphasis> - Scrolls the full page down"
9944
msgstr ""
9945
9946
#: serverguide/C/other-apps.xml:372(para)
9947
msgid "<emphasis>/</emphasis> - Search forward"
9948
msgstr ""
9949
9950
#: serverguide/C/other-apps.xml:373(para)
9951
msgid "<emphasis>?</emphasis> - Search backward"
9952
msgstr ""
9953
9954
#: serverguide/C/other-apps.xml:374(para)
9955
msgid ""
9956
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
9957
msgstr ""
9958
9959
#: serverguide/C/other-apps.xml:383(para)
9960
msgid ""
9961
"See the <ulink "
9962
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
9963
"motd.1.html\">update-motd man page</ulink> for more options available to "
9964
"<application>update-motd</application>."
9965
msgstr ""
9966
9967
#: serverguide/C/other-apps.xml:389(para)
9968
msgid ""
9969
"The Debian Package of the Day <ulink "
9970
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
9971
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
9972
"details about using the <application>weather</application>utility."
9973
msgstr ""
9974
9975
#: serverguide/C/other-apps.xml:396(para)
9976
msgid ""
9977
"See the <ulink "
9978
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
9979
"more details on using <application>etckeeper</application>."
9980
msgstr ""
9981
9982
#: serverguide/C/other-apps.xml:402(para)
9983
msgid ""
9984
"For the latest news and information about <application>bzr</application> see "
9985
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
9986
msgstr ""
9987
9988
#: serverguide/C/other-apps.xml:407(para)
9989
msgid ""
9990
"For more information on <application>screen</application> see the <ulink "
9991
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
9992
msgstr ""
9993
9994
#: serverguide/C/other-apps.xml:412(para)
9995
msgid ""
9996
"Also, see the <application>screen-profiles</application><ulink "
9997
"url=\"https://launchpad.net/screen-profiles\">project page</ulink> for more "
9998
"information."
9999
msgstr ""
10000
10001
#: serverguide/C/network-config.xml:13(title)
10002
msgid "Networking"
10003
msgstr ""
10004
10005
#: serverguide/C/network-config.xml:14(para)
10006
msgid ""
10007
"Networks consist of two or more devices, such as computer systems, printers, "
10008
"and related equipment which are connected by either physical cabling or "
10009
"wireless links for the purpose of sharing and distributing information among "
10010
"the connected devices."
10011
msgstr ""
10012
10013
#: serverguide/C/network-config.xml:20(para)
10014
msgid ""
10015
"This section provides general and specific information pertaining to "
10016
"networking, including an overview of network concepts and detailed "
10017
"discussion of popular network protocols."
10018
msgstr ""
10019
10020
#: serverguide/C/network-config.xml:26(title)
10021
msgid "Network Configuration"
10022
msgstr ""
10023
10024
#: serverguide/C/network-config.xml:27(para)
10025
msgid ""
10026
"Ubuntu ships with a number of graphical utilities to configure your network "
10027
"devices. This document is geared toward server administrators and will focus "
10028
"on managing your network on the command line."
10029
msgstr ""
10030
10031
#: serverguide/C/network-config.xml:33(title)
10032
msgid "Ethernet"
10033
msgstr "Eternetas"
10034
10035
#: serverguide/C/network-config.xml:34(para)
10036
msgid ""
10037
"Most Ethernet configuration is centralized in a single file, "
10038
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10039
"devices, only the loopback interface will appear in this file, and it will "
10040
"look something like this:"
10041
msgstr ""
10042
10043
#: serverguide/C/network-config.xml:40(programlisting)
10044
#, no-wrap
10045
msgid ""
10046
"\n"
10047
"# This file describes the network interfaces available on your system\n"
10048
"# and how to activate them. For more information, see interfaces(5).\n"
10049
"\n"
10050
"# The loopback network interface\n"
10051
"auto lo\n"
10052
"iface lo inet loopback\n"
10053
"address 127.0.0.1\n"
10054
"netmask 255.0.0.0\n"
10055
msgstr ""
10056
10057
#: serverguide/C/network-config.xml:50(para)
10058
msgid ""
10059
"If you have only one Ethernet device, eth0, and it gets its configuration "
10060
"from a DHCP server, and it should come up automatically at boot, only two "
10061
"additional lines are required:"
10062
msgstr ""
10063
10064
#: serverguide/C/network-config.xml:55(programlisting)
10065
#, no-wrap
10066
msgid ""
10067
"\n"
10068
"auto eth0\n"
10069
"iface eth0 inet dhcp\n"
10070
msgstr ""
10071
10072
#: serverguide/C/network-config.xml:59(para)
10073
msgid ""
10074
"The first line specifies that the eth0 device should come up automatically "
10075
"when you boot. The second line means that interface (<quote>iface</quote>) "
10076
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10077
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10078
"configuration automatically from DHCP. Assuming your network and DHCP server "
10079
"are properly configured, this machine's network should need no further "
10080
"configuration to operate properly. The DHCP server will provide the default "
10081
"gateway (implemented via the <application>route</application> command), the "
10082
"device's IP address (implemented via the <application>ifconfig</application> "
10083
"command), and DNS servers used on the network (implemented in the "
10084
"<filename>/etc/resolv.conf</filename> file.)"
10085
msgstr ""
10086
10087
#: serverguide/C/network-config.xml:72(para)
10088
msgid ""
10089
"To configure your Ethernet device with a static IP address and custom "
10090
"configuration, some more information will be required. Suppose you want to "
10091
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10092
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10093
"You would enter something like this into "
10094
"<filename>/etc/network/interfaces</filename>:"
10095
msgstr ""
10096
10097
#: serverguide/C/network-config.xml:79(programlisting)
10098
#, no-wrap
10099
msgid ""
10100
"\n"
10101
"iface eth1 inet static\n"
10102
"\taddress 192.168.0.2\n"
10103
"\tnetmask 255.255.255.0\n"
10104
"\tgateway 192.168.0.1\n"
10105
msgstr ""
10106
10107
#: serverguide/C/network-config.xml:85(para)
10108
msgid ""
10109
"In this case, you will need to specify your DNS servers manually in "
10110
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10111
msgstr ""
10112
10113
#: serverguide/C/network-config.xml:89(programlisting)
10114
#, no-wrap
10115
msgid ""
10116
"\n"
10117
"search mydomain.example\n"
10118
"nameserver 192.168.0.1\n"
10119
"nameserver 4.2.2.2\n"
10120
msgstr ""
10121
10122
#: serverguide/C/network-config.xml:94(para)
10123
msgid ""
10124
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10125
"mydomain.example to hostname queries in an attempt to resolve names to your "
10126
"network. For example, if your network's domain is mydomain.example and you "
10127
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10128
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10129
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10130
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10131
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10132
"and secondary DNS servers to use, and enter them into "
10133
"<filename>/etc/resolv.conf</filename> as shown above."
10134
msgstr ""
10135
10136
#: serverguide/C/network-config.xml:106(para)
10137
msgid ""
10138
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10139
"networking, VPN devices, etc. Refer to <application>man 5 "
10140
"interfaces</application> for more information and supported options. "
10141
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10142
"<application>ifup</application>/<application>ifdown</application> scripts as "
10143
"a higher level configuration scheme than may be used in some other Linux "
10144
"distributions, and that the traditional, lower level utilities such as "
10145
"<application>ifconfig</application>, <application>route</application>, and "
10146
"<application>dhclient</application> are still available to you for ad hoc "
10147
"configurations."
10148
msgstr ""
10149
10150
#: serverguide/C/network-config.xml:120(title)
10151
msgid "Managing DNS Entries"
10152
msgstr ""
10153
10154
#: serverguide/C/network-config.xml:121(para)
10155
msgid ""
10156
"This section explains how to configure which nameserver to use when "
10157
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10158
"to configure the system as a name server."
10159
msgstr ""
10160
10161
#: serverguide/C/network-config.xml:126(para)
10162
msgid ""
10163
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10164
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10165
msgstr ""
10166
10167
#: serverguide/C/network-config.xml:130(programlisting)
10168
#, no-wrap
10169
msgid ""
10170
"\n"
10171
"search com\n"
10172
"nameserver 204.11.126.131\n"
10173
"nameserver 64.125.134.133\n"
10174
"nameserver 64.125.134.132\n"
10175
"nameserver 208.185.179.218\n"
10176
msgstr ""
10177
10178
#: serverguide/C/network-config.xml:138(para)
10179
msgid ""
10180
"The <application>search</application> key specifies the string which will be "
10181
"appended to an incomplete hostname. Here, we have configured it to "
10182
"<application>com</application>. So, when we run: <command>ping "
10183
"ubuntu</command> it would be interpreted as <command>ping "
10184
"ubuntu.com</command>."
10185
msgstr ""
10186
10187
#: serverguide/C/network-config.xml:146(para)
10188
msgid ""
10189
"The <application>nameserver</application> key specifies the nameserver IP "
10190
"address. It will be used to resolve a given IP address or hostname. This "
10191
"file can have multiple nameserver entries. The nameservers will be used by "
10192
"the network query in the same order."
10193
msgstr ""
10194
10195
#: serverguide/C/network-config.xml:155(para)
10196
msgid ""
10197
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10198
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10199
"will be overwritten."
10200
msgstr ""
10201
10202
#: serverguide/C/network-config.xml:164(title)
10203
msgid "Managing Hosts"
10204
msgstr ""
10205
10206
#: serverguide/C/network-config.xml:165(para)
10207
msgid ""
10208
"To manage hosts, you can add, edit, or remove hosts from "
10209
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10210
"their corresponding hostnames. When your system tries to resolve a hostname "
10211
"to an IP address or determine the hostname for an IP address, it refers to "
10212
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10213
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10214
"name servers are not used. This behavior can be modified by editing "
10215
"<filename>/etc/nsswitch.conf</filename> at your peril."
10216
msgstr ""
10217
10218
#: serverguide/C/network-config.xml:178(para)
10219
msgid ""
10220
"If your network contains computers whose IP addresses are not listed in DNS, "
10221
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10222
"file."
10223
msgstr ""
10224
10225
#: serverguide/C/network-config.xml:186(title)
10226
msgid "Bridging"
10227
msgstr ""
10228
10229
#: serverguide/C/network-config.xml:188(para)
10230
msgid ""
10231
"Bridging multiple interfaces is a more advanced configuration, but is very "
10232
"useful in multiple scenarios. One scenario is setting up a bridge with "
10233
"multiple network interfaces, then using a firewall to filter traffic between "
10234
"two network segments. Another scenario is using bridge on a system with one "
10235
"interface to allow virtual machines direct access to the outside network. "
10236
"The following example covers the latter scenario."
10237
msgstr ""
10238
10239
#: serverguide/C/network-config.xml:195(para)
10240
msgid ""
10241
"Before configuring a bridge you will need to install the <application>bridge-"
10242
"utils</application> package. To install the package, in a terminal enter:"
10243
msgstr ""
10244
10245
#: serverguide/C/network-config.xml:201(command)
10246
msgid "sudo apt-get install bridge-utils"
10247
msgstr ""
10248
10249
#: serverguide/C/network-config.xml:204(para)
10250
msgid ""
10251
"Next, configure the bridge by editing "
10252
"<filename>/etc/network/interfaces</filename>:"
10253
msgstr ""
10254
10255
#: serverguide/C/network-config.xml:208(programlisting)
10256
#, no-wrap
10257
msgid ""
10258
"\n"
10259
"auto lo\n"
10260
"iface lo inet loopback\n"
10261
"\n"
10262
"auto br0\n"
10263
"iface br0 inet static\n"
10264
" address 192.168.0.10\n"
10265
" network 192.168.0.0\n"
10266
" netmask 255.255.255.0\n"
10267
" broadcast 192.168.0.255\n"
10268
" gateway 192.168.0.1\n"
10269
" bridge_ports eth0\n"
10270
" bridge_fd 9\n"
10271
" bridge_hello 2\n"
10272
" bridge_maxage 12\n"
10273
" bridge_stp off\n"
10274
msgstr ""
10275
10276
#: serverguide/C/network-config.xml:227(para)
10277
msgid "Enter the appropriate values for your physical interface and network."
10278
msgstr ""
10279
10280
#: serverguide/C/network-config.xml:232(para)
10281
msgid "Now restart networking to enable the bridge interface:"
10282
msgstr ""
10283
10284
#: serverguide/C/network-config.xml:240(para)
10285
msgid ""
10286
"If setting up a bridge interface using Ubuntu Desktop Edition, or if "
10287
"<application>dhcdbd</application> is installed, the "
10288
"<application>dhcdbd</application> daemon will need to be stopped and "
10289
"disabled."
10290
msgstr ""
10291
10292
#: serverguide/C/network-config.xml:245(para)
10293
msgid ""
10294
"After configuring the bridge in "
10295
"<filename>/etc/network/interfaces</filename>, shutdown "
10296
"<application>dhcdbd</application> by:"
10297
msgstr ""
10298
10299
#: serverguide/C/network-config.xml:250(command)
10300
msgid "sudo /etc/init.d/dhcdbd stop"
10301
msgstr ""
10302
10303
#: serverguide/C/network-config.xml:253(para)
10304
msgid "Now to disable it from starting on boot enter:"
10305
msgstr ""
10306
10307
#: serverguide/C/network-config.xml:258(command)
10308
msgid "sudo update-rc.d -f dhcdbd remove"
10309
msgstr ""
10310
10311
#: serverguide/C/network-config.xml:261(para)
10312
msgid ""
10313
"The new bridge interface should now be up and running. The "
10314
"<application>brctl</application> provides useful information about the state "
10315
"of the bridge, controls which interfaces are part of the bridge, etc. See "
10316
"<command>man brctl</command> for more information."
10317
msgstr ""
10318
10319
#: serverguide/C/network-config.xml:277(para)
10320
msgid ""
10321
"The <ulink "
10322
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/interfaces.5.html\">"
10323
"interafaces man page</ulink> has details on more options for "
10324
"<filename>/etc/network/interfaces</filename>."
10325
msgstr ""
10326
10327
#: serverguide/C/network-config.xml:283(para)
10328
msgid ""
10329
"For more information on DNS client configuration see the <ulink "
10330
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/resolver.5.html\">re"
10331
"solver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
10332
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
10333
"Administrator's Guide</ulink> is a good source of resolver and name service "
10334
"configuration information."
10335
msgstr ""
10336
10337
#: serverguide/C/network-config.xml:291(para)
10338
msgid ""
10339
"For more information on <emphasis>bridging</emphasis> see the <ulink "
10340
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/brctl.8.html\">brctl"
10341
" man page</ulink> and the Linux Foundation's <ulink "
10342
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
10343
msgstr ""
10344
10345
#: serverguide/C/network-config.xml:302(title)
10346
msgid "TCP/IP"
10347
msgstr "TCP/IP"
10348
10349
#: serverguide/C/network-config.xml:303(para)
10350
msgid ""
10351
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
10352
"standard set of protocols developed in the late 1970s by the Defense "
10353
"Advanced Research Projects Agency (DARPA) as a means of communication "
10354
"between different types of computers and computer networks. TCP/IP is the "
10355
"driving force of the Internet, and thus it is the most popular set of "
10356
"network protocols on Earth."
10357
msgstr ""
10358
10359
#: serverguide/C/network-config.xml:311(title)
10360
msgid "TCP/IP Introduction"
10361
msgstr "Įvadas į TCP/IP"
10362
10363
#: serverguide/C/network-config.xml:312(para)
10364
msgid ""
10365
"The two protocol components of TCP/IP deal with different aspects of "
10366
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
10367
"TCP/IP is a connectionless protocol which deals only with network packet "
10368
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
10369
"basic unit of networking information. The IP Datagram consists of a header "
10370
"followed by a message. The <emphasis> Transmission Control "
10371
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
10372
"establish connections which may be used to exchange data streams. TCP also "
10373
"guarantees that the data between connections is delivered and that it "
10374
"arrives at one network host in the same order as sent from another network "
10375
"host."
10376
msgstr ""
10377
10378
#: serverguide/C/network-config.xml:325(title)
10379
msgid "TCP/IP Configuration"
10380
msgstr "TCP/IP Konfigūracija"
10381
10382
#: serverguide/C/network-config.xml:326(para)
10383
msgid ""
10384
"The TCP/IP protocol configuration consists of several elements which must be "
10385
"set by editing the appropriate configuration files, or deploying solutions "
10386
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
10387
"can be configured to provide the proper TCP/IP configuration settings to "
10388
"network clients automatically. These configuration values must be set "
10389
"correctly in order to facilitate the proper network operation of your Ubuntu "
10390
"system."
10391
msgstr ""
10392
10393
#: serverguide/C/network-config.xml:338(para)
10394
msgid ""
10395
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
10396
"identifying string expressed as four decimal numbers ranging from zero (0) "
10397
"to two-hundred and fifty-five (255), separated by periods, with each of the "
10398
"four numbers representing eight (8) bits of the address for a total length "
10399
"of thirty-two (32) bits for the whole address. This format is called "
10400
"<emphasis>dotted quad notation</emphasis>."
10401
msgstr ""
10402
10403
#: serverguide/C/network-config.xml:348(para)
10404
msgid ""
10405
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
10406
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
10407
"separate the portions of an IP address significant to the network from the "
10408
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
10409
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
10410
"three bytes of the IP address and allows the last byte of the IP address to "
10411
"remain available for specifying hosts on the subnetwork."
10412
msgstr ""
10413
10414
#: serverguide/C/network-config.xml:359(para)
10415
msgid ""
10416
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
10417
"represents the bytes comprising the network portion of an IP address. For "
10418
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
10419
"network address, where twelve (12) represents the first byte of the IP "
10420
"address, (the network part) and zeroes (0) in all of the remaining three "
10421
"bytes to represent the potential host values. A network host using the "
10422
"private IP address 192.168.1.100 would in turn use a Network Address of "
10423
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
10424
"network and a zero (0) for all the possible hosts on the network."
10425
msgstr ""
10426
10427
#: serverguide/C/network-config.xml:372(para)
10428
msgid ""
10429
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
10430
"is an IP address which allows network data to be sent simultaneously to all "
10431
"hosts on a given subnetwork rather than specifying a particular host. The "
10432
"standard general broadcast address for IP networks is 255.255.255.255, but "
10433
"this broadcast address cannot be used to send a broadcast message to every "
10434
"host on the Internet because routers block it. A more appropriate broadcast "
10435
"address is set to match a specific subnetwork. For example, on the private "
10436
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
10437
"Broadcast messages are typically produced by network protocols such as the "
10438
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
10439
msgstr ""
10440
10441
#: serverguide/C/network-config.xml:385(para)
10442
msgid ""
10443
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
10444
"IP address through which a particular network, or host on a network, may be "
10445
"reached. If one network host wishes to communicate with another network "
10446
"host, and that host is not located on the same network, then a "
10447
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
10448
"Address will be that of a router on the same network, which will in turn "
10449
"pass traffic on to other networks or hosts, such as Internet hosts. The "
10450
"value of the Gateway Address setting must be correct, or your system will "
10451
"not be able to reach any hosts beyond those on the same network."
10452
msgstr ""
10453
10454
#: serverguide/C/network-config.xml:396(para)
10455
msgid ""
10456
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
10457
"represent the IP addresses of Domain Name Service (DNS) systems, which "
10458
"resolve network hostnames into IP addresses. There are three levels of "
10459
"Nameserver Addresses, which may be specified in order of precedence: The "
10460
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
10461
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
10462
"your system to be able to resolve network hostnames into their corresponding "
10463
"IP addresses, you must specify valid Nameserver Addresses which you are "
10464
"authorized to use in your system's TCP/IP configuration. In many cases these "
10465
"addresses can and will be provided by your network service provider, but "
10466
"many free and publicly accessible nameservers are available for use, such as "
10467
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
10468
msgstr ""
10469
10470
#: serverguide/C/network-config.xml:410(para)
10471
msgid ""
10472
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
10473
"Address are typically specified via the appropriate directives in the file "
10474
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
10475
"typically specified via <emphasis>nameserver</emphasis> directives in the "
10476
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
10477
"system manual page for <filename>interfaces</filename> or "
10478
"<filename>resolv.conf</filename> respectively, with the following commands "
10479
"typed at a terminal prompt:"
10480
msgstr ""
10481
10482
#: serverguide/C/network-config.xml:417(para)
10483
msgid ""
10484
"Access the system manual page for <filename>interfaces</filename> with the "
10485
"following command:"
10486
msgstr ""
10487
10488
#: serverguide/C/network-config.xml:422(command)
10489
msgid "man interfaces"
10490
msgstr ""
10491
10492
#: serverguide/C/network-config.xml:425(para)
10493
msgid ""
10494
"Access the system manual page for <filename>resolv.conf</filename> with the "
10495
"following command:"
10496
msgstr ""
10497
10498
#: serverguide/C/network-config.xml:429(command)
10499
msgid "man resolv.conf"
10500
msgstr ""
10501
10502
#: serverguide/C/network-config.xml:334(para)
10503
msgid ""
10504
"The common configuration elements of TCP/IP and their purposes are as "
10505
"follows: <placeholder-1/>"
10506
msgstr ""
10507
10508
#: serverguide/C/network-config.xml:436(title)
10509
msgid "IP Routing"
10510
msgstr "IP Maršruto Patikrinimas"
10511
10512
#: serverguide/C/network-config.xml:437(para)
10513
msgid ""
10514
"IP routing is a means of specifying and discovering paths in a TCP/IP "
10515
"network along which network data may be sent. Routing uses a set of "
10516
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
10517
"packets from their source to the destination, often via many intermediary "
10518
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
10519
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
10520
"<emphasis>Dynamic Routing.</emphasis>"
10521
msgstr ""
10522
10523
#: serverguide/C/network-config.xml:446(para)
10524
msgid ""
10525
"Static routing involves manually adding IP routes to the system's routing "
10526
"table, and this is usually done by manipulating the routing table with the "
10527
"<application>route</application> command. Static routing enjoys many "
10528
"advantages over dynamic routing, such as simplicity of implementation on "
10529
"smaller networks, predictability (the routing table is always computed in "
10530
"advance, and thus the route is precisely the same each time it is used), and "
10531
"low overhead on other routers and network links due to the lack of a dynamic "
10532
"routing protocol. However, static routing does present some disadvantages as "
10533
"well. For example, static routing is limited to small networks and does not "
10534
"scale well. Static routing also fails completely to adapt to network outages "
10535
"and failures along the route due to the fixed nature of the route."
10536
msgstr ""
10537
10538
#: serverguide/C/network-config.xml:456(para)
10539
msgid ""
10540
"Dynamic routing depends on large networks with multiple possible IP routes "
10541
"from a source to a destination and makes use of special routing protocols, "
10542
"such as the Router Information Protocol (RIP), which handle the automatic "
10543
"adjustments in routing tables that make dynamic routing possible. Dynamic "
10544
"routing has several advantages over static routing, such as superior "
10545
"scalability and the ability to adapt to failures and outages along network "
10546
"routes. Additionally, there is less manual configuration of the routing "
10547
"tables, since routers learn from one another about their existence and "
10548
"available routes. This trait also eliminates the possibility of introducing "
10549
"mistakes in the routing tables via human error. Dynamic routing is not "
10550
"perfect, however, and presents disadvantages such as heightened complexity "
10551
"and additional network overhead from router communications, which does not "
10552
"immediately benefit the end users, but still consumes network bandwidth."
10553
msgstr ""
10554
10555
#: serverguide/C/network-config.xml:470(title)
10556
msgid "TCP and UDP"
10557
msgstr "TCP ir UDP"
10558
10559
#: serverguide/C/network-config.xml:471(para)
10560
msgid ""
10561
"TCP is a connection-based protocol, offering error correction and guaranteed "
10562
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
10563
"Flow control determines when the flow of a data stream needs to be stopped, "
10564
"and previously sent data packets should to be re-sent due to problems such "
10565
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
10566
"accurate delivery of the data. TCP is typically used in the exchange of "
10567
"important information such as database transactions."
10568
msgstr ""
10569
10570
#: serverguide/C/network-config.xml:479(para)
10571
msgid ""
10572
"The User Datagram Protocol (UDP), on the other hand, is a "
10573
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
10574
"transmission of important data because it lacks flow control or any other "
10575
"method to ensure reliable delivery of the data. UDP is commonly used in such "
10576
"applications as audio and video streaming, where it is considerably faster "
10577
"than TCP due to the lack of error correction and flow control, and where the "
10578
"loss of a few packets is not generally catastrophic."
10579
msgstr ""
10580
10581
#: serverguide/C/network-config.xml:489(title)
10582
msgid "ICMP"
10583
msgstr "ICMP"
10584
10585
#: serverguide/C/network-config.xml:490(para)
10586
msgid ""
10587
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
10588
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
10589
"supports network packets containing control, error, and informational "
10590
"messages. ICMP is used by such network applications as the "
10591
"<application>ping</application> utility, which can determine the "
10592
"availability of a network host or device. Examples of some error messages "
10593
"returned by ICMP which are useful to both network hosts and devices such as "
10594
"routers, include <emphasis>Destination Unreachable</emphasis> and "
10595
"<emphasis>Time Exceeded</emphasis>."
10596
msgstr ""
10597
10598
#: serverguide/C/network-config.xml:500(title)
10599
msgid "Daemons"
10600
msgstr "Demonai"
10601
10602
#: serverguide/C/network-config.xml:501(para)
10603
msgid ""
10604
"Daemons are special system applications which typically execute continuously "
10605
"in the background and await requests for the functions they provide from "
10606
"other applications. Many daemons are network-centric; that is, a large "
10607
"number of daemons executing in the background on an Ubuntu system may "
10608
"provide network-related functionality. Some examples of such network daemons "
10609
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
10610
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
10611
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
10612
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
10613
"Daemon</emphasis> (imapd), which provides E-Mail services."
10614
msgstr ""
10615
10616
#: serverguide/C/network-config.xml:516(para)
10617
msgid ""
10618
"There are man pages for <ulink "
10619
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/tcp.7.html\">TCP</ul"
10620
"ink> and <ulink "
10621
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man7/ip.7.html\">IP</ulink> "
10622
"that contain more useful information."
10623
msgstr ""
10624
10625
#: serverguide/C/network-config.xml:522(para)
10626
msgid ""
10627
"Also, see the <ulink "
10628
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
10629
"and Technical Overview</ulink> IBM Redbook."
10630
msgstr ""
10631
10632
#: serverguide/C/network-config.xml:528(para)
10633
msgid ""
10634
"Another resource is O'Reilly's <ulink "
10635
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
10636
"Administration</ulink>."
10637
msgstr ""
10638
10639
#: serverguide/C/network-config.xml:537(title)
10640
msgid "Dynamic Host Configuration Protocol (DHCP)"
10641
msgstr ""
10642
10643
#: serverguide/C/network-config.xml:538(para)
10644
msgid ""
10645
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
10646
"enables host computers to be automatically assigned settings from a server "
10647
"as opposed to manually configuring each network host. Computers configured "
10648
"to be DHCP clients have no control over the settings they receive from the "
10649
"DHCP server, and the configuration is transparent to the computer's user."
10650
msgstr ""
10651
10652
#: serverguide/C/network-config.xml:545(para)
10653
msgid ""
10654
"The most common settings provided by a DHCP server to DHCP clients include:"
10655
msgstr ""
10656
10657
#: serverguide/C/network-config.xml:550(para)
10658
msgid "IP-Address and Netmask"
10659
msgstr ""
10660
10661
#: serverguide/C/network-config.xml:553(para)
10662
msgid "DNS"
10663
msgstr "DNS"
10664
10665
#: serverguide/C/network-config.xml:556(para)
10666
msgid "WINS"
10667
msgstr "WINS"
10668
10669
#: serverguide/C/network-config.xml:559(para)
10670
msgid ""
10671
"However, a DHCP server can also supply configuration properties such as:"
10672
msgstr ""
10673
10674
#: serverguide/C/network-config.xml:564(para)
10675
msgid "Host Name"
10676
msgstr ""
10677
10678
#: serverguide/C/network-config.xml:567(para)
10679
msgid "Domain Name"
10680
msgstr "Srities Pavadinimas"
10681
10682
#: serverguide/C/network-config.xml:570(para)
10683
msgid "Default Gateway"
10684
msgstr ""
10685
10686
#: serverguide/C/network-config.xml:573(para)
10687
msgid "Time Server"
10688
msgstr "Laiko Serveris"
10689
10690
#: serverguide/C/network-config.xml:576(para)
10691
msgid "Print Server"
10692
msgstr "Spausdinimo serveris"
10693
10694
#: serverguide/C/network-config.xml:579(para)
10695
msgid ""
10696
"The advantage of using DHCP is that changes to the network, for example a "
10697
"change in the address of the DNS server, need only be changed at the DHCP "
10698
"server, and all network hosts will be reconfigured the next time their DHCP "
10699
"clients poll the DHCP server. As an added advantage, it is also easier to "
10700
"integrate new computers into the network, as there is no need to check for "
10701
"the availability of an IP address. Conflicts in IP address allocation are "
10702
"also reduced."
10703
msgstr ""
10704
10705
#: serverguide/C/network-config.xml:587(para)
10706
msgid "A DHCP server can provide configuration settings using two methods:"
10707
msgstr ""
10708
10709
#: serverguide/C/network-config.xml:592(term)
10710
msgid "MAC Address"
10711
msgstr "MAC Adresas"
10712
10713
#: serverguide/C/network-config.xml:594(para)
10714
msgid ""
10715
"This method entails using DHCP to identify the unique hardware address of "
10716
"each network card connected to the network and then continually supplying a "
10717
"constant configuration each time the DHCP client makes a request to the DHCP "
10718
"server using that network device."
10719
msgstr ""
10720
10721
#: serverguide/C/network-config.xml:603(term)
10722
msgid "Address Pool"
10723
msgstr "Adresų Telkinys"
10724
10725
#: serverguide/C/network-config.xml:605(para)
10726
msgid ""
10727
"This method entails defining a pool (sometimes also called a range or scope) "
10728
"of IP addresses from which DHCP clients are supplied their configuration "
10729
"properties dynamically and on a \"first come, first served\" basis. When a "
10730
"DHCP client is no longer on the network for a specified period, the "
10731
"configuration is expired and released back to the address pool for use by "
10732
"other DHCP Clients."
10733
msgstr ""
10734
10735
#: serverguide/C/network-config.xml:616(para)
10736
msgid ""
10737
"Ubuntu is shipped with both DHCP server and client. The server is "
10738
"<application>dhcpd</application> (dynamic host configuration protocol "
10739
"daemon). The client provided with Ubuntu is "
10740
"<application>dhclient</application> and should be installed on all computers "
10741
"required to be automatically configured. Both programs are easy to install "
10742
"and configure and will be automatically started at system boot."
10743
msgstr ""
10744
10745
#: serverguide/C/network-config.xml:626(para)
10746
msgid ""
10747
"At a terminal prompt, enter the following command to install "
10748
"<application>dhcpd</application>:"
10749
msgstr ""
10750
10751
#: serverguide/C/network-config.xml:631(command)
10752
msgid "sudo apt-get install dhcp3-server"
10753
msgstr ""
10754
10755
#: serverguide/C/network-config.xml:633(para)
10756
msgid ""
10757
"You will probably need to change the default configuration by editing "
10758
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
10759
msgstr ""
10760
10761
#: serverguide/C/network-config.xml:637(para)
10762
msgid ""
10763
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
10764
"dhcpd should listen to. By default it listens to eth0."
10765
msgstr ""
10766
10767
#: serverguide/C/network-config.xml:641(para)
10768
msgid ""
10769
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
10770
"messages."
10771
msgstr ""
10772
10773
#: serverguide/C/network-config.xml:648(para)
10774
msgid ""
10775
"The error message the installation ends with might be a little confusing, "
10776
"but the following steps will help you configure the service:"
10777
msgstr ""
10778
10779
#: serverguide/C/network-config.xml:652(para)
10780
msgid ""
10781
"Most commonly, what you want to do is assign an IP address randomly. This "
10782
"can be done with settings as follows:"
10783
msgstr ""
10784
10785
#: serverguide/C/network-config.xml:656(programlisting)
10786
#, no-wrap
10787
msgid ""
10788
"\n"
10789
"# Sample /etc/dhcpd.conf\n"
10790
"# (add your comments here) \n"
10791
"default-lease-time 600;\n"
10792
"max-lease-time 7200;\n"
10793
"option subnet-mask 255.255.255.0;\n"
10794
"option broadcast-address 192.168.1.255;\n"
10795
"option routers 192.168.1.254;\n"
10796
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
10797
"option domain-name \"mydomain.example\";\n"
10798
"\n"
10799
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
10800
"range 192.168.1.10 192.168.1.100;\n"
10801
"range 192.168.1.150 192.168.1.200;\n"
10802
"} \n"
10803
msgstr ""
10804
10805
#: serverguide/C/network-config.xml:672(para)
10806
msgid ""
10807
"This will result in the DHCP server giving a client an IP address from the "
10808
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
10809
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
10810
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
10811
"server will also \"advise\" the client that it should use 255.255.255.0 as "
10812
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
10813
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
10814
msgstr ""
10815
10816
#: serverguide/C/network-config.xml:681(para)
10817
msgid ""
10818
"If you need to specify a WINS server for your Windows clients, you will need "
10819
"to include the netbios-name-servers option, e.g."
10820
msgstr ""
10821
10822
#: serverguide/C/network-config.xml:685(programlisting)
10823
#, no-wrap
10824
msgid ""
10825
"\n"
10826
"option netbios-name-servers 192.168.1.1; \n"
10827
msgstr ""
10828
10829
#: serverguide/C/network-config.xml:688(para)
10830
msgid ""
10831
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
10832
"be found <ulink "
10833
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
10834
msgstr ""
10835
10836
#: serverguide/C/network-config.xml:698(para)
10837
msgid ""
10838
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
10839
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/dhcpd.conf.5.html\">"
10840
"dhcpd.conf man page</ulink>."
10841
msgstr ""
10842
10843
#: serverguide/C/network-config.xml:704(para)
10844
msgid ""
10845
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
10846
"FAQ</ulink>"
10847
msgstr ""
10848
10849
#: serverguide/C/network-config.xml:714(title)
10850
msgid "Time Synchronisation with NTP"
10851
msgstr ""
10852
10853
#: serverguide/C/network-config.xml:715(para)
10854
msgid ""
10855
"This page describes methods for keeping your computer's time accurate. This "
10856
"is useful for servers, but is not necessary (or desirable) for desktop "
10857
"machines."
10858
msgstr ""
10859
10860
#: serverguide/C/network-config.xml:718(para)
10861
msgid ""
10862
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
10863
"client requests the current time from a server, and uses it to set its own "
10864
"clock."
10865
msgstr ""
10866
10867
#: serverguide/C/network-config.xml:721(para)
10868
msgid ""
10869
"Behind this simple description, there is a lot of complexity - there are "
10870
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
10871
"clocks (often via GPS), and tier two and three servers spreading the load of "
10872
"actually handling requests across the Internet. Also the client software is "
10873
"a lot more complex than you might think - it has to factor out communication "
10874
"delays, and adjust the time in a way that does not upset all the other "
10875
"processes that run on the server. But luckily all that complexity is hidden "
10876
"from you!"
10877
msgstr ""
10878
10879
#: serverguide/C/network-config.xml:724(para)
10880
msgid ""
10881
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
10882
msgstr ""
10883
10884
#: serverguide/C/network-config.xml:729(title)
10885
msgid "ntpdate"
10886
msgstr ""
10887
10888
#: serverguide/C/network-config.xml:730(para)
10889
msgid ""
10890
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
10891
"set up your time according to Ubuntu's NTP server. However, a server's clock "
10892
"is likely to drift considerably between reboots, so it makes sense to "
10893
"correct the time occasionally. The easiest way to do this is to get cron to "
10894
"run ntpdate every day. With your favourite editor, as root, create a file "
10895
"<code>/etc/cron.daily/ntpdate</code> containing:"
10896
msgstr ""
10897
10898
#: serverguide/C/network-config.xml:735(screen)
10899
#, no-wrap
10900
msgid "ntpdate ntp.ubuntu.com\n"
10901
msgstr ""
10902
10903
#: serverguide/C/network-config.xml:737(para)
10904
msgid ""
10905
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
10906
msgstr ""
10907
10908
#: serverguide/C/network-config.xml:740(screen)
10909
#, no-wrap
10910
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
10911
msgstr ""
10912
10913
#: serverguide/C/network-config.xml:744(title)
10914
msgid "ntpd"
10915
msgstr ""
10916
10917
#: serverguide/C/network-config.xml:745(para)
10918
msgid ""
10919
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
10920
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
10921
"calculates the drift of your system clock and continuously adjusts it, so "
10922
"there are no large corrections that could lead to inconsistent logs for "
10923
"instance. The cost is a little processing power and memory, but for a modern "
10924
"server this is negligible."
10925
msgstr ""
10926
10927
#: serverguide/C/network-config.xml:748(para)
10928
msgid "To set up ntpd:"
10929
msgstr ""
10930
10931
#: serverguide/C/network-config.xml:749(screen)
10932
#, no-wrap
10933
msgid "sudo apt-get install ntp\n"
10934
msgstr ""
10935
10936
#: serverguide/C/network-config.xml:754(title)
10937
msgid "Changing Time Servers"
10938
msgstr "Laiko Serverių Keitimas"
10939
10940
#: serverguide/C/network-config.xml:755(para)
10941
msgid ""
10942
"In both cases above, your system will use Ubuntu's NTP server at "
10943
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
10944
"use several servers to increase accuracy and resilience, and you may want to "
10945
"use time servers that are geographically closer to you. to do this for "
10946
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
10947
msgstr ""
10948
10949
#: serverguide/C/network-config.xml:762(screen)
10950
#, no-wrap
10951
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
10952
msgstr ""
10953
10954
#: serverguide/C/network-config.xml:764(para)
10955
msgid ""
10956
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
10957
"lines:"
10958
msgstr ""
10959
10960
#: serverguide/C/network-config.xml:769(screen)
10961
#, no-wrap
10962
msgid ""
10963
"server ntp.ubuntu.com\n"
10964
"server pool.ntp.org\n"
10965
msgstr ""
10966
10967
#: serverguide/C/network-config.xml:772(para)
10968
msgid ""
10969
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
10970
"really good idea which uses round-robin DNS to return an NTP server from a "
10971
"pool, spreading the load between several different servers. Even better, "
10972
"they have pools for different regions - for instance, if you are in New "
10973
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
10974
"<code>pool.ntp.org</code> . Look at <ulink "
10975
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
10976
"details."
10977
msgstr ""
10978
10979
#: serverguide/C/network-config.xml:783(para)
10980
msgid ""
10981
"You can also Google for NTP servers in your region, and add these to your "
10982
"configuration. To test that a server works, just type <code>sudo ntpdate "
10983
"ntp.server.name</code> and see what happens."
10984
msgstr ""
10985
10986
#: serverguide/C/network-config.xml:791(title)
10987
msgid "Related Pages"
10988
msgstr ""
10989
10990
#: serverguide/C/network-config.xml:795(ulink)
10991
msgid "NTP Support"
10992
msgstr "NTP Palaikymas"
10993
10994
#: serverguide/C/network-config.xml:800(ulink)
10995
msgid "The NTP FAQ and HOWTO"
10996
msgstr ""
10997
10998
#: serverguide/C/network-auth.xml:13(title)
10999
msgid "Network Authentication"
11000
msgstr "Tinklo Autentifikavimas"
11001
11002
#: serverguide/C/network-auth.xml:15(para)
11003
msgid "This section explains various Network Authentication protocols."
11004
msgstr ""
11005
11006
#: serverguide/C/network-auth.xml:19(title)
11007
msgid "OpenLDAP Server"
11008
msgstr ""
11009
11010
#: serverguide/C/network-auth.xml:20(para)
11011
msgid ""
11012
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
11013
"simplified version of the X.500 protocol. The directory setup in this "
11014
"section will be used for authentication. Nevertheless, LDAP can be used in "
11015
"numerous ways: authentication, shared directory (for mail clients), address "
11016
"book, etc."
11017
msgstr ""
11018
11019
#: serverguide/C/network-auth.xml:28(para)
11020
msgid ""
11021
"To describe LDAP quickly, all information is stored in a tree structure. "
11022
"With <application>OpenLDAP</application> you have freedom to determine the "
11023
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
11024
"We will begin with a basic tree containing two nodes below the root:"
11025
msgstr ""
11026
11027
#: serverguide/C/network-auth.xml:37(para)
11028
msgid "\"People\" node where your users will be stored"
11029
msgstr ""
11030
11031
#: serverguide/C/network-auth.xml:40(para)
11032
msgid "\"Groups\" node where your groups will be stored"
11033
msgstr ""
11034
11035
#: serverguide/C/network-auth.xml:44(para)
11036
msgid ""
11037
"Before beginning, you should determine what the root of your LDAP directory "
11038
"will be. By default, your tree will be determined by your Fully Qualified "
11039
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
11040
"example), your root node will be dc=example,dc=com."
11041
msgstr ""
11042
11043
#: serverguide/C/network-auth.xml:54(para)
11044
msgid ""
11045
"First, install the <application>OpenLDAP</application> server daemon "
11046
"<application>slapd</application> and <application>ldap-utils</application>, "
11047
"a package containing LDAP management utilities:"
11048
msgstr ""
11049
11050
#: serverguide/C/network-auth.xml:60(command)
11051
msgid "sudo apt-get install slapd ldap-utils"
11052
msgstr ""
11053
11054
#: serverguide/C/network-auth.xml:63(para)
11055
msgid ""
11056
"The installation process will prompt you for the LDAP directory admin "
11057
"password and confirmation."
11058
msgstr ""
11059
11060
#: serverguide/C/network-auth.xml:68(para)
11061
msgid ""
11062
"By default the directory suffix will match the domain name of the server. "
11063
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11064
"ldap.example.com, the default suffix will be "
11065
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11066
"the directory can be reconfigured using <application>dpkg-"
11067
"reconfigure</application>. Enter the following in a terminal prompt:"
11068
msgstr ""
11069
11070
#: serverguide/C/network-auth.xml:78(command)
11071
msgid "sudo dpkg-reconfigure slapd"
11072
msgstr ""
11073
11074
#: serverguide/C/network-auth.xml:81(para)
11075
msgid ""
11076
"You will then be taken through a menu based configuration dialog, allowing "
11077
"you to configure various <application>slapd</application> options."
11078
msgstr ""
11079
11080
#: serverguide/C/network-auth.xml:90(para)
11081
msgid ""
11082
"<application>OpenLDAP</application> uses a separate database which contains "
11083
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11084
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11085
"<application>slapd</application> daemon, allowing the modification of schema "
11086
"definitions, indexes, ACLs, etc without stopping the service."
11087
msgstr ""
11088
11089
#: serverguide/C/network-auth.xml:98(para)
11090
msgid ""
11091
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11092
"utilities in the <application>ldap-utils</application> package. For example:"
11093
msgstr ""
11094
11095
#: serverguide/C/network-auth.xml:106(para)
11096
msgid ""
11097
"Use <application>ldapsearch</application> to view the tree, entering the "
11098
"admin password set during installation or reconfiguration:"
11099
msgstr ""
11100
11101
#: serverguide/C/network-auth.xml:112(command)
11102
msgid ""
11103
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11104
msgstr ""
11105
11106
#: serverguide/C/network-auth.xml:116(computeroutput)
11107
#, no-wrap
11108
msgid ""
11109
"Enter LDAP Password: \n"
11110
"dn: olcDatabase={1}hdb,cn=config\n"
11111
"objectClass: olcDatabaseConfig\n"
11112
"objectClass: olcHdbConfig\n"
11113
"olcDatabase: {1}hdb\n"
11114
"olcDbDirectory: /var/lib/ldap\n"
11115
"olcSuffix: dc=example,dc=com\n"
11116
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11117
"dn=\"cn=admin,dc=exampl\n"
11118
" e,dc=com\" write by anonymous auth by self write by * none\n"
11119
"olcAccess: {1}to dn.base=\"\" by * read\n"
11120
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11121
"olcLastMod: TRUE\n"
11122
"olcDbCheckpoint: 512 30\n"
11123
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11124
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11125
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11126
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11127
"olcDbIndex: objectClass eq\n"
11128
msgstr ""
11129
11130
#: serverguide/C/network-auth.xml:137(para)
11131
msgid ""
11132
"The output above is the current configuration options for the "
11133
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11134
"<emphasis>dc=example,dc=com</emphasis> suffix."
11135
msgstr ""
11136
11137
#: serverguide/C/network-auth.xml:146(para)
11138
msgid ""
11139
"Refine the search by supplying a <emphasis "
11140
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11141
"are indexed:"
11142
msgstr ""
11143
11144
#: serverguide/C/network-auth.xml:152(command)
11145
msgid ""
11146
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11147
"olcDbIndex"
11148
msgstr ""
11149
11150
#: serverguide/C/network-auth.xml:156(computeroutput)
11151
#, no-wrap
11152
msgid ""
11153
"Enter LDAP Password: \n"
11154
"dn: olcDatabase={1}hdb,cn=config\n"
11155
"olcDbIndex: objectClass eq\n"
11156
msgstr ""
11157
11158
#: serverguide/C/network-auth.xml:165(para)
11159
msgid ""
11160
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11161
"another attribute to the index list using "
11162
"<application>ldapmodify</application>:"
11163
msgstr ""
11164
11165
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:723(command) serverguide/C/network-auth.xml:825(command) serverguide/C/network-auth.xml:848(command) serverguide/C/network-auth.xml:2405(command) serverguide/C/network-auth.xml:2422(command)
11166
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11167
msgstr ""
11168
11169
#: serverguide/C/network-auth.xml:175(userinput)
11170
#, no-wrap
11171
msgid ""
11172
"\n"
11173
"dn: olcDatabase={1}hdb,cn=config\n"
11174
"add: olcDbIndex\n"
11175
"olcDbIndex: entryUUID eq"
11176
msgstr ""
11177
11178
#: serverguide/C/network-auth.xml:175(computeroutput)
11179
#, no-wrap
11180
msgid ""
11181
"Enter LDAP Password:<placeholder-1/>\n"
11182
"\n"
11183
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11184
msgstr ""
11185
11186
#: serverguide/C/network-auth.xml:184(para)
11187
msgid ""
11188
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11189
"exit the utility."
11190
msgstr ""
11191
11192
#: serverguide/C/network-auth.xml:191(para)
11193
msgid ""
11194
"<application>ldapmodify</application> can also read the changes from a file. "
11195
"Copy and paste the following into a file named "
11196
"<filename>uid_index.ldif</filename>:"
11197
msgstr ""
11198
11199
#: serverguide/C/network-auth.xml:196(programlisting)
11200
#, no-wrap
11201
msgid ""
11202
"\n"
11203
"dn: olcDatabase={1}hdb,cn=config\n"
11204
"add: olcDbIndex\n"
11205
"olcDbIndex: uid eq,pres,sub\n"
11206
msgstr ""
11207
11208
#: serverguide/C/network-auth.xml:202(para)
11209
msgid "Then execute <application>ldapmodify</application>:"
11210
msgstr ""
11211
11212
#: serverguide/C/network-auth.xml:207(command)
11213
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
11214
msgstr ""
11215
11216
#: serverguide/C/network-auth.xml:211(computeroutput)
11217
#, no-wrap
11218
msgid ""
11219
"Enter LDAP Password: \n"
11220
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11221
msgstr ""
11222
11223
#: serverguide/C/network-auth.xml:216(para)
11224
msgid "The file method is very useful for large changes."
11225
msgstr ""
11226
11227
#: serverguide/C/network-auth.xml:223(para)
11228
msgid ""
11229
"Adding additional <emphasis>schemas</emphasis> to "
11230
"<application>slapd</application> requires the schema to be converted to LDIF "
11231
"format. Fortunately, the <application>slapd</application> program can be "
11232
"used to automate the conversion. The following example will add the "
11233
"<emphasis>misc.schema</emphasis>:"
11234
msgstr ""
11235
11236
#: serverguide/C/network-auth.xml:231(para)
11237
msgid ""
11238
"First, create a conversion <filename>schema_convert.conf</filename> file "
11239
"containing the following lines:"
11240
msgstr ""
11241
11242
#: serverguide/C/network-auth.xml:236(programlisting)
11243
#, no-wrap
11244
msgid ""
11245
"\n"
11246
"include /etc/ldap/schema/core.schema\n"
11247
"include /etc/ldap/schema/collective.schema\n"
11248
"include /etc/ldap/schema/corba.schema\n"
11249
"include /etc/ldap/schema/cosine.schema\n"
11250
"include /etc/ldap/schema/duaconf.schema\n"
11251
"include /etc/ldap/schema/dyngroup.schema\n"
11252
"include /etc/ldap/schema/inetorgperson.schema\n"
11253
"include /etc/ldap/schema/java.schema\n"
11254
"include /etc/ldap/schema/misc.schema\n"
11255
"include /etc/ldap/schema/nis.schema\n"
11256
"include /etc/ldap/schema/openldap.schema\n"
11257
"include /etc/ldap/schema/ppolicy.schema\n"
11258
msgstr ""
11259
11260
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1304(para)
11261
msgid "Next, create a temporary directory to hold the output:"
11262
msgstr ""
11263
11264
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1309(command) serverguide/C/network-auth.xml:2334(command)
11265
msgid "mkdir /tmp/ldif_output"
11266
msgstr ""
11267
11268
#: serverguide/C/network-auth.xml:265(para)
11269
msgid ""
11270
"Now using <application>slaptest</application> convert the schema files to "
11271
"LDIF:"
11272
msgstr ""
11273
11274
#: serverguide/C/network-auth.xml:270(command) serverguide/C/network-auth.xml:1320(command) serverguide/C/network-auth.xml:2345(command)
11275
msgid "slaptest -f schema_convert.conf -F /tmp/ldif_output"
11276
msgstr ""
11277
11278
#: serverguide/C/network-auth.xml:273(para)
11279
msgid ""
11280
"Adjust the configuration file name and temporary directory names if yours "
11281
"are different. Also, it may be worthwhile to keep the "
11282
"<filename>ldif_output</filename> directory around in case you want to add "
11283
"additional schemas in the future."
11284
msgstr ""
11285
11286
#: serverguide/C/network-auth.xml:282(para)
11287
msgid ""
11288
"Edit the "
11289
"<filename>/tmp/ldif_output/cn=config/cn=schema/cn={8}misc.ldif</filename> "
11290
"file, changing the following attributes:"
11291
msgstr ""
11292
11293
#: serverguide/C/network-auth.xml:287(programlisting)
11294
#, no-wrap
11295
msgid ""
11296
"\n"
11297
"dn: cn=misc,cn=schema,cn=config\n"
11298
"...\n"
11299
"cn: misc\n"
11300
msgstr ""
11301
11302
#: serverguide/C/network-auth.xml:293(para) serverguide/C/network-auth.xml:1341(para)
11303
msgid "And remove the following lines from the bottom of the file:"
11304
msgstr ""
11305
11306
#: serverguide/C/network-auth.xml:297(programlisting)
11307
#, no-wrap
11308
msgid ""
11309
"\n"
11310
"structuralObjectClass: olcSchemaConfig\n"
11311
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11312
"creatorsName: cn=config\n"
11313
"createTimestamp: 20080826021140Z\n"
11314
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11315
"modifiersName: cn=config\n"
11316
"modifyTimestamp: 20080826021140Z\n"
11317
msgstr ""
11318
11319
#: serverguide/C/network-auth.xml:308(para) serverguide/C/network-auth.xml:1356(para) serverguide/C/network-auth.xml:2381(para)
11320
msgid ""
11321
"The attribute values will vary, just be sure the attributes are removed."
11322
msgstr ""
11323
11324
#: serverguide/C/network-auth.xml:316(para) serverguide/C/network-auth.xml:1364(para)
11325
msgid ""
11326
"Finally, using the <application>ldapadd</application> utility, add the new "
11327
"schema to the directory:"
11328
msgstr ""
11329
11330
#: serverguide/C/network-auth.xml:322(command)
11331
msgid ""
11332
"ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\\=config/cn\\"
11333
"=schema/cn\\=\\{8\\}misc.ldif"
11334
msgstr ""
11335
11336
#: serverguide/C/network-auth.xml:328(para)
11337
msgid ""
11338
"There should now be a <emphasis>dn: "
11339
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11340
msgstr ""
11341
11342
#: serverguide/C/network-auth.xml:337(title)
11343
msgid "Populating LDAP"
11344
msgstr ""
11345
11346
#: serverguide/C/network-auth.xml:339(para)
11347
msgid ""
11348
"The directory has been created during installation and reconfiguration, and "
11349
"now it is time to populate it. It will be populated with a \"classical\" "
11350
"scheme that will be compatible with address book applications and with Unix "
11351
"Posix accounts. Posix accounts will allow authentication to various "
11352
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11353
"applications, etc."
11354
msgstr ""
11355
11356
#: serverguide/C/network-auth.xml:348(para)
11357
msgid ""
11358
"For external applications to authenticate using LDAP they will each need to "
11359
"be specifically configured to do so. Refer to the individual application "
11360
"documentation for details."
11361
msgstr ""
11362
11363
#: serverguide/C/network-auth.xml:355(para)
11364
msgid ""
11365
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11366
"Format) files. Copy the following example LDIF file, naming it "
11367
"<filename>example.com.ldif</filename>, somewhere on your system:"
11368
msgstr ""
11369
11370
#: serverguide/C/network-auth.xml:361(programlisting)
11371
#, no-wrap
11372
msgid ""
11373
"\n"
11374
"dn: ou=people,dc=example,dc=com\n"
11375
"objectClass: organizationalUnit\n"
11376
"ou: people\n"
11377
"\n"
11378
"dn: ou=groups,dc=example,dc=com\n"
11379
"objectClass: organizationalUnit\n"
11380
"ou: groups\n"
11381
"\n"
11382
"dn: uid=john,ou=people,dc=example,dc=com\n"
11383
"objectClass: inetOrgPerson\n"
11384
"objectClass: posixAccount\n"
11385
"objectClass: shadowAccount\n"
11386
"uid: john\n"
11387
"sn: Doe\n"
11388
"givenName: John\n"
11389
"cn: John Doe\n"
11390
"displayName: John Doe\n"
11391
"uidNumber: 1000\n"
11392
"gidNumber: 10000\n"
11393
"userPassword: password\n"
11394
"gecos: John Doe\n"
11395
"loginShell: /bin/bash\n"
11396
"homeDirectory: /home/john\n"
11397
"shadowExpire: -1\n"
11398
"shadowFlag: 0\n"
11399
"shadowWarning: 7\n"
11400
"shadowMin: 8\n"
11401
"shadowMax: 999999\n"
11402
"shadowLastChange: 10877\n"
11403
"mail: john.doe@example.com\n"
11404
"postalCode: 31000\n"
11405
"l: Toulouse\n"
11406
"o: Example\n"
11407
"mobile: +33 (0)6 xx xx xx xx\n"
11408
"homePhone: +33 (0)5 xx xx xx xx\n"
11409
"title: System Administrator\n"
11410
"postalAddress: \n"
11411
"initials: JD\n"
11412
"\n"
11413
"dn: cn=example,ou=groups,dc=example,dc=com\n"
11414
"objectClass: posixGroup\n"
11415
"cn: example\n"
11416
"gidNumber: 10000\n"
11417
msgstr ""
11418
11419
#: serverguide/C/network-auth.xml:407(para)
11420
msgid ""
11421
"In this example the directory structure, a user, and a group have been "
11422
"setup. In other examples you might see the <emphasis>objectClass: "
11423
"top</emphasis> added in every entry, but that is the default behaviour so "
11424
"you do not have to add it explicitly."
11425
msgstr ""
11426
11427
#: serverguide/C/network-auth.xml:414(para)
11428
msgid ""
11429
"To add the entries to the LDAP directory use the "
11430
"<application>ldapadd</application> utility:"
11431
msgstr ""
11432
11433
#: serverguide/C/network-auth.xml:420(command)
11434
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
11435
msgstr ""
11436
11437
#: serverguide/C/network-auth.xml:423(para)
11438
msgid ""
11439
"We can check that the content has been correctly added with the tools from "
11440
"the <application>ldap-utils</application> package. In order to execute a "
11441
"search of the LDAP directory:"
11442
msgstr ""
11443
11444
#: serverguide/C/network-auth.xml:430(command)
11445
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
11446
msgstr ""
11447
11448
#: serverguide/C/network-auth.xml:431(computeroutput)
11449
#, no-wrap
11450
msgid ""
11451
"\n"
11452
"dn: uid=john,ou=people,dc=example,dc=com\n"
11453
"cn: John Doe\n"
11454
"sn: Doe\n"
11455
"givenName: John\n"
11456
msgstr ""
11457
11458
#: serverguide/C/network-auth.xml:439(para)
11459
msgid "Just a quick explanation:"
11460
msgstr ""
11461
11462
#: serverguide/C/network-auth.xml:445(para)
11463
msgid ""
11464
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11465
"the default."
11466
msgstr ""
11467
11468
#: serverguide/C/network-auth.xml:451(para)
11469
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11470
msgstr ""
11471
11472
#: serverguide/C/network-auth.xml:460(title)
11473
msgid "LDAP replication"
11474
msgstr "LDAP replikavimas"
11475
11476
#: serverguide/C/network-auth.xml:462(para)
11477
msgid ""
11478
"LDAP often quickly becomes a highly critical service to the network. "
11479
"Multiple systems will come to depend on LDAP for authentication, "
11480
"authorization, configuration, etc. It is a good idea to setup a redundant "
11481
"system through replication."
11482
msgstr ""
11483
11484
#: serverguide/C/network-auth.xml:468(para)
11485
msgid ""
11486
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11487
"Syncrepl allows the directory to be synced using either a "
11488
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11489
"push based configuration a <quote>primary</quote> server will push directory "
11490
"updates to <quote>secondary</quote> servers, while a pull based approach "
11491
"allows replication servers to sync on a time based interval."
11492
msgstr ""
11493
11494
#: serverguide/C/network-auth.xml:476(para)
11495
msgid ""
11496
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11497
"configuration. In this configuration each OpenLDAP server is configured for "
11498
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11499
msgstr ""
11500
11501
#: serverguide/C/network-auth.xml:484(para)
11502
msgid ""
11503
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11504
"database. Copy the following to a file named <filename>syncrepl_cn-"
11505
"config.ldif</filename>:"
11506
msgstr ""
11507
11508
#: serverguide/C/network-auth.xml:489(programlisting)
11509
#, no-wrap
11510
msgid ""
11511
"\n"
11512
"dn: cn=module{0},cn=config\n"
11513
"changetype: modify\n"
11514
"add: olcModuleLoad\n"
11515
"olcModuleLoad: syncprov\n"
11516
"\n"
11517
"dn: cn=config\n"
11518
"changetype: modify\n"
11519
"replace: olcServerID\n"
11520
"olcServerID: 1 ldap://ldap01.example.com\n"
11521
"olcServerID: 2 ldap://ldap02.example.com\n"
11522
"\n"
11523
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
11524
"changetype: add\n"
11525
"objectClass: olcOverlayConfig\n"
11526
"objectClass: olcSyncProvConfig\n"
11527
"olcOverlay: syncprov\n"
11528
"\n"
11529
"dn: olcDatabase={0}config,cn=config\n"
11530
"changetype: modify\n"
11531
"add: olcSyncRepl\n"
11532
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11533
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11534
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11535
" retry=\"5 5 300 5\" timeout=1\n"
11536
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11537
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11538
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11539
" retry=\"5 5 300 5\" timeout=1\n"
11540
"-\n"
11541
"add: olcMirrorMode\n"
11542
"olcMirrorMode: TRUE\n"
11543
msgstr ""
11544
11545
#: serverguide/C/network-auth.xml:524(para)
11546
msgid "Edit the file changing:"
11547
msgstr ""
11548
11549
#: serverguide/C/network-auth.xml:530(para)
11550
msgid ""
11551
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11552
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11553
"servers."
11554
msgstr ""
11555
11556
#: serverguide/C/network-auth.xml:535(para)
11557
msgid ""
11558
"You can have more than two LDAP servers, and when a change is made to one of "
11559
"them it will by synced to the rest. Be sure to increment the "
11560
"<emphasis>olcServerID</emphasis> for each server, and the "
11561
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11562
msgstr ""
11563
11564
#: serverguide/C/network-auth.xml:543(para)
11565
msgid ""
11566
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11567
"password."
11568
msgstr ""
11569
11570
#: serverguide/C/network-auth.xml:553(para)
11571
msgid ""
11572
"Next, add the LDIF file using the <application>ldapmodify</application> "
11573
"utility:"
11574
msgstr ""
11575
11576
#: serverguide/C/network-auth.xml:558(command)
11577
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11578
msgstr ""
11579
11580
#: serverguide/C/network-auth.xml:564(para)
11581
msgid ""
11582
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11583
"server and repeat the <application>ldapmodify</application> command above."
11584
msgstr ""
11585
11586
#: serverguide/C/network-auth.xml:572(para)
11587
msgid ""
11588
"Because a new module has been added, the <application>slapd</application> "
11589
"daemon, on all replicated servers, needs to be restarted:"
11590
msgstr ""
11591
11592
#: serverguide/C/network-auth.xml:578(command) serverguide/C/network-auth.xml:778(command) serverguide/C/network-auth.xml:882(command)
11593
msgid "sudo /etc/init.d/slapd restart"
11594
msgstr ""
11595
11596
#: serverguide/C/network-auth.xml:584(para)
11597
msgid ""
11598
"Now that the configuration database is synced between servers, the "
11599
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11600
"paste the following into another LDIF file named "
11601
"<filename>syncrepl_backend.ldif</filename>:"
11602
msgstr ""
11603
11604
#: serverguide/C/network-auth.xml:590(programlisting)
11605
#, no-wrap
11606
msgid ""
11607
"\n"
11608
"dn: olcDatabase={1}hdb,cn=config\n"
11609
"changetype: modify\n"
11610
"add: olcRootDN\n"
11611
"olcRootDN: cn=admin,dc=example,dc=com\n"
11612
"-\n"
11613
"add: olcSyncRepl\n"
11614
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11615
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11616
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11617
"type=refreshOnly \n"
11618
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11619
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11620
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11621
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11622
"type=refreshOnly \n"
11623
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11624
"-\n"
11625
"add: olcMirrorMode\n"
11626
"olcMirrorMode: TRUE\n"
11627
"\n"
11628
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11629
"changetype: add\n"
11630
"objectClass: olcOverlayConfig\n"
11631
"objectClass: olcSyncProvConfig\n"
11632
"olcOverlay: syncprov\n"
11633
msgstr ""
11634
11635
#: serverguide/C/network-auth.xml:617(para)
11636
msgid "Like the previous LDIF file, edit this one changing:"
11637
msgstr ""
11638
11639
#: serverguide/C/network-auth.xml:623(para)
11640
msgid ""
11641
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
11642
"searchbase."
11643
msgstr ""
11644
11645
#: serverguide/C/network-auth.xml:628(para)
11646
msgid ""
11647
"If you use a different admin user, change "
11648
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
11649
msgstr ""
11650
11651
#: serverguide/C/network-auth.xml:633(para)
11652
msgid ""
11653
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
11654
"password."
11655
msgstr ""
11656
11657
#: serverguide/C/network-auth.xml:642(para)
11658
msgid "Add the LDIF file:"
11659
msgstr ""
11660
11661
#: serverguide/C/network-auth.xml:647(command)
11662
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
11663
msgstr ""
11664
11665
#: serverguide/C/network-auth.xml:650(para)
11666
msgid ""
11667
"Because the servers' configuration is already synced there is no need to "
11668
"copy this LDIF file to the other servers."
11669
msgstr ""
11670
11671
#: serverguide/C/network-auth.xml:658(para)
11672
msgid ""
11673
"The configuration and backend databases should now sycnc to the other "
11674
"servers. You can add additional servers using the "
11675
"<application>ldapmodify</application> utility as the need arises. See <xref "
11676
"linkend=\"openldap-configuration\"/> for details."
11677
msgstr ""
11678
11679
#: serverguide/C/network-auth.xml:668(programlisting)
11680
#, no-wrap
11681
msgid "127.0.0.1\tldap01.example.com ldap01"
11682
msgstr ""
11683
11684
#: serverguide/C/network-auth.xml:664(para)
11685
msgid ""
11686
"The <application>slapd</application> daemon will send log information to "
11687
"<filename>/var/log/syslog</filename> by default. So if all does "
11688
"<emphasis>not</emphasis> go well check there for errors and other "
11689
"troubleshooting information. Also, be sure that each server knows it's Fully "
11690
"Qualified Domain Name (FQDN). This is configured in "
11691
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
11692
msgstr ""
11693
11694
#: serverguide/C/network-auth.xml:675(title)
11695
msgid "Setting up ACL"
11696
msgstr ""
11697
11698
#: serverguide/C/network-auth.xml:677(para)
11699
msgid ""
11700
"Authentication requires access to the password field, that should be not "
11701
"accessible by default. Also, in order for users to change their own "
11702
"password, using <command>passwd</command> or other utilities, "
11703
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
11704
"authenticated."
11705
msgstr ""
11706
11707
#: serverguide/C/network-auth.xml:684(para)
11708
msgid ""
11709
"To view the Access Control List (ACL), use the "
11710
"<application>ldapsearch</application> utility:"
11711
msgstr ""
11712
11713
#: serverguide/C/network-auth.xml:689(command)
11714
msgid ""
11715
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
11716
"olcAccess"
11717
msgstr ""
11718
11719
#: serverguide/C/network-auth.xml:693(computeroutput)
11720
#, no-wrap
11721
msgid ""
11722
"Enter LDAP Password: \n"
11723
"dn: olcDatabase={1}hdb,cn=config\n"
11724
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11725
"dn=\"cn=admin,dc=exampl\n"
11726
" e,dc=com\" write by anonymous auth by self write by * none\n"
11727
"olcAccess: {1}to dn.base=\"\" by * read\n"
11728
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11729
msgstr ""
11730
11731
#: serverguide/C/network-auth.xml:705(title)
11732
msgid "TLS and SSL"
11733
msgstr ""
11734
11735
#: serverguide/C/network-auth.xml:707(para)
11736
msgid ""
11737
"When authenticating to an OpenLDAP server it is best to do so using an "
11738
"encrypted session. This can be accomplished using Transport Layer Security "
11739
"(TLS) and/or Secure Sockets Layer (SSL)."
11740
msgstr ""
11741
11742
#: serverguide/C/network-auth.xml:712(para)
11743
msgid ""
11744
"The first step in the process is to obtain or create a "
11745
"<emphasis>certificate</emphasis>. See <xref linkend=\"certificates-and-"
11746
"security\"/> and <xref linkend=\"certificate-authority\"/> for details."
11747
msgstr ""
11748
11749
#: serverguide/C/network-auth.xml:717(para)
11750
msgid ""
11751
"Once you have a certificate, key, and CA cert installed, use "
11752
"<application>ldapmodify</application> to add the new configuration options:"
11753
msgstr ""
11754
11755
#: serverguide/C/network-auth.xml:728(userinput)
11756
#, no-wrap
11757
msgid ""
11758
"dn: cn=config\n"
11759
"add: olcTLSCACertificateFile\n"
11760
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
11761
"-\n"
11762
"add: olcTLSCertificateFile\n"
11763
"olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
11764
"-\n"
11765
"add: olcTLSCertificateKeyFile\n"
11766
"olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
11767
msgstr ""
11768
11769
#: serverguide/C/network-auth.xml:727(computeroutput)
11770
#, no-wrap
11771
msgid ""
11772
"Enter LDAP Password:\n"
11773
"<placeholder-1/>\n"
11774
"\n"
11775
"modifying entry \"cn=config\"\n"
11776
msgstr ""
11777
11778
#: serverguide/C/network-auth.xml:743(para)
11779
msgid ""
11780
"Adjust the <filename>server.crt</filename>, <filename>server.key</filename>, "
11781
"and <filename>cacert.pem</filename> names if yours are different."
11782
msgstr ""
11783
11784
#: serverguide/C/network-auth.xml:749(para)
11785
msgid ""
11786
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
11787
"<emphasis>SLAPD_SERVICES</emphasis> option:"
11788
msgstr ""
11789
11790
#: serverguide/C/network-auth.xml:753(programlisting)
11791
#, no-wrap
11792
msgid ""
11793
"\n"
11794
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
11795
msgstr ""
11796
11797
#: serverguide/C/network-auth.xml:757(para)
11798
msgid ""
11799
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
11800
msgstr ""
11801
11802
#: serverguide/C/network-auth.xml:762(command)
11803
msgid "sudo adduser openldap ssl-cert"
11804
msgstr ""
11805
11806
#: serverguide/C/network-auth.xml:763(command)
11807
msgid "sudo chgrp ssl-cert /etc/ssl/private/server.key"
11808
msgstr ""
11809
11810
#: serverguide/C/network-auth.xml:767(para)
11811
msgid ""
11812
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
11813
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
11814
"adjust the commands appropriately."
11815
msgstr ""
11816
11817
#: serverguide/C/network-auth.xml:773(para)
11818
msgid "Finally, restart <application>slapd</application>:"
11819
msgstr ""
11820
11821
#: serverguide/C/network-auth.xml:781(para)
11822
msgid ""
11823
"The <application>slapd</application> daemon should now be listening for "
11824
"LDAPS connections and be able to use STARTTLS during authentication."
11825
msgstr ""
11826
11827
#: serverguide/C/network-auth.xml:787(title)
11828
msgid "TLS Replication"
11829
msgstr ""
11830
11831
#: serverguide/C/network-auth.xml:789(para)
11832
msgid ""
11833
"If you have setup <application>Syncrepl</application> between servers, it is "
11834
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
11835
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
11836
"linkend=\"openldap-server-replication\"/>."
11837
msgstr ""
11838
11839
#: serverguide/C/network-auth.xml:795(para)
11840
msgid ""
11841
"After setting up replication, and following the instructions in <xref "
11842
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
11843
"be kept in mind:"
11844
msgstr ""
11845
11846
#: serverguide/C/network-auth.xml:802(para)
11847
msgid ""
11848
"The configuration only needs to be modified on <emphasis>one</emphasis> "
11849
"server."
11850
msgstr ""
11851
11852
#: serverguide/C/network-auth.xml:807(para)
11853
msgid ""
11854
"The path names for the <emphasis>certificate</emphasis> and "
11855
"<emphasis>key</emphasis> must be the same on all servers."
11856
msgstr ""
11857
11858
#: serverguide/C/network-auth.xml:814(para)
11859
msgid ""
11860
"So on each replicated server: install a certificate, edit "
11861
"<filename>/etc/default/slapd</filename>, and restart "
11862
"<application>slapd</application>."
11863
msgstr ""
11864
11865
#: serverguide/C/network-auth.xml:819(para)
11866
msgid ""
11867
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
11868
"<emphasis>cn=config</emphasis> replication by entering the following in a "
11869
"terminal:"
11870
msgstr ""
11871
11872
#: serverguide/C/network-auth.xml:830(userinput)
11873
#, no-wrap
11874
msgid ""
11875
"dn: olcDatabase={0}config,cn=config\n"
11876
"replace: olcSyncrepl\n"
11877
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
11878
"binddn=\"cn=admin,cn\n"
11879
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
11880
"type=refre\n"
11881
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
11882
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
11883
"binddn=\"cn=admin,cn\n"
11884
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
11885
"type=refre\n"
11886
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
11887
msgstr ""
11888
11889
#: serverguide/C/network-auth.xml:829(computeroutput)
11890
#, no-wrap
11891
msgid ""
11892
"Enter LDAP Password: \n"
11893
"<placeholder-1/>\n"
11894
"\n"
11895
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
11896
msgstr ""
11897
11898
#: serverguide/C/network-auth.xml:843(para)
11899
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
11900
msgstr ""
11901
11902
#: serverguide/C/network-auth.xml:853(userinput)
11903
#, no-wrap
11904
msgid ""
11905
"dn: olcDatabase={1}hdb,cn=config\n"
11906
"replace: olcSyncrepl\n"
11907
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
11908
"binddn=\"cn=admin,dc=example,dc=\n"
11909
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11910
"type=r\n"
11911
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
11912
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
11913
"binddn=\"cn=admin,dc=example,dc=\n"
11914
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11915
"type=r\n"
11916
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
11917
msgstr ""
11918
11919
#: serverguide/C/network-auth.xml:852(computeroutput) serverguide/C/network-auth.xml:2406(computeroutput)
11920
#, no-wrap
11921
msgid ""
11922
"Enter LDAP Password:\n"
11923
"<placeholder-1/>\n"
11924
"\n"
11925
"modifying entry \"olcDatabase={1}hdb,cn=config\""
11926
msgstr ""
11927
11928
#: serverguide/C/network-auth.xml:865(para)
11929
msgid ""
11930
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
11931
"(FQDN) in the certificate, you may have to edit "
11932
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
11933
msgstr ""
11934
11935
#: serverguide/C/network-auth.xml:870(programlisting)
11936
#, no-wrap
11937
msgid ""
11938
"\n"
11939
"TLS_CERT /etc/ssl/certs/server.crt\n"
11940
"TLS_KEY /etc/ssl/private/server.key\n"
11941
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
11942
msgstr ""
11943
11944
#: serverguide/C/network-auth.xml:877(para)
11945
msgid ""
11946
"Finally, restart <application>slapd</application> on each of the servers:"
11947
msgstr ""
11948
11949
#: serverguide/C/network-auth.xml:890(title)
11950
msgid "LDAP Authentication"
11951
msgstr ""
11952
11953
#: serverguide/C/network-auth.xml:892(para)
11954
msgid ""
11955
"Once you have a working LDAP server, the <application>auth-client-"
11956
"config</application> and <application>libnss-ldap</application> packages "
11957
"take the pain out of configuring an Ubuntu client to authenticate using "
11958
"LDAP. To install the packages from, a terminal prompt enter:"
11959
msgstr ""
11960
11961
#: serverguide/C/network-auth.xml:899(command)
11962
msgid "sudo apt-get install libnss-ldap"
11963
msgstr ""
11964
11965
#: serverguide/C/network-auth.xml:902(para)
11966
msgid ""
11967
"During the install a menu dialog will ask you connection details about your "
11968
"LDAP server."
11969
msgstr ""
11970
11971
#: serverguide/C/network-auth.xml:906(para)
11972
msgid ""
11973
"If you make a mistake when entering your information you can execute the "
11974
"dialog again using:"
11975
msgstr ""
11976
11977
#: serverguide/C/network-auth.xml:911(command)
11978
msgid "sudo dpkg-reconfigure ldap-auth-config"
11979
msgstr ""
11980
11981
#: serverguide/C/network-auth.xml:914(para)
11982
msgid ""
11983
"The results of the dialog can be seen in "
11984
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
11985
"covered in the menu edit this file accordingly."
11986
msgstr ""
11987
11988
#: serverguide/C/network-auth.xml:919(para)
11989
msgid ""
11990
"Now that <application>libnss-ldap</application> is configured enable the "
11991
"<application>auth-client-config</application> LDAP profile by entering:"
11992
msgstr ""
11993
11994
#: serverguide/C/network-auth.xml:925(command)
11995
msgid "sudo auth-client-config -t nss -p lac_ldap"
11996
msgstr ""
11997
11998
#: serverguide/C/network-auth.xml:930(para)
11999
msgid ""
12000
"<emphasis>-t:</emphasis> only modifies "
12001
"<filename>/etc/nsswitch.conf</filename>."
12002
msgstr ""
12003
12004
#: serverguide/C/network-auth.xml:935(para)
12005
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
12006
msgstr ""
12007
12008
#: serverguide/C/network-auth.xml:940(para)
12009
msgid ""
12010
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
12011
"config</application> profile that is part of the <application>ldap-auth-"
12012
"config</application> package."
12013
msgstr ""
12014
12015
#: serverguide/C/network-auth.xml:947(para)
12016
msgid ""
12017
"Using the <application>pam-auth-update</application> utility, configure the "
12018
"system to use LDAP for authentication:"
12019
msgstr ""
12020
12021
#: serverguide/C/network-auth.xml:952(command)
12022
msgid "sudo pam-auth-update"
12023
msgstr ""
12024
12025
#: serverguide/C/network-auth.xml:955(para)
12026
msgid ""
12027
"From the <application>pam-auth-update</application> menu, choose LDAP and "
12028
"any other authentication mechanisms you need."
12029
msgstr ""
12030
12031
#: serverguide/C/network-auth.xml:959(para)
12032
msgid ""
12033
"You should now be able to login using user credentials stored in the LDAP "
12034
"directory."
12035
msgstr ""
12036
12037
#: serverguide/C/network-auth.xml:964(para)
12038
msgid ""
12039
"If you are going to use LDAP to store Samba users you will need to configure "
12040
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
12041
"for details."
12042
msgstr ""
12043
12044
#: serverguide/C/network-auth.xml:972(title)
12045
msgid "User and Group Management"
12046
msgstr ""
12047
12048
#: serverguide/C/network-auth.xml:974(para)
12049
msgid ""
12050
"The <application>ldap-utils</application> package comes with multiple "
12051
"utilities to manage the directory, but the long string of options needed, "
12052
"can make them a burden to use. The <application>ldapscripts</application> "
12053
"package contains configurable scripts to easily manage LDAP users and groups."
12054
msgstr ""
12055
12056
#: serverguide/C/network-auth.xml:980(para)
12057
msgid "To install the package, from a terminal enter:"
12058
msgstr ""
12059
12060
#: serverguide/C/network-auth.xml:985(command)
12061
msgid "sudo apt-get install ldapscripts"
12062
msgstr ""
12063
12064
#: serverguide/C/network-auth.xml:988(para)
12065
msgid ""
12066
"Next, edit the config file "
12067
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
12068
"changing the following to match your environment:"
12069
msgstr ""
12070
12071
#: serverguide/C/network-auth.xml:993(programlisting)
12072
#, no-wrap
12073
msgid ""
12074
"\n"
12075
"SERVER=localhost\n"
12076
"BINDDN='cn=admin,dc=example,dc=com'\n"
12077
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
12078
"SUFFIX='dc=example,dc=com'\n"
12079
"GSUFFIX='ou=Groups'\n"
12080
"USUFFIX='ou=People'\n"
12081
"MSUFFIX='ou=Computers'\n"
12082
"GIDSTART=10000\n"
12083
"UIDSTART=10000\n"
12084
"MIDSTART=10000\n"
12085
msgstr ""
12086
12087
#: serverguide/C/network-auth.xml:1006(para)
12088
msgid ""
12089
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
12090
"authenticated access to the directory:"
12091
msgstr ""
12092
12093
#: serverguide/C/network-auth.xml:1011(command)
12094
msgid ""
12095
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
12096
msgstr ""
12097
12098
#: serverguide/C/network-auth.xml:1012(command)
12099
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
12100
msgstr ""
12101
12102
#: serverguide/C/network-auth.xml:1016(para)
12103
msgid ""
12104
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
12105
"user."
12106
msgstr ""
12107
12108
#: serverguide/C/network-auth.xml:1021(para)
12109
msgid ""
12110
"The <application>ldapscripts</application> are now ready to help manage your "
12111
"directory. The following are some examples of how to use the scripts:"
12112
msgstr ""
12113
12114
#: serverguide/C/network-auth.xml:1028(para)
12115
msgid "Create a new user:"
12116
msgstr ""
12117
12118
#: serverguide/C/network-auth.xml:1032(command)
12119
msgid "sudo ldapadduser george example"
12120
msgstr ""
12121
12122
#: serverguide/C/network-auth.xml:1034(para)
12123
msgid ""
12124
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
12125
"and set the user's primary group (gid) to <emphasis "
12126
"role=\"italic\">example</emphasis>"
12127
msgstr ""
12128
12129
#: serverguide/C/network-auth.xml:1040(para)
12130
msgid "Change a user's password:"
12131
msgstr ""
12132
12133
#: serverguide/C/network-auth.xml:1044(command)
12134
msgid "sudo ldapsetpasswd george"
12135
msgstr ""
12136
12137
#: serverguide/C/network-auth.xml:1045(computeroutput)
12138
#, no-wrap
12139
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
12140
msgstr ""
12141
12142
#: serverguide/C/network-auth.xml:1046(userinput)
12143
#, no-wrap
12144
msgid "New Password: "
12145
msgstr ""
12146
12147
#: serverguide/C/network-auth.xml:1047(userinput)
12148
#, no-wrap
12149
msgid "New Password (verify): "
12150
msgstr ""
12151
12152
#: serverguide/C/network-auth.xml:1051(para)
12153
msgid "Delete a user:"
12154
msgstr ""
12155
12156
#: serverguide/C/network-auth.xml:1055(command)
12157
msgid "sudo ldapdeleteuser george"
12158
msgstr ""
12159
12160
#: serverguide/C/network-auth.xml:1060(para)
12161
msgid "Add a group:"
12162
msgstr ""
12163
12164
#: serverguide/C/network-auth.xml:1064(command)
12165
msgid "sudo ldapaddgroup qa"
12166
msgstr ""
12167
12168
#: serverguide/C/network-auth.xml:1068(para)
12169
msgid "Delete a group:"
12170
msgstr ""
12171
12172
#: serverguide/C/network-auth.xml:1072(command)
12173
msgid "sudo ldapdeletegroup qa"
12174
msgstr ""
12175
12176
#: serverguide/C/network-auth.xml:1076(para)
12177
msgid "Add a user to a group:"
12178
msgstr ""
12179
12180
#: serverguide/C/network-auth.xml:1080(command)
12181
msgid "sudo ldapaddusertogroup george qa"
12182
msgstr ""
12183
12184
#: serverguide/C/network-auth.xml:1082(para)
12185
msgid ""
12186
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
12187
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
12188
"role=\"italic\">george</emphasis>."
12189
msgstr ""
12190
12191
#: serverguide/C/network-auth.xml:1088(para)
12192
msgid "Remove a user from a group:"
12193
msgstr ""
12194
12195
#: serverguide/C/network-auth.xml:1092(command)
12196
msgid "sudo ldapdeleteuserfromgroup george qa"
12197
msgstr ""
12198
12199
#: serverguide/C/network-auth.xml:1094(para)
12200
msgid ""
12201
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
12202
"<emphasis role=\"italic\">qa</emphasis> group."
12203
msgstr ""
12204
12205
#: serverguide/C/network-auth.xml:1100(para)
12206
msgid ""
12207
"The <application>ldapmodifyuser</application> script allows you to add, "
12208
"remove, or replace a user's attributes. The script uses the same syntax as "
12209
"the <application>ldapmodify</application> utility. For example:"
12210
msgstr ""
12211
12212
#: serverguide/C/network-auth.xml:1105(command)
12213
msgid "sudo ldapmodifyuser george"
12214
msgstr ""
12215
12216
#: serverguide/C/network-auth.xml:1106(computeroutput)
12217
#, no-wrap
12218
msgid ""
12219
"# About to modify the following entry :\n"
12220
"dn: uid=george,ou=People,dc=example,dc=com\n"
12221
"objectClass: account\n"
12222
"objectClass: posixAccount\n"
12223
"cn: george\n"
12224
"uid: george\n"
12225
"uidNumber: 1001\n"
12226
"gidNumber: 1001\n"
12227
"homeDirectory: /home/george\n"
12228
"loginShell: /bin/bash\n"
12229
"gecos: george\n"
12230
"description: User account\n"
12231
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
12232
"\n"
12233
"# Enter your modifications here, end with CTRL-D.\n"
12234
"dn: uid=george,ou=People,dc=example,dc=com"
12235
msgstr ""
12236
12237
#: serverguide/C/network-auth.xml:1122(userinput)
12238
#, no-wrap
12239
msgid ""
12240
"replace: gecos\n"
12241
"gecos: George Carlin"
12242
msgstr ""
12243
12244
#: serverguide/C/network-auth.xml:1125(para)
12245
msgid ""
12246
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
12247
"Carlin</quote>."
12248
msgstr ""
12249
12250
#: serverguide/C/network-auth.xml:1130(para)
12251
msgid ""
12252
"Another great feature of <application>ldapscripts</application>, is the "
12253
"template system. Templates allow you to customize the attributes of user, "
12254
"group, and machine objectes. For example, to enable the "
12255
"<emphasis>user</emphasis> template edit "
12256
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
12257
msgstr ""
12258
12259
#: serverguide/C/network-auth.xml:1137(programlisting)
12260
#, no-wrap
12261
msgid ""
12262
"\n"
12263
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
12264
msgstr ""
12265
12266
#: serverguide/C/network-auth.xml:1141(para)
12267
msgid ""
12268
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
12269
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
12270
"<filename>ldapadduser.template.sample</filename> file to "
12271
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
12272
msgstr ""
12273
12274
#: serverguide/C/network-auth.xml:1148(command)
12275
msgid ""
12276
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
12277
"/etc/ldapscripts/ldapadduser.template"
12278
msgstr ""
12279
12280
#: serverguide/C/network-auth.xml:1151(para)
12281
msgid ""
12282
"Edit the new template to add the desired attributes. The following will "
12283
"create new user's as with an <emphasis>objectClass</emphasis> of "
12284
"<emphasis>inetOrgPerson</emphasis>:"
12285
msgstr ""
12286
12287
#: serverguide/C/network-auth.xml:1156(programlisting)
12288
#, no-wrap
12289
msgid ""
12290
"\n"
12291
"dn: uid=<user>,<usuffix>,<suffix>\n"
12292
"objectClass: inetOrgPerson\n"
12293
"objectClass: posixAccount\n"
12294
"cn: <user>\n"
12295
"sn: <ask>\n"
12296
"uid: <user>\n"
12297
"uidNumber: <uid>\n"
12298
"gidNumber: <gid>\n"
12299
"homeDirectory: <home>\n"
12300
"loginShell: <shell>\n"
12301
"gecos: <user>\n"
12302
"description: User account\n"
12303
"title: Employee\n"
12304
msgstr ""
12305
12306
#: serverguide/C/network-auth.xml:1172(para)
12307
msgid ""
12308
"Notice the <emphasis><ask></emphasis> option used for the "
12309
"<emphasis>cn</emphasis> value. Using <ask> will configure "
12310
"<application>ldapadduser</application> to prompt you for the attribute value "
12311
"during user creation."
12312
msgstr ""
12313
12314
#: serverguide/C/network-auth.xml:1180(para)
12315
msgid ""
12316
"There are more useful scripts in the package, to see a full list enter: "
12317
"<command>dpkg -L ldapscripts | grep bin</command>"
12318
msgstr ""
12319
12320
#: serverguide/C/network-auth.xml:1189(para)
12321
msgid ""
12322
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
12323
"Home Page</ulink>"
12324
msgstr ""
12325
12326
#: serverguide/C/network-auth.xml:1194(para)
12327
msgid ""
12328
"Though starting to show it's age, a great source for in depth LDAP "
12329
"information is O'Reilly's <ulink "
12330
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
12331
"Administration</ulink>"
12332
msgstr ""
12333
12334
#: serverguide/C/network-auth.xml:1200(para)
12335
msgid ""
12336
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
12337
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
12338
"newer versions of OpenLDAP."
12339
msgstr ""
12340
12341
#: serverguide/C/network-auth.xml:1206(para)
12342
msgid ""
12343
"For more information on <application>auth-client-config</application> see "
12344
"the man page: <command>man auth-client-config</command>."
12345
msgstr ""
12346
12347
#: serverguide/C/network-auth.xml:1211(para)
12348
msgid ""
12349
"For more details regarding the <application>ldapscripts</application> "
12350
"package see the man pages: <command>man ldapscripts</command>, <command>man "
12351
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
12352
msgstr ""
12353
12354
#: serverguide/C/network-auth.xml:1221(title)
12355
msgid "Samba and LDAP"
12356
msgstr ""
12357
12358
#: serverguide/C/network-auth.xml:1223(para)
12359
msgid ""
12360
"This section covers configuring Samba to use LDAP for user, group, and "
12361
"machine account information and authentication. The assumption is, you "
12362
"already have a working OpenLDAP directory installed and the server is "
12363
"configured to use it for authentication. See <xref linkend=\"openldap-"
12364
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
12365
"setting up OpenLDAP."
12366
msgstr ""
12367
12368
#: serverguide/C/network-auth.xml:1232(para)
12369
msgid ""
12370
"There are three packages needed when integrating Samba with LDAP. "
12371
"<application>samba</application>, <application>samba-doc</application>, and "
12372
"<application>smbldap-tools</application> packages . To install the packages, "
12373
"from a terminal enter:"
12374
msgstr ""
12375
12376
#: serverguide/C/network-auth.xml:1238(command)
12377
msgid "sudo apt-get install samba samba-doc smbldap-tools"
12378
msgstr ""
12379
12380
#: serverguide/C/network-auth.xml:1241(para)
12381
msgid ""
12382
"Strictly speaking the <application>smbldap-tools</application> package isn't "
12383
"needed, but unless you have another package or custom scripts, a method of "
12384
"managing users, groups, and computer accounts is needed."
12385
msgstr ""
12386
12387
#: serverguide/C/network-auth.xml:1248(title)
12388
msgid "OpenLDAP Configuration"
12389
msgstr ""
12390
12391
#: serverguide/C/network-auth.xml:1250(para)
12392
msgid ""
12393
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
12394
"the user objects in the directory will need additional attributes. This "
12395
"section assumes you want Samba to be configured as a Windows NT domain "
12396
"controller, and will add the necessary LDAP objects and attributes."
12397
msgstr ""
12398
12399
#: serverguide/C/network-auth.xml:1258(para)
12400
msgid ""
12401
"The Samba attributes are defined in the <filename>samba.schema</filename> "
12402
"file which is part of the <application>samba-doc</application> package. The "
12403
"schema file needs to be unzipped and copied to "
12404
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
12405
msgstr ""
12406
12407
#: serverguide/C/network-auth.xml:1265(command)
12408
msgid ""
12409
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
12410
"/etc/ldap/schema/"
12411
msgstr ""
12412
12413
#: serverguide/C/network-auth.xml:1266(command)
12414
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
12415
msgstr ""
12416
12417
#: serverguide/C/network-auth.xml:1272(para)
12418
msgid ""
12419
"The <emphasis>samba</emphasis> schema needs to be added to the "
12420
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
12421
"<application>slapd</application> is also detailed in <xref "
12422
"linkend=\"openldap-configuration\"/>."
12423
msgstr ""
12424
12425
#: serverguide/C/network-auth.xml:1280(para) serverguide/C/network-auth.xml:2305(para)
12426
msgid ""
12427
"First, create a configuration file named "
12428
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
12429
"containing the following lines:"
12430
msgstr ""
12431
12432
#: serverguide/C/network-auth.xml:1285(programlisting)
12433
#, no-wrap
12434
msgid ""
12435
"\n"
12436
"include /etc/ldap/schema/core.schema\n"
12437
"include /etc/ldap/schema/collective.schema\n"
12438
"include /etc/ldap/schema/corba.schema\n"
12439
"include /etc/ldap/schema/cosine.schema\n"
12440
"include /etc/ldap/schema/duaconf.schema\n"
12441
"include /etc/ldap/schema/dyngroup.schema\n"
12442
"include /etc/ldap/schema/inetorgperson.schema\n"
12443
"include /etc/ldap/schema/java.schema\n"
12444
"include /etc/ldap/schema/misc.schema\n"
12445
"include /etc/ldap/schema/nis.schema\n"
12446
"include /etc/ldap/schema/openldap.schema\n"
12447
"include /etc/ldap/schema/ppolicy.schema\n"
12448
"include /etc/ldap/schema/samba.schema\n"
12449
msgstr ""
12450
12451
#: serverguide/C/network-auth.xml:1315(para) serverguide/C/network-auth.xml:2340(para)
12452
msgid ""
12453
"Now use <application>slaptest</application> to convert the schema files:"
12454
msgstr ""
12455
12456
#: serverguide/C/network-auth.xml:1323(para) serverguide/C/network-auth.xml:2348(para)
12457
msgid ""
12458
"Change the above file and path names to match your own if they are different."
12459
msgstr ""
12460
12461
#: serverguide/C/network-auth.xml:1330(para)
12462
msgid ""
12463
"Edit the generated "
12464
"<filename>/tmp/ldif_output/cn=config/cn=schema/cn={12}samba.ldif</filename> "
12465
"file, changing the following attributes:"
12466
msgstr ""
12467
12468
#: serverguide/C/network-auth.xml:1335(programlisting)
12469
#, no-wrap
12470
msgid ""
12471
"\n"
12472
"dn: cn=samba,cn=schema,cn=config\n"
12473
"...\n"
12474
"cn: samba\n"
12475
msgstr ""
12476
12477
#: serverguide/C/network-auth.xml:1345(programlisting)
12478
#, no-wrap
12479
msgid ""
12480
"\n"
12481
"structuralObjectClass: olcSchemaConfig\n"
12482
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
12483
"creatorsName: cn=config\n"
12484
"createTimestamp: 20080827045234Z\n"
12485
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
12486
"modifiersName: cn=config\n"
12487
"modifyTimestamp: 20080827045234Z\n"
12488
msgstr ""
12489
12490
#: serverguide/C/network-auth.xml:1370(command)
12491
msgid ""
12492
"ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\\=config/cn\\"
12493
"=schema/cn\\=\\{12\\}samba.ldif"
12494
msgstr ""
12495
12496
#: serverguide/C/network-auth.xml:1376(para)
12497
msgid ""
12498
"There should now be a <emphasis>dn: "
12499
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
12500
"sequential schema, entry in the cn=config tree."
12501
msgstr ""
12502
12503
#: serverguide/C/network-auth.xml:1384(para)
12504
msgid ""
12505
"Copy and paste the following into a file named "
12506
"<filename>samba_indexes.ldif</filename>:"
12507
msgstr ""
12508
12509
#: serverguide/C/network-auth.xml:1388(programlisting)
12510
#, no-wrap
12511
msgid ""
12512
"\n"
12513
"dn: olcDatabase={1}hdb,cn=config\n"
12514
"changetype: modify\n"
12515
"add: olcDbIndex\n"
12516
"olcDbIndex: uidNumber eq\n"
12517
"olcDbIndex: gidNumber eq\n"
12518
"olcDbIndex: loginShell eq\n"
12519
"olcDbIndex: uid eq,pres,sub\n"
12520
"olcDbIndex: memberUid eq,pres,sub\n"
12521
"olcDbIndex: uniqueMember eq,pres\n"
12522
"olcDbIndex: sambaSID eq\n"
12523
"olcDbIndex: sambaPrimaryGroupSID eq\n"
12524
"olcDbIndex: sambaGroupType eq\n"
12525
"olcDbIndex: sambaSIDList eq\n"
12526
"olcDbIndex: sambaDomainName eq\n"
12527
"olcDbIndex: default sub\n"
12528
msgstr ""
12529
12530
#: serverguide/C/network-auth.xml:1406(para)
12531
msgid ""
12532
"Using the <application>ldapmodify</application> utility load the new indexes:"
12533
msgstr ""
12534
12535
#: serverguide/C/network-auth.xml:1411(command)
12536
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
12537
msgstr ""
12538
12539
#: serverguide/C/network-auth.xml:1413(para)
12540
msgid ""
12541
"If all went well you should see the new indexes using "
12542
"<application>ldapsearch</application>:"
12543
msgstr ""
12544
12545
#: serverguide/C/network-auth.xml:1418(command)
12546
msgid ""
12547
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
12548
msgstr ""
12549
12550
#: serverguide/C/network-auth.xml:1424(para)
12551
msgid ""
12552
"Next, configure the <application>smbldap-tools</application> package to "
12553
"match your environment. The package comes with a configuration script that "
12554
"will ask questions about the needed options. To run the script enter:"
12555
msgstr ""
12556
12557
#: serverguide/C/network-auth.xml:1430(command)
12558
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
12559
msgstr ""
12560
12561
#: serverguide/C/network-auth.xml:1431(command)
12562
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
12563
msgstr ""
12564
12565
#: serverguide/C/network-auth.xml:1434(para)
12566
msgid ""
12567
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
12568
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
12569
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
12570
"configure script, so if you made any mistakes while executing the script it "
12571
"may be simpler to edit the file appropriately."
12572
msgstr ""
12573
12574
#: serverguide/C/network-auth.xml:1444(para)
12575
msgid ""
12576
"The <application>smbldap-populate</application> script will add the "
12577
"necessary users, groups, and LDAP objects required for Samba. It is a good "
12578
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
12579
"<application>slapcat</application> before executing the command:"
12580
msgstr ""
12581
12582
#: serverguide/C/network-auth.xml:1451(command)
12583
msgid "sudo slapcat -l backup.ldif"
12584
msgstr ""
12585
12586
#: serverguide/C/network-auth.xml:1457(para)
12587
msgid ""
12588
"Once you have a current backup execute <application>smbldap-"
12589
"populate</application> by entering:"
12590
msgstr ""
12591
12592
#: serverguide/C/network-auth.xml:1462(command)
12593
msgid "sudo smbldap-populate"
12594
msgstr ""
12595
12596
#: serverguide/C/network-auth.xml:1466(para)
12597
msgid ""
12598
"You can create an LDIF file containing the new Samba objects by executing "
12599
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
12600
"look over the changes making sure everything is correct."
12601
msgstr ""
12602
12603
#: serverguide/C/network-auth.xml:1474(para)
12604
msgid ""
12605
"Your LDAP directory now has the necessary domain information to authenticate "
12606
"Samba users."
12607
msgstr ""
12608
12609
#: serverguide/C/network-auth.xml:1480(title)
12610
msgid "Samba Configuration"
12611
msgstr ""
12612
12613
#: serverguide/C/network-auth.xml:1482(para)
12614
msgid ""
12615
"There a multiple ways to configure Samba for details on some common "
12616
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
12617
"Samba to use LDAP, edit the main Samba configuration file "
12618
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
12619
"backend</emphasis> option and adding the following:"
12620
msgstr ""
12621
12622
#: serverguide/C/network-auth.xml:1488(programlisting)
12623
#, no-wrap
12624
msgid ""
12625
"\n"
12626
"# passdb backend = tdbsam\n"
12627
"\n"
12628
"# LDAP Settings\n"
12629
" passdb backend = ldapsam:ldap://hostname\n"
12630
" ldap suffix = dc=example,dc=com\n"
12631
" ldap user suffix = ou=People\n"
12632
" ldap group suffix = ou=Groups\n"
12633
" ldap machine suffix = ou=Computers\n"
12634
" ldap idmap suffix = ou=Idmap\n"
12635
" ldap admin dn = cn=admin,dc=example,dc=com\n"
12636
" ldap ssl = start tls\n"
12637
" ldap passwd sync = yes\n"
12638
"...\n"
12639
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
12640
msgstr ""
12641
12642
#: serverguide/C/network-auth.xml:1505(para)
12643
msgid "Restart <application>samba</application> to enable the new settings:"
12644
msgstr ""
12645
12646
#: serverguide/C/network-auth.xml:1513(para)
12647
msgid ""
12648
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
12649
"enter:"
12650
msgstr ""
12651
12652
#: serverguide/C/network-auth.xml:1518(command)
12653
msgid "sudo smbpasswd -w secret"
12654
msgstr ""
12655
12656
#: serverguide/C/network-auth.xml:1522(para)
12657
msgid ""
12658
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
12659
"password."
12660
msgstr ""
12661
12662
#: serverguide/C/network-auth.xml:1527(para)
12663
msgid ""
12664
"If you currently have users in LDAP, and you want them to authenticate using "
12665
"Samba, they will need some Samba attributes defined in the "
12666
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
12667
"users using the <application>smbpasswd</application> utility, replacing "
12668
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
12669
msgstr ""
12670
12671
#: serverguide/C/network-auth.xml:1535(command)
12672
msgid "sudo smbpasswd -a username"
12673
msgstr ""
12674
12675
#: serverguide/C/network-auth.xml:1538(para)
12676
msgid "You will then be asked to enter the user's password."
12677
msgstr ""
12678
12679
#: serverguide/C/network-auth.xml:1542(para)
12680
msgid ""
12681
"To add new user, group, and machine accounts use the utilities from the "
12682
"<application>smbldap-tools</application> package. Here are some examples:"
12683
msgstr ""
12684
12685
#: serverguide/C/network-auth.xml:1549(para)
12686
msgid ""
12687
"To add a new user to LDAP with Samba attributes enter the following, "
12688
"replacing username with an actual username:"
12689
msgstr ""
12690
12691
#: serverguide/C/network-auth.xml:1553(command)
12692
msgid "sudo smbldap-useradd -a -P username"
12693
msgstr ""
12694
12695
#: serverguide/C/network-auth.xml:1555(para)
12696
msgid ""
12697
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
12698
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
12699
"passwd</application> utility after the user is created allowing you to enter "
12700
"a password for the user."
12701
msgstr ""
12702
12703
#: serverguide/C/network-auth.xml:1561(para)
12704
msgid "To remove a user from the directory enter:"
12705
msgstr ""
12706
12707
#: serverguide/C/network-auth.xml:1565(command)
12708
msgid "sudo smbldap-userdel username"
12709
msgstr ""
12710
12711
#: serverguide/C/network-auth.xml:1567(para)
12712
msgid ""
12713
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
12714
"r</emphasis> option to remove the user's home directory."
12715
msgstr ""
12716
12717
#: serverguide/C/network-auth.xml:1572(para)
12718
msgid ""
12719
"Use <application>smbldap-groupadd</application> to add a group, replacing "
12720
"groupname with an appropriate group:"
12721
msgstr ""
12722
12723
#: serverguide/C/network-auth.xml:1576(command)
12724
msgid "sudo smbldap-groupadd -a groupname"
12725
msgstr ""
12726
12727
#: serverguide/C/network-auth.xml:1578(para)
12728
msgid ""
12729
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
12730
"a</emphasis> adds the Samba attributes."
12731
msgstr ""
12732
12733
#: serverguide/C/network-auth.xml:1583(para)
12734
msgid ""
12735
"To add a user to a group use <application>smbldap-groupmod</application>:"
12736
msgstr ""
12737
12738
#: serverguide/C/network-auth.xml:1587(command)
12739
msgid "sudo smbldap-groupmod -m username groupname"
12740
msgstr ""
12741
12742
#: serverguide/C/network-auth.xml:1589(para)
12743
msgid ""
12744
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
12745
"<emphasis>-m</emphasis> option can add more than one user at a time by "
12746
"listing them in <emphasis>comma separated</emphasis> format."
12747
msgstr ""
12748
12749
#: serverguide/C/network-auth.xml:1595(para)
12750
msgid ""
12751
"<application>smbldap-groupmod</application> can also be used to remove a "
12752
"user from a group:"
12753
msgstr ""
12754
12755
#: serverguide/C/network-auth.xml:1599(command)
12756
msgid "sudo smbldap-groupmod -x username groupname"
12757
msgstr ""
12758
12759
#: serverguide/C/network-auth.xml:1603(para)
12760
msgid ""
12761
"Additionally, the <application>smbldap-useradd</application> utility can add "
12762
"Samba machine accounts:"
12763
msgstr ""
12764
12765
#: serverguide/C/network-auth.xml:1607(command)
12766
msgid "sudo smbldap-useradd -t 0 -w username"
12767
msgstr ""
12768
12769
#: serverguide/C/network-auth.xml:1609(para)
12770
msgid ""
12771
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
12772
"<emphasis>-t 0</emphasis> option creates the machine account without a "
12773
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
12774
"machine account. Also, note the <emphasis>add machine script</emphasis> "
12775
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
12776
"<application>smbldap-useradd</application>."
12777
msgstr ""
12778
12779
#: serverguide/C/network-auth.xml:1618(para)
12780
msgid ""
12781
"There are more useful utilities and options in the <application>smbldap-"
12782
"tools</application> package. The man page for each utility provides more "
12783
"details."
12784
msgstr ""
12785
12786
#: serverguide/C/network-auth.xml:1629(para)
12787
msgid ""
12788
"There are multiple places where LDAP and Samba is documented in the <ulink "
12789
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
12790
"Collection</ulink>."
12791
msgstr ""
12792
12793
#: serverguide/C/network-auth.xml:1635(para)
12794
msgid ""
12795
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
12796
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
12797
msgstr ""
12798
12799
#: serverguide/C/network-auth.xml:1641(para)
12800
msgid ""
12801
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
12802
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
12803
msgstr ""
12804
12805
#: serverguide/C/network-auth.xml:1647(para)
12806
msgid ""
12807
"Again, for more information on <application>smbldap-tools</application> see "
12808
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
12809
"groupadd</command>, <command>man smbldap-populate</command>, etc."
12810
msgstr ""
12811
12812
#: serverguide/C/network-auth.xml:1657(title)
12813
msgid "Kerberos"
12814
msgstr ""
12815
12816
#: serverguide/C/network-auth.xml:1659(para)
12817
msgid ""
12818
"<application>Kerberos</application> is a network authentication system based "
12819
"on the principal of a trusted third party. The other two parties being the "
12820
"user and the service the user wishes to authenticate to. Not all services "
12821
"and applications can use Kerberos, but for those that can, it brings the "
12822
"network environment one step closer to being Single Sign On (SSO)."
12823
msgstr ""
12824
12825
#: serverguide/C/network-auth.xml:1665(para)
12826
msgid ""
12827
"This section covers installation and configuration of a Kerberos server, and "
12828
"some example client configurations."
12829
msgstr ""
12830
12831
#: serverguide/C/network-auth.xml:1672(para)
12832
msgid ""
12833
"If you are new to Kerberos there are a few terms that are good to understand "
12834
"before setting up a Kerberos server. Most of the terms will relate to things "
12835
"you may be familiar with in other environments:"
12836
msgstr ""
12837
12838
#: serverguide/C/network-auth.xml:1679(para)
12839
msgid ""
12840
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
12841
"by servers need to be defined as Kerberos Principals."
12842
msgstr ""
12843
12844
#: serverguide/C/network-auth.xml:1684(para)
12845
msgid ""
12846
"<emphasis>Instances:</emphasis> are used for service principals and special "
12847
"administrative principals."
12848
msgstr ""
12849
12850
#: serverguide/C/network-auth.xml:1689(para)
12851
msgid ""
12852
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
12853
"Kerberos installation. Usually the DNS domain converted to uppercase "
12854
"(EXAMPLE.COM)."
12855
msgstr ""
12856
12857
#: serverguide/C/network-auth.xml:1695(para)
12858
msgid ""
12859
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
12860
"a database of all principals, the authentication server, and the ticket "
12861
"granting server. For each realm there must be at least one KDC."
12862
msgstr ""
12863
12864
#: serverguide/C/network-auth.xml:1701(para)
12865
msgid ""
12866
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
12867
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
12868
"password which is known only to the user and the KDC."
12869
msgstr ""
12870
12871
#: serverguide/C/network-auth.xml:1707(para)
12872
msgid ""
12873
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
12874
"clients upon request."
12875
msgstr ""
12876
12877
#: serverguide/C/network-auth.xml:1712(para)
12878
msgid ""
12879
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
12880
"One principal being a user and the other a service requested by the user. "
12881
"Tickets establish an encryption key used for secure communication during the "
12882
"authenticated session."
12883
msgstr ""
12884
12885
#: serverguide/C/network-auth.xml:1718(para)
12886
msgid ""
12887
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
12888
"principal database and contain the encryption key for a service or host."
12889
msgstr ""
12890
12891
#: serverguide/C/network-auth.xml:1725(para)
12892
msgid ""
12893
"To put the pieces together, a Realm has at least one KDC, preferably two for "
12894
"redundancy, which contains a database of Principals. When a user principal "
12895
"logs into a workstation, configured for Kerberos authentication, the KDC "
12896
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
12897
"match, the user is authenticated and can then request tickets for Kerberized "
12898
"services from the Ticket Granting Server (TGS). The service tickets allow "
12899
"the user to authenticate to the service without entering another username "
12900
"and password."
12901
msgstr ""
12902
12903
#: serverguide/C/network-auth.xml:1734(title)
12904
msgid "Kerberos Server"
12905
msgstr ""
12906
12907
#: serverguide/C/network-auth.xml:1738(para)
12908
msgid ""
12909
"Before installing the Kerberos server a properly configured DNS server is "
12910
"needed for your domain. Since the Kerberos Realm by convention matches the "
12911
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
12912
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
12913
msgstr ""
12914
12915
#: serverguide/C/network-auth.xml:1744(para)
12916
msgid ""
12917
"Also, Kerberos is a time sensitive protocol. So if the local system time "
12918
"between a client machine and the server differs by more than five minutes "
12919
"(by default), the workstation will not be able to authenticate. To correct "
12920
"the problem all hosts should have their time synchronized using the "
12921
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
12922
"NTP see <xref linkend=\"NTP\"/>."
12923
msgstr ""
12924
12925
#: serverguide/C/network-auth.xml:1751(para)
12926
msgid ""
12927
"The first step in installing a Kerberos Realm is to install the "
12928
"<application>krb5-kdc</application> and <application>krb5-admin-"
12929
"server</application> packages. From a terminal enter:"
12930
msgstr ""
12931
12932
#: serverguide/C/network-auth.xml:1757(command) serverguide/C/network-auth.xml:1932(command)
12933
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
12934
msgstr ""
12935
12936
#: serverguide/C/network-auth.xml:1760(para)
12937
msgid ""
12938
"You will be asked at the end of the install to supply a name for the "
12939
"Kerberos and Admin servers, which may or may not be the same server, for the "
12940
"realm."
12941
msgstr ""
12942
12943
#: serverguide/C/network-auth.xml:1765(para)
12944
msgid ""
12945
"Next, create the new realm with the <application>kdb5_newrealm</application> "
12946
"utility:"
12947
msgstr ""
12948
12949
#: serverguide/C/network-auth.xml:1770(command)
12950
msgid "sudo krb5_newrealm"
12951
msgstr ""
12952
12953
#: serverguide/C/network-auth.xml:1777(para)
12954
msgid ""
12955
"The questions asked during installation are used to configure the "
12956
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
12957
"Distribution Center (KDC) settings simply edit the file and restart the "
12958
"<application>krb5-kdc</application> daemon."
12959
msgstr ""
12960
12961
#: serverguide/C/network-auth.xml:1785(para)
12962
msgid ""
12963
"Now that the KDC running an admin user is needed. It is recommended to use a "
12964
"different username from your everyday username. Using the "
12965
"<application>kadmin.local</application> utility in a terminal prompt enter:"
12966
msgstr ""
12967
12968
#: serverguide/C/network-auth.xml:1791(command) serverguide/C/network-auth.xml:2583(command)
12969
msgid "sudo kadmin.local"
12970
msgstr ""
12971
12972
#: serverguide/C/network-auth.xml:1792(computeroutput)
12973
#, no-wrap
12974
msgid ""
12975
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
12976
"kadmin.local:"
12977
msgstr ""
12978
12979
#: serverguide/C/network-auth.xml:1793(userinput)
12980
#, no-wrap
12981
msgid " addprinc steve/admin"
12982
msgstr ""
12983
12984
#: serverguide/C/network-auth.xml:1794(computeroutput)
12985
#, no-wrap
12986
msgid ""
12987
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
12988
"policy\n"
12989
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
12990
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
12991
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
12992
"kadmin.local:"
12993
msgstr ""
12994
12995
#: serverguide/C/network-auth.xml:1798(userinput)
12996
#, no-wrap
12997
msgid " quit"
12998
msgstr ""
12999
13000
#: serverguide/C/network-auth.xml:1801(para)
13001
msgid ""
13002
"In the the above example <emphasis role=\"italic\">steve</emphasis> is the "
13003
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
13004
"is an <emphasis>Instance</emphasis>, and <emphasis "
13005
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
13006
"role=\"italic\">\"every day\"</emphasis> Principal would be "
13007
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
13008
"rights."
13009
msgstr ""
13010
13011
#: serverguide/C/network-auth.xml:1809(para)
13012
msgid ""
13013
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
13014
"your Realm and admin username."
13015
msgstr ""
13016
13017
#: serverguide/C/network-auth.xml:1817(para)
13018
msgid ""
13019
"Next, the new admin user needs to have the appropriate Access Control List "
13020
"(ACL) permissions. The permissions are configured in the "
13021
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
13022
msgstr ""
13023
13024
#: serverguide/C/network-auth.xml:1822(programlisting)
13025
#, no-wrap
13026
msgid ""
13027
"\n"
13028
"steve/admin@EXAMPLE.COM *\n"
13029
msgstr ""
13030
13031
#: serverguide/C/network-auth.xml:1826(para)
13032
msgid ""
13033
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
13034
"any operation on all principals in the realm."
13035
msgstr ""
13036
13037
#: serverguide/C/network-auth.xml:1833(para)
13038
msgid ""
13039
"Now restart the <application>krb5-admin-server</application> for the new ACL "
13040
"to take affect:"
13041
msgstr ""
13042
13043
#: serverguide/C/network-auth.xml:1838(command)
13044
msgid "sudo /etc/init.d/krb5-admin-server restart"
13045
msgstr ""
13046
13047
#: serverguide/C/network-auth.xml:1844(para)
13048
msgid ""
13049
"The new user principal can be tested using the <application>kinit "
13050
"utility</application>:"
13051
msgstr ""
13052
13053
#: serverguide/C/network-auth.xml:1849(command)
13054
msgid "kinit steve/admin"
13055
msgstr ""
13056
13057
#: serverguide/C/network-auth.xml:1850(computeroutput)
13058
#, no-wrap
13059
msgid "steve/admin@EXAMPLE.COM's Password:"
13060
msgstr ""
13061
13062
#: serverguide/C/network-auth.xml:1853(para)
13063
msgid ""
13064
"After entering the password, use the <application>klist</application> "
13065
"utility to view information about the Ticket Granting Ticket (TGT):"
13066
msgstr ""
13067
13068
#: serverguide/C/network-auth.xml:1859(command) serverguide/C/network-auth.xml:2194(command)
13069
msgid "klist"
13070
msgstr ""
13071
13072
#: serverguide/C/network-auth.xml:1860(computeroutput)
13073
#, no-wrap
13074
msgid ""
13075
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
13076
" Principal: steve/admin@EXAMPLE.COM\n"
13077
"\n"
13078
" Issued Expires Principal\n"
13079
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
13080
msgstr ""
13081
13082
#: serverguide/C/network-auth.xml:1867(para)
13083
msgid ""
13084
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
13085
"the KDC. For example:"
13086
msgstr ""
13087
13088
#: serverguide/C/network-auth.xml:1871(programlisting)
13089
#, no-wrap
13090
msgid ""
13091
"\n"
13092
"192.168.0.1 kdc01.example.com kdc01\n"
13093
msgstr ""
13094
13095
#: serverguide/C/network-auth.xml:1875(para)
13096
msgid ""
13097
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
13098
msgstr ""
13099
13100
#: serverguide/C/network-auth.xml:1882(para)
13101
msgid ""
13102
"In order for clients to determine the KDC for the Realm some DNS SRV records "
13103
"are needed. Add the following to "
13104
"<filename>/etc/named/db.example.com</filename>:"
13105
msgstr ""
13106
13107
#: serverguide/C/network-auth.xml:1887(programlisting)
13108
#, no-wrap
13109
msgid ""
13110
"\n"
13111
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
13112
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
13113
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
13114
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
13115
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
13116
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
13117
msgstr ""
13118
13119
#: serverguide/C/network-auth.xml:1897(para)
13120
msgid ""
13121
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
13122
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
13123
"KDC."
13124
msgstr ""
13125
13126
#: serverguide/C/network-auth.xml:1903(para)
13127
msgid ""
13128
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
13129
msgstr ""
13130
13131
#: serverguide/C/network-auth.xml:1910(para)
13132
msgid "Your new Kerberos Realm is now ready to authenticate clients."
13133
msgstr ""
13134
13135
#: serverguide/C/network-auth.xml:1917(title)
13136
msgid "Secondary KDC"
13137
msgstr ""
13138
13139
#: serverguide/C/network-auth.xml:1919(para)
13140
msgid ""
13141
"Once you have one Key Distribution Center (KDC) on your network, it is good "
13142
"practice to have a Secondary KDC in case the primary becomes unavailable."
13143
msgstr ""
13144
13145
#: serverguide/C/network-auth.xml:1927(para)
13146
msgid ""
13147
"First, install the packages, and when asked for the Kerberos and Admin "
13148
"server names enter the name of the Primary KDC:"
13149
msgstr ""
13150
13151
#: serverguide/C/network-auth.xml:1938(para)
13152
msgid ""
13153
"Once you have the packages installed, create the Secondary KDC's host "
13154
"principal. From a terminal prompt, enter:"
13155
msgstr ""
13156
13157
#: serverguide/C/network-auth.xml:1943(command)
13158
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
13159
msgstr ""
13160
13161
#: serverguide/C/network-auth.xml:1947(para)
13162
msgid ""
13163
"After, issuing any <application>kadmin</application> commands you will be "
13164
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
13165
"password."
13166
msgstr ""
13167
13168
#: serverguide/C/network-auth.xml:1956(para)
13169
msgid "Extract the <emphasis>keytab</emphasis> file:"
13170
msgstr ""
13171
13172
#: serverguide/C/network-auth.xml:1961(command)
13173
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
13174
msgstr ""
13175
13176
#: serverguide/C/network-auth.xml:1967(para)
13177
msgid ""
13178
"There should now be a <filename>keytab.kdc02</filename> in the current "
13179
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
13180
msgstr ""
13181
13182
#: serverguide/C/network-auth.xml:1973(command)
13183
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
13184
msgstr ""
13185
13186
#: serverguide/C/network-auth.xml:1977(para)
13187
msgid ""
13188
"If the path to the <filename>keytab.kdc02</filename> file is different "
13189
"adjust accordingly."
13190
msgstr ""
13191
13192
#: serverguide/C/network-auth.xml:1982(para)
13193
msgid ""
13194
"Also, you can list the principals in a Keytab file, which can be useful when "
13195
"troubleshooting, using the <application>klist</application> utility:"
13196
msgstr ""
13197
13198
#: serverguide/C/network-auth.xml:1988(command)
13199
msgid "sudo klist -k /etc/krb5.keytab"
13200
msgstr ""
13201
13202
#: serverguide/C/network-auth.xml:1994(para)
13203
msgid ""
13204
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
13205
"that lists all KDCs for the Realm. For example, on both primary and "
13206
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
13207
msgstr ""
13208
13209
#: serverguide/C/network-auth.xml:1999(programlisting)
13210
#, no-wrap
13211
msgid ""
13212
"\n"
13213
"host/kdc01.example.com@EXAMPLE.COM\n"
13214
"host/kdc02.example.com@EXAMPLE.COM\n"
13215
msgstr ""
13216
13217
#: serverguide/C/network-auth.xml:2007(para)
13218
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
13219
msgstr ""
13220
13221
#: serverguide/C/network-auth.xml:2012(command)
13222
msgid "sudo kdb5_util -s create"
13223
msgstr ""
13224
13225
#: serverguide/C/network-auth.xml:2018(para)
13226
msgid ""
13227
"Now start the <application>kpropd</application> daemon, which listens for "
13228
"connections from the <application>kprop</application> utility. "
13229
"<application>kprop</application> is used to transfer dump files:"
13230
msgstr ""
13231
13232
#: serverguide/C/network-auth.xml:2025(command)
13233
msgid "sudo kpropd -S"
13234
msgstr ""
13235
13236
#: serverguide/C/network-auth.xml:2031(para)
13237
msgid ""
13238
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
13239
"of the principal database:"
13240
msgstr ""
13241
13242
#: serverguide/C/network-auth.xml:2036(command)
13243
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
13244
msgstr ""
13245
13246
#: serverguide/C/network-auth.xml:2042(para)
13247
msgid ""
13248
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
13249
"<filename>/etc/krb5.keytab</filename>:"
13250
msgstr ""
13251
13252
#: serverguide/C/network-auth.xml:2047(command)
13253
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
13254
msgstr ""
13255
13256
#: serverguide/C/network-auth.xml:2048(command)
13257
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
13258
msgstr ""
13259
13260
#: serverguide/C/network-auth.xml:2052(para)
13261
msgid ""
13262
"Make sure there is a <emphasis>host</emphasis> for "
13263
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
13264
msgstr ""
13265
13266
#: serverguide/C/network-auth.xml:2060(para)
13267
msgid ""
13268
"Using the <application>kprop</application> utility push the database to the "
13269
"Secondary KDC:"
13270
msgstr ""
13271
13272
#: serverguide/C/network-auth.xml:2065(command)
13273
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
13274
msgstr ""
13275
13276
#: serverguide/C/network-auth.xml:2069(para)
13277
msgid ""
13278
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
13279
"worked. If there is an error message check "
13280
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
13281
"information."
13282
msgstr ""
13283
13284
#: serverguide/C/network-auth.xml:2075(para)
13285
msgid ""
13286
"You may also want to create a <application>cron</application> job to "
13287
"periodically update the database on the Secondary KDC. For example, the "
13288
"following will push the database every hour:"
13289
msgstr ""
13290
13291
#: serverguide/C/network-auth.xml:2080(programlisting)
13292
#, no-wrap
13293
msgid ""
13294
"\n"
13295
"# m h dom mon dow command\n"
13296
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
13297
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
13298
msgstr ""
13299
13300
#: serverguide/C/network-auth.xml:2088(para)
13301
msgid ""
13302
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
13303
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
13304
msgstr ""
13305
13306
#: serverguide/C/network-auth.xml:2094(command)
13307
msgid "sudo kdb5_util stash"
13308
msgstr ""
13309
13310
#: serverguide/C/network-auth.xml:2100(para)
13311
msgid ""
13312
"Finally, start the <application>krb5-kdc</application> daemon on the "
13313
"Secondary KDC:"
13314
msgstr ""
13315
13316
#: serverguide/C/network-auth.xml:2105(command) serverguide/C/network-auth.xml:2713(command)
13317
msgid "sudo /etc/init.d/krb5-kdc start"
13318
msgstr ""
13319
13320
#: serverguide/C/network-auth.xml:2111(para)
13321
msgid ""
13322
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
13323
"for the Realm. You can test this by stopping the <application>krb5-"
13324
"kdc</application> daemon on the Primary KDC, then use "
13325
"<application>kinit</application> to request a ticket. If all goes well you "
13326
"should receive a ticket from the Secondary KDC."
13327
msgstr ""
13328
13329
#: serverguide/C/network-auth.xml:2119(title)
13330
msgid "Kerberos Linux Client"
13331
msgstr ""
13332
13333
#: serverguide/C/network-auth.xml:2121(para)
13334
msgid ""
13335
"This section covers configuring a Linux system as a "
13336
"<application>Kerberos</application> client. This will allow access to any "
13337
"kerberized services once a user has successfully logged into the system."
13338
msgstr ""
13339
13340
#: serverguide/C/network-auth.xml:2129(para)
13341
msgid ""
13342
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
13343
"user</application> and <application>libpam-krb5</application> packages are "
13344
"needed, along with a few others that are not strictly necessary but make "
13345
"life easier. To install the packages enter the following in a terminal "
13346
"prompt:"
13347
msgstr ""
13348
13349
#: serverguide/C/network-auth.xml:2136(command)
13350
msgid ""
13351
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
13352
msgstr ""
13353
13354
#: serverguide/C/network-auth.xml:2139(para)
13355
msgid ""
13356
"The <application>auth-client-config</application> package allows simple "
13357
"configuration of PAM for authentication from multiple sources, and the "
13358
"<application>libpam-ccreds</application> will cache authentication "
13359
"credentials allowing you to login in case the Key Distribution Center (KDC) "
13360
"is unavailable. This package is also useful for laptops that may "
13361
"authenticate using Kerberos while on the corporate network, but will need to "
13362
"be accessed off the network as well."
13363
msgstr ""
13364
13365
#: serverguide/C/network-auth.xml:2150(para)
13366
msgid "To configure the client in a terminal enter:"
13367
msgstr ""
13368
13369
#: serverguide/C/network-auth.xml:2155(command)
13370
msgid "sudo dpkg-reconfigure krb5-config"
13371
msgstr ""
13372
13373
#: serverguide/C/network-auth.xml:2158(para)
13374
msgid ""
13375
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
13376
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
13377
"records, the menu will prompt you for the hostname of the Key Distribution "
13378
"Center (KDC) and Realm Administration server."
13379
msgstr ""
13380
13381
#: serverguide/C/network-auth.xml:2164(para)
13382
msgid ""
13383
"The <application>dpkg-reconfigure</application> adds entries to the "
13384
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
13385
"entries similar to the following:"
13386
msgstr ""
13387
13388
#: serverguide/C/network-auth.xml:2169(programlisting)
13389
#, no-wrap
13390
msgid ""
13391
"\n"
13392
"[libdefaults]\n"
13393
" default_realm = EXAMPLE.COM\n"
13394
"...\n"
13395
"[realms]\n"
13396
" EXAMPLE.COM = } \n"
13397
" kdc = 192.168.0.1 \n"
13398
" admin_server = 192.168.0.1\n"
13399
" }\n"
13400
msgstr ""
13401
13402
#: serverguide/C/network-auth.xml:2180(para)
13403
msgid ""
13404
"You can test the configuration by requesting a ticket using the "
13405
"<application>kinit</application> utility. For example:"
13406
msgstr ""
13407
13408
#: serverguide/C/network-auth.xml:2185(command)
13409
msgid "kinit steve@EXAMPLE.COM"
13410
msgstr ""
13411
13412
#: serverguide/C/network-auth.xml:2186(computeroutput)
13413
#, no-wrap
13414
msgid "Password for steve@EXAMPLE.COM:"
13415
msgstr ""
13416
13417
#: serverguide/C/network-auth.xml:2189(para)
13418
msgid ""
13419
"When a ticket has been granted, the details can be viewed using "
13420
"<application>klist</application>:"
13421
msgstr ""
13422
13423
#: serverguide/C/network-auth.xml:2195(computeroutput)
13424
#, no-wrap
13425
msgid ""
13426
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
13427
"Default principal: steve@EXAMPLE.COM\n"
13428
"\n"
13429
"Valid starting Expires Service principal\n"
13430
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
13431
" renew until 07/25/08 05:18:57\n"
13432
"\n"
13433
"\n"
13434
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
13435
"klist: You have no tickets cached"
13436
msgstr ""
13437
13438
#: serverguide/C/network-auth.xml:2207(para)
13439
msgid ""
13440
"Next, use the <application>auth-client-config</application> to configure the "
13441
"<application>libpam-krb5</application> module to request a ticket during "
13442
"login:"
13443
msgstr ""
13444
13445
#: serverguide/C/network-auth.xml:2213(command)
13446
msgid "sudo auth-client-config -a -p kerberos_example"
13447
msgstr ""
13448
13449
#: serverguide/C/network-auth.xml:2216(para)
13450
msgid ""
13451
"You will should now receive a ticket upon successful login authentication."
13452
msgstr ""
13453
13454
#: serverguide/C/network-auth.xml:2227(para)
13455
msgid ""
13456
"For more information on Kerberos see the <ulink "
13457
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
13458
msgstr ""
13459
13460
#: serverguide/C/network-auth.xml:2232(para)
13461
msgid ""
13462
"O'Reilly's <ulink "
13463
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
13464
"Guide</ulink> is a great reference when setting up Kerberos."
13465
msgstr ""
13466
13467
#: serverguide/C/network-auth.xml:2238(para)
13468
msgid ""
13469
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
13470
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
13471
"Kerberos questions."
13472
msgstr ""
13473
13474
#: serverguide/C/network-auth.xml:2248(title)
13475
msgid "Kerberos and LDAP"
13476
msgstr ""
13477
13478
#: serverguide/C/network-auth.xml:2250(para)
13479
msgid ""
13480
"Replicating a Kerberos principal database between two servers can be "
13481
"complicated, and adds an additional user database to your network. "
13482
"Fortunately, MIT Kerberos can be configured to use an "
13483
"<application>LDAP</application> directory as a principal database. This "
13484
"section covers configuring a primary and secondary kerberos server to use "
13485
"<application>OpenLDAP</application> for the principal database."
13486
msgstr ""
13487
13488
#: serverguide/C/network-auth.xml:2258(title)
13489
msgid "Configuring OpenLDAP"
13490
msgstr ""
13491
13492
#: serverguide/C/network-auth.xml:2260(para)
13493
msgid ""
13494
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
13495
"<application>OpenLDAP</application> server that has network connectivity to "
13496
"the Primary and Secondary KDCs. The rest of this section assumes that you "
13497
"also have LDAP replication configured between at least two servers. For "
13498
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
13499
msgstr ""
13500
13501
#: serverguide/C/network-auth.xml:2267(para)
13502
msgid ""
13503
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
13504
"that traffic between the KDC and LDAP server is encrypted. See <xref "
13505
"linkend=\"openldap-tls\"/> for details."
13506
msgstr ""
13507
13508
#: serverguide/C/network-auth.xml:2274(para)
13509
msgid ""
13510
"To load the schema into LDAP, on the LDAP server install the "
13511
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
13512
msgstr ""
13513
13514
#: serverguide/C/network-auth.xml:2280(command)
13515
msgid "sudo apt-get install krb5-kdc-ldap"
13516
msgstr ""
13517
13518
#: serverguide/C/network-auth.xml:2285(para)
13519
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
13520
msgstr ""
13521
13522
#: serverguide/C/network-auth.xml:2290(command)
13523
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
13524
msgstr ""
13525
13526
#: serverguide/C/network-auth.xml:2291(command)
13527
msgid ""
13528
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
13529
msgstr ""
13530
13531
#: serverguide/C/network-auth.xml:2297(para)
13532
msgid ""
13533
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
13534
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
13535
"<application>slapd</application> is also detailed in <xref "
13536
"linkend=\"openldap-configuration\"/>."
13537
msgstr ""
13538
13539
#: serverguide/C/network-auth.xml:2310(programlisting)
13540
#, no-wrap
13541
msgid ""
13542
"\n"
13543
"include /etc/ldap/schema/core.schema\n"
13544
"include /etc/ldap/schema/collective.schema\n"
13545
"include /etc/ldap/schema/corba.schema\n"
13546
"include /etc/ldap/schema/cosine.schema\n"
13547
"include /etc/ldap/schema/duaconf.schema\n"
13548
"include /etc/ldap/schema/dyngroup.schema\n"
13549
"include /etc/ldap/schema/inetorgperson.schema\n"
13550
"include /etc/ldap/schema/java.schema\n"
13551
"include /etc/ldap/schema/misc.schema\n"
13552
"include /etc/ldap/schema/nis.schema\n"
13553
"include /etc/ldap/schema/openldap.schema\n"
13554
"include /etc/ldap/schema/ppolicy.schema\n"
13555
"include /etc/ldap/schema/kerberos.schema\n"
13556
msgstr ""
13557
13558
#: serverguide/C/network-auth.xml:2330(para)
13559
msgid "Create a temporary directory to hold the LDIF files:"
13560
msgstr ""
13561
13562
#: serverguide/C/network-auth.xml:2355(para)
13563
msgid ""
13564
"Edit the generated "
13565
"<filename>/tmp/ldif_output/cn=config/cn=schema/cn={12}kerberos.ldif</filename"
13566
"> file, changing the following attributes:"
13567
msgstr ""
13568
13569
#: serverguide/C/network-auth.xml:2360(programlisting)
13570
#, no-wrap
13571
msgid ""
13572
"\n"
13573
"dn: cn=kerberos,cn=schema,cn=config\n"
13574
"...\n"
13575
"cn: kerberos\n"
13576
msgstr ""
13577
13578
#: serverguide/C/network-auth.xml:2366(para)
13579
msgid "And remove the following lines from the end of the file:"
13580
msgstr ""
13581
13582
#: serverguide/C/network-auth.xml:2370(programlisting)
13583
#, no-wrap
13584
msgid ""
13585
"\n"
13586
"structuralObjectClass: olcSchemaConfig\n"
13587
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
13588
"creatorsName: cn=config\n"
13589
"createTimestamp: 20090111203515Z\n"
13590
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
13591
"modifiersName: cn=config\n"
13592
"modifyTimestamp: 20090111203515Z\n"
13593
msgstr ""
13594
13595
#: serverguide/C/network-auth.xml:2389(para)
13596
msgid "Load the new schema with <application>ldapadd</application>:"
13597
msgstr ""
13598
13599
#: serverguide/C/network-auth.xml:2394(command)
13600
msgid ""
13601
"ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\\=config/cn\\"
13602
"=schema/cn\\=\\{12\\}kerberos.ldif"
13603
msgstr ""
13604
13605
#: serverguide/C/network-auth.xml:2400(para)
13606
msgid ""
13607
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
13608
msgstr ""
13609
13610
#: serverguide/C/network-auth.xml:2407(userinput)
13611
#, no-wrap
13612
msgid ""
13613
"dn: olcDatabase={1}hdb,cn=config\n"
13614
"add: olcDbIndex\n"
13615
"olcDbIndex: krbPrincipalName eq,pres,sub"
13616
msgstr ""
13617
13618
#: serverguide/C/network-auth.xml:2417(para)
13619
msgid "Finally, update the Access Control Lists (ACL):"
13620
msgstr ""
13621
13622
#: serverguide/C/network-auth.xml:2424(userinput)
13623
#, no-wrap
13624
msgid ""
13625
"dn: olcDatabase={1}hdb,cn=config\n"
13626
"replace: olcAccess\n"
13627
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
13628
"dn=\"cn=admin,dc=exampl\n"
13629
" e,dc=com\" write by anonymous auth by self write by * none\n"
13630
"-\n"
13631
"add: olcAccess\n"
13632
"olcAccess: to dn.base=\"\" by * read\n"
13633
"-\n"
13634
"add: olcAccess\n"
13635
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
13636
msgstr ""
13637
13638
#: serverguide/C/network-auth.xml:2423(computeroutput)
13639
#, no-wrap
13640
msgid ""
13641
"Enter LDAP Password: \n"
13642
"<placeholder-1/>\n"
13643
"\n"
13644
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
13645
msgstr ""
13646
13647
#: serverguide/C/network-auth.xml:2444(para)
13648
msgid ""
13649
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
13650
"database."
13651
msgstr ""
13652
13653
#: serverguide/C/network-auth.xml:2450(title)
13654
msgid "Primary KDC Configuration"
13655
msgstr ""
13656
13657
#: serverguide/C/network-auth.xml:2452(para)
13658
msgid ""
13659
"With <application>OpenLDAP</application> configured it is time to configure "
13660
"the KDC."
13661
msgstr ""
13662
13663
#: serverguide/C/network-auth.xml:2458(para)
13664
msgid "First, install the necessary packages, from a terminal enter:"
13665
msgstr ""
13666
13667
#: serverguide/C/network-auth.xml:2463(command) serverguide/C/network-auth.xml:2620(command)
13668
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
13669
msgstr ""
13670
13671
#: serverguide/C/network-auth.xml:2469(para)
13672
msgid ""
13673
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
13674
"under the appropriate sections:"
13675
msgstr ""
13676
13677
#: serverguide/C/network-auth.xml:2473(programlisting)
13678
#, no-wrap
13679
msgid ""
13680
"\n"
13681
"[libdefaults]\n"
13682
" default_realm = EXAMPLE.COM\n"
13683
"\n"
13684
"...\n"
13685
"\n"
13686
"[realms]\n"
13687
" EXAMPLE.COM = {\n"
13688
" kdc = kdc01.example.com\n"
13689
" kdc = kdc02.example.com\n"
13690
" admin_server = kdc01.example.com\n"
13691
" admin_server = kdc02.example.com\n"
13692
" default_domain = example.com\n"
13693
" database_module = openldap_ldapconf\n"
13694
" }\n"
13695
"\n"
13696
"...\n"
13697
"\n"
13698
"[domain_realm]\n"
13699
" .example.com = EXAMPLE.COM\n"
13700
"\n"
13701
"\n"
13702
"...\n"
13703
"\n"
13704
"[dbdefaults]\n"
13705
" ldap_kerberos_container_dn = dc=example,dc=com\n"
13706
"\n"
13707
"[dbmodules]\n"
13708
" openldap_ldapconf = {\n"
13709
" db_library = kldap\n"
13710
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
13711
"\n"
13712
" # this object needs to have read rights on\n"
13713
" # the realm container, principal container and realm sub-"
13714
"trees\n"
13715
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
13716
"\n"
13717
" # this object needs to have read and write rights on\n"
13718
" # the realm container, principal container and realm sub-"
13719
"trees\n"
13720
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
13721
" ldap_servers = ldaps://ldap01.example.com "
13722
"ldaps://ldap02.example.com\n"
13723
" ldap_conns_per_server = 5\n"
13724
" }\n"
13725
msgstr ""
13726
13727
#: serverguide/C/network-auth.xml:2518(para)
13728
msgid ""
13729
"Change <emphasis>example.com</emphasis>, "
13730
"<emphasis>dc=example,dc=com</emphasis>, "
13731
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
13732
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
13733
"object, and LDAP server for your network."
13734
msgstr ""
13735
13736
#: serverguide/C/network-auth.xml:2527(para)
13737
msgid ""
13738
"Next, use the <application>kdb5_ldap_util</application> utility to create "
13739
"the realm:"
13740
msgstr ""
13741
13742
#: serverguide/C/network-auth.xml:2532(command)
13743
msgid ""
13744
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
13745
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
13746
msgstr ""
13747
13748
#: serverguide/C/network-auth.xml:2538(para)
13749
msgid ""
13750
"Create a stash of the password used to bind to the LDAP server. This "
13751
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
13752
"<emphasis>ldap_kadmin_dn</emphasis> options in "
13753
"<filename>/etc/krb5.conf</filename>:"
13754
msgstr ""
13755
13756
#: serverguide/C/network-auth.xml:2544(command) serverguide/C/network-auth.xml:2682(command)
13757
msgid ""
13758
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
13759
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
13760
msgstr ""
13761
13762
#: serverguide/C/network-auth.xml:2550(para)
13763
msgid "Copy the CA certificate from the LDAP server:"
13764
msgstr ""
13765
13766
#: serverguide/C/network-auth.xml:2555(command)
13767
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
13768
msgstr ""
13769
13770
#: serverguide/C/network-auth.xml:2556(command)
13771
msgid "sudo cp cacert.pem /etc/ssl/certs"
13772
msgstr ""
13773
13774
#: serverguide/C/network-auth.xml:2559(para)
13775
msgid ""
13776
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
13777
msgstr ""
13778
13779
#: serverguide/C/network-auth.xml:2563(programlisting)
13780
#, no-wrap
13781
msgid ""
13782
"\n"
13783
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
13784
msgstr ""
13785
13786
#: serverguide/C/network-auth.xml:2568(para)
13787
msgid ""
13788
"The certificate will also need to be copied to the Secondary KDC, to allow "
13789
"the connection to the LDAP servers using LDAPS."
13790
msgstr ""
13791
13792
#: serverguide/C/network-auth.xml:2577(para)
13793
msgid ""
13794
"You can now add Kerberos principals to the LDAP database, and they will be "
13795
"copied to any other LDAP servers configured for replication. To add a "
13796
"principal using the <application>kadmin.local</application> utility enter:"
13797
msgstr ""
13798
13799
#: serverguide/C/network-auth.xml:2585(userinput)
13800
#, no-wrap
13801
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
13802
msgstr ""
13803
13804
#: serverguide/C/network-auth.xml:2584(computeroutput)
13805
#, no-wrap
13806
msgid ""
13807
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
13808
"kadmin.local: <placeholder-1/>\n"
13809
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
13810
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
13811
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
13812
"Principal \"steve@EXAMPLE.COM\" created."
13813
msgstr ""
13814
13815
#: serverguide/C/network-auth.xml:2592(para)
13816
msgid ""
13817
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
13818
"krbExtraData attributes added to the "
13819
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
13820
"the <application>kinit</application> and <application>klist</application> "
13821
"utilities to test that the user is indeed issued a ticket."
13822
msgstr ""
13823
13824
#: serverguide/C/network-auth.xml:2599(para)
13825
msgid ""
13826
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
13827
"option is needed to add the Kerberos attributes. Otherwise a new "
13828
"<emphasis>principal</emphasis> object will be created in the realm subtree."
13829
msgstr ""
13830
13831
#: serverguide/C/network-auth.xml:2607(title)
13832
msgid "Secondary KDC Configuration"
13833
msgstr ""
13834
13835
#: serverguide/C/network-auth.xml:2609(para)
13836
msgid ""
13837
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
13838
"one using the normal Kerberos database."
13839
msgstr ""
13840
13841
#: serverguide/C/network-auth.xml:2615(para)
13842
msgid "First, install the necessary packages. In a terminal enter:"
13843
msgstr ""
13844
13845
#: serverguide/C/network-auth.xml:2626(para)
13846
msgid ""
13847
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
13848
msgstr ""
13849
13850
#: serverguide/C/network-auth.xml:2630(programlisting)
13851
#, no-wrap
13852
msgid ""
13853
"\n"
13854
"[libdefaults]\n"
13855
" default_realm = EXAMPLE.COM\n"
13856
"\n"
13857
"...\n"
13858
"\n"
13859
"[realms]\n"
13860
" EXAMPLE.COM = {\n"
13861
" kdc = kdc01.example.com\n"
13862
" kdc = kdc02.example.com\n"
13863
" admin_server = kdc01.example.com\n"
13864
" admin_server = kdc02.example.com\n"
13865
" default_domain = example.com\n"
13866
" database_module = openldap_ldapconf\n"
13867
" }\n"
13868
"\n"
13869
"...\n"
13870
"\n"
13871
"[domain_realm]\n"
13872
" .example.com = EXAMPLE.COM\n"
13873
"\n"
13874
"...\n"
13875
"\n"
13876
"[dbdefaults]\n"
13877
" ldap_kerberos_container_dn = dc=example,dc=com\n"
13878
"\n"
13879
"[dbmodules]\n"
13880
" openldap_ldapconf = {\n"
13881
" db_library = kldap\n"
13882
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
13883
"\n"
13884
" # this object needs to have read rights on\n"
13885
" # the realm container, principal container and realm sub-"
13886
"trees\n"
13887
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
13888
"\n"
13889
" # this object needs to have read and write rights on\n"
13890
" # the realm container, principal container and realm sub-"
13891
"trees\n"
13892
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
13893
" ldap_servers = ldaps://ldap01.example.com "
13894
"ldaps://ldap02.example.com\n"
13895
" ldap_conns_per_server = 5\n"
13896
" }\n"
13897
msgstr ""
13898
13899
#: serverguide/C/network-auth.xml:2677(para)
13900
msgid "Create the stash for the LDAP bind password:"
13901
msgstr ""
13902
13903
#: serverguide/C/network-auth.xml:2688(para)
13904
msgid ""
13905
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
13906
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
13907
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
13908
"encrypted connection such as <application>scp</application>, or on physical "
13909
"media."
13910
msgstr ""
13911
13912
#: serverguide/C/network-auth.xml:2695(command)
13913
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
13914
msgstr ""
13915
13916
#: serverguide/C/network-auth.xml:2696(command)
13917
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
13918
msgstr ""
13919
13920
#: serverguide/C/network-auth.xml:2700(para)
13921
msgid ""
13922
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
13923
msgstr ""
13924
13925
#: serverguide/C/network-auth.xml:2708(para)
13926
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
13927
msgstr ""
13928
13929
#: serverguide/C/network-auth.xml:2719(para)
13930
msgid ""
13931
"You now have redundant KDCs on your network, and with redundant LDAP servers "
13932
"you should be able to continue to authenticate users if one LDAP server, one "
13933
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
13934
msgstr ""
13935
13936
#: serverguide/C/network-auth.xml:2731(para)
13937
msgid ""
13938
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
13939
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
13940
"Guide</ulink> has some additional details."
13941
msgstr ""
13942
13943
#: serverguide/C/network-auth.xml:2737(para)
13944
msgid ""
13945
"For more information on <application>kdb5_ldap_util</application> see <ulink "
13946
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
13947
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
13948
"5.6</ulink> and the <ulink "
13949
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/kdb5_ldap_util.8.htm"
13950
"l\">kdb5_ldap_util man page</ulink>."
13951
msgstr ""
13952
13953
#: serverguide/C/network-auth.xml:2745(para)
13954
msgid ""
13955
"Another useful link is the <ulink "
13956
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">k"
13957
"rb5.conf man page</ulink>."
13958
msgstr ""
13959
13960
#: serverguide/C/mail.xml:13(title)
13961
msgid "Email Services"
13962
msgstr "Elektroninio Pašto Paslaugos"
13963
13964
#: serverguide/C/mail.xml:14(para)
13965
msgid ""
13966
"The process of getting an email from one person to another over a network or "
13967
"the Internet involves many systems working together. Each of these systems "
13968
"must be correctly configured for the process to work. The sender uses a "
13969
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
13970
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
13971
"the last of which will hand it off to a <emphasis>Mail Delivery "
13972
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
13973
"it will be retrieved by the recipient's email client, usually via a POP3 or "
13974
"IMAP server."
13975
msgstr ""
13976
13977
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:623(application) serverguide/C/mail.xml:657(title) serverguide/C/mail.xml:735(title) serverguide/C/mail.xml:1282(title)
13978
msgid "Postfix"
13979
msgstr ""
13980
13981
#: serverguide/C/mail.xml:25(para)
13982
msgid ""
13983
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
13984
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
13985
"compatible with the MTA <application>sendmail</application>. This section "
13986
"explains how to install and configure <application>postfix</application>. It "
13987
"also explains how to set it up as an SMTP server using a secure connection "
13988
"(for sending emails securely)."
13989
msgstr ""
13990
13991
#: serverguide/C/mail.xml:34(para)
13992
msgid ""
13993
"To install <application>postfix</application> run the following command:"
13994
msgstr ""
13995
13996
#: serverguide/C/mail.xml:40(para)
13997
msgid ""
13998
"Simply press return when the installation process asks questions, the "
13999
"configuration will be done in greater detail in the next stage."
14000
msgstr ""
14001
14002
#: serverguide/C/mail.xml:45(title)
14003
msgid "Basic Configuration"
14004
msgstr "Pagrindinė Konfigūracija"
14005
14006
#: serverguide/C/mail.xml:46(para)
14007
msgid ""
14008
"To configure <application>postfix</application>, run the following command:"
14009
msgstr ""
14010
14011
#: serverguide/C/mail.xml:50(command)
14012
msgid "sudo dpkg-reconfigure postfix"
14013
msgstr ""
14014
14015
#: serverguide/C/mail.xml:56(para)
14016
msgid "Internet Site"
14017
msgstr ""
14018
14019
#: serverguide/C/mail.xml:57(para)
14020
msgid "mail.example.com"
14021
msgstr "mail.example.com"
14022
14023
#: serverguide/C/mail.xml:58(para)
14024
msgid "steve"
14025
msgstr ""
14026
14027
#: serverguide/C/mail.xml:59(para)
14028
msgid "mail.example.com, localhost.localdomain, localhost"
14029
msgstr ""
14030
14031
#: serverguide/C/mail.xml:60(para)
14032
msgid "No"
14033
msgstr "Ne"
14034
14035
#: serverguide/C/mail.xml:61(para)
14036
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
14037
msgstr ""
14038
14039
#: serverguide/C/mail.xml:62(para)
14040
msgid "0"
14041
msgstr "0"
14042
14043
#: serverguide/C/mail.xml:63(para)
14044
msgid "+"
14045
msgstr "+"
14046
14047
#: serverguide/C/mail.xml:64(para)
14048
msgid "all"
14049
msgstr "visi"
14050
14051
#: serverguide/C/mail.xml:52(para)
14052
msgid ""
14053
"The user interface will be displayed. On each screen, select the following "
14054
"values: <placeholder-1/>"
14055
msgstr ""
14056
14057
#: serverguide/C/mail.xml:68(para)
14058
msgid ""
14059
"Replace mail.example.com with your mail server hostname, 192.168.0/24 with "
14060
"the actual network and class range of your mail server, and steve with the "
14061
"appropriate username."
14062
msgstr ""
14063
14064
#: serverguide/C/mail.xml:76(title) serverguide/C/mail.xml:357(title)
14065
msgid "SMTP Authentication"
14066
msgstr "SMTP Autentifikacija"
14067
14068
#: serverguide/C/mail.xml:78(para)
14069
msgid ""
14070
"SMTP-AUTH allows a client to identify itself through an authentication "
14071
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
14072
"the authentication process. Once authenticated the SMTP server will allow "
14073
"the client to relay mail."
14074
msgstr ""
14075
14076
#: serverguide/C/mail.xml:84(para)
14077
msgid ""
14078
"Configuring <application>Postfix</application> for SMTP-AUTH is very simple "
14079
"using the <application>dovecot-postfix</application> package. This package "
14080
"will install <application>Dovecot</application> and configure "
14081
"<application>Postfix</application> to use it for both SASL authentication "
14082
"and as a Mail Delivery Agent (MDA). The package also configures "
14083
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
14084
msgstr ""
14085
14086
#: serverguide/C/mail.xml:91(para)
14087
msgid "To install the package, from a terminal prompt enter:"
14088
msgstr ""
14089
14090
#: serverguide/C/mail.xml:96(command)
14091
msgid "sudo apt-get install dovecot-postfix"
14092
msgstr ""
14093
14094
#: serverguide/C/mail.xml:99(para)
14095
msgid ""
14096
"You should now have a working mail server, but there are a few options that "
14097
"you may wish to further customize. For example, the package uses the "
14098
"certificate and key from the <application>ssl-cert</application> package, "
14099
"and in a production environment you should use a certificate and key "
14100
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
14101
"for more details."
14102
msgstr ""
14103
14104
#: serverguide/C/mail.xml:105(para)
14105
msgid ""
14106
"Once you have a customized certificate and key for the host, change the "
14107
"following options in <filename>/etc/postfix/main.cf</filename>:"
14108
msgstr ""
14109
14110
#: serverguide/C/mail.xml:109(programlisting)
14111
#, no-wrap
14112
msgid ""
14113
"\n"
14114
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
14115
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
14116
msgstr ""
14117
14118
#: serverguide/C/mail.xml:114(para)
14119
msgid "Then restart Postfix:"
14120
msgstr ""
14121
14122
#: serverguide/C/mail.xml:119(command) serverguide/C/mail.xml:182(command) serverguide/C/mail.xml:775(command) serverguide/C/mail.xml:1333(command)
14123
msgid "sudo /etc/init.d/postfix restart"
14124
msgstr ""
14125
14126
#: serverguide/C/mail.xml:125(para)
14127
msgid ""
14128
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
14129
msgstr ""
14130
14131
#: serverguide/C/mail.xml:128(para)
14132
msgid "To see if SMTP-AUTH and TLS work properly, run the following command:"
14133
msgstr ""
14134
14135
#: serverguide/C/mail.xml:133(command)
14136
msgid "telnet mail.example.com 25"
14137
msgstr ""
14138
14139
#: serverguide/C/mail.xml:135(para)
14140
msgid ""
14141
"After you have established the connection to the postfix mail server, type:"
14142
msgstr ""
14143
14144
#: serverguide/C/mail.xml:139(screen)
14145
#, no-wrap
14146
msgid ""
14147
"\n"
14148
"ehlo mail.example.com\n"
14149
msgstr ""
14150
14151
#: serverguide/C/mail.xml:142(para)
14152
msgid ""
14153
"If you see the following lines among others, then everything is working "
14154
"perfectly. Type <command>quit</command> to exit."
14155
msgstr ""
14156
14157
#: serverguide/C/mail.xml:146(programlisting)
14158
#, no-wrap
14159
msgid ""
14160
"\n"
14161
"250-STARTTLS\n"
14162
"250-AUTH LOGIN PLAIN\n"
14163
"250-AUTH=LOGIN PLAIN\n"
14164
"250 8BITMIME\n"
14165
msgstr ""
14166
14167
#: serverguide/C/mail.xml:156(para)
14168
msgid ""
14169
"This section introduces some common ways to determine the cause if problems "
14170
"arise."
14171
msgstr ""
14172
14173
#: serverguide/C/mail.xml:160(title)
14174
msgid "Escaping chroot"
14175
msgstr ""
14176
14177
#: serverguide/C/mail.xml:161(para)
14178
msgid ""
14179
"The Ubuntu <application>postfix</application> package will by default "
14180
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
14181
"This can add greater complexity when troubleshooting problems."
14182
msgstr ""
14183
14184
#: serverguide/C/mail.xml:165(para)
14185
msgid ""
14186
"To turn off the chroot operation locate for the following line in the "
14187
"<filename>/etc/postfix/master.cf</filename> configuration file:"
14188
msgstr ""
14189
14190
#: serverguide/C/mail.xml:169(screen)
14191
#, no-wrap
14192
msgid ""
14193
"\n"
14194
"smtp inet n - - - - smtpd\n"
14195
msgstr ""
14196
14197
#: serverguide/C/mail.xml:172(para)
14198
msgid "and modify it as follows:"
14199
msgstr ""
14200
14201
#: serverguide/C/mail.xml:175(screen)
14202
#, no-wrap
14203
msgid ""
14204
"\n"
14205
"smtp inet n - n - - smtpd\n"
14206
msgstr ""
14207
14208
#: serverguide/C/mail.xml:178(para)
14209
msgid ""
14210
"You will then need to restart Postfix to use the new configuration. From a "
14211
"terminal prompt enter:"
14212
msgstr ""
14213
14214
#: serverguide/C/mail.xml:186(title)
14215
msgid "Log Files"
14216
msgstr ""
14217
14218
#: serverguide/C/mail.xml:187(para)
14219
msgid ""
14220
"<application>Postfix</application> sends all log messages to "
14221
"<filename>/var/log/mail.log</filename>. However error and warning messages "
14222
"can sometimes get lost in the normal log output so they are also logged to "
14223
"<filename>/var/log/mail.err</filename> and "
14224
"<filename>/var/log/mail.warn</filename> respectively."
14225
msgstr ""
14226
14227
#: serverguide/C/mail.xml:192(para)
14228
msgid ""
14229
"To see messages entered into the logs in real time you can use the "
14230
"<application>tail -f</application> command:"
14231
msgstr ""
14232
14233
#: serverguide/C/mail.xml:197(command)
14234
msgid "tail -f /var/log/mail.err"
14235
msgstr ""
14236
14237
#: serverguide/C/mail.xml:199(para)
14238
msgid ""
14239
"The amount of detail that is recorded in the logs can be increased. Below "
14240
"are some configuration options for increasing the log level for some of the "
14241
"areas covered above."
14242
msgstr ""
14243
14244
#: serverguide/C/mail.xml:205(para)
14245
msgid ""
14246
"To increase <emphasis>TLS</emphasis> activity logging set the "
14247
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
14248
msgstr ""
14249
14250
#: serverguide/C/mail.xml:209(command)
14251
msgid "sudo postconf -e 'smtpd_tls_loglevel = 4'"
14252
msgstr ""
14253
14254
#: serverguide/C/mail.xml:213(para)
14255
msgid ""
14256
"If you are having trouble sending or receiving mail from a specific domain "
14257
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
14258
msgstr ""
14259
14260
#: serverguide/C/mail.xml:218(command)
14261
msgid "sudo postconf -e 'debug_peer_list = problem.domain'"
14262
msgstr ""
14263
14264
#: serverguide/C/mail.xml:222(para)
14265
msgid ""
14266
"You can increase the verbosity of any <application>Postfix</application> "
14267
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
14268
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
14269
"<emphasis>smtp</emphasis> entry:"
14270
msgstr ""
14271
14272
#: serverguide/C/mail.xml:226(programlisting)
14273
#, no-wrap
14274
msgid ""
14275
"\n"
14276
"smtp unix - - - - - smtp -v\n"
14277
msgstr ""
14278
14279
#: serverguide/C/mail.xml:232(para)
14280
msgid ""
14281
"It is important to note that after making one of the logging changes above "
14282
"the <application>Postfix</application> process will need to be reloaded in "
14283
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
14284
"reload</command>"
14285
msgstr ""
14286
14287
#: serverguide/C/mail.xml:239(para)
14288
msgid ""
14289
"To increase the amount of information logged when troubleshooting "
14290
"<emphasis>SASL</emphasis> issues you can set the following options in "
14291
"<filename>/etc/dovecot/dovecot.conf</filename>"
14292
msgstr ""
14293
14294
#: serverguide/C/mail.xml:243(programlisting)
14295
#, no-wrap
14296
msgid ""
14297
"\n"
14298
"auth_debug=yes\n"
14299
"auth_debug_passwords=yes\n"
14300
msgstr ""
14301
14302
#: serverguide/C/mail.xml:250(para)
14303
msgid ""
14304
"Just like <application>Postfix</application> if you change a "
14305
"<application>Dovecot</application> configuration the process will need to be "
14306
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
14307
msgstr ""
14308
14309
#: serverguide/C/mail.xml:256(para)
14310
msgid ""
14311
"Some of the options above can drastically increase the amount of information "
14312
"sent to the log files. Remember to return the log level back to normal after "
14313
"you have corrected the problem. Then reload the appropriate daemon for the "
14314
"new configuration to take affect."
14315
msgstr ""
14316
14317
#: serverguide/C/mail.xml:264(para)
14318
msgid ""
14319
"Administering a <application>Postfix</application> server can be a very "
14320
"complicated task. At some point you may need to turn to the Ubuntu community "
14321
"for more experienced help."
14322
msgstr ""
14323
14324
#: serverguide/C/mail.xml:268(para)
14325
msgid ""
14326
"A great place to ask for <application>Postfix</application> assistance, and "
14327
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
14328
"server</emphasis> IRC channel on <ulink "
14329
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
14330
"one of the <ulink "
14331
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
14332
msgstr ""
14333
14334
#: serverguide/C/mail.xml:273(para)
14335
msgid ""
14336
"For in depth <application>Postfix</application> information Ubuntu "
14337
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
14338
"Book of Postfix</ulink>."
14339
msgstr ""
14340
14341
#: serverguide/C/mail.xml:277(para)
14342
msgid ""
14343
"Finally, the <ulink "
14344
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
14345
"also has great documentation on all the different configuration options "
14346
"available."
14347
msgstr ""
14348
14349
#: serverguide/C/mail.xml:286(title) serverguide/C/mail.xml:663(title) serverguide/C/mail.xml:779(title)
14350
msgid "Exim4"
14351
msgstr ""
14352
14353
#: serverguide/C/mail.xml:287(para)
14354
msgid ""
14355
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
14356
"developed at the University of Cambridge for use on Unix systems connected "
14357
"to the Internet. Exim can be installed in place of "
14358
"<application>sendmail</application>, although the configuration of "
14359
"<application>exim</application> is quite different to that of "
14360
"<application>sendmail</application>."
14361
msgstr ""
14362
14363
#: serverguide/C/mail.xml:298(para)
14364
msgid ""
14365
"To install <application>exim4</application>, run the following command: "
14366
"<screen>\n"
14367
"<command>sudo apt-get install exim4</command>\n"
14368
"</screen>"
14369
msgstr ""
14370
14371
#: serverguide/C/mail.xml:307(para)
14372
msgid ""
14373
"To configure <application>Exim4</application>, run the following command:"
14374
msgstr ""
14375
14376
#: serverguide/C/mail.xml:311(command)
14377
msgid "sudo dpkg-reconfigure exim4-config"
14378
msgstr ""
14379
14380
#: serverguide/C/mail.xml:313(para)
14381
msgid ""
14382
"The user interface will be displayed. The user interface lets you configure "
14383
"many parameters. For example, In <application>Exim4</application> the "
14384
"configuration files are split among multiple files. If you wish to have them "
14385
"in one file you can configure accordingly in this user interface."
14386
msgstr ""
14387
14388
#: serverguide/C/mail.xml:321(para)
14389
msgid ""
14390
"All the parameters you configure in the user interface are stored in "
14391
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
14392
"re-configure, either you re-run the configuration wizard or manually edit "
14393
"this file using your favourite editor. Once you configure, you can run the "
14394
"following command to generate the master configuration file:"
14395
msgstr ""
14396
14397
#: serverguide/C/mail.xml:332(command) serverguide/C/mail.xml:405(command)
14398
msgid "sudo update-exim4.conf"
14399
msgstr ""
14400
14401
#: serverguide/C/mail.xml:334(para)
14402
msgid ""
14403
"The master configuration file, is generated and it is stored in "
14404
"<filename>/var/lib/exim4/config.autogenerated</filename>."
14405
msgstr ""
14406
14407
#: serverguide/C/mail.xml:340(para)
14408
msgid ""
14409
"At any time, you should not edit the master configuration file, "
14410
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
14411
"updated automatically every time you run <command>update-exim4.conf</command>"
14412
msgstr ""
14413
14414
#: serverguide/C/mail.xml:348(para)
14415
msgid ""
14416
"You can run the following command to start <application>Exim4</application> "
14417
"daemon."
14418
msgstr ""
14419
14420
#: serverguide/C/mail.xml:353(command) serverguide/C/mail.xml:785(command)
14421
msgid "sudo /etc/init.d/exim4 start"
14422
msgstr ""
14423
14424
#: serverguide/C/mail.xml:358(para)
14425
msgid ""
14426
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
14427
msgstr ""
14428
14429
#: serverguide/C/mail.xml:361(para)
14430
msgid ""
14431
"The first step is to create a certificate for use with TLS. Enter the "
14432
"following into a terminal prompt:"
14433
msgstr ""
14434
14435
#: serverguide/C/mail.xml:365(command)
14436
msgid "sudo /usr/share/doc/exim4-base/examples/exim-gencert"
14437
msgstr ""
14438
14439
#: serverguide/C/mail.xml:367(para)
14440
msgid ""
14441
"Now Exim4 needs to be configured for TLS by editing "
14442
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
14443
"the following:"
14444
msgstr ""
14445
14446
#: serverguide/C/mail.xml:371(programlisting)
14447
#, no-wrap
14448
msgid ""
14449
"\n"
14450
"MAIN_TLS_ENABLE = yes\n"
14451
msgstr ""
14452
14453
#: serverguide/C/mail.xml:374(para)
14454
msgid ""
14455
"Next you need to configure <application>Exim4</application> to use the "
14456
"<application>saslauthd</application> for authentication. Edit "
14457
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
14458
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
14459
"<emphasis>login_saslauthd_server</emphasis> sections:"
14460
msgstr ""
14461
14462
#: serverguide/C/mail.xml:379(programlisting)
14463
#, no-wrap
14464
msgid ""
14465
"\n"
14466
" plain_saslauthd_server:\n"
14467
" driver = plaintext\n"
14468
" public_name = PLAIN\n"
14469
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
14470
" server_set_id = $auth2\n"
14471
" server_prompts = :\n"
14472
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
14473
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
14474
" .endif\n"
14475
"#\n"
14476
" login_saslauthd_server:\n"
14477
" driver = plaintext\n"
14478
" public_name = LOGIN\n"
14479
" server_prompts = \"Username:: : Password::\"\n"
14480
" # don't send system passwords over unencrypted connections\n"
14481
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
14482
" server_set_id = $auth1\n"
14483
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
14484
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
14485
" .endif\n"
14486
msgstr ""
14487
14488
#: serverguide/C/mail.xml:401(para)
14489
msgid "Finally, update the Exim4 configuration and restart the service:"
14490
msgstr ""
14491
14492
#: serverguide/C/mail.xml:406(command)
14493
msgid "sudo /etc/init.d/exim4 restart"
14494
msgstr ""
14495
14496
#: serverguide/C/mail.xml:410(title)
14497
msgid "Configuring SASL"
14498
msgstr "SASL Konfigūravimas"
14499
14500
#: serverguide/C/mail.xml:411(para)
14501
msgid ""
14502
"This section provides details on configuring the saslauthd to provide "
14503
"authentication for <application>Exim4</application>."
14504
msgstr ""
14505
14506
#: serverguide/C/mail.xml:414(para)
14507
msgid ""
14508
"The first step is to install the sasl2-bin package. From a terminal prompt "
14509
"enter the following:"
14510
msgstr ""
14511
14512
#: serverguide/C/mail.xml:418(command)
14513
msgid "sudo apt-get install sasl2-bin"
14514
msgstr ""
14515
14516
#: serverguide/C/mail.xml:420(para)
14517
msgid ""
14518
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
14519
"and set START=no to:"
14520
msgstr ""
14521
14522
#: serverguide/C/mail.xml:423(programlisting)
14523
#, no-wrap
14524
msgid ""
14525
"\n"
14526
"START=yes\n"
14527
msgstr ""
14528
14529
#: serverguide/C/mail.xml:426(para)
14530
msgid ""
14531
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
14532
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
14533
"service:"
14534
msgstr ""
14535
14536
#: serverguide/C/mail.xml:431(command)
14537
msgid "sudo adduser Debian-exim sasl"
14538
msgstr ""
14539
14540
#: serverguide/C/mail.xml:433(para)
14541
msgid "Now start the <application>saslauthd</application> service:"
14542
msgstr ""
14543
14544
#: serverguide/C/mail.xml:437(command)
14545
msgid "sudo /etc/init.d/saslauthd start"
14546
msgstr ""
14547
14548
#: serverguide/C/mail.xml:439(para)
14549
msgid ""
14550
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
14551
"and SASL authentication."
14552
msgstr ""
14553
14554
#: serverguide/C/mail.xml:448(para)
14555
msgid ""
14556
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
14557
"information."
14558
msgstr ""
14559
14560
#: serverguide/C/mail.xml:453(para)
14561
msgid ""
14562
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
14563
"server\">Exim4 Book</ulink> available."
14564
msgstr ""
14565
14566
#: serverguide/C/mail.xml:462(title)
14567
msgid "Dovecot Server"
14568
msgstr ""
14569
14570
#: serverguide/C/mail.xml:463(para)
14571
msgid ""
14572
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
14573
"security primarily in mind. It supports the major mailbox formats: mbox or "
14574
"Maildir. This section explain how to set it up as an imap or pop3 server."
14575
msgstr ""
14576
14577
#: serverguide/C/mail.xml:471(para)
14578
msgid ""
14579
"To install <application>dovecot</application>, run the following command in "
14580
"the command prompt:"
14581
msgstr ""
14582
14583
#: serverguide/C/mail.xml:476(command)
14584
msgid "sudo apt-get install dovecot-imapd dovecot-pop3d"
14585
msgstr ""
14586
14587
#: serverguide/C/mail.xml:481(para)
14588
msgid ""
14589
"To configure <application>dovecot</application>, you can edit the file "
14590
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
14591
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
14592
"secure). A description of these protocols is beyond the scope of this guide. "
14593
"For further information, refer to the Wikipedia articles on <ulink "
14594
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
14595
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
14596
"link>."
14597
msgstr ""
14598
14599
#: serverguide/C/mail.xml:491(para)
14600
msgid ""
14601
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
14602
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
14603
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
14604
msgstr ""
14605
14606
#: serverguide/C/mail.xml:497(programlisting)
14607
#, no-wrap
14608
msgid ""
14609
"\n"
14610
"protocols = pop3 pop3s imap imaps\n"
14611
msgstr ""
14612
14613
#: serverguide/C/mail.xml:500(para)
14614
msgid ""
14615
"Next, choose the mailbox you would like to use. "
14616
"<application>Dovecot</application> supports <emphasis "
14617
"role=\"strong\">maildir</emphasis> and <emphasis "
14618
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
14619
"mailbox formats. They both have their own benefits and are discussed on "
14620
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
14621
"site</ulink>."
14622
msgstr ""
14623
14624
#: serverguide/C/mail.xml:508(para)
14625
msgid ""
14626
"Once you have chosen your mailbox type, edit the file "
14627
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
14628
msgstr ""
14629
14630
#: serverguide/C/mail.xml:513(programlisting)
14631
#, no-wrap
14632
msgid ""
14633
"\n"
14634
"mail_location = maildir:~/Maildir # (for maildir)\n"
14635
"or\n"
14636
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
14637
msgstr ""
14638
14639
#: serverguide/C/mail.xml:519(para)
14640
msgid ""
14641
"You should configure your Mail Transport Agent (MTA) to transfer the "
14642
"incoming mail to this type of mailbox if it is different from the one you "
14643
"have configured."
14644
msgstr ""
14645
14646
#: serverguide/C/mail.xml:525(para)
14647
msgid ""
14648
"Once you have configured dovecot, restart the "
14649
"<application>dovecot</application> daemon in order to test your setup:"
14650
msgstr ""
14651
14652
#: serverguide/C/mail.xml:531(command)
14653
msgid "sudo /etc/init.d/dovecot restart"
14654
msgstr ""
14655
14656
#: serverguide/C/mail.xml:534(para)
14657
msgid ""
14658
"If you have enabled imap, or pop3, you can also try to log in with the "
14659
"commands <command>telnet localhost pop3</command> or <command>telnet "
14660
"localhost imap2</command>. If you see something like the following, the "
14661
"installation has been successful:"
14662
msgstr ""
14663
14664
#: serverguide/C/mail.xml:541(programlisting)
14665
#, no-wrap
14666
msgid ""
14667
"\n"
14668
"bhuvan@rainbow:~$ telnet localhost pop3\n"
14669
"Trying 127.0.0.1...\n"
14670
"Connected to localhost.localdomain.\n"
14671
"Escape character is '^]'.\n"
14672
"+OK Dovecot ready.\n"
14673
msgstr ""
14674
14675
#: serverguide/C/mail.xml:550(title)
14676
msgid "Dovecot SSL Configuration"
14677
msgstr ""
14678
14679
#: serverguide/C/mail.xml:551(para)
14680
msgid ""
14681
"To configure <application>dovecot</application> to use SSL, you can edit the "
14682
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
14683
"lines:"
14684
msgstr ""
14685
14686
#: serverguide/C/mail.xml:556(programlisting)
14687
#, no-wrap
14688
msgid ""
14689
"\n"
14690
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
14691
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
14692
"ssl_disable = no\n"
14693
"disable_plaintext_auth = no\n"
14694
msgstr ""
14695
14696
#: serverguide/C/mail.xml:562(para)
14697
msgid ""
14698
"You can get the SSL certificate from a Certificate Issuing Authority or you "
14699
"can create self signed SSL certificate. The latter is a good option for "
14700
"email, because SMTP clients rarely complain about \"self-signed "
14701
"certificates\". Please refer to <xref linkend=\"certificates-and-"
14702
"security\"/> for details about how to create self signed SSL certificate. "
14703
"Once you create the certificate, you will have a key file and a certificate "
14704
"file. Please copy them to the location pointed in the "
14705
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
14706
msgstr ""
14707
14708
#: serverguide/C/mail.xml:577(title)
14709
msgid "Firewall Configuration for an Email Server"
14710
msgstr "Elektroninio Pašto Serverio Užkardų Konfigūravimas"
14711
14712
#: serverguide/C/mail.xml:583(para)
14713
msgid "IMAP - 143"
14714
msgstr "IMAP - 143"
14715
14716
#: serverguide/C/mail.xml:584(para)
14717
msgid "IMAPS - 993"
14718
msgstr "IMAPS - 993"
14719
14720
#: serverguide/C/mail.xml:585(para)
14721
msgid "POP3 - 110"
14722
msgstr "POP3 - 110"
14723
14724
#: serverguide/C/mail.xml:586(para)
14725
msgid "POP3S - 995"
14726
msgstr "POP3S - 995"
14727
14728
#: serverguide/C/mail.xml:578(para)
14729
msgid ""
14730
"To access your mail server from another computer, you must configure your "
14731
"firewall to allow connections to the server on the necessary ports. "
14732
"<placeholder-1/>"
14733
msgstr ""
14734
14735
#: serverguide/C/mail.xml:595(para)
14736
msgid ""
14737
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
14738
"more information."
14739
msgstr ""
14740
14741
#: serverguide/C/mail.xml:604(title) serverguide/C/mail.xml:681(title) serverguide/C/mail.xml:904(title)
14742
msgid "Mailman"
14743
msgstr ""
14744
14745
#: serverguide/C/mail.xml:605(para)
14746
msgid ""
14747
"Mailman is an open source program for managing electronic mail discussions "
14748
"and e-newsletter lists. Many open source mailing lists (including all the "
14749
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
14750
"Mailman as their mailing list software. It is powerful and easy to install "
14751
"and maintain."
14752
msgstr ""
14753
14754
#: serverguide/C/mail.xml:615(para)
14755
msgid ""
14756
"Mailman provides a web interface for the administrators and users, using an "
14757
"external mail server to send and receive emails. It works perfectly with the "
14758
"following mail servers:"
14759
msgstr ""
14760
14761
#: serverguide/C/mail.xml:626(application)
14762
msgid "Exim"
14763
msgstr ""
14764
14765
#: serverguide/C/mail.xml:629(application)
14766
msgid "Sendmail"
14767
msgstr ""
14768
14769
#: serverguide/C/mail.xml:632(application)
14770
msgid "Qmail"
14771
msgstr ""
14772
14773
#: serverguide/C/mail.xml:637(para)
14774
msgid ""
14775
"We will see how to install and configure Mailman with, the Apache web "
14776
"server, and either the Postfix or Exim mail server. If you wish to install "
14777
"Mailman with a different mail server, please refer to the references section."
14778
msgstr ""
14779
14780
#: serverguide/C/mail.xml:644(para)
14781
msgid ""
14782
"You only need to install one mail server and "
14783
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
14784
msgstr ""
14785
14786
#: serverguide/C/mail.xml:649(title) serverguide/C/mail.xml:708(title)
14787
msgid "Apache2"
14788
msgstr "Apache2"
14789
14790
#: serverguide/C/mail.xml:650(para)
14791
msgid ""
14792
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
14793
"installation\">HTTPD Installation</ulink> section for details."
14794
msgstr ""
14795
14796
#: serverguide/C/mail.xml:658(para)
14797
msgid ""
14798
"For instructions on installing and configuring Postfix refer to <xref "
14799
"linkend=\"postfix\"/>"
14800
msgstr ""
14801
14802
#: serverguide/C/mail.xml:664(para)
14803
msgid "To install Exim4 refer to <xref linkend=\"exim4\"/>."
14804
msgstr ""
14805
14806
#: serverguide/C/mail.xml:675(application)
14807
msgid "dc_use_split_config='true'"
14808
msgstr ""
14809
14810
#: serverguide/C/mail.xml:667(para)
14811
msgid ""
14812
"Once exim4 is installed, the configuration files are stored in the "
14813
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
14814
"configuration files are split across different files. You can change this "
14815
"behavior by changing the following variable in the "
14816
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
14817
msgstr ""
14818
14819
#: serverguide/C/mail.xml:682(para)
14820
msgid ""
14821
"To install <application>Mailman</application>, run following command at a "
14822
"terminal prompt:"
14823
msgstr ""
14824
14825
#: serverguide/C/mail.xml:686(command)
14826
msgid "sudo apt-get install mailman"
14827
msgstr ""
14828
14829
#: serverguide/C/mail.xml:688(para)
14830
msgid ""
14831
"It copies the installation files in "
14832
"<application>/var/lib/mailman</application> directory. It installs the CGI "
14833
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
14834
"creates <emphasis>list</emphasis> linux user. It creates the "
14835
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
14836
"this user."
14837
msgstr ""
14838
14839
#: serverguide/C/mail.xml:700(para)
14840
msgid ""
14841
"This section assumes you have successfully installed "
14842
"<application>mailman</application>, <application>apache2</application>, and "
14843
"<application>postfix</application> or <application>exim4</application>. Now "
14844
"you just need to configure them."
14845
msgstr ""
14846
14847
#: serverguide/C/mail.xml:709(para)
14848
msgid ""
14849
"An example Apache configuration file comes with "
14850
"<application>Mailman</application> and is placed in "
14851
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
14852
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
14853
"available</filename>:"
14854
msgstr ""
14855
14856
#: serverguide/C/mail.xml:715(command)
14857
msgid ""
14858
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
14859
msgstr ""
14860
14861
#: serverguide/C/mail.xml:717(para)
14862
msgid ""
14863
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
14864
"Mailman administration site. Now enable the new configuration and restart "
14865
"Apache:"
14866
msgstr ""
14867
14868
#: serverguide/C/mail.xml:722(command)
14869
msgid "sudo a2ensite mailman.conf"
14870
msgstr ""
14871
14872
#: serverguide/C/mail.xml:725(para)
14873
msgid ""
14874
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
14875
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
14876
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
14877
"can make changes to the <filename>/etc/apache2/sites-"
14878
"available/mailman.conf</filename> file if you wish to change this behavior."
14879
msgstr ""
14880
14881
#: serverguide/C/mail.xml:736(para)
14882
msgid ""
14883
"For <application>Postfix</application> integration, we will associate the "
14884
"domain lists.example.com with the mailing lists. Please replace "
14885
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
14886
msgstr ""
14887
14888
#: serverguide/C/mail.xml:740(para)
14889
msgid ""
14890
"You can use the postconf command to add the necessary configuration to "
14891
"<filename>/etc/postfix/main.cf</filename>:"
14892
msgstr ""
14893
14894
#: serverguide/C/mail.xml:744(command)
14895
msgid "sudo postconf -e 'relay_domains = lists.example.com'"
14896
msgstr ""
14897
14898
#: serverguide/C/mail.xml:745(command)
14899
msgid "sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'"
14900
msgstr ""
14901
14902
#: serverguide/C/mail.xml:746(command)
14903
msgid "sudo postconf -e 'mailman_destination_recipient_limit = 1'"
14904
msgstr ""
14905
14906
#: serverguide/C/mail.xml:748(para)
14907
msgid ""
14908
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
14909
"the following transport:"
14910
msgstr ""
14911
14912
#: serverguide/C/mail.xml:751(programlisting)
14913
#, no-wrap
14914
msgid ""
14915
"\n"
14916
"mailman unix - n n - - pipe\n"
14917
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
14918
" ${nexthop} ${user}\n"
14919
msgstr ""
14920
14921
#: serverguide/C/mail.xml:756(para)
14922
msgid ""
14923
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
14924
"is delivered to a list."
14925
msgstr ""
14926
14927
#: serverguide/C/mail.xml:759(para)
14928
msgid ""
14929
"Associate the domain lists.example.com to the Mailman transport with the "
14930
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
14931
msgstr ""
14932
14933
#: serverguide/C/mail.xml:762(programlisting)
14934
#, no-wrap
14935
msgid ""
14936
"\n"
14937
"lists.example.com mailman:\n"
14938
msgstr ""
14939
14940
#: serverguide/C/mail.xml:765(para)
14941
msgid ""
14942
"Now have <application>Postfix</application> build the transport map by "
14943
"entering the following from a terminal prompt:"
14944
msgstr ""
14945
14946
#: serverguide/C/mail.xml:769(command)
14947
msgid "sudo postmap -v /etc/postfix/transport"
14948
msgstr ""
14949
14950
#: serverguide/C/mail.xml:771(para)
14951
msgid "Then restart Postfix to enable the new configurations:"
14952
msgstr ""
14953
14954
#: serverguide/C/mail.xml:780(para)
14955
msgid ""
14956
"Once Exim4 is installed, you can start the Exim server using the following "
14957
"command from a terminal prompt:"
14958
msgstr ""
14959
14960
#: serverguide/C/mail.xml:796(para) serverguide/C/mail.xml:811(title)
14961
msgid "Main"
14962
msgstr ""
14963
14964
#: serverguide/C/mail.xml:799(para) serverguide/C/mail.xml:851(title)
14965
msgid "Transport"
14966
msgstr ""
14967
14968
#: serverguide/C/mail.xml:802(para) serverguide/C/mail.xml:874(title)
14969
msgid "Router"
14970
msgstr ""
14971
14972
#: serverguide/C/mail.xml:787(para)
14973
msgid ""
14974
"In order to make mailman work with Exim4, you need to configure Exim4. As "
14975
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
14976
"different types. For details, please refer to the <ulink "
14977
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
14978
"add new a configuration file to the following configuration types: "
14979
"<placeholder-1/> Exim creates a master configuration file by sorting all "
14980
"these mini configuration files. So, the order of these configuration files "
14981
"is very important."
14982
msgstr ""
14983
14984
#: serverguide/C/mail.xml:818(programlisting)
14985
#, no-wrap
14986
msgid ""
14987
"\n"
14988
"# start\n"
14989
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
14990
"# directory.\n"
14991
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
14992
"# This is normally the same as ~mailman\n"
14993
"MM_HOME=/var/lib/mailman\n"
14994
"#\n"
14995
"# User and group for Mailman, should match your --with-mail-gid\n"
14996
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
14997
"MM_UID=list\n"
14998
"MM_GID=list\n"
14999
"#\n"
15000
"# Domains that your lists are in - colon separated list\n"
15001
"# you may wish to add these into local_domains as well\n"
15002
"domainlist mm_domains=hostname.com\n"
15003
"#\n"
15004
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
15005
"#\n"
15006
"# These values are derived from the ones above and should not need\n"
15007
"# editing unless you have munged your mailman installation\n"
15008
"#\n"
15009
"# The path of the Mailman mail wrapper script\n"
15010
"MM_WRAP=MM_HOME/mail/mailman\n"
15011
"#\n"
15012
"# The path of the list config file (used as a required file when\n"
15013
"# verifying list addresses)\n"
15014
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
15015
"# end\n"
15016
msgstr ""
15017
15018
#: serverguide/C/mail.xml:812(para)
15019
msgid ""
15020
"All the configuration files belonging to the main type are stored in the "
15021
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
15022
"following content to a new file, named <filename>04_exim4-"
15023
"config_mailman</filename>: <placeholder-1/>"
15024
msgstr ""
15025
15026
#: serverguide/C/mail.xml:858(programlisting)
15027
#, no-wrap
15028
msgid ""
15029
"\n"
15030
" mailman_transport:\n"
15031
" driver = pipe\n"
15032
" command = MM_WRAP \\\n"
15033
" '${if def:local_part_suffix \\\n"
15034
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
15035
"\\\n"
15036
" {post}}' \\\n"
15037
" $local_part\n"
15038
" current_directory = MM_HOME\n"
15039
" home_directory = MM_HOME\n"
15040
" user = MM_UID\n"
15041
" group = MM_GID\n"
15042
msgstr ""
15043
15044
#: serverguide/C/mail.xml:852(para)
15045
msgid ""
15046
"All the configuration files belonging to transport type are stored in the "
15047
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
15048
"following content to a new file named <filename> 40_exim4-"
15049
"config_mailman</filename>: <placeholder-1/>"
15050
msgstr ""
15051
15052
#: serverguide/C/mail.xml:879(programlisting)
15053
#, no-wrap
15054
msgid ""
15055
"\n"
15056
" mailman_router:\n"
15057
" driver = accept\n"
15058
" require_files = MM_HOME/lists/$local_part/config.pck\n"
15059
" local_part_suffix_optional\n"
15060
" local_part_suffix = -bounces : -bounces+* : \\\n"
15061
" -confirm+* : -join : -leave : \\\n"
15062
" -owner : -request : -admin\n"
15063
" transport = mailman_transport\n"
15064
msgstr ""
15065
15066
#: serverguide/C/mail.xml:875(para)
15067
msgid ""
15068
"All the configuration files belonging to router type are stored in the "
15069
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
15070
"following content in to a new file named <filename>101_exim4-"
15071
"config_mailman</filename>: <placeholder-1/>"
15072
msgstr ""
15073
15074
#: serverguide/C/mail.xml:892(para)
15075
msgid ""
15076
"The order of main and transport configuration files can be in any order. "
15077
"But, the order of router configuration files must be the same. This "
15078
"particular file must appear before the <application>200_exim4-"
15079
"config_primary</application> file. These two configuration files contain "
15080
"same type of information. The first file takes the precedence. For more "
15081
"details, please refer to the references section."
15082
msgstr ""
15083
15084
#: serverguide/C/mail.xml:905(para)
15085
msgid ""
15086
"Once mailman is installed, you can run it using the following command:"
15087
msgstr ""
15088
15089
#: serverguide/C/mail.xml:909(command)
15090
msgid "sudo /etc/init.d/mailman start"
15091
msgstr ""
15092
15093
#: serverguide/C/mail.xml:911(para)
15094
msgid ""
15095
"Once mailman is installed, you should create the default mailing list. Run "
15096
"the following command to create the mailing list:"
15097
msgstr ""
15098
15099
#: serverguide/C/mail.xml:917(command)
15100
msgid "sudo /usr/sbin/newlist mailman"
15101
msgstr ""
15102
15103
#: serverguide/C/mail.xml:920(programlisting)
15104
#, no-wrap
15105
msgid ""
15106
"\n"
15107
" Enter the email address of the person running the list: bhuvan at "
15108
"ubuntu.com\n"
15109
" Initial mailman password:\n"
15110
" To finish creating your mailing list, you must edit your "
15111
"<filename>/etc/aliases</filename> (or\n"
15112
" equivalent) file by adding the following lines, and possibly running the\n"
15113
" `newaliases' program:\n"
15114
"\n"
15115
" ## mailman mailing list\n"
15116
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
15117
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
15118
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
15119
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
15120
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
15121
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
15122
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
15123
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
15124
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
15125
"mailman\"\n"
15126
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
15127
"mailman\"\n"
15128
"\n"
15129
" Hit enter to notify mailman owner...\n"
15130
"\n"
15131
" # \n"
15132
msgstr ""
15133
15134
#: serverguide/C/mail.xml:943(para)
15135
msgid ""
15136
"We have configured either Postfix or Exim4 to recognize all emails from "
15137
"mailman. So, it is not mandatory to make any new entries in "
15138
"<filename>/etc/aliases</filename>. If you have made any changes to the "
15139
"configuration files, please ensure that you restart those services before "
15140
"continuing to next section."
15141
msgstr ""
15142
15143
#: serverguide/C/mail.xml:962(title)
15144
msgid "Administration"
15145
msgstr "Administravimas"
15146
15147
#: serverguide/C/mail.xml:963(para)
15148
msgid ""
15149
"We assume you have a default installation. The mailman cgi scripts are still "
15150
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
15151
"Mailman provides a web based administration facility. To access this page, "
15152
"point your browser to the following url:"
15153
msgstr ""
15154
15155
#: serverguide/C/mail.xml:971(para)
15156
msgid "http://hostname/cgi-bin/mailman/admin"
15157
msgstr "http://hostname/cgi-bin/mailman/admin"
15158
15159
#: serverguide/C/mail.xml:975(para)
15160
msgid ""
15161
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
15162
"screen. If you click the mailing list name, it will ask for your "
15163
"authentication password. If you enter the correct password, you will be able "
15164
"to change administrative settings of this mailing list. You can create a new "
15165
"mailing list using the command line utility "
15166
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
15167
"mailing list using the web interface."
15168
msgstr ""
15169
15170
#: serverguide/C/mail.xml:988(title)
15171
msgid "Users"
15172
msgstr ""
15173
15174
#: serverguide/C/mail.xml:989(para)
15175
msgid ""
15176
"Mailman provides a web based interface for users. To access this page, point "
15177
"your browser to the following url:"
15178
msgstr ""
15179
15180
#: serverguide/C/mail.xml:994(para)
15181
msgid "http://hostname/cgi-bin/mailman/listinfo"
15182
msgstr "http://hostname/cgi-bin/mailman/listinfo"
15183
15184
#: serverguide/C/mail.xml:998(para)
15185
msgid ""
15186
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
15187
"screen. If you click the mailing list name, it will display the subscription "
15188
"form. You can enter your email address, name (optional), and password to "
15189
"subscribe. An email invitation will be sent to you. You can follow the "
15190
"instructions in the email to subscribe."
15191
msgstr ""
15192
15193
#: serverguide/C/mail.xml:1010(ulink)
15194
msgid "GNU Mailman - Installation Manual"
15195
msgstr ""
15196
15197
#: serverguide/C/mail.xml:1014(ulink)
15198
msgid "HOWTO - Using Exim 4 and Mailman 2.1 together"
15199
msgstr ""
15200
15201
#: serverguide/C/mail.xml:1020(title)
15202
msgid "Mail Filtering"
15203
msgstr ""
15204
15205
#: serverguide/C/mail.xml:1021(para)
15206
msgid ""
15207
"One of the largest issues with email today is the problem of Unsolicited "
15208
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
15209
"and other forms of malware. According to some reports these messages make up "
15210
"the bulk of all email traffic on the Internet."
15211
msgstr ""
15212
15213
#: serverguide/C/mail.xml:1026(para)
15214
msgid ""
15215
"This section will cover integrating <application>Amavisd-new</application>, "
15216
"<application>Spamassassin</application>, and "
15217
"<application>ClamAV</application> with the "
15218
"<application>Postfix</application> Mail Transport Agent (MTA). "
15219
"<application>Postfix</application> can also check email validity by passing "
15220
"it through external content filters. These filters can sometimes determine "
15221
"if a message is spam without needing to process it with more resource "
15222
"intensive applications. Two common filters are <application>dkim-"
15223
"filter</application> and <application>python-policyd-spf</application>."
15224
msgstr ""
15225
15226
#: serverguide/C/mail.xml:1036(para)
15227
msgid ""
15228
"<application>Amavisd-new</application> is a wrapper program that can call "
15229
"any number of content filtering programs for spam detection, antivirus, etc."
15230
msgstr ""
15231
15232
#: serverguide/C/mail.xml:1042(para)
15233
msgid ""
15234
"<application>Spamassassin</application> uses a variety of mechanisms to "
15235
"filter email based on the message content."
15236
msgstr ""
15237
15238
#: serverguide/C/mail.xml:1047(para)
15239
msgid ""
15240
"<application>ClamAV</application> is an open source antivirus application."
15241
msgstr ""
15242
15243
#: serverguide/C/mail.xml:1052(para)
15244
msgid ""
15245
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
15246
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
15247
msgstr ""
15248
15249
#: serverguide/C/mail.xml:1058(para)
15250
msgid ""
15251
"<application>python-policyd-spf</application> enables Sender Policy "
15252
"Framework (SPF) checking with <application>Postfix</application>."
15253
msgstr ""
15254
15255
#: serverguide/C/mail.xml:1063(para)
15256
msgid "This is how the pieces fit together:"
15257
msgstr ""
15258
15259
#: serverguide/C/mail.xml:1068(para)
15260
msgid "An email message is accepted by <application>Postfix</application>."
15261
msgstr ""
15262
15263
#: serverguide/C/mail.xml:1073(para)
15264
msgid ""
15265
"The message is passed through any external filters <application>dkim-"
15266
"filter</application> and <application>python-policyd-spf</application> in "
15267
"this case."
15268
msgstr ""
15269
15270
#: serverguide/C/mail.xml:1079(para)
15271
msgid "<application>Amavisd-new</application> then processes the message."
15272
msgstr ""
15273
15274
#: serverguide/C/mail.xml:1084(para)
15275
msgid ""
15276
"<application>ClamAV</application> is used to scan the message. If the "
15277
"message contains a virus <application>Postfix</application> will reject the "
15278
"message."
15279
msgstr ""
15280
15281
#: serverguide/C/mail.xml:1090(para)
15282
msgid ""
15283
"Clean messages will then be analyzed by "
15284
"<application>Spamassassin</application> to find out if the message is spam. "
15285
"<application>Spamassassin</application> will then add X-Header lines "
15286
"allowing <application>Amavisd-new</application> to further manipulate the "
15287
"message."
15288
msgstr ""
15289
15290
#: serverguide/C/mail.xml:1097(para)
15291
msgid ""
15292
"For example, if a message has a Spam score of over fifty the message could "
15293
"be automatically dropped from the queue without the recipient ever having to "
15294
"be bothered. Another, way to handle flagged messages is to deliver them to "
15295
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
15296
"see fit."
15297
msgstr ""
15298
15299
#: serverguide/C/mail.xml:1104(para)
15300
msgid ""
15301
"See <xref linkend=\"postfix\"/> for instructions on installing and "
15302
"configuring Postfix."
15303
msgstr ""
15304
15305
#: serverguide/C/mail.xml:1107(para)
15306
msgid ""
15307
"To install the rest of the applications enter the following from a terminal "
15308
"prompt:"
15309
msgstr ""
15310
15311
#: serverguide/C/mail.xml:1111(command)
15312
msgid "sudo apt-get install amavisd-new spamassassin clamav-daemon"
15313
msgstr ""
15314
15315
#: serverguide/C/mail.xml:1112(command)
15316
msgid "sudo apt-get install dkim-filter python-policyd-spf"
15317
msgstr ""
15318
15319
#: serverguide/C/mail.xml:1114(para)
15320
msgid ""
15321
"There are some optional packages that integrate with "
15322
"<application>Spamassassin</application> for better spam detection:"
15323
msgstr ""
15324
15325
#: serverguide/C/mail.xml:1118(command)
15326
msgid "sudo apt-get install pyzor razor"
15327
msgstr ""
15328
15329
#: serverguide/C/mail.xml:1120(para)
15330
msgid ""
15331
"Along with the main filtering applications compression utilities are needed "
15332
"to process some email attachments:"
15333
msgstr ""
15334
15335
#: serverguide/C/mail.xml:1124(command)
15336
msgid ""
15337
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip "
15338
"zoo"
15339
msgstr ""
15340
15341
#: serverguide/C/mail.xml:1129(para)
15342
msgid "Now configure everything to work together and filter email."
15343
msgstr ""
15344
15345
#: serverguide/C/mail.xml:1133(title)
15346
msgid "ClamAV"
15347
msgstr ""
15348
15349
#: serverguide/C/mail.xml:1134(para)
15350
msgid ""
15351
"The default behaviour of <application>ClamAV</application> will fit our "
15352
"needs. For more ClamAV configuration options, check the configuration files "
15353
"in <filename>/etc/clamav</filename>."
15354
msgstr ""
15355
15356
#: serverguide/C/mail.xml:1139(para)
15357
msgid ""
15358
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
15359
"group in order for <application>Amavisd-new</application> to have the "
15360
"appropriate access to scan files:"
15361
msgstr ""
15362
15363
#: serverguide/C/mail.xml:1144(command)
15364
msgid "sudo adduser clamav amavis"
15365
msgstr ""
15366
15367
#: serverguide/C/mail.xml:1148(title)
15368
msgid "Spamassassin"
15369
msgstr ""
15370
15371
#: serverguide/C/mail.xml:1149(para)
15372
msgid ""
15373
"Spamassassin automatically detects optional components and will use them if "
15374
"they are present. This means that there is no need to configure "
15375
"<application>pyzor</application> and <application>razor</application>."
15376
msgstr ""
15377
15378
#: serverguide/C/mail.xml:1153(para)
15379
msgid ""
15380
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
15381
"<application>Spamassassin</application> daemon. Change "
15382
"<emphasis>ENABLED=0</emphasis> to:"
15383
msgstr ""
15384
15385
#: serverguide/C/mail.xml:1157(programlisting)
15386
#, no-wrap
15387
msgid ""
15388
"\n"
15389
"ENABLED=1\n"
15390
msgstr ""
15391
15392
#: serverguide/C/mail.xml:1160(para)
15393
msgid "Now start the daemon:"
15394
msgstr ""
15395
15396
#: serverguide/C/mail.xml:1164(command)
15397
msgid "sudo /etc/init.d/spamassassin start"
15398
msgstr ""
15399
15400
#: serverguide/C/mail.xml:1168(title)
15401
msgid "Amavisd-new"
15402
msgstr ""
15403
15404
#: serverguide/C/mail.xml:1169(para)
15405
msgid ""
15406
"First activate spam and antivirus detection in <application>Amavisd-"
15407
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
15408
"content_filter_mode</filename>:"
15409
msgstr ""
15410
15411
#: serverguide/C/mail.xml:1173(programlisting)
15412
#, no-wrap
15413
msgid ""
15414
"\n"
15415
"use strict;\n"
15416
"\n"
15417
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
15418
"# and to re-enable antivirus checking.\n"
15419
"\n"
15420
"#\n"
15421
"# Default antivirus checking mode\n"
15422
"# Uncomment the two lines below to enable it\n"
15423
"#\n"
15424
"\n"
15425
"@bypass_virus_checks_maps = (\n"
15426
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
15427
"$bypass_virus_checks_re);\n"
15428
"\n"
15429
"\n"
15430
"#\n"
15431
"# Default SPAM checking mode\n"
15432
"# Uncomment the two lines below to enable it\n"
15433
"#\n"
15434
"\n"
15435
"@bypass_spam_checks_maps = (\n"
15436
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
15437
"$bypass_spam_checks_re);\n"
15438
"\n"
15439
"1; # insure a defined return\n"
15440
msgstr ""
15441
15442
#: serverguide/C/mail.xml:1198(para)
15443
msgid ""
15444
"Bouncing spam can be a bad idea as the return address is often faked. "
15445
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
15446
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
15447
"D_BOUNCE, as follows:"
15448
msgstr ""
15449
15450
#: serverguide/C/mail.xml:1203(programlisting)
15451
#, no-wrap
15452
msgid ""
15453
"\n"
15454
"$final_spam_destiny = D_DISCARD;\n"
15455
msgstr ""
15456
15457
#: serverguide/C/mail.xml:1207(para)
15458
msgid ""
15459
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
15460
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
15461
"option. Also, if the server receives mail for multiple domains the "
15462
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
15463
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
15464
msgstr ""
15465
15466
#: serverguide/C/mail.xml:1214(programlisting)
15467
#, no-wrap
15468
msgid ""
15469
"\n"
15470
"$myhostname = 'mail.example.com';\n"
15471
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
15472
msgstr ""
15473
15474
#: serverguide/C/mail.xml:1219(para)
15475
msgid ""
15476
"After configuration <application>Amavisd-new</application> needs to be "
15477
"restarted:"
15478
msgstr ""
15479
15480
#: serverguide/C/mail.xml:1223(command) serverguide/C/mail.xml:1269(command)
15481
msgid "sudo /etc/init.d/amavis restart"
15482
msgstr ""
15483
15484
#: serverguide/C/mail.xml:1226(title)
15485
msgid "DKIM Whitelist"
15486
msgstr ""
15487
15488
#: serverguide/C/mail.xml:1228(para)
15489
msgid ""
15490
"<application>Amavisd-new</application> can be configured to automatically "
15491
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
15492
"Keys. There are some pre-configured domains in the "
15493
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
15494
msgstr ""
15495
15496
#: serverguide/C/mail.xml:1234(para)
15497
msgid "There are multiple ways to configure the Whitelist for a domain:"
15498
msgstr ""
15499
15500
#: serverguide/C/mail.xml:1240(para)
15501
msgid ""
15502
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
15503
"address from the \"example.com\" domain."
15504
msgstr ""
15505
15506
#: serverguide/C/mail.xml:1245(para)
15507
msgid ""
15508
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
15509
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
15510
"have a valid signature."
15511
msgstr ""
15512
15513
#: serverguide/C/mail.xml:1251(para)
15514
msgid ""
15515
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
15516
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
15517
"role=\"italic\">example.com</emphasis> the parent domain."
15518
msgstr ""
15519
15520
#: serverguide/C/mail.xml:1257(para)
15521
msgid ""
15522
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
15523
"that have a valid signature from \"example.com\". This is usually used for "
15524
"discussion groups that sign thier messages."
15525
msgstr ""
15526
15527
#: serverguide/C/mail.xml:1264(para)
15528
msgid ""
15529
"A domain can also have multiple Whitelist configurations. After, editing the "
15530
"file restart <application>amaisd-new</application>:"
15531
msgstr ""
15532
15533
#: serverguide/C/mail.xml:1273(para)
15534
msgid ""
15535
"In this context, once a domain has been added to the Whitelist the message "
15536
"will not receive any anti-virus or spam filtering. This may or may not be "
15537
"the intended behavior you wish for a domain."
15538
msgstr ""
15539
15540
#: serverguide/C/mail.xml:1283(para)
15541
msgid ""
15542
"For <application>Postfix</application> integration, enter the following from "
15543
"a terminal prompt:"
15544
msgstr ""
15545
15546
#: serverguide/C/mail.xml:1287(command)
15547
msgid "sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'"
15548
msgstr ""
15549
15550
#: serverguide/C/mail.xml:1289(para)
15551
msgid ""
15552
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
15553
"to the end of the file:"
15554
msgstr ""
15555
15556
#: serverguide/C/mail.xml:1292(programlisting)
15557
#, no-wrap
15558
msgid ""
15559
"\n"
15560
"smtp-amavis unix - - - - 2 smtp\n"
15561
" -o smtp_data_done_timeout=1200\n"
15562
" -o smtp_send_xforward_command=yes\n"
15563
" -o disable_dns_lookups=yes\n"
15564
" -o max_use=20\n"
15565
"\n"
15566
"127.0.0.1:10025 inet n - - - - smtpd\n"
15567
" -o content_filter=\n"
15568
" -o local_recipient_maps=\n"
15569
" -o relay_recipient_maps=\n"
15570
" -o smtpd_restriction_classes=\n"
15571
" -o smtpd_delay_reject=no\n"
15572
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
15573
" -o smtpd_helo_restrictions=\n"
15574
" -o smtpd_sender_restrictions=\n"
15575
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
15576
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
15577
" -o smtpd_end_of_data_restrictions=\n"
15578
" -o mynetworks=127.0.0.0/8\n"
15579
" -o smtpd_error_sleep_time=0\n"
15580
" -o smtpd_soft_error_limit=1001\n"
15581
" -o smtpd_hard_error_limit=1000\n"
15582
" -o smtpd_client_connection_count_limit=0\n"
15583
" -o smtpd_client_connection_rate_limit=0\n"
15584
" -o "
15585
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
15586
msgstr ""
15587
15588
#: serverguide/C/mail.xml:1319(para)
15589
msgid ""
15590
"Also add the following two lines immediately below the "
15591
"<emphasis>\"pickup\"</emphasis> transport service:"
15592
msgstr ""
15593
15594
#: serverguide/C/mail.xml:1322(programlisting)
15595
#, no-wrap
15596
msgid ""
15597
"\n"
15598
" -o content_filter=\n"
15599
" -o receive_override_options=no_header_body_checks\n"
15600
msgstr ""
15601
15602
#: serverguide/C/mail.xml:1326(para)
15603
msgid ""
15604
"This will prevent messages that are generated to report on spam from being "
15605
"classified as spam."
15606
msgstr ""
15607
15608
#: serverguide/C/mail.xml:1329(para)
15609
msgid "Now restart <application>Postfix</application>:"
15610
msgstr ""
15611
15612
#: serverguide/C/mail.xml:1335(para)
15613
msgid "Content filtering with spam and virus detection is now enabled."
15614
msgstr ""
15615
15616
#: serverguide/C/mail.xml:1342(para)
15617
msgid ""
15618
"First, test that the <application>Amavisd-new</application> SMTP is "
15619
"listening:"
15620
msgstr ""
15621
15622
#: serverguide/C/mail.xml:1345(programlisting)
15623
#, no-wrap
15624
msgid ""
15625
"\n"
15626
"telnet localhost 10024\n"
15627
"Trying 127.0.0.1...\n"
15628
"Connected to localhost.\n"
15629
"Escape character is '^]'.\n"
15630
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
15631
"^]\n"
15632
msgstr ""
15633
15634
#: serverguide/C/mail.xml:1353(para)
15635
msgid ""
15636
"In the Header of messages that go through the content filter you should see:"
15637
msgstr ""
15638
15639
#: serverguide/C/mail.xml:1356(programlisting)
15640
#, no-wrap
15641
msgid ""
15642
"\n"
15643
"X-Spam-Level: \n"
15644
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
15645
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
15646
"BAYES_00\n"
15647
"X-Spam-Level: \n"
15648
msgstr ""
15649
15650
#: serverguide/C/mail.xml:1363(para)
15651
msgid ""
15652
"Your output will vary, but the important thing is that there are <emphasis>X-"
15653
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
15654
msgstr ""
15655
15656
#: serverguide/C/mail.xml:1371(para)
15657
msgid ""
15658
"The best way to figure out why something is going wrong is to check the log "
15659
"files."
15660
msgstr ""
15661
15662
#: serverguide/C/mail.xml:1376(para)
15663
msgid ""
15664
"For instructions on <application>Postfix</application> logging see the <xref "
15665
"linkend=\"postfix-troubleshooting\"/> section."
15666
msgstr ""
15667
15668
#: serverguide/C/mail.xml:1382(para)
15669
msgid ""
15670
"<application>Amavisd-new</application> uses "
15671
"<application>Syslog</application> to send messages to "
15672
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
15673
"increased by adding the <emphasis>$log_level</emphasis> option to "
15674
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
15675
"1 to 5."
15676
msgstr ""
15677
15678
#: serverguide/C/mail.xml:1387(programlisting)
15679
#, no-wrap
15680
msgid ""
15681
"\n"
15682
"$log_level = 2;\n"
15683
msgstr ""
15684
15685
#: serverguide/C/mail.xml:1391(para)
15686
msgid ""
15687
"When the <application>Amavisd-new</application> log output is increased "
15688
"<application>Spamassassin</application> log output is also increased."
15689
msgstr ""
15690
15691
#: serverguide/C/mail.xml:1398(para)
15692
msgid ""
15693
"The <application>ClamAV</application> log level can be increased by editing "
15694
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
15695
msgstr ""
15696
15697
#: serverguide/C/mail.xml:1402(programlisting)
15698
#, no-wrap
15699
msgid ""
15700
"\n"
15701
"LogVerbose true\n"
15702
msgstr ""
15703
15704
#: serverguide/C/mail.xml:1405(para)
15705
msgid ""
15706
"By default <application>ClamAV</application> will send log messages to "
15707
"<filename>/var/log/clamav/clamav.log</filename>."
15708
msgstr ""
15709
15710
#: serverguide/C/mail.xml:1411(para)
15711
msgid ""
15712
"After changing an applications log settings remember to restart the service "
15713
"for the new settings to take affect. Also, once the issue you are "
15714
"troubleshooting is resolved it is a good idea to change the log settings "
15715
"back to normal."
15716
msgstr ""
15717
15718
#: serverguide/C/mail.xml:1419(para)
15719
msgid "For more information on filtering mail see the following links:"
15720
msgstr ""
15721
15722
#: serverguide/C/mail.xml:1425(ulink)
15723
msgid "Amavisd-new Documentation"
15724
msgstr ""
15725
15726
#: serverguide/C/mail.xml:1429(para)
15727
msgid ""
15728
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
15729
"Documentation</ulink> and <ulink "
15730
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
15731
msgstr ""
15732
15733
#: serverguide/C/mail.xml:1436(ulink)
15734
msgid "Spamassassin Wiki"
15735
msgstr ""
15736
15737
#: serverguide/C/mail.xml:1441(ulink)
15738
msgid "Pyzor Homepage"
15739
msgstr ""
15740
15741
#: serverguide/C/mail.xml:1446(ulink)
15742
msgid "Razor Homepage"
15743
msgstr ""
15744
15745
#: serverguide/C/mail.xml:1451(ulink)
15746
msgid "DKIM.org"
15747
msgstr ""
15748
15749
#: serverguide/C/mail.xml:1455(para)
15750
msgid ""
15751
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
15752
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
15753
msgstr ""
15754
15755
#: serverguide/C/lamp-applications.xml:13(title)
15756
msgid "LAMP Applications"
15757
msgstr ""
15758
15759
#: serverguide/C/lamp-applications.xml:19(para)
15760
msgid ""
15761
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
15762
"Ubuntu servers. There is a plethora of Open Source applications written "
15763
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
15764
"Content Management Systems, and Management Software such as phpMyAdmin."
15765
msgstr ""
15766
15767
#: serverguide/C/lamp-applications.xml:26(para)
15768
msgid ""
15769
"One advantage of LAMP is the substantial flexibility for different database, "
15770
"web server, and scripting languages. Popular substitutes for MySQL include "
15771
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
15772
"instead of PHP."
15773
msgstr ""
15774
15775
#: serverguide/C/lamp-applications.xml:32(para)
15776
msgid ""
15777
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
15778
"is:"
15779
msgstr ""
15780
15781
#: serverguide/C/lamp-applications.xml:38(para)
15782
msgid "Download an archive containing the application source files."
15783
msgstr ""
15784
15785
#: serverguide/C/lamp-applications.xml:43(para)
15786
msgid ""
15787
"Unpack the archive, usually in a directory accessible to a web server."
15788
msgstr ""
15789
15790
#: serverguide/C/lamp-applications.xml:48(para)
15791
msgid ""
15792
"Depending on where the source was extracted, configure a web browser to "
15793
"serve the files."
15794
msgstr ""
15795
15796
#: serverguide/C/lamp-applications.xml:53(para)
15797
msgid "Configure the application to connect to the database."
15798
msgstr ""
15799
15800
#: serverguide/C/lamp-applications.xml:58(para)
15801
msgid ""
15802
"Run a script, or browse to a page of the application, to install the "
15803
"database needed by the application."
15804
msgstr ""
15805
15806
#: serverguide/C/lamp-applications.xml:63(para)
15807
msgid ""
15808
"Once the steps above, or similar steps, are completed you are ready to begin "
15809
"using the application."
15810
msgstr ""
15811
15812
#: serverguide/C/lamp-applications.xml:69(para)
15813
msgid ""
15814
"A disadvantage of using this approach is that the application files are not "
15815
"placed in the file system in a standard way, which can cause confusion as to "
15816
"where the application is installed. Another larger disadvantage is updating "
15817
"the application. When a new version is released, the same process used to "
15818
"install the application is needed to apply updates."
15819
msgstr ""
15820
15821
#: serverguide/C/lamp-applications.xml:76(para)
15822
msgid ""
15823
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
15824
"packaged for Ubuntu, and are available for installation in the same way as "
15825
"non-LAMP applications. Depending on the application some extra configuration "
15826
"and setup steps may be needed, however."
15827
msgstr ""
15828
15829
#: serverguide/C/lamp-applications.xml:82(para)
15830
msgid ""
15831
"This section covers howto install and configure the Wiki applications "
15832
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
15833
"and the MySQL management application <application>phpMyAdmin</application>."
15834
msgstr ""
15835
15836
#: serverguide/C/lamp-applications.xml:88(para)
15837
msgid ""
15838
"A Wiki is a website that allows the visitors to easily add, remove and "
15839
"modify available content easily. The ease of interaction and operation makes "
15840
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
15841
"also referred to the collaborative software."
15842
msgstr ""
15843
15844
#: serverguide/C/lamp-applications.xml:100(title)
15845
msgid "Moin Moin"
15846
msgstr "Moin Moin"
15847
15848
#: serverguide/C/lamp-applications.xml:102(para)
15849
msgid ""
15850
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
15851
"engine, and licensed under the GNU GPL."
15852
msgstr ""
15853
15854
#: serverguide/C/lamp-applications.xml:110(para)
15855
msgid ""
15856
"To install <application>MoinMoin</application>, run the following command in "
15857
"the command prompt:"
15858
msgstr ""
15859
15860
#: serverguide/C/lamp-applications.xml:116(command)
15861
msgid "sudo apt-get install python-moinmoin"
15862
msgstr ""
15863
15864
#: serverguide/C/lamp-applications.xml:119(para)
15865
msgid ""
15866
"You should also install <application>apache2</application> web server. For "
15867
"installing <application>apache2</application> web server, please refer to "
15868
"<xref linkend=\"http-installation\"/> sub-section in <xref "
15869
"linkend=\"httpd\"/> section."
15870
msgstr ""
15871
15872
#: serverguide/C/lamp-applications.xml:130(para)
15873
msgid ""
15874
"For configuring your first Wiki application, please run the following set of "
15875
"commands. Let us assume that you are creating a Wiki named "
15876
"<emphasis>mywiki</emphasis>:"
15877
msgstr ""
15878
15879
#: serverguide/C/lamp-applications.xml:137(command)
15880
msgid "cd /usr/share/moin"
15881
msgstr ""
15882
15883
#: serverguide/C/lamp-applications.xml:138(command)
15884
msgid "sudo mkdir mywiki"
15885
msgstr ""
15886
15887
#: serverguide/C/lamp-applications.xml:139(command)
15888
msgid "sudo cp -R data mywiki"
15889
msgstr ""
15890
15891
#: serverguide/C/lamp-applications.xml:140(command)
15892
msgid "sudo cp -R underlay mywiki"
15893
msgstr ""
15894
15895
#: serverguide/C/lamp-applications.xml:141(command)
15896
msgid "sudo cp server/moin.cgi mywiki"
15897
msgstr ""
15898
15899
#: serverguide/C/lamp-applications.xml:142(command)
15900
msgid "sudo chown -R www-data.www-data mywiki"
15901
msgstr ""
15902
15903
#: serverguide/C/lamp-applications.xml:143(command)
15904
msgid "sudo chmod -R ug+rwX mywiki"
15905
msgstr ""
15906
15907
#: serverguide/C/lamp-applications.xml:144(command)
15908
msgid "sudo chmod -R o-rwx mywiki"
15909
msgstr ""
15910
15911
#: serverguide/C/lamp-applications.xml:147(para)
15912
msgid ""
15913
"Now you should configure <application>MoinMoin</application> to find your "
15914
"new Wiki <emphasis>mywiki</emphasis>. To configure "
15915
"<application>MoinMoin</application>, open "
15916
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
15917
msgstr ""
15918
15919
#: serverguide/C/lamp-applications.xml:155(programlisting)
15920
#, no-wrap
15921
msgid "data_dir = '/org/mywiki/data'"
15922
msgstr ""
15923
15924
#: serverguide/C/lamp-applications.xml:157(para)
15925
msgid "to"
15926
msgstr ""
15927
15928
#: serverguide/C/lamp-applications.xml:161(programlisting)
15929
#, no-wrap
15930
msgid "data_dir = '/usr/share/moin/mywiki/data'"
15931
msgstr ""
15932
15933
#: serverguide/C/lamp-applications.xml:163(para)
15934
msgid ""
15935
"Also, below the <emphasis>data_dir</emphasis> option add the "
15936
"<emphasis>data_underlay_dir</emphasis>:"
15937
msgstr ""
15938
15939
#: serverguide/C/lamp-applications.xml:167(programlisting)
15940
#, no-wrap
15941
msgid ""
15942
"\n"
15943
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
15944
msgstr ""
15945
15946
#: serverguide/C/lamp-applications.xml:172(para)
15947
msgid ""
15948
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
15949
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
15950
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
15951
"change."
15952
msgstr ""
15953
"Jeigu <filename>/etc/moin/mywiki.py</filename> byla neegzistuoja, jūs turite "
15954
"nukopijuoti <filename>/etc/moin/moinmaster.py</filename> bylą į "
15955
"<filename>/etc/moin/mywiki.py</filename> bylą ir padaryti aukščiau minėtą "
15956
"pakeitimą."
15957
15958
#: serverguide/C/lamp-applications.xml:181(para)
15959
msgid ""
15960
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
15961
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
15962
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
15963
"<quote>(\"mywiki\", r\".*\")</quote>."
15964
msgstr ""
15965
"Jeigu jūs pavadinote Wiki <emphasis>my_wiki_name</emphasis> jūs turite "
15966
"įterpti eilutę <quote>(\"my_wiki_name\", r\".*\")</quote> į "
15967
"<filename>/etc/moin/farmconfig.py</filename> bylą po <quote>(\"mywiki\", "
15968
"r\".*\")</quote> eilutės."
15969
15970
#: serverguide/C/lamp-applications.xml:189(para)
15971
msgid ""
15972
"Once you have configured <application>MoinMoin</application> to find your "
15973
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
15974
"<application>apache2</application> and make it ready for your Wiki "
15975
"application."
15976
msgstr ""
15977
15978
#: serverguide/C/lamp-applications.xml:196(para)
15979
msgid ""
15980
"You should add the following lines in <filename>/etc/apache2/sites-"
15981
"available/default</filename> file inside the <quote><VirtualHost "
15982
"*></quote> tag:"
15983
msgstr ""
15984
"Jūs turite pridėti šias eilutes prie <filename>/etc/apache2/sites-"
15985
"available/default</filename> bylos <quote><VirtualHost *></quote> "
15986
"gairės viduje:"
15987
15988
#: serverguide/C/lamp-applications.xml:202(programlisting)
15989
#, no-wrap
15990
msgid ""
15991
"\n"
15992
"### moin\n"
15993
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
15994
" alias /moin_static181 \"/usr/share/moin/htdocs\"\n"
15995
" <Directory /usr/share/moin/htdocs>\n"
15996
" Order allow,deny\n"
15997
" allow from all\n"
15998
" </Directory>\n"
15999
"### end moin\n"
16000
msgstr ""
16001
16002
#: serverguide/C/lamp-applications.xml:213(para)
16003
msgid ""
16004
"Once you configure the <application>apache2</application> web server and "
16005
"make it ready for your Wiki application, you should restart it. You can run "
16006
"the following command to restart the <application>apache2</application> web "
16007
"server:"
16008
msgstr ""
16009
16010
#: serverguide/C/lamp-applications.xml:226(title)
16011
msgid "Verification"
16012
msgstr "Tikrinimas"
16013
16014
#: serverguide/C/lamp-applications.xml:228(para)
16015
msgid ""
16016
"You can verify the Wiki application and see if it works by pointing your web "
16017
"browser to the following URL:"
16018
msgstr ""
16019
16020
#: serverguide/C/lamp-applications.xml:232(programlisting)
16021
#, no-wrap
16022
msgid ""
16023
"\n"
16024
"http://localhost/mywiki\n"
16025
msgstr ""
16026
"\n"
16027
"http://localhost/mywiki\n"
16028
16029
#: serverguide/C/lamp-applications.xml:236(para)
16030
msgid ""
16031
"You can also run the test command by pointing your web browser to the "
16032
"following URL:"
16033
msgstr ""
16034
16035
#: serverguide/C/lamp-applications.xml:241(programlisting)
16036
#, no-wrap
16037
msgid ""
16038
"\n"
16039
"http://localhost/mywiki?action=test\n"
16040
msgstr ""
16041
16042
#: serverguide/C/lamp-applications.xml:245(para)
16043
msgid ""
16044
"For more details, please refer to the <ulink "
16045
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
16046
msgstr ""
16047
16048
#: serverguide/C/lamp-applications.xml:256(para)
16049
msgid ""
16050
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
16051
"Wiki</ulink>."
16052
msgstr ""
16053
16054
#: serverguide/C/lamp-applications.xml:265(title)
16055
msgid "MediaWiki"
16056
msgstr ""
16057
16058
#: serverguide/C/lamp-applications.xml:267(para)
16059
msgid ""
16060
"MediaWiki is an web based Wiki software written in the PHP language. It can "
16061
"either use <application>MySQL</application> or "
16062
"<application>PostgreSQL</application> Database Management System."
16063
msgstr ""
16064
16065
#: serverguide/C/lamp-applications.xml:277(para)
16066
msgid ""
16067
"Before installing <application>MediaWiki</application> you should also "
16068
"install <application>Apache2</application>, the "
16069
"<application>PHP5</application> scripting language and Database a Management "
16070
"System. <application>MySQL</application> or "
16071
"<application>PostgreSQL</application> are the most common, choose one "
16072
"depending on your need. Please refer to those sections in this manual for "
16073
"installation instructions."
16074
msgstr ""
16075
16076
#: serverguide/C/lamp-applications.xml:285(para)
16077
msgid ""
16078
"To install <application>MediaWiki</application>, run the following command "
16079
"in the command prompt:"
16080
msgstr ""
16081
16082
#: serverguide/C/lamp-applications.xml:291(command)
16083
msgid "sudo apt-get install mediawiki php5-gd"
16084
msgstr ""
16085
16086
#: serverguide/C/lamp-applications.xml:294(para)
16087
msgid ""
16088
"For additional <application>MediaWiki</application> functionality see the "
16089
"<application>mediawiki-extensions</application> package."
16090
msgstr ""
16091
16092
#: serverguide/C/lamp-applications.xml:304(para)
16093
msgid "Run the following commands to configure MediaWiki:"
16094
msgstr ""
16095
16096
#: serverguide/C/lamp-applications.xml:309(command)
16097
msgid "sudo ln -s /var/lib/mediawiki /var/www/mediawiki"
16098
msgstr ""
16099
16100
#: serverguide/C/lamp-applications.xml:312(para)
16101
msgid "Point your web browser to the following URL for MediaWiki setup:"
16102
msgstr ""
16103
16104
#: serverguide/C/lamp-applications.xml:321(programlisting)
16105
#, no-wrap
16106
msgid ""
16107
"\n"
16108
"http://localhost/mediawiki/config/index.php\n"
16109
msgstr ""
16110
16111
#: serverguide/C/lamp-applications.xml:326(para)
16112
msgid ""
16113
"Please read the <quote>Checking environment...</quote> section in this page. "
16114
"You should be able to fix many issues by carefully reading this section."
16115
msgstr ""
16116
16117
#: serverguide/C/lamp-applications.xml:366(para)
16118
msgid ""
16119
"For more details, please refer to the <ulink "
16120
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
16121
msgstr ""
16122
16123
#: serverguide/C/lamp-applications.xml:372(para)
16124
msgid ""
16125
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
16126
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
16127
"new MediaWiki administrators."
16128
msgstr ""
16129
16130
#: serverguide/C/lamp-applications.xml:382(title)
16131
msgid "phpMyAdmin"
16132
msgstr ""
16133
16134
#: serverguide/C/lamp-applications.xml:384(para)
16135
msgid ""
16136
"<application>phpMyAdmin</application> is a LAMP application specifically "
16137
"written for administering <application>MySQL</application> servers. Written "
16138
"in <application>PHP</application>, and accessed through a web browser, "
16139
"phpMyAdmin provides a graphical interface for database administration tasks."
16140
msgstr ""
16141
16142
#: serverguide/C/lamp-applications.xml:393(para)
16143
msgid ""
16144
"Before installing <application>phpMyAdmin</application> you will need access "
16145
"to a <application>MySQL</application> database either on the same host as "
16146
"that phpMyAdmin is installed on, or on a host accessible over the network. "
16147
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
16148
"enter:"
16149
msgstr ""
16150
16151
#: serverguide/C/lamp-applications.xml:400(command)
16152
msgid "sudo apt-get install phpmyadmin"
16153
msgstr ""
16154
16155
#: serverguide/C/lamp-applications.xml:403(para)
16156
msgid ""
16157
"At the prompt choose which web server to be configured for "
16158
"<application>phpMyAdmin</application>. The rest of this section will use "
16159
"<application>Apache2</application> for the web server."
16160
msgstr ""
16161
16162
#: serverguide/C/lamp-applications.xml:408(para)
16163
msgid ""
16164
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
16165
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
16166
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
16167
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
16168
"user if you any setup, and enter the <application>MySQL</application> user's "
16169
"password."
16170
msgstr ""
16171
16172
#: serverguide/C/lamp-applications.xml:415(para)
16173
msgid ""
16174
"Once logged in you can reset the <emphasis>root</emphasis> password if "
16175
"needed, create users, create/destroy databases and tables, etc."
16176
msgstr ""
16177
16178
#: serverguide/C/lamp-applications.xml:423(para)
16179
msgid ""
16180
"The configuration files for <application>phpMyAdmin</application> are "
16181
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
16182
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
16183
"configuration options that apply globally to "
16184
"<application>phpMyAdmin</application>."
16185
msgstr ""
16186
16187
#: serverguide/C/lamp-applications.xml:429(para)
16188
msgid ""
16189
"To use <application>phpMyAdmin</application> to administer a MySQL database "
16190
"hosted on another server, adjust the following in "
16191
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
16192
msgstr ""
16193
16194
#: serverguide/C/lamp-applications.xml:434(programlisting)
16195
#, no-wrap
16196
msgid ""
16197
"\n"
16198
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
16199
msgstr ""
16200
16201
#: serverguide/C/lamp-applications.xml:439(para)
16202
msgid ""
16203
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
16204
"remote database server name or IP address. Also, be sure that the "
16205
"<application>phpMyAdmin</application> host has permissions to access the "
16206
"remote database."
16207
msgstr ""
16208
16209
#: serverguide/C/lamp-applications.xml:445(para)
16210
msgid ""
16211
"Once configured, log out of <application>phpMyAdmin</application> and back "
16212
"in, and you should be accessing the new server."
16213
msgstr ""
16214
16215
#: serverguide/C/lamp-applications.xml:449(para)
16216
msgid ""
16217
"The <filename>config.header.inc.php</filename> and "
16218
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
16219
"header and footer to <application>phpMyAdmin</application>."
16220
msgstr ""
16221
16222
#: serverguide/C/lamp-applications.xml:454(para)
16223
msgid ""
16224
"Another important configuration file is "
16225
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
16226
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
16227
"configure <application>Apache2</application> to serve the "
16228
"<application>phpMyAdmin</application> site. The file contains directives for "
16229
"loading <application>PHP</application>, directory permissions, etc. For more "
16230
"information on configuring <application>Apache2</application> see <xref "
16231
"linkend=\"httpd\"/>."
16232
msgstr ""
16233
16234
#: serverguide/C/lamp-applications.xml:468(para)
16235
msgid ""
16236
"The <application>phpMyAdmin</application> documentation comes installed with "
16237
"the package and can be accessed from the <emphasis>phpMyAdmin "
16238
"Documentation</emphasis> link (a question mark with a box around it) under "
16239
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
16240
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
16241
msgstr ""
16242
16243
#: serverguide/C/lamp-applications.xml:475(para)
16244
msgid ""
16245
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
16246
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
16247
msgstr ""
16248
16249
#: serverguide/C/jeos.xml:28(para)
16250
msgid ""
16251
"While installing from the Server Edition ISO (pressing "
16252
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
16253
"installation\", which is the package selection equivalent to JeOS)"
16254
msgstr ""
16255
16256
#: serverguide/C/jeos.xml:211(para)
16257
msgid ""
16258
"Because of the nature of operations performed by vmbuilder, it needs to have "
16259
"root priviledge, hence the use of sudo."
16260
msgstr ""
16261
16262
#: serverguide/C/jeos.xml:321(programlisting)
16263
#, no-wrap
16264
msgid ""
16265
"\n"
16266
" <interface type='bridge'>\n"
16267
" <source network='br0'/>\n"
16268
" </interface>\n"
16269
msgstr ""
16270
16271
#: serverguide/C/jeos.xml:499(para)
16272
msgid ""
16273
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
16274
"it will provide our admins to access to access the appliance remotely. "
16275
"However, pushing in the wild an appliance with a pre-installed OpenSSH "
16276
"server is a big security risk as all these server will share the same secret "
16277
"key, making it very easy for hackers to target our appliance with all the "
16278
"tools they need to crack it open in a breeze. As for the user password, we "
16279
"will instead rely on a script that will install OpenSSH the first time a "
16280
"user logs in so that the key generated will be different for each appliance. "
16281
"For this we'll use a <emphasis>--firstboot</emphasis> script, as it does not "
16282
"need any user interaction."
16283
msgstr ""
16284
16285
#: serverguide/C/introduction.xml:14(para)
16286
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>!"
16287
msgstr ""
16288
16289
#: serverguide/C/introduction.xml:15(para)
16290
msgid ""
16291
"Here you can find information on how to install and configure various server "
16292
"applications. It is a step-by-step, task-oriented guide for configuring and "
16293
"customizing your system."
16294
msgstr ""
16295
16296
#: serverguide/C/introduction.xml:19(para)
16297
msgid ""
16298
"This guide assumes you have a basic understanding of your Ubuntu system. "
16299
"Some installation details are covered in <xref linkend=\"installation\"/>, "
16300
"but if you need detailed instructions installing Ubuntu please refer to the "
16301
"<ulink url=\"https://help.ubuntu.com/9.04/installation-guide/\">Ubuntu "
16302
"Installation Guide</ulink>."
16303
msgstr ""
16304
16305
#: serverguide/C/introduction.xml:25(para)
16306
msgid ""
16307
"A HTML version of the manual is available online at <ulink "
16308
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
16309
"HTML files are also available in the <application>ubuntu-"
16310
"serverguide</application> package. See <xref linkend=\"package-"
16311
"management\"/> for details on installing packages."
16312
msgstr ""
16313
16314
#: serverguide/C/introduction.xml:32(para)
16315
msgid ""
16316
"If you choose to install the <application>ubuntu-serverguide</application> "
16317
"you can view this document from a console by:"
16318
msgstr ""
16319
16320
#: serverguide/C/introduction.xml:36(command)
16321
msgid "w3m /usr/share/ubuntu-serverguide/html/en_GB/index.html"
16322
msgstr ""
16323
16324
#: serverguide/C/introduction.xml:39(para)
16325
msgid "Replace <emphasis>en_GB</emphasis> with your language localization."
16326
msgstr ""
16327
16328
#: serverguide/C/introduction.xml:53(title)
16329
msgid "Support"
16330
msgstr ""
16331
16332
#: serverguide/C/introduction.xml:55(para)
16333
msgid ""
16334
"There a couple of different ways that Ubuntu Server Edition is supported, "
16335
"commercial support and community support. The main commercial support (and "
16336
"development funding) is available from Canonical Ltd. They supply reasonably "
16337
"priced support contracts on a per desktop or per server basis. For more "
16338
"information see the <ulink "
16339
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
16340
"page."
16341
msgstr ""
16342
16343
#: serverguide/C/introduction.xml:62(para)
16344
msgid ""
16345
"Community support is also provided by dedicated individuals, and companies, "
16346
"that wish to make Ubuntu the best distribution possible. Support is provided "
16347
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
16348
"large amount of information available can be overwhelming, but a good search "
16349
"engine query can usually provide an answer to your questions. See the <ulink "
16350
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
16351
"information."
16352
msgstr ""
16353
16354
#: serverguide/C/installation.xml:14(para)
16355
msgid ""
16356
"This chapter provides a quick overview of installing Ubuntu 9.04 Server "
16357
"Edition. For more detailed instructions, please refer to the <ulink "
16358
"url=\"https://help.ubuntu.com/9.04/installation-guide/\">Ubuntu Installation "
16359
"Guide</ulink>."
16360
msgstr ""
16361
16362
#: serverguide/C/installation.xml:19(title)
16363
msgid "Preparing to Install"
16364
msgstr "Pasiruošimas Įdiegimui"
16365
16366
#: serverguide/C/installation.xml:20(para)
16367
msgid ""
16368
"This section explains various aspects to consider before starting the "
16369
"installation."
16370
msgstr ""
16371
16372
#: serverguide/C/installation.xml:24(title)
16373
msgid "System Requirements"
16374
msgstr "Sistemos Reikalavimai"
16375
16376
#: serverguide/C/installation.xml:25(para)
16377
msgid ""
16378
"Ubuntu 9.04 Server Edition supports two (2) major architectures: Intel x86 "
16379
"and AMD64. The table below lists recommended hardware specifications. "
16380
"Depending on your needs, you might manage with less than this. However, most "
16381
"users risk being frustrated if they ignore these suggestions."
16382
msgstr ""
16383
16384
#: serverguide/C/installation.xml:27(title)
16385
msgid "Recommended Minimum Requirements"
16386
msgstr ""
16387
16388
#: serverguide/C/installation.xml:35(para)
16389
msgid "Install Type"
16390
msgstr "Įdiegimo Tipas"
16391
16392
#: serverguide/C/installation.xml:36(para)
16393
msgid "RAM"
16394
msgstr ""
16395
16396
#: serverguide/C/installation.xml:37(para)
16397
msgid "Hard Drive Space"
16398
msgstr ""
16399
16400
#: serverguide/C/installation.xml:40(para)
16401
msgid "Base System"
16402
msgstr ""
16403
16404
#: serverguide/C/installation.xml:41(para)
16405
msgid "All Tasks Installed"
16406
msgstr ""
16407
16408
#: serverguide/C/installation.xml:46(para)
16409
msgid "Server"
16410
msgstr "Serveris"
16411
16412
#: serverguide/C/installation.xml:47(para)
16413
msgid "128 megabytes"
16414
msgstr ""
16415
16416
#: serverguide/C/installation.xml:48(para)
16417
msgid "500 megabytes"
16418
msgstr ""
16419
16420
#: serverguide/C/installation.xml:49(para)
16421
msgid "1 gigabyte"
16422
msgstr ""
16423
16424
#: serverguide/C/installation.xml:54(para)
16425
msgid ""
16426
"The Server Edition provides a common base for all sorts of server "
16427
"applications. It is a minimalist design providing a platform for the desired "
16428
"services, such as file/print services, web hosting, email hosting, etc."
16429
msgstr ""
16430
16431
#: serverguide/C/installation.xml:62(title)
16432
msgid "Server and Desktop Differences"
16433
msgstr ""
16434
16435
#: serverguide/C/installation.xml:63(para)
16436
msgid ""
16437
"There are a few differences between the <emphasis>Ubuntu Server "
16438
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
16439
"should be noted that both editions use the same "
16440
"<application>apt</application> repositories. Making it just as easy to "
16441
"install a <emphasis role=\"italic\">server</emphasis> application on the "
16442
"Desktop Edition as it is on the Server Edition."
16443
msgstr ""
16444
16445
#: serverguide/C/installation.xml:69(para)
16446
msgid ""
16447
"The differences between the two editions are the lack of an X window "
16448
"environment in the Server Edition, the installation process, and different "
16449
"Kernel options."
16450
msgstr ""
16451
16452
#: serverguide/C/installation.xml:76(title)
16453
msgid "Kernel Differences:"
16454
msgstr ""
16455
16456
#: serverguide/C/installation.xml:79(para)
16457
msgid ""
16458
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
16459
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
16460
"Edition."
16461
msgstr ""
16462
16463
#: serverguide/C/installation.xml:85(para)
16464
msgid "<emphasis>Preemption</emphasis> is turned off in the Server Edition."
16465
msgstr ""
16466
16467
#: serverguide/C/installation.xml:90(para)
16468
msgid ""
16469
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
16470
"Desktop Edition."
16471
msgstr ""
16472
16473
#: serverguide/C/installation.xml:96(para)
16474
msgid ""
16475
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
16476
"limited by memory addressing space."
16477
msgstr ""
16478
16479
#: serverguide/C/installation.xml:101(para)
16480
msgid ""
16481
"To see all kernel configuration options you can look through "
16482
"<filename>/boot/config-2.6.27-server</filename>. Also, <ulink "
16483
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
16484
"great resource on the options available."
16485
msgstr ""
16486
16487
#: serverguide/C/installation.xml:110(title)
16488
msgid "Backing Up"
16489
msgstr ""
16490
16491
#: serverguide/C/installation.xml:113(para)
16492
msgid ""
16493
"Before installing <application>Ubuntu Server Edition</application> you "
16494
"should make sure all data on the system is backed up. See <xref "
16495
"linkend=\"backups\"/> for backup options."
16496
msgstr ""
16497
16498
#: serverguide/C/installation.xml:117(para)
16499
msgid ""
16500
"If this is not the first time an operating system has been installed on your "
16501
"computer, it is likely you will need to re-partition your disk to make room "
16502
"for Ubuntu."
16503
msgstr ""
16504
16505
#: serverguide/C/installation.xml:121(para)
16506
msgid ""
16507
"Any time you partition your disk, you should be prepared to lose everything "
16508
"on the disk should you make a mistake or something goes wrong during "
16509
"partitioning. The programs used in installation are quite reliable, most "
16510
"have seen years of use, but they also perform destructive actions."
16511
msgstr ""
16512
16513
#: serverguide/C/installation.xml:133(title)
16514
msgid "Installing from CD"
16515
msgstr ""
16516
16517
#: serverguide/C/installation.xml:134(para)
16518
msgid ""
16519
"The basic steps to install Ubuntu Server Edition from CD are the same for "
16520
"installing any operating system from CD. Unlike the <emphasis>Desktop "
16521
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
16522
"a graphical installation program. Instead the Server Edition uses a console "
16523
"menu based process."
16524
msgstr ""
16525
16526
#: serverguide/C/installation.xml:141(para)
16527
msgid ""
16528
"First, download and burn the appropriate ISO file from the <ulink "
16529
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
16530
msgstr ""
16531
16532
#: serverguide/C/installation.xml:147(para)
16533
msgid "Boot the system from the CD-ROM drive."
16534
msgstr ""
16535
16536
#: serverguide/C/installation.xml:152(para)
16537
msgid ""
16538
"At the boot prompt you will be asked to select the language. Afterwards the "
16539
"installation process begins by asking for your keyboard layout."
16540
msgstr ""
16541
16542
#: serverguide/C/installation.xml:158(para)
16543
msgid ""
16544
"The installer then discovers your hardware configuration, and configures the "
16545
"network settings using DHCP. If you do not wish to use DHCP at the next "
16546
"screen choose \"Go Back\", and you have the option to \"Configure the "
16547
"network manually\"."
16548
msgstr ""
16549
16550
#: serverguide/C/installation.xml:165(para)
16551
msgid "Next, the installer asks for the system's hostname and Time Zone."
16552
msgstr ""
16553
16554
#: serverguide/C/installation.xml:170(para)
16555
msgid ""
16556
"You can then choose from several options to configure the hard drive layout. "
16557
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
16558
msgstr ""
16559
16560
#: serverguide/C/installation.xml:176(para)
16561
msgid "The Ubuntu base system is then installed."
16562
msgstr ""
16563
16564
#: serverguide/C/installation.xml:181(para)
16565
msgid ""
16566
"A new user is setup, this user will have <emphasis>root</emphasis> access "
16567
"through the <application>sudo</application> utility."
16568
msgstr ""
16569
16570
#: serverguide/C/installation.xml:187(para)
16571
msgid ""
16572
"After the user is setup, you will be asked to encrypt your <filename "
16573
"role=\"directory\">home</filename> directory."
16574
msgstr ""
16575
16576
#: serverguide/C/installation.xml:193(para)
16577
msgid ""
16578
"The next step in the installation process is to decide how you want to "
16579
"update the system. There are three options:"
16580
msgstr ""
16581
16582
#: serverguide/C/installation.xml:199(para)
16583
msgid ""
16584
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
16585
"log into the machine and manually install updates."
16586
msgstr ""
16587
16588
#: serverguide/C/installation.xml:205(para)
16589
msgid ""
16590
"<emphasis>Install security updates Automatically</emphasis>: will install "
16591
"the <application>unattended-upgrades</application> package, which will "
16592
"install security updates without the intervention of an administrator. For "
16593
"more details see <xref linkend=\"automatic-updates\"/>."
16594
msgstr ""
16595
16596
#: serverguide/C/installation.xml:212(para)
16597
msgid ""
16598
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
16599
"service provided by Canonical to help manager your Ubuntu machines. See the "
16600
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
16601
"site for details."
16602
msgstr ""
16603
16604
#: serverguide/C/installation.xml:221(para)
16605
msgid ""
16606
"You now have the option to install, or not install, several package tasks. "
16607
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
16608
"to launch <application>aptitude</application> to choose specific packages to "
16609
"install. For more information see <xref linkend=\"aptitude\"/>."
16610
msgstr ""
16611
16612
#: serverguide/C/installation.xml:229(para)
16613
msgid "Finally, the last step before rebooting is to set the clock to UTC."
16614
msgstr ""
16615
16616
#: serverguide/C/installation.xml:235(para)
16617
msgid ""
16618
"If at any point during installation you are not satisfied by the default "
16619
"setting, use the \"Go Back\" function at any prompt to be brought to a "
16620
"detailed installation menu that will allow you to modify the default "
16621
"settings."
16622
msgstr ""
16623
16624
#: serverguide/C/installation.xml:240(para)
16625
msgid ""
16626
"At some point during the installation process you may want to read the help "
16627
"screen provided by the installation system. To do this, press F1."
16628
msgstr ""
16629
16630
#: serverguide/C/installation.xml:245(para)
16631
msgid ""
16632
"Once again, for detailed instructions see the <ulink "
16633
"url=\"https://help.ubuntu.com/9.04/installation-guide/\"> Ubuntu "
16634
"Installation Guide</ulink>."
16635
msgstr ""
16636
16637
#: serverguide/C/installation.xml:251(title)
16638
msgid "Package Tasks"
16639
msgstr ""
16640
16641
#: serverguide/C/installation.xml:252(para)
16642
msgid ""
16643
"During the Server Edition installation you have the option of installing "
16644
"additional packages from the CD. The packages are grouped by the type of "
16645
"service they provide."
16646
msgstr ""
16647
16648
#: serverguide/C/installation.xml:258(para)
16649
msgid "DNS server: Selects the BIND DNS server and its documentation."
16650
msgstr ""
16651
16652
#: serverguide/C/installation.xml:263(para)
16653
msgid "LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server."
16654
msgstr ""
16655
16656
#: serverguide/C/installation.xml:268(para)
16657
msgid ""
16658
"Mail server: This task selects a variety of package useful for a general "
16659
"purpose mail server system."
16660
msgstr ""
16661
16662
#: serverguide/C/installation.xml:273(para)
16663
msgid "OpenSSH server: Selects packages needed for an OpenSSH server."
16664
msgstr ""
16665
16666
#: serverguide/C/installation.xml:278(para)
16667
msgid ""
16668
"PostgreSQL database: This task selects client and server packages for the "
16669
"PostgreSQL database."
16670
msgstr ""
16671
16672
#: serverguide/C/installation.xml:283(para)
16673
msgid "Print server: This task sets up your system to be a print server."
16674
msgstr ""
16675
16676
#: serverguide/C/installation.xml:288(para)
16677
msgid ""
16678
"Samba File server: This task sets up your system to be a Samba file server, "
16679
"which is especially suitable in networks with both Windows and Linux systems."
16680
msgstr ""
16681
16682
#: serverguide/C/installation.xml:294(para)
16683
msgid ""
16684
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
16685
"etc."
16686
msgstr ""
16687
16688
#: serverguide/C/installation.xml:299(para)
16689
msgid ""
16690
"Virtual machine host: Includes packages needed to run KVM virtual machines."
16691
msgstr ""
16692
16693
#: serverguide/C/installation.xml:304(para)
16694
msgid ""
16695
"Installing the package groups is accomplished using the "
16696
"<application>tasksel</application> utility. One of the important difference "
16697
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
16698
"installed, a package is also configured to reasonable defaults, eventually "
16699
"prompting you for additional required information. Likewise, when installing "
16700
"a task, the packages are not only installed, but also configured to provided "
16701
"a fully integrated service."
16702
msgstr ""
16703
16704
#: serverguide/C/installation.xml:311(para)
16705
msgid ""
16706
"Once the installation process has finished you can view a list of available "
16707
"tasks by entering the following from a terminal prompt:"
16708
msgstr ""
16709
16710
#: serverguide/C/installation.xml:316(command)
16711
msgid "tasksel --list-tasks"
16712
msgstr ""
16713
16714
#: serverguide/C/installation.xml:319(para)
16715
msgid ""
16716
"The output will list tasks from other Ubuntu based distributions such as "
16717
"Kubuntu and Edubuntu. Note that you can also invoke the "
16718
"<command>tasksel</command> command by itself, which will bring up a menu of "
16719
"the different tasks available."
16720
msgstr ""
16721
16722
#: serverguide/C/installation.xml:325(para)
16723
msgid ""
16724
"You can view a list of which packages are installed with each task using the "
16725
"<emphasis>--task-packages</emphasis> option. For example, to list the "
16726
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
16727
"following:"
16728
msgstr ""
16729
16730
#: serverguide/C/installation.xml:330(command)
16731
msgid "tasksel --task-packages dns-server"
16732
msgstr ""
16733
16734
#: serverguide/C/installation.xml:332(para)
16735
msgid "The output of the command should list:"
16736
msgstr ""
16737
16738
#: serverguide/C/installation.xml:335(programlisting)
16739
#, no-wrap
16740
msgid ""
16741
"\n"
16742
"bind9-doc\n"
16743
"bind9\n"
16744
msgstr ""
16745
16746
#: serverguide/C/installation.xml:339(para)
16747
msgid ""
16748
"Also, if you did not install one of the tasks during the installation "
16749
"process, but for example you decide to make your new LAMP server a DNS "
16750
"server as well. Simply insert the installation CD and from a terminal:"
16751
msgstr ""
16752
16753
#: serverguide/C/installation.xml:344(command)
16754
msgid "sudo tasksel install dns-server"
16755
msgstr ""
16756
16757
#: serverguide/C/installation.xml:349(title)
16758
msgid "Upgrading"
16759
msgstr ""
16760
16761
#: serverguide/C/installation.xml:350(para)
16762
msgid ""
16763
"There are several ways to upgrade from one Ubuntu release to another. This "
16764
"section gives an overview of the recommended upgrade method."
16765
msgstr ""
16766
16767
#: serverguide/C/installation.xml:354(title) serverguide/C/installation.xml:369(command)
16768
msgid "do-release-upgrade"
16769
msgstr ""
16770
16771
#: serverguide/C/installation.xml:355(para)
16772
msgid ""
16773
"The recommended way to upgrade a Server Edition installation is to use the "
16774
"<application>do-release-upgrade</application> utility. Part of the "
16775
"<emphasis>update-manager-core</emphasis> package, it does not have any "
16776
"graphical dependencies and is installed by default."
16777
msgstr ""
16778
16779
#: serverguide/C/installation.xml:360(para)
16780
msgid ""
16781
"Debian based systems can also be upgraded by using <command>apt-get dist-"
16782
"upgrade</command>. However, using <application>do-release-"
16783
"upgrade</application> is recommended because it has the ability to handle "
16784
"system configuration changes sometimes needed between releases."
16785
msgstr ""
16786
16787
#: serverguide/C/installation.xml:365(para)
16788
msgid "To upgrade to a newer release, from a terminal prompt enter:"
16789
msgstr ""
16790
16791
#: serverguide/C/installation.xml:371(para)
16792
msgid ""
16793
"It is also possible to use <application>do-release-upgrade</application> to "
16794
"upgrade to a development version of Ubuntu. To accomplish this use the "
16795
"<emphasis>-d</emphasis> switch:"
16796
msgstr ""
16797
16798
#: serverguide/C/installation.xml:376(command)
16799
msgid "do-release-upgrade -d"
16800
msgstr ""
16801
16802
#: serverguide/C/installation.xml:379(para)
16803
msgid ""
16804
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
16805
"for production environments."
16806
msgstr ""
16807
16808
#: serverguide/C/installation.xml:386(title)
16809
msgid "Advanced Installation"
16810
msgstr ""
16811
16812
#: serverguide/C/installation.xml:389(title)
16813
msgid "Software RAID"
16814
msgstr ""
16815
16816
#: serverguide/C/installation.xml:391(para)
16817
msgid ""
16818
"RAID is a method of configuring multiple hard drives to act as one, reducing "
16819
"the probability of catastrophic data loss in case of drive failure. RAID is "
16820
"implemented in either software (where the operating system knows about both "
16821
"drives and actively maintains both of them) or hardware (where a special "
16822
"controller makes the OS think there's only one drive and maintains the "
16823
"drives 'invisibly')."
16824
msgstr ""
16825
16826
#: serverguide/C/installation.xml:398(para)
16827
msgid ""
16828
"The RAID software included with current versions of Linux (and Ubuntu) is "
16829
"based on the <application>'mdadm'</application> driver and works very well, "
16830
"better even than many so-called 'hardware' RAID controllers. This section "
16831
"will guide you through installing Ubuntu Server Edition using two RAID1 "
16832
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
16833
"another for <emphasis>swap</emphasis>."
16834
msgstr ""
16835
16836
#: serverguide/C/installation.xml:408(para) serverguide/C/installation.xml:925(para)
16837
msgid ""
16838
"Follow the installation steps until you get to the <emphasis>Partition "
16839
"disks</emphasis> step, then:"
16840
msgstr ""
16841
16842
#: serverguide/C/installation.xml:415(para)
16843
msgid "Select <emphasis>Manual</emphasis> as the partition method."
16844
msgstr ""
16845
16846
#: serverguide/C/installation.xml:422(para)
16847
msgid ""
16848
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
16849
"partition table on this device?\"</emphasis>."
16850
msgstr ""
16851
16852
#: serverguide/C/installation.xml:426(para)
16853
msgid ""
16854
"Repeat this step for each drive you wish to be part of the RAID array."
16855
msgstr ""
16856
16857
#: serverguide/C/installation.xml:433(para)
16858
msgid ""
16859
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
16860
"select <emphasis>\"Create a new partition\"</emphasis>."
16861
msgstr ""
16862
16863
#: serverguide/C/installation.xml:440(para)
16864
msgid ""
16865
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
16866
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
16867
"size is twice that of RAM. Enter the partition size, then choose "
16868
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
16869
msgstr ""
16870
16871
#: serverguide/C/installation.xml:449(para)
16872
msgid ""
16873
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
16874
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
16875
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
16876
"<emphasis>\"Done setting up partition\"</emphasis>."
16877
msgstr ""
16878
16879
#: serverguide/C/installation.xml:458(para)
16880
msgid ""
16881
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
16882
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
16883
"partition\"</emphasis>."
16884
msgstr ""
16885
16886
#: serverguide/C/installation.xml:466(para)
16887
msgid ""
16888
"Use the rest of the free space on the drive and choose "
16889
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
16890
msgstr ""
16891
16892
#: serverguide/C/installation.xml:473(para)
16893
msgid ""
16894
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
16895
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
16896
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
16897
msgstr ""
16898
16899
#: serverguide/C/installation.xml:481(para)
16900
msgid "Repeat steps three through eight for the other disk and partitions."
16901
msgstr ""
16902
16903
#: serverguide/C/installation.xml:490(title)
16904
msgid "RAID Configuration"
16905
msgstr ""
16906
16907
#: serverguide/C/installation.xml:492(para)
16908
msgid "With the partitions setup the arrays are ready to be configured:"
16909
msgstr ""
16910
16911
#: serverguide/C/installation.xml:499(para)
16912
msgid ""
16913
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
16914
"Software RAID\"</emphasis> at the top."
16915
msgstr ""
16916
16917
#: serverguide/C/installation.xml:506(para)
16918
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
16919
msgstr ""
16920
16921
#: serverguide/C/installation.xml:513(para)
16922
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
16923
msgstr ""
16924
16925
#: serverguide/C/installation.xml:520(para)
16926
msgid ""
16927
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
16928
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
16929
msgstr ""
16930
16931
#: serverguide/C/installation.xml:526(para)
16932
msgid ""
16933
"In order to use <emphasis>RAID5</emphasis> you need at least "
16934
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
16935
"<emphasis>two</emphasis> drives are required."
16936
msgstr ""
16937
16938
#: serverguide/C/installation.xml:535(para)
16939
msgid ""
16940
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
16941
"of hard drives you have, for the array. Then select "
16942
"<emphasis>\"Continue\"</emphasis>."
16943
msgstr ""
16944
16945
#: serverguide/C/installation.xml:543(para)
16946
msgid ""
16947
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
16948
"default, then choose <emphasis>\"Continue\"</emphasis>."
16949
msgstr ""
16950
16951
#: serverguide/C/installation.xml:550(para)
16952
msgid ""
16953
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
16954
"etc. The numbers will usually match and the different letters correspond to "
16955
"different hard drives."
16956
msgstr ""
16957
16958
#: serverguide/C/installation.xml:555(para)
16959
msgid ""
16960
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
16961
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
16962
"go to the next step."
16963
msgstr ""
16964
16965
#: serverguide/C/installation.xml:563(para)
16966
msgid ""
16967
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
16968
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
16969
"and <emphasis>sdb2</emphasis>."
16970
msgstr ""
16971
16972
#: serverguide/C/installation.xml:571(para)
16973
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
16974
msgstr ""
16975
16976
#: serverguide/C/installation.xml:581(title)
16977
msgid "Formatting"
16978
msgstr ""
16979
16980
#: serverguide/C/installation.xml:583(para)
16981
msgid ""
16982
"There should now be a list of hard drives and RAID devices. The next step is "
16983
"to format and set the mount point for the RAID devices. Treat the RAID "
16984
"device as a local hard drive, format and mount accordingly."
16985
msgstr ""
16986
16987
#: serverguide/C/installation.xml:591(para)
16988
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
16989
msgstr ""
16990
16991
#: serverguide/C/installation.xml:598(para)
16992
msgid ""
16993
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
16994
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
16995
msgstr ""
16996
16997
#: serverguide/C/installation.xml:606(para)
16998
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
16999
msgstr ""
17000
17001
#: serverguide/C/installation.xml:613(para)
17002
msgid ""
17003
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
17004
"journaling file system\"</emphasis>."
17005
msgstr ""
17006
17007
#: serverguide/C/installation.xml:620(para)
17008
msgid ""
17009
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
17010
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
17011
"options as appropriate, then select <emphasis>\"Done setting up "
17012
"partition\"</emphasis>."
17013
msgstr ""
17014
17015
#: serverguide/C/installation.xml:628(para)
17016
msgid ""
17017
"Finally, select <emphasis>\"Finish partitioning and write changes to "
17018
"disk\"</emphasis>."
17019
msgstr ""
17020
17021
#: serverguide/C/installation.xml:635(para)
17022
msgid ""
17023
"If you choose to place the root partition on a RAID array, the installer "
17024
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
17025
"state. See <xref linkend=\"raid-degraded\"/> for further details."
17026
msgstr ""
17027
17028
#: serverguide/C/installation.xml:640(para)
17029
msgid "The installation process will then continue normally."
17030
msgstr ""
17031
17032
#: serverguide/C/installation.xml:646(title)
17033
msgid "Degraded RAID"
17034
msgstr ""
17035
17036
#: serverguide/C/installation.xml:648(para)
17037
msgid ""
17038
"At some point in the life of the computer a disk failure event may occur. "
17039
"When this happens, using Software RAID, the operating system will place the "
17040
"array into what is known as a <emphasis>degraded</emphasis> state."
17041
msgstr ""
17042
17043
#: serverguide/C/installation.xml:653(para)
17044
msgid ""
17045
"If the array has become degraded, due to the chance of data corruption, by "
17046
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
17047
"after thirty seconds. Once the initramfs has booted there is a fifteen "
17048
"second prompt giving you the option to go ahead and boot the system, or "
17049
"attempt manual recover. Booting to the initramfs prompt may or may not be "
17050
"the desired behavior, especially if the machine is in a remote location. "
17051
"Booting to a degraded array can be configured several ways:"
17052
msgstr ""
17053
17054
#: serverguide/C/installation.xml:664(para)
17055
msgid ""
17056
"The <application>dpkg-reconfigure</application> utility can be used to "
17057
"configure the default behavior, and during the process you will be queried "
17058
"about additional settings related to the array. Such as monitoring, email "
17059
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
17060
"following:"
17061
msgstr ""
17062
17063
#: serverguide/C/installation.xml:671(command)
17064
msgid "sudo dpkg-reconfigure mdadm"
17065
msgstr ""
17066
17067
#: serverguide/C/installation.xml:677(para)
17068
msgid ""
17069
"The <command>dpkg-reconfigure mdadm</command> process will change the "
17070
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
17071
"The file has the advantage of being able to pre-configure the system's "
17072
"behavior, and can also be manually edited:"
17073
msgstr ""
17074
17075
#: serverguide/C/installation.xml:683(programlisting)
17076
#, no-wrap
17077
msgid ""
17078
"\n"
17079
"BOOT_DEGRADED=true\n"
17080
msgstr ""
17081
17082
#: serverguide/C/installation.xml:688(para)
17083
msgid "The configuration file can be overridden by using a Kernel argument."
17084
msgstr ""
17085
17086
#: serverguide/C/installation.xml:696(para)
17087
msgid ""
17088
"Using a Kernel argument will allow the system to boot to a degraded array as "
17089
"well:"
17090
msgstr ""
17091
17092
#: serverguide/C/installation.xml:702(para)
17093
msgid ""
17094
"When the server is booting press <emphasis>ESC</emphasis> to open the "
17095
"<application>Grub</application> menu."
17096
msgstr ""
17097
17098
#: serverguide/C/installation.xml:707(para)
17099
msgid "Press <emphasis>\"e\"</emphasis> to edit your Kernel command options."
17100
msgstr ""
17101
17102
#: serverguide/C/installation.xml:712(para)
17103
msgid ""
17104
"Press the <emphasis>DOWN</emphasis> arrow to highlight the kernel line."
17105
msgstr ""
17106
17107
#: serverguide/C/installation.xml:717(para)
17108
msgid ""
17109
"Press the <emphasis>\"e\"</emphasis> key again to edit the kernel line."
17110
msgstr ""
17111
17112
#: serverguide/C/installation.xml:722(para)
17113
msgid ""
17114
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
17115
"end of the line."
17116
msgstr ""
17117
17118
#: serverguide/C/installation.xml:727(para)
17119
msgid "Press <emphasis>\"ENTER\"</emphasis>."
17120
msgstr ""
17121
17122
#: serverguide/C/installation.xml:732(para)
17123
msgid "Finally, press <emphasis>\"b\"</emphasis> to boot the system."
17124
msgstr ""
17125
17126
#: serverguide/C/installation.xml:741(para)
17127
msgid ""
17128
"Once the system has booted you can either repair the array see <xref "
17129
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
17130
"another machine due to major hardware failure."
17131
msgstr ""
17132
17133
#: serverguide/C/installation.xml:748(title)
17134
msgid "RAID Maintenance"
17135
msgstr ""
17136
17137
#: serverguide/C/installation.xml:750(para)
17138
msgid ""
17139
"The <application>mdadm</application> utility can be used to view the status "
17140
"of an array, add disks to an array, remove disks, etc:"
17141
msgstr ""
17142
17143
#: serverguide/C/installation.xml:757(para)
17144
msgid "To view the status of an array, from a terminal prompt enter:"
17145
msgstr ""
17146
17147
#: serverguide/C/installation.xml:761(command)
17148
msgid "sudo mdadm -D /dev/md0"
17149
msgstr ""
17150
17151
#: serverguide/C/installation.xml:764(para)
17152
msgid ""
17153
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
17154
"display <emphasis>detailed</emphasis> information about the "
17155
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
17156
"with the appropriate RAID device."
17157
msgstr ""
17158
17159
#: serverguide/C/installation.xml:770(para)
17160
msgid "To view the status of a disk in an array:"
17161
msgstr ""
17162
17163
#: serverguide/C/installation.xml:774(command)
17164
msgid "sudo mdadm -E /dev/sda1"
17165
msgstr ""
17166
17167
#: serverguide/C/installation.xml:776(para)
17168
msgid ""
17169
"The output if very similar to the <command>mdadm -D</command> command, "
17170
"adjust <filename>/dev/sda1</filename> for each disk."
17171
msgstr ""
17172
17173
#: serverguide/C/installation.xml:781(para)
17174
msgid "If a disk fails and needs to be removed from an array enter:"
17175
msgstr ""
17176
17177
#: serverguide/C/installation.xml:785(command)
17178
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
17179
msgstr ""
17180
17181
#: serverguide/C/installation.xml:787(para)
17182
msgid ""
17183
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
17184
"the appropriate RAID device and disk."
17185
msgstr ""
17186
17187
#: serverguide/C/installation.xml:792(para)
17188
msgid "Similarly, to add a new disk:"
17189
msgstr ""
17190
17191
#: serverguide/C/installation.xml:796(command)
17192
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
17193
msgstr ""
17194
17195
#: serverguide/C/installation.xml:801(para)
17196
msgid ""
17197
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
17198
"though there is nothing physically wrong with the drive. It is usually "
17199
"worthwhile to remove the drive from the array then re-add it. This will "
17200
"cause the drive to re-sync with the array. If the drive will not sync with "
17201
"the array, it is a good indication of hardware failure."
17202
msgstr ""
17203
17204
#: serverguide/C/installation.xml:807(para)
17205
msgid ""
17206
"The <filename>/proc/mdstat</filename> file also contains useful information "
17207
"about the system's RAID devices:"
17208
msgstr ""
17209
17210
#: serverguide/C/installation.xml:812(command)
17211
msgid "cat /proc/mdstat"
17212
msgstr ""
17213
17214
#: serverguide/C/installation.xml:813(computeroutput)
17215
#, no-wrap
17216
msgid ""
17217
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
17218
"[raid10] \n"
17219
"md0 : active raid1 sda1[0] sdb1[1]\n"
17220
" 10016384 blocks [2/2] [UU]\n"
17221
" \n"
17222
"unused devices: <none>"
17223
msgstr ""
17224
17225
#: serverguide/C/installation.xml:820(para)
17226
msgid ""
17227
"The following command is great for watching the status of a syncing drive:"
17228
msgstr ""
17229
17230
#: serverguide/C/installation.xml:825(command)
17231
msgid "watch -n1 cat /proc/mdstat"
17232
msgstr ""
17233
17234
#: serverguide/C/installation.xml:828(para)
17235
msgid ""
17236
"Press <emphasis>Ctrl+c</emphasis> to stop the "
17237
"<application>watch</application> command."
17238
msgstr ""
17239
17240
#: serverguide/C/installation.xml:832(para)
17241
msgid ""
17242
"If you do need to replace a faulty drive, after the drive has been replaced "
17243
"and synced, <application>grub</application> will need to be installed. To "
17244
"install <application>grub</application> on the new drive, enter the "
17245
"following:"
17246
msgstr ""
17247
17248
#: serverguide/C/installation.xml:838(command)
17249
msgid "sudo grub-install /dev/md0"
17250
msgstr ""
17251
17252
#: serverguide/C/installation.xml:841(para)
17253
msgid ""
17254
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
17255
msgstr ""
17256
17257
#: serverguide/C/installation.xml:849(para)
17258
msgid ""
17259
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
17260
"can be configured. Please see the following links for more information:"
17261
msgstr ""
17262
17263
#: serverguide/C/installation.xml:857(ulink)
17264
msgid "Software RAID HOWTO"
17265
msgstr ""
17266
17267
#: serverguide/C/installation.xml:862(ulink)
17268
msgid "Managing RAID on Linux"
17269
msgstr ""
17270
17271
#: serverguide/C/installation.xml:869(title)
17272
msgid "Logical Volume Manager (LVM)"
17273
msgstr ""
17274
17275
#: serverguide/C/installation.xml:871(para)
17276
msgid ""
17277
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
17278
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
17279
"hard disks. LVM volumes can be created on both software RAID partitions and "
17280
"standard partitions residing on a single disk. Volumes can also be extended, "
17281
"giving greater flexibility to systems as requirements change."
17282
msgstr ""
17283
17284
#: serverguide/C/installation.xml:880(para)
17285
msgid ""
17286
"A side effect of LVM's power and flexibility is a greater degree of "
17287
"complication. Before diving into the LVM installation process, it is best to "
17288
"get familiar with some terms."
17289
msgstr ""
17290
17291
#: serverguide/C/installation.xml:887(para)
17292
msgid ""
17293
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
17294
"Volumes (LV)."
17295
msgstr ""
17296
17297
#: serverguide/C/installation.xml:892(para)
17298
msgid ""
17299
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
17300
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
17301
"which resides the actual EXT3, XFS, JFS, etc filesystem."
17302
msgstr ""
17303
17304
#: serverguide/C/installation.xml:898(para)
17305
msgid ""
17306
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
17307
"RAID partition. The Volume Group can be extended by adding more PVs."
17308
msgstr ""
17309
17310
#: serverguide/C/installation.xml:909(para)
17311
msgid ""
17312
"As an example this section covers installing Ubuntu Server Edition with "
17313
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
17314
"the initial install only one Physical Volume (PV) will be part of the Volume "
17315
"Group (VG). Another PV will be added after install to demonstrate how a VG "
17316
"can be extended."
17317
msgstr ""
17318
17319
#: serverguide/C/installation.xml:915(para)
17320
msgid ""
17321
"There are several installation options for LVM, <emphasis>\"Guided - use the "
17322
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
17323
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
17324
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
17325
"partitions and configure LVM. At this time the only way to configure a "
17326
"system with both LVM and standard partitions, during installation, is to use "
17327
"the Manual approach."
17328
msgstr ""
17329
17330
#: serverguide/C/installation.xml:932(para)
17331
msgid ""
17332
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
17333
"<emphasis>\"Manual\"</emphasis>."
17334
msgstr ""
17335
17336
#: serverguide/C/installation.xml:939(para)
17337
msgid ""
17338
"Select the hard disk and on the next screen choose \"yes\" to "
17339
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
17340
msgstr ""
17341
17342
#: serverguide/C/installation.xml:946(para)
17343
msgid ""
17344
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
17345
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
17346
msgstr ""
17347
17348
#: serverguide/C/installation.xml:954(para)
17349
msgid ""
17350
"For the LVM <emphasis>/srv</emphasis>, create a new "
17351
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
17352
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
17353
"<emphasis>\"Done setting up the partition\"</emphasis>."
17354
msgstr ""
17355
17356
#: serverguide/C/installation.xml:962(para)
17357
msgid ""
17358
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
17359
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
17360
"disk."
17361
msgstr ""
17362
17363
#: serverguide/C/installation.xml:970(para)
17364
msgid ""
17365
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
17366
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
17367
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
17368
"After entering a name, select the partition configured for LVM, and choose "
17369
"<emphasis>\"Continue\"</emphasis>."
17370
msgstr ""
17371
17372
#: serverguide/C/installation.xml:979(para)
17373
msgid ""
17374
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
17375
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
17376
"volume group, and enter a name for the new LV, for example "
17377
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
17378
"a size, which may be the full partition because it can always be extended "
17379
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
17380
"main <emphasis>\"Partition Disks\"</emphasis> screen."
17381
msgstr ""
17382
17383
#: serverguide/C/installation.xml:989(para)
17384
msgid ""
17385
"Now add a filesystem to the new LVM. Select the partition under "
17386
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
17387
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
17388
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
17389
"select <emphasis>\"Done setting up the partition\"</emphasis>."
17390
msgstr ""
17391
17392
#: serverguide/C/installation.xml:998(para)
17393
msgid ""
17394
"Finally, select <emphasis>\"Finish partitioning and write changes to "
17395
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
17396
"the installation."
17397
msgstr ""
17398
17399
#: serverguide/C/installation.xml:1006(para)
17400
msgid "There are some useful utilities to view information about LVM:"
17401
msgstr ""
17402
17403
#: serverguide/C/installation.xml:1011(para)
17404
msgid ""
17405
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
17406
msgstr ""
17407
17408
#: serverguide/C/installation.xml:1012(para)
17409
msgid ""
17410
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
17411
msgstr ""
17412
17413
#: serverguide/C/installation.xml:1013(para)
17414
msgid ""
17415
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
17416
"Physical Volumes."
17417
msgstr ""
17418
17419
#: serverguide/C/installation.xml:1018(title)
17420
msgid "Extending Volume Groups"
17421
msgstr ""
17422
17423
#: serverguide/C/installation.xml:1020(para)
17424
msgid ""
17425
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
17426
"section covers adding a second hard disk, creating a Physical Volume (PV), "
17427
"adding it to the volume group (VG), extending the logical volume <filename "
17428
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
17429
"example assumes a second hard disk has been added to the system. This hard "
17430
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
17431
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
17432
"before issuing the commands below. You could lose some data if you issue "
17433
"those commands on a non-empty disk. In our example we will use the entire "
17434
"disk as a physical volume (you could choose to create partitions and use "
17435
"them as different physical volumes)"
17436
msgstr ""
17437
17438
#: serverguide/C/installation.xml:1032(para)
17439
msgid "First, create the physical volume, in a terminal execute:"
17440
msgstr ""
17441
17442
#: serverguide/C/installation.xml:1037(command)
17443
msgid "sudo pvcreate /dev/sdb"
17444
msgstr ""
17445
17446
#: serverguide/C/installation.xml:1043(para)
17447
msgid "Now extend the Volume Group (VG):"
17448
msgstr ""
17449
17450
#: serverguide/C/installation.xml:1048(command)
17451
msgid "sudo vgextend vg01 /dev/sdb"
17452
msgstr ""
17453
17454
#: serverguide/C/installation.xml:1054(para)
17455
msgid ""
17456
"Use <application>vgdisplay</application> to find out the free physical "
17457
"extents - Free PE / size (the size you can allocate). We will assume a free "
17458
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
17459
"whole free space available. Use your own PE and/or free space."
17460
msgstr ""
17461
17462
#: serverguide/C/installation.xml:1060(para)
17463
msgid ""
17464
"The Logical Volume (LV) can now be extended by different methods, we will "
17465
"only see how to use the PE to extend the LV:"
17466
msgstr ""
17467
17468
#: serverguide/C/installation.xml:1065(command)
17469
msgid "sudo lvextend /dev/vg01/srv -l +511"
17470
msgstr ""
17471
17472
#: serverguide/C/installation.xml:1068(para)
17473
msgid ""
17474
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
17475
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
17476
"Gig, Tera, etc bytes."
17477
msgstr ""
17478
17479
#: serverguide/C/installation.xml:1076(para)
17480
msgid ""
17481
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
17482
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
17483
"pratice to unmount it anyway and check the filesystem, so that you don't "
17484
"mess up the day you want to reduce a logical volume (in that case unmounting "
17485
"first is compulsory)."
17486
msgstr ""
17487
17488
#: serverguide/C/installation.xml:1082(para)
17489
msgid ""
17490
"The following commands are for an <emphasis>EXT3</emphasis> or "
17491
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
17492
"there may be other utilities available."
17493
msgstr ""
17494
17495
#: serverguide/C/installation.xml:1089(command)
17496
msgid "sudo e2fsck -f /dev/vg01/srv"
17497
msgstr ""
17498
17499
#: serverguide/C/installation.xml:1092(para)
17500
msgid ""
17501
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
17502
"forces checking even if the system seems clean."
17503
msgstr ""
17504
17505
#: serverguide/C/installation.xml:1099(para)
17506
msgid "Finally, resize the filesystem:"
17507
msgstr ""
17508
17509
#: serverguide/C/installation.xml:1104(command)
17510
msgid "sudo resize2fs /dev/vg01/srv"
17511
msgstr ""
17512
17513
#: serverguide/C/installation.xml:1110(para)
17514
msgid "Now mount the partition and check its size."
17515
msgstr ""
17516
17517
#: serverguide/C/installation.xml:1115(command)
17518
msgid "mount /dev/vg01/srv /srv && df -h /srv"
17519
msgstr ""
17520
17521
#: serverguide/C/installation.xml:1127(para)
17522
msgid ""
17523
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
17524
"HOWTO</ulink> for more information."
17525
msgstr ""
17526
17527
#: serverguide/C/installation.xml:1132(para)
17528
msgid ""
17529
"Another good article is <ulink "
17530
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
17531
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
17532
"linuxdevcenter.com site."
17533
msgstr ""
17534
17535
#: serverguide/C/installation.xml:1139(para)
17536
msgid ""
17537
"For more information on <application>fdisk</application> see the <ulink "
17538
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/fdisk.8.html\">fdisk"
17539
" man page</ulink>."
17540
msgstr ""
17541
17542
#: serverguide/C/file-server.xml:13(title)
17543
msgid "File Servers"
17544
msgstr "Failų Serveriai"
17545
17546
#: serverguide/C/file-server.xml:15(para)
17547
msgid ""
17548
"If you have more than one computer on a single network. At some point you "
17549
"will probably need to share files between them. In this section we cover "
17550
"installing and configuring FTP, NFS, and CUPS."
17551
msgstr ""
17552
17553
#: serverguide/C/file-server.xml:22(title)
17554
msgid "FTP Server"
17555
msgstr "FTP Serveris"
17556
17557
#: serverguide/C/file-server.xml:24(para)
17558
msgid ""
17559
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
17560
"files between computers. FTP works on a client/server model. The server "
17561
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
17562
"listens for FTP requests from remote clients. When a request is received, it "
17563
"manages the login and sets up the connection. For the duration of the "
17564
"session it executes any of commands sent by the FTP client."
17565
msgstr ""
17566
17567
#: serverguide/C/file-server.xml:33(para)
17568
msgid "Access to an FTP server can be managed in two ways:"
17569
msgstr ""
17570
17571
#: serverguide/C/file-server.xml:37(para)
17572
msgid "Anonymous"
17573
msgstr "Anonimiškas"
17574
17575
#: serverguide/C/file-server.xml:40(para)
17576
msgid "Authenticated"
17577
msgstr "Autentifikuotas"
17578
17579
#: serverguide/C/file-server.xml:43(para)
17580
msgid ""
17581
"In the Anonymous mode, remote clients can access the FTP server by using the "
17582
"default user account called \"anonymous\" or \"ftp\" and sending an email "
17583
"address as the password. In the Authenticated mode a user must have an "
17584
"account and a password. User access to the FTP server directories and files "
17585
"is dependent on the permissions defined for the account used at login. As a "
17586
"general rule, the FTP daemon will hide the root directory of the FTP server "
17587
"and change it to the FTP Home directory. This hides the rest of the file "
17588
"system from remote sessions."
17589
msgstr ""
17590
17591
#: serverguide/C/file-server.xml:55(title)
17592
msgid "vsftpd - FTP Server Installation"
17593
msgstr ""
17594
17595
#: serverguide/C/file-server.xml:57(para)
17596
msgid ""
17597
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
17598
"and maintain. To install <application>vsftpd</application> you can run the "
17599
"following command:"
17600
msgstr ""
17601
17602
#: serverguide/C/file-server.xml:65(command)
17603
msgid "sudo apt-get install vsftpd"
17604
msgstr ""
17605
17606
#: serverguide/C/file-server.xml:71(title)
17607
msgid "Anonymous FTP Configuration"
17608
msgstr ""
17609
17610
#: serverguide/C/file-server.xml:73(para)
17611
msgid ""
17612
"By default <application>vsftpd</application> is configured to only allow "
17613
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
17614
"created with a home directory of <filename>/home/ftp</filename>. This is the "
17615
"default FTP directory."
17616
msgstr ""
17617
17618
#: serverguide/C/file-server.xml:80(para)
17619
msgid ""
17620
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
17621
"example, simply create a directory in another location and change the "
17622
"<emphasis>ftp</emphasis> user's home directory:"
17623
msgstr ""
17624
17625
#: serverguide/C/file-server.xml:87(command)
17626
msgid "sudo mkdir /srv/ftp"
17627
msgstr ""
17628
17629
#: serverguide/C/file-server.xml:88(command)
17630
msgid "sudo usermod -d /srv/ftp ftp"
17631
msgstr ""
17632
17633
#: serverguide/C/file-server.xml:91(para)
17634
msgid "After making the change restart <application>vsftpd</application>:"
17635
msgstr ""
17636
17637
#: serverguide/C/file-server.xml:96(command) serverguide/C/file-server.xml:124(command) serverguide/C/file-server.xml:189(command) serverguide/C/file-server.xml:237(command)
17638
msgid "sudo /etc/init.d/vsftpd restart"
17639
msgstr ""
17640
17641
#: serverguide/C/file-server.xml:99(para)
17642
msgid ""
17643
"Finally, copy any files and directories you would like to make available "
17644
"through anonymous FTP to <filename>/srv/ftp</filename>."
17645
msgstr ""
17646
17647
#: serverguide/C/file-server.xml:106(title)
17648
msgid "User Authenticated FTP Configuration"
17649
msgstr ""
17650
17651
#: serverguide/C/file-server.xml:108(para)
17652
msgid ""
17653
"To configure <application>vsftpd</application> to authenticate system users "
17654
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
17655
msgstr ""
17656
17657
#: serverguide/C/file-server.xml:114(programlisting)
17658
#, no-wrap
17659
msgid ""
17660
"\n"
17661
"local_enable=YES\n"
17662
"write_enable=YES\n"
17663
msgstr ""
17664
17665
#: serverguide/C/file-server.xml:119(para)
17666
msgid "Now restart <application>vsftpd</application>:"
17667
msgstr ""
17668
17669
#: serverguide/C/file-server.xml:127(para)
17670
msgid ""
17671
"Now when system users login to FTP they will start in their "
17672
"<emphasis>home</emphasis> directories where they can download, upload, "
17673
"create directories, etc."
17674
msgstr ""
17675
17676
#: serverguide/C/file-server.xml:133(para)
17677
msgid ""
17678
"Similarly, by default, the anonymous users are not allowed to upload files "
17679
"to FTP server. To change this setting, you should uncomment the following "
17680
"line, and restart <application>vsftpd</application>:"
17681
msgstr ""
17682
17683
#: serverguide/C/file-server.xml:140(programlisting)
17684
#, no-wrap
17685
msgid ""
17686
"\n"
17687
"anon_upload_enable=YES\n"
17688
msgstr ""
17689
17690
#: serverguide/C/file-server.xml:145(para)
17691
msgid ""
17692
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
17693
"not enable anonymous upload on servers accessed directly from the Internet."
17694
msgstr ""
17695
17696
#: serverguide/C/file-server.xml:151(para)
17697
msgid ""
17698
"The configuration file consists of many configuration parameters. The "
17699
"information about each parameter is available in the configuration file. "
17700
"Alternatively, you can refer to the man page, <command>man 5 "
17701
"vsftpd.conf</command> for details of each parameter."
17702
msgstr ""
17703
17704
#: serverguide/C/file-server.xml:162(title)
17705
msgid "Securing FTP"
17706
msgstr ""
17707
17708
#: serverguide/C/file-server.xml:164(para)
17709
msgid ""
17710
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
17711
"<application>vsftpd</application> more secure. For example users can be "
17712
"limited to their home directories by uncommenting:"
17713
msgstr ""
17714
17715
#: serverguide/C/file-server.xml:170(programlisting)
17716
#, no-wrap
17717
msgid ""
17718
"\n"
17719
"chroot_local_user=YES\n"
17720
msgstr ""
17721
17722
#: serverguide/C/file-server.xml:174(para)
17723
msgid ""
17724
"You can also limit a specific list of users to just their home directories:"
17725
msgstr ""
17726
17727
#: serverguide/C/file-server.xml:178(programlisting)
17728
#, no-wrap
17729
msgid ""
17730
"\n"
17731
"chroot_list_enable=YES\n"
17732
"chroot_list_file=/etc/vsftpd.chroot_list\n"
17733
msgstr ""
17734
17735
#: serverguide/C/file-server.xml:183(para)
17736
msgid ""
17737
"After uncommenting the above options, create a "
17738
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
17739
"per line. Then restart <application>vsftpd</application>:"
17740
msgstr ""
17741
17742
#: serverguide/C/file-server.xml:192(para)
17743
msgid ""
17744
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
17745
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
17746
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
17747
"add them to the list."
17748
msgstr ""
17749
17750
#: serverguide/C/file-server.xml:199(para)
17751
msgid ""
17752
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
17753
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
17754
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
17755
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
17756
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
17757
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
17758
"with a shell may not be ideal for some environments, such as a shared web "
17759
"host."
17760
msgstr ""
17761
17762
#: serverguide/C/file-server.xml:208(para)
17763
msgid ""
17764
"To configure <emphasis>FTPS</emphasis>, edit "
17765
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
17766
msgstr ""
17767
17768
#: serverguide/C/file-server.xml:212(programlisting)
17769
#, no-wrap
17770
msgid ""
17771
"\n"
17772
"ssl_enable=Yes\n"
17773
msgstr ""
17774
17775
#: serverguide/C/file-server.xml:216(para)
17776
msgid "Also, notice the certificate and key related options:"
17777
msgstr ""
17778
17779
#: serverguide/C/file-server.xml:220(programlisting)
17780
#, no-wrap
17781
msgid ""
17782
"\n"
17783
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
17784
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
17785
msgstr ""
17786
17787
#: serverguide/C/file-server.xml:225(para)
17788
msgid ""
17789
"By default these options are set the the certificate and key provided by the "
17790
"<application>ssl-cert</application> package. In a production environment "
17791
"these should be replaced with a certificate and key generated for the "
17792
"specific host. For more information on certificates see <xref "
17793
"linkend=\"certificates-and-security\"/>."
17794
msgstr ""
17795
17796
#: serverguide/C/file-server.xml:231(para)
17797
msgid ""
17798
"Now restart <application>vsftpd</application>, and non-anonymous users will "
17799
"be forced to use <emphasis>FTPS</emphasis>:"
17800
msgstr ""
17801
17802
#: serverguide/C/file-server.xml:240(para)
17803
msgid ""
17804
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
17805
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
17806
"adding the <emphasis>nologin</emphasis> shell:"
17807
msgstr ""
17808
17809
#: serverguide/C/file-server.xml:245(programlisting)
17810
#, no-wrap
17811
msgid ""
17812
"\n"
17813
"# /etc/shells: valid login shells\n"
17814
"/bin/csh\n"
17815
"/bin/sh\n"
17816
"/usr/bin/es\n"
17817
"/usr/bin/ksh\n"
17818
"/bin/ksh\n"
17819
"/usr/bin/rc\n"
17820
"/usr/bin/tcsh\n"
17821
"/bin/tcsh\n"
17822
"/usr/bin/esh\n"
17823
"/bin/dash\n"
17824
"/bin/bash\n"
17825
"/bin/rbash\n"
17826
"/usr/bin/screen\n"
17827
"/usr/sbin/nologin\n"
17828
msgstr ""
17829
17830
#: serverguide/C/file-server.xml:263(para)
17831
msgid ""
17832
"This is necessary because, by default <application>vsftpd</application> uses "
17833
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
17834
"configuration file contains:"
17835
msgstr ""
17836
17837
#: serverguide/C/file-server.xml:268(programlisting)
17838
#, no-wrap
17839
msgid ""
17840
"\n"
17841
"auth required pam_shells.so\n"
17842
msgstr ""
17843
17844
#: serverguide/C/file-server.xml:272(para)
17845
msgid ""
17846
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
17847
"in the <filename>/etc/shells</filename> file."
17848
msgstr ""
17849
17850
#: serverguide/C/file-server.xml:277(para)
17851
msgid ""
17852
"Most popular FTP clients can be configured connect using FTPS. The "
17853
"<application>lftp</application> command line FTP client has the ability to "
17854
"use FTPS as well."
17855
msgstr ""
17856
17857
#: serverguide/C/file-server.xml:288(para)
17858
msgid ""
17859
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
17860
"website</ulink> for more information."
17861
msgstr ""
17862
17863
#: serverguide/C/file-server.xml:293(para)
17864
msgid ""
17865
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
17866
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/vsftpd.conf.5.html\""
17867
">vsftpd.conf man page</ulink>."
17868
msgstr ""
17869
17870
#: serverguide/C/file-server.xml:299(para)
17871
msgid ""
17872
"The CodeGurus article <ulink "
17873
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
17874
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
17875
"contrasting FTPS and SFTP."
17876
msgstr ""
17877
17878
#: serverguide/C/file-server.xml:310(title)
17879
msgid "Network File System (NFS)"
17880
msgstr ""
17881
17882
#: serverguide/C/file-server.xml:311(para)
17883
msgid ""
17884
"NFS allows a system to share directories and files with others over a "
17885
"network. By using NFS, users and programs can access files on remote systems "
17886
"almost as if they were local files."
17887
msgstr ""
17888
17889
#: serverguide/C/file-server.xml:317(para)
17890
msgid "Some of the most notable benefits that NFS can provide are:"
17891
msgstr ""
17892
17893
#: serverguide/C/file-server.xml:323(para)
17894
msgid ""
17895
"Local workstations use less disk space because commonly used data can be "
17896
"stored on a single machine and still remain accessible to others over the "
17897
"network."
17898
msgstr ""
17899
17900
#: serverguide/C/file-server.xml:328(para)
17901
msgid ""
17902
"There is no need for users to have separate home directories on every "
17903
"network machine. Home directories could be set up on the NFS server and made "
17904
"available throughout the network."
17905
msgstr ""
17906
17907
#: serverguide/C/file-server.xml:334(para)
17908
msgid ""
17909
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
17910
"be used by other machines on the network. This may reduce the number of "
17911
"removable media drives throughout the network."
17912
msgstr ""
17913
17914
#: serverguide/C/file-server.xml:344(para)
17915
msgid ""
17916
"At a terminal prompt enter the following command to install the NFS Server:"
17917
msgstr ""
17918
17919
#: serverguide/C/file-server.xml:350(command)
17920
msgid "sudo apt-get install nfs-kernel-server"
17921
msgstr ""
17922
17923
#: serverguide/C/file-server.xml:356(para)
17924
msgid ""
17925
"You can configure the directories to be exported by adding them to the "
17926
"<filename>/etc/exports</filename> file. For example:"
17927
msgstr ""
17928
17929
#: serverguide/C/file-server.xml:361(screen)
17930
#, no-wrap
17931
msgid ""
17932
"\n"
17933
"/ubuntu *(ro,sync,no_root_squash)\n"
17934
"/home *(rw,sync,no_root_squash)\n"
17935
msgstr ""
17936
17937
#: serverguide/C/file-server.xml:367(para)
17938
msgid ""
17939
"You can replace * with one of the hostname formats. Make the hostname "
17940
"declaration as specific as possible so unwanted systems cannot access the "
17941
"NFS mount."
17942
msgstr ""
17943
17944
#: serverguide/C/file-server.xml:373(para)
17945
msgid ""
17946
"To start the NFS server, you can run the following command at a terminal "
17947
"prompt:"
17948
msgstr ""
17949
17950
#: serverguide/C/file-server.xml:378(command)
17951
msgid "sudo /etc/init.d/nfs-kernel-server start"
17952
msgstr ""
17953
17954
#: serverguide/C/file-server.xml:383(title)
17955
msgid "NFS Client Configuration"
17956
msgstr ""
17957
17958
#: serverguide/C/file-server.xml:384(para)
17959
msgid ""
17960
"Use the <application>mount</application> command to mount a shared NFS "
17961
"directory from another machine, by typing a command line similar to the "
17962
"following at a terminal prompt:"
17963
msgstr ""
17964
17965
#: serverguide/C/file-server.xml:390(command)
17966
msgid "sudo mount example.hostname.com:/ubuntu /local/ubuntu"
17967
msgstr ""
17968
17969
#: serverguide/C/file-server.xml:394(para)
17970
msgid ""
17971
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
17972
"There should be no files or subdirectories in the "
17973
"<filename>/local/ubuntu</filename> directory."
17974
msgstr ""
17975
17976
#: serverguide/C/file-server.xml:401(para)
17977
msgid ""
17978
"An alternate way to mount an NFS share from another machine is to add a line "
17979
"to the <filename>/etc/fstab</filename> file. The line must state the "
17980
"hostname of the NFS server, the directory on the server being exported, and "
17981
"the directory on the local machine where the NFS share is to be mounted."
17982
msgstr ""
17983
17984
#: serverguide/C/file-server.xml:409(para)
17985
msgid ""
17986
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
17987
"as follows:"
17988
msgstr ""
17989
17990
#: serverguide/C/file-server.xml:415(programlisting)
17991
#, no-wrap
17992
msgid ""
17993
"\n"
17994
"example.hostname.com:/ubuntu /local/ubuntu nfs "
17995
"rsize=8192,wsize=8192,timeo=14,intr\n"
17996
msgstr ""
17997
17998
#: serverguide/C/file-server.xml:419(para)
17999
msgid ""
18000
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
18001
"common</application> package is installed on your client. To install "
18002
"<application>nfs-common</application> enter the following command at the "
18003
"terminal prompt: <screen>\n"
18004
"<command>sudo apt-get install nfs-common</command>\n"
18005
"</screen>"
18006
msgstr ""
18007
18008
#: serverguide/C/file-server.xml:432(ulink)
18009
msgid "Linux NFS faq"
18010
msgstr ""
18011
18012
#: serverguide/C/file-server.xml:437(title)
18013
msgid "CUPS - Print Server"
18014
msgstr ""
18015
18016
#: serverguide/C/file-server.xml:438(para)
18017
msgid ""
18018
"The primary mechanism for Ubuntu printing and print services is the "
18019
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
18020
"printing system is a freely available, portable printing layer which has "
18021
"become the new standard for printing in most Linux distributions."
18022
msgstr ""
18023
18024
#: serverguide/C/file-server.xml:445(para)
18025
msgid ""
18026
"CUPS manages print jobs and queues and provides network printing using the "
18027
"standard Internet Printing Protocol (IPP), while offering support for a very "
18028
"large range of printers, from dot-matrix to laser and many in between. CUPS "
18029
"also supports PostScript Printer Description (PPD) and auto-detection of "
18030
"network printers, and features a simple web-based configuration and "
18031
"administration tool."
18032
msgstr ""
18033
18034
#: serverguide/C/file-server.xml:455(para)
18035
msgid ""
18036
"To install CUPS on your Ubuntu computer, simply use "
18037
"<application>sudo</application> with the <application>apt-get</application> "
18038
"command and give the packages to install as the first parameter. A complete "
18039
"CUPS install has many package dependencies, but they may all be specified on "
18040
"the same command line. Enter the following at a terminal prompt to install "
18041
"CUPS:"
18042
msgstr ""
18043
18044
#: serverguide/C/file-server.xml:460(command)
18045
msgid "sudo apt-get install cupsys"
18046
msgstr ""
18047
18048
#: serverguide/C/file-server.xml:463(para)
18049
msgid ""
18050
"Upon authenticating with your user password, the packages should be "
18051
"downloaded and installed without error. Upon the conclusion of installation, "
18052
"the CUPS server will be started automatically."
18053
msgstr ""
18054
18055
#: serverguide/C/file-server.xml:468(para)
18056
msgid ""
18057
"For troubleshooting purposes, you can access CUPS server errors via the "
18058
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
18059
"error log does not show enough information to troubleshoot any problems you "
18060
"encounter, the verbosity of the CUPS log can be increased by changing the "
18061
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
18062
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
18063
"everything, from the default of \"info\". If you make this change, remember "
18064
"to change it back once you've solved your problem, to prevent the log file "
18065
"from becoming overly large."
18066
msgstr ""
18067
18068
#: serverguide/C/file-server.xml:481(para)
18069
msgid ""
18070
"The Common UNIX Printing System server's behavior is configured through the "
18071
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
18072
"The CUPS configuration file follows the same syntax as the primary "
18073
"configuration file for the Apache HTTP server, so users familiar with "
18074
"editing Apache's configuration file should feel at ease when editing the "
18075
"CUPS configuration file. Some examples of settings you may wish to change "
18076
"initially will be presented here."
18077
msgstr ""
18078
18079
#: serverguide/C/file-server.xml:491(para)
18080
msgid ""
18081
"Prior to editing the configuration file, you should make a copy of the "
18082
"original file and protect it from writing, so you will have the original "
18083
"settings as a reference, and to reuse as necessary."
18084
msgstr ""
18085
18086
#: serverguide/C/file-server.xml:495(para)
18087
msgid ""
18088
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
18089
"writing with the following commands, issued at a terminal prompt:"
18090
msgstr ""
18091
18092
#: serverguide/C/file-server.xml:501(command)
18093
msgid "sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original"
18094
msgstr ""
18095
18096
#: serverguide/C/file-server.xml:502(command)
18097
msgid "sudo chmod a-w /etc/cups/cupsd.conf.original"
18098
msgstr ""
18099
18100
#: serverguide/C/file-server.xml:507(para)
18101
msgid ""
18102
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
18103
"address of the designated administrator of the CUPS server, simply edit the "
18104
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
18105
"preferred text editor, and modify the <emphasis "
18106
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
18107
"you are the Administrator for the CUPS server, and your e-mail address is "
18108
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
18109
"as such:"
18110
msgstr ""
18111
18112
#: serverguide/C/file-server.xml:518(screen)
18113
#, no-wrap
18114
msgid ""
18115
"\n"
18116
"ServerAdmin bjoy@somebigco.com\n"
18117
msgstr ""
18118
18119
#: serverguide/C/file-server.xml:524(para)
18120
msgid ""
18121
"For more examples of configuration directives in the CUPS server "
18122
"configuration file, view the associated system manual page by entering the "
18123
"following command at a terminal prompt:"
18124
msgstr ""
18125
18126
#: serverguide/C/file-server.xml:531(command)
18127
msgid "man cupsd.conf"
18128
msgstr ""
18129
18130
#: serverguide/C/file-server.xml:535(para)
18131
msgid ""
18132
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
18133
"configuration file, you'll need to restart the CUPS server by typing the "
18134
"following command at a terminal prompt:"
18135
msgstr ""
18136
18137
#: serverguide/C/file-server.xml:541(command)
18138
msgid "sudo /etc/init.d/cupsys restart"
18139
msgstr ""
18140
18141
#: serverguide/C/file-server.xml:544(para)
18142
msgid ""
18143
"Some other configuration for the CUPS server is done in the file "
18144
"<filename>/etc/cups/cups.d/ports.conf</filename>:"
18145
msgstr ""
18146
18147
#: serverguide/C/file-server.xml:547(para)
18148
msgid ""
18149
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
18150
"server installation listens only on the loopback interface at IP address "
18151
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
18152
"listen on an actual network adapter's IP address, you must specify either a "
18153
"hostname, the IP address, or optionally, an IP address/port pairing via the "
18154
"addition of a Listen directive. For example, if your CUPS server resides on "
18155
"a local network at the IP address <emphasis "
18156
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
18157
"accessible to the other systems on this subnetwork, you would edit the "
18158
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
18159
"such:"
18160
msgstr ""
18161
18162
#: serverguide/C/file-server.xml:561(screen)
18163
#, no-wrap
18164
msgid ""
18165
"\n"
18166
"Listen 127.0.0.1:631 # existing loopback Listen\n"
18167
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
18168
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
18169
"(IPP)\n"
18170
msgstr ""
18171
18172
#: serverguide/C/file-server.xml:567(para)
18173
msgid ""
18174
"In the example above, you may comment out or remove the reference to the "
18175
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
18176
"</application> to listen on that interface, but would rather have it only "
18177
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
18178
"listening for all network interfaces for which a certain hostname is bound, "
18179
"including the Loopback, you could create a Listen entry for the hostname "
18180
"<emphasis>socrates</emphasis> as such:"
18181
msgstr ""
18182
18183
#: serverguide/C/file-server.xml:577(screen)
18184
#, no-wrap
18185
msgid ""
18186
"\n"
18187
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
18188
msgstr ""
18189
18190
#: serverguide/C/file-server.xml:581(para)
18191
msgid ""
18192
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
18193
"instead, as in:"
18194
msgstr ""
18195
18196
#: serverguide/C/file-server.xml:583(screen)
18197
#, no-wrap
18198
msgid ""
18199
"\n"
18200
"Port 631 # Listen on port 631 on all interfaces\n"
18201
msgstr ""
18202
18203
#: serverguide/C/file-server.xml:594(ulink)
18204
msgid "CUPS Website"
18205
msgstr ""
18206
18207
#: serverguide/C/dns.xml:13(title)
18208
msgid "Domain Name Service (DNS)"
18209
msgstr ""
18210
18211
#: serverguide/C/dns.xml:14(para)
18212
msgid ""
18213
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
18214
"fully qualified domain names (FQDN) to one another. In this way, DNS "
18215
"alleviates the need to remember IP addresses. Computers that run DNS are "
18216
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
18217
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
18218
"common program used for maintaining a name server on Linux."
18219
msgstr ""
18220
18221
#: serverguide/C/dns.xml:24(para)
18222
msgid ""
18223
"At a terminal prompt, enter the following command to install "
18224
"<application>dns</application>:"
18225
msgstr ""
18226
18227
#: serverguide/C/dns.xml:28(command)
18228
msgid "sudo apt-get install bind9"
18229
msgstr ""
18230
18231
#: serverguide/C/dns.xml:30(para)
18232
msgid ""
18233
"A very useful package for testing and troubleshooting DNS issues is the "
18234
"dnsutils package. To install <application>dnsutils</application> enter the "
18235
"following:"
18236
msgstr ""
18237
18238
#: serverguide/C/dns.xml:35(command)
18239
msgid "sudo apt-get install dnsutils"
18240
msgstr ""
18241
18242
#: serverguide/C/dns.xml:40(para)
18243
msgid ""
18244
"There a many ways to configure <application>BIND9</application>. Some of the "
18245
"most common configurations are a caching nameserver, primary master, and a "
18246
"as a secondary master."
18247
msgstr ""
18248
18249
#: serverguide/C/dns.xml:46(para)
18250
msgid ""
18251
"When configured as a caching nameserver BIND9 will find the answer to name "
18252
"queries and remember the answer when the domain is queried again."
18253
msgstr ""
18254
18255
#: serverguide/C/dns.xml:52(para)
18256
msgid ""
18257
"As a primary master server BIND9 reads the data for a zone from a file on "
18258
"it's host and is authoritative for that zone."
18259
msgstr ""
18260
18261
#: serverguide/C/dns.xml:57(para)
18262
msgid ""
18263
"In a secondary master configuration BIND9 gets the zone data from another "
18264
"nameserver authoritative for the zone."
18265
msgstr ""
18266
18267
#: serverguide/C/dns.xml:65(para)
18268
msgid ""
18269
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
18270
"directory. The primary configuration file is "
18271
"<filename>/etc/bind/named.conf</filename>."
18272
msgstr ""
18273
18274
#: serverguide/C/dns.xml:72(para)
18275
msgid ""
18276
"The <emphasis>include</emphasis> line specifies the filename which contains "
18277
"the DNS options. The <emphasis>directory</emphasis> line in the "
18278
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
18279
"look for files. All files BIND uses will be relative to this directory."
18280
msgstr ""
18281
18282
#: serverguide/C/dns.xml:80(para)
18283
msgid ""
18284
"The file named <filename>/etc/bind/db.root</filename> describes the root "
18285
"nameservers in the world. The servers change over time, so the "
18286
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
18287
"This is usually done as updates to the <application>bind9</application> "
18288
"package. The <emphasis>zone</emphasis> section defines a master server, and "
18289
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
18290
msgstr ""
18291
18292
#: serverguide/C/dns.xml:90(para)
18293
msgid ""
18294
"It is possible to configure the same server to be a caching name server, "
18295
"primary master, and secondary master. A server can be the Start of Authority "
18296
"(SOA) for one zone, while providing secondary service for another zone. All "
18297
"the while providing caching services for hosts on the local LAN."
18298
msgstr ""
18299
18300
#: serverguide/C/dns.xml:98(title)
18301
msgid "Caching Nameserver"
18302
msgstr ""
18303
18304
#: serverguide/C/dns.xml:99(para)
18305
msgid ""
18306
"The default configuration is setup to act as a caching server. All that is "
18307
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
18308
"uncomment and edit the following in "
18309
"<filename>/etc/bind/named.conf.options</filename>:"
18310
msgstr ""
18311
18312
#: serverguide/C/dns.xml:103(programlisting)
18313
#, no-wrap
18314
msgid ""
18315
"\n"
18316
"forwarders {\n"
18317
" 1.2.3.4;\n"
18318
" 5.6.7.8;\n"
18319
" };\n"
18320
msgstr ""
18321
18322
#: serverguide/C/dns.xml:110(para)
18323
msgid ""
18324
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
18325
"the IP Adresses of actual nameservers."
18326
msgstr ""
18327
18328
#: serverguide/C/dns.xml:114(para)
18329
msgid ""
18330
"Now restart the DNS server, to enable the new configuration. From a terminal "
18331
"prompt:"
18332
msgstr ""
18333
18334
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
18335
msgid "sudo /etc/init.d/bind9 restart"
18336
msgstr ""
18337
18338
#: serverguide/C/dns.xml:120(para)
18339
msgid ""
18340
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
18341
"DNS server."
18342
msgstr ""
18343
18344
#: serverguide/C/dns.xml:125(title)
18345
msgid "Primary Master"
18346
msgstr ""
18347
18348
#: serverguide/C/dns.xml:126(para)
18349
msgid ""
18350
"In this section <application>BIND9</application> will be configured as the "
18351
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
18352
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
18353
"(Fully Qualified Domain Name)."
18354
msgstr ""
18355
18356
#: serverguide/C/dns.xml:132(title)
18357
msgid "Forward Zone File"
18358
msgstr ""
18359
18360
#: serverguide/C/dns.xml:133(para)
18361
msgid ""
18362
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
18363
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
18364
msgstr ""
18365
18366
#: serverguide/C/dns.xml:137(programlisting)
18367
#, no-wrap
18368
msgid ""
18369
"\n"
18370
"zone \"example.com\" {\n"
18371
"\ttype master;\n"
18372
" file \"/etc/bind/db.example.com\";\n"
18373
"};\n"
18374
msgstr ""
18375
18376
#: serverguide/C/dns.xml:143(para)
18377
msgid ""
18378
"Now use an existing zone file as a template to create the "
18379
"<filename>/etc/bind/db.example.com</filename> file:"
18380
msgstr ""
18381
18382
#: serverguide/C/dns.xml:147(command)
18383
msgid "sudo cp /etc/bind/db.local /etc/bind/db.example.com"
18384
msgstr ""
18385
18386
#: serverguide/C/dns.xml:149(para)
18387
msgid ""
18388
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
18389
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
18390
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
18391
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
18392
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
18393
"leaving the \".\" at the end."
18394
msgstr ""
18395
18396
#: serverguide/C/dns.xml:155(para)
18397
msgid ""
18398
"Also, create an <emphasis>A record</emphasis> for <emphasis "
18399
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
18400
msgstr ""
18401
18402
#: serverguide/C/dns.xml:159(programlisting)
18403
#, no-wrap
18404
msgid ""
18405
"\n"
18406
";\n"
18407
"; BIND data file for local loopback interface\n"
18408
";\n"
18409
"$TTL 604800\n"
18410
"@ IN SOA ns.example.com. root.example.com. (\n"
18411
" 2 ; Serial\n"
18412
" 604800 ; Refresh\n"
18413
" 86400 ; Retry\n"
18414
" 2419200 ; Expire\n"
18415
" 604800 ) ; Negative Cache TTL\n"
18416
";\n"
18417
"@ IN NS ns.example.com.\n"
18418
"@ IN A 127.0.0.1\n"
18419
"@ IN AAAA ::1\n"
18420
"ns IN A 192.168.1.10\n"
18421
msgstr ""
18422
18423
#: serverguide/C/dns.xml:176(para)
18424
msgid ""
18425
"You must increment the <emphasis>Serial Number</emphasis> every time you "
18426
"make changes to the zone file. If you make multiple changes before "
18427
"restarting BIND9, simply increment the Serial once."
18428
msgstr ""
18429
18430
#: serverguide/C/dns.xml:180(para)
18431
msgid ""
18432
"Now, you can add DNS records to the bottom of the zone file. See <xref "
18433
"linkend=\"dns-record-types\"/> for details."
18434
msgstr ""
18435
18436
#: serverguide/C/dns.xml:184(para)
18437
msgid ""
18438
"Many admins like to use the last date edited as the serial of a zone, such "
18439
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
18440
"<emphasis>ss</emphasis> is the Serial Number)"
18441
msgstr ""
18442
18443
#: serverguide/C/dns.xml:189(para)
18444
msgid ""
18445
"Once you have made a change to the zone file "
18446
"<application>BIND9</application> will need to be restarted for the changes "
18447
"to take effect:"
18448
msgstr ""
18449
18450
#: serverguide/C/dns.xml:198(title)
18451
msgid "Reverse Zone File"
18452
msgstr ""
18453
18454
#: serverguide/C/dns.xml:199(para)
18455
msgid ""
18456
"Now that the zone is setup and resolving names to IP Adresses a "
18457
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
18458
"DNS to resolve an address to a name."
18459
msgstr ""
18460
18461
#: serverguide/C/dns.xml:203(para)
18462
msgid "Edit /etc/bind/named.conf.local and add the following:"
18463
msgstr ""
18464
18465
#: serverguide/C/dns.xml:206(programlisting)
18466
#, no-wrap
18467
msgid ""
18468
"\n"
18469
"zone \"1.168.192.in-addr.arpa\" {\n"
18470
" type master;\n"
18471
" notify no;\n"
18472
" file \"/etc/bind/db.192\";\n"
18473
"};\n"
18474
msgstr ""
18475
18476
#: serverguide/C/dns.xml:214(para)
18477
msgid ""
18478
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
18479
"whatever network you are using. Also, name the zone file "
18480
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
18481
"first octet of your network."
18482
msgstr ""
18483
18484
#: serverguide/C/dns.xml:219(para)
18485
msgid "Now create the <filename>/etc/bind/db.192</filename> file:"
18486
msgstr ""
18487
18488
#: serverguide/C/dns.xml:223(command)
18489
msgid "sudo cp /etc/bind/db.127 /etc/bind/db.192"
18490
msgstr ""
18491
18492
#: serverguide/C/dns.xml:225(para)
18493
msgid ""
18494
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
18495
"same options as <filename>/etc/bind/db.example.com</filename>:"
18496
msgstr ""
18497
18498
#: serverguide/C/dns.xml:229(programlisting)
18499
#, no-wrap
18500
msgid ""
18501
"\n"
18502
";\n"
18503
"; BIND reverse data file for local loopback interface\n"
18504
";\n"
18505
"$TTL 604800\n"
18506
"@ IN SOA ns.example.com. root.example.com. (\n"
18507
" 2 ; Serial\n"
18508
" 604800 ; Refresh\n"
18509
" 86400 ; Retry\n"
18510
" 2419200 ; Expire\n"
18511
" 604800 ) ; Negative Cache TTL\n"
18512
";\n"
18513
"@ IN NS ns.\n"
18514
"10 IN PTR ns.example.com.\n"
18515
msgstr ""
18516
18517
#: serverguide/C/dns.xml:244(para)
18518
msgid ""
18519
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
18520
"incremented on each changes as well. For each <emphasis>A record</emphasis> "
18521
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
18522
"create a <emphasis>PTR record</emphasis> in "
18523
"<filename>/etc/bind/db.192</filename>."
18524
msgstr ""
18525
18526
#: serverguide/C/dns.xml:249(para)
18527
msgid ""
18528
"After creating the reverse zone file restart "
18529
"<application>BIND9</application>:"
18530
msgstr ""
18531
18532
#: serverguide/C/dns.xml:258(title)
18533
msgid "Secondary Master"
18534
msgstr ""
18535
18536
#: serverguide/C/dns.xml:259(para)
18537
msgid ""
18538
"Once a <emphasis>Primary Master</emphasis> has been configured a "
18539
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
18540
"availability of the domain should the Primary become unavailable."
18541
msgstr ""
18542
18543
#: serverguide/C/dns.xml:263(para)
18544
msgid ""
18545
"First, on the Primary Master server, the zone transfer needs to be allowed. "
18546
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
18547
"and Reverse zone definitions in "
18548
"<filename>/etc/bind/named.conf.local</filename>:"
18549
msgstr ""
18550
18551
#: serverguide/C/dns.xml:267(programlisting)
18552
#, no-wrap
18553
msgid ""
18554
"\n"
18555
"zone \"example.com\" {\n"
18556
" type master;\n"
18557
"\tfile \"/etc/bind/db.example.com\";\n"
18558
" allow-transfer { 192.168.1.11; };\n"
18559
"};\n"
18560
"\n"
18561
"zone \"1.168.192.in-addr.arpa\" {\n"
18562
" type master;\n"
18563
" notify no;\n"
18564
" file \"/etc/bind/db.192\";\n"
18565
"\tallow-transfer { 192.168.1.11; };\n"
18566
"};\n"
18567
msgstr ""
18568
18569
#: serverguide/C/dns.xml:282(para)
18570
msgid ""
18571
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
18572
"Secondary nameserver."
18573
msgstr ""
18574
18575
#: serverguide/C/dns.xml:286(para)
18576
msgid ""
18577
"Next, on the Secondary Master, install the <application>bind9</application> "
18578
"package the same way as on the Primary. Then edit the "
18579
"<filename>/etc/bind/named.conf.local</filename> and add the following "
18580
"declarations for the Forward and Reverse zones:"
18581
msgstr ""
18582
18583
#: serverguide/C/dns.xml:290(programlisting)
18584
#, no-wrap
18585
msgid ""
18586
"\n"
18587
"zone \"example.com\" {\n"
18588
"\ttype slave;\n"
18589
" file \"/var/cache/bind/db.example.com\";\n"
18590
" masters { 192.168.1.10; };\n"
18591
"}; \n"
18592
" \n"
18593
"zone \"1.168.192.in-addr.arpa\" {\n"
18594
"\ttype slave;\n"
18595
" file \"/var/cache/bind/db.192\";\n"
18596
" masters { 192.168.1.10; };\n"
18597
"};\n"
18598
msgstr ""
18599
18600
#: serverguide/C/dns.xml:304(para)
18601
msgid ""
18602
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
18603
"Primary nameserver."
18604
msgstr ""
18605
18606
#: serverguide/C/dns.xml:308(para)
18607
msgid "Restart <application>BIND9</application> on the Secondary Master:"
18608
msgstr ""
18609
18610
#: serverguide/C/dns.xml:314(para)
18611
msgid ""
18612
"In <filename>/var/log/syslog</filename> you should see something similar to:"
18613
msgstr ""
18614
18615
#: serverguide/C/dns.xml:317(programlisting)
18616
#, no-wrap
18617
msgid ""
18618
"\n"
18619
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
18620
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
18621
msgstr ""
18622
18623
#: serverguide/C/dns.xml:322(para)
18624
msgid ""
18625
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
18626
"on the Primary is larger than the one on the Secondary."
18627
msgstr ""
18628
18629
#: serverguide/C/dns.xml:328(para)
18630
msgid ""
18631
"The default directory for non-authoritative zone files is "
18632
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
18633
"<application>AppArmor</application> to allow the "
18634
"<application>named</application> daemon to write to. For more information on "
18635
"AppArmor see <xref linkend=\"apparmor\"/>."
18636
msgstr ""
18637
18638
#: serverguide/C/dns.xml:339(para)
18639
msgid ""
18640
"This section covers ways to help determine the cause when problems happen "
18641
"with DNS and <application>BIND9</application>."
18642
msgstr ""
18643
18644
#: serverguide/C/dns.xml:345(title)
18645
msgid "resolv.conf"
18646
msgstr ""
18647
18648
#: serverguide/C/dns.xml:346(para)
18649
msgid ""
18650
"The first step in testing <application>BIND9</application> is to add the "
18651
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
18652
"be configured as well as another host to double check things. Simply edit "
18653
"<filename>/etc/resolv.conf</filename> and add the following:"
18654
msgstr ""
18655
18656
#: serverguide/C/dns.xml:351(programlisting)
18657
#, no-wrap
18658
msgid ""
18659
"\n"
18660
"nameserver\t192.168.1.10\n"
18661
"nameserver\t192.168.1.11\n"
18662
msgstr ""
18663
18664
#: serverguide/C/dns.xml:356(para)
18665
msgid ""
18666
"You should also add the IP Address of the Secondary nameserver in case the "
18667
"Primary becomes unavailable."
18668
msgstr ""
18669
18670
#: serverguide/C/dns.xml:362(title)
18671
msgid "dig"
18672
msgstr ""
18673
18674
#: serverguide/C/dns.xml:363(para)
18675
msgid ""
18676
"If you installed the <application>dnsutils</application> package you can "
18677
"test your setup using the DNS lookup utility <application>dig</application>:"
18678
msgstr ""
18679
18680
#: serverguide/C/dns.xml:369(para)
18681
msgid ""
18682
"After installing <application>BIND9</application> use "
18683
"<application>dig</application> against the loopback interface to make sure "
18684
"it is listening on port 53. From a terminal prompt:"
18685
msgstr ""
18686
18687
#: serverguide/C/dns.xml:374(command)
18688
msgid "dig -x 127.0.0.1"
18689
msgstr ""
18690
18691
#: serverguide/C/dns.xml:376(para)
18692
msgid "You should see lines similar to the following in the command output:"
18693
msgstr ""
18694
18695
#: serverguide/C/dns.xml:379(programlisting)
18696
#, no-wrap
18697
msgid ""
18698
"\n"
18699
";; Query time: 1 msec\n"
18700
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
18701
msgstr ""
18702
18703
#: serverguide/C/dns.xml:385(para)
18704
msgid ""
18705
"If you have configured <application>BIND9</application> as a "
18706
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
18707
"the query time:"
18708
msgstr ""
18709
18710
#: serverguide/C/dns.xml:390(command)
18711
msgid "dig ubuntu.com"
18712
msgstr ""
18713
18714
#: serverguide/C/dns.xml:392(para)
18715
msgid "Note the query time toward the end of the command output:"
18716
msgstr ""
18717
18718
#: serverguide/C/dns.xml:395(programlisting)
18719
#, no-wrap
18720
msgid ""
18721
"\n"
18722
";; Query time: 49 msec\n"
18723
msgstr ""
18724
18725
#: serverguide/C/dns.xml:398(para)
18726
msgid "After a second dig there should be improvement:"
18727
msgstr ""
18728
18729
#: serverguide/C/dns.xml:401(programlisting)
18730
#, no-wrap
18731
msgid ""
18732
"\n"
18733
";; Query time: 1 msec\n"
18734
msgstr ""
18735
18736
#: serverguide/C/dns.xml:408(title)
18737
msgid "ping"
18738
msgstr ""
18739
18740
#: serverguide/C/dns.xml:410(para)
18741
msgid ""
18742
"Now to demonstrate how applications make use of DNS to resolve a host name "
18743
"use the <application>ping</application> utility to send an ICMP echo "
18744
"request. From a terminal prompt enter:"
18745
msgstr ""
18746
18747
#: serverguide/C/dns.xml:416(command)
18748
msgid "ping example.com"
18749
msgstr ""
18750
18751
#: serverguide/C/dns.xml:418(para)
18752
msgid ""
18753
"This tests if the nameserver can resolve the name "
18754
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
18755
"should resemble:"
18756
msgstr ""
18757
18758
#: serverguide/C/dns.xml:422(programlisting)
18759
#, no-wrap
18760
msgid ""
18761
"\n"
18762
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
18763
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
18764
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
18765
msgstr ""
18766
18767
#: serverguide/C/dns.xml:429(title)
18768
msgid "named-checkzone"
18769
msgstr ""
18770
18771
#: serverguide/C/dns.xml:430(para)
18772
msgid ""
18773
"A great way to test your zone files is by using the <application>named-"
18774
"checkzone</application> utility installed with the "
18775
"<application>bind9</application> package. This utility allows you to make "
18776
"sure the configuration is correct before restarting "
18777
"<application>BIND9</application> and making the changes live."
18778
msgstr ""
18779
18780
#: serverguide/C/dns.xml:437(para)
18781
msgid ""
18782
"To test our example Forward zone file enter the following from a command "
18783
"prompt:"
18784
msgstr ""
18785
18786
#: serverguide/C/dns.xml:441(command)
18787
msgid "named-checkzone example.com /etc/bind/db.example.com"
18788
msgstr ""
18789
18790
#: serverguide/C/dns.xml:443(para)
18791
msgid ""
18792
"If everything is configured correctly you should see output similar to:"
18793
msgstr ""
18794
18795
#: serverguide/C/dns.xml:446(programlisting)
18796
#, no-wrap
18797
msgid ""
18798
"\n"
18799
"zone example.com/IN: loaded serial 6\n"
18800
"OK\n"
18801
msgstr ""
18802
18803
#: serverguide/C/dns.xml:452(para)
18804
msgid "Similarly, to test the Reverse zone file enter the following:"
18805
msgstr ""
18806
18807
#: serverguide/C/dns.xml:456(command)
18808
msgid "named-checkzone example.com /etc/bind/db.192"
18809
msgstr ""
18810
18811
#: serverguide/C/dns.xml:458(para)
18812
msgid "The output should be similar to:"
18813
msgstr ""
18814
18815
#: serverguide/C/dns.xml:461(programlisting)
18816
#, no-wrap
18817
msgid ""
18818
"\n"
18819
"zone example.com/IN: loaded serial 3\n"
18820
"OK\n"
18821
msgstr ""
18822
18823
#: serverguide/C/dns.xml:468(para)
18824
msgid ""
18825
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
18826
"different."
18827
msgstr ""
18828
18829
#: serverguide/C/dns.xml:475(title)
18830
msgid "Logging"
18831
msgstr ""
18832
18833
#: serverguide/C/dns.xml:476(para)
18834
msgid ""
18835
"<application>BIND9</application> has a wide variety of logging configuration "
18836
"options available. There are two main options. The "
18837
"<emphasis>channel</emphasis> option configures where logs go, and the the "
18838
"<emphasis>category</emphasis> option determines what information to log."
18839
msgstr ""
18840
18841
#: serverguide/C/dns.xml:480(para)
18842
msgid "If no logging option is configured the default option is:"
18843
msgstr ""
18844
18845
#: serverguide/C/dns.xml:483(programlisting)
18846
#, no-wrap
18847
msgid ""
18848
"\n"
18849
"logging {\n"
18850
" category default { default_syslog; default_debug; };\n"
18851
" category unmatched { null; };\n"
18852
"};\n"
18853
msgstr ""
18854
18855
#: serverguide/C/dns.xml:489(para)
18856
msgid ""
18857
"This section covers configuring <application>BIND9</application> to send "
18858
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
18859
"file."
18860
msgstr ""
18861
18862
#: serverguide/C/dns.xml:494(para)
18863
msgid ""
18864
"First, we need to configure a channel to specify which file to send the "
18865
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
18866
"the following:"
18867
msgstr ""
18868
18869
#: serverguide/C/dns.xml:498(programlisting)
18870
#, no-wrap
18871
msgid ""
18872
"\n"
18873
"logging {\n"
18874
" channel query.log { \n"
18875
" file \"/var/log/query.log\";\n"
18876
" severity debug 3; \n"
18877
" }; \n"
18878
"};\n"
18879
msgstr ""
18880
18881
#: serverguide/C/dns.xml:508(para)
18882
msgid "Next, configure a category to send all DNS queries to the query file:"
18883
msgstr ""
18884
18885
#: serverguide/C/dns.xml:511(programlisting)
18886
#, no-wrap
18887
msgid ""
18888
"\n"
18889
"logging {\n"
18890
" channel query.log { \n"
18891
" file \"/var/log/query.log\"; \n"
18892
" severity debug 3; \n"
18893
" }; \n"
18894
" <emphasis>category queries { query.log; };</emphasis> \n"
18895
"};\n"
18896
msgstr ""
18897
18898
#: serverguide/C/dns.xml:523(para)
18899
msgid ""
18900
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
18901
"level isn't specified level 1 is the default."
18902
msgstr ""
18903
18904
#: serverguide/C/dns.xml:529(para)
18905
msgid ""
18906
"Since the <emphasis>named daemon</emphasis> runs as the "
18907
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
18908
"file must be created and the ownership changed:"
18909
msgstr ""
18910
18911
#: serverguide/C/dns.xml:534(command)
18912
msgid "sudo touch /var/log/query.log"
18913
msgstr ""
18914
18915
#: serverguide/C/dns.xml:535(command)
18916
msgid "sudo chown bind /var/log/query.log"
18917
msgstr ""
18918
18919
#: serverguide/C/dns.xml:539(para)
18920
msgid ""
18921
"Before <application>named</application> daemon can write to the new log file "
18922
"the <application>AppArmor</application> profile must be updated. First, edit "
18923
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
18924
msgstr ""
18925
18926
#: serverguide/C/dns.xml:543(programlisting)
18927
#, no-wrap
18928
msgid ""
18929
"\n"
18930
"/var/log/query.log w,\n"
18931
msgstr ""
18932
18933
#: serverguide/C/dns.xml:546(para)
18934
msgid "Next, reload the profile:"
18935
msgstr ""
18936
18937
#: serverguide/C/dns.xml:550(command)
18938
msgid "cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r"
18939
msgstr ""
18940
18941
#: serverguide/C/dns.xml:552(para)
18942
msgid ""
18943
"For more information on <application>AppArmor</application> see <xref "
18944
"linkend=\"apparmor\"/>"
18945
msgstr ""
18946
18947
#: serverguide/C/dns.xml:557(para)
18948
msgid ""
18949
"Now restart <application>BIND9</application> for the changes to take effect:"
18950
msgstr ""
18951
18952
#: serverguide/C/dns.xml:565(para)
18953
msgid ""
18954
"You should see the file <filename>/var/log/query.log</filename> fill with "
18955
"query information. This is a simple example of the "
18956
"<application>BIND9</application> logging options. For coverage of advanced "
18957
"options see <xref linkend=\"dns-more-info\"/>."
18958
msgstr ""
18959
18960
#: serverguide/C/dns.xml:574(title)
18961
msgid "Common Record Types"
18962
msgstr ""
18963
18964
#: serverguide/C/dns.xml:575(para)
18965
msgid "This section covers some of the most common DNS record types."
18966
msgstr ""
18967
18968
#: serverguide/C/dns.xml:580(para)
18969
msgid ""
18970
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
18971
msgstr ""
18972
18973
#: serverguide/C/dns.xml:583(programlisting)
18974
#, no-wrap
18975
msgid ""
18976
"\n"
18977
"www IN A 192.168.1.12\n"
18978
msgstr ""
18979
18980
#: serverguide/C/dns.xml:588(para)
18981
msgid ""
18982
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
18983
"record. You cannot create a CNAME record pointing to another CNAME record."
18984
msgstr ""
18985
18986
#: serverguide/C/dns.xml:591(programlisting)
18987
#, no-wrap
18988
msgid ""
18989
"\n"
18990
"web IN CNAME www\n"
18991
msgstr ""
18992
18993
#: serverguide/C/dns.xml:596(para)
18994
msgid ""
18995
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
18996
"to. Must point to an A record, not a CNAME."
18997
msgstr ""
18998
18999
#: serverguide/C/dns.xml:599(programlisting)
19000
#, no-wrap
19001
msgid ""
19002
"\n"
19003
" IN MX mail.example.com.\n"
19004
"mail IN A 192.168.1.13\n"
19005
msgstr ""
19006
19007
#: serverguide/C/dns.xml:605(para)
19008
msgid ""
19009
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
19010
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
19011
"Secondary servers are defined."
19012
msgstr ""
19013
19014
#: serverguide/C/dns.xml:609(programlisting)
19015
#, no-wrap
19016
msgid ""
19017
"\n"
19018
" IN NS ns.example.com.\n"
19019
"\tIN NS ns2.example.com.\n"
19020
"ns IN A 192.168.1.10\n"
19021
"ns2\tIN A\t 192.168.1.11\n"
19022
msgstr ""
19023
19024
#: serverguide/C/dns.xml:619(title)
19025
msgid "More Information"
19026
msgstr ""
19027
19028
#: serverguide/C/dns.xml:620(para)
19029
msgid ""
19030
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
19031
"HOWTO</ulink> explains more advanced options for configuring BIND9."
19032
msgstr ""
19033
19034
#: serverguide/C/dns.xml:623(para)
19035
msgid ""
19036
"For in depth coverage of <emphasis>DNS</emphasis> and "
19037
"<application>BIND9</application> see <ulink "
19038
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
19039
msgstr ""
19040
19041
#: serverguide/C/dns.xml:626(para)
19042
msgid ""
19043
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
19044
"BIND</ulink> is a popular book now in it's fifth edition."
19045
msgstr ""
19046
19047
#: serverguide/C/dns.xml:629(para)
19048
msgid ""
19049
"A great place to ask for <application>BIND9</application> assistance, and "
19050
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
19051
"server</emphasis> IRC channel on <ulink "
19052
"url=\"http://freenode.net\">freenode</ulink>."
19053
msgstr ""
19054
19055
#: serverguide/C/databases.xml:13(title)
19056
msgid "Databases"
19057
msgstr "Duomenų bazės"
19058
19059
#: serverguide/C/databases.xml:14(para)
19060
msgid "Ubuntu provides two popular database servers. They are:"
19061
msgstr ""
19062
19063
#: serverguide/C/databases.xml:22(application) serverguide/C/databases.xml:152(title)
19064
msgid "PostgreSQL"
19065
msgstr "PostgreSQL"
19066
19067
#: serverguide/C/databases.xml:25(para)
19068
msgid ""
19069
"They are available in the main repository. This section explains how to "
19070
"install and configure these database servers."
19071
msgstr ""
19072
19073
#: serverguide/C/databases.xml:32(para)
19074
msgid ""
19075
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
19076
"It is intended for mission-critical, heavy-load production systems as well "
19077
"as for embedding into mass-deployed software."
19078
msgstr ""
19079
19080
#: serverguide/C/databases.xml:41(para)
19081
msgid "To install MySQL, run the following command from a terminal prompt:"
19082
msgstr ""
19083
19084
#: serverguide/C/databases.xml:46(command)
19085
msgid "sudo apt-get install mysql-server"
19086
msgstr ""
19087
19088
#: serverguide/C/databases.xml:48(para)
19089
msgid ""
19090
"During the installation process you will be prompted to enter a password for "
19091
"the <application>MySQL</application> root user."
19092
msgstr ""
19093
19094
#: serverguide/C/databases.xml:53(para)
19095
msgid ""
19096
"Once the installation is complete, the MySQL server should be started "
19097
"automatically. You can run the following command from a terminal prompt to "
19098
"check whether the MySQL server is running:"
19099
msgstr ""
19100
19101
#: serverguide/C/databases.xml:61(command)
19102
msgid "sudo netstat -tap | grep mysql"
19103
msgstr ""
19104
19105
#: serverguide/C/databases.xml:70(programlisting)
19106
#, no-wrap
19107
msgid ""
19108
"\n"
19109
"tcp 0 0 localhost:mysql *:* LISTEN "
19110
" 2556/mysqld\n"
19111
msgstr ""
19112
19113
#: serverguide/C/databases.xml:74(para)
19114
msgid ""
19115
"If the server is not running correctly, you can type the following command "
19116
"to start it:"
19117
msgstr ""
19118
19119
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
19120
msgid "sudo /etc/init.d/mysql restart"
19121
msgstr ""
19122
19123
#: serverguide/C/databases.xml:85(para)
19124
msgid ""
19125
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
19126
"the basic settings -- log file, port number, etc. For example, to configure "
19127
"<application>MySQL</application> to listen for connections from network "
19128
"hosts, change the <emphasis>bind_address</emphasis> directive to the "
19129
"server's IP address:"
19130
msgstr ""
19131
19132
#: serverguide/C/databases.xml:91(programlisting)
19133
#, no-wrap
19134
msgid ""
19135
"\n"
19136
"bind-address = 192.168.0.5\n"
19137
msgstr ""
19138
19139
#: serverguide/C/databases.xml:95(para)
19140
msgid "Replace 192.168.0.5 with the appropriate address."
19141
msgstr ""
19142
19143
#: serverguide/C/databases.xml:99(para)
19144
msgid ""
19145
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
19146
"<application>mysql</application> daemon will need to be restarted:"
19147
msgstr ""
19148
19149
#: serverguide/C/databases.xml:107(para)
19150
msgid ""
19151
"If you would like to change the "
19152
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
19153
"terminal enter:"
19154
msgstr ""
19155
19156
#: serverguide/C/databases.xml:113(command)
19157
msgid "sudo dpkg-reconfigure mysql-server-5.0"
19158
msgstr ""
19159
19160
#: serverguide/C/databases.xml:116(para)
19161
msgid ""
19162
"The <application>mysql</application> daemon will be stopped, and you will be "
19163
"prompted to enter a new password."
19164
msgstr ""
19165
19166
#: serverguide/C/databases.xml:125(para)
19167
msgid ""
19168
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
19169
"more information."
19170
msgstr ""
19171
19172
#: serverguide/C/databases.xml:130(para)
19173
msgid ""
19174
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
19175
"<application>mysql-doc-5.0</application> package. To install the package "
19176
"enter the following in a terminal:"
19177
msgstr ""
19178
19179
#: serverguide/C/databases.xml:135(command)
19180
msgid "sudo apt-get install mysql-doc-5.0"
19181
msgstr ""
19182
19183
#: serverguide/C/databases.xml:137(para)
19184
msgid ""
19185
"The documentation is in HTML format, to view them enter "
19186
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
19187
"chapter/index.html</command> in your browser's address bar."
19188
msgstr ""
19189
19190
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:285(para)
19191
msgid ""
19192
"For general SQL information see <ulink "
19193
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
19194
"Special Edition</ulink> by Rafe Colburn."
19195
msgstr ""
19196
19197
#: serverguide/C/databases.xml:153(para)
19198
msgid ""
19199
"PostgreSQL is an object-relational database system that has the features of "
19200
"traditional commercial database systems with enhancements to be found in "
19201
"next-generation DBMS systems."
19202
msgstr ""
19203
19204
#: serverguide/C/databases.xml:160(para)
19205
msgid ""
19206
"To install PostgreSQL, run the following command in the command prompt:"
19207
msgstr ""
19208
19209
#: serverguide/C/databases.xml:167(command)
19210
msgid "sudo apt-get install postgresql"
19211
msgstr ""
19212
19213
#: serverguide/C/databases.xml:171(para)
19214
msgid ""
19215
"Once the installation is complete, you should configure the PostgreSQL "
19216
"server based on your needs, although the default configuration is viable."
19217
msgstr ""
19218
19219
#: serverguide/C/databases.xml:179(para)
19220
msgid ""
19221
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
19222
"client authentication methods. By default, IDENT authentication method is "
19223
"used for <application>postgres</application> and local users. Please refer "
19224
"<ulink url=\"http://www.postgresql.org/docs/8.3/static/admin.html\"> the "
19225
"PostgreSQL Administrator's Guide</ulink>."
19226
msgstr ""
19227
19228
#: serverguide/C/databases.xml:186(para)
19229
msgid ""
19230
"The following discussion assumes that you wish to enable TCP/IP connections "
19231
"and use the MD5 method for client authentication. PostgreSQL configuration "
19232
"files are stored in the "
19233
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
19234
"example, if you install PostgreSQL 8.3, the configuration files are stored "
19235
"in the <filename>/etc/postgresql/8.3/main</filename> directory."
19236
msgstr ""
19237
19238
#: serverguide/C/databases.xml:196(para)
19239
msgid ""
19240
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
19241
"<filename>/etc/postgresql/8.3/main/pg_ident.conf</filename> file."
19242
msgstr ""
19243
19244
#: serverguide/C/databases.xml:203(para)
19245
msgid ""
19246
"To enable TCP/IP connections, edit the file "
19247
"<filename>/etc/postgresql/8.3/main/postgresql.conf</filename>"
19248
msgstr ""
19249
19250
#: serverguide/C/databases.xml:205(para)
19251
msgid ""
19252
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
19253
"change it to:"
19254
msgstr ""
19255
19256
#: serverguide/C/databases.xml:208(programlisting)
19257
#, no-wrap
19258
msgid ""
19259
"\n"
19260
"listen_addresses = 'localhost'\n"
19261
msgstr ""
19262
19263
#: serverguide/C/databases.xml:212(para)
19264
msgid ""
19265
"To allow other computers to connect to your "
19266
"<application>PostgreSQL</application> server replace 'localhost' with the "
19267
"<emphasis>IP Address</emphasis> of your server."
19268
msgstr ""
19269
19270
#: serverguide/C/databases.xml:217(para)
19271
msgid ""
19272
"You may also edit all other parameters, if you know what you are doing! For "
19273
"details, refer to the configuration file or to the PostgreSQL documentation."
19274
msgstr ""
19275
19276
#: serverguide/C/databases.xml:222(para)
19277
msgid ""
19278
"Now that we can connect to our <application>PostgreSQL</application> server, "
19279
"the next step is to set a password for the <emphasis>postgres</emphasis> "
19280
"user. Run the following command at a terminal prompt to connect to the "
19281
"default PostgreSQL template database:"
19282
msgstr ""
19283
19284
#: serverguide/C/databases.xml:229(command)
19285
msgid "sudo -u postgres psql template1"
19286
msgstr ""
19287
19288
#: serverguide/C/databases.xml:231(para)
19289
msgid ""
19290
"The above command connects to PostgreSQL database "
19291
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
19292
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
19293
"run the following SQL command at the <application>psql</application> prompt "
19294
"to configure the password for the user <emphasis "
19295
"role=\"italics\">postgres</emphasis>."
19296
msgstr ""
19297
19298
#: serverguide/C/databases.xml:239(command)
19299
msgid "ALTER USER postgres with encrypted password 'your_password';"
19300
msgstr ""
19301
19302
#: serverguide/C/databases.xml:241(para)
19303
msgid ""
19304
"After configuring the password, edit the file "
19305
"<filename>/etc/postgresql/8.3/main/pg_hba.conf</filename> to use "
19306
"<emphasis>MD5</emphasis> authentication with the "
19307
"<emphasis>postgres</emphasis> user:"
19308
msgstr ""
19309
19310
#: serverguide/C/databases.xml:247(programlisting)
19311
#, no-wrap
19312
msgid ""
19313
"\n"
19314
"local all postgres md5 sameuser\n"
19315
msgstr ""
19316
19317
#: serverguide/C/databases.xml:251(para)
19318
msgid ""
19319
"Finally, you should restart the <application>PostgreSQL</application> "
19320
"service to initialize the new configuration. From a terminal prompt enter "
19321
"the following to restart <application>PostgreSQL</application>:"
19322
msgstr ""
19323
19324
#: serverguide/C/databases.xml:257(command)
19325
msgid "sudo /etc/init.d/postgresql-8.3 restart"
19326
msgstr ""
19327
19328
#: serverguide/C/databases.xml:260(para)
19329
msgid ""
19330
"The above configuration is not complete by any means. Please refer <ulink "
19331
"url=\"http://www.postgresql.org/docs/8.3/static/admin.html\"> the PostgreSQL "
19332
"Administrator's Guide</ulink> to configure more parameters."
19333
msgstr ""
19334
19335
#: serverguide/C/databases.xml:271(para)
19336
msgid ""
19337
"As mentioned above the <ulink "
19338
"url=\"http://www.postgresql.org/docs/8.3/static/admin.html\">Administrator's "
19339
"Guide</ulink> is an excellent resource. The guide is also available in the "
19340
"<application>postgresql-doc-8.3</application> package. Execute the following "
19341
"in a terminal to install the package:"
19342
msgstr ""
19343
19344
#: serverguide/C/databases.xml:277(command)
19345
msgid "sudo apt-get install postgresql-doc-8.3"
19346
msgstr ""
19347
19348
#: serverguide/C/databases.xml:279(para)
19349
msgid ""
19350
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
19351
"8.3/html/index.html</command> into the address bar of your browser."
19352
msgstr ""
19353
19354
#: serverguide/C/clustering.xml:13(title)
19355
msgid "Clustering"
19356
msgstr ""
19357
19358
#: serverguide/C/clustering.xml:16(title)
19359
msgid "DRBD"
19360
msgstr ""
19361
19362
#: serverguide/C/clustering.xml:18(para)
19363
msgid ""
19364
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
19365
"multiple hosts. The replication is transparent to other applications on the "
19366
"host systems. Any block device hard disks, partitions, RAID devices, logical "
19367
"volumes, etc can be mirrored."
19368
msgstr ""
19369
19370
#: serverguide/C/clustering.xml:24(para)
19371
msgid ""
19372
"To get started using <application>drbd</application>, first install the "
19373
"necessary packages. From a terminal enter:"
19374
msgstr ""
19375
19376
#: serverguide/C/clustering.xml:29(command)
19377
msgid "sudo apt-get install drbd8-utils"
19378
msgstr ""
19379
19380
#: serverguide/C/clustering.xml:32(para)
19381
msgid ""
19382
"This section covers setting up a <application>drbd</application> to "
19383
"replicate a separate <filename>/srv</filename> partition, with an "
19384
"<application>ext3</application> filesystem between two hosts. The partition "
19385
"size is not particularly relevant, but both partitions need to be the same "
19386
"size."
19387
msgstr ""
19388
19389
#: serverguide/C/clustering.xml:41(para)
19390
msgid ""
19391
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
19392
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
19393
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
19394
"See <xref linkend=\"dns\"/> for details."
19395
msgstr ""
19396
19397
#: serverguide/C/clustering.xml:49(para)
19398
msgid ""
19399
"To configure <application>drbd</application>, on the first host edit "
19400
"<filename>/etc/drbd.conf</filename>:"
19401
msgstr ""
19402
19403
#: serverguide/C/clustering.xml:53(programlisting)
19404
#, no-wrap
19405
msgid ""
19406
"\n"
19407
"global { usage-count no; }\n"
19408
"common { syncer { rate 100M; } }\n"
19409
"resource r0 {\n"
19410
" protocol C;\n"
19411
" startup {\n"
19412
" wfc-timeout 15;\n"
19413
" degr-wfc-timeout 60;\n"
19414
" }\n"
19415
" net {\n"
19416
" cram-hmac-alg sha1;\n"
19417
" shared-secret \"secret\";\n"
19418
" allow-two-primaries;\n"
19419
" }\n"
19420
" on drbd01 {\n"
19421
" device /dev/drbd0;\n"
19422
" disk /dev/sdb1;\n"
19423
" address 192.168.0.1:7788;\n"
19424
" meta-disk internal;\n"
19425
" }\n"
19426
" on drbd02 {\n"
19427
" device /dev/drbd0;\n"
19428
" disk /dev/sdb1;\n"
19429
" address 192.168.0.2:7788;\n"
19430
" meta-disk internal;\n"
19431
" }\n"
19432
"} \n"
19433
msgstr ""
19434
19435
#: serverguide/C/clustering.xml:83(para)
19436
msgid ""
19437
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
19438
"this example their default values are fine."
19439
msgstr ""
19440
19441
#: serverguide/C/clustering.xml:91(para)
19442
msgid "Now copy <filename>/etc/drbd.conf</filename> to the second host:"
19443
msgstr ""
19444
19445
#: serverguide/C/clustering.xml:96(command)
19446
msgid "scp /etc/drbd.conf drbd02:~"
19447
msgstr ""
19448
19449
#: serverguide/C/clustering.xml:102(para)
19450
msgid ""
19451
"And, on <emphasis>drbd02</emphasis> move the file to "
19452
"<filename>/etc</filename>:"
19453
msgstr ""
19454
19455
#: serverguide/C/clustering.xml:107(command)
19456
msgid "sudo mv drbd.conf /etc/"
19457
msgstr ""
19458
19459
#: serverguide/C/clustering.xml:113(para)
19460
msgid ""
19461
"Next, on both hosts, start the <application>drbd</application> daemon:"
19462
msgstr ""
19463
19464
#: serverguide/C/clustering.xml:118(command)
19465
msgid "sudo /etc/init.d/drbd start"
19466
msgstr ""
19467
19468
#: serverguide/C/clustering.xml:124(para)
19469
msgid ""
19470
"Now using the <application>drbdadm</application> utility initialize the meta "
19471
"data storage. On each server execute:"
19472
msgstr ""
19473
19474
#: serverguide/C/clustering.xml:130(command)
19475
msgid "sudo drbdadm create-md r0"
19476
msgstr ""
19477
19478
#: serverguide/C/clustering.xml:136(para)
19479
msgid ""
19480
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
19481
"primary, enter the following:"
19482
msgstr ""
19483
19484
#: serverguide/C/clustering.xml:141(command)
19485
msgid "sudo drbdadm -- --overwrite-data-of-peer primary all"
19486
msgstr ""
19487
19488
#: serverguide/C/clustering.xml:147(para)
19489
msgid ""
19490
"After executing the above command, the data will start syncing with the "
19491
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
19492
"the following:"
19493
msgstr ""
19494
19495
#: serverguide/C/clustering.xml:153(command)
19496
msgid "watch -n1 cat /proc/drbd"
19497
msgstr ""
19498
19499
#: serverguide/C/clustering.xml:156(para)
19500
msgid "To stop watching the output press <emphasis>Ctrl+c</emphasis>."
19501
msgstr ""
19502
19503
#: serverguide/C/clustering.xml:163(para)
19504
msgid ""
19505
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
19506
msgstr ""
19507
19508
#: serverguide/C/clustering.xml:168(command)
19509
msgid "sudo mkfs.ext3 /dev/drbd0"
19510
msgstr ""
19511
19512
#: serverguide/C/clustering.xml:169(command) serverguide/C/clustering.xml:217(command)
19513
msgid "sudo mount /dev/drbd0 /srv"
19514
msgstr ""
19515
19516
#: serverguide/C/clustering.xml:179(para)
19517
msgid ""
19518
"To test that the data is actually syncing between the hosts copy some files "
19519
"on the <emphasis>drbd01</emphasis>, the primary, to "
19520
"<filename>/srv</filename>:"
19521
msgstr ""
19522
19523
#: serverguide/C/clustering.xml:188(para)
19524
msgid "Next, unmount <filename>/srv</filename>:"
19525
msgstr ""
19526
19527
#: serverguide/C/clustering.xml:196(para)
19528
msgid ""
19529
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
19530
"<emphasis>secondary</emphasis> role:"
19531
msgstr ""
19532
19533
#: serverguide/C/clustering.xml:201(command)
19534
msgid "sudo drbdadm secondary r0"
19535
msgstr ""
19536
19537
#: serverguide/C/clustering.xml:204(para)
19538
msgid ""
19539
"Now on the the <emphasis>secondary</emphasis> server "
19540
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
19541
msgstr ""
19542
19543
#: serverguide/C/clustering.xml:209(command)
19544
msgid "sudo drbdadm primary r0"
19545
msgstr ""
19546
19547
#: serverguide/C/clustering.xml:212(para)
19548
msgid "Lastly, mount the partition:"
19549
msgstr ""
19550
19551
#: serverguide/C/clustering.xml:220(para)
19552
msgid ""
19553
"Using <emphasis>ls</emphasis> you should see "
19554
"<filename>/srv/default</filename> copied from the former "
19555
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
19556
msgstr ""
19557
19558
#: serverguide/C/clustering.xml:231(para)
19559
msgid ""
19560
"For more information on <application>DRBD</application> see the <ulink "
19561
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
19562
msgstr ""
19563
19564
#: serverguide/C/clustering.xml:236(para)
19565
msgid ""
19566
"The <ulink "
19567
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">d"
19568
"rbd.conf man page</ulink> contains details on the options not covered in "
19569
"this guide."
19570
msgstr ""
19571
19572
#: serverguide/C/clustering.xml:242(para)
19573
msgid ""
19574
"Also, see the <ulink "
19575
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drb"
19576
"dadm man page</ulink>."
19577
msgstr ""
19578
19579
#: serverguide/C/backups.xml:13(title)
19580
msgid "Backups"
19581
msgstr ""
19582
19583
#: serverguide/C/backups.xml:14(para)
19584
msgid ""
19585
"There are many ways to backup an Ubuntu installation. The most important "
19586
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
19587
"consisting of what to backup, where to back it up to, and how to restore it."
19588
msgstr ""
19589
19590
#: serverguide/C/backups.xml:18(para)
19591
msgid ""
19592
"The following sections discuss various ways of accomplishing these tasks."
19593
msgstr ""
19594
19595
#: serverguide/C/backups.xml:22(title)
19596
msgid "Shell Scripts"
19597
msgstr ""
19598
19599
#: serverguide/C/backups.xml:23(para)
19600
msgid ""
19601
"One of the simplest ways to backup a system is using a <emphasis>shell "
19602
"script</emphasis>. For example, a script can be used to configure which "
19603
"directories to backup, and use those directories as arguments to the "
19604
"<application>tar</application> utility creating an archive file. The archive "
19605
"file can then be moved or copied to another location. The archive can also "
19606
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
19607
msgstr ""
19608
19609
#: serverguide/C/backups.xml:29(para)
19610
msgid ""
19611
"The <application>tar</application> utility creates one archive file out of "
19612
"many files or directories. <application>tar</application> can also filter "
19613
"the files through compression utilities reducing the size of the archive "
19614
"file."
19615
msgstr ""
19616
19617
#: serverguide/C/backups.xml:35(title)
19618
msgid "Simple Shell Script"
19619
msgstr ""
19620
19621
#: serverguide/C/backups.xml:36(para)
19622
msgid ""
19623
"The following shell script uses <application>tar</application> to create an "
19624
"archive file on a remotely mounted NFS file system. The archive filename is "
19625
"determined using additional command line utilities."
19626
msgstr ""
19627
19628
#: serverguide/C/backups.xml:40(programlisting)
19629
#, no-wrap
19630
msgid ""
19631
"\n"
19632
"#!/bin/sh\n"
19633
"####################################\n"
19634
"#\n"
19635
"# Backup to NFS mount script.\n"
19636
"#\n"
19637
"####################################\n"
19638
"\n"
19639
"# What to backup. \n"
19640
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
19641
"\n"
19642
"# Where to backup to.\n"
19643
"dest=\"/mnt/backup\"\n"
19644
"\n"
19645
"# Create archive filename.\n"
19646
"day=$(date +%A)\n"
19647
"hostname=$(hostname -s)\n"
19648
"archive_file=\"$hostname-$day.tgz\"\n"
19649
"\n"
19650
"# Print start status message.\n"
19651
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
19652
"date\n"
19653
"echo\n"
19654
"\n"
19655
"# Backup the files using tar.\n"
19656
"tar czf $dest/$archive_file $backup_files\n"
19657
"\n"
19658
"# Print end status message.\n"
19659
"echo\n"
19660
"echo \"Backup finished\"\n"
19661
"date\n"
19662
"\n"
19663
"# Long listing of files in $dest to check file sizes.\n"
19664
"ls -lh $dest\n"
19665
msgstr ""
19666
19667
#: serverguide/C/backups.xml:77(para)
19668
msgid ""
19669
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
19670
"would like to backup. The list should be customized to fit your needs."
19671
msgstr ""
19672
19673
#: serverguide/C/backups.xml:83(para)
19674
msgid ""
19675
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
19676
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
19677
"day of the week, giving a backup history of seven days. There are other ways "
19678
"to accomplish this including other ways using the "
19679
"<application>date</application> utility."
19680
msgstr ""
19681
19682
#: serverguide/C/backups.xml:90(para)
19683
msgid ""
19684
"<emphasis>$hostname:</emphasis> variable containing the "
19685
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
19686
"archive filename gives you the option of placing daily archive files from "
19687
"multiple systems in the same directory."
19688
msgstr ""
19689
19690
#: serverguide/C/backups.xml:97(para)
19691
msgid "<emphasis>$archive_file:</emphasis> the full archive filename."
19692
msgstr ""
19693
19694
#: serverguide/C/backups.xml:102(para)
19695
msgid ""
19696
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
19697
"needs to be created and in this case <emphasis>mounted</emphasis> before "
19698
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
19699
"details using <emphasis>NFS</emphasis>."
19700
msgstr ""
19701
19702
#: serverguide/C/backups.xml:109(para)
19703
msgid ""
19704
"<emphasis>status messages:</emphasis> optional messages printed to the "
19705
"console using the <application>echo</application> utility."
19706
msgstr ""
19707
19708
#: serverguide/C/backups.xml:115(para)
19709
msgid ""
19710
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
19711
"<application>tar</application> command used to create the archive file."
19712
msgstr ""
19713
19714
#: serverguide/C/backups.xml:121(para)
19715
msgid "<emphasis>c:</emphasis> creates an archive."
19716
msgstr ""
19717
19718
#: serverguide/C/backups.xml:126(para)
19719
msgid ""
19720
"<emphasis>z:</emphasis> filter the archive through the "
19721
"<application>gzip</application> utility compressing the archive."
19722
msgstr ""
19723
19724
#: serverguide/C/backups.xml:131(para)
19725
msgid ""
19726
"<emphasis>f:</emphasis> use archive file. Otherwise the "
19727
"<application>tar</application> output will be sent to STDOUT."
19728
msgstr ""
19729
19730
#: serverguide/C/backups.xml:138(para)
19731
msgid ""
19732
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
19733
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
19734
"of the destination directory. This is useful for a quick file size check of "
19735
"the archive file. This check should not replace testing the archive file."
19736
msgstr ""
19737
19738
#: serverguide/C/backups.xml:145(para)
19739
msgid ""
19740
"This is a simple example of a backup shell script. There are large amount of "
19741
"options that can be included in a backup script. See <xref linkend=\"backup-"
19742
"shellscript-references\"/> for links to resources providing more in depth "
19743
"shell scripting information."
19744
msgstr ""
19745
19746
#: serverguide/C/backups.xml:152(title)
19747
msgid "Executing the Script"
19748
msgstr ""
19749
19750
#: serverguide/C/backups.xml:154(title)
19751
msgid "Executing from a Terminal"
19752
msgstr ""
19753
19754
#: serverguide/C/backups.xml:155(para)
19755
msgid ""
19756
"The simplest way of executing the above backup script is to copy and paste "
19757
"the contents into a file. <filename>backup.sh</filename> for example. Then "
19758
"from a terminal prompt:"
19759
msgstr ""
19760
19761
#: serverguide/C/backups.xml:160(command)
19762
msgid "sudo bash backup.sh"
19763
msgstr ""
19764
19765
#: serverguide/C/backups.xml:162(para)
19766
msgid ""
19767
"This is a great way to test the script to make sure everything works as "
19768
"expected."
19769
msgstr ""
19770
19771
#: serverguide/C/backups.xml:167(title)
19772
msgid "Executing with cron"
19773
msgstr ""
19774
19775
#: serverguide/C/backups.xml:168(para)
19776
msgid ""
19777
"The <application>cron</application> utility can be used to automate the "
19778
"script execution. The <application>cron</application> daemon allows the "
19779
"execution of scripts, or commands, at a specified time and date."
19780
msgstr ""
19781
19782
#: serverguide/C/backups.xml:172(para)
19783
msgid ""
19784
"<application>cron</application> is configured through entries in a "
19785
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
19786
"separated into fields:"
19787
msgstr ""
19788
19789
#: serverguide/C/backups.xml:176(programlisting)
19790
#, no-wrap
19791
msgid ""
19792
"\n"
19793
"# m h dom mon dow command\n"
19794
msgstr ""
19795
19796
#: serverguide/C/backups.xml:181(para)
19797
msgid ""
19798
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
19799
msgstr ""
19800
19801
#: serverguide/C/backups.xml:186(para)
19802
msgid ""
19803
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
19804
msgstr ""
19805
19806
#: serverguide/C/backups.xml:191(para)
19807
msgid "<emphasis>dom:</emphasis> day of month the command executes on."
19808
msgstr ""
19809
19810
#: serverguide/C/backups.xml:196(para)
19811
msgid ""
19812
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
19813
msgstr ""
19814
19815
#: serverguide/C/backups.xml:201(para)
19816
msgid ""
19817
"<emphasis>dow:</emphasis> the day of the week the command executes on "
19818
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
19819
"valid."
19820
msgstr ""
19821
19822
#: serverguide/C/backups.xml:206(para)
19823
msgid "<emphasis>command:</emphasis> the command to execute."
19824
msgstr ""
19825
19826
#: serverguide/C/backups.xml:211(para)
19827
msgid ""
19828
"To add or change entries in a <filename>crontab</filename> file the "
19829
"<application>crontab -e</application> command should be used. Also, the "
19830
"contents of a <filename>crontab</filename> file can be viewed using the "
19831
"<application>crontab -l</application> command."
19832
msgstr ""
19833
19834
#: serverguide/C/backups.xml:215(para)
19835
msgid ""
19836
"To execute the <application>backup.sh</application> script listed above "
19837
"using <application>cron</application>. Enter the following from a terminal "
19838
"prompt:"
19839
msgstr ""
19840
19841
#: serverguide/C/backups.xml:220(command)
19842
msgid "sudo crontab -e"
19843
msgstr ""
19844
19845
#: serverguide/C/backups.xml:223(para)
19846
msgid ""
19847
"Using <application>sudo</application> with the <application>crontab -"
19848
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
19849
"This is necessary if you are backing up directories only the root user has "
19850
"access to."
19851
msgstr ""
19852
19853
#: serverguide/C/backups.xml:228(para)
19854
msgid "Add the following entry to the <filename>crontab</filename> file:"
19855
msgstr ""
19856
19857
#: serverguide/C/backups.xml:231(programlisting)
19858
#, no-wrap
19859
msgid ""
19860
"\n"
19861
"# m h dom mon dow command\n"
19862
"0 0 * * * bash /usr/local/bin/backup.sh\n"
19863
msgstr ""
19864
19865
#: serverguide/C/backups.xml:235(para)
19866
msgid ""
19867
"The <application>backup.sh</application> script will now be executed every "
19868
"day at 12:00 am."
19869
msgstr ""
19870
19871
#: serverguide/C/backups.xml:239(para)
19872
msgid ""
19873
"The <application>backup.sh</application> script will need to be copied to "
19874
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
19875
"to execute properly. The script can reside anywhere on the file system "
19876
"simply change the script path appropriately."
19877
msgstr ""
19878
19879
#: serverguide/C/backups.xml:244(para)
19880
msgid ""
19881
"For more in depth <application>crontab</application> options see <xref "
19882
"linkend=\"backup-shellscript-references\"/>."
19883
msgstr ""
19884
19885
#: serverguide/C/backups.xml:250(title)
19886
msgid "Restoring from the Archive"
19887
msgstr ""
19888
19889
#: serverguide/C/backups.xml:251(para)
19890
msgid ""
19891
"Once an archive has been created it is important to test the archive. The "
19892
"archive can be tested by listing the files it contains, but the best test is "
19893
"to <emphasis>restore</emphasis> a file from the archive."
19894
msgstr ""
19895
19896
#: serverguide/C/backups.xml:257(para)
19897
msgid "To see a listing of the archive contents. From a terminal prompt:"
19898
msgstr ""
19899
19900
#: serverguide/C/backups.xml:261(command)
19901
msgid "tar -tzvf /mnt/backup/host-Monday.tgz"
19902
msgstr ""
19903
19904
#: serverguide/C/backups.xml:265(para)
19905
msgid "To restore a file from the archive to a different directory enter:"
19906
msgstr ""
19907
19908
#: serverguide/C/backups.xml:269(command)
19909
msgid "tar -xzvf /mnt/backup/host-Monday.tgz -C /tmp etc/hosts"
19910
msgstr ""
19911
19912
#: serverguide/C/backups.xml:271(para)
19913
msgid ""
19914
"The <emphasis>-C</emphasis> option to <application>tar</application> "
19915
"redirects the extracted files to the specified directory. The above example "
19916
"will extract the <filename>/etc/hosts</filename> file to "
19917
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
19918
"recreates the directory structure that it contains."
19919
msgstr ""
19920
19921
#: serverguide/C/backups.xml:276(para)
19922
msgid ""
19923
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
19924
"the file to restore."
19925
msgstr ""
19926
19927
#: serverguide/C/backups.xml:281(para)
19928
msgid "To restore all files in the archive enter the following:"
19929
msgstr ""
19930
19931
#: serverguide/C/backups.xml:285(command)
19932
msgid "cd /"
19933
msgstr ""
19934
19935
#: serverguide/C/backups.xml:286(command)
19936
msgid "sudo tar -xzvf /mnt/backup/host-Monday.tgz"
19937
msgstr ""
19938
19939
#: serverguide/C/backups.xml:291(para)
19940
msgid "This will overwrite the files currently on the file system."
19941
msgstr ""
19942
19943
#: serverguide/C/backups.xml:300(para)
19944
msgid ""
19945
"For more information on shell scripting see the <ulink "
19946
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
19947
msgstr ""
19948
19949
#: serverguide/C/backups.xml:305(para)
19950
msgid ""
19951
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
19952
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
19953
"great resource for shell scripting."
19954
msgstr ""
19955
19956
#: serverguide/C/backups.xml:311(para)
19957
msgid ""
19958
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
19959
"Wiki Page</ulink> contains details on advanced "
19960
"<application>cron</application> options."
19961
msgstr ""
19962
19963
#: serverguide/C/backups.xml:318(para)
19964
msgid ""
19965
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
19966
"tar Manual</ulink> for more <application>tar</application> options."
19967
msgstr ""
19968
19969
#: serverguide/C/backups.xml:324(para)
19970
msgid ""
19971
"The Wikipedia <ulink "
19972
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
19973
"Scheme</ulink> article contains information on other backup rotation schemes."
19974
msgstr ""
19975
19976
#: serverguide/C/backups.xml:330(para)
19977
msgid ""
19978
"The shell script uses <application>tar</application> to create the archive, "
19979
"but there many other command line utilities that can be used. For example:"
19980
msgstr ""
19981
19982
#: serverguide/C/backups.xml:336(para)
19983
msgid ""
19984
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
19985
"files to and from archives."
19986
msgstr ""
19987
19988
#: serverguide/C/backups.xml:341(para)
19989
msgid ""
19990
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
19991
"the <application>coreutils</application> package. A low level utility that "
19992
"can copy data from one format to another"
19993
msgstr ""
19994
19995
#: serverguide/C/backups.xml:347(para)
19996
msgid ""
19997
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
19998
"snap shot utility used to create copies of an entire file system."
19999
msgstr ""
20000
20001
#: serverguide/C/backups.xml:358(title)
20002
msgid "Archive Rotation"
20003
msgstr ""
20004
20005
#: serverguide/C/backups.xml:359(para)
20006
msgid ""
20007
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
20008
"allows for seven different archives. For a server whose data doesn't change "
20009
"often this may be enough. If the server has a large amount of data a more "
20010
"robust rotation scheme should be used."
20011
msgstr ""
20012
20013
#: serverguide/C/backups.xml:365(title)
20014
msgid "Rotating NFS Archives"
20015
msgstr ""
20016
20017
#: serverguide/C/backups.xml:366(para)
20018
msgid ""
20019
"In this section the shell script will be slightly modified to implement a "
20020
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
20021
msgstr ""
20022
20023
#: serverguide/C/backups.xml:372(para)
20024
msgid ""
20025
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
20026
"Friday."
20027
msgstr ""
20028
20029
#: serverguide/C/backups.xml:377(para)
20030
msgid ""
20031
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
20032
"weekly backups a month."
20033
msgstr ""
20034
20035
#: serverguide/C/backups.xml:382(para)
20036
msgid ""
20037
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
20038
"rotating two monthly backups based on if the month is odd or even."
20039
msgstr ""
20040
20041
#: serverguide/C/backups.xml:388(para)
20042
msgid "Here is the new script:"
20043
msgstr ""
20044
20045
#: serverguide/C/backups.xml:391(programlisting)
20046
#, no-wrap
20047
msgid ""
20048
"\n"
20049
"#!/bin/bash\n"
20050
"####################################\n"
20051
"#\n"
20052
"# Backup to NFS mount script with\n"
20053
"# grandfather-father-son rotation.\n"
20054
"#\n"
20055
"####################################\n"
20056
"\n"
20057
"# What to backup. \n"
20058
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
20059
"\n"
20060
"# Where to backup to.\n"
20061
"dest=\"/mnt/backup\"\n"
20062
"\n"
20063
"# Setup variables for the archive filename.\n"
20064
"day=$(date +%A)\n"
20065
"hostname=$(hostname -s)\n"
20066
"\n"
20067
"# Find which week of the month 1-4 it is.\n"
20068
"day_num=$(date +%d)\n"
20069
"if (( $day_num <= 7 )); then\n"
20070
" week_file=\"$hostname-week1.tgz\"\n"
20071
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
20072
" week_file=\"$hostname-week2.tgz\"\n"
20073
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
20074
" week_file=\"$hostname-week3.tgz\"\n"
20075
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
20076
" week_file=\"$hostname-week4.tgz\"\n"
20077
"fi\n"
20078
"\n"
20079
"# Find if the Month is odd or even.\n"
20080
"month_num=$(date +%m)\n"
20081
"month=$(expr $month_num % 2)\n"
20082
"if [ $month -eq 0 ]; then\n"
20083
" month_file=\"$hostname-month2.tgz\"\n"
20084
"else\n"
20085
" month_file=\"$hostname-month1.tgz\"\n"
20086
"fi\n"
20087
"\n"
20088
"# Create archive filename.\n"
20089
"if [ $day_num == 1 ]; then\n"
20090
"\tarchive_file=$month_file\n"
20091
"elif [ $day != \"Saturday\" ]; then\n"
20092
" archive_file=\"$hostname-$day.tgz\"\n"
20093
"else \n"
20094
"\tarchive_file=$week_file\n"
20095
"fi\n"
20096
"\n"
20097
"# Print start status message.\n"
20098
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
20099
"date\n"
20100
"echo\n"
20101
"\n"
20102
"# Backup the files using tar.\n"
20103
"tar czf $dest/$archive_file $backup_files\n"
20104
"\n"
20105
"# Print end status message.\n"
20106
"echo\n"
20107
"echo \"Backup finished\"\n"
20108
"date\n"
20109
"\n"
20110
"# Long listing of files in $dest to check file sizes.\n"
20111
"ls -lh $dest/\n"
20112
msgstr ""
20113
20114
#: serverguide/C/backups.xml:456(para)
20115
msgid ""
20116
"The script can be executed using the same methods as in <xref "
20117
"linkend=\"backup-executing-shellscript\"/>."
20118
msgstr ""
20119
20120
#: serverguide/C/backups.xml:459(para)
20121
msgid ""
20122
"It is good practice to take backup media off site in case of a disaster. In "
20123
"the shell script example the backup media is another server providing an NFS "
20124
"share. In all likelihood taking the NFS server to another location would not "
20125
"be practical. Depending upon connection speeds it may be an option to copy "
20126
"the archive file over a WAN link to a server in another location."
20127
msgstr ""
20128
20129
#: serverguide/C/backups.xml:465(para)
20130
msgid ""
20131
"Another option is to copy the archive file to an external hard drive which "
20132
"can then be taken off site. Since the price of external hard drives continue "
20133
"to decrease it may be cost affective to use two drives for each archive "
20134
"level. This would allow you to have one external drive attached to the "
20135
"backup server and one in another location."
20136
msgstr ""
20137
20138
#: serverguide/C/backups.xml:472(title)
20139
msgid "Tape Drives"
20140
msgstr ""
20141
20142
#: serverguide/C/backups.xml:473(para)
20143
msgid ""
20144
"A tape drive attached to the server can be used instead of a NFS share. "
20145
"Using a tape drive simplifies archive rotation, and taking the media off "
20146
"site as well."
20147
msgstr ""
20148
20149
#: serverguide/C/backups.xml:477(para)
20150
msgid ""
20151
"When using a tape drive the filename portions of the script aren't needed "
20152
"because the date is sent directly to the tape device. Some commands to "
20153
"manipulate the tape are needed. This is accomplished using "
20154
"<application>mt</application>, a magnetic tape control utility part of the "
20155
"<application>cpio</application> package."
20156
msgstr ""
20157
20158
#: serverguide/C/backups.xml:482(para)
20159
msgid "Here is the shell script modified to use a tape drive:"
20160
msgstr ""
20161
20162
#: serverguide/C/backups.xml:485(programlisting)
20163
#, no-wrap
20164
msgid ""
20165
"\n"
20166
"#!/bin/bash\n"
20167
"####################################\n"
20168
"#\n"
20169
"# Backup to tape drive script.\n"
20170
"#\n"
20171
"####################################\n"
20172
"\n"
20173
"# What to backup. \n"
20174
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
20175
"\n"
20176
"# Where to backup to.\n"
20177
"dest=\"/dev/st0\"\n"
20178
"\n"
20179
"# Print start status message.\n"
20180
"echo \"Backing up $backup_files to $dest\"\n"
20181
"date\n"
20182
"echo\n"
20183
"\n"
20184
"# Make sure the tape is rewound.\n"
20185
"mt -f $dest rewind\n"
20186
"\n"
20187
"# Backup the files using tar.\n"
20188
"tar czf $dest $backup_files\n"
20189
"\n"
20190
"# Rewind and eject the tape.\n"
20191
"mt -f $dest rewoffl\n"
20192
"\n"
20193
"# Print end status message.\n"
20194
"echo\n"
20195
"echo \"Backup finished\"\n"
20196
"date\n"
20197
msgstr ""
20198
20199
#: serverguide/C/backups.xml:519(para)
20200
msgid ""
20201
"The default device name for a SCSI tape drive is "
20202
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
20203
"system."
20204
msgstr ""
20205
20206
#: serverguide/C/backups.xml:524(para)
20207
msgid ""
20208
"Restoring from a tape drive is basically the same as restoring from a file. "
20209
"Simply rewind the tape and use the device path instead of a file path. For "
20210
"example to restore the <filename>/etc/hosts</filename> file to "
20211
"<filename>/tmp/etc/hosts</filename>:"
20212
msgstr ""
20213
20214
#: serverguide/C/backups.xml:529(command)
20215
msgid "mt -f /dev/st0 rewind"
20216
msgstr ""
20217
20218
#: serverguide/C/backups.xml:530(command)
20219
msgid "tar -xzf /dev/st0 -C /tmp etc/hosts"
20220
msgstr ""
20221
20222
#: serverguide/C/backups.xml:535(title)
20223
msgid "Bacula"
20224
msgstr ""
20225
20226
#: serverguide/C/backups.xml:536(para)
20227
msgid ""
20228
"<application>Bacula</application> is a backup program enabling you to "
20229
"backup, restore, and verify data across your network. There are Bacula "
20230
"clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
20231
"wide solution."
20232
msgstr ""
20233
20234
#: serverguide/C/backups.xml:542(para)
20235
msgid ""
20236
"<application>Bacula</application> is made up of several components and "
20237
"services used to manage which files to backup and where to back them up to:"
20238
msgstr ""
20239
20240
#: serverguide/C/backups.xml:548(para)
20241
msgid ""
20242
"<application>Bacula Director:</application> a service that controls all "
20243
"backup, restore, verify, and archive operations."
20244
msgstr ""
20245
20246
#: serverguide/C/backups.xml:553(para)
20247
msgid ""
20248
"<application>Bacula Console:</application> an application allowing "
20249
"communication with the Director. There are three versions of the Console:"
20250
msgstr ""
20251
20252
#: serverguide/C/backups.xml:558(para)
20253
msgid "Text based command line version."
20254
msgstr ""
20255
20256
#: serverguide/C/backups.xml:559(para)
20257
msgid "Gnome based GTK+ Graphical User Interface (GUI) interface."
20258
msgstr ""
20259
20260
#: serverguide/C/backups.xml:560(para)
20261
msgid "wxWidgets GUI interface."
20262
msgstr ""
20263
20264
#: serverguide/C/backups.xml:564(para)
20265
msgid ""
20266
"<application>Bacula File:</application> also known as the "
20267
"<application>Bacula Client</application> program. This application is "
20268
"installed on machines to be backed up, and is responsible for the data "
20269
"requested by the Director."
20270
msgstr ""
20271
20272
#: serverguide/C/backups.xml:570(para)
20273
msgid ""
20274
"<application>Bacula Storage:</application> the programs that perform the "
20275
"storage and recovery of data to the physical media."
20276
msgstr ""
20277
20278
#: serverguide/C/backups.xml:575(para)
20279
msgid ""
20280
"<application>Bacula Catalog:</application> is responsible for maintaining "
20281
"the file indexes and volume databases for all files backed up, enabling "
20282
"quick location and restoration of archived files. The Catalog supports three "
20283
"different databases MySQL, PostgreSQL, and SQLite."
20284
msgstr ""
20285
20286
#: serverguide/C/backups.xml:581(para)
20287
msgid ""
20288
"<application>Bacula Monitor:</application> allows the monitoring of the "
20289
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
20290
"available as a GTK+ GUI application."
20291
msgstr ""
20292
20293
#: serverguide/C/backups.xml:587(para)
20294
msgid ""
20295
"These services and applications can be run on multiple servers and clients, "
20296
"or they can be installed on one machine if backing up a single disk or "
20297
"volume."
20298
msgstr ""
20299
20300
#: serverguide/C/backups.xml:594(para)
20301
msgid ""
20302
"There are multiple packages containing the different "
20303
"<application>Bacula</application> components. To install Bacula, from a "
20304
"terminal prompt enter:"
20305
msgstr ""
20306
20307
#: serverguide/C/backups.xml:599(command)
20308
msgid "sudo apt-get install bacula"
20309
msgstr ""
20310
20311
#: serverguide/C/backups.xml:601(para)
20312
msgid ""
20313
"By default installing the <application>bacula</application> package will use "
20314
"a <application>MySQL</application> database for the Catalog. If you want to "
20315
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
20316
"director-sqlite3</application> or <application>bacula-director-"
20317
"pgsql</application> respectively."
20318
msgstr ""
20319
20320
#: serverguide/C/backups.xml:607(para)
20321
msgid ""
20322
"During the install process you will be asked to supply credentials for the "
20323
"database <emphasis>administrator</emphasis> and the "
20324
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
20325
"database administrator will need to have the appropriate rights to create a "
20326
"database, see <xref linkend=\"mysql\"/> for more information."
20327
msgstr ""
20328
20329
#: serverguide/C/backups.xml:617(para)
20330
msgid ""
20331
"<application>Bacula</application> configuration files are formatted based on "
20332
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
20333
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
20334
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
20335
"directory."
20336
msgstr ""
20337
20338
#: serverguide/C/backups.xml:622(para)
20339
msgid ""
20340
"The various <application>Bacula</application> components must authorize "
20341
"themselves to each other. This is accomplished using the "
20342
"<emphasis>password</emphasis> directive. For example, the "
20343
"<emphasis>Storage</emphasis> resource password in the "
20344
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
20345
"<emphasis>Director</emphasis> resource password in "
20346
"<filename>/etc/bacula/bacula-sd.conf</filename>."
20347
msgstr ""
20348
20349
#: serverguide/C/backups.xml:628(para)
20350
msgid ""
20351
"By default the backup job named <emphasis>Client1</emphasis> is configured "
20352
"to archive the <application>Bacula</application> Catalog. If you plan on "
20353
"using the server to backup more than one client you should change the name "
20354
"of this job to something more descriptive. To change the name edit "
20355
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
20356
msgstr ""
20357
20358
#: serverguide/C/backups.xml:633(programlisting)
20359
#, no-wrap
20360
msgid ""
20361
"\n"
20362
"#\n"
20363
"# Define the main nightly save backup job\n"
20364
"# By default, this job will back up to disk in \n"
20365
"Job {\n"
20366
" Name = \"BackupServer\"\n"
20367
" JobDefs = \"DefaultJob\"\n"
20368
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
20369
"}\n"
20370
msgstr ""
20371
20372
#: serverguide/C/backups.xml:644(para)
20373
msgid ""
20374
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
20375
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
20376
"your appropriate hostname, or other descriptive name."
20377
msgstr ""
20378
20379
#: serverguide/C/backups.xml:649(para)
20380
msgid ""
20381
"The <emphasis>Console</emphasis> can be used to query the "
20382
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
20383
"<emphasis>non-root</emphasis> user, the user needs to be in the "
20384
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
20385
"the following from a terminal:"
20386
msgstr ""
20387
20388
#: serverguide/C/backups.xml:655(command)
20389
msgid "sudo adduser $username bacula"
20390
msgstr ""
20391
20392
#: serverguide/C/backups.xml:658(para)
20393
msgid ""
20394
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
20395
"you are adding the current user to the group you should log out and back in "
20396
"for the new permissions to take effect."
20397
msgstr ""
20398
20399
#: serverguide/C/backups.xml:665(title)
20400
msgid "Localhost Backup"
20401
msgstr ""
20402
20403
#: serverguide/C/backups.xml:666(para)
20404
msgid ""
20405
"This section describes how to backup specified directories on a single host "
20406
"to a local tape drive."
20407
msgstr ""
20408
20409
#: serverguide/C/backups.xml:671(para)
20410
msgid ""
20411
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
20412
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
20413
msgstr ""
20414
20415
#: serverguide/C/backups.xml:674(programlisting)
20416
#, no-wrap
20417
msgid ""
20418
"\n"
20419
"Device {\n"
20420
" Name = \"Tape Drive\"\n"
20421
" Device Type = tape\n"
20422
" Media Type = DDS-4\n"
20423
" Archive Device = /dev/st0\n"
20424
" Hardware end of medium = No;\n"
20425
" AutomaticMount = yes; # when device opened, read it\n"
20426
" AlwaysOpen = Yes;\n"
20427
" RemovableMedia = yes;\n"
20428
" RandomAccess = no;\n"
20429
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
20430
"}\n"
20431
msgstr ""
20432
20433
#: serverguide/C/backups.xml:688(para)
20434
msgid ""
20435
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
20436
"Type and Archive Device to match your hardware."
20437
msgstr ""
20438
20439
#: serverguide/C/backups.xml:691(para)
20440
msgid "You could also uncomment one of the other examples in the file."
20441
msgstr ""
20442
20443
#: serverguide/C/backups.xml:696(para)
20444
msgid ""
20445
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
20446
"<application>Storage</application> daemon will need to be restarted:"
20447
msgstr ""
20448
20449
#: serverguide/C/backups.xml:701(command)
20450
msgid "sudo /etc/init.d/bacula-sd restart"
20451
msgstr ""
20452
20453
#: serverguide/C/backups.xml:705(para)
20454
msgid ""
20455
"Now add a <emphasis>Storage</emphasis> resource in "
20456
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
20457
msgstr ""
20458
20459
#: serverguide/C/backups.xml:708(programlisting)
20460
#, no-wrap
20461
msgid ""
20462
"\n"
20463
"# Definition of \"Tape Drive\" storage device\n"
20464
"Storage {\n"
20465
" Name = TapeDrive\n"
20466
" # Do not use \"localhost\" here \n"
20467
" Address = backupserver # N.B. Use a fully qualified name "
20468
"here\n"
20469
" SDPort = 9103\n"
20470
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
20471
" Device = \"Tape Drive\"\n"
20472
" Media Type = tape\n"
20473
"}\n"
20474
msgstr ""
20475
20476
#: serverguide/C/backups.xml:720(para)
20477
msgid ""
20478
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
20479
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
20480
"to the actual host name."
20481
msgstr ""
20482
20483
#: serverguide/C/backups.xml:724(para)
20484
msgid ""
20485
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
20486
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
20487
msgstr ""
20488
20489
#: serverguide/C/backups.xml:730(para)
20490
msgid ""
20491
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
20492
"directories to backup, by adding:"
20493
msgstr ""
20494
20495
#: serverguide/C/backups.xml:733(programlisting)
20496
#, no-wrap
20497
msgid ""
20498
"\n"
20499
"# LocalhostBacup FileSet.\n"
20500
"FileSet {\n"
20501
" Name = \"LocalhostFiles\"\n"
20502
" Include {\n"
20503
" Options {\n"
20504
" signature = MD5\n"
20505
" compression=GZIP\n"
20506
" }\n"
20507
" File = /etc\n"
20508
" File = /home\n"
20509
" }\n"
20510
"}\n"
20511
msgstr ""
20512
20513
#: serverguide/C/backups.xml:747(para)
20514
msgid ""
20515
"This <emphasis>FileSet</emphasis> will backup the <filename "
20516
"role=\"directory\">/etc</filename> and <filename "
20517
"role=\"directory\">/home</filename> directories. The "
20518
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
20519
"create a MD5 signature for each file backed up, and to compress the files "
20520
"using GZIP."
20521
msgstr ""
20522
20523
#: serverguide/C/backups.xml:754(para)
20524
msgid "Next, create a new <emphasis>Schedule</emphasis> for the backup job:"
20525
msgstr ""
20526
20527
#: serverguide/C/backups.xml:757(programlisting)
20528
#, no-wrap
20529
msgid ""
20530
"\n"
20531
"# LocalhostBackup Schedule -- Daily.\n"
20532
"Schedule {\n"
20533
" Name = \"LocalhostDaily\"\n"
20534
" Run = Full daily at 00:01\n"
20535
"}\n"
20536
msgstr ""
20537
20538
#: serverguide/C/backups.xml:764(para)
20539
msgid ""
20540
"The job will run every day at 00:01 or 12:01 am. There are many other "
20541
"scheduling options available."
20542
msgstr ""
20543
20544
#: serverguide/C/backups.xml:769(para)
20545
msgid "Finally create the <emphasis>Job</emphasis>:"
20546
msgstr ""
20547
20548
#: serverguide/C/backups.xml:772(programlisting)
20549
#, no-wrap
20550
msgid ""
20551
"\n"
20552
"# Localhost backup.\n"
20553
"Job {\n"
20554
" Name = \"LocalhostBackup\"\n"
20555
" JobDefs = \"DefaultJob\"\n"
20556
" Enabled = yes\n"
20557
" Level = Full\n"
20558
" FileSet = \"LocalhostFiles\"\n"
20559
" Schedule = \"LocalhostDaily\"\n"
20560
" Storage = TapeDrive\n"
20561
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
20562
"} \n"
20563
msgstr ""
20564
20565
#: serverguide/C/backups.xml:785(para)
20566
msgid ""
20567
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
20568
"drive."
20569
msgstr ""
20570
20571
#: serverguide/C/backups.xml:790(para)
20572
msgid ""
20573
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
20574
"current tape does not have a label <application>Bacula</application> will "
20575
"send an email letting you know. To label a tape using the "
20576
"<application>Console</application> enter the following from a terminal:"
20577
msgstr ""
20578
20579
#: serverguide/C/backups.xml:796(command)
20580
msgid "bconsole"
20581
msgstr ""
20582
20583
#: serverguide/C/backups.xml:800(para)
20584
msgid "At the Bacula Console prompt enter:"
20585
msgstr ""
20586
20587
#: serverguide/C/backups.xml:804(command)
20588
msgid "label"
20589
msgstr ""
20590
20591
#: serverguide/C/backups.xml:808(para)
20592
msgid ""
20593
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
20594
msgstr ""
20595
20596
#: serverguide/C/backups.xml:818(userinput)
20597
#, no-wrap
20598
msgid "2"
20599
msgstr ""
20600
20601
#: serverguide/C/backups.xml:812(computeroutput)
20602
#, no-wrap
20603
msgid ""
20604
"\n"
20605
"Automatically selected Catalog: MyCatalog\n"
20606
"Using Catalog \"MyCatalog\"\n"
20607
"The defined Storage resources are:\n"
20608
" 1: File\n"
20609
" 2: TapeDrive\n"
20610
"Select Storage resource (1-2):<placeholder-1/>\n"
20611
msgstr ""
20612
20613
#: serverguide/C/backups.xml:823(para)
20614
msgid "Enter the new <emphasis>Volume</emphasis> name:"
20615
msgstr ""
20616
20617
#: serverguide/C/backups.xml:828(userinput)
20618
#, no-wrap
20619
msgid "Sunday"
20620
msgstr ""
20621
20622
#: serverguide/C/backups.xml:827(computeroutput)
20623
#, no-wrap
20624
msgid ""
20625
"\n"
20626
"Enter new Volume name: <placeholder-1/>\n"
20627
"Defined Pools:\n"
20628
" 1: Default\n"
20629
" 2: Scratch"
20630
msgstr ""
20631
20632
#: serverguide/C/backups.xml:833(para)
20633
msgid "Replace <emphasis>Sunday</emphasis> with the desired label."
20634
msgstr ""
20635
20636
#: serverguide/C/backups.xml:838(para)
20637
msgid "Now, select the <emphasis>Pool</emphasis>:"
20638
msgstr ""
20639
20640
#: serverguide/C/backups.xml:843(userinput)
20641
#, no-wrap
20642
msgid "1"
20643
msgstr ""
20644
20645
#: serverguide/C/backups.xml:842(computeroutput)
20646
#, no-wrap
20647
msgid ""
20648
"\n"
20649
"Select the Pool (1-2): <placeholder-1/>\n"
20650
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
20651
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
20652
msgstr ""
20653
20654
#: serverguide/C/backups.xml:850(para)
20655
msgid ""
20656
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
20657
"backup the localhost to an attached tape drive."
20658
msgstr ""
20659
20660
#: serverguide/C/backups.xml:858(para)
20661
msgid ""
20662
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
20663
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
20664
"Manual</ulink>"
20665
msgstr ""
20666
20667
#: serverguide/C/backups.xml:864(para)
20668
msgid ""
20669
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
20670
"the latest Bacula news and developments."
20671
msgstr ""
20672
20673
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2.
20674
#: serverguide/C/backups.xml:0(None)
20675
msgid "translator-credits"
20676
msgstr ""
20677
"Launchpad Contributions:\n"
20678
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20679
"\n"
20680
"Launchpad Contributions:\n"
20681
" Andrius Dudavicius https://launchpad.net/~andrius-dudavicius\n"
20682
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
20683
"admins\n"
20684
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20685
" lidya https://launchpad.net/~lidy2al\n"
20686
"\n"
20687
"Launchpad Contributions:\n"
20688
" Andrius Dudavicius https://launchpad.net/~andrius-dudavicius\n"
20689
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
20690
"admins\n"
20691
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20692
" lidya https://launchpad.net/~lidy2al\n"
20693
"\n"
20694
"Launchpad Contributions:\n"
20695
" Andrius Dudavicius https://launchpad.net/~andrius-dudavicius\n"
20696
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
20697
"admins\n"
20698
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20699
" lidya https://launchpad.net/~lidy2al\n"
20700
"\n"
20701
"Launchpad Contributions:\n"
20702
" Andrius Dudavicius https://launchpad.net/~andrius-dudavicius\n"
20703
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
20704
"admins\n"
20705
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20706
" lidya https://launchpad.net/~lidy2al\n"
20707
"\n"
20708
"Launchpad Contributions:\n"
20709
" Andrius Dudavicius https://launchpad.net/~andrius-dudavicius\n"
20710
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
20711
"admins\n"
20712
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20713
" lidya https://launchpad.net/~lidy2al\n"
20714
"\n"
20715
"Launchpad Contributions:\n"
20716
" Andrius Dudavicius https://launchpad.net/~andrius-dudavicius\n"
20717
" Launchpad Translations Administrators https://launchpad.net/~rosetta-"
20718
"admins\n"
20719
" Mantas Smelevičius https://launchpad.net/~mantas.smelevicius\n"
20720
" lidya https://launchpad.net/~lidy2al"
Loggerhead is a web-based interface for Breezy
Version: 2.0.1