os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

White space fix only. Translators can ignore.

Browse source 
Approved by:	gjb (mentor)
This commit is contained in:
Dru Lavigne 2013-01-25 00:30:28 +00:00
parent 38301f322a
commit edf0e27a19
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=40744
1 changed files with 191 additions and 141 deletions

332
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
View file

@ -340,22 +340,27 @@ server-program-arguments</programlisting>
<entry>tcp, tcp4</entry>
<entry>TCP IPv4</entry>
</row>
<row>
<entry>udp, udp4</entry>
<entry>UDP IPv4</entry>
</row>
<row>
<entry>tcp6</entry>
<entry>TCP IPv6</entry>
</row>
<row>
<entry>udp6</entry>
<entry>UDP IPv6</entry>
</row>
<row>
<entry>tcp46</entry>
<entry>Both TCP IPv4 and v6</entry>
</row>
<row>
<entry>udp46</entry>
<entry>Both UDP IPv4 and v6</entry>
@ -635,12 +640,14 @@ server-program-arguments</programlisting>
requests from the <acronym>NFS</acronym>
clients.</entry>
</row>
<row>
<entry><application>mountd</application></entry>
<entry>The <acronym>NFS</acronym> mount daemon which
carries out the requests that &man.nfsd.8; passes on
to it.</entry>
</row>
<row>
<entry><application>rpcbind</application></entry>
<entry> This daemon allows
@ -662,6 +669,7 @@ server-program-arguments</programlisting>
<sect2 id="network-configuring-nfs">
<title>Configuring <acronym>NFS</acronym></title>
<indexterm>
<primary>NFS</primary>
<secondary>configuration</secondary>
@ -799,8 +807,8 @@ mountd_flags="-r"</programlisting>
<screen>&prompt.root; <userinput>/etc/rc.d/mountd onereload</userinput></screen>
<para>Please refer to <xref linkend="configtuning-rcd"/> for more
information about using rc scripts.</para>
<para>Please refer to <xref linkend="configtuning-rcd"/> for
more information about using rc scripts.</para>
<para>Alternatively, a reboot will make FreeBSD set everything
up properly. A reboot is not necessary though.
@ -1155,6 +1163,7 @@ Exports list on foobar:
<sect2>
<title>What Is It?</title>
<indexterm><primary>NIS</primary></indexterm>
<indexterm><primary>Solaris</primary></indexterm>
<indexterm><primary>HP-UX</primary></indexterm>
@ -1218,8 +1227,8 @@ Exports list on foobar:
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<colspec colwidth="1*"/>
<colspec colwidth="3*"/>
<colspec colwidth="1*"/>
<colspec colwidth="3*"/>
<thead>
<row>
@ -1237,6 +1246,7 @@ Exports list on foobar:
domainname does not have anything to do with
<acronym>DNS</acronym>.</entry>
</row>
<row>
<entry><application>rpcbind</application></entry>
@ -1247,6 +1257,7 @@ Exports list on foobar:
will be impossible to run an NIS server, or to act as
an NIS client.</entry>
</row>
<row>
<entry><application>ypbind</application></entry>
@ -1259,6 +1270,7 @@ Exports list on foobar:
on a client machine, it will not be able to access the
NIS server.</entry>
</row>
<row>
<entry><application>ypserv</application></entry>
<entry>Should only be running on NIS servers; this is
@ -1274,6 +1286,7 @@ Exports list on foobar:
<application>ypbind</application> process on the
client.</entry>
</row>
<row>
<entry><application>rpc.yppasswdd</application></entry>
<entry>Another process that should only be running on
@ -1404,21 +1417,25 @@ Exports list on foobar:
<entry><hostid role="ipaddr">10.0.0.2</hostid></entry>
<entry>NIS master</entry>
</row>
<row>
<entry><hostid>coltrane</hostid></entry>
<entry><hostid role="ipaddr">10.0.0.3</hostid></entry>
<entry>NIS slave</entry>
</row>
<row>
<entry><hostid>basie</hostid></entry>
<entry><hostid role="ipaddr">10.0.0.4</hostid></entry>
<entry>Faculty workstation</entry>
</row>
<row>
<entry><hostid>bird</hostid></entry>
<entry><hostid role="ipaddr">10.0.0.5</hostid></entry>
<entry>Client machine</entry>
</row>
<row>
<entry><hostid>cli[1-11]</hostid></entry>
<entry>
@ -1517,6 +1534,7 @@ Exports list on foobar:
<sect4>
<title>Setting Up a NIS Master Server</title>
<indexterm>
<primary>NIS</primary>
<secondary>server configuration</secondary>
@ -1531,18 +1549,23 @@ Exports list on foobar:
<procedure>
<step>
<para><programlisting>nisdomainname="test-domain"</programlisting>
This line will set the NIS domainname to
<literal>test-domain</literal>
upon network setup (e.g., after reboot).</para>
</step>
<step>
<para><programlisting>nis_server_enable="YES"</programlisting>
This will tell FreeBSD to start up the NIS server
processes when the networking is next brought
up.</para>
</step>
<step>
<para><programlisting>nis_yppasswdd_enable="YES"</programlisting>
This will enable the <command>rpc.yppasswdd</command>
daemon which, as mentioned above, will allow users to
change their NIS password from a client
@ -1570,6 +1593,7 @@ Exports list on foobar:
<sect4>
<title>Initializing the NIS Maps</title>
<indexterm>
<primary>NIS</primary>
<secondary>maps</secondary>
@ -1661,6 +1685,7 @@ ellington has been setup as an YP master server without any errors.</screen>
<sect4>
<title>Setting up a NIS Slave Server</title>
<indexterm>
<primary>NIS</primary>
<secondary>slave server</secondary>
@ -1785,9 +1810,11 @@ Don't forget to update map ypservers on ellington.</screen>
another server.</para>
<sect4>
<title>Setting Up a NIS Client</title> <indexterm>
<title>Setting Up a NIS Client</title>
<indexterm>
<primary>NIS</primary> <secondary>client
configuration</secondary>
configuration</secondary>
</indexterm> <para>Setting up a FreeBSD machine to be a NIS
client is fairly straightforward.</para>
@ -2006,6 +2033,7 @@ basie&prompt.root;</screen>
</sect2info>
<title>Using Netgroups</title>
<indexterm><primary>netgroups</primary></indexterm>
<para>The method shown in the previous section works reasonably
@ -2097,6 +2125,7 @@ basie&prompt.root;</screen>
employees are allowed to log onto these
machines.</entry>
</row>
<row>
<!-- gluttony was omitted because it was too fat -->
<entry><hostid>pride</hostid>, <hostid>greed</hostid>,
@ -2106,6 +2135,7 @@ basie&prompt.root;</screen>
department are allowed to login onto these
machines.</entry>
</row>
<row>
<entry><hostid>one</hostid>, <hostid>two</hostid>,
<hostid>three</hostid>, <hostid>four</hostid>,
@ -2509,6 +2539,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<sect2>
<title>Password Formats</title>
<indexterm>
<primary>NIS</primary>
<secondary>password formats</secondary>
@ -2585,6 +2616,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<sect2>
<title>What Is DHCP?</title>
<indexterm>
<primary>Dynamic Host Configuration Protocol</primary>
<see>DHCP</see>
@ -2619,6 +2651,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<sect2>
<title>How It Works</title>
<indexterm><primary>UDP</primary></indexterm>
<para>When <command>dhclient</command>, the DHCP client, is
executed on the client machine, it begins broadcasting
@ -2644,12 +2677,14 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<command>dhclient</command>. DHCP client support is provided
within both the installer and the base system, obviating the
need for detailed knowledge of network configurations on any
network that runs a DHCP server.</para> <indexterm>
<primary><application>sysinstall</application></primary>
</indexterm>
network that runs a DHCP server.</para>
<para>DHCP is supported by
<application>sysinstall</application>. When configuring a
<indexterm>
<primary><application>sysinstall</application></primary>
</indexterm>
<para>DHCP is supported by
<application>sysinstall</application>. When configuring a
network interface within
<application>sysinstall</application>, the second question
asked is: <quote>Do you want to try DHCP configuration of
@ -2745,132 +2780,135 @@ dhclient_flags=""</programlisting>
role="package">net/isc-dhcp42-server</filename> port in
the ports collection. This port contains the ISC DHCP
server and documentation.</para>
</sect2>
</sect2>
<sect2>
<title>Files</title>
<indexterm>
<primary>DHCP</primary>
<secondary>configuration files</secondary>
</indexterm>
<itemizedlist>
<listitem>
<para><filename>/etc/dhclient.conf</filename></para>
<para><command>dhclient</command> requires a configuration
file, <filename>/etc/dhclient.conf</filename>. Typically
the file contains only comments, the defaults being
reasonably sane. This configuration file is described by
the &man.dhclient.conf.5;
manual page.</para>
</listitem>
<sect2>
<title>Files</title>
<listitem>
<para><filename>/sbin/dhclient</filename></para>
<para><command>dhclient</command> is statically linked and
resides in <filename>/sbin</filename>. The
&man.dhclient.8; manual page gives more information about
<command>dhclient</command>.</para>
</listitem>
<listitem>
<para><filename>/sbin/dhclient-script</filename></para>
<para><command>dhclient-script</command> is the
FreeBSD-specific DHCP client configuration script. It is
described in &man.dhclient-script.8;, but should not need
any user modification to function properly.</para>
</listitem>
<listitem>
<para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
<para>The DHCP client keeps a database of valid leases in
this file, which is written as a log.
&man.dhclient.leases.5; gives a slightly longer
description.</para>
</listitem>
</itemizedlist>
</sect2>
<sect2>
<title>Further Reading</title>
<para>The DHCP protocol is fully described in <ulink
url="http://www.freesoft.org/CIE/RFC/2131/">RFC
2131</ulink>. An informational resource has also been set up
at <ulink url="http://www.dhcp.org/"></ulink>.</para>
</sect2>
<sect2 id="network-dhcp-server">
<title>Installing and Configuring a DHCP Server</title>
<sect3>
<title>What This Section Covers</title>
<para>This section provides information on how to configure
a FreeBSD system to act as a DHCP server using the ISC
(Internet Systems Consortium) implementation of the DHCP
server.</para>
<para>The server is not provided as part of FreeBSD, and so
you will need to install the <filename
role="package">net/isc-dhcp42-server</filename> port to
provide this service. See <xref linkend="ports"/> for
more information on using the Ports Collection.</para>
</sect3>
<sect3>
<title>DHCP Server Installation</title>
<indexterm>
<primary>DHCP</primary>
<secondary>installation</secondary>
<secondary>configuration files</secondary>
</indexterm>
<para>In order to configure your FreeBSD system as a DHCP
server, you will need to ensure that the &man.bpf.4;
device is compiled into your kernel. To do this, add
<literal>device bpf</literal> to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see <xref
linkend="kernelconfig"/>.</para>
<itemizedlist>
<listitem>
<para><filename>/etc/dhclient.conf</filename></para>
<para><command>dhclient</command> requires a configuration
file, <filename>/etc/dhclient.conf</filename>.
Typically the file contains only comments, the defaults
being reasonably sane. This configuration file is
described by the &man.dhclient.conf.5; manual
page.</para>
</listitem>
<para>The <devicename>bpf</devicename> device is already
part of the <filename>GENERIC</filename> kernel that is
supplied with FreeBSD, so you do not need to create a
custom kernel in order to get DHCP working.</para>
<listitem>
<para><filename>/sbin/dhclient</filename></para>
<para><command>dhclient</command> is statically linked and
resides in <filename>/sbin</filename>. The
&man.dhclient.8; manual page gives more information
about <command>dhclient</command>.</para>
</listitem>
<note>
<para>Those who are particularly security conscious
should note that <devicename>bpf</devicename> is also
the device that allows packet sniffers to work
correctly (although such programs still need
privileged access). <devicename>bpf</devicename>
<emphasis>is</emphasis> required to use DHCP, but if
you are very sensitive about security, you probably
should not include <devicename>bpf</devicename> in
your kernel purely because you expect to use DHCP at
some point in the future.</para>
</note>
<listitem>
<para><filename>/sbin/dhclient-script</filename></para>
<para><command>dhclient-script</command> is the
FreeBSD-specific DHCP client configuration script. It
is described in &man.dhclient-script.8;, but should not
need any user modification to function properly.</para>
</listitem>
<para>The next thing that you will need to do is edit the
sample <filename>dhcpd.conf</filename> which was installed
by the <filename
role="package">net/isc-dhcp42-server</filename> port.
By default, this will be
<filename>/usr/local/etc/dhcpd.conf.sample</filename>, and
you should copy this to
<filename>/usr/local/etc/dhcpd.conf</filename> before
proceeding to make changes.</para>
</sect3>
<listitem>
<para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
<para>The DHCP client keeps a database of valid leases
in this file, which is written as a log.
&man.dhclient.leases.5; gives a slightly longer
description.</para>
</listitem>
</itemizedlist>
</sect2>
<sect3>
<title>Configuring the DHCP Server</title>
<indexterm>
<primary>DHCP</primary>
<secondary>dhcpd.conf</secondary>
</indexterm>
<para><filename>dhcpd.conf</filename> is comprised of
declarations regarding subnets and hosts, and is perhaps
most easily explained using an example :</para>
<sect2>
<title>Further Reading</title>
<programlisting>option domain-name "example.com";<co id="domain-name"/>
<para>The DHCP protocol is fully described in <ulink
url="http://www.freesoft.org/CIE/RFC/2131/">RFC
2131</ulink>. An informational resource has also been set
up at <ulink url="http://www.dhcp.org/"></ulink>.</para>
</sect2>
<sect2 id="network-dhcp-server">
<title>Installing and Configuring a DHCP Server</title>
<sect3>
<title>What This Section Covers</title>
<para>This section provides information on how to configure
a FreeBSD system to act as a DHCP server using the ISC
(Internet Systems Consortium) implementation of the DHCP
server.</para>
<para>The server is not provided as part of FreeBSD, and so
you will need to install the <filename
role="package">net/isc-dhcp42-server</filename> port to
provide this service. See <xref linkend="ports"/> for
more information on using the Ports Collection.</para>
</sect3>
<sect3>
<title>DHCP Server Installation</title>
<indexterm>
<primary>DHCP</primary>
<secondary>installation</secondary>
</indexterm>
<para>In order to configure your FreeBSD system as a DHCP
server, you will need to ensure that the &man.bpf.4;
device is compiled into your kernel. To do this, add
<literal>device bpf</literal> to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see <xref
linkend="kernelconfig"/>.</para>
<para>The <devicename>bpf</devicename> device is already
part of the <filename>GENERIC</filename> kernel that is
supplied with FreeBSD, so you do not need to create a
custom kernel in order to get DHCP working.</para>
<note>
<para>Those who are particularly security conscious
should note that <devicename>bpf</devicename> is also
the device that allows packet sniffers to work
correctly (although such programs still need
privileged access). <devicename>bpf</devicename>
<emphasis>is</emphasis> required to use DHCP, but if
you are very sensitive about security, you probably
should not include <devicename>bpf</devicename> in
your kernel purely because you expect to use DHCP at
some point in the future.</para>
</note>
<para>The next thing that you will need to do is edit the
sample <filename>dhcpd.conf</filename> which was installed
by the <filename
role="package">net/isc-dhcp42-server</filename> port.
By default, this will be
<filename>/usr/local/etc/dhcpd.conf.sample</filename>, and
you should copy this to
<filename>/usr/local/etc/dhcpd.conf</filename> before
proceeding to make changes.</para>
</sect3>
<sect3>
<title>Configuring the DHCP Server</title>
<indexterm>
<primary>DHCP</primary>
<secondary>dhcpd.conf</secondary>
</indexterm>
<para><filename>dhcpd.conf</filename> is comprised of
declarations regarding subnets and hosts, and is perhaps
most easily explained using an example :</para>
<programlisting>option domain-name "example.com";<co id="domain-name"/>
option domain-name-servers 192.168.4.100;<co id="domain-name-servers"/>
option subnet-mask 255.255.255.0;<co id="subnet-mask"/>
@ -2986,6 +3024,7 @@ dhcpd_ifaces="dc0"</programlisting>
<sect3>
<title>Files</title>
<indexterm>
<primary>DHCP</primary>
<secondary>configuration files</secondary>
@ -3063,6 +3102,7 @@ dhcpd_ifaces="dc0"</programlisting>
<sect2>
<title>Overview</title>
<indexterm><primary>BIND</primary></indexterm>
<para>&os; utilizes, by default, a version of BIND (Berkeley
@ -3272,6 +3312,7 @@ dhcpd_ifaces="dc0"</programlisting>
<sect2>
<title>How It Works</title>
<para>In &os;, the BIND daemon is called
<application>named</application>.</para>
@ -3725,6 +3766,7 @@ zone "1.168.192.in-addr.arpa" {
<sect3>
<title>Zone Files</title>
<indexterm>
<primary>BIND</primary>
<secondary>zone files</secondary>
@ -3966,6 +4008,7 @@ mail IN A 192.168.1.5</programlisting>
<sect2>
<title>Caching Name Server</title>
<indexterm>
<primary>BIND</primary>
<secondary>caching name server</secondary>
@ -3979,24 +4022,25 @@ mail IN A 192.168.1.5</programlisting>
<sect2>
<title><acronym
role="Domain Name Security Extensions">DNSSEC</acronym></title>
<indexterm>
<primary>BIND</primary>
<secondary>DNS security extensions</secondary>
</indexterm>
<para>Domain Name System Security Extensions, or <acronym
role="Domain Name Security Extensions">DNSSEC</acronym> for
short, is a suite of specifications to protect resolving name
servers from forged <acronym>DNS</acronym> data, such as
spoofed <acronym>DNS</acronym> records. By using digital
signatures, a resolver can verify the integrity of the record.
Note that <acronym
role="Domain Name Security Extensions">DNSSEC</acronym> only
provides integrity via digitally signing the Resource
Records (<acronym role="Resource Record">RR</acronym>s). It
provides neither confidentiality nor protection against false
end-user assumptions. This means that it cannot protect
against people going to <hostid
role="Domain Name Security Extensions">DNSSEC</acronym>
for short, is a suite of specifications to protect resolving
name servers from forged <acronym>DNS</acronym> data, such
as spoofed <acronym>DNS</acronym> records. By using digital
signatures, a resolver can verify the integrity of the
record. Note that <acronym
role="Domain Name Security Extensions">DNSSEC</acronym>
only provides integrity via digitally signing the Resource
Records (<acronym role="Resource Record">RR</acronym>s).
It provides neither confidentiality nor protection against
false end-user assumptions. This means that it cannot
protect against people going to <hostid
role="domainname">example.net</hostid> instead of <hostid
role="domainname">example.com</hostid>. The only thing
<acronym>DNSSEC</acronym> does is authenticate that the data
@ -4610,6 +4654,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
following commands:</para>
<screen>&prompt.root; <userinput>/usr/local/etc/rc.d/apache22 configtest</userinput></screen>
<screen>&prompt.root; <userinput>service apache22 configtest</userinput></screen>
<note>
@ -4626,6 +4671,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
mechanisms:</para>
<screen>&prompt.root; <userinput>/usr/local/etc/rc.d/apache22 start</userinput></screen>
<screen>&prompt.root; <userinput>service apache22 start</userinput></screen>
<para>The <command>httpd</command> service can be tested by
@ -5166,6 +5212,7 @@ DocumentRoot /www/someotherdomain.tld
<application>Samba</application>:</para>
<programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat swat</programlisting>
<para>As explained in <xref linkend="network-inetd-reread"/>,
the <application>inetd</application> configuration must be
reloaded after this configuration file is changed.</para>
@ -5289,6 +5336,7 @@ DocumentRoot /www/someotherdomain.tld
the following command:</para>
<screen>&prompt.root; <userinput>smbpasswd -a username</userinput></screen>
<note>
<para>The recommended backend is now
<literal>tdbsam</literal>, and the following command
@ -5323,6 +5371,7 @@ DocumentRoot /www/someotherdomain.tld
<para>Or, for fine grain control:</para>
<programlisting>nmbd_enable="YES"</programlisting>
<programlisting>smbd_enable="YES"</programlisting>
<note>
@ -5339,8 +5388,8 @@ Starting SAMBA: removing stale tdbs :
Starting nmbd.
Starting smbd.</screen>
<para>Please refer to <xref linkend="configtuning-rcd"/> for more
information about using rc scripts.</para>
<para>Please refer to <xref linkend="configtuning-rcd"/> for
more information about using rc scripts.</para>
<para><application>Samba</application> actually consists of
three separate daemons. You should see that both the
@ -5445,6 +5494,7 @@ Starting smbd.</screen>
<sect3>
<title>Basic Configuration</title>
<indexterm><primary>ntpdate</primary></indexterm>
<para>If you only wish to synchronize your clock when the