Date: Fri, 25 Jan 2013 00:30:28 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40744 - head/en_US.ISO8859-1/books/handbook/network-servers Message-ID: <201301250030.r0P0USsO046795@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri Jan 25 00:30:28 2013 New Revision: 40744 URL: http://svnweb.freebsd.org/changeset/doc/40744 Log: White space fix only. Translators can ignore. Approved by: gjb (mentor) Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 25 00:26:46 2013 (r40743) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 25 00:30:28 2013 (r40744) @@ -340,22 +340,27 @@ server-program-arguments</programlisting <entry>tcp, tcp4</entry> <entry>TCP IPv4</entry> </row> + <row> <entry>udp, udp4</entry> <entry>UDP IPv4</entry> </row> + <row> <entry>tcp6</entry> <entry>TCP IPv6</entry> </row> + <row> <entry>udp6</entry> <entry>UDP IPv6</entry> </row> + <row> <entry>tcp46</entry> <entry>Both TCP IPv4 and v6</entry> </row> + <row> <entry>udp46</entry> <entry>Both UDP IPv4 and v6</entry> @@ -635,12 +640,14 @@ server-program-arguments</programlisting requests from the <acronym>NFS</acronym> clients.</entry> </row> + <row> <entry><application>mountd</application></entry> <entry>The <acronym>NFS</acronym> mount daemon which carries out the requests that &man.nfsd.8; passes on to it.</entry> </row> + <row> <entry><application>rpcbind</application></entry> <entry> This daemon allows @@ -662,6 +669,7 @@ server-program-arguments</programlisting <sect2 id="network-configuring-nfs"> <title>Configuring <acronym>NFS</acronym></title> + <indexterm> <primary>NFS</primary> <secondary>configuration</secondary> @@ -799,8 +807,8 @@ mountd_flags="-r"</programlisting> <screen>&prompt.root; <userinput>/etc/rc.d/mountd onereload</userinput></screen> - <para>Please refer to <xref linkend="configtuning-rcd"/> for more - information about using rc scripts.</para> + <para>Please refer to <xref linkend="configtuning-rcd"/> for + more information about using rc scripts.</para> <para>Alternatively, a reboot will make FreeBSD set everything up properly. A reboot is not necessary though. @@ -1155,6 +1163,7 @@ Exports list on foobar: <sect2> <title>What Is It?</title> + <indexterm><primary>NIS</primary></indexterm> <indexterm><primary>Solaris</primary></indexterm> <indexterm><primary>HP-UX</primary></indexterm> @@ -1218,8 +1227,8 @@ Exports list on foobar: <informaltable frame="none" pgwide="1"> <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="3*"/> + <colspec colwidth="1*"/> + <colspec colwidth="3*"/> <thead> <row> @@ -1237,6 +1246,7 @@ Exports list on foobar: domainname does not have anything to do with <acronym>DNS</acronym>.</entry> </row> + <row> <entry><application>rpcbind</application></entry> @@ -1247,6 +1257,7 @@ Exports list on foobar: will be impossible to run an NIS server, or to act as an NIS client.</entry> </row> + <row> <entry><application>ypbind</application></entry> @@ -1259,6 +1270,7 @@ Exports list on foobar: on a client machine, it will not be able to access the NIS server.</entry> </row> + <row> <entry><application>ypserv</application></entry> <entry>Should only be running on NIS servers; this is @@ -1274,6 +1286,7 @@ Exports list on foobar: <application>ypbind</application> process on the client.</entry> </row> + <row> <entry><application>rpc.yppasswdd</application></entry> <entry>Another process that should only be running on @@ -1404,21 +1417,25 @@ Exports list on foobar: <entry><hostid role="ipaddr">10.0.0.2</hostid></entry> <entry>NIS master</entry> </row> + <row> <entry><hostid>coltrane</hostid></entry> <entry><hostid role="ipaddr">10.0.0.3</hostid></entry> <entry>NIS slave</entry> </row> + <row> <entry><hostid>basie</hostid></entry> <entry><hostid role="ipaddr">10.0.0.4</hostid></entry> <entry>Faculty workstation</entry> </row> + <row> <entry><hostid>bird</hostid></entry> <entry><hostid role="ipaddr">10.0.0.5</hostid></entry> <entry>Client machine</entry> </row> + <row> <entry><hostid>cli[1-11]</hostid></entry> <entry> @@ -1517,6 +1534,7 @@ Exports list on foobar: <sect4> <title>Setting Up a NIS Master Server</title> + <indexterm> <primary>NIS</primary> <secondary>server configuration</secondary> @@ -1531,18 +1549,23 @@ Exports list on foobar: <procedure> <step> <para><programlisting>nisdomainname="test-domain"</programlisting> + This line will set the NIS domainname to <literal>test-domain</literal> upon network setup (e.g., after reboot).</para> </step> + <step> <para><programlisting>nis_server_enable="YES"</programlisting> + This will tell FreeBSD to start up the NIS server processes when the networking is next brought up.</para> </step> + <step> <para><programlisting>nis_yppasswdd_enable="YES"</programlisting> + This will enable the <command>rpc.yppasswdd</command> daemon which, as mentioned above, will allow users to change their NIS password from a client @@ -1570,6 +1593,7 @@ Exports list on foobar: <sect4> <title>Initializing the NIS Maps</title> + <indexterm> <primary>NIS</primary> <secondary>maps</secondary> @@ -1661,6 +1685,7 @@ ellington has been setup as an YP master <sect4> <title>Setting up a NIS Slave Server</title> + <indexterm> <primary>NIS</primary> <secondary>slave server</secondary> @@ -1785,9 +1810,11 @@ Don't forget to update map ypservers on another server.</para> <sect4> - <title>Setting Up a NIS Client</title> <indexterm> + <title>Setting Up a NIS Client</title> + + <indexterm> <primary>NIS</primary> <secondary>client - configuration</secondary> + configuration</secondary> </indexterm> <para>Setting up a FreeBSD machine to be a NIS client is fairly straightforward.</para> @@ -2006,6 +2033,7 @@ basie&prompt.root;</screen> </sect2info> <title>Using Netgroups</title> + <indexterm><primary>netgroups</primary></indexterm> <para>The method shown in the previous section works reasonably @@ -2097,6 +2125,7 @@ basie&prompt.root;</screen> employees are allowed to log onto these machines.</entry> </row> + <row> <!-- gluttony was omitted because it was too fat --> <entry><hostid>pride</hostid>, <hostid>greed</hostid>, @@ -2106,6 +2135,7 @@ basie&prompt.root;</screen> department are allowed to login onto these machines.</entry> </row> + <row> <entry><hostid>one</hostid>, <hostid>two</hostid>, <hostid>three</hostid>, <hostid>four</hostid>, @@ -2509,6 +2539,7 @@ nis_client_flags="-S <replaceable>NIS do <sect2> <title>Password Formats</title> + <indexterm> <primary>NIS</primary> <secondary>password formats</secondary> @@ -2585,6 +2616,7 @@ nis_client_flags="-S <replaceable>NIS do <sect2> <title>What Is DHCP?</title> + <indexterm> <primary>Dynamic Host Configuration Protocol</primary> <see>DHCP</see> @@ -2619,6 +2651,7 @@ nis_client_flags="-S <replaceable>NIS do <sect2> <title>How It Works</title> + <indexterm><primary>UDP</primary></indexterm> <para>When <command>dhclient</command>, the DHCP client, is executed on the client machine, it begins broadcasting @@ -2644,12 +2677,14 @@ nis_client_flags="-S <replaceable>NIS do <command>dhclient</command>. DHCP client support is provided within both the installer and the base system, obviating the need for detailed knowledge of network configurations on any - network that runs a DHCP server.</para> <indexterm> - <primary><application>sysinstall</application></primary> - </indexterm> + network that runs a DHCP server.</para> + + <indexterm> + <primary><application>sysinstall</application></primary> + </indexterm> - <para>DHCP is supported by - <application>sysinstall</application>. When configuring a + <para>DHCP is supported by + <application>sysinstall</application>. When configuring a network interface within <application>sysinstall</application>, the second question asked is: <quote>Do you want to try DHCP configuration of @@ -2745,132 +2780,135 @@ dhclient_flags=""</programlisting> role="package">net/isc-dhcp42-server</filename> port in the ports collection. This port contains the ISC DHCP server and documentation.</para> - </sect2> + </sect2> - <sect2> - <title>Files</title> - <indexterm> - <primary>DHCP</primary> - <secondary>configuration files</secondary> - </indexterm> - <itemizedlist> - <listitem> - <para><filename>/etc/dhclient.conf</filename></para> - <para><command>dhclient</command> requires a configuration - file, <filename>/etc/dhclient.conf</filename>. Typically - the file contains only comments, the defaults being - reasonably sane. This configuration file is described by - the &man.dhclient.conf.5; - manual page.</para> - </listitem> + <sect2> + <title>Files</title> - <listitem> - <para><filename>/sbin/dhclient</filename></para> - <para><command>dhclient</command> is statically linked and - resides in <filename>/sbin</filename>. The - &man.dhclient.8; manual page gives more information about - <command>dhclient</command>.</para> - </listitem> + <indexterm> + <primary>DHCP</primary> + <secondary>configuration files</secondary> + </indexterm> + <itemizedlist> + <listitem> + <para><filename>/etc/dhclient.conf</filename></para> + <para><command>dhclient</command> requires a configuration + file, <filename>/etc/dhclient.conf</filename>. + Typically the file contains only comments, the defaults + being reasonably sane. This configuration file is + described by the &man.dhclient.conf.5; manual + page.</para> + </listitem> - <listitem> - <para><filename>/sbin/dhclient-script</filename></para> - <para><command>dhclient-script</command> is the - FreeBSD-specific DHCP client configuration script. It is - described in &man.dhclient-script.8;, but should not need - any user modification to function properly.</para> - </listitem> + <listitem> + <para><filename>/sbin/dhclient</filename></para> + <para><command>dhclient</command> is statically linked and + resides in <filename>/sbin</filename>. The + &man.dhclient.8; manual page gives more information + about <command>dhclient</command>.</para> + </listitem> - <listitem> - <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para> - <para>The DHCP client keeps a database of valid leases in - this file, which is written as a log. - &man.dhclient.leases.5; gives a slightly longer - description.</para> - </listitem> - </itemizedlist> - </sect2> + <listitem> + <para><filename>/sbin/dhclient-script</filename></para> + <para><command>dhclient-script</command> is the + FreeBSD-specific DHCP client configuration script. It + is described in &man.dhclient-script.8;, but should not + need any user modification to function properly.</para> + </listitem> - <sect2> - <title>Further Reading</title> + <listitem> + <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para> + <para>The DHCP client keeps a database of valid leases + in this file, which is written as a log. + &man.dhclient.leases.5; gives a slightly longer + description.</para> + </listitem> + </itemizedlist> + </sect2> - <para>The DHCP protocol is fully described in <ulink - url="http://www.freesoft.org/CIE/RFC/2131/">RFC - 2131</ulink>. An informational resource has also been set up - at <ulink url="http://www.dhcp.org/"></ulink>.</para>; - </sect2> + <sect2> + <title>Further Reading</title> - <sect2 id="network-dhcp-server"> - <title>Installing and Configuring a DHCP Server</title> + <para>The DHCP protocol is fully described in <ulink + url="http://www.freesoft.org/CIE/RFC/2131/">RFC + 2131</ulink>. An informational resource has also been set + up at <ulink url="http://www.dhcp.org/"></ulink>.</para>; + </sect2> + + <sect2 id="network-dhcp-server"> + <title>Installing and Configuring a DHCP Server</title> + + <sect3> + <title>What This Section Covers</title> + + <para>This section provides information on how to configure + a FreeBSD system to act as a DHCP server using the ISC + (Internet Systems Consortium) implementation of the DHCP + server.</para> - <sect3> - <title>What This Section Covers</title> + <para>The server is not provided as part of FreeBSD, and so + you will need to install the <filename + role="package">net/isc-dhcp42-server</filename> port to + provide this service. See <xref linkend="ports"/> for + more information on using the Ports Collection.</para> + </sect3> - <para>This section provides information on how to configure - a FreeBSD system to act as a DHCP server using the ISC - (Internet Systems Consortium) implementation of the DHCP - server.</para> - - <para>The server is not provided as part of FreeBSD, and so - you will need to install the <filename - role="package">net/isc-dhcp42-server</filename> port to - provide this service. See <xref linkend="ports"/> for - more information on using the Ports Collection.</para> - </sect3> + <sect3> + <title>DHCP Server Installation</title> - <sect3> - <title>DHCP Server Installation</title> - <indexterm> - <primary>DHCP</primary> - <secondary>installation</secondary> - </indexterm> - <para>In order to configure your FreeBSD system as a DHCP - server, you will need to ensure that the &man.bpf.4; - device is compiled into your kernel. To do this, add - <literal>device bpf</literal> to your kernel - configuration file, and rebuild the kernel. For more - information about building kernels, see <xref - linkend="kernelconfig"/>.</para> - - <para>The <devicename>bpf</devicename> device is already - part of the <filename>GENERIC</filename> kernel that is - supplied with FreeBSD, so you do not need to create a - custom kernel in order to get DHCP working.</para> + <indexterm> + <primary>DHCP</primary> + <secondary>installation</secondary> + </indexterm> + <para>In order to configure your FreeBSD system as a DHCP + server, you will need to ensure that the &man.bpf.4; + device is compiled into your kernel. To do this, add + <literal>device bpf</literal> to your kernel + configuration file, and rebuild the kernel. For more + information about building kernels, see <xref + linkend="kernelconfig"/>.</para> + + <para>The <devicename>bpf</devicename> device is already + part of the <filename>GENERIC</filename> kernel that is + supplied with FreeBSD, so you do not need to create a + custom kernel in order to get DHCP working.</para> - <note> - <para>Those who are particularly security conscious - should note that <devicename>bpf</devicename> is also - the device that allows packet sniffers to work - correctly (although such programs still need - privileged access). <devicename>bpf</devicename> - <emphasis>is</emphasis> required to use DHCP, but if - you are very sensitive about security, you probably - should not include <devicename>bpf</devicename> in - your kernel purely because you expect to use DHCP at - some point in the future.</para> - </note> + <note> + <para>Those who are particularly security conscious + should note that <devicename>bpf</devicename> is also + the device that allows packet sniffers to work + correctly (although such programs still need + privileged access). <devicename>bpf</devicename> + <emphasis>is</emphasis> required to use DHCP, but if + you are very sensitive about security, you probably + should not include <devicename>bpf</devicename> in + your kernel purely because you expect to use DHCP at + some point in the future.</para> + </note> - <para>The next thing that you will need to do is edit the - sample <filename>dhcpd.conf</filename> which was installed - by the <filename - role="package">net/isc-dhcp42-server</filename> port. - By default, this will be - <filename>/usr/local/etc/dhcpd.conf.sample</filename>, and - you should copy this to - <filename>/usr/local/etc/dhcpd.conf</filename> before - proceeding to make changes.</para> - </sect3> + <para>The next thing that you will need to do is edit the + sample <filename>dhcpd.conf</filename> which was installed + by the <filename + role="package">net/isc-dhcp42-server</filename> port. + By default, this will be + <filename>/usr/local/etc/dhcpd.conf.sample</filename>, and + you should copy this to + <filename>/usr/local/etc/dhcpd.conf</filename> before + proceeding to make changes.</para> + </sect3> - <sect3> - <title>Configuring the DHCP Server</title> - <indexterm> - <primary>DHCP</primary> - <secondary>dhcpd.conf</secondary> - </indexterm> - <para><filename>dhcpd.conf</filename> is comprised of - declarations regarding subnets and hosts, and is perhaps - most easily explained using an example :</para> + <sect3> + <title>Configuring the DHCP Server</title> + + <indexterm> + <primary>DHCP</primary> + <secondary>dhcpd.conf</secondary> + </indexterm> + <para><filename>dhcpd.conf</filename> is comprised of + declarations regarding subnets and hosts, and is perhaps + most easily explained using an example :</para> - <programlisting>option domain-name "example.com";<co id="domain-name"/> + <programlisting>option domain-name "example.com";<co id="domain-name"/> option domain-name-servers 192.168.4.100;<co id="domain-name-servers"/> option subnet-mask 255.255.255.0;<co id="subnet-mask"/> @@ -2986,6 +3024,7 @@ dhcpd_ifaces="dc0"</programlisting> <sect3> <title>Files</title> + <indexterm> <primary>DHCP</primary> <secondary>configuration files</secondary> @@ -3063,6 +3102,7 @@ dhcpd_ifaces="dc0"</programlisting> <sect2> <title>Overview</title> + <indexterm><primary>BIND</primary></indexterm> <para>&os; utilizes, by default, a version of BIND (Berkeley @@ -3272,6 +3312,7 @@ dhcpd_ifaces="dc0"</programlisting> <sect2> <title>How It Works</title> + <para>In &os;, the BIND daemon is called <application>named</application>.</para> @@ -3725,6 +3766,7 @@ zone "1.168.192.in-addr.arpa" { <sect3> <title>Zone Files</title> + <indexterm> <primary>BIND</primary> <secondary>zone files</secondary> @@ -3966,6 +4008,7 @@ mail IN A 192.168. <sect2> <title>Caching Name Server</title> + <indexterm> <primary>BIND</primary> <secondary>caching name server</secondary> @@ -3979,24 +4022,25 @@ mail IN A 192.168. <sect2> <title><acronym role="Domain Name Security Extensions">DNSSEC</acronym></title> + <indexterm> <primary>BIND</primary> <secondary>DNS security extensions</secondary> </indexterm> <para>Domain Name System Security Extensions, or <acronym - role="Domain Name Security Extensions">DNSSEC</acronym> for - short, is a suite of specifications to protect resolving name - servers from forged <acronym>DNS</acronym> data, such as - spoofed <acronym>DNS</acronym> records. By using digital - signatures, a resolver can verify the integrity of the record. - Note that <acronym - role="Domain Name Security Extensions">DNSSEC</acronym> only - provides integrity via digitally signing the Resource - Records (<acronym role="Resource Record">RR</acronym>s). It - provides neither confidentiality nor protection against false - end-user assumptions. This means that it cannot protect - against people going to <hostid + role="Domain Name Security Extensions">DNSSEC</acronym> + for short, is a suite of specifications to protect resolving + name servers from forged <acronym>DNS</acronym> data, such + as spoofed <acronym>DNS</acronym> records. By using digital + signatures, a resolver can verify the integrity of the + record. Note that <acronym + role="Domain Name Security Extensions">DNSSEC</acronym> + only provides integrity via digitally signing the Resource + Records (<acronym role="Resource Record">RR</acronym>s). + It provides neither confidentiality nor protection against + false end-user assumptions. This means that it cannot + protect against people going to <hostid role="domainname">example.net</hostid> instead of <hostid role="domainname">example.com</hostid>. The only thing <acronym>DNSSEC</acronym> does is authenticate that the data @@ -4610,6 +4654,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key following commands:</para> <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/apache22 configtest</userinput></screen> + <screen>&prompt.root; <userinput>service apache22 configtest</userinput></screen> <note> @@ -4626,6 +4671,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key mechanisms:</para> <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/apache22 start</userinput></screen> + <screen>&prompt.root; <userinput>service apache22 start</userinput></screen> <para>The <command>httpd</command> service can be tested by @@ -5166,6 +5212,7 @@ DocumentRoot /www/someotherdomain.tld <application>Samba</application>:</para> <programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat swat</programlisting> + <para>As explained in <xref linkend="network-inetd-reread"/>, the <application>inetd</application> configuration must be reloaded after this configuration file is changed.</para> @@ -5289,6 +5336,7 @@ DocumentRoot /www/someotherdomain.tld the following command:</para> <screen>&prompt.root; <userinput>smbpasswd -a username</userinput></screen> + <note> <para>The recommended backend is now <literal>tdbsam</literal>, and the following command @@ -5323,6 +5371,7 @@ DocumentRoot /www/someotherdomain.tld <para>Or, for fine grain control:</para> <programlisting>nmbd_enable="YES"</programlisting> + <programlisting>smbd_enable="YES"</programlisting> <note> @@ -5339,8 +5388,8 @@ Starting SAMBA: removing stale tdbs : Starting nmbd. Starting smbd.</screen> - <para>Please refer to <xref linkend="configtuning-rcd"/> for more - information about using rc scripts.</para> + <para>Please refer to <xref linkend="configtuning-rcd"/> for + more information about using rc scripts.</para> <para><application>Samba</application> actually consists of three separate daemons. You should see that both the @@ -5445,6 +5494,7 @@ Starting smbd.</screen> <sect3> <title>Basic Configuration</title> + <indexterm><primary>ntpdate</primary></indexterm> <para>If you only wish to synchronize your clock when the
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301250030.r0P0USsO046795>