From owner-svn-doc-all@FreeBSD.ORG Fri Jan 25 00:30:28 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id AF990B60; Fri, 25 Jan 2013 00:30:28 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 8832E9D; Fri, 25 Jan 2013 00:30:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0P0USH4046796; Fri, 25 Jan 2013 00:30:28 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0P0USsO046795; Fri, 25 Jan 2013 00:30:28 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201301250030.r0P0USsO046795@svn.freebsd.org> From: Dru Lavigne Date: Fri, 25 Jan 2013 00:30:28 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40744 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2013 00:30:28 -0000 Author: dru Date: Fri Jan 25 00:30:28 2013 New Revision: 40744 URL: http://svnweb.freebsd.org/changeset/doc/40744 Log: White space fix only. Translators can ignore. Approved by: gjb (mentor) Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 25 00:26:46 2013 (r40743) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 25 00:30:28 2013 (r40744) @@ -340,22 +340,27 @@ server-program-argumentstcp, tcp4 TCP IPv4 + udp, udp4 UDP IPv4 + tcp6 TCP IPv6 + udp6 UDP IPv6 + tcp46 Both TCP IPv4 and v6 + udp46 Both UDP IPv4 and v6 @@ -635,12 +640,14 @@ server-program-argumentsNFS clients. + mountd The NFS mount daemon which carries out the requests that &man.nfsd.8; passes on to it. + rpcbind This daemon allows @@ -662,6 +669,7 @@ server-program-arguments Configuring <acronym>NFS</acronym> + NFS configuration @@ -799,8 +807,8 @@ mountd_flags="-r" &prompt.root; /etc/rc.d/mountd onereload - Please refer to for more - information about using rc scripts. + Please refer to for + more information about using rc scripts. Alternatively, a reboot will make FreeBSD set everything up properly. A reboot is not necessary though. @@ -1155,6 +1163,7 @@ Exports list on foobar: What Is It? + NIS Solaris HP-UX @@ -1218,8 +1227,8 @@ Exports list on foobar: - - + + @@ -1237,6 +1246,7 @@ Exports list on foobar: domainname does not have anything to do with DNS. + rpcbind @@ -1247,6 +1257,7 @@ Exports list on foobar: will be impossible to run an NIS server, or to act as an NIS client. + ypbind @@ -1259,6 +1270,7 @@ Exports list on foobar: on a client machine, it will not be able to access the NIS server. + ypserv Should only be running on NIS servers; this is @@ -1274,6 +1286,7 @@ Exports list on foobar: ypbind process on the client. + rpc.yppasswdd Another process that should only be running on @@ -1404,21 +1417,25 @@ Exports list on foobar: 10.0.0.2 NIS master + coltrane 10.0.0.3 NIS slave + basie 10.0.0.4 Faculty workstation + bird 10.0.0.5 Client machine + cli[1-11] @@ -1517,6 +1534,7 @@ Exports list on foobar: Setting Up a NIS Master Server + NIS server configuration @@ -1531,18 +1549,23 @@ Exports list on foobar: nisdomainname="test-domain" + This line will set the NIS domainname to test-domain upon network setup (e.g., after reboot). + nis_server_enable="YES" + This will tell FreeBSD to start up the NIS server processes when the networking is next brought up. + nis_yppasswdd_enable="YES" + This will enable the rpc.yppasswdd daemon which, as mentioned above, will allow users to change their NIS password from a client @@ -1570,6 +1593,7 @@ Exports list on foobar: Initializing the NIS Maps + NIS maps @@ -1661,6 +1685,7 @@ ellington has been setup as an YP master Setting up a NIS Slave Server + NIS slave server @@ -1785,9 +1810,11 @@ Don't forget to update map ypservers on another server. - Setting Up a NIS Client + Setting Up a NIS Client + + NIS client - configuration + configuration Setting up a FreeBSD machine to be a NIS client is fairly straightforward. @@ -2006,6 +2033,7 @@ basie&prompt.root; Using Netgroups + netgroups The method shown in the previous section works reasonably @@ -2097,6 +2125,7 @@ basie&prompt.root; employees are allowed to log onto these machines. + pride, greed, @@ -2106,6 +2135,7 @@ basie&prompt.root; department are allowed to login onto these machines. + one, two, three, four, @@ -2509,6 +2539,7 @@ nis_client_flags="-S NIS do Password Formats + NIS password formats @@ -2585,6 +2616,7 @@ nis_client_flags="-S NIS do What Is DHCP? + Dynamic Host Configuration Protocol DHCP @@ -2619,6 +2651,7 @@ nis_client_flags="-S NIS do How It Works + UDP When dhclient, the DHCP client, is executed on the client machine, it begins broadcasting @@ -2644,12 +2677,14 @@ nis_client_flags="-S NIS do dhclient. DHCP client support is provided within both the installer and the base system, obviating the need for detailed knowledge of network configurations on any - network that runs a DHCP server. - sysinstall - + network that runs a DHCP server. + + + sysinstall + - DHCP is supported by - sysinstall. When configuring a + DHCP is supported by + sysinstall. When configuring a network interface within sysinstall, the second question asked is: Do you want to try DHCP configuration of @@ -2745,132 +2780,135 @@ dhclient_flags="" role="package">net/isc-dhcp42-server port in the ports collection. This port contains the ISC DHCP server and documentation. - + - - Files - - DHCP - configuration files - - - - /etc/dhclient.conf - dhclient requires a configuration - file, /etc/dhclient.conf. Typically - the file contains only comments, the defaults being - reasonably sane. This configuration file is described by - the &man.dhclient.conf.5; - manual page. - + + Files - - /sbin/dhclient - dhclient is statically linked and - resides in /sbin. The - &man.dhclient.8; manual page gives more information about - dhclient. - + + DHCP + configuration files + + + + /etc/dhclient.conf + dhclient requires a configuration + file, /etc/dhclient.conf. + Typically the file contains only comments, the defaults + being reasonably sane. This configuration file is + described by the &man.dhclient.conf.5; manual + page. + - - /sbin/dhclient-script - dhclient-script is the - FreeBSD-specific DHCP client configuration script. It is - described in &man.dhclient-script.8;, but should not need - any user modification to function properly. - + + /sbin/dhclient + dhclient is statically linked and + resides in /sbin. The + &man.dhclient.8; manual page gives more information + about dhclient. + - - /var/db/dhclient.leases.interface - The DHCP client keeps a database of valid leases in - this file, which is written as a log. - &man.dhclient.leases.5; gives a slightly longer - description. - - - + + /sbin/dhclient-script + dhclient-script is the + FreeBSD-specific DHCP client configuration script. It + is described in &man.dhclient-script.8;, but should not + need any user modification to function properly. + - - Further Reading + + /var/db/dhclient.leases.interface + The DHCP client keeps a database of valid leases + in this file, which is written as a log. + &man.dhclient.leases.5; gives a slightly longer + description. + + + - The DHCP protocol is fully described in RFC - 2131. An informational resource has also been set up - at . - + + Further Reading - - Installing and Configuring a DHCP Server + The DHCP protocol is fully described in RFC + 2131. An informational resource has also been set + up at . + + + + Installing and Configuring a DHCP Server + + + What This Section Covers + + This section provides information on how to configure + a FreeBSD system to act as a DHCP server using the ISC + (Internet Systems Consortium) implementation of the DHCP + server. - - What This Section Covers + The server is not provided as part of FreeBSD, and so + you will need to install the net/isc-dhcp42-server port to + provide this service. See for + more information on using the Ports Collection. + - This section provides information on how to configure - a FreeBSD system to act as a DHCP server using the ISC - (Internet Systems Consortium) implementation of the DHCP - server. - - The server is not provided as part of FreeBSD, and so - you will need to install the net/isc-dhcp42-server port to - provide this service. See for - more information on using the Ports Collection. - + + DHCP Server Installation - - DHCP Server Installation - - DHCP - installation - - In order to configure your FreeBSD system as a DHCP - server, you will need to ensure that the &man.bpf.4; - device is compiled into your kernel. To do this, add - device bpf to your kernel - configuration file, and rebuild the kernel. For more - information about building kernels, see . - - The bpf device is already - part of the GENERIC kernel that is - supplied with FreeBSD, so you do not need to create a - custom kernel in order to get DHCP working. + + DHCP + installation + + In order to configure your FreeBSD system as a DHCP + server, you will need to ensure that the &man.bpf.4; + device is compiled into your kernel. To do this, add + device bpf to your kernel + configuration file, and rebuild the kernel. For more + information about building kernels, see . + + The bpf device is already + part of the GENERIC kernel that is + supplied with FreeBSD, so you do not need to create a + custom kernel in order to get DHCP working. - - Those who are particularly security conscious - should note that bpf is also - the device that allows packet sniffers to work - correctly (although such programs still need - privileged access). bpf - is required to use DHCP, but if - you are very sensitive about security, you probably - should not include bpf in - your kernel purely because you expect to use DHCP at - some point in the future. - + + Those who are particularly security conscious + should note that bpf is also + the device that allows packet sniffers to work + correctly (although such programs still need + privileged access). bpf + is required to use DHCP, but if + you are very sensitive about security, you probably + should not include bpf in + your kernel purely because you expect to use DHCP at + some point in the future. + - The next thing that you will need to do is edit the - sample dhcpd.conf which was installed - by the net/isc-dhcp42-server port. - By default, this will be - /usr/local/etc/dhcpd.conf.sample, and - you should copy this to - /usr/local/etc/dhcpd.conf before - proceeding to make changes. - + The next thing that you will need to do is edit the + sample dhcpd.conf which was installed + by the net/isc-dhcp42-server port. + By default, this will be + /usr/local/etc/dhcpd.conf.sample, and + you should copy this to + /usr/local/etc/dhcpd.conf before + proceeding to make changes. + - - Configuring the DHCP Server - - DHCP - dhcpd.conf - - dhcpd.conf is comprised of - declarations regarding subnets and hosts, and is perhaps - most easily explained using an example : + + Configuring the DHCP Server + + + DHCP + dhcpd.conf + + dhcpd.conf is comprised of + declarations regarding subnets and hosts, and is perhaps + most easily explained using an example : - option domain-name "example.com"; + option domain-name "example.com"; option domain-name-servers 192.168.4.100; option subnet-mask 255.255.255.0; @@ -2986,6 +3024,7 @@ dhcpd_ifaces="dc0" Files + DHCP configuration files @@ -3063,6 +3102,7 @@ dhcpd_ifaces="dc0" Overview + BIND &os; utilizes, by default, a version of BIND (Berkeley @@ -3272,6 +3312,7 @@ dhcpd_ifaces="dc0" How It Works + In &os;, the BIND daemon is called named. @@ -3725,6 +3766,7 @@ zone "1.168.192.in-addr.arpa" { Zone Files + BIND zone files @@ -3966,6 +4008,7 @@ mail IN A 192.168. Caching Name Server + BIND caching name server @@ -3979,24 +4022,25 @@ mail IN A 192.168. <acronym role="Domain Name Security Extensions">DNSSEC</acronym> + BIND DNS security extensions Domain Name System Security Extensions, or DNSSEC for - short, is a suite of specifications to protect resolving name - servers from forged DNS data, such as - spoofed DNS records. By using digital - signatures, a resolver can verify the integrity of the record. - Note that DNSSEC only - provides integrity via digitally signing the Resource - Records (RRs). It - provides neither confidentiality nor protection against false - end-user assumptions. This means that it cannot protect - against people going to DNSSEC + for short, is a suite of specifications to protect resolving + name servers from forged DNS data, such + as spoofed DNS records. By using digital + signatures, a resolver can verify the integrity of the + record. Note that DNSSEC + only provides integrity via digitally signing the Resource + Records (RRs). + It provides neither confidentiality nor protection against + false end-user assumptions. This means that it cannot + protect against people going to example.net instead of example.com. The only thing DNSSEC does is authenticate that the data @@ -4610,6 +4654,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key following commands: &prompt.root; /usr/local/etc/rc.d/apache22 configtest + &prompt.root; service apache22 configtest @@ -4626,6 +4671,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key mechanisms: &prompt.root; /usr/local/etc/rc.d/apache22 start + &prompt.root; service apache22 start The httpd service can be tested by @@ -5166,6 +5212,7 @@ DocumentRoot /www/someotherdomain.tld Samba: swat stream tcp nowait/400 root /usr/local/sbin/swat swat + As explained in , the inetd configuration must be reloaded after this configuration file is changed. @@ -5289,6 +5336,7 @@ DocumentRoot /www/someotherdomain.tld the following command: &prompt.root; smbpasswd -a username + The recommended backend is now tdbsam, and the following command @@ -5323,6 +5371,7 @@ DocumentRoot /www/someotherdomain.tld Or, for fine grain control: nmbd_enable="YES" + smbd_enable="YES" @@ -5339,8 +5388,8 @@ Starting SAMBA: removing stale tdbs : Starting nmbd. Starting smbd. - Please refer to for more - information about using rc scripts. + Please refer to for + more information about using rc scripts. Samba actually consists of three separate daemons. You should see that both the @@ -5445,6 +5494,7 @@ Starting smbd. Basic Configuration + ntpdate If you only wish to synchronize your clock when the