[09:50] <A-Kaser> hello
[05:54] <AndreasBe> does anyone have experience using ldap with ubuntu?
[06:21] <Veselin> hi, can anyone help me with a rather tricky problem dealing with chroot?
[06:22] <Veselin> seems not to work on my setup (6.06 server i386, kernel 2.6.15-24)
[06:29] <Ries> AndreasBe: I have
[06:34] <AndreasBe> Ries: cool.
[06:35] <AndreasBe> Ries: i'm having issues with the 'admin' group. Users in this group (ldap-posix-group) cannot use sudo. any clues.
[06:39] <Ries> AndreasBe: I never used it actually for managing posix accounts..... 
[06:40] <Ries> AndreasBe: I would turn on ldap debugging and see what requests are send the LDAP... maby it doesn't return something correctly...
[06:40] <Ries> AndreasBe: I use LDAP for a SSO solution in a web application
[06:42] <AndreasBe> Ries: ah, ok. i have debugging activated. nothing to find there. The other "special" group like cdrom, floppy or audio work fine.
[06:44] <Ries> are the users really member of the group?
[06:49] <AndreasBe> Ries: yeah, 'groups' issued by a ldap-user returnes all groups properly.
[06:49] <Ries> what does sudo say?
[06:50] <AndreasBe> i suppose it could have something to do with the /etc/pam.d/* files.
[06:50] <AndreasBe> Ries: sudo asks for the password and then returns with nothing.
[06:52] <derekS> i have this in my fetchmail rc file 30 nicks (30)] 
[06:52] <derekS> blah
[06:52] <derekS> sorry
[06:52] <derekS>  mda "/usr/bin/procmail -d %s"  
[06:52] <derekS> -d specifies local user
[06:52] <derekS> does %s put it in?
[07:07] <Ries> AndreasBe: when sudo asks for a password... do you see any activity on LDAP after you entered it, and yes.... pam needs to be configured for that... I don't have a aclue if ubuntu well set that up for you.... You can use ldap-tools for that----I think....
[07:07] <Ries> AndreasBe: Last time I did that was on Debian with Samba
[07:07] <Ries> AndreasBe: Oo... and that was 3.5 years ago :)
[07:09] <AndreasBe> Ries: yeah, on samba its pretty nice to configure. I have edited a whole bunch of files in /etc/pam.d/ (as described in the LDAPClientAuthentication wiki article of the ubuntu wiki). There is a special file for sudo as well, but it just includes files. In the included files i have added the ldap-login to be sufficient.
[07:10] <AndreasBe> Ries: i suppose a reason could be the /etc/nsswitch.conf file. "compat" is looked for before "ldap" for groups. But changing this results in a known bug using gdm to login.
[07:12] <Ries> who cares about gdm :) Or are you making a thin client situattion?
[07:14] <AndreasBe> Ries: yes. i'm planning to use ubuntu in a multi-user environment. ~50 PC's and 200 users. shared homes via nfs and authentification via ldap. both clients and server using ubuntu.
[07:14] <AndreasBe> and yes. i need gdm ;)
[07:35] <Ries> AndreasBe: Ooo yes ic...
[07:37] <fryfrog> ah, spiffy
[07:37] <Spec> hmm, seems like a channel to me.
[07:37] <fryfrog> hi, i was interested in ubuntu as a server... anyone around?
[07:37] <Spec> oh, me, me, i'm around.
[07:37] <fryfrog> ahah
[07:38] <fryfrog> ever used ubuntu as server distro?
[07:38] <Spec> yes
[07:38] <fryfrog> how do you like it as a server os?  ever used other distros?
[07:38] <Spec> i like it well enough
[07:38] <fryfrog> i'm getting a bit tired of *gentoo* as my server
[07:39] <Spec> i've used a lot of distros
[07:39] <Spec> at work I use debian on our servers though
[07:39] <Spec> but if it were up to me, i'd use Ubuntu.
[07:39] <fryfrog> i like the idea of ubuntu cause i'd probably go with debian, if it wasn't so old
[07:39] <Spec> old is good
[07:39] <fryfrog> well, that is true
[07:39] <Spec> it depends on your environment
[07:39] <fryfrog> i'm not looking to setup microsoft.com or anything, so i prefer a little bit new but still stable
[07:40] <Spec> ubuntu is good then :)
[07:40] <fryfrog> debian testing/unstable, i think i'd be happy with
[07:40] <Spec> just do a minimal install though, you don't want X on a server
[07:40] <fryfrog> gentoo is just a little *too* unstable :)
[07:40] <fryfrog> i concur :)
[07:40] <Spec> i got tired of gentoo :p, i was running it for my home os though
[07:40] <fryfrog> you ever mess with chroot ssh jails, shared ftp/www, etc?
[07:40] <Ries> fryfrog: I use EL4 also... and ubuntu... ubuntu is stable... EL4 also ofcourse... however EL4 is horrible support for extra module... wich comes out of the box in ubuntu, for example EL4 doesn't even have php-mcrypt... you need to get it from some DAG repository
[07:40] <Spec> yes
[07:40] <Spec> EL4? like RH?
[07:41] <Ries> fryfrog: if you are planning on outting your server in a DC... then make sure your DC does support ubuntu... :)
[07:41] <fryfrog> Ries: EL = RH Enterprise Linux (/centos)?
[07:41] <Ries> Spec: EL4 like in RH enterprice....
[07:41] <fryfrog> ah, no datacenter.  just my computer room with a window ac unit :)
[07:41] <Spec> yeah, RHEL4 :), i hate it
[07:42] <fryfrog> i'm not so fond of the rpm distros, but thats just from old bad experience :)
[07:42] <Spec> and recent bad experience
[07:42] <Spec> :p
[07:42] <Ries> fryfrog: centos is not from RH... just something that looks liek RH... I think, I never used it..... I have a couple of clients that use EL4, and also on one of our prod servers... however I am not to happy with it
[07:42] <fryfrog> know of anyplace good to read about chroot ssh/ftp?
[07:42] <fryfrog> Ries: CentOS is RHEL clone
[07:42] <Spec> centos compiles RHEL rpms into a free version of RHEL
[07:42] <Spec> it's exactly like RHEL
[07:42] <fryfrog> yar
[07:42] <Ries> Spec: I hae up2date myself...... up2date doesn't hardly have any modules... and then you need to get it from some crapy repository
[07:42] <fryfrog> but it is teh free :)
[07:43] <Spec> chroot ssh/ftp ... hmm, there might be a page about that on the wiki
[07:43] <Spec> wiki.ubuntu.com
[07:43] <Spec> are you talking about UML type chroot?
[07:43] <Ries> I never used CentOS, why use that when you can have something like Debian... but thn updated?!?!?! :D
[07:43] <fryfrog> i guess the thing i'd really like to get done right is a proper shared web hosting environment (for my learning)
[07:44] <fryfrog> i *think* what i mean is having www/ftp/ssh access, like some hosts provide to their customers
[07:44] <fryfrog> i don't have any customers, but i like to learn how it is done :)
[07:44] <Ries> fryfrog: ubuntu server 6 works really great out of the box... 2 weeks ago I installed software raid on a server, on top of that LVM... and on top of that XFS... all out of the box during installartion....
[07:44] <Ries> fryfrog: Whule El4... only supports (Ithink) EXT3 which is to slow for my perpose....
[07:44] <fryfrog> nice
[07:45] <fryfrog> my gentoo box is giving my software raid5 grief at boot :(
[07:45] <fryfrog> and my network cards like to swap at reboot
[07:45] <fryfrog> its real fun when you reboot remotely :/
[07:46] <fryfrog> anyway, i think i will snag some spare hardware and see what its like
[07:46] <fryfrog> don't wanna just jump in and blow away my current server :)
[07:46] <Ries> fryfrog: hehehe... well that is a config issue I am afraid... then tell teh system which nic should go on what port (eth0 or eth1) all distros can have that issue... you properly have two exact same nics in the server
[07:46] <fryfrog> Ries: sort of :/
[07:47] <fryfrog> Ries: they are two totally different nics (an nforce and an nge2)
[07:47] <fryfrog> but they were ignoring module load order at boot :/
[07:47] <Ries> fryfrog: you can configure that.... However I like a distry that doesn't overwrite my own settings in /etc... as far as I can see ubuntu doesn't do that... like Debian..
[07:47] <fryfrog> fortunatly, i don't reboot much :)
[07:47] <fryfrog> Ries: i ended up just *not* compiling the module for the other nic
[07:48] <fryfrog> don't need two anyway
[07:48] <Ries> fryfrog: I have seen it... maby the chipset is the same?? I don't know... but you can configure the system for it..
[07:48] <fryfrog> and i have to specify my raid5 array on kernel boot :(
[07:48] <fryfrog> no, two totally different cards
[07:48] <Ries> odd... never seen that....
[07:48] <Ries> onkly with teh same nics...
[07:48] <fryfrog> i set it up to load one module before the other, but never could find a kernel param to force load order
[07:48] <Ries> ubuntu server let's you caonfigure software raid 1 and 5 out of the box....
[07:49] <fryfrog> i have the same problem with my 2 sata controllers, but it isn't a big deal
[07:49] <fryfrog> its weird
[07:49] <fryfrog> grub sees controller 1 first, and everything works
[07:49] <fryfrog> but once booted, controller 1 is "second" :)
[07:49] <Ries> sata is crap... hahahahha...althoug it perofrms nice a dev server (80MB/sec disk to disk)
[07:49] <Ries> on a prod server with a 3ware it's horrible slow...
[07:49] <fryfrog> sata > pata
[07:49] <fryfrog> oh?
[07:50] <fryfrog> i'm surprised, i've heard nothing but good things about 3ware
[07:50] <fryfrog> though, sata is no scsi of course!
[07:50] <fryfrog> i got the free ubuntu dvds :)
[07:50] <fryfrog> i wonder, does it have the "server" install?
[07:51] <fryfrog> option
[07:51] <fryfrog> anyway, thanks for the info
[07:54] <Spec> fryfrog: re networking cards swapping on boot: look into /etc/iftab
[10:08] <derekS> procmail pisses me off
[10:08] <derekS> anyone wanna help me with a "recipe"
[10:57] <uniq> what's your problem with it? 
[10:58] <uniq> I only use it for simple filters.. don't know how much i can help.. but anyway.
[11:45] <_j> hi
[11:45] <_j> how to enable masquerading or natting ? ive tried this(http://www.rafb.net/paste/results/t69pXZ63.html) but it doesnt work
[11:47] <Ries> _j: I would suggest install shorewall :)
[11:47] <Ries> _j: really... I use it for all my server and never did let me down... if you really want to use iptables then I cant help you... it's to cryptic for me