stelisBurgWork: I was thinking about asking for a section on admin-related stuff12:06
stelisDirectory services, the thin client stuff happening around edubuntu, etc.12:06
stelisThere seems to be a lot of interesting stuff happening or coming down the road:12:07
stelisHula, iFolder, Samba 4, Xen, Stateless12:08
stelisetc. etc.12:08
Burgworkstelis: the rules for the UWN is that anything you write about has to have happened int eh past week12:12
Burgworkthat being said a "this week in specs" would rock12:12
stelisI'll give it a shot12:13
stelisIs there a link on format, deadlines and so on12:13
BurgworkUbuntuWeeklyNews can give you the information12:15
stelisBurgWork: I'll have a think about how to boil the specs down into something digestible, and try to draft something tomorrow.12:22
Burgworkstelis: part of the issue is that you need to subscribe to every spec basically12:23
Burgworkthere is "RecentChanges" for specs12:24
Burgworkis no, rather12:25
stelisWhat I noticed that a lot are just stubs12:25
stelisAnd don't get developed12:25
stelisSo it's case of finding the ones that are actually live12:26
Burgworkthe best way is thus: take all the specs approved for mtv12:28
Burgworkas those need to have been approved by somebody12:29
Burgworkthen subscribe to the wiki pages associated with them12:29
stelisOK. I'll go through those tomorrow.12:31
wasabi_abartlet: I'm here.01:07
ajmitchhi wasabi_01:09
Burgworkany fedora experts here? I am tearing out my hair01:09
stelisBurgwork: semi-expert01:09
Burgworkwhere does gdm log auth attempts?01:09
wasabi_GDM doesn't.01:10
wasabi_pam does.01:10
wasabi_auth syslog facility.01:10
wasabi_Which is usually /var/log/auth01:10
Burgworknot on FC machines01:10
wasabi_sucky. ;)01:10
wasabi_Bet it still does auth facility.01:11
wasabi_dunno where that goes though01:11
Burgwork/var/log/secure lists ssh and xscreensaver attempts, but not gdm stuff01:11
nkinderBurgwork: It should list gdm as well.01:13
nkinderAt least it does on FC6.01:13
Burgworkheh, nope01:13
BurgworkFC4 all the way!01:13
Burgworkno, don't tell me to update. I can't01:13
Burgworkwell, I think it is time for FC4 to die01:14
nkinderI see gdm logging in there on FC5 too.  I don't have a FC4 box to check.01:14
Burgworklikely a 4 specific bug01:16
ajmitchok, should have a samba 3.0.23c package merged with debian changes tonight01:16
ajmitchhopefully it can be uploaded by UDS01:16
ajmitchI'll try & get to the others that we need as well01:18
Burgworkthe world now has one less fedora machine in it01:25
ajmitchand a kitten lives another day01:26
Burgworkno, 'cause I will probably be bored later tonight :)01:27
=== bmonty [n=bmontgom@ubuntu/member/bmonty] has joined #ubuntu-directory
=== abartlet_ [n=abartlet@dp.samba.org] has joined #ubuntu-directory
ajmitchwelcome, bmonty01:41
=== abartlet_ [n=abartlet@dp.samba.org] has joined #ubuntu-directory
=== Burgwork [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
=== stelis [n=se@82-71-4-26.dsl.in-addr.zen.co.uk] has left #ubuntu-directory []
wasabi_abartlet: Howdy.03:29
=== abartlet_ [n=abartlet@dp.samba.org] has joined #ubuntu-directory
=== nkassi_study [n=nkassi@wireless-dhcp226028.lib.fsu.edu] has joined #ubuntu-directory
nkassi_studyWhat is the name of the spec that emulates W SUS03:54
=== nkassi_study [n=nkassi@wireless-dhcp226028.lib.fsu.edu] has joined #ubuntu-directory
Burgworknkassi_study: update-server04:00
nkassi_studythank you04:01
Burgworknkassi_study: update-server doesn't cover configuration issues04:07
Burgworkthat is another ball of wax entirely04:07
nkassi_studywhy not ?04:08
nkassi_studyif you push down a package how is going to be configured ? Or is simply for updates not for new apps ?04:09
nkassi_studyis IT simply...04:09
Burgworkupdate server is exactly that04:09
Burgworka method of testing and approving updates04:09
nkassi_studyok, so where would push down new packages be ?04:10
Burgworka configuration server, not yet planned04:10
Burgworkall that sort of config stuff should be in some sort of centralized fashion04:10
nkassi_studyWould it not be smart to just extend the update server to serve this function also ?04:11
Burgworkno, because they are different things04:11
Burgworkconfiguration requires an agent on the client04:11
Burgworkall update-server will do will be to have the sources.list pointed at the update server04:11
Burgworkie: no new client04:12
nkassi_studyok. It makes sense. I will take out the comment.04:12
nkassi_ Not one post on planet ubuntu about UDS05:47
ajmitchget blogging!05:52
ajmitchnow which UDS do you mean? :)06:02
nkassi_UbuntuDirectory Project in general.06:04
nkassi_hehe, I can't write. That should be obvious by now.06:04
nkassi_Plus, I'm not one of the lucky folks who's blog are on planet ;-)06:05
ajmitchmost people in the wider ubuntu community refer to Ubuntu Developer Summit when talking about UDS06:05
ajmitchare you not a member yet?06:05
nkassi_ah true06:06
nkassi_Nope, never applied06:06
nkassi_I feel that becoming a ubuntu member requires some commitment ( at least I hope it does)06:07
ajmitchit does06:08
=== ajmitch should be committed
nkassi_My only Ubuntu clame to fame is being in the Ubuntu Below Zero picture ;-)06:09
ajmitchoh, you were there?06:15
nkassi_Yeah, I meet you but you will never remeber me. I was a local06:15
nkassi_a picture is available here ;-) : nickassis.net06:16
BurgworkI am in way to deep to be merely "committed" anymore06:21
Burgworknkassi_: I remember you06:22
nkassi_your entrenched :0)06:22
nkassi_True I was one of the other canadians ;-)06:22
Burgworkcritical part of the infrastructure? ajmitch is in a similar state06:22
nkassi_hehe. I noticed after I started reading the wiki and found your and his name everywhere06:23
nkassi_Is there a refcount somewhere ?06:23
Burgworkdon't know06:23
ajmitchBurgwork: sorry?06:23
Burgworkok, there has got to be a better solution to this06:24
ajmitchI'm by no means critical06:24
Burgworkubuntu requires users be part of several groups for permissions06:24
Burgworkhow to do I automate this on all the machines?06:24
ajmitchnkassi_: I think I vaguely remember you...06:24
ajmitchBurgwork: as I was talking about with someone today, nested groups would be nice06:24
nkassi_ajmitch; nice my networking skills are working06:24
BurgworkI need to write a script todo the adding06:25
nkassi_wouah.. Nested groups ?06:25
ajmitchI'll be back soon, walking home06:26
Burgworkok, I need to kickstart this06:32
tepsipakkiburgwork: use pam_group06:34
Burgworkbloody hell all this stuff is badly documented06:35
Burgworkhow does pam_group solve my "users on ldap need to be in local system group" issue?06:35
tepsipakkiI have in /etc/pam.d/gdm "auth optional pam_group.so" and then in /etc/security/group.conf is "gdm;*;*;Al0000-2400;floppy,audio,cdrom,plugdev,video"06:36
tepsipakkiworks fine06:36
wasabithat looks familiar.06:36
wasabiI filed a bug about that ages ago.06:36
Burgworktepsipakki: can you email that to my work addy, 'cause it is 10pm here06:37
tepsipakkiumm, userful.what?-)06:38
Burgworkhence why I want you to email me? :)06:38
Burgworkwhat about the giant warning at the top of group.conf?06:39
tepsipakkitrue, but is there an alternative?-)06:40
tepsipakkiif you add them to the group anyway06:40
wasabiThe giant warning is pretty clear. If you grant membership, it isn't INHERENTLY secure.06:41
wasabiDoesn't mean it isn't secure.06:41
wasabiGranting cdrom access to somebody who works hard enough to make a sgid binary doesn't seem like a real world risk to me.06:42
tepsipakkiI'd say its more secure to use pam_group than to grant access directly..06:42
wasabiAlso, these days, you can probably simply disallow a user to sgid anything.06:42
wasabiAnd be fine06:42
ajmitchhey tepsipakki06:43
wasabitepsipakki: I have a thread/bug report someplace about this.06:43
wasabiI'm trying to find it.06:43
tepsipakkithere was a thread on u-d in spring '05 :)06:43
abartlet_I prefer the RedHat approach (chown the devices)06:43
wasabiOn login?06:43
tepsipakkiabartlet: we used that before06:43
wasabiSorta screws up multiple logins.06:44
abartlet_yeah, you have to have one user at a time06:44
wasabiI don't think there's anythign wrong with the pam_group thing at all.06:44
abartlet_perhaps pam_group fixes that.  It's an itneresting approach06:44
Burgworkwhich doesn't work when you have multi users on the same machine06:44
wasabiHow would you unchown the items anyways?06:44
wasabion pam session close?06:44
tepsipakkion logout06:44
abartlet_you need a way to say that sgid to a particualr gid is invalid06:44
wasabiWhat use is sgid'd binaries these days anyways?06:44
abartlet_plenty of things06:45
abartlet_ particularly things that don't want to be setuid root any more06:45
wasabiYeah, but why should a USER be able to set that?06:45
wasabia !0 user06:45
wasabiThat to me seems like the problem.06:45
wasabiI like pam_group though, it's automatic, simple, effective, and works in the corner cases. I've been using it. :)06:46
wasabitepsipakki: Oh shit, that's you06:48
abartlet_wasabi: did nkinder get onto you about popping by Redhat?06:48
wasabiabartlet, Nope.06:48
tepsipakkiwasabi: correct :)06:48
wasabiI knew I took part in that!06:49
abartlet_ok, ping nkinder in CA work hours, and have a chat06:50
wasabiokay, will do.06:50
abartlet_wasabi: when are you in mountain view?06:50
wasabiAll next week.06:50
abartlet_they are down on Castro street, for reference06:50
abartlet_top floor, tallest building :-)06:51
wasabiOkay cool.06:51
wasabiLooks like I'll be landing at 2:15PM06:51
abartlet_and keen to have a chat06:51
Burgworktepsipakki: how many users do you have?>06:52
wasabiSearching for your own name on Google is really crazy sometimes.06:54
nkassi_Wow searching my name returns my website as number 1. I'm awesome ;-)06:56
nkassi_Anybody played with SSLBridge ?07:04
nkassi_the sambe web client ?07:04
Burgworkok, I think I am finally fracking done07:08
BurgworkI will see you gents all tomorrow07:08
tepsipakkiburgwork: well, active users maybe 1200007:14
tepsipakkiand over 21000 if you count them all07:19
tepsipakkiumm, actually only 4666 accounts are disabled, so that makes roughly 17000 active :)07:21
tepsipakkiand ~10% of them use our linux-workstations weekly (we have graphs to prove that :)07:22
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-directory
=== beazer [n=rob@60-234-170-95.bitstream.orcon.net.nz] has joined #ubuntu-directory
=== ubuntulog [i=ubuntulo@trider-g7.fabbione.net] has joined #ubuntu-directory
=== Topic for #ubuntu-directory: Welcome to #ubuntu-directory, where we talk about LDAP and directory services in Ubuntu | Plotting world domination | https://launchpad.net/people/ubuntu-directory | https://features.launchpad.net/people/ubuntu-directory/+specs | https://launchpad.net/people/ubuntu-directory/+packagebugs
=== Topic (#ubuntu-directory): set by Burgundavia at Sat Oct 21 03:29:53 2006
=== siretart [i=siretart@tauware.de] has joined #ubuntu-directory
=== robertj [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
=== Starting logfile irclogs/ubuntu-directory.log
=== ubuntulog [i=ubuntulo@ubuntu/bot/ubuntulog] has joined #ubuntu-directory
=== Topic for #ubuntu-directory: Welcome to #ubuntu-directory, where we talk about LDAP and directory services in Ubuntu | Plotting world domination | https://launchpad.net/people/ubuntu-directory | https://features.launchpad.net/people/ubuntu-directory/+specs | https://launchpad.net/people/ubuntu-directory/+packagebugs
=== Topic (#ubuntu-directory): set by Burgundavia at Sat Oct 21 03:29:53 2006
=== robertj [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
=== robertj [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
=== robertj [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
=== robertj [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
ajmitchBurgwork: so ogra doesn't seem so happy with progress so far07:29
Burgworkno, understandably07:29
Burgworkwe wants a solution that works, not more talk07:29
robertjuhoh, trouble in -directory land?07:31
ajmitchnot really07:32
ajmitchogra just needs something that works by feisty feature freeze07:33
ajmitchit's critical for edubuntu07:33
robertjajmitch: on the server end?07:37
Burgworkhe has a solution in mind, which none of us have ever heard of07:37
Burgworkcommon that certain markets have their own hacky stuff07:37
robertjBurgwork: got any info on that?07:38
Burgworksmbldap is the thing07:38
ajmitchbasically scripts to manage ldap+samba07:39
robertjajmitch: so samba doesn't use ldap as it's store?07:39
ajmitchsamba 3? no07:39
robertjI thought that was a backend option07:40
ajmitchnot by default07:40
ajmitchsure it's an option for it07:40
Burgworkfor 4 they have a custom ldap server07:40
ajmitchit's not integrated like with 407:40
ajmitchcustom ldap server because openldap Just Sucks07:40
robertjajmitch: so err...crappy directory now, better directory later?07:41
ajmitchguess so :)07:41
nkinderSamba4 will still have the option to use a differetn LDAP server as it's backend.07:41
ajmitchnkinder: I guessed it would07:42
ajmitchgood to know for sure though07:42
nkinderThe built-in one (ldb) will just be used by default.  The main reason is that AD does lot's of odd things which Samba4 needs to mimic.07:42
robertjwhy are there specific tools for managing samba ldap accounts?07:42
ajmitchsmbldap really isn't much of a directory07:42
ajmitchrobertj: because it's a hack07:42
robertjajmitch: Apple's OpenDirectory is a hack, but is only nominally sucky07:43
ajmitchmost things are hacks07:43
Burgworkajmitch: is that smbldap thing even an ldap server?07:44
ajmitchno, it's configuration & some scripts to manage it07:46
ajmitchthere's the entirety of it07:46
ajmitchassuming this is the same cvs, and not just some additional scripts07:47
robertjthe .tar.gz has some other utility scripts07:47
robertjfor bulk add, delete, backup configuration07:47
Burgworkare we certain we are looking at the same thing07:47
Burgworkthat is what ogra is talking about07:47
ajmitchyes, there is some definite overlap of files07:48
ajmitchthe tarball also has some pam config, slapd config, schema, etc07:48
ajmitchall perl07:48
ajmitchthe scripts, that is07:49
robertjso what are his requirements for edubuntu?07:49
robertjare they enumerated anywhere?07:49
ajmitchin all the specs07:51
robertj"Set up edubuntu LTSP servers and Workstations to automatically authenticate against a edubuntu auth server, via the right pam setup and possible avahi integration for server detection."07:54
robertjProperly integrate http://www.majen.net/smbldap/ which is used widely in k12LTSP setups for user and group management into edubuntu.07:55
robertjPackage and install http://edsadmin.sourceforge.net/ as maintenance tool for the above server setup.07:55
ajmitchso 5 of our specs are on the edubuntu wishlist07:56
ajmitchsome overlap with edubuntu-network-auth-{client,server}07:56
Burgworkeds is somewhat similar to lat and gq07:57
robertjI poked at it about a year back I think07:58
ajmitchwe don't really have much specced about user/group management07:58
nkinderHas the Ubuntu Directory Project decided on an LDAP server yet?08:00
=== tepsipakki [n=tjaalton@replicant.hut.fi] has joined #ubuntu-directory
=== SimonAnibal [n=sruiz@] has joined #ubuntu-directory
wasabi_nkinder: Hi. No. I suspect we won't for a long time.08:22
wasabi_Just my opinion though.08:22
nkinderwasabi_: So the project is at a very early stage then?08:22
wasabi_Very very. I have a big document which I'm working on, and a plan of execution.08:22
wasabi_But nobody except my business self to implement it.08:23
wasabi_nkinder: I'll be at UMV. abartlet said I should visit you.08:23
nkinderYes, he said that you'll be out here next week.08:23
wasabi_https://wiki.ubuntu.com/NetworkAuthentication/Client    My lengthydissertation.08:24
nkinderwasabi_:  Will you have some time to swing by and chat with a few of us?08:25
wasabi_I'll be rewriting a large portition of hte middle of that though, so it's not exactly accurate.08:25
wasabi_Yeah, I should.08:25
wasabi_Unsure how I'll actually get there though.08:25
nkinderWe are right by public transit (train and lightrail).08:26
wasabi_Have a phone number or something? =)08:26
ajmitchwasabi_: nobody, because we're all just chopped liver, right? ;)08:26
wasabi_ajmitch: Don't mean it that way. I just mean that, all of us have real lifes... and other priorities, and even then, client work to do.08:27
nkinderwasabi: 650.567.9039 x7922908:28
wasabi_Also I think the total number people of here who have expressed interest in whatever C work needs to be done (which is substantial IMO) is like 3. =)08:28
nkinderNobody likes to sign up for C work ;)08:28
wasabi_nkinder: What should I call you? :)08:29
=== ajmitch loves C!
robertjnkinder: who is "us"?08:29
ajmitchI just love it to death08:29
nkinderNathan (Red Hat).08:29
robertjso wasabi, ajmitch, who is the third person?08:29
nkinderI work on the Fedora Directory Server.08:29
robertjnkinder: the evil suits!08:29
ajmitchnkinder: ah, wonderful08:29
wasabi_robertj, good question. I may have overestimated. ;)08:30
ajmitchnkinder: how's the autotoolification of it going, so that it's a bit easier to build?08:30
nkinderBeen working on it for 6 years, well before it was the "Fedora" directory server.08:30
nkinderI jsut finished the autotools work08:30
nkinderHEAD has it all checked in.08:30
=== rowley [i=rowley@nat/redhat/x-a24338e59838b52e] has joined #ubuntu-directory
ajmitchso now I just need to try & get it building with system libraries, and attempt to get it packaged08:30
ajmitchno problem.. ;)08:30
nkinderSome of the components we depend on still need some build-system work, but we're working through it.08:31
nkinderWell, we split out the Administration Server portion, so a core directory server is buildable with much fewer dependencies.08:31
ajmitchthis might be manageable by feature freeze now08:32
wasabi_I still have yet to even look at FDS, mostly because it isn't easily accessible on Ubuntu right now.08:32
robertjnkinder: frontend tools being rewritten in XUL?08:32
wasabi_I have a lot of questions about it though.08:32
nkinderwasabi_: We're trying to resolve that.08:32
ajmitchalien doesn't really make things accessible for people wanting to use it08:33
nkinderThe autotools work is a huge part of that.08:33
ajmitchnkinder: we really appreciate work done on that08:33
nkinderrobertj:  Not yet, but that's been suggested.  XUL can do some pretty cool things.08:33
wasabi_Heck. I'd be satisfied with Java.08:33
wasabi_If ya just used java-gnome. ;008:33
wasabi_And worked on gcj.08:34
nkinderajmitch:  Thanks.  I'd like to know any problems you run into with it.08:34
nkinderwasabi_: Thats more than most people would say.  Most people want to get as far away from Java as possible.08:34
wasabi_Doesn't matter to me.08:35
wasabi_Language is a language is a language08:35
ajmitchwhat do most people prefer instead?08:35
wasabi_As a user, as long as it works.08:35
wasabi_And looks right, I don't care.08:35
robertjnkinder: that's true, but if your going to not be 100% native, there is alot of advantage in going web-based so that you could use it from <cring /> ie08:35
nkinderwasabi_: Once you know your availability when you're out here, send me an e-mail and let me know (nkinder<at>redhat.com).08:35
wasabi_I will.08:35
nkinderrobertj: Personally, I like the web-based approach.08:35
wasabi_I don't. =(08:35
wasabi_I like AD U&C MMC, so sue me. It's quick. Things open in new windows. It looks like the rest of hte OS.08:36
wasabi_There's value in that.08:36
nkinderWe've heard arguments for both sides (a fat-app and web-based).  I cetainly don't dislike the fat-app approach either.08:37
wasabi_I also find them easier to code.08:37
wasabi_Opening a new window, filling it with controls, doing proper text layout with accessibility? Super easy.08:38
wasabi_Web? Just try to open a new window on every browser. ;)08:38
nkinderPerhaps both a fat-app and a more-basic web-based administration tool.08:38
wasabi_A java-gnome Gtk, or python gtk, or c# gtk... whatever. All of those run on Windows just fine.08:38
robertjnkinder: I do Apple's Open Directory here and use phpldapadmin when I need a quick fix from home and the carbon app when I'm at my desk, works well08:38
nkinderrobertj:  You run OpenDirectory, or you work on it at Apple?08:39
robertjjust run it08:39
nkinderah, ok.08:39
ajmitchnkinder: you're in MV?08:42
nkinderajmitch: Yeah.08:43
wasabi_RH has a shop there.08:44
=== robertj_ [n=rcaskey@cai17.music.uga.edu] has joined #ubuntu-directory
ajmitchgreat, hopefully we can catch up08:44
wasabi_nkinder: Going to stop by UMV?08:44
robertj_ooh, unprovoked hard shutdown with nothing in the logs, joy08:45
nkinderwasabi_: I don't know that I'll be able to get away to head over there.08:46
nkinderAre there going to be discussions about the Ubuntu Directory Project going on there?08:47
ajmitcha few specs being discussed08:47
nkinderIs there a schedule?08:47
ajmitchnot yet08:47
ajmitchthat probably won't be there until we start, sadly08:47
nkinderI may be able to pop in, but I'm not sure at this point.08:50
nkinderI'd primarily be interested in the directory related discussions, so if I can fnid out when those are, that'd help.08:50
=== lophyte [n=dsulliva@Toronto-HSE-ppp3879941.sympatico.ca] has joined #ubuntu-directory
ajmitchnkinder: sure, once we find out I'll try & let you know09:12
=== gottreu [n=gottreu@martok.cc.LaTech.edu] has left #ubuntu-directory ["Ex-Chat"]
=== lophyte [n=dsulliva@bas5-toronto63-1096728749.dsl.bell.ca] has joined #ubuntu-directory
ajmitchso, http://www.novell.com/linux/microsoft/faq.html11:55
ajmitch"Microsoft and Novell will undertake work to make it easier for customers to manage mixed Windows and SUSE Linux Enterprise environments and to make it easier for customers to federate Microsoft Active Directory with Novell eDirectory."11:56
ajmitchthat's interesting to hear11:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!