/srv/irclogs.ubuntu.com/2007/04/21/#ubuntu-server.txt

=== Malder [n=Yourmom@netblock-68-183-40-214.dslextreme.com] has joined #ubuntu-server
Malder	should I worry about how I partition my server as far as security is concerned? Most articles I've been reading about security are very brief about this topic...	12:19
theacolyte	a couple considerations	12:19
theacolyte	like if you'll be having people keep user directories, you may consider keeping them on a seperate drive/partition/filesystem	12:19
theacolyte	often times people do /boot and /root as well	12:19
Malder	like having a xxGB partion /home ? or are we talking about /usr	12:20
theacolyte	it depends	12:20
theacolyte	what is the box for	12:20
Malder	hehe	12:20
theacolyte	i was referring to /home though	12:20
Malder	ok	12:20
Malder	it serves a couple small website and also a file server for a small office	12:21
Malder	so it is not dedicated in either way and really can't be...	12:21
theacolyte	ah... it really wouldn't matter	12:21
theacolyte	although best practices would dictate you cared	12:21
theacolyte	I wouldn't though :)	12:21
theacolyte	is the web server public facing?	12:21
Malder	yes	12:22
theacolyte	ehhh	12:22
theacolyte	it's not necessary	12:22
theacolyte	you can though	12:22
Malder	It got cracked a couple days ago and I'm starting from scratch with 7.04	12:22
theacolyte	permissions takes care of the majority of issues	12:22
theacolyte	cracked? how?	12:22
theacolyte	what?	12:22
theacolyte	hgehe	12:22
Malder	my best guess is brute force (weak password... I was lazy)	12:23
theacolyte	that'll do it every time	12:23
Malder	there were multiple accepted logins from a Bulgarian IP address through ssh	12:23
Malder	;(	12:23
Malder	got a few thousand error messages from postfix saying that xyz domain is bad or some such... not from anytthing I did...	12:24
theacolyte	how do you know you were hacked?	12:25
Malder	admin password didn't work. Looked at auth.log and it was growing by about 10x each day....	12:25
Malder	so you would advise to just go with basically one big partition and then just lock everything down with file permissions? Don't worry about trying to mess with boot options for security...?	12:27
Malder	and obviously strong passwords...	12:27
Burgwork	don't activate your root account	12:29
Burgwork	there is a nifty iptables script I saw to prevent brute forcing of ssh via looking at multiple connections	12:29
Malder	I think I am going to go with fail2ban for that... pretty neat little package...	12:30
Malder	I didn't have any root account active, but still did no good. Everything was done through sudo	12:30
Malder	I didn't turn off root login for ssh, but didn't think that would matter since there was essentially no root user... right?	12:31
Nafallo	do you need to permit password login?	12:31
Nafallo	I just use public key	12:31
Malder	I'm not sure. I would like to look into just using keys.. is that what you're thinking?	12:31
Nafallo	yea	12:31
Nafallo	I've turned off all other ways of logging in.	12:32
Nafallo	that and serial cable :-)	12:32
Malder	do you have a reference article on that? When are passwords necessary? I've never used keys...	12:32
Malder	hehe	12:32
Nafallo	I never uses passwords anymore. I think there is something on help.ubuntu.com/community about that.	12:32
Malder	I do have physical access so I can do that too... always nice	12:32
Nafallo	or rather. I use passwords for sudo :-)	12:33
Malder	right, but that's after login to SSH with your key, right?	12:33
Nafallo	yes	12:33
Malder	Sounds good to me	12:34
Malder	ok. Off to partition. Thanks for the help.	12:34
Nafallo	no problem :-)	12:34
theacolyte	sorry about that Malder, had to go AFK	12:55
theacolyte	you may try also installing rkhunter, apf, and bfd	12:56
theacolyte	i've used them before, and they work great for brute force attacks	12:56
theacolyte	http://www.rfxnetworks.com/proj.php	12:56
Nafallo	I hope you meant against :-)	12:57
theacolyte	hehe	12:57
theacolyte	maybe!	12:58
=== defendguin [n=supertux@cpe-72-181-7-135.houston.res.rr.com] has joined #ubuntu-server
defendguin	i'm trying to install feisty server and it's telling me it can't mount my cdrom drive	12:59
defendguin	obviously its able to read the cdrom or it wouldn't have booted	12:59
theacolyte	what kind of controller is the cdrom attached to?	01:00
defendguin	ide	01:00
theacolyte	mobo?	01:00
defendguin	yeah right to the motherboard	01:01
defendguin	nothing very special about the box no odd hardware	01:01
theacolyte	well, if feisty isn't finding the cdrom when you load up the installer, 100% of the time it's because your controller isn't supported through normal channels	01:02
theacolyte	what motherboard?	01:02
defendguin	i couldn't tell you off hand	01:02
theacolyte	ah	01:02
defendguin	it was supported when i installed edgy desktop	01:03
theacolyte	a good example of it would be my jmicron controller is hated by 99% of the distros out there	01:03
defendguin	does server edition support less hardware than desktop?	01:04
Burgwork	no	01:04
defendguin	besides wireless card	01:05
defendguin	hmmm i wonder why it had no problem with edgy	01:06
theacolyte	distros change	01:06
theacolyte	but without knowing the specific hardware, there's no way of knowing for sure	01:06
defendguin	well i can just boot up without the CD and let you know what hal says	01:07
Burgwork	that is why big orgs keep testing hardware around	01:09
defendguin	what item am i looking at in the device manager	01:10
defendguin	?	01:10
defendguin	says intel brookdale chipset	01:11
Burgwork	if it is wireless, do you need the firemaer	01:11
defendguin	no wireless on this computer	01:12
theacolyte	defendguin: what's under either RAID controller or IDE/ATA/ATAPI controllers?	01:12
defendguin	intel 82801BA ide U100	01:12
theacolyte	that it?	01:13
defendguin	oem vendor HP	01:13
defendguin	pci_8086_244b	01:14
=== foo [n=foo@unaffiliated/foo] has joined #ubuntu-server
defendguin	i'm just poking through what the hal device manager says is there a specific field you would like to know about?	01:17
theacolyte	no just the device names under ide controller, i'm just a little slammed right now	01:18
defendguin	maybe i could just do a dist upgrade	01:19
theacolyte	you could	01:19
defendguin	nah i like fresh installs	01:19
defendguin	how could the installer even get started if the cdrom isn't supported	01:21
=== mipe [n=05049bb3@gate-so-1.actebis.com] has left #ubuntu-server []
defendguin	i guess i could rip the CD to an iso on this machine and mount the iso and do a net install?	01:22
theacolyte	well	01:26
theacolyte	it will boot because your BIOS takes care of that	01:26
theacolyte	to actually copy files from the cd to your hard drive, it needs a driver to mount it	01:27
theacolyte	not quite the best explanation of it, but like I said, i'm slammed	01:27
defendguin	i understand	01:28
=== Atlas95 [n=Atlas@84.5.54.145] has joined #ubuntu-server
Atlas95	hello	02:38
Atlas95	anybody here pleasE?	02:38
Atlas95	i have a big problem	02:38
Atlas95	i follow perfect setup guide	02:38
Atlas95	and i have this error when i try to install some packages:	02:39
Atlas95	E: Le sous-processus /usr/sbin/dpkg-preconfigure --apt \|\| true a renvoy un code d'erreur (100)	02:39
=== ToonArmy [n=chris@88-105-163-143.dynamic.dsl.as9105.com] has joined #ubuntu-server
=== dj-fu [i=aj@unaffiliated/dj-fu] has joined #ubuntu-server
=== sahafeez [n=sahafeez@ip68-6-223-156.sd.sd.cox.net] has joined #ubuntu-server
sahafeez	is the only diff between desktop and server what is installed by default?	06:15
Burgundavia	sahafeez: the default kernel is slightly different	07:08
sahafeez	can you install desktop and then apt-get the server kernel	07:08
Burgundavia	yes	07:12
sahafeez	i take it that the desktop installs tons of stuff and it is better to just do server and then install a gui if you need it.	07:23
Kamping_Kaiser	desktop installs a desktop. if its not going to be a desktop, its probably a bad choice of intall	07:23
Kamping_Kaiser	*install	07:23
sahafeez	i am replacing a w2k3 server at work and have tried sles, rhel. i think i am settling on ubuntu	07:24
sahafeez	i need to have ldap+samba+postfix+cryusimap+postgress+opengroupware	07:24
sahafeez	and everything needs to auth on ldap	07:24
=== dj-fu [i=aj@aj.noc.maxnet.co.nz] has joined #ubuntu-server
Kamping_Kaiser	i havent tried setting up those services, so i cant comment. ldap+samba+postfix+postgres are in the repos, not sure about the other two you meantion	07:26
Burgundavia	install the server, then install what you need	07:26
sahafeez	ok, thanks.	07:29
Burgundavia	then you can absolutely control what is on the server	07:29
Burgundavia	desktop will leave you with all kinds of stuff you don't need	07:30
Burgundavia	I would also spread out those services across multiple servers	07:30
Burgundavia	ldap+samba on one, mail on the other	07:31
sahafeez	it is for 10 people.	07:32
Burgundavia	still worth it	07:33
Burgundavia	hardware is cheap	07:33
sahafeez	one box with 2gb of ram, 3ware raid5 and core 2 is easier	07:33
Burgundavia	then kvm it up	07:33
sahafeez	trying to cut down on the support.	07:33
sahafeez	have another box running slack + asterisk pbx	07:34
Burgundavia	ahh	07:34
sahafeez	have openbsd box for vpn/firewall	07:34
Burgundavia	I would have a common platform	07:34
sahafeez	and the w2k3 sbs file+exchange. guess which box gives me issues?	07:35
Burgundavia	except asterisk is not in main	07:35
sahafeez	going to move the asterisk box to whatever disto i put on the file server. so ubuntu if it works out.	07:35
sahafeez	i will do asterisk from source	07:35
Burgundavia	hmm, I distrust source	07:36
Burgundavia	security updates are a headache	07:36
sahafeez	naw, asterisk is simple.	07:36
Burgundavia	setting it up is a royal pain	07:37
Burgundavia	and debugging is a bigger one	07:37
sahafeez	took me forever the 1st time.	07:37
sahafeez	after that it got simple. just had to learn it	07:38
Burgundavia	we have a lot of moving pieces, with two offices	07:38
sahafeez	server installs compile tools by default or no?	07:38
Burgundavia	no	07:38
Burgundavia	server installs enough to run the hardware and login	07:38
Burgundavia	that is it. No open ports, no running services, nothing	07:38
sahafeez	2 offices, one east one west, openbsd vpn. 3 houses with vpn and remote phones. all ip phones. just works	07:39
sahafeez	very openbsd like	07:39
sahafeez	i am a bsd person. i am forced onto linux by hardware/or software that i need.	07:39
Burgundavia	ahh	07:39
Burgundavia	personally, I like having a common server platform	07:42
Burgundavia	having 3 distros like that means 3 times as much security	07:42
sahafeez	settled on opengroupware for the exchange replacement so i need to run it on linux for the most part. it runs on bsd, etc but its a pain to setup and i need the blackberry push stuff	07:42
sahafeez	i would run every thing on solaris if i could or openbsd. those would be my main choices	07:43
sahafeez	i would do gentoo for linux however i need something a bit simpler because others may have to touch it. i started looking at SLES and RHEL because of that.	07:44
sahafeez	RHEL sucks	07:44
=== volvoguy [n=volvoguy@c-68-60-52-220.hsd1.mi.comcast.net] has joined #ubuntu-server
volvoguy	can i ask you guys a support question or is this just a dev channel?	07:44
sahafeez	and SLES is very very good cept the updated make the system unbootable as the hardware is too new and i do not feel like figuring it out	07:45
Burgundavia	volvoguy: both	07:45
volvoguy	woohoo!	07:45
Burgundavia	I have heard good things about SLES	07:45
sahafeez	very clean and polished. comes out of the box with samba+ldap setup correct. YAST is a great tool.	07:45
volvoguy	i'd like to upgrade my breezy server to at least edgy, if not feisty. the support pages recommend not using apt-get for this, but i don't exactly have "update-manager" which they DO recommed. is there a safe way to use non-gui tool?	07:46
Burgundavia	some of the integration stuff is better in SLES/RHEL	07:46
Burgundavia	volvoguy: release cycle was breezy --> dapper --> edgy	07:46
Burgundavia	I would keep servers on dapper, as it is supported longer	07:47
Burgundavia	sadly, there is no tool yet	07:47
volvoguy	oh, i'm sorry. i meant I'm on dapper, not breezy.	07:47
Burgundavia	ahh	07:47
Burgundavia	if you update past dapper, you will have to update a lot	07:47
Burgundavia	just to be aware	07:47
volvoguy	that's what i want to avoid though - having to upgrade through many releases.	07:47
Burgundavia	then you should stay on dapper until the next LTS	07:48
Burgundavia	in april 2008	07:48
Burgundavia	I am a very conservative person when it comes to my servers, however	07:48
volvoguy	and not bother with performance/feature updates until then?	07:48
Burgundavia	less headaches > a bit of performance	07:49
volvoguy	Burgundavia, yeah - i can understand that. this is a simple file server and part-time web-dev server. it doesn't do much.	07:49
Burgundavia	backup your data and do the edgy update manually	07:49
Burgundavia	then use the edgy --> feisty update	07:50
volvoguy	Burgundavia, so you'll do a clean install for every LTS release?	07:50
sahafeez	i would love to see zfs ported to linux. that would be the best of all worlds, well zfs and pf	07:50
Burgundavia	no, LTS --> LTS supported	07:50
volvoguy	right.	07:50
Burgundavia	thus 6.06 will update to 8.04	07:50
volvoguy	and will do so with less complication?	07:50
Burgundavia	or you can do 6.06 --> 6.10 --> 7.04 --> 7.10	07:51
ajmitch	(assuming that 8.04 is LTS, and that significant work is put in to support upgrades)	07:51
Burgundavia	ajmitch: the latter is assumed. Canonical has large paying customers that will demand it	07:51
Burgundavia	and what better way to test an update tool than on the community, no?	07:51
ajmitch	what I mean is that many packages will need to be checked & modified for upgrades	07:52
volvoguy	ajmitch, that was my concern. it seemed to me that smaller updates made more sense, but if canonical is going to try to make a smooth upgrade path to 8.04 - i'll wait for that.	07:52
ajmitch	little things like directories moving around, symlinks, handling corner cases in maintainer scripts	07:52
ajmitch	it'll take a bit of work, but I'd say that it's expected	07:52
volvoguy	ok. cool. :)	07:52
Burgundavia	the cool stuff is on the desktop anyway	07:53
ajmitch	the next LTS release would probably end up with less cool new stuff, and more time spent polishing	07:53
volvoguy	yeah. feisty looks great.	07:53
ajmitch	Burgundavia: pfft, server is getting cool stuff :)	07:53
sahafeez	the fact that i can buy support is the reason i am looking at ubuntu	07:53
Burgundavia	so I keep my laptop running the absolutely latest and my servers and work desktops running the LTS	07:53
volvoguy	my "production" server is a virtual ubuntu server at unixshell. hopefully their xen system will be upgradable to 8.04 easily too. :)	07:55
volvoguy	they're probably one of those paying customers though - so they'll be one demanding it. hehe.	07:56
volvoguy	well, thanks for the quick updates guys. i'm not involved and online anymore as much as i'd like to be, but i know i can always turn to you for help! talk to you later.	07:57
Burgundavia	cya	07:57
sahafeez	what is with the delay in the partitioning when doing anything - switching between stuff, lvm, etc.	08:13
Burgundavia	on the installer?	08:13
sahafeez	yes	08:13
Burgundavia	no idea	08:13
sahafeez	it could tell you something you know.	08:13
fabbione	sahafeez: known issue	08:13
fabbione	it was in the release notes.. there is a bug linked from there	08:14
fabbione	it's only annoying but it doesn't affect final installation or functionality	08:14
sahafeez	no, but it makes the install take, oh, 2 hours longer ;)	08:14
fabbione	i know.. it adds 3 minutes wait on each lv you create	08:15
fabbione	there is really nothing we could do to fix it when i first found out of the problem	08:15
fabbione	it was too late in the release process :(	08:15
sahafeez	oh well. just happy it is not just me	08:15
fabbione	it's a good excuse for a cup of coffee	08:15
=== sahafeez thinks i should read this release note things
fabbione	the bug is generic..	08:16
=== sahafeez has a beer
fabbione	that'd work too :)	08:16
sahafeez	this is my 1st install of ubuntu. i was having debian flash backs.	08:16
=== sahafeez hates debian
sahafeez	still waiting ....	08:18
fabbione	sahafeez: as i said... 3 minutes for each lv you created	08:19
=== fabbione goes back to bed
sahafeez	well i am on 6 mins now and all i am trying to do is active an existing lvm setup	08:20
fabbione	sahafeez: read the bug or you will keep waiting and asking herre	08:20
fabbione	here even	08:20
sahafeez	yes, i am reading now..	08:20
=== fabbione &
sahafeez	since i have the time and all.	08:21
sahafeez	between this and the broken ide on my sparc copying files....	08:22
sahafeez	:)	08:22
=== foxiness [n=nayif@unaffiliated/foxiness] has joined #ubuntu-server
sahafeez	i am kinda wondering why your servers got so hammered, being large network scaling guy	08:24
Burgundavia	lots and lots of people	08:27
Burgundavia	we did better than suse and fedora last releas	08:27
Burgundavia	they went off the air	08:27
sahafeez	yah, but it is so simple to fix	08:27
maswan	sahafeez: well, it depends, if you can answer me why suddenly there were thousands of CLOSE_WAITs on my mirrors, filling up all the apache slots?	08:27
maswan	with 0 bytes in send-q too	08:28
sahafeez	nice.	08:28
sahafeez	how many servers	08:28
maswan	for my mirror? 6	08:28
=== sahafeez is still trying to find a server that will let me look at the release notes
maswan	(i'm se.releases.ubuntu.com)	08:28
sahafeez	how does your SLB work?	08:29
Burgundavia	maswan: you guys are the big ones, no?	08:29
maswan	what's slb? :)	08:29
sahafeez	ah, server load balancers	08:29
maswan	Burgundavia: we peaked at 3.8Gbit/s, so yeah.	08:29
maswan	ah, large requests (.isos etc) get http-redirected to one of the frontends depending on hash (so that one iso always ends up on the same backend, to keep cache locality)	08:30
sahafeez	was it a load issue or an apache bug issue. 3.8 is not alot	08:30
maswan	sahafeez: don't know, afaik they blame eachother	08:30
maswan	or go "huh?" when reported	08:31
sahafeez	what box is doing that? a linux box or switch hardware	08:31
maswan	the frontend[s] that's in dns, they have to handle the small files (deb:s etc that can't be http-redirected), and also ftp&rsync	08:31
maswan	individual isos that have more demand than one frontend can satisfy, we manually identify and spread out on more frontends	08:32
maswan	it actually works really well, except when we get that CLOSE_WAIT issue	08:32
sahafeez	was the traffic balanced over the servers - after action - looking that the mrtg or whatever you use	08:33
maswan	http://www.acc.umu.se/technical/statistics/ftp/monitordata/index.html.en	08:33
sahafeez	rrdtool	08:33
maswan	so, not very well balanced, but then the servers are not equal either	08:34
maswan	well enough balanced after 21:00 local time yesterday though	08:34
sahafeez	question, and this is because i am not a linux guy, using ext3 on a lvm for a postgress db. any mount options i should look at	08:34
sahafeez	ok. it would be interesting to see the network drawing.	08:34
sahafeez	i love this kind of stuff.	08:35
sahafeez	setup a network that took a 10gb/s DoS once and kept working	08:35
maswan	well, remember, this is just my mirror at the academic computer club at umea university	08:35
maswan	we're depending on what hardware gets donated to us, and whatever bandwidth the university feel like giving us	08:36
sahafeez	ok.	08:36
maswan	the canoncial setup (main servers) is not public, AFAIK	08:36
sahafeez	no big. i am a nut about network design.	08:36
maswan	so in short, out of those machines orion,vega,napoleon are on a separate 2Gbit/s network [borrowed machines from the hpc center at the uni] , the rest share a 2Gbit/s uplink too.	08:37
maswan	then it ends up roughly like this: http://www.umdac.umu.se/netmaster/net/Campusnetpresentationumu.jpg	08:38
maswan	and then: http://stats.sunet.se/stat-q/load-map/optosunet-kunder,,traffic,peak	08:38
maswan	and sorry, can't think of anything for your mount options question	08:39
sahafeez	no prob	08:39
sahafeez	interesting. it looks abit over complex for my taste...the network	08:40
maswan	the campus one or the optosunet?	08:40
sahafeez	the 2nd one.	08:42
sahafeez	the campus - those are routed or layer2 links	08:42
sahafeez	between the cisco switches	08:42
maswan	sahafeez: remmeber that on the second one, all those names are different universities accross sweden that requires redundant paths	08:43
maswan	the campus one shows the routers on campus, not all the dumb switches	08:44
sahafeez	based on as the cable runs and build out time no doubt vs what would be logical	08:44
sahafeez	ok, so you are using the 65xx as swtich/routers to distribute	08:45
sahafeez	6509 is a switch cisco just added a router card as an after thought	08:45
maswan	yeah, that's my understanding of it. the next-gen campus network is in next year or so	08:45
=== loVolt [n=rick@s216-232-87-188.bc.hsia.telus.net] has joined #ubuntu-server
maswan	well, there aren't very big routing decisions that needs to be made within campus	08:46
sahafeez	whatever you do do not fill them with gige ports and run them flat out. it will crash ;)	08:46
maswan	:)	08:46
loVolt	mind if I pose a fiesty/samba question ?	08:46
sahafeez	as i am trying to setup samba myself sure	08:46
maswan	loVolt: go ahead, don't be surprised if noone is around to answer	08:46
loVolt	thx , I give it a try	08:46
loVolt	walking though any number of howto's	08:47
maswan	sahafeez: actually, the optosunet one is based on the returns of a single tender for dark fiber across sweden	08:47
loVolt	I can get everything cept' getent passwd/group to work	08:47
loVolt	like nssswitch is ignored	08:47
loVolt	like bank in 2000/2001	08:48
loVolt	er bank/back	08:48
loVolt	wbinfo and others work fine	08:48
maswan	sahafeez: and the weirdness comes from requiring a "red" and a "green" network connection to all sites, and there not being enough fiber in the ground to make the most logical extension to all sites	08:48
loVolt	is there a ubuntu-samba chan?	08:48
ajmitch	loVolt: 'winbind enum users = true' in smb.conf	08:49
ajmitch	that allows enumeration of users with getent	08:49
ajmitch	it should be able to resolve normally anyway	08:49
maswan	sahafeez: http://basun.sunet.se/karta/opto2.gif a bit more geographical	08:49
loVolt	yes	08:49
sahafeez	ah, makes sense.	08:49
sahafeez	maswan thanks for sharing the info. i love looking at this stuff	08:50
loVolt	getent only show local pass/groups	08:50
loVolt	shot in the dark	08:51
maswan	sahafeez: btw, sthml is clickable on the optosunet map and you can get to nordunet that way too	08:51
ajmitch	and you restarted winbind after changing that option?	08:51
loVolt	I ran cvs and samba4 last night on fiesty ...semms to go well	08:51
sahafeez	looking..	08:51
loVolt	ajmitch, rebooted even	08:51
ajmitch	loVolt: sorry, it's 'winbind enum users = yes'	08:52
ajmitch	and the corresponding one for groups	08:52
loVolt	ajmitch, yeah users and groups	08:52
ajmitch	getting users/groups off an AD server?	08:52
loVolt	yeah	08:52
ajmitch	security=ads, and realm is set?	08:52
loVolt	yeup	08:53
maswan	sahafeez: everything goes into the a[123] sth routers, using virtual routers in those junipers, AIUI	08:53
ajmitch	wbinfo -u returns the right info?	08:53
loVolt	yes	08:53
loVolt	wbinfo -g as well	08:53
sahafeez	junipers are the best routers right now so that is good.	08:53
ajmitch	loVolt: you could increase the debug output on winbindd	08:54
loVolt	checking	08:54
ajmitch	in /etc/default/winbind	08:54
=== ajmitch recently had issues with this, and it just took the smb.conf options for getent to work properly
loVolt	log level = 3 in defaults/winbind do ?	08:56
sahafeez	what is the deal with using a custom kernel on ubuntu. no issues?	08:56
loVolt	sahafeez, haven't found any issues	08:57
loVolt	lots of apt-getting :)	08:57
sahafeez	ok, cool.	08:57
sahafeez	i want to mount an mac hfs drive ;)	08:57
loVolt	don't forget autoconf if you want other pcakacges	08:58
ajmitch	loVolt: no, I'd put "-d 3 -n" in WINBINDD_OPTS	08:58
loVolt	k	08:58
loVolt	heh screaming about invalid option :)	08:58
loVolt	fixing	08:58
=== sahafeez is new to ubuntu and is trying to get my head around it. used to gentoo for linux
loVolt	I've got two boxes , one fiesty dns only no devl tools and 2nd is fiesty dns with devl / samba4	09:00
loVolt	darned is samba4 didn't "just work"	09:00
=== loVolt shivvered
loVolt	k' started again , lets tail the chaos	09:01
loVolt	cool idmap went boom	09:03
loVolt	fatal error uid range full	09:03
ajmitch	wonderful	09:03
loVolt	max 200000	09:04
loVolt	lets up that a bit	09:04
ajmitch	enum users/groups may not be a good thing if you have that many :)	09:05
loVolt	I don't	09:05
loVolt	about 150 not inc a/d spare parts	09:05
loVolt	doubled it and rebooting	09:05
loVolt	load average: 5.64, 5.71, 5.64	09:06
loVolt	different box	09:06
loVolt	:)	09:06
loVolt	wierdness	09:08
loVolt	still says full , could not lookup domain user luser	09:09
loVolt	wonder if I lower the level	09:10
loVolt	trying 2000-10000	09:12
loVolt	same	09:15
loVolt	I need coffee to live	09:15
=== sahafeez [n=sahafeez@ip68-6-223-156.sd.sd.cox.net] has joined #ubuntu-server
sahafeez	silly question. how do i see what to install when i do not know the package name. i want to install sshd	09:39
lionel	sahafeez: for ssh the package name is openssh-server	09:41
lionel	in general, you use apt-cache search for package search	09:41
sahafeez	ok. i need to read about apt as it is new to me.	09:41
sahafeez	thanks	09:41
loVolt	gnite	09:52
=== DisabledDuck [n=duck@c-24-129-213-76.hsd1.fl.comcast.net] has joined #Ubuntu-Server
=== ivoks [n=ivoks@4-39.dsl.iskon.hr] has joined #ubuntu-server
=== dj-fu [i=aj@home.junglist.gen.nz] has joined #ubuntu-server
=== jsgotangco [n=jsg123@ubuntu/member/jsgotangco] has joined #ubuntu-server
=== ivoks [n=ivoks@37-230.dsl.iskon.hr] has joined #ubuntu-server
foxiness	hi, am on step of create " Virtual Server Scenario " url: https://help.ubuntu.com/community/RubyOnRails? , on this line sudo nano /etc/apache2/sites-available/<servername> , <servername> = ??? its not clear to me if i need to <domain.net> or domin.net or domaindotnet	12:11
ivoks	it is irrelevant	12:17
ivoks	you can put there 000-mambo-jambo	12:17
ivoks	content of that file is important	12:18
foxiness	k,now it clear thanks i need now to figure out ,next step port 80	12:26
ivoks	heh	12:27
ivoks	first time configuring apache?	12:27
foxiness	:) yes	12:28
ivoks	grab a book or something :D	12:28
foxiness	host@home	12:28
foxiness	book? or something? , like what ?	12:29
ivoks	howtos, tutorials, etc..	12:29
ivoks	i have two apache books, both are over 300 pages :)	12:29
ivoks	and these are small apache books	12:30
ivoks	bbl; bye	12:30
=== \|\|arifaX [n=\|\|arifaX@pd9e78468.dip0.t-ipconnect.de] has joined #ubuntu-server
=== ra1nb0w [n=davide@213-156-55-129.fastres.net] has joined #ubuntu-server
=== \|\|arifaX_ [n=\|\|arifaX@pD9E78468.dip0.t-ipconnect.de] has joined #ubuntu-server
=== ra1nb0w [n=davide@213-156-55-129.fastres.net] has joined #ubuntu-server
=== vciaglia [n=vciaglia@host53-17-dynamic.11-87-r.retail.telecomitalia.it] has joined #ubuntu-server
=== ivoks [n=ivoks@4-147.dsl.iskon.hr] has joined #ubuntu-server
=== ToonArmy [n=chris@88-105-163-143.dynamic.dsl.as9105.com] has joined #ubuntu-server
=== jsgotangco [n=jsg123@ubuntu/member/jsgotangco] has joined #ubuntu-server
=== soothsay [n=soothsay@bas5-montreal02-1096554204.dsl.bell.ca] has joined #ubuntu-server
=== sahafeez [n=sahafeez@ip68-6-223-156.sd.sd.cox.net] has joined #ubuntu-server
foo	Hm, what's your mta of preference? exim? postfix? hopefully not sendmail.	09:03
Nafallo	postficx	09:04
Nafallo	postfix	09:04
sahafeez	telnet mail 25	09:04
sahafeez	;)	09:04
foo	Nafallo: What's your reasoning? Have you used exim? Someone recently told me to check out ensim, I'm a postfix fan too	09:05
Nafallo	foo: it's built with security in mind and is extendible into infinity. also it's what are recommended from the distroteam.	09:07
foo	Nafallo: Hm, ok, then I think I'll just stick with that.	09:08
Nafallo	good choice :-)	09:09
foo	Hm, now, this system has 5 domains. I've never set up "virtual domains" or something before with postfix, I'll need to figure that one out	09:09
foo	Nafallo: eh, actually, I just remember, this server has debian etch. The data center couldn't put ubuntu on them, eh. I'll still use postfix, though, hehe	09:10
Nafallo	foo: help.ubuntu.com/community/Servers is a good one	09:10
foo	ah, thanks	09:11
=== soothsay [n=soothsay@bas5-montreal02-1096554204.dsl.bell.ca] has joined #ubuntu-server
foo	Nafallo: Hm, I'm checking out that wiki. I guess, my main concern is say, this server hosts about 5 domains... it only sends mail via the web scripts, it does not receive. How does postfix distinguish which @domain to send mail from if 5 different domains are on the system?	09:27
Nafallo	not sure. I use MUA to send mail myself.	09:28
foo	Mail User Agent ?	09:30
Nafallo	yes	09:31
=== aalex [n=aalex@modemcable097.146-57-74.mc.videotron.ca] has joined #ubuntu-server
=== r00tintheb0x [n=r00tinth@cpe-72-177-144-169.houston.res.rr.com] has joined #ubuntu-server
=== Impaque [n=imp@cable-89-216-129-141.dynamic.sbb.co.yu] has joined #ubuntu-server
foo	Nafallo: yeah, seems like the best way to change From: field is just in the code	09:54
foo	Nafallo: thanks	09:54
Nafallo	that's probably right. no problem.	09:54
Impaque	hello, is anyone using AMD64 on Intel-based 64-bit machines?	09:54
Impaque	(amd64 version of ubuntu-server)	09:55
=== stratus [n=stratus@201.53.55.52] has joined #ubuntu-server
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-server
=== vciaglia [n=vciaglia@host103-37-dynamic.10-87-r.retail.telecomitalia.it] has joined #ubuntu-server
=== soothsay_ [n=soothsay@bas5-montreal02-1167964376.dsl.bell.ca] has joined #ubuntu-server
sahafeez	if i want software raid, that is not part of LVM right. i have to make the raid 1st then put the LVM over it'	11:09
=== foxiness [n=nayif@84.235.36.29] has joined #ubuntu-server
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-server
=== jsgotangco [n=jsg123@ubuntu/member/jsgotangco] has joined #ubuntu-server
=== ra1nb0w [n=davide@213-156-55-129.fastres.net] has joined #ubuntu-server
=== jhutchins [n=jonathan@64-151-34-11.dyn.everestkc.net] has joined #ubuntu-server
soothsay_	Anyone know how to use DHCPD to set (some) fixed ip addresses?	11:43
sahafeez	man dhcpd.conf	12:02
sahafeez	you have to create a static entry via the mac address in the config file	12:03

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!