[12:19] <Malder> should I worry about how I partition my server as far as security is concerned? Most articles I've been reading about security are very brief about this topic...
[12:19] <theacolyte> a couple considerations
[12:19] <theacolyte> like if you'll be having people keep user directories, you may consider keeping them on a seperate drive/partition/filesystem
[12:19] <theacolyte> often times people do /boot and /root as well
[12:20] <Malder> like having a xxGB partion /home ? or are we talking about /usr
[12:20] <theacolyte> it depends
[12:20] <theacolyte> what is the box for
[12:20] <Malder> hehe
[12:20] <theacolyte> i was referring to /home though
[12:20] <Malder> ok
[12:21] <Malder> it serves a couple small website and also a file server for a small office
[12:21] <Malder> so it is not dedicated in either way and really can't be...
[12:21] <theacolyte> ah... it really wouldn't matter
[12:21] <theacolyte> although best practices would dictate you cared
[12:21] <theacolyte> I wouldn't though :)
[12:21] <theacolyte> is the web server public facing?
[12:22] <Malder> yes
[12:22] <theacolyte> ehhh
[12:22] <theacolyte> it's not necessary
[12:22] <theacolyte> you can though
[12:22] <Malder> It got cracked a couple days ago and I'm starting from scratch with 7.04
[12:22] <theacolyte> permissions takes care of the majority of issues
[12:22] <theacolyte> cracked? how?
[12:22] <theacolyte> what?
[12:22] <theacolyte> hgehe
[12:23] <Malder> my best guess is brute force (weak password... I was lazy)
[12:23] <theacolyte> that'll do it every time
[12:23] <Malder> there were multiple accepted logins from a Bulgarian IP address through ssh
[12:23] <Malder> ;(
[12:24] <Malder> got a few thousand error messages from postfix saying that xyz domain is bad or some such... not from anytthing I did...
[12:25] <theacolyte> how do you know you were hacked?
[12:25] <Malder> admin password didn't work. Looked at auth.log and it was growing by about 10x each day....
[12:27] <Malder> so you would advise to just go with basically one big partition and then just lock everything down with file permissions? Don't worry about trying to mess with boot options for security...?
[12:27] <Malder> and obviously strong passwords...
[12:29] <Burgwork> don't activate your root account
[12:29] <Burgwork> there is a nifty iptables script I saw to prevent brute forcing of ssh via looking at multiple connections
[12:30] <Malder> I think I am going to go with fail2ban for that... pretty neat little package...
[12:30] <Malder> I didn't have any root account active, but still did no good. Everything was done through sudo
[12:31] <Malder> I didn't turn off root login for ssh, but didn't think that would matter since there was essentially no root user... right?
[12:31] <Nafallo> do you need to permit password login?
[12:31] <Nafallo> I just use public key
[12:31] <Malder> I'm not sure. I would like to look into just using keys.. is that what you're thinking?
[12:31] <Nafallo> yea
[12:32] <Nafallo> I've turned off all other ways of logging in.
[12:32] <Nafallo> that and serial cable :-)
[12:32] <Malder> do you have a reference article on that? When are passwords necessary? I've never used keys...
[12:32] <Malder> hehe
[12:32] <Nafallo> I never uses passwords anymore. I think there is something on help.ubuntu.com/community about that.
[12:32] <Malder> I do have physical access so I can do that too... always nice
[12:33] <Nafallo> or rather. I use passwords for sudo :-)
[12:33] <Malder> right, but that's after login to SSH with your key, right?
[12:33] <Nafallo> yes
[12:34] <Malder> Sounds good to me
[12:34] <Malder> ok. Off to partition. Thanks for the help.
[12:34] <Nafallo> no problem :-)
[12:55] <theacolyte> sorry about that Malder, had to go AFK
[12:56] <theacolyte> you may try also installing rkhunter, apf, and bfd
[12:56] <theacolyte> i've used them before, and they work great for brute force attacks
[12:56] <theacolyte> http://www.rfxnetworks.com/proj.php
[12:57] <Nafallo> I hope you meant against :-)
[12:57] <theacolyte> hehe
[12:58] <theacolyte> maybe!
[12:59] <defendguin> i'm trying to install feisty server and it's telling me it can't mount my cdrom drive
[12:59] <defendguin> obviously its able to read the cdrom or it wouldn't have booted
[01:00] <theacolyte> what kind of controller is the cdrom attached to?
[01:00] <defendguin> ide 
[01:00] <theacolyte> mobo?
[01:01] <defendguin> yeah right to the motherboard
[01:01] <defendguin> nothing very special about the box no odd hardware 
[01:02] <theacolyte> well, if feisty isn't finding the cdrom when you load up the installer, 100% of the time it's because your controller isn't supported through normal channels
[01:02] <theacolyte> what motherboard?
[01:02] <defendguin> i couldn't tell you off hand
[01:02] <theacolyte> ah
[01:03] <defendguin> it was supported when i installed edgy desktop
[01:03] <theacolyte> a good example of it would be my jmicron controller is hated by 99% of the distros out there
[01:04] <defendguin> does server edition support less hardware than desktop?
[01:04] <Burgwork> no
[01:05] <defendguin> besides wireless card
[01:06] <defendguin> hmmm i wonder why it had no problem with edgy 
[01:06] <theacolyte> distros change
[01:06] <theacolyte> but without knowing the specific hardware, there's no way of knowing for sure
[01:07] <defendguin> well i can just boot up without the CD and let you know what hal says
[01:09] <Burgwork> that is why big orgs keep testing hardware around
[01:10] <defendguin> what item am i looking at in the device manager
[01:10] <defendguin> ?
[01:11] <defendguin> says intel brookdale chipset 
[01:11] <Burgwork> if it is wireless, do you need the firemaer
[01:12] <defendguin> no wireless on this computer
[01:12] <theacolyte> defendguin: what's under either RAID controller or IDE/ATA/ATAPI controllers?
[01:12] <defendguin> intel 82801BA ide U100
[01:13] <theacolyte> that it?
[01:13] <defendguin> oem vendor HP
[01:14] <defendguin> pci_8086_244b
[01:17] <defendguin> i'm just poking through what the hal device manager says is there a specific field you would like to know about?
[01:18] <theacolyte> no just the device names under ide controller, i'm just a little slammed right now
[01:19] <defendguin> maybe i could just do a dist upgrade 
[01:19] <theacolyte> you could
[01:19] <defendguin> nah i like fresh installs
[01:21] <defendguin> how could the installer even get started if the cdrom isn't supported
[01:22] <defendguin> i guess i could rip the CD to an iso on this machine and mount the iso and do a net install?
[01:26] <theacolyte> well
[01:26] <theacolyte> it will boot because your BIOS takes care of that
[01:27] <theacolyte> to actually copy files from the cd to your hard drive, it needs a driver to mount it
[01:27] <theacolyte> not quite the best explanation of it, but like I said, i'm slammed
[01:28] <defendguin> i understand
[02:38] <Atlas95> hello
[02:38] <Atlas95> anybody here pleasE?
[02:38] <Atlas95> i have a big problem
[02:38] <Atlas95> i follow perfect setup guide
[02:39] <Atlas95> and i have this error when i try to install some packages:
[02:39] <Atlas95> E: Le sous-processus /usr/sbin/dpkg-preconfigure --apt || true a renvoy un code d'erreur (100)
[06:15] <sahafeez> is the only diff between desktop and server what is installed by default?
[07:08] <Burgundavia> sahafeez: the default kernel is slightly different
[07:08] <sahafeez> can you install desktop and then apt-get the server kernel
[07:12] <Burgundavia> yes
[07:23] <sahafeez> i take it that the desktop installs tons of stuff and it is better to just do server and then install a gui if you need it. 
[07:23] <Kamping_Kaiser> desktop installs a desktop. if its not going to be a desktop, its probably a bad choice of intall
[07:23] <Kamping_Kaiser> *install
[07:24] <sahafeez> i am replacing a w2k3 server at work and have tried sles, rhel. i think i am settling on ubuntu
[07:24] <sahafeez> i need to have ldap+samba+postfix+cryusimap+postgress+opengroupware
[07:24] <sahafeez> and everything needs to auth on ldap
[07:26] <Kamping_Kaiser> i havent tried setting up those services, so i cant comment. ldap+samba+postfix+postgres are in the repos, not sure about the other two you meantion
[07:26] <Burgundavia> install the server, then install what you need
[07:29] <sahafeez> ok, thanks.
[07:29] <Burgundavia> then you can absolutely control what is on the server
[07:30] <Burgundavia> desktop will leave you with all kinds of stuff you don't need
[07:30] <Burgundavia> I would also spread out those services across multiple servers
[07:31] <Burgundavia> ldap+samba on one, mail on the other
[07:32] <sahafeez> it is for 10 people.
[07:33] <Burgundavia> still worth it
[07:33] <Burgundavia> hardware is cheap
[07:33] <sahafeez> one box with 2gb of ram, 3ware raid5 and core 2 is easier
[07:33] <Burgundavia> then kvm it up
[07:33] <sahafeez> trying to cut down on the support.
[07:34] <sahafeez> have another box running slack + asterisk pbx
[07:34] <Burgundavia> ahh
[07:34] <sahafeez> have openbsd box for vpn/firewall
[07:34] <Burgundavia> I would have a common platform
[07:35] <sahafeez> and the w2k3 sbs file+exchange. guess which box gives me issues?
[07:35] <Burgundavia> except asterisk is not in main
[07:35] <sahafeez> going to move the asterisk box to whatever disto i put on the file server. so ubuntu if it works out.
[07:35] <sahafeez> i will do asterisk from source
[07:36] <Burgundavia> hmm, I distrust source
[07:36] <Burgundavia> security updates are a headache
[07:36] <sahafeez> naw, asterisk is simple.
[07:37] <Burgundavia> setting it up is a royal pain
[07:37] <Burgundavia> and debugging is a bigger one
[07:37] <sahafeez> took me forever the 1st time. 
[07:38] <sahafeez> after that it got simple. just had to learn it
[07:38] <Burgundavia> we have a lot of moving pieces, with two offices
[07:38] <sahafeez> server installs compile tools by default or no?
[07:38] <Burgundavia> no
[07:38] <Burgundavia> server installs enough to run the hardware and login
[07:38] <Burgundavia> that is it. No open ports, no running services, nothing
[07:39] <sahafeez> 2 offices, one east one west, openbsd vpn. 3 houses with vpn and remote phones. all ip phones. just works
[07:39] <sahafeez> very openbsd like
[07:39] <sahafeez> i am a bsd person. i am forced onto linux by hardware/or software that i need.
[07:39] <Burgundavia> ahh
[07:42] <Burgundavia> personally, I like having a common server platform
[07:42] <Burgundavia> having 3 distros like that means 3 times as much security
[07:42] <sahafeez> settled on opengroupware for the exchange replacement so i need to run it on linux for the most part. it runs on bsd, etc but its a pain to setup and i need the blackberry push stuff 
[07:43] <sahafeez> i would run every thing on solaris if i could or openbsd. those would be my main choices
[07:44] <sahafeez> i would do gentoo for linux however i need something a bit simpler because others may have to touch it. i started looking at SLES and RHEL because of that.
[07:44] <sahafeez> RHEL sucks
[07:44] <volvoguy> can i ask you guys a support question or is this just a dev channel?
[07:45] <sahafeez> and SLES is very very good cept the updated make the system unbootable as the hardware is too new and i do not feel like figuring it out 
[07:45] <Burgundavia> volvoguy: both
[07:45] <volvoguy> woohoo!
[07:45] <Burgundavia> I have heard good things about SLES
[07:45] <sahafeez> very clean and polished. comes out of the box with samba+ldap setup correct. YAST is a great tool.
[07:46] <volvoguy> i'd like to upgrade my breezy server to at least edgy, if not feisty. the support pages recommend not using apt-get for this, but i don't exactly have "update-manager" which they DO recommed. is there a safe way to use non-gui tool?
[07:46] <Burgundavia> some of the integration stuff is better in SLES/RHEL
[07:46] <Burgundavia> volvoguy: release cycle was breezy --> dapper --> edgy
[07:47] <Burgundavia> I would keep servers on dapper, as it is supported longer
[07:47] <Burgundavia> sadly, there is no tool yet
[07:47] <volvoguy> oh, i'm sorry. i meant I'm on dapper, not breezy.
[07:47] <Burgundavia> ahh
[07:47] <Burgundavia> if you update past dapper, you will have to update a lot
[07:47] <Burgundavia> just to be aware
[07:47] <volvoguy> that's what i want to avoid though - having to upgrade through many releases. 
[07:48] <Burgundavia> then you should stay on dapper until the next LTS
[07:48] <Burgundavia> in april 2008
[07:48] <Burgundavia> I am a very conservative person when it comes to my servers, however
[07:48] <volvoguy> and not bother with performance/feature updates until then?
[07:49] <Burgundavia> less headaches > a bit of performance
[07:49] <volvoguy> Burgundavia, yeah - i can understand that. this is a simple file server and part-time web-dev server. it doesn't do much.
[07:49] <Burgundavia> backup your data and do the edgy update manually
[07:50] <Burgundavia> then use the edgy --> feisty update
[07:50] <volvoguy> Burgundavia, so you'll do a clean install for every LTS release?
[07:50] <sahafeez> i would love to see zfs ported to linux. that would be the best of all worlds, well zfs and pf
[07:50] <Burgundavia> no, LTS --> LTS supported
[07:50] <volvoguy> right.
[07:50] <Burgundavia> thus 6.06 will update to 8.04
[07:50] <volvoguy> and will do so with less complication?
[07:51] <Burgundavia> or you can do 6.06 --> 6.10 --> 7.04 --> 7.10
[07:51] <ajmitch> (assuming that 8.04 is LTS, and that significant work is put in to support upgrades)
[07:51] <Burgundavia> ajmitch: the latter is assumed. Canonical has large paying customers that will demand it
[07:51] <Burgundavia> and what better way to test an update tool than on the community, no?
[07:52] <ajmitch> what I mean is that many packages will need to be checked & modified for upgrades
[07:52] <volvoguy> ajmitch, that was my concern. it seemed to me that smaller updates made more sense, but if canonical is going to try to make a smooth upgrade path to 8.04 - i'll wait for that.
[07:52] <ajmitch> little things like directories moving around, symlinks, handling corner cases in maintainer scripts
[07:52] <ajmitch> it'll take a bit of work, but I'd say that it's expected
[07:52] <volvoguy> ok. cool. :)
[07:53] <Burgundavia> the cool stuff is on the desktop anyway
[07:53] <ajmitch> the next LTS release would probably end up with less cool new stuff, and more time spent polishing
[07:53] <volvoguy> yeah. feisty looks great. 
[07:53] <ajmitch> Burgundavia: pfft, server is getting cool stuff :)
[07:53] <sahafeez> the fact that i can buy support is the reason i am looking at ubuntu
[07:53] <Burgundavia> so I keep my laptop running the absolutely latest and my servers and work desktops running the LTS
[07:55] <volvoguy> my "production" server is a virtual ubuntu server at unixshell. hopefully their xen system will be upgradable to 8.04 easily too. :)
[07:56] <volvoguy> they're probably one of those paying customers though - so they'll be one demanding it. hehe.
[07:57] <volvoguy> well, thanks for the quick updates guys. i'm not involved and online anymore as much as i'd like to be, but i know i can always turn to you for help! talk to you later.
[07:57] <Burgundavia> cya
[08:13] <sahafeez> what is with the delay in the partitioning when doing anything - switching between stuff, lvm, etc. 
[08:13] <Burgundavia> on the installer?
[08:13] <sahafeez> yes
[08:13] <Burgundavia> no idea
[08:13] <sahafeez> it could tell you something you know.
[08:13] <fabbione> sahafeez: known issue
[08:14] <fabbione> it was in the release notes.. there is a bug linked from there
[08:14] <fabbione> it's only annoying but it doesn't affect final installation or functionality
[08:14] <sahafeez> no, but it makes the install take, oh, 2 hours longer ;)
[08:15] <fabbione> i know.. it adds 3 minutes wait on each lv you create
[08:15] <fabbione> there is really nothing we could do to fix it when i first found out of the problem
[08:15] <fabbione> it was too late in the release process :(
[08:15] <sahafeez> oh well. just happy it is not just me
[08:15] <fabbione> it's a good excuse for a cup of coffee
[08:16] <fabbione> the bug is generic.. 
[08:16] <fabbione> that'd work too :)
[08:16] <sahafeez> this is my 1st install of ubuntu. i was having debian flash backs. 
[08:18] <sahafeez> still waiting ....
[08:19] <fabbione> sahafeez: as i said... 3 minutes for each lv you created
[08:20] <sahafeez> well i am on 6 mins now and all i am trying to do is active an existing lvm setup
[08:20] <fabbione> sahafeez: read the bug or you will keep waiting and asking herre
[08:20] <fabbione> here even
[08:20] <sahafeez> yes, i am reading now..
[08:21] <sahafeez> since i have the time and all.
[08:22] <sahafeez> between this and the broken ide on my sparc copying files....
[08:22] <sahafeez> :)
[08:24] <sahafeez> i am kinda wondering why your servers got so hammered, being large network scaling guy
[08:27] <Burgundavia> lots and lots of people
[08:27] <Burgundavia> we did better than suse and fedora last releas
[08:27] <Burgundavia> they went off the air
[08:27] <sahafeez> yah, but it is so simple to fix
[08:27] <maswan> sahafeez: well, it depends, if you can answer me why suddenly there were thousands of CLOSE_WAITs on my mirrors, filling up all the apache slots?
[08:28] <maswan> with 0 bytes in send-q too
[08:28] <sahafeez> nice.
[08:28] <sahafeez> how many servers
[08:28] <maswan> for my mirror? 6
[08:28] <maswan> (i'm se.releases.ubuntu.com)
[08:29] <sahafeez> how does your SLB work?
[08:29] <Burgundavia> maswan: you guys are the big ones, no?
[08:29] <maswan> what's slb? :)
[08:29] <sahafeez> ah, server load balancers 
[08:29] <maswan> Burgundavia: we peaked at 3.8Gbit/s, so yeah.
[08:30] <maswan> ah, large requests (.isos etc) get http-redirected to one of the frontends depending on hash (so that one iso always ends up on the same backend, to keep cache locality)
[08:30] <sahafeez> was it a load issue or an apache bug issue. 3.8 is not alot
[08:30] <maswan> sahafeez: don't know, afaik they blame eachother
[08:31] <maswan> or go "huh?" when reported
[08:31] <sahafeez> what box is doing that? a linux box or switch hardware
[08:31] <maswan> the frontend[s]  that's in dns, they have to handle the small files (deb:s etc that can't be http-redirected), and also ftp&rsync
[08:32] <maswan> individual isos that have more demand than one frontend can satisfy, we manually identify and spread out on more frontends
[08:32] <maswan> it actually works really well, except when we get that CLOSE_WAIT issue
[08:33] <sahafeez> was the traffic balanced over the servers - after action - looking that the mrtg or whatever you use
[08:33] <maswan> http://www.acc.umu.se/technical/statistics/ftp/monitordata/index.html.en
[08:33] <sahafeez> rrdtool
[08:34] <maswan> so, not very well balanced, but then the servers are not equal either
[08:34] <maswan> well enough balanced after 21:00 local time yesterday though
[08:34] <sahafeez> question, and this is because i am not a linux guy, using ext3 on a lvm for a postgress db. any mount options i should look at
[08:34] <sahafeez> ok. it would be interesting to see the network drawing.
[08:35] <sahafeez> i love this kind of stuff.
[08:35] <sahafeez> setup a network that took a 10gb/s DoS once and kept working
[08:35] <maswan> well, remember, this is just my mirror at the academic computer club at umea university
[08:36] <maswan> we're depending on what hardware gets donated to us, and whatever bandwidth the university feel like giving us
[08:36] <sahafeez> ok.
[08:36] <maswan> the canoncial setup (main servers) is not public, AFAIK
[08:36] <sahafeez> no big. i am a nut about network design.
[08:37] <maswan> so in short, out of those machines orion,vega,napoleon are on a separate 2Gbit/s network [borrowed machines from the hpc center at the uni] , the rest share a 2Gbit/s uplink too.
[08:38] <maswan> then it ends up roughly like this: http://www.umdac.umu.se/netmaster/net/Campusnetpresentationumu.jpg
[08:38] <maswan> and then: http://stats.sunet.se/stat-q/load-map/optosunet-kunder,,traffic,peak
[08:39] <maswan> and sorry, can't think of anything for your mount options question
[08:39] <sahafeez> no prob
[08:40] <sahafeez> interesting. it looks abit over complex for my taste...the network
[08:40] <maswan> the campus one or the optosunet?
[08:42] <sahafeez> the 2nd one.
[08:42] <sahafeez> the campus - those are routed or layer2 links
[08:42] <sahafeez> between the cisco switches
[08:43] <maswan> sahafeez: remmeber that on the second one, all those names are different universities accross sweden that requires redundant paths
[08:44] <maswan> the campus one shows the routers on campus, not all the dumb switches
[08:44] <sahafeez> based on as the cable runs and build out time no doubt vs what would be logical
[08:45] <sahafeez> ok, so you are using the 65xx as swtich/routers to distribute
[08:45] <sahafeez> 6509 is a switch cisco just added a router card as an after thought
[08:45] <maswan> yeah, that's my understanding of it. the next-gen campus network is in next year or so
[08:46] <maswan> well, there aren't very big routing decisions that needs to be made within campus
[08:46] <sahafeez> whatever you do do not fill them with gige ports and run them flat out. it will crash ;)
[08:46] <maswan> :)
[08:46] <loVolt> mind if I pose a fiesty/samba question ?
[08:46] <sahafeez> as i am trying to setup samba myself sure
[08:46] <maswan> loVolt: go ahead, don't be surprised if noone is around to answer
[08:46] <loVolt> thx , I give it a try
[08:47] <loVolt> walking though any number of howto's 
[08:47] <maswan> sahafeez: actually, the optosunet one is based on the returns of a single tender for dark fiber across sweden
[08:47] <loVolt> I can get everything cept' getent passwd/group to work
[08:47] <loVolt> like nssswitch is ignored
[08:48] <loVolt> like bank in 2000/2001 
[08:48] <loVolt> er bank/back
[08:48] <loVolt> wbinfo and others work fine
[08:48] <maswan> sahafeez: and the weirdness comes from requiring a "red" and a "green" network connection to all sites, and there not being enough fiber in the ground to make the most logical extension to all sites
[08:48] <loVolt> is there a ubuntu-samba chan?
[08:49] <ajmitch> loVolt: 'winbind enum users = true' in smb.conf
[08:49] <ajmitch> that allows enumeration of users with getent
[08:49] <ajmitch> it should be able to resolve normally anyway
[08:49] <maswan> sahafeez: http://basun.sunet.se/karta/opto2.gif a bit more geographical
[08:49] <loVolt> yes
[08:49] <sahafeez> ah, makes sense.
[08:50] <sahafeez> maswan thanks for sharing the info. i love looking at this stuff
[08:50] <loVolt> getent only show local pass/groups
[08:51] <loVolt> shot in the dark
[08:51] <maswan> sahafeez: btw, sthml is clickable on the optosunet map and you can get to nordunet that way too
[08:51] <ajmitch> and you restarted winbind after changing that option?
[08:51] <loVolt> I ran cvs and samba4 last night on fiesty ...semms to go well
[08:51] <sahafeez> looking..
[08:51] <loVolt> ajmitch, rebooted even
[08:52] <ajmitch> loVolt: sorry, it's 'winbind enum users = yes'
[08:52] <ajmitch> and the corresponding one for groups
[08:52] <loVolt> ajmitch, yeah users and groups
[08:52] <ajmitch> getting users/groups off an AD server?
[08:52] <loVolt> yeah
[08:52] <ajmitch> security=ads, and realm is set?
[08:53] <loVolt> yeup
[08:53] <maswan> sahafeez: everything goes into the a[123] sth routers, using virtual routers in those junipers, AIUI
[08:53] <ajmitch> wbinfo -u returns the right info?
[08:53] <loVolt> yes
[08:53] <loVolt> wbinfo -g as well
[08:53] <sahafeez> junipers are the best routers right now so that is good.
[08:54] <ajmitch> loVolt: you could increase the debug output on winbindd
[08:54] <loVolt> checking
[08:54] <ajmitch> in /etc/default/winbind
[08:56] <loVolt> log level = 3 in defaults/winbind do ?
[08:56] <sahafeez> what is the deal with using a custom kernel on ubuntu. no issues?
[08:57] <loVolt> sahafeez, haven't found any issues
[08:57] <loVolt> lots of apt-getting :)
[08:57] <sahafeez> ok, cool. 
[08:57] <sahafeez> i want to mount an mac hfs drive ;)
[08:58] <loVolt> don't forget autoconf if you want other pcakacges
[08:58] <ajmitch> loVolt: no, I'd put "-d 3 -n" in WINBINDD_OPTS
[08:58] <loVolt> k 
[08:58] <loVolt> heh screaming about invalid option :)
[08:58] <loVolt> fixing
[09:00] <loVolt> I've got two boxes , one fiesty dns only no devl tools and 2nd is fiesty dns with devl / samba4
[09:00] <loVolt> darned is samba4 didn't "just work"
[09:01] <loVolt> k' started again , lets tail the chaos
[09:03] <loVolt> cool idmap went boom
[09:03] <loVolt> fatal error uid range full
[09:03] <ajmitch> wonderful
[09:04] <loVolt> max 200000
[09:04] <loVolt> lets up that a bit
[09:05] <ajmitch> enum users/groups may not be a good thing if you have that many :)
[09:05] <loVolt> I don't 
[09:05] <loVolt> about 150 not inc a/d spare parts 
[09:05] <loVolt> doubled it and rebooting
[09:06] <loVolt>  load average: 5.64, 5.71, 5.64
[09:06] <loVolt> different box
[09:06] <loVolt> :)
[09:08] <loVolt> wierdness
[09:09] <loVolt> still says full , could not lookup domain user luser
[09:10] <loVolt> wonder if I lower the level
[09:12] <loVolt> trying 2000-10000
[09:15] <loVolt> same
[09:15] <loVolt> I need coffee to live
[09:39] <sahafeez> silly question. how do i see what to install when i do not know the package name. i want to install sshd
[09:41] <lionel> sahafeez: for ssh the package name is openssh-server
[09:41] <lionel> in general, you use apt-cache search for package search
[09:41] <sahafeez> ok. i need to read about apt as it is new to me.
[09:41] <sahafeez> thanks
[09:52] <loVolt> gnite
[12:11] <foxiness> hi, am on step of create " Virtual Server Scenario " url: https://help.ubuntu.com/community/RubyOnRails? , on this line sudo nano /etc/apache2/sites-available/<servername> , <servername> = ??? its not clear to me if i need to <domain.net> or domin.net or domaindotnet
[12:17] <ivoks> it is irrelevant
[12:17] <ivoks> you can put there 000-mambo-jambo
[12:18] <ivoks> content of that file is important
[12:26] <foxiness> k,now it clear thanks i need now to figure out ,next step port 80 
[12:27] <ivoks> heh
[12:27] <ivoks> first time configuring apache?
[12:28] <foxiness> :) yes
[12:28] <ivoks> grab a book or something :D
[12:28] <foxiness> host@home
[12:29] <foxiness> book? or something? , like what ?
[12:29] <ivoks> howtos, tutorials, etc..
[12:29] <ivoks> i have two apache books, both are over 300 pages :)
[12:30] <ivoks> and these are small apache books
[12:30] <ivoks> bbl; bye
[09:03] <foo> Hm, what's your mta of preference? exim? postfix? hopefully not sendmail.
[09:04] <Nafallo> postficx
[09:04] <Nafallo> postfix
[09:04] <sahafeez> telnet mail 25
[09:04] <sahafeez> ;)
[09:05] <foo> Nafallo: What's your reasoning? Have you used exim? Someone recently told me to check out ensim, I'm a postfix fan too
[09:07] <Nafallo> foo: it's built with security in mind and is extendible into infinity. also it's what are recommended from the distroteam.
[09:08] <foo> Nafallo: Hm, ok, then I think I'll just stick with that.
[09:09] <Nafallo> good choice :-)
[09:09] <foo> Hm, now, this system has 5 domains. I've never set up "virtual domains" or something before with postfix, I'll need to figure that one out
[09:10] <foo> Nafallo: eh, actually, I just remember, this server has debian etch. The data center couldn't put ubuntu on them, eh. I'll still use postfix, though, hehe
[09:10] <Nafallo> foo: help.ubuntu.com/community/Servers is a good one
[09:11] <foo> ah, thanks
[09:27] <foo> Nafallo: Hm, I'm checking out that wiki. I guess, my main concern is say, this server hosts about 5 domains... it only sends mail via the web scripts, it does not receive. How does postfix distinguish which @domain to send mail from if 5 different domains are on the system?
[09:28] <Nafallo> not sure. I use MUA to send mail myself.
[09:30] <foo> Mail User Agent ?
[09:31] <Nafallo> yes
[09:54] <foo> Nafallo: yeah, seems like the best way to change From: field is just in the code
[09:54] <foo> Nafallo: thanks
[09:54] <Nafallo> that's probably right. no problem.
[09:54] <Impaque> hello, is anyone using AMD64 on Intel-based 64-bit machines?
[09:55] <Impaque> (amd64 version of ubuntu-server)
[11:09] <sahafeez> if i want software raid, that is not part of LVM right. i have to make the raid 1st then put the LVM over it'
[11:43] <soothsay_> Anyone know how to use DHCPD to set (some) fixed ip addresses?
[12:02] <sahafeez> man dhcpd.conf
[12:03] <sahafeez> you have to create a static entry via the mac address in the config file