[12:20] <amigamia> hello
[12:24] <amigamia> is it possible to use slax creator and write the ubuntu server 6x to a memory stick?
[12:25] <amigamia> usb memory stick
[12:53] <amigamia> does ubuntu server automatically detect needed updates and retrieve them and install them as needed??????
[03:27] <sahafeez> question, i see apache-ssl and apache2 in the packages - does apache2 have ssl?
[03:53] <Pumpernickel> sahafeez: Yeah, it does, through the apahce2.2-common dependency.  apache-ssl is from the 1.x branch of Apache.
[03:53] <sahafeez> thanks!
[03:53] <Pumpernickel> s/apahce/apache/
[04:41] <amigamia> hello
[04:41] <amigamia> is there a problem with downloading the server?
[04:42] <amigamia> i have tried all day with no luck
[04:42] <foo> Hm, try a different mirror?
[04:42] <amigamia> tried all of them on the list
[04:43] <foo> What! Haha. Sounds like something on your end, I doubt they are all failing. hmm
[04:43] <amigamia> umm
[04:43] <amigamia> i just downloaded centos and SME with not difficulty
[04:44] <amigamia> just downloaded looking glass from sun with no difficulty
[04:44] <amigamia> but absolutely no success with ubuntu-server
[04:45] <amigamia> ?
[04:46] <dj-fu> Length: 516,335,616 (492M) [text/plain] 
[04:46] <dj-fu> 18% [[04:46] <dj-fu> --14:46:29-- http://ftp.citylink.co.nz/ubuntu-releases/feisty/ubuntu-7.04-server-i386.iso
[04:46] <dj-fu> => `ubuntu-7.04-server-i386.iso'
[04:46] <dj-fu> looks fine here..
[04:47] <amigamia> umm
[04:48] <amigamia> new zeland :D
[04:48] <dj-fu> the web interface link didn't work
[04:48] <dj-fu> it seems to be replacing :// with HTTP encoded characters
[04:48] <dj-fu> which throws up a 404.
[04:48] <amigamia> yes
[04:48] <dj-fu> I just edited the URL manually. Do that ;)
[04:48] <amigamia> thank you dj-fu
[04:50] <dj-fu> mmm... fast.. 14:47:37 (7.22 MB/s) - `ubuntu-7.04-server-i386.iso' saved [516335616/516335616] 
[04:51] <amigamia> :)
[04:51] <amigamia> i'm wireless in a hotel
[04:51] <amigamia> how is ubuntu-server?
[04:53] <dj-fu> We don't run 7.04 on our production servers yet
[04:53] <dj-fu> still pushing Edgy around.
[04:53] <dj-fu> I run 7.04 on the VPS servers though, it seems nice.
[04:53] <dj-fu> still, I prefer another distribution but am told to use Ubuntu.. so..
[04:58] <amigamia> well i am switching to centos. we just went thru some real bad experiences with blackhats and we decided to look into centos 
[04:58] <amigamia> we were using a derivitive of SME 
[04:59] <amigamia> the os in all reality was not the issue it was the add-ons that were the problem. vulnerabilitiues in metadot and horde. ruined the trustability of the servers.
[05:00] <dj-fu> I don't even know what SME is.
[05:00] <dj-fu> I've only ever ran Gentoo for servers, sure, they take a little while to setup
[05:00] <dj-fu> but they're easy to lock down.
[05:00] <amigamia> yeah
[05:01] <amigamia> but this was out of control and we could not trust anything any longer being uncompromised.
[05:01] <dj-fu> heh, that sucks
[05:01] <amigamia> who you telling.
[05:01] <dj-fu> I have all my shit secured with mod_security, jails and stuff
[05:01] <amigamia> really bitter and angry about the whole thing.
[05:01] <dj-fu> so all web frontends are secure as.
[05:01] <dj-fu> sometimes even too secure
[05:01] <amigamia> mod_security?
[05:02] <dj-fu> yeah, it's an apache module that does POST/GET filtering.
[05:02] <dj-fu> regex matches mostly, PCRE, precompiled
[05:02] <dj-fu> throughput suffers a bit, but with enough hardware it's an easy way to lock down web interfaces
[05:02] <amigamia> that is what got me 
[05:02] <amigamia> get
[05:02] <dj-fu> ;)
[05:03] <amigamia> i was got ;)
[05:03] <dj-fu> unfortunately Ubuntu isn't offering it in the repositories
[05:03] <dj-fu> so you have to compile it manually
[05:03] <dj-fu> due to licensing issues
[05:03] <amigamia> if we could find those people we would beat them down to a pulp
[05:03] <dj-fu> (GPL vs. APL)
[05:03] <amigamia> ahh
[05:03] <amigamia> ok
[05:03] <dj-fu> compiling it manually is no issue though
[05:04] <dj-fu> just a matter of installign the right deps (apache2-dev, libxml2-dev) and enabling mod_unique_id, then you just edit the makefile and press make ;
[05:04] <dj-fu> I found a nice tutorial on google somewhere searching for mod_security ubuntu
[05:04] <dj-fu> no,the official mod_sec docs are very good
[05:04] <amigamia> i just found the website
[05:05] <amigamia> this whole security thing is nuts
[05:05] <dj-fu> it can even take care of chrooting apache automatically
[05:05] <dj-fu> I have a chrooted apache,php,mysql,mod_perl server on our main webserver at work
[05:05] <dj-fu> all due to mod_security
[05:05] <dj-fu> it's very nice xD
[05:06] <amigamia> ;)
[05:08] <dj-fu> for what it's worth
[05:08] <dj-fu> http://gentoo-wiki.com/Apache_chroot:_the_mod_security_way
[05:08] <dj-fu> Is very useful also
[05:08] <dj-fu> I can answer questions too, if you want to use it and ask me stuff ;]  (have it running on Feisty and Edgy)
[05:10] <amigamia> ahh ok
[05:10] <amigamia> thanks so much
[05:10] <amigamia> let me look at it
[05:13] <amigamia> dj-fu i never heard of this jail business lol
[05:13] <amigamia> this is deep
[09:10] <sahafeez> anyone using ubuntu server as a replacement for a window AD controllor?
[09:13] <dj-fu> LDAP and all? no
[09:13] <dj-fu> I've used a distro to replace a basic fileshare/domain w/ Samba
[09:13] <dj-fu> not Ubuntu also ;] 
[09:16] <sahafeez> is there a list of the virtual packages for things - like gnome-minimal or xorg-min - i have seen it somewhere but i cannot find it
[09:21] <herman> hi
[09:22] <herman> do some people here have experience with the ultra poor performance of software RAID1 in Ubuntu?
[09:23] <herman> we tested different ubuntu versions on our servers and the breezy release was still OK but after that dapper has a throughput of like 15MB/s and up to feisty its still really poor not passing the 25MB/s
[09:23] <herman> and thats just with copying large files, with many small files (regular use) its even much smaller
[09:24] <sahafeez> what filesystem and are you copying from one drive to another, same to same, etc..
[09:28] <herman> same to same
[09:28] <herman> with JFS
[09:41] <sahafeez> so moving on the same drive. hum.
[09:41] <sahafeez> ide or scsi
[09:46] <sahafeez> if you cp a file to /dev/null hows the speed
[10:03] <foo> ivoks: mornin'
[10:03] <ivoks> morning
[10:30] <foo> ivoks: so, you said that with RAID5 + 6 500GB drives... I would need to have 1 of those drives be the OS, or something similar. Is this because of a 1.5TB restriction on ext3 or something?
[10:30] <herman> sahafeez: i'll try later but it are sataII disks
[10:30] <herman> sahafeez: oh sorry i remembered falsely i got those speeds with /dev/zero to the drive
[10:31] <herman> so write only
[10:33] <ivoks> foo: no
[10:33] <ivoks> foo: if you create raid field bigger than 2TB, you can't create msdos partition table on it
[10:33] <ivoks> foo: therefor, partition table on it should be GPT
[10:34] <ivoks> foo: if it's GPT, than you have to have EFIloader, instead of BIOS; which is available only on Itanium2 hardware
[10:34] <foo> ivoks: ah, that was it
[10:35] <ivoks> foo: so, if you don't have Itanium2, you need aditional boot disk with msdos partition table
[10:35] <ivoks> foo: where you would have your /boot and that disk would be first disk in bios (ie, bootable disk)
[10:35] <ivoks> foo: in MBR of that disk would be grub/lilo
[10:36] <foo> ivoks: Gotcha, ok. Itanium2. Hmm, is that on any dell hardware?
[10:36] <ivoks> lol
[10:36] <ivoks> you know what's itanium?
[10:37] <ivoks> itanium2 is intel's processor
[10:37] <ivoks> fully 64bit one
[10:37] <ivoks> no 32bit instructions
[10:37] <ivoks> very expensive
[10:37] <foo> Hehe, actually, no, I wasn't sure
[10:37] <foo> Hmm, I see
[10:38] <ivoks> you need special motherboard for it
[10:38] <ivoks> i really doubt dell has anything from itanium collections
[10:38] <foo> ivoks: And this issue is an issue with all distributions?
[10:38] <ivoks> foo: that's not an issue with operating system
[10:38] <foo> Hardware
[10:39] <ivoks> foo: that's an issue with bios and partition table
[10:39] <foo> aha, I see
[10:39] <ivoks> there is no MBR on GPT partition table
[10:39] <foo> GPT = gparted, right?
[10:39] <ivoks> so, i386 bios can't boot from it
[10:40] <ivoks> no
[10:40] <foo> ah
[10:40] <ivoks> http://en.wikipedia.org/wiki/GUID_Partition_Table
[10:41] <ivoks> http://www.microsoft.com/whdc/device/storage/GPT-on-x64.mspx
[10:41] <foo> mhmm, ok, thanks.
[10:42] <ivoks> Because the x64 and x86 architectures do not provide support for an EFI boot partition, you cannot use a GPT drive to boot an x64-based computer or an x86-based computer with a legacy BIOS. Therefore, computers running these operating systems must be equipped with more than one physical driver to allow the use of the GPT disk format.
[10:42] <foo> So, it's safe to say that on the Dell 2950s with 6 500GB drives on RAID5 is impossible, right? (with no other drives)
[10:42] <ivoks> no :)
[10:42] <ivoks> you can boot from CD
[10:43] <ivoks> your problem is booting; nothing else
[10:43] <ivoks> you can boot from CD, floppy, USB, additional disk
[10:43] <foo> gotcha, I see.
[10:45] <ivoks> standard PC partitions table can contain partition <2TB
[10:45] <foo> ivoks: I'll just boot off a 2GB USB key
[10:46] <ivoks> be sure to have at least two copies :)
[10:46] <foo> :D Sure, 2 USB keys. Redundant OS
[10:46] <ivoks> and a backup on disk
[10:46] <foo> yeah
[10:46] <foo> Hm, is that actually plausible?
[10:46] <ivoks> not 2 kyes in the same time
[10:47] <ivoks> but on in computer, and one in secured safe :)
[10:47] <foo> (taped under the server)
[10:47] <ivoks> what? boot from usb?
[10:47] <foo> yeah
[10:47] <ivoks> yes
[10:47] <ivoks> depends on BIOS
[10:47] <ivoks> most modern MB can boot from usb
[10:48] <foo> yeah
[10:50] <ivoks> if your MB supports it
[10:50] <ivoks> create raid, plug in key, start installation, create / on raid and /boot on key, and install grub in MBR of key
[10:51] <foo> yup
[10:52] <ivoks> after the installation, start the system, plug in another key, copy content of /boot to it, and install grub on the second key (grub-install /dev/whatever)
[10:52] <ivoks> then you are safe to go to bed
[10:53] <foo> Cool, thanks man
[10:53] <foo> Really appreciate that bit
[10:53] <ivoks> np
[10:54] <ivoks> with disks geting bigger every day, this problem grows too
[10:57] <herman> does that mean if you create a small root partition on the 3TB array that it can boot anyway?
[10:57] <ivoks> right
[10:57] <foo> Only the MBR, I believe
[10:57] <ivoks> cause that array is on GPT partition table
[10:57] <ivoks> eerrr... GPT is on that array :)
[10:58] <herman> well i'll try it myself in the not so distant future 
[10:58] <herman> nice to know where i can expect some trouble
[10:58] <ivoks> :)
[10:58] <herman> i thought my xeon board has efi as well
[10:58] <ivoks> what board?
[10:59] <herman> 5000 series
[10:59] <herman> intel
[10:59] <herman> but i think the 3000 series board i have lying around now has it as well
[10:59] <herman> i'll check 
[10:59] <herman> at least you can find efi shell in the bootoptions
[10:59] <herman> IIRC
[11:00] <ivoks> http://www.intel.com/products/motherboard/D945PLNM/index.htm
[11:00] <ivoks> looks like this one has EFI
[11:00] <ivoks> well, that's great!
[11:00] <herman> http://www.intel.com/design/servers/boards/s3000ah/index.htm
[11:01] <herman> i got that one
[11:02] <ivoks> well, if it has EFI, then you shouldn't have that problem
[11:02] <ivoks> but...
[11:02] <ivoks> ubuntu installer doesn't offer instalation of elilo, IIRC
[11:03] <herman> well i probably don't use it, but i remember seeing it on the boards non ia64, since you said it was itanium only
[11:04] <ivoks> yes, it's intel inovation
[11:04] <ivoks> but it's reasonable to port it to i386 arch
[11:04] <herman> i like the 3000 series, its a lot cheaper then the 5000 but still quite fast :)
[11:04] <ivoks> since disks are really big these days, and 2TB isn't a problem
[11:04] <herman> quite easy to get more then 2TB:)
[11:09] <ivoks> herman: well, be sure to try with elilo
[11:09] <ivoks> i'm interested in results :)
[11:09] <herman> i'll remember when the time comes :)
[02:44] <slackwarelife> any idea ???
[03:58] <edistar> I have a question, I need to logon clients non-locally, via a server
[03:58] <edistar> is there a solution for linux?
[03:59] <ivoks> yes
[04:00] <edistar> any more information?
[04:00] <ivoks> you can have a server and diskless clients
[04:00] <edistar> I have that already..
[04:00] <ivoks> or you are asking for user login?
[04:00] <edistar> I have a terminal server
[04:01] <edistar> I need to somehow have something like a radius server
[04:01] <edistar> cause I need to get user/password from a central server for 2 terminal servers and one ftp server
[04:01] <ivoks> openldap?
[04:01] <edistar> something like a radius server, but is that the best solution?
[04:02] <ivoks> or freeradius
[04:02] <edistar> which is easier?
[04:02] <ivoks> depends on what you have on central server
[04:02] <edistar> ?
[04:03] <ivoks> depends on your need
[04:03] <ivoks> do you have users on central server?
[04:03] <edistar> no
[04:03] <ivoks> then setup a ldap server on server
[04:03] <ivoks> and make clients authenticate over ldap
[04:03] <edistar> okey
[04:03] <edistar> thank you
[04:04] <slackwarelife> edistar: there some problem with ldap and dbus
[04:05] <edistar> what do I have to watch out for then?
[04:05] <ivoks> slackwarelife: ?
[04:05] <slackwarelife> yes, when force pam to use ladp dbus stop to works
[04:05] <edistar> hm
[04:06] <slackwarelife> pam_ldap.so
[04:06] <slackwarelife> in this case
[04:06] <slackwarelife> auth suffiient pam_ldap.so
[04:06] <edistar> can I just install openldap on debian to test?
[04:07] <slackwarelife> but the problem is on the clients
[04:07] <slackwarelife> i'm using ubuntu 6.10 ldap + samba
[04:07] <edistar> ok
[04:07] <slackwarelife> and 50 clients ubuntu 6.10
[04:07] <slackwarelife> to works dbus you must
[04:08] <edistar> I'm trying ubuntu 7.04 +slapd or something? looked like an openldap server..
[04:08] <slackwarelife> edit /etc/dbus-17system.d/hall.conf
[04:08] <slackwarelife> sorry /etc/dbus-1/system.d
[04:08] <edistar> ok
[04:08] <slackwarelife> there a very good post on dbus mail-list
[04:08] <ivoks> and hal.conf :)
[04:09] <slackwarelife> yes
[04:09] <edistar> thanks :)
[04:09] <slackwarelife> I spent 5 week to understand because the dbus sto
[04:10] <edistar> oh
[04:10] <slackwarelife> nothing
[04:10] <ivoks> and change what? :)
[04:10] <slackwarelife> wait
[04:11] <ivoks> https://answers.launchpad.net/ubuntu/+question/5136
[04:13] <slackwarelife> yes
[04:13] <slackwarelife> but this pam config are so sure
[04:14] <slackwarelife> I'm now try to do some other configuration using cracklib
[04:14] <slackwarelife> but if you want it works fine
[04:15] <slackwarelife> I have found it on the net
[04:15] <slackwarelife> if you want change hal.conf
[04:16] <slackwarelife> you must change this
[04:16] <slackwarelife> <!-- You can change this to a more suitable user, or make per-group -->
[04:16] <slackwarelife> I change it using user group
[04:17] <slackwarelife> in this line
[04:17] <slackwarelife> form <policy user="0"> to <policy user="user">
[04:17] <ivoks> ok
[04:18] <slackwarelife> some other problems are the passowrd change on ldap server
[04:19] <slackwarelife> i don't know how I can change it in local and in ldap using one tool
[04:19] <slackwarelife> now i'm using two tool
[04:19] <slackwarelife> the ubuntu user tool
[04:19] <slackwarelife> and the smbldap-tool
[04:20] <slackwarelife> but i know it is possible using correct pam configuration
[04:20] <ivoks> right
[04:20] <ivoks> server has to use pam too
[04:20] <ivoks> doh.. ldap
[04:20] <slackwarelife> yes my server use pam
[04:21] <slackwarelife> now in my pam i have "password	requisite	 pam_ldap.so		md5 use_authtok"
[04:22] <slackwarelife> use_authlok is a derctive which must use the data insert in pam_un
[04:22] <slackwarelife> pam_unix.so
[04:22] <slackwarelife> this is client config
[04:41] <slackwarelife> see you late
[09:12] <Skaag> My box loads the sky2 driver for my syskonnect yukon card but it's buggy, I noticed the older sk98lin driver is also supplied, how do I tell my box to use that instead?
[09:12] <Skaag> And where do I set ip forwarding to automatically be set on boot time?
[09:13] <\sh> Skaag, ip forwarding in /etc/sysctl.conf
[09:14] <\sh> Skaag, and sk98lin you can add to /etc/modprobe.d/ you can blacklist sky2 and add sk98lin to autoload
[09:14] <Skaag> thanks
[09:15] <Skaag> I think sk98lin doesn't work, I just tried.
[09:15] <Skaag> it's strange
[09:15] <Skaag> on debian it used to be my driver
[09:15] <\sh> Skaag, but sk98lin is autoloaded for my toshiba r200 
[09:15] <Skaag> I have a weird problem with sky2
[09:15] <Skaag> after a while I get a strange message in dmesg
[09:15] <Skaag> and then, connections hang at the 4th packet
[09:15] <Skaag> I thought at first it was a conntrack problem
[09:16] <\sh> that was the behaviour of sky2 during breezy development,..that's why we included syskonnects sk98lin drivers
[09:16] <Skaag> also, can you tell me if there is a new convention for virtual interfaces in ubuntu-server instead of eth1:1, eth1:2...?
[09:16] <Skaag> oh I see
[09:17] <Skaag> a modprobe sk98lin gives no results
[09:17] <Skaag> nothing in dmesg
[09:17] <\sh> Skaag, well..not that I know that there is a different behaviour...actually I don't use virtual interfaces for any box I have...but looking at the avahi interfaces opened up by NM, I think it didn't change for feisty
[09:18] <Skaag> it's giving me weird behavior
[09:18] <Skaag> can you help me verify the format is correct?
[09:19] <\sh> eth1:<something>
[09:19] <\sh> 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
[09:19] <\sh>     link/ether 00:10:c6:e3:4b:65 brd ff:ff:ff:ff:ff:ff
[09:19] <\sh>     inet 169.254.7.107/16 brd 169.254.255.255 scope link eth0:avahi
[09:19] <Skaag> http://rafb.net/p/ivZDcg64.html
[09:20] <\sh> should work, yes
[09:20] <Skaag> gives me strange warnings once in a while
[09:20] <Skaag> and I can't ifup eth1:1
[09:21] <\sh> I would cound from 1 to x and not starting with 5
[09:25] <Skaag> hm...
[09:25] <Skaag> I do that to keep a certain logic in the interfaces against ip addresses
[09:39] <Skaag> can you help me find out why sk98lin does not work when I modprobe it?
[09:40] <\sh> lsmod says what?
[09:40] <\sh> pastebin it
[09:40] <\sh> if not, please ask in #ubuntu for those questions...it's plain support