| Deeps | heh, in this time you probably could have installed an ubuntu server, had nfs serving from there, and be half way to finding your backup solution too | 00:04 |
|---|---|---|
| Deeps | oh, you've got it working now, nice :) | 00:04 |
| MountainX | Deeps - I was thinking the same thing | 00:04 |
| Deeps | key search terms would be rsync incremental backup | 00:05 |
| MountainX | No, it is not working now. I thought it was, but I still have permissions issues. | 00:05 |
| Deeps | oh | 00:05 |
| Deeps | heh | 00:05 |
| MountainX | My goal is to put Ubuntu on that file server eventually. This might be the right time to start. This morning I thought I would begin by testing NFS an another server running Ubuntu as a first step. That led me to start asking a bunch of new questions about NFS version 4... | 00:06 |
| mok0 | MountainX: Just use whatever comes with Ubuntu | 00:07 |
| Deeps | apt-get install nfs-server | 00:07 |
| MountainX | mok0 - true. I tend to make things too complicated. | 00:07 |
| Deeps | or, probably, apt-get install nfs | 00:07 |
| Deeps | you use what your package manager gives you unless you want the headache of manually maintaining your software | 00:08 |
| MountainX | I think I need nfs-common, portmap and nfs-server-something | 00:08 |
| mok0 | MountainX: it's better to get something working first | 00:08 |
| Deeps | nfs / nfs-server will be dependant on those packages, and will install them automatically | 00:08 |
| MountainX | Deeps - OK | 00:08 |
| Deeps | Package nfs-server is a virtual package provided by: unfs3 0.9.17+dfsg-1 nfs-user-server 2.2beta47-23 nfs-kernel-server 1:1.1.1~git-20070709-3ubuntu1 | 00:08 |
| MountainX | thx | 00:09 |
| Deeps | so that'd be nfs-kernel-server i guess | 00:09 |
| MountainX | Deeps - yes, that's the one I was thinking of | 00:09 |
| mok0 | yup, that's the one | 00:09 |
| MountainX | I would still like to know if it supports nfs version 4. just curious. | 00:10 |
| * mok0 sheds a tear from watching "extreme makeover" | 00:10 | |
| mok0 | :-) | 00:10 |
| MountainX | is anyone here watching Oprah's "A New Earth" online? I think it's good. | 00:11 |
| mok0 | Online? | 00:11 |
| MountainX | mok0 - http://www.oprah.com/obc_classic/webcast/archive/archive_download.jsp | 00:11 |
| MountainX | the player doesn't run on Linux, so I don't watch live. I just download and play in VLC later. | 00:12 |
| mok0 | Hmm, I'm on my Powerbook and it doesn't work here either. Booh, Oprah | 00:13 |
| MountainX | I think Ubuntu does support NFS version 4. On the client, the mount is like this: mount -t nfs4 | 00:14 |
| MountainX | I am going to eat. Thank you everyone! I appreciate all the help -- and the encouragement to go ahead load Ubuntu on my file server too :) I will be back another day. | 00:17 |
| MountainX | (or maybe later today) | 00:17 |
| mok0 | Huh? Oprah just crashed Safari :-D | 00:17 |
| mok0 | MountainX: see you | 00:17 |
| MountainX | mok0 later | 00:17 |
| MountainX | and thx | 00:17 |
| mok0 | np | 00:18 |
| mok0 | No, Ubuntu NFS is v3 | 00:18 |
| BarryToeman | How different is a Ubuntu command-line install vs base Ubuntu Server install (no extra packages installed)? | 01:11 |
| Deeps | if i'm right, server install install ubuntu-server package (and all the wonders that come with it) | 01:12 |
| Deeps | if i'm right, server install install ubuntu-server package (and all the wonders that come with it), while cli only installs ubuntu-standard | 01:12 |
| Deeps | whoops | 01:13 |
| Deeps | see package.ubuntu.com for details as to what's in there | 01:13 |
| Deeps | (or apt-cache) | 01:13 |
| BarryToeman | Deeps: thanks. | 01:24 |
| teamcobra | I've got a colocated server running hardy, and I set up ldap today.... now the system hangs at starting kernel log daemon | 02:38 |
| sommer | teamcobra: it may be bug #155947 | 02:41 |
| ubotu | Launchpad bug 155947 in libnss-ldap "ldap config causes Ubuntu to hang at a reboot" [Undecided,Confirmed] https://launchpad.net/bugs/155947 | 02:41 |
| sommer | I believe there are work arounds in the comments | 02:41 |
| teamcobra | ok, it booted properly when removing "ldap" in /etc/nsswitch... will ldap-created users be able to log into the machine, and if not, is there a workaround? (it is an nxserver among other things) | 02:46 |
| sommer | I think so, but you'll want to test that | 02:46 |
| sommer | that bug is a priority so, hopefully it'll be fixed before hardy release if not sooner :) | 02:47 |
| genii | Just wanted to know the new package which will be replacing webmin function, if anyone may know | 02:48 |
| sommer | !ebox | 02:48 |
| ubotu | ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See the plans for Hardy at https://wiki.ubuntu.com/EboxSpec | 02:48 |
| teamcobra | sommer: nope, ldap-created users can't log in :/ | 02:50 |
| genii | sommer: Thanks | 02:51 |
| sommer | genii: np | 02:52 |
| sommer | teamcobra: ya, I think the best work around is to rearrange the start order of openldap | 02:52 |
| sommer | there should be details in the comments to that bug | 02:52 |
| sommer | I've been working on setting up a test environment for that bug myself, but have had issues with finding the time lately | 02:53 |
| teamcobra | that's what I was thinking, looking into it | 02:56 |
| flyback | hey | 03:04 |
| flyback | apprentely I canucked up and 6.06 lts does support smp the installer just installed the wrong kernel | 03:04 |
| flyback | what do I need to do to force all the smp supporting kernel packages to install, headers, etc I want to make sure I have all the steps right so I can repeat this 9 more times | 03:05 |
| flyback | also is there anything in the supplied kernel that would conflict with vmware server | 03:05 |
| * flyback is starting to like vmware server 2 beta 2 for windows | 03:07 | |
| teamcobra | back, going to try to start slapd earlier in the bootprocess | 03:14 |
| teamcobra | will report how it goes | 03:14 |
| sommer | cool | 03:14 |
| * flyback bbl | 03:17 | |
| teamcobra | sommer: I don't think I did it properly.... do you have any spare time? | 03:27 |
| sommer | some | 03:27 |
| sommer | fire away | 03:28 |
| teamcobra | what's the easiest way to get slapd running before klogd (or any other daemons that need to run under their own user)? | 03:29 |
| teamcobra | back ;p | 03:29 |
| sommer | teamcobra: adjust the scripts in /etc/rc*.d | 03:30 |
| sommer | I think you want to look at /etc/rc3.d first | 03:30 |
| teamcobra | ok | 03:30 |
| sommer | lower numbers start first :) | 03:30 |
| sommer | I'd try starting slapd right after the networking | 03:31 |
| teamcobra | it seems like networking starts before klogd as I can ping the device (static ip setup) | 03:33 |
| teamcobra | changing the other rc folders now | 03:33 |
| teamcobra | hrm, still didn't fix it | 03:39 |
| teamcobra | but looking at the log... it doesn't look like slapd started after networking where I told it to ;p | 03:40 |
| sommer | what if you change nsswitch.conf similar to: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/155947/comments/41 | 03:40 |
| ubotu | Launchpad bug 155947 in libnss-ldap "ldap config causes Ubuntu to hang at a reboot" [Undecided,Confirmed] | 03:40 |
| teamcobra | one sec ;) | 03:42 |
| teamcobra | still hanging :/ | 03:48 |
| flyback | <flyback> hey | 03:51 |
| flyback | apprentely I canucked up and 6.06 lts does support smp the installer just installed the wrong kernel | 03:51 |
| flyback | what do I need to do to force all the smp supporting kernel packages to install, headers, etc I want to make sure I have all the steps right so I can repeat this 9 more times | 03:51 |
| flyback | also is there anything in the supplied kernel that would conflict with vmware server | 03:51 |
| sommer | teamcobra: did you try this order: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/155947/comments/49 | 03:55 |
| ubotu | Launchpad bug 155947 in libnss-ldap "ldap config causes Ubuntu to hang at a reboot" [Undecided,Confirmed] | 03:55 |
| teamcobra | yes, will make sure it is still set at s13 after this fsck | 03:56 |
| teamcobra | but pretty positive it is | 03:56 |
| sommer | flyback: I would just install anything package with -dev in the name... I guess, not sure about vmware, but I've heard it works well in gutsy and hardy | 03:57 |
| flyback | thx | 04:00 |
| sommer | teamcobra: maybe try this: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/155947/comments/36 | 04:03 |
| ubotu | Launchpad bug 155947 in libnss-ldap "ldap config causes Ubuntu to hang at a reboot" [Undecided,Confirmed] | 04:03 |
| flyback | now I just gotta find out if I can have a xvnc session off the desktop ubuntu livecd :P | 04:04 |
| teamcobra | when making a new file in rcS.d, should I just touch it as root? | 04:04 |
| sommer | maybe, but I'd think it'd work either way | 04:05 |
| teamcobra | 1 sec, rebooting again | 04:06 |
| teamcobra | S13 didn't fix it | 04:07 |
| sommer | have you tried comment 36 of that bug? maybe it can use the cached creds | 04:08 |
| teamcobra | 1sec | 04:10 |
| === kraut_ is now known as kraut | ||
| teamcobra | still hangs | 04:17 |
| sommer | I guess maybe try this guys script: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/155947/comments/42 | 04:19 |
| ubotu | Launchpad bug 155947 in libnss-ldap "ldap config causes Ubuntu to hang at a reboot" [Undecided,Confirmed] | 04:19 |
| sommer | teamcobra: that script is pretty large I | 04:23 |
| sommer | 'd look through it and make sure that's what you want to do before using it | 04:23 |
| sommer | I'll try to get a test machine setup tomorrow, and hopefully confirm a workaround | 04:24 |
| flyback | ugh wish I could figure this out :/ | 04:26 |
| LiENUS | what package contains nbackup for firebird 2? | 04:41 |
| teamcobra_ | hrm, looks like it booted up after running that script, but ssh logins don't work | 04:42 |
| teamcobra_ | still | 04:42 |
| kirkland | sommer: teamcobra_: i was actually trying to reproduce that bug today | 04:45 |
| kirkland | sommer: teamcobra_: i could get hardy to hang on login, but not on boot | 04:45 |
| teamcobra_ | kirk: install gutsy, and follow the first 2 pages of this: | 04:45 |
| teamcobra_ | it'll reproduce | 04:45 |
| kirkland | teamcobra_: hmm, i was trying with hardy | 04:45 |
| teamcobra_ | http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10 | 04:46 |
| teamcobra_ | erm, I meant hardy | 04:46 |
| teamcobra_ | sorry, my brain is starting to scramble | 04:46 |
| teamcobra_ | w00t, just ssh'ed | 04:46 |
| teamcobra_ | thank goodness, sommer.... you've saved me a huge headache | 04:47 |
| teamcobra_ | and ldap does indeed work ;) | 04:47 |
| kirkland | teamcobra_: which comment was your workaround? | 04:48 |
| kirkland | teamcobra_: for my reference? | 04:48 |
| teamcobra_ | kirk: the script, that's gz'ed | 04:48 |
| teamcobra_ | 1 sec | 04:48 |
| sommer | teamcobra_: good news | 04:48 |
| teamcobra_ | I did have to manually edit my ldap conf afterward to reflect my ip | 04:48 |
| sommer | ya I noticed that script had a hard coded one | 04:49 |
| sommer | did that work around fix it? | 04:49 |
| teamcobra_ | yep | 04:49 |
| sommer | kirkland: it's attached to comment 42 | 04:49 |
| teamcobra_ | https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/155947/comments/42 | 04:50 |
| ubotu | Launchpad bug 155947 in libnss-ldap "ldap config causes Ubuntu to hang at a reboot" [Undecided,Confirmed] | 04:50 |
| teamcobra_ | beat me to it ;) | 04:50 |
| sommer | heh, link is better | 04:50 |
| kirkland | sommer: thanks | 04:50 |
| teamcobra_ | ack, that sudo-ldap that gets installed broke my sudo however | 04:52 |
| teamcobra_ | which is a biiig problem | 04:53 |
| sommer | should be able to remove that package, I'd think | 04:54 |
| teamcobra_ | trying now | 04:54 |
| teamcobra_ | wooowoowooo, all better now (removed sudo-ldap and reinstalled sudo from the recovery kernel) | 05:00 |
| teamcobra_ | thank goodness for kvm-over-ip | 05:00 |
| sommer | party! | 05:00 |
| teamcobra_ | yeah, party after 8h of headaches :D :D | 05:00 |
| sommer | heh, time to drown the woes | 05:01 |
| teamcobra_ | heheheh, or smoke them out of their holes ;p | 05:01 |
| sommer | lol | 05:01 |
| sommer | that's good | 05:01 |
| teamcobra_ | this should be an easy fix to implement then before the final release, since that script did the trick ;) just a matter of cleaning it up and such | 05:04 |
| sommer | ya, I imagine the fixes will be applied directly to whichever packages need adjusting | 05:05 |
| * teamcobra_ <3's seeing bugs squashed ;) | 05:05 | |
| foo | teamcobra_: You're sick | 05:06 |
| foo | teamcobra_: :) | 05:06 |
| teamcobra_ | heeheh | 05:06 |
| themime | how do i partition my disk via command line | 05:42 |
| foo | themime: look into cfdisk | 05:44 |
| themime | thanks | 05:45 |
| themime | ubuntu created 3 partitions, a linux, an extended and a swap. whats the difference between the ext and the linux partition? why 2? whats the other meant for? | 06:05 |
| themime | (i mean other one besides swap, i know what that ones for) | 06:05 |
| kgoetz | extended is for logical partitions to go in | 06:06 |
| themime | ? | 06:06 |
| kgoetz | the extended partition iis for logical partitions to go in. | 06:07 |
| kgoetz | the 'linux' is ext3 (extention3 filsystem), but a primary partition | 06:07 |
| themime | i don't understand what you mean by logical partition. why did ubuntu create it? what did it place in there (more specific than "logical partition") | 06:08 |
| kgoetz | the swap is inside the extended partition | 06:08 |
| themime | ah ok | 06:08 |
| themime | i have an lzm of a kernal from "slax" that i want to use instead of the normal kernel. is this compatable with ubuntu somehow? | 06:54 |
| flyback | I can't seem to figure out which is the stock kernel for ubuntu server 6,06lts | 08:01 |
| flyback | when looking thru a list of packages | 08:02 |
| flyback | linux, linux-image, kernel, wtf? | 08:02 |
| === \sh_away is now known as \sh | ||
| soren | flyback: I'm not sure what you're really looking for? | 09:24 |
| soren | themime: No clue. Try. | 09:30 |
| soren | themime: Why, though? | 09:31 |
| teamcobra | hrmm, after I got ldap working, none of my users get panels once they log in (no top/bottom panel, just background image)... not even newly-created ones | 09:41 |
| teamcobra | and it appears that all necessary directories are created upon login | 09:41 |
| teamcobra | looks like the panel is segfaulting | 09:42 |
| soren | You're not likely to get qualified help for gnome panel issues here. | 09:44 |
| teamcobra | k..... | 09:44 |
| tonyyarusso | soren: What? You don't run a GUI on your servers? I'm shocked! | 09:54 |
| Jeeves_ | OMG!? | 09:54 |
| tonyyarusso | :P | 09:55 |
| soren | tonyyarusso: Not if anyone asks, anyway :) | 09:57 |
| tonyyarusso | haha | 09:57 |
| _ruben | heheh | 10:02 |
| teamcobra | well, this is a rdesktop server ;p ;p | 10:03 |
| teamcobra | looks like it's not initializing the HAL either upon gui logins :p | 10:04 |
| teamcobra | heh, what a catch-22, this problem falls right between server and desktop ;) | 10:04 |
| kraut | moin | 10:18 |
| teamcobra | here's the hal error, if anyone has an idea: Could not init PolicyKit context: (null) | 10:27 |
| soren | teamcobra: There's no catch 22. It's a desktop thing. | 10:41 |
| soren | What are you using to serve rdesktop, by the way? | 10:42 |
| soren | xrdp? | 10:42 |
| teamcobra | nx | 10:43 |
| soren | nx does rdp these days? | 10:44 |
| teamcobra | nop, just nx | 10:45 |
| teamcobra | sorry for the confusion ;) | 10:45 |
| soren | no worries :) | 11:01 |
| faulkes- | gonna be a long day | 12:09 |
| faulkes- | but I finally have access to our facilities to get at that damnable iscsi box | 12:10 |
| _ruben | faulkes-: nice :) | 13:19 |
| _ruben | just an equallogic reseller representative give a demo of one of their san devices .. quite impressive | 13:19 |
| _ruben | +had | 13:19 |
| Deeps | any benefits to ipv6 yet, other than 'because you can' and ipv6porn? | 13:32 |
| akincer | Unless your provider supports IPv6, not really AFIK other than getting your feet wet in it | 13:35 |
| Deeps | i guess i'll be going for a dip for the fun of it then | 13:36 |
| Deeps | forced me to learn how to handle the ripe db already, which is nice | 13:36 |
| === \sh is now known as \sh_away | ||
| === \sh_away is now known as \sh | ||
| Deeps | and anyone here have any idea how to produce logarithmic traffic graphs with mrtg/rrdtool? | 13:57 |
| Deeps | eg, i have a 100mbit link that usually sits around 100kbit | 13:57 |
| Deeps | until i do an apt-get update+upgrade | 13:57 |
| Deeps | then the graphs become worthless cuz of the spike | 13:58 |
| Deeps | google finds a logconvert.pl patch for mrtg that 404s | 13:58 |
| Deeps | rrdtool inticates there are command line flags that can be issued, but i'm using mrtg-rrd to generate hte pages and i cant work out how to alter that, and suspect that the change has to be made within mrtg rather than the website | 13:59 |
| Deeps | and/or scrapping mrtg entirely and using rrd on its own to poll the interfaces + update its db | 13:59 |
| Deeps | nm, just discovered logscale option | 14:22 |
| Deeps | spent 3 hours on google yesterday with no joy :( | 14:22 |
| mzungu | hi ppl - i'm trying to use apt-proxy on my pc so that other pc's will update through mine instead of directly. i have a slow pipe, and my pc is kept up to date, so only my pc should have to fetch the updates. I'm having a problem with apt-proxy-import - which seems to be flagged under bug #4844. Does anyone know how to get the .debs already in the apt cache into apt-proxy manually?? | 14:47 |
| ubotu | Launchpad bug 4844 in apt-proxy "apt-proxy-import says "no suitable backend found"" [Medium,Confirmed] https://launchpad.net/bugs/4844 | 14:47 |
| blue-frog | mzungu: will not be easy as they are put in folders if memory serves but you could install apt-cacher in a split second, configure it even faster and copy all your existing deb into apt-cacher folder | 14:50 |
| mzungu | ah - so you recommend that over apt-proxy? | 14:50 |
| blue-frog | then sources.list have to be tweaked with http://apt-cacher-host:3142/archive.ubunt... | 14:51 |
| mzungu | ok | 14:51 |
| blue-frog | I used apt-proxy for a long time until I got fed up with minor things but lots of them | 14:51 |
| mzungu | similar to apt-proxy, i guess | 14:51 |
| mzungu | ok - so apt-cacher is sold? | 14:52 |
| blue-frog | same stuff maybe less options but well works well | 14:52 |
| mzungu | s/sold/solid ;) | 14:52 |
| blue-frog | so far so good. you need to tweak 2 files | 14:52 |
| mzungu | thanks - lemme go try that instead - and dump apt-proxy :( | 14:53 |
| blue-frog | one in /etc/default to make it start automatically at boot | 14:53 |
| mzungu | ok | 14:53 |
| blue-frog | and eventually its conf file if you want to move its homedir folder | 14:53 |
| mzungu | ok | 14:54 |
| blue-frog | (don't forget to restart the service if you do so..) | 14:54 |
| mzungu | he he - yes | 14:54 |
| mzungu | many thanks, blue-frog - i'll give another shout later if i have probs | 14:55 |
| blue-frog | then you will need to copy all deb in /path/to/apt-cacher/packages/ | 14:55 |
| mzungu | sure | 14:55 |
| blue-frog | might need to do chown -R ww-data to have all the deb readable | 14:56 |
| blue-frog | www-data | 14:56 |
| mzungu | i'll google apt-cacher as well to see what pops up ;) | 14:56 |
| blue-frog | it's straight forward anyway... | 14:57 |
| mzungu | yep | 14:57 |
| mzungu | let's hope so.... | 14:57 |
| mzungu | apt-proxy was straight forward too, until it came to the import - which is the whole point of the exercise ;) | 14:57 |
| fromport | blue0frig/mzungu: you can either tweak the sources _or_ use the apt.conf line Acquire::http::Proxy "http://[cacheserver]:3142"; | 15:10 |
| mzungu | this is for apt-cacher or apt-proxy? | 15:11 |
| fromport | my experience with apt-cacher are positive, but dont combine ubuntu/debian machines. That will go wrong. I ended up with apt-cacher-ng, which works well with both distro's but has a memory leak | 15:12 |
| fromport | mzungu: apt-cacher | 15:12 |
| mzungu | ok | 15:12 |
| mzungu | i only have ubuntu machines - all gutsy | 15:12 |
| mzungu | well - in reality, there's my pc, and now the wifes ;) - so i want that to update through mine, as mine is always up-to-date - and we have a slow internet connection | 15:13 |
| mzungu | i did also just notice that apt-cacher is not in the repositories - so prolly i'll have to get the source anyway | 15:15 |
| fromport | did you enable univer/multiverse in your setup ? | 15:16 |
| fromport | apt-cache search apt-cacher |wc -l gives me 4 lines ;-) | 15:17 |
| mzungu | where i'm at is: stuck importing debs from apt cache into apt-proxy. so blue-frog suggested apt-cacher - i've yet to install it | 15:18 |
| mzungu | ah - ok - yesy, i have uni/multi | 15:18 |
| mzungu | but lemme check... something may have got screwed up with apt-proxy :( | 15:20 |
| mzungu | i reverted my sources.list - but seems it now needs an update... | 15:22 |
| mzungu | yes - now it's fetching the whole list again ;( | 15:23 |
| mzungu | DAMN apt-proxy ;) | 15:23 |
| fromport | so it can only get better ;-) | 15:25 |
| mzungu | yup! ;) | 15:26 |
| mzungu | all i'm trying to do is save downloading all the updates since gutsy came out! mebbe there's a moral here - perhaps it should be an install option to (a) have a machine act as proxy, and (b) the installer ask if there's already a proxy on the lan - this can't be an uncommon situation | 15:29 |
| mzungu | this would also lighten the load a bit on canonical's servers | 15:30 |
| fromport | just copy al *.deb files from /var/cache/apt/archives/ from your first updated machine to any other machine will also do the trick | 15:30 |
| mzungu | ah - ok - didn't know that | 15:31 |
| mzungu | so the apt cache is searched first - i thought there would be complications in terms of the packaged.db or something | 15:32 |
| fromport | nope | 15:32 |
| fromport | when you do a "apt-get update" it will see the files allready "downloaded" and apt-get dist-upgrade wont download those files again | 15:32 |
| mzungu | ok - so in my case, this should work - for now - but still, to keep copying before updating is a pain | 15:33 |
| fromport | yep , that's why i use apt-cacher-ng (about 6 machines to update) | 15:33 |
| mzungu | you mentioned a memory leak? - how bad is that? | 15:34 |
| mzungu | well, the update did the trick, and i now have apt-cacher - lemme go play with it, and i'll give you a shout later | 15:37 |
| mzungu | many thanks for the help, and info | 15:37 |
| spiekey | hi | 15:39 |
| spiekey | i am wondering how this "security" bug is affecting opensshd systems http://www.securityfocus.com/bid/28531/discuss ? | 15:40 |
| spiekey | it did some googling and i found out that in some cases it executed ~./ssh/rc, but if its your rc file it does not really, care. Does it? | 15:40 |
| lamont | spiekey: well, if I gave you only specific commands that you could access via forcedcommands in ~/.ssh/authorized_keys, and also gave you write access to .ssh/rc, well then you could bypass my restrictions, and that might not be good. :-( | 16:03 |
| lamont | OTOH, if I'm locking down ssh and I leave you with write access to .ssh/rc, then I'm not very good at locking things down, am I? | 16:04 |
| rhineheart_m | hello.. Is there an .asp server for ubuntu-server? | 16:04 |
| zul | mathiaz: hey I saw your samba patch for ucf it looks good | 16:12 |
| mathiaz | zul: thanks. slangasek is going to upload a new version of samba that fixes another bug | 16:13 |
| zul | mathiaz: sounds good | 16:13 |
| spiekey | lamont: who would leave ~./ssh/rc writeable by anyone?? | 16:17 |
| lamont | spiekey: muppets | 16:17 |
| spiekey | this is more a architecture bug, not really security related := | 16:17 |
| dthacker-work | specifically Fozzy | 16:18 |
| spiekey | nothing to worry about i guess. right? | 16:18 |
| lamont | spiekey: well, as long as you're not a muppet. :-) | 16:21 |
| lamont | I expect that there are enough muppets in the world that we'll see a backport of the fix | 16:21 |
| lamont | OTOH, I'm less concerned that I was when I first read the securityfocus non-information bulletin | 16:21 |
| spiekey | hehe | 16:22 |
| spiekey | i actually came here for some udp+nmap question. If i want to scan a udp port in the same subnet, it seems to work. But if the destination is a diffrent network then i keep seeing arp requests and no udp packets | 16:23 |
| spiekey | and no arp reply | 16:24 |
| spiekey | any idea why? | 16:24 |
| lamont | sounds like you have b0rked routing | 16:24 |
| lamont | if it's off-subnet, then you won't see an arp-reply | 16:24 |
| spiekey | so arp replys only work for same subnets? | 16:25 |
| lamont | arp is a discovery mechanism whereby machines on the local subnet translate layer 3 (IP) addresses into layer 2 (ethernet) addresses. | 16:26 |
| lamont | for off-subnet destinations, you should know the IP of the router (in the routing table), and then you should see an ARP request for the router's IP, not the destination IP | 16:26 |
| lamont | ARP requests, being layer 2, are not forwarded off subnet | 16:26 |
| lamont | OTOH, if the router is configured to do proxy-arp, then it'll respond for any address that is off-subnet, with it's ethernet addr. | 16:27 |
| lamont | that's not generally how it's done in most places, though | 16:27 |
| spiekey | lamont: thanks a lot! | 16:27 |
| spiekey | i get the idea | 16:27 |
| rhineheart_m | hello.. Is there an .asp server for ubuntu-server? | 16:38 |
| sommer | rhineheart_m: I wouldn't hope for much seeing as .asp is a Microsoft technology, but I found this thread: http://forums.burst.net/archive/index.php/t-2132.html | 16:41 |
| zul | rhineheart_m: you might try libapache-asp-perl | 16:44 |
| rhineheart_m | thanks.. | 16:45 |
| glycoknob | hi folks | 16:52 |
| glycoknob | i some questions regarding security - the wiki was a not great help - is propolice enabled for packages in server-feisty? and what about grsecurity/pax are there pre-build kernel images or source-patches? or maybe someone can throw some links at me | 16:54 |
| lolichan | Can anyone recommend some sort of server statistic packagey thing? As in that'll show graphs and stuff of bandwidth/cpu usage/etc. ( ¯3¯) | 17:23 |
| dthacker-work | !mrtg | 17:24 |
| ubotu | Sorry, I don't know anything about mrtg - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi | 17:24 |
| dthacker-work | lolichan: cactus, zabbix, nagios, or roll your own with mrtg and rrd | 17:25 |
| lolichan | oh ho, those look pretty good. | 17:25 |
| lolichan | thanks :3 | 17:25 |
| === \sh is now known as \sh_away | ||
| dho_ragus | so, what is the best way to get centralized credentials across multiple linux systems? | 18:57 |
| dho_ragus | and what is the best place for me to find information on how to implement features of that nature in ubuntu? i assume ubuntuguide.org won't be the place... their LDAP section is incomplete. | 19:00 |
| dho_ragus | ...is LDAP the only/best way to do it? | 19:00 |
| good_dana | dho_ragus: LDAP is the best way to do it | 19:17 |
| good_dana | i'm having a problem with setting up my SSH server, i cant access it from remote networks, however the port is forwarded | 19:18 |
| dho_ragus | good_dana: any info in ssh -vvv ? | 19:25 |
| good_dana | neither ssh nor sshd accept -vvv or -v as a command switch | 19:29 |
| dho_ragus | ssh should... | 19:29 |
| sommer | 4 | 19:29 |
| dho_ragus | -vvv will spit out the version, then debug: [1234] lines | 19:29 |
| good_dana | http://pastebin.ca/967890 | 19:29 |
| dho_ragus | good_dana: oh, i mean ssh -vvv user@host | 19:30 |
| good_dana | haha | 19:30 |
| good_dana | i'm just connecting through putty | 19:30 |
| dho_ragus | what's the IP# you're trying to connect to? | 19:31 |
| good_dana | i sent it to you in a pm | 19:31 |
| good_dana | i think | 19:31 |
| good_dana | haha | 19:32 |
| good_dana | dho_ragus: 64.200.16.140 | 19:33 |
| dho_ragus | port 22 connection refused, so we know at least that much. | 19:34 |
| dho_ragus | alternate port? | 19:35 |
| good_dana | i'm connecting from a different external ip address | 19:35 |
| good_dana | in the 64.200.16.x range | 19:36 |
| good_dana | so it's definitely on that port | 19:36 |
| dho_ragus | well port 22 is closed for me | 19:36 |
| dho_ragus | can you ssh to the local IP# from the machine itself? | 19:36 |
| good_dana | yeah | 19:37 |
| good_dana | wait whats the question? | 19:37 |
| good_dana | can it ssh to itself? | 19:37 |
| dho_ragus | yes, that is the question | 19:39 |
| good_dana | i can ssh to it from my ip (which is a different external ip, but in the same class c), i can ssh to it from the private network its on, i cant connect to it from anything else | 19:39 |
| dho_ragus | ah. what kind of gateway to the internet do you have? perhaps a bridged firewall preventing inbound connections on 22? | 19:39 |
| good_dana | cisco 2600 | 19:40 |
| good_dana | http://pastebin.ca/967906 | 19:41 |
| good_dana | local ip | 19:41 |
| dho_ragus | well, it's possible that something is blocking inbound connections from the internet on 22. | 19:42 |
| dho_ragus | i'd try an alternate port. | 19:42 |
| good_dana | well, i have control over every router between it and public internet, so i'm going to see if i can fix the acl | 19:43 |
| dho_ragus | oh, wait, you *can't* connect to it on its public IP#? | 19:43 |
| good_dana | thanks for your help | 19:43 |
| good_dana | if i use the private ip it works | 19:44 |
| pr0le | good_dana: yeah, I'd watch your acl hits when trying to connect - it's probably just buried in your acls | 19:44 |
| dho_ragus | yeah, definitely sounds like a router problem. | 19:44 |
| pr0le | *something* buried in your acl, I should say | 19:44 |
| good_dana | dho_ragus and pr0le: i figured it out, i had an explicit deny on 22 for every host that wasnt mine! | 20:14 |
| pr0le | ah, that would do it :) | 20:15 |
| === tonyyarusso is now known as anthony | ||
| === anthony is now known as tonyyarusso | ||
| spiekey | does anyone know how a nmap udp scan works since a handshake (SYN, ACK, FIN) does not exist? | 20:51 |
| Deeps | spiekey: google: nmap udp scan, 5th link http://www.linuxsecurity.com/content/view/117695/171/ says | 20:55 |
| Deeps | Nmap will send a 0-byte UDP packet to each port. If the host returns a "port unreachable" message, that port is considered closed. This method can be time consuming because most UNIX hosts limit the rate of ICMP errors. Fortunately, Nmap detects this rate and slows itself down, so not to overflow the target with messages that would have been ignored. | 20:55 |
| mindframe- | spiekey, udp scans are super slow and inaccurate. it's best to use something like nessus that uses "udp scripts" to determine if a udp service is responding. | 21:31 |
| mzungu | fromport: update- all working now - thanks :D | 21:56 |
| zul | ergh meeting in 5 minutes? | 21:57 |
| fromport | mzungu: good job! ;-) | 21:58 |
| spiekey | thanks Deeps and mindframe | 22:06 |
| akincer | it seems that on Hardy, /etc/init.d/bacula-sd restart is broken | 22:32 |
| akincer | I had to issue a start command to get it to run | 22:33 |
| zul | akincer: please open a bug in launchpad and I will take a look at it when I get a chance thanks.. | 22:34 |
| akincer | ok | 22:34 |
| akincer | evidence will be slim as the logs just don't show anything useful | 22:34 |
| akincer | I may issue a bug report on this as well, but the default configs have the FDAddress, DirAddress and SDAddress as 127.0.0.1. This breaks any remote bwx-console or bat connections | 22:40 |
| mathiaz | owh: I've closed the udev task for the status action script | 23:50 |
| mathiaz | owh: and remove the init script from the bug attachment | 23:51 |
| mathiaz | owh: udev maintainer said it was really a bad idea and doesn't want to see such a thing | 23:51 |
| J-_ | what permissions do I have to change to access /var/www as user? So I can drag and drop files, etc.? And, what do I need to do? | 23:54 |
| foo | J-_: ls -ld /var/www | 23:56 |
| J-_ | foo: what will that do? | 23:58 |
| foo | J-_: tell you the perms you need to know to answer your question | 23:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!